Base solution for your next web application
Open Closed

AccountController NormalizeReturnUrl #11317


User avatar
0
admin@SYNTAQ created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? 11.2
  • What is your product type (Angular or MVC)? MVC
  • What is product framework type (.net framework or .net core)? .net core

Hi,

We have noticed that the account controller normaliseurl function is stripping out our return url if the user is logged in. This appears to be a change between 8.8 and 11.2. This is causing an issue for us as any returnurl on login does not work if the user is alreay loggedin. This scenario happens for our users when they click on an email and directed to a browser where they are already logged in.

We have removed the following code as it is causing a significiant production issue. But we would like to know if there is an impace somewhere else in theh system we should be aware off.

if (AbpSession.UserId.HasValue) { return defaultValueBuilder(); }

`
private string NormalizeReturnUrl(string returnUrl, Func

        if (returnUrl.IsNullOrEmpty())
        {
            return defaultValueBuilder();
        }

		if (AbpSession.UserId.HasValue)
		{
			return defaultValueBuilder();
		}

		if (Url.IsLocalUrl(returnUrl) || _webUrlService.GetRedirectAllowedExternalWebSites().Any(returnUrl.Contains))
        {
            return returnUrl;
        }

        return defaultValueBuilder();
    }` 

2 Answer(s)