is there any actual best practice for restricted pages, login and redirects?
I found a lot of examples but all for older TYPO3 / felogin /.... versions (without site configuration)
I have the following scenario:
I have a several restricted pages and one login page (felogin)
I want to be able to deep link (e.g. send per Mail) to restricted pages - if the user is not logged in, the login form should be displayed - after successful login/registration the deep linked page should be displayed.
I use TYPO3 9.5 and in the site configuration I added 403 handling to display content of my login page.
This step works fine - the login page is shown.
I configured referrer and GET/POST redirection in the felogin plugin but these are not working.
Does anyone have an example how I could redirect to the original called (restricted) page after successful login/registration?
Thank you
Christian
For GET/POST redirection you need the URL-parameter &return_url=
. Maybe you could try to rewrite the GET-params in your 403-handler to include that. That might be gold.
This is how I do it: (login page has uid=81
)
errorHandling:
- errorCode: '403'
errorHandler: Page
errorContentSource: 't3://page?uid=81'
...
config {
typolinkLinkAccessRestrictedPages = 81
typolinkLinkAccessRestrictedPages_addParams = &return_url=###RETURN_URL###&pageId=###PAGE_ID###
}
# all plugin configuration via TypoScript. plugin settings in the backend unchanged.
plugin.tx_felogin_pi1 {
redirectMode = getpost,login
redirectFirstMethod = 1
linkConfig.parameter = 81
redirectPageLogin = 96
...
}
<f:link.page pageUid="81" title="Logout" additionalParams="{logintype: 'logout'}">...</f:link.page>
Pros:
Cons:
So I am not 100% happy with it. Let's gather best practice examples here. Feedback welcome.
With help from the Slack channel I ended up with a solution with redirects to whichever access restricted page was requested by the user:
It works for TYPO3 v9+
In the site configuration (config.yaml
):
errorHandling:
-
errorCode: '403'
errorHandler: PHP
errorPhpClassFQCN: Vendor\ExtName\Error\ErrorHandling
In the setup.typoscript
of the extension felogin
:
config.typolinkLinkAccessRestrictedPages = {$plugin.tx_extname.settings.loginPid}
config.typolinkLinkAccessRestrictedPages_addParams = &return_url=###RETURN_URL###
// Redirect after login on Login page to previous page
plugin.tx_felogin_pi1 {
showLogoutFormAfterLogin = 0
redirectMode = getpost,referer
redirectFirstMethod = 1
}
<?php
namespace Vendor\ExtName\Error;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Error\PageErrorHandler\PageErrorHandlerInterface;
use TYPO3\CMS\Core\Http\RedirectResponse;
use TYPO3\CMS\Core\Utility\GeneralUtility;
class ErrorHandling implements PageErrorHandlerInterface
{
/**
* @param ServerRequestInterface $request
* @param string $message
* @param array $reasons
* @return ResponseInterface
*/
public function handlePageError(
ServerRequestInterface $request,
string $message,
array $reasons = []
): ResponseInterface {
//check whether user is logged in
$context = GeneralUtility::makeInstance(Context::class);
if($context->getPropertyFromAspect('frontend.user', 'isLoggedIn')){
//show page with info that the access restricted page can't be visited because of missing access rights
return new RedirectResponse('/zugang-verweigert');
}
return new RedirectResponse('/login?return_url=' . $request->getUri()->getPath(), 403);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With