Commit 23cbe832 authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

slapos_jio: fix ERP5Site_activeLogin

The commit dee343f3 said:
slapos_jio: after activate the login come back to WebSite and not to the portal.

But it actually went to the WebSection and not the WebSite.

This fixes ERP5Site_activeLogin on slapos master because right now we
have this URL in emails sent to customer to activate their login:

https://slapos.vifib.com/hateoas/connection/ERP5Site_activeLogin?key=XXX

So the script is setupping the came from as:

https://slapos.vifib.com/hateoas/connection/#!login?p.page=slapos{&n.me}

which is not working (returns AttributeError: form_view error)

The URL https://slapos.vifib.com/#!login?p.page=slapos{&n.me} is working
though.
parent 7862ea47
...@@ -6,7 +6,7 @@ portal = context.getPortalObject() ...@@ -6,7 +6,7 @@ portal = context.getPortalObject()
assert key assert key
mail_message = portal.ERP5Site_unrestrictedSearchMessage(key=key) mail_message = portal.ERP5Site_unrestrictedSearchMessage(key=key)
came_from = context.getWebSectionValue().absolute_url() + "/#!login?p.page=slapos{&n.me}" came_from = context.getWebSiteValue().absolute_url() + "/#!login?p.page=slapos{&n.me}"
credential_request = mail_message.getFollowUpValue() credential_request = mail_message.getFollowUpValue()
if credential_request.getValidationState() in ('submitted', 'accepted'): if credential_request.getValidationState() in ('submitted', 'accepted'):
message = translateString("Your account is already active.") message = translateString("Your account is already active.")
......
  • Hi @tomo ,

    What is the purpose of the brackets line 9 : {&n.me} ?

    The story behind this question is that sometimes, when I have multiple instance tabs open, and I login in one, I get the message It seems you're already authenticated. in the other tabs :

    Screenshot_2022-04-25_10.54.25

    The link under "Go back" is :

    'https://panel.rapid.space/#!login?p.page=slap_controller&p.view=view&p.jio_key=instance_tree_module%2FXXX-YYY{&n.me}'

    After clicking on it, I'm redirected to :

    https://panel.rapid.space/#/instance_tree_module/XXX-YYY{?page=slap_controller&view=view

    Which crashes, Because of the extra {

    If I remove both brackets {} around &n.me, like this :

    https://panel.rapid.space/#!login?p.page=slap_controller&p.view=view&p.jio_key=instance_tree_module%2FXXX-YYY&n.me

    I'm redirected to the correct page.

    Could you confirm that my error is caused by this code ? I don't have a Slapos Master instance for developements to test by myself...

  • Hello Nicolas,

    I really do not know as it was already like this at the date of the creation of this script in 4c0ac840

    @rafael maybe you can comment on this ?

  • @rafael did you see this comment from @Nicolas ?

  • I saw but didn't checked yet.

  • the "Go Back" link is what is on the URL came_from, which comes from WebSite_login script. So, it isn't related to activateLogin since your account is already created.

    It took me a while to understand what was happening (possible a bug on renderjs):

    1. Open 2 tabs like https://panel.rapid.space/#/instance_tree_module/XXX-YYY?page=slap_controller&view=view as Annonymous
    2. Get both tabs redirected to login page
    3. Login in one tab, them all is fine
    4. Reload the other tab as it was (which is in the login page), them you will see "It seems you are already logged in..." with Go Back

    Them the {&n.me} is present on the url as it was came_from, and the parser on router consider '{' is part of the url since only the "&" is considered as spliter (see https://lab.nexedi.com/nexedi/erp5/blob/master/bt5/erp5_web_renderjs_ui/PathTemplateItem/web_page_module/rjs_gadget_erp5_router_js.js#L991)

    The code that modifies the came from url to include the {&n.me} is getCommandUrl it includes the it https://lab.nexedi.com/nexedi/erp5/blob/master/bt5/erp5_web_renderjs_ui/PathTemplateItem/web_page_module/rjs_gadget_erp5_router_js.js#L254-258

    So I think the "bug" is that {&n.me} should be removed at some point or the parser should be clever if command is login to replace it properly.

    I tried the same thing on nexedi erp5, and on renderjs from my instance, also it is also broken.

    I think @romain should at least check before I continue, because I'm not 100% sure the design of the n.me to fix.

  • The {&n.me} string is a URI Template's variable.

    The goal is that only the JS app knows how its URL looks like (the #login part) to prevent hardcoding the JS logic on the python side (in theory...).

    The came_from value is not an URL but an URI. The python code must replace the variable. In a perfect code, we would use a python implementation of the URI Template expansion, but currently, we do it manually.

    The issue Nicolas described seems to be introduced by this commit which does not expand the came_from parameter, and so, keeps the {&n.me} variable in the link, which is wrong and leads to this unexpected behaviour on the JS side.

    The correct fix is to expand the came_from value to generate the Go back link (basically, removing {&n.me}).

  • mentioned in merge request erp5!1616 (merged)

    Toggle commit list
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment