Opened 4 years ago

Last modified 2 years ago

#52709 new defect

GitHub login redirects to main Trac page instead of the page I was on

Reported by: ryandesign (Ryan Schmidt) Owned by: admin@…
Priority: Normal Milestone:
Component: server/hosting Version:
Keywords: Cc: mkae (Marko Käning)


If I use the Login link, and I haven't yet logged in, and I go through the GitHub login process, I'm redirected back to the main Trac page instead of the page I was on.

(You can simulate not having logged in before by using your web browser's private browsing function, which hides your existing login cookies.)

Change History (5)

comment:1 Changed 4 years ago by raimue (Rainer Müller)

Note that using /login adds another a redirect to /github/login first. I only added that because of trac-github#95. The link in the navigation points to /github/login.

I can reproduce this with a browser session that was never logged in.

The original URL seems to be lost in trac-github with the redirects to GitHub for authorization and then back to the callback URL. The LoginModule will try to redirect back to the referer, which will probably be empty or the GitHub URL (have not checked). Therefore this redirect drops the user to the front page without a better target.

comment:2 Changed 4 years ago by mkae (Marko Käning)

Cc: mkae added

comment:3 Changed 2 years ago by ryandesign (Ryan Schmidt)

So how do we fix it? Or, is it a bug in the trac-github module? I looked through the issues of the trac-github module and didn't find a report of this problem. If it's their bug, I should report it to them.

comment:4 Changed 2 years ago by neverpanic (Clemens Lang)

I think this is exactly the problem described by trac-github#95. The proposed solution there is to set the auth_path_prefix to an empty string, since we don't have any other login modules on our trac instance and hence do not need the functionality of not overriding the standard login URL. That should fix the issue.

comment:5 Changed 2 years ago by raimue (Rainer Müller)

I don't think trac-github#95 solves this particular problem, because going through the external redirects to for OAuth2 will still lose the original referrer that the LoginModule wants to use.

Note: See TracTickets for help on using tickets.