2 Replies Latest reply on Jul 4, 2017 1:22 PM by LisaRose

    WebDirect 16 - custom login form with homeurl bad redirect

    Mike Duncan

      When trying to include a homeurl in a custom login form, using the newly available user and pwd submitted with POST, I get redirected to a malformed URL if the login was not successful.

       

      Sample html form:

       

      <form action="https://server_name/fmi/webd/fileName" method="post">

      User: <input type="text" name="user" value="test" /><br />

      Pwd: <input type="text" name="pwd" value="test" /><br />

      <input type="hidden" name="homeurl" value="https://my_other_server_name/" />

      <input type="submit" value="Submit" />

      </form>

       

      The above form will also ignore the homeurl redirect on successful login, when exiting the session. Below works, but will also redirect to the malformed URL if login is unsuccessful.

       

      <form action="https://server_name/fmi/webd/fileName?homeurl=https://my_other_server_name" method="post">

      User: <input type="text" name="user" value="test" /><br />

      Pwd: <input type="text" name="pwd" value="test" /><br />

      <input type="submit" value="Submit" />

      </form>

       

       

      The redirect looks like this:

      https://server_namehttps//my_other_server_name?homeurl=https://my_other_server_name&db=fileName&loginerr=212&guesten=0

        • 1. Re: WebDirect 16 - custom login form with homeurl bad redirect
          LisaRose

          Thanks for this interesting feedback about combining new POST credentials authentication with custom homepage.

           

          As for your first point about <input type="hidden" name="homeurl" value="..."> tag, pretty sure what you're asking for here is not currently expected behavior. By spec, we're only watching for two POST parameters on the receiving end, 'user' and 'pwd'. Whereas 'homeurl' is a URL request parameter (that could conceivably thus be retrieved via GET). But this is an interesting idea for a potential addition to the POST feature, and I've documented it internally for review.

           

          As for your second point about the malformed URL after failing authentication (with the homeurl name-value pair contained in the form action URL), this just seems to be a bug. I've also documented that internally for review. Note that if you use our default 'fmwebd_home.html' sample custom homepage (as in my below test page), you won't actually see this issue (resultant URL will end with just custom homepage). But if I swap in our default 'index.html' page for the custom homepage instead, then URL issue you report will occur.

           

          <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

          <html>

          <head><title>Post Test</title></head>

          <body>

            <form action="http://localhost/fmi/webd/testfile?homeurl=http://localhost/fmwebd_home.html" method="post">

              User: <input type="text" name="user" value=""><br><br>

              Password: <input type="password" name="pwd" value=""><br><br>

              <input type="submit" value="Submit">

            </form>

          </body>

          </html>

          • 2. Re: WebDirect 16 - custom login form with homeurl bad redirect
            LisaRose

            The WebDirect Development team has since responded that the second issue reported here (extra URL parameters after failed login with POST credentials and custom homepage in form action URL) is actually intended behavior. So the solution developer can decide what to do in the error case.  The loginerr=212 can be used, for example, to redirect the user somewhere else, pop up an error message, or have a followup login dialog display that error message.

            2 of 2 people found this helpful