Fixes #4889: Application was getting into redirect loop when user wasn't allowed…

Fixes #4889: Application was getting into redirect loop when user wasn't allowed accessing login page. Now shows 403

Fixes #4889: Application was getting into redirect loop when user wasn't allowed…
e2b6cb69 · Alexander Makarov · 3485596b · e2b6cb69 · e2b6cb69
Commit e2b6cb69 authored Nov 07, 2014 by Alexander Makarov
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

CHANGELOG.md framework/CHANGELOG.md +1 -0

User.php framework/web/User.php +5 -3

No files found.
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -5,6 +5,7 @@ Yii Framework 2 Change Log
 -----------------------
 - Bug #4471: `yii\caching\ApcCache::getValues()` now returns array in case of APC is installed but not enabled in CLI mode (samdark, cebe)
+- Bug #4889: Application was getting into redirect loop when user wasn't allowed accessing login page. Now shows 403 (samdark)
 - Bug #5402: Debugger was not loading when there were closures in asset classes (samdark)
 - Bug #5570: `yii\bootstrap\Tabs` would throw an exception if `content` is not set for one of its `items` (RomeroMsk)
 - Bug #5584: `yii\rbac\DbRbacManager` should not delete items when deleting a rule on a database not supporting cascade update (mdmunir)

--- a/framework/web/User.php
+++ b/framework/web/User.php
@@ -422,10 +422,12 @@ class User extends Component
            $this->setReturnUrl($request->getUrl());
        }
        if ($this->loginUrl !== null) {
-            return Yii::$app->getResponse()->redirect($this->loginUrl);
+            $loginUrl = (array)$this->loginUrl;
-        } else {
+            if ($loginUrl[0] !== Yii::$app->requestedRoute) {
-            throw new ForbiddenHttpException(Yii::t('yii', 'Login Required'));
+                return Yii::$app->getResponse()->redirect($this->loginUrl);
+            }
        }
+        throw new ForbiddenHttpException(Yii::t('yii', 'Login Required'));
    }
    /**