Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.0.X, 7.1.X, 7.2.X, 7.3.X, Master
-
7.3.x, 7.2.x, 7.1.x
-
Committed
-
3
-
Iteration 48
-
Regression Bug
Description
1) Start the server, login as Admin
2) Create a new page e.g. /testpage and remove the VIEW permission for Guest user on it
3) Create a new user e.g. user1 and, in the Memberships tab, make it a member of the Liferay DXP site. Save
4) Set a new password for it, however, please ensure the "Require Password Reset" checkbox is selected. Save
5) Open incognito and paste/go to this URL in the address bar: http://localhost:8080/web/guest/testpage
6) A Login prompt will appear, enter with user1 and the initially set password
7) Liferay will prompt to choose a new password, pick one and proceed
8) Liferay will prompt to choose a reminder question and answer, pick them and proceed
Expected: user1 to be redirected to [http://localhost:8080/web/guest/testpage
Actual behavior:
- user1 will be redirected to http://localhost:8080/web/guest/home?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&refererPlid=34428&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_redirect=%2Fweb%2Fguest%2Ftestpage&p_auth=M1wwzUCM
- This URL will give a HTTP 403 in the network tab: http://localhost:8080/web/guest/home?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&refererPlid=34428&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_redirect=%2Fweb%2Fguest%2Ftestpage&p_auth=M1wwzUCM
- Server will print:
WARN [http-nio-8080-exec-1][SecurityPortletContainerWrapper:393] User 34437 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_login_web_portlet_LoginPortlet: User 34437 must be authenticated
Attachments
Issue Links
- is caused by
-
LPS-78502 LastLoginDate column in the user_ table doesn't update when user directly access the published image url
- Closed
- is duplicated by
-
LPS-121355 Site member is not redirected to a page without Guest VIEW permission after password change
- Closed
- is related to
-
LPS-121821 Email verification process breaks redirection chain
- Closed
-
LPS-98456 Login with Private Page virtual host URL will redirect to Public Page if clicking the Sign In button
- Verified