Affects Version/s: 7.0.X, 7.1.X, 7.2.X, 7.3.X, Master
Component/s: Application Security > Login/Sign in Portlet
When requesting a private page or other secure resource on portal, the user is redirected to login. The login page is requested with a "redirect" parameter used to return to the aforementioned secure resource.
However if signing in requires the user to verify their email address, this redirect parameter is lost, causing the user to get redirected to http://localhost:8080/c which in turn returns them to the last access public resource (LAST_PATH).
The issue was likely introduced in
1) Start the server, login as Admin
2) Create a new page e.g. /testpage and remove the VIEW permission for Guest user on it
3) Create a new user e.g. user1 and set its password
4) Ensure that the portal instance is configured to require users to verify their email address
5) Configure the server SMTP settings in Server Administration
6) Open incognito and paste/go to this URL in the address bar: http://localhost:8080/web/guest/testpage
7) A Login prompt will appear, enter the credentials of the new user user1
8) Accept the terms
9) The user should now be prompted to verify their email address. Complete this process.
10) Liferay may prompt for other things depending on the version, complete as necessary
Expected result: The user logged in and redirected to http://localhost:8080/web/guest/testpage
Actual result: The user is redirected to http://localhost:8080/web/guest
Tip: Python has a handy way to easily run a SMTP server on the localhost