Page MenuHomePhabricator
Create Task
Maniphest T230188

"returnto" and "returntoquery" are not working
Closed, ResolvedPublicBUG REPORT
Actions

Description

Hello there,

we have a wiki here were we restricting even read-access to logged-in users and thus require authentication (using PluggableAuth together with SimpleSAMLphp to implement Web-Single-Signon, setting "wgPluggableAuth_EnableAutoLogin" to "true").
So far this works really well!

But when we provide someone with a "deep-link" to a page (".../index.php?title=Pagename") and she/he is not yet logged-in at our wiki and thus gets redirected to the login page, the information about the originally requested page gets lost and after logging in our users see the mainpage of our wiki.

I looked through the code to see what's going on and saw that PluggableAuthHooks::doBeforeInitialize does the right thing: it redirects to "Special:UserLogin" and adds the GET-parameters "returnto" and "returntoquery".

But after this "SpecialPageFactory::executePath" kicks in and ignores everything PluggableAuthHooks::doBeforeInitialize did. This is even documented in a comment at the very beginning of the executePath function:

// @todo FIXME: Redirects broken due to this call

From what I can see on github this line is there since 8 years!
So my question is:
Does "deep-linking" work for anyone in the setup we have?
Did this ever work?

Greetings
Hermann

Event Timeline

HermannSchwaerzler created this task.Aug 9 2019, 9:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 9 2019, 9:53 AM
cicalese added subscribers: Osnard, MarkAHershberger, cicalese.Aug 9 2019, 1:22 PM

You do not mention what versions of MediaWiki, PluggableAuth, and SimpleSAMLphp you are using.

I just tested with MediaWiki 1.32, PluggableAuth 5.7, and OpenID Connect 5.0, and it works as expected. The user is redirected to the page that was in the original link after authentication. I do not have a test environment set up with SimpleSAMLphp right now, so I cannot test if the same is true for SimpleSAMLphp. Perhaps @Osnard or @MarkAHershberger can comment on whether this works in their environments.

HermannSchwaerzler added a comment.Aug 9 2019, 1:51 PM

Hi Cindy,

sorry for the missing version information. We are using
MW 1.31.1
PluggableAuth 5.4
SimpleSAMLphp 4.4

Did you set

$wgPluggableAuth_EnableAutoLogin = true;

?

cicalese added a comment.Aug 9 2019, 2:02 PM

Yes, I did enable auto login.

cicalese added a comment.Aug 9 2019, 2:05 PM

Also, what version of the SimpleSAMLphp library are you using?

I did have a similar problem with SimpleSAMLphp in pre-MediaWiki 1.27, but the code is significantly different since the change in the core MediaWiki authentication framework in MediaWiki 1.27+. That rewrite fixed the problem I was having at that time. If I recall correctly, the problem never existed in OpenID Connect.

HermannSchwaerzler added a comment.Aug 12 2019, 2:29 PM

We are using simplesamlphp version 1.16.2.

I messed around with the code a little bit and found some kind of solution (meaning it works now as expected but I am not sure if it's a good idea to do it like this):
In extensions/PluggableAuth/includes/PluggableAuthHooks.php I added these two lines at the end of
function doBeforeInitialize (right after $out->redirect(
...
... );

$title = $oldTitle;
$out->output();

As I see it the problem is this: If I don't do this, the "$title" of the current http-request gets changed to Special:UserLogin which makes SpecialPageFactory::executePath() kick in which breaks the intended redirect (which is correctly stated in the comment on the first line of that function) as it does another redirect (without adding returnto and returntoquery parameters to it).

But as it works for you I am probably missing something...

CCicalese_WMF subscribed.Aug 12 2019, 2:39 PM

Ah, I just noticed that you are using PluggableAuth version 5.4. This problem was fixed in version 5.6 with this patch: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/PluggableAuth/+/08efbf2053b25b1efd8dc5208d40bf2a046ccdaf.

HermannSchwaerzler closed this task as Resolved.Aug 12 2019, 3:40 PM
HermannSchwaerzler claimed this task.

Thank you, yes that did the trick!

Sorry for not checking myself if this already was fixed in a newer version. :-(

cicalese moved this task from Backlog to Closed on the MediaWiki-extensions-Pluggable-Auth board.Sep 10 2019, 1:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL