Return URL from login double encoded but only once decoded #6495 | Support Center | ABP Commercial

JorisIwell créé il y a 4 mois

ABP Framework version: v7.4.2
UI Type: Angular
Database System: EF Core SQL Server
Tiered (for MVC) or Auth Server Separated (for Angular): no
Exception message and full stack trace: 404 page not found, no relevant stack trace as the 404 makes sense
Steps to reproduce the issue:

We recently upgraded from v5.x to 7.4.2 and started using openIddict as a replacement for identityserver. Steps: Log out of our application Go directly to a url with query parameters, e.g. https://myurl.com/cubes/monitoring?group=installed User is prompted to login User logs in User gets redirected to url with the returnUrl that is present in the login-request User does not get redirected to https://myurl.com/cubes/monitoring?group=installed but instead to https://myurl.com/cubes/monitoring%3Fgroup%3Dinstalled which messes up our routing resulting in a 404.

In the network tab of the developer tools of the browser we can see that the url that is used as the returnUrl of the https://api.myurl.com/Account/Login/.... is double encoded (returnUrl%3D%252Fcubes%252Fmonitoring%253Fgroup%253Dinstalled). Our suspicion is that this should not be the case and causes the user to be directed to the encoded version of our returnUrl. FYI, we do not use a custom AuthGuard, instead we use the @abp/ng.core AuthGuard. We highly suspect this behaviour was not present in our application before upgrading ABP (and angular).

6 Réponse (s)

0

maliming créé il y a 4 mois
Équipe d'assistance Fullstack Developer

hi

Can you share a URL to reproduce this?

liming.ma@volosoft.com

Thanks
0

maliming créé il y a 4 mois
Équipe d'assistance Fullstack Developer

hi

This is your angular oauth2 request.

Is your code changing the state?

I think you can decode the state to get the raw url.

The request to angular
0

JorisIwell créé il y a 4 mois

I don't think we change the state anywhere. We use the standard ABP AuthGuard and OAuth flow so nothing custom on our end. Do you have any idea where we could find this problem in our code if we unbeknownst to us still add some customisation to this all?
1

maliming créé il y a 4 mois
Équipe d'assistance Fullstack Developer

hi

I will ask our angular team.
1

masum.ulu créé il y a 3 mois
Équipe d'assistance Angular Developer

Hi joris,

I've re-produce your case, I'll create issue and fix that, we might not release new patch version for 7.4.x yet I'll try to find workaround for that, after u upgrade project version to 8.0.latest you can remove workaround.

I've refunded ur credits

best regards
0

masum.ulu créé il y a 3 mois
Équipe d'assistance Angular Developer

Issue: https://github.com/abpframework/abp/issues/18804

Vous avez une réponse à cette question? Connexion et écrivez votre réponse.