cms icon indicating copy to clipboard operation
cms copied to clipboard

Published 20 hours ago verified publisher icon statamic

"You cant do this while logged in" toast after logging in

Open jasonvarga opened this issue 1 year ago • 4 comments

Bug description

Sometimes you see the "You cant do this while logged in" toast right after logging into the CP. This was introduced in #9053.

How to reproduce

I haven't figured out how exactly to trigger it yet, but it shows on the page directly after logging into the CP.

Logs

No response

Environment

Environment
Application Name: Statamic
Laravel Version: 10.34.2
PHP Version: 8.3.0
Composer Version: 2.6.5
Environment: local
Debug Mode: ENABLED
URL: statamic.test
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: NOT CACHED

Drivers
Broadcasting: pusher
Cache: statamic
Database: mysql
Logs: stack / single
Mail: log
Queue: sync
Session: file

Statamic
Addons: 0
Antlers: runtime
Stache Watcher: Enabled
Static Caching: Disabled
Version: 4.x-dev PRO (Just after 4.38.0, 3ce58cad6)

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

regex (default)

Additional details

No response

jasonvarga avatar Dec 06 '23 14:12 jasonvarga

Steps to recreate:

  1. Don't have Vite running
  2. Hit the site, get Vite error
  3. Start Vite
  4. Login
  5. Oh hey sweet toast

jackmcdade avatar Dec 06 '23 19:12 jackmcdade

I cleared my browser cache and couldn't reproduce with the Vite steps but these seemed to work reliably for me:

  1. Go to Login page and click 'Forgotten password'
  2. Request password reset link
  3. Go back to Login page & login without resetting my password
  4. Toast appears 🍞

🤷‍♂️

duncanmcclean avatar Dec 07 '23 11:12 duncanmcclean

A bit more digging... whenever I follow Duncan's method I get a redirectPath() of /cp/auth/password/reset inside sendLoginResponse, its coming from the referer form field in the login form.

ryanmitchell avatar Dec 07 '23 17:12 ryanmitchell

It happens when the Login POST request has a referrer header with /cp/login.

Variant 1

  • Go to login page
  • Enter wrong credentials
  • Submit
  • Enter correct credentials
  • Submit

Variant 2

  • Go to login page
  • Click «Forgot password»
  • Click «I remember my password» to go back to login
  • Enter correct credentials

What happens POST request to login has referrer header of /cp/login. After successful login the controller redirects back to /cp/login, then the RedirectIfAuthorized middleware detects a logged in user on the login route and redirects with error

rrelmy avatar May 21 '24 16:05 rrelmy