TYPO3 access restricted pages - redirect after login

Question

is there any actual best practice for restricted pages, login and redirects?

I found a lot of examples but all for older TYPO3 / felogin /.... versions (without site configuration)

I have the following scenario:

I have a several restricted pages and one login page (felogin)

I want to be able to deep link (e.g. send per Mail) to restricted pages - if the user is not logged in, the login form should be displayed - after successful login/registration the deep linked page should be displayed.

I use TYPO3 9.5 and in the site configuration I added 403 handling to display content of my login page.

This step works fine - the login page is shown.

I configured referrer and GET/POST redirection in the felogin plugin but these are not working.

Does anyone have an example how I could redirect to the original called (restricted) page after successful login/registration?

Thank you

Christian

Answer 1

For GET/POST redirection you need the URL-parameter &return_url=. Maybe you could try to rewrite the GET-params in your 403-handler to include that. That might be gold.

This is how I do it: (login page has uid=81)

• Site config: (show content from login page)

  errorHandling:
    - errorCode: '403'
      errorHandler: Page
      errorContentSource: 't3://page?uid=81'
  ...
  

• TypoScript:

  config {
    typolinkLinkAccessRestrictedPages = 81
    typolinkLinkAccessRestrictedPages_addParams = &return_url=###RETURN_URL###&pageId=###PAGE_ID###
  }
  # all plugin configuration via TypoScript. plugin settings in the backend unchanged.
  plugin.tx_felogin_pi1 {
    redirectMode = getpost,login
    redirectFirstMethod = 1
    linkConfig.parameter = 81
    redirectPageLogin = 96
    ...
  }
  

• Logout link: <f:link.page pageUid="81" title="Logout" additionalParams="{logintype: 'logout'}">...</f:link.page>

Pros:

• works for all pages when using typolink (so all default menus, links, ...)
• you can share the URL via eMail etc.

Cons:

• when visiting the access-restricted page directly, you'll see the login page. Yet after logging in, you'll be redirected to the configured "redirectPageLogin" page (96). If I leave out that configuration though, there will be no redirect at all, so the user stays on the login page.

So I am not 100% happy with it. Let's gather best practice examples here. Feedback welcome.

Answer 2

With help from the Slack channel I ended up with a solution with redirects to whichever access restricted page was requested by the user:

It works for TYPO3 v9+

In the site configuration (config.yaml):

errorHandling:
  -
    errorCode: '403'
    errorHandler: PHP
    errorPhpClassFQCN: Vendor\ExtName\Error\ErrorHandling

In the setup.typoscript of the extension felogin:

config.typolinkLinkAccessRestrictedPages = {$plugin.tx_extname.settings.loginPid}
config.typolinkLinkAccessRestrictedPages_addParams = &return_url=###RETURN_URL###

// Redirect after login on Login page to previous page
plugin.tx_felogin_pi1 {
  showLogoutFormAfterLogin = 0
  redirectMode = getpost,referer
  redirectFirstMethod = 1
}

In my extension (here named `Vendor\ExtName`):

<?php

namespace Vendor\ExtName\Error;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Error\PageErrorHandler\PageErrorHandlerInterface;
use TYPO3\CMS\Core\Http\RedirectResponse;
use TYPO3\CMS\Core\Utility\GeneralUtility;

class ErrorHandling implements PageErrorHandlerInterface
{

    /**
     * @param ServerRequestInterface $request
     * @param string $message
     * @param array $reasons
     * @return ResponseInterface
     */
    public function handlePageError(
        ServerRequestInterface $request,
        string $message,
        array $reasons = []
    ): ResponseInterface {

        //check whether user is logged in
        $context = GeneralUtility::makeInstance(Context::class);
        if($context->getPropertyFromAspect('frontend.user', 'isLoggedIn')){
            //show page with info that the access restricted page can't be visited because of missing access rights
            return new RedirectResponse('/zugang-verweigert');
        }
        return new RedirectResponse('/login?return_url=' . $request->getUri()->getPath(), 403);
    }

}

Answer 3

I did not add usergroup access rights to the pages which should be protected. Instead of this I added a template to the root of the protected pages, containing:

[page["uid"] != 2 && usergroup(1) == false]
    page.config >
    page.config.additionalHeaders.10 {
        header = Location: https://myurl.tld/login
    }
[end]

All direct accesses to a protected page without a valid FE user session of usergroup 1 will be redirected to the login page (UID = 2).

It implies that a page tree branch contains all protected pages. And page in the template must be the array containing the PAGE object of course...

This works fine with TYPO3 V9.5.