[Rt-commit] rt branch, 4.0/externalauth-use-next, updated. rt-4.0.0rc4-38-g49bd564
Alex Vandiver
alexmv at bestpractical.com
Fri Feb 11 17:17:48 EST 2011
The branch, 4.0/externalauth-use-next has been updated
via 49bd564ca4a883a37af17711ba584a98bc1ca1e1 (commit)
from 5dfa1847869db1040b685293af14858e3804abd1 (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
- Log -----------------------------------------------------------------
commit 49bd564ca4a883a37af17711ba584a98bc1ca1e1
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Feb 11 17:17:44 2011 -0500
Provide some rationale in comments for the convoluted logic
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 15273c2..87d7e43 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -560,7 +560,15 @@ sub AttemptExternalAuth {
if ( _UserLoggedIn() ) {
$m->callback( %$ARGS, CallbackName => 'ExternalAuthSuccessfulLogin', CallbackPage => '/autohandler' );
+ # It is possible that we did a redirect to the login page,
+ # if the external auth allows lack of auth through with no
+ # REMOTE_USER set, instead of forcing a "permission
+ # denied" message. Honor the $next.
Redirect($next) if $next;
+ # Unlike AttemptPasswordAuthentication below, we do not
+ # force a redirect to / if $next is not set -- otherwise,
+ # straight-up external auth would always redirect to /
+ # when you first hit it.
} else {
delete $HTML::Mason::Commands::session{'CurrentUser'};
$user = $orig_user;
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list