Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login page does not redirect if already authenticated #29582

Closed
Abyss777 opened this issue Mar 4, 2024 · 2 comments · Fixed by #29583
Closed

Login page does not redirect if already authenticated #29582

Abyss777 opened this issue Mar 4, 2024 · 2 comments · Fixed by #29583
Labels
type/bug

Comments

@Abyss777
Copy link

Abyss777 commented Mar 4, 2024

Description

In some major release, behavior after successful login was changed.

I have kerberos authorization in apache reverse proxy

    <Location /user/login>
        AuthType Kerberos
        AuthName "Kerberos Login"
        KrbAuthRealms AD.LOCAL
        KrbMethodNegotiate on
        KrbServiceName Any
        KrbLocalUserMapping On
        Krb5Keytab /etc/apache2/keytabs/gitea.keytab
        Require valid-user

        RewriteEngine On
        RewriteCond %{LA-U:REMOTE_USER} (.+)
        RewriteRule . - [E=RU:%1]
        RequestHeader set X-WEBAUTH-USER %{RU}e
        RequestHeader unset Authorization
    </Location>

That sets X-WEBAUTH-USER header only for /user/login location because I need unauthorized access to some gitea pages.

And proxy authorization enabled

ENABLE_REVERSE_PROXY_AUTHENTICATION = true

I'm not sure, but before 1.21 or even 1.20 after user click on Login button in right upper corner, he will be redirected to login page, get successful authentication via proxy header and then just redirected to default / page.

But in the latest releases redirect does not happen, user gets authenticated (sees his avatar in right upper corner) but still on the login page.

User usually doesn't understand that he is authenticated and complains that SSO don't works.

Could you please revert behavior and redirect from login page if proxy authentication was successful.

Gitea Version

1.21.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Official docker image

Database

MySQL/MariaDB
@wxiaoguang
Copy link
Contributor

It is a regression of #26105.

TBH, I regret that I approved it too quickly at that time .... it needs some more complicated designs to satisfy various cases now .....

@wxiaoguang wxiaoguang mentioned this issue Mar 4, 2024
Merged
@wxiaoguang
Copy link
Contributor

-> Make "/user/login" page redirect if the current user has signed in #29583

wxiaoguang added a commit that referenced this issue Mar 5, 2024
@wxiaoguang
Make "/user/login" page redirect if the current user has signed in (#…
df1268c 
…29583)

Fix #29582 and maybe more.
Maybe fix #29116
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make "/user/login" page redirect if the current user has signed in wxiaoguang/gitea
2 participants
@wxiaoguang @Abyss777