New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Group Attendance Reminder Link Does Not Redirect Properly After Authentication #5615
Comments
Note: This issue appears to be present in both the Legacy Login Block and the Obsidian Login Block. |
Yup, if in your email, you remove the escape data string from the date you should get redirected fine. The problem is that the data string is escaped here and then escaped again in the redirect to login steps. So when you try to login, the redirect url is unescaped once but again. To fix the impersonation I also did this:
Then use I agree that the token creator should fail more graceully when the person cannot be impersonated, but there is a workaround. |
Is there any reason an occurrence parameter needs to have the time included? |
my typical fix for the TokenProhibited issue looks like this: |
…sed through the login page URL redirection. (Fixes #5615)
@dataCollegechurch and @rutledgek Thank you both for your work on this issue. There were two somewhat unrelated problems happening here:
These updates will be in the v16.1 release of Rock. |
Description
The Group Attendance Reminder Email uses this lava to generate a link for leaders to quickly review and enter attendance.
{% capture attendanceLink %}{{ 'Global' | Attribute:'PublicApplicationRoot' }}page/368?{{ Person.ImpersonationParameter }}&GroupId={{ Group.Id }}&Occurrence={{ Occurrence | Date:'yyyy-MM-ddTHH:mm:ss' | EscapeDataString }}{% endcapture %}
Users with elevate privileges may have the Impersonation blocked and the sytem will end up generating a link that look something like this.
http://www.rocksolidchurchdemo.com/page/368?rckipid=TokenProhibited&GroupId=117&Occurrence=2023-09-28T09%3A00%3A00
After the user navigates to this link they will be redirected to the login page and the url will look like this:
https://www.rocksolidchurchdemo.com/page/207?returnurl=%252fpage%252f368%253fGroupId%253d117%2526Occurrence%253d2023-09-28T09%25253a00%25253a00
After the user logs in they will not be redirected back to
http://www.rocksolidchurchdemo.com/page/368?rckipid=TokenProhibited&GroupId=117&Occurrence=2023-09-28T09%3A00%3A00
as desired. Instead they are redirected back tohttps://www.rocksolidchurchdemo.com/
Actual Behavior
User are redirected to homepage instead of page specified in redirecturl
Expected Behavior
User is always redirected to redirecturl's parameter value after logging if Redirect Page block setting is not set
Steps to Reproduce
Issue Confirmation
Rock Version
15.1
Client Culture Setting
en-US
The text was updated successfully, but these errors were encountered: