-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, 7.2.X, 7.3.X, Master
-
Fix Version/s: 7.1.10 DXP FP20, 7.1.10.5 SP5, 7.1.X, 7.2.10 DXP FP9, 7.2.X, 7.3.X, Master
-
Component/s: Application Security > Login/Sign in Portlet
-
Branch Version/s:7.3.x, 7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Sprint:Iteration 48
-
Git Pull Request:
1) Start the server, login as Admin
2) Create a new page e.g. /testpage and remove the VIEW permission for Guest user on it
3) Create a new user e.g. user1 and, in the Memberships tab, make it a member of the Liferay DXP site. Save
4) Set a new password for it, however, please ensure the "Require Password Reset" checkbox is selected. Save
5) Open incognito and paste/go to this URL in the address bar: http://localhost:8080/web/guest/testpage
6) A Login prompt will appear, enter with user1 and the initially set password
7) Liferay will prompt to choose a new password, pick one and proceed
8) Liferay will prompt to choose a reminder question and answer, pick them and proceed
Expected: user1 to be redirected to [http://localhost:8080/web/guest/testpage
Actual behavior:
- user1 will be redirected to http://localhost:8080/web/guest/home?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&refererPlid=34428&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_redirect=%2Fweb%2Fguest%2Ftestpage&p_auth=M1wwzUCM
- This URL will give a HTTP 403 in the network tab: http://localhost:8080/web/guest/home?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&refererPlid=34428&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_redirect=%2Fweb%2Fguest%2Ftestpage&p_auth=M1wwzUCM
- Server will print:
WARN [http-nio-8080-exec-1][SecurityPortletContainerWrapper:393] User 34437 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_login_web_portlet_LoginPortlet: User 34437 must be authenticated
- is caused by
-
LPS-78502 LastLoginDate column in the user_ table doesn't update when user directly access the published image url
- Closed
- is duplicated by
-
LPS-121355 Site member is not redirected to a page without Guest VIEW permission after password change
- Closed
- is related to
-
LPS-121821 Email verification process breaks redirection chain
- Closed
-
LPS-98456 Login with Private Page virtual host URL will redirect to Public Page if clicking the Sign In button
- Verified