Bug 40070 - Self Service links to do not honor non-default ports
Self Service links to do not honor non-default ports
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Self Service
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Florian Best
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-23 14:09 CET by Cornelius Kölbel
Modified: 2016-01-13 13:10 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
patch (551 bytes, patch)
2015-11-23 14:43 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cornelius Kölbel 2015-11-23 14:09:22 CET
Hello,

I am accessing a UCS through a SSH tunnel, this is why I do not access it on the default port.

I access it like 

https://localhost:1443/ucs-overview/#service

When I click "change password" I am taken to 

https://localhost/univention-self-service/?lang=de-DE#passwordchange

which is not the same machine - if available at all.

I expect the non-default port to also be used.

Kind regards
Cornelius
Comment 1 Florian Best univentionstaff 2015-11-23 14:43:06 CET
Created attachment 7316 [details]
patch

Well the ports are hardcoded in the UCR variables and a heuristic detects if the link should go to http or https. The patch checks if a different port is used than the default port for the current scheme and adjust the links in that case. It is a generic issue for every link on the ucs-overview.
Comment 2 Florian Best univentionstaff 2016-01-08 13:43:37 CET
Applied the patch. This breaks links which aren't available in both HTTP and HTTPS as then the link is not available through the tunneled port. But that's the problem of the tunnel creator and a corner case which should not occur often.

univention-apache.yaml:
r66663 | YAML Bug #40070

univention-apache (8.0.1-4.254.201601081337):
r66662 | Bug #40070: don't rewrite port on ucs-overview if accessed via non default port
Comment 3 Daniel Tröder univentionstaff 2016-01-12 12:17:52 CET
OK: Code
OK: manual test:
* ssh -L 10443:localhost:443 10.200.3.26
* access with Firefox https://localhost:10443/ucs-overview/
* before upgrade: link to password reset without port (https://localhost/univention-self-service/?lang=en-US#passwordreset)
* after upgrade: link to password reset contains port (https://localhost:10443/univention-self-service/?lang=en-US#passwordreset)
Comment 4 Janek Walkenhorst univentionstaff 2016-01-13 13:10:54 CET
<http://errata.software-univention.de/ucs/4.1/48.html>