New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change login page message when user has been redirected after auth failure #14829
Conversation
@mattab could you have a look at this one? |
@mattab I think it was in the issue referred to the main page. Should be possible to change it there too. Anyway, what we were wondering was re the message that we're showing that this will be fine. also see the comments in the issue. |
@mattab can you have a look at the message etc? |
# Conflicts: # plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js
@katebutler can we change the message to |
…mission() when user not logged in
# Conflicts: # tests/UI/expected-screenshots/UIIntegrationTest_invalid_idsite.png
core/Access.php
Outdated
Piwik::checkUserIsNotAnonymous(); | ||
} catch (NoAccessException $ex) { | ||
// Try to detect whether user was previously logged in so that we can display a different message | ||
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], SettingsPiwik::getPiwikUrl()) === 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fyi $referrer = Url::getReferrer()
fyi Url::isValidHost(Url::getHostFromUrl(referrer))
…em from left-hand nav
# Conflicts: # tests/PHPUnit/Integration/FrontControllerTest.php
@katebutler maybe one last screenshot to update? https://builds-artifacts.matomo.org/matomo-org/matomo/3.x-dev/36139/UIIntegrationTest_not_logged_in.png |
@@ -258,6 +259,10 @@ public function disable() | |||
public function checkIsEnabled() | |||
{ | |||
if (!$this->isEnabled()) { | |||
// Some widgets are disabled when the user is not superuser. If the user is not logged in, we should | |||
// prompt them to do this first rather than showing them the "widget not enabled" error | |||
Access::getInstance()->checkUserIsNotAnonymous(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if that could make problems if a site is set as accessible for anonymous user, but e.g. the dashboard contains a widget that is disabled (for any kind of reason)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was thinking about that as well @sgiehl but it should be actually fine since it goes only in here when the widget is disabled. In this case the user would need to log in to see a more accurate message. We basically don't want to show that message then and also in general a user would actually not really get to see a disabled widget in the first place maybe (unless opened maybe directly not sure)
Fixes #14706