Bug 15816: Redirect back to correct page after login

This uses a hacky but simple method to get the correct script name under proxied packaged Plack. Test plan: 1) Log out of both the OPAC and staff side. 2) Try to access a page that requires login (opac-reserve.pl is a good one for the OPAC), then log in. 3) You will be redirected back to mainpage.pl or opac-user.pl. 4) Repeat above for both staff side and OPAC. 5) Apply patch. 6) Repeat steps 1-4; you should be redirected back to the original page you were on. 7) Repeat the above for both a traditional CGI and kohadevbox/package Plack installation. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-06 13:52:46 -06:00 · 2016-05-06 13:52:46 -06:00 · bc707baf02
commit bc707baf02
parent 3f0a1f0c7f
3 changed files with 25 additions and 3 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -192,7 +192,10 @@ sub get_template_and_user {
                -HttpOnly => 1,
            );

-            $template->param( loginprompt => 1 );
+            $template->param(
+                loginprompt => 1,
+                script_name => _get_script_name(),
+            );
            print $in->{query}->header(
                {   type              => 'text/html',
                    charset           => 'utf-8',
@ -1208,6 +1211,7 @@ sub checkauth {
        opaclayoutstylesheet                  => C4::Context->preference("opaclayoutstylesheet"),
        login                                 => 1,
        INPUTS                                => \@inputs,
+        script_name                           => _get_script_name(),
        casAuthentication                     => C4::Context->preference("casAuthentication"),
        shibbolethAuthentication              => $shib,
        SessionRestrictionByIP                => C4::Context->preference("SessionRestrictionByIP"),
@ -2041,6 +2045,24 @@ sub getborrowernumber {
    return 0;
 }

+=head2 _get_script_name
+
+This returns the correct script name, for use in redirecting back to the correct page after showing
+the login screen. It depends on details of the package Plack configuration, and should not be used
+outside this context.
+
+=cut
+
+sub _get_script_name {
+    # This is the method about.pl uses to detect Plack; now that two places use it, it MUST be
+    # right.
+    if ( ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) && $ENV{SCRIPT_NAME} =~ m,^/(intranet|opac)(.*), ) {
+        return '/cgi-bin/koha' . $2;
+    } else {
+        return $ENV{SCRIPT_NAME};
+    }
+}
+
 END { }    # module clean-up code here (global destructor)
 1;
 __END__
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
@ -40,7 +40,7 @@
 [% END %]

 <!-- login prompt time-->
-<form action="/cgi-bin/koha/mainpage.pl" method="post" name="loginform" id="loginform">
+<form action="[% script_name %]" method="post" name="loginform" id="loginform">
    <input type="hidden" name="koha_login_context" value="intranet" />
 [% FOREACH INPUT IN INPUTS %]
    <input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
@ -155,7 +155,7 @@
                            [% IF SCO_login %]
                                <form action="/cgi-bin/koha/sco/sco-main.pl" name="auth" id="auth" method="post">
                            [% ELSE %]
-                                <form action="/cgi-bin/koha/opac-user.pl" name="auth" id="auth" method="post">
+                                <form action="[% script_name %]" name="auth" id="auth" method="post">
                            [% END %]
                                <input type="hidden" name="koha_login_context" value="opac" />
                                <fieldset class="brief">