When I choose the option to send agent a password reset email (Admin Panel > Agents > [name] > Set Password > "Send the agent a password reset email"), the resultant link that the agent receives puts the browser into a redirect loop between index.php and login.php. Eventually the browser gives up with ERR_TOO_MANY_REDIRECTS. Have tested this in Chrome, Edge, and Firefox, all with same results. Reviewing the Apache logs, I can see the back-and-forth redirecting between the two pages as the browser keeps bouncing between them.
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/pwreset.php?token=[redacted token] HTTP/1.1" 302 2968 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/login.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/login.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/login.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/login.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/login.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
[redacted IP] - - [08/Sep/2021:11:43:56 -0400] "GET /scp/index.php HTTP/1.1" 302 431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.38"
This issue was not occurring prior to upgrade to v1.15 from v1.14. The Apache server's configuration remains the same as it was prior to the upgrade. I do believe there is a bug somewhere in the code that is kicking off this redirect loop.
In scp/login.php, there is some code that (maybe?) is involved in this process, but I am not familiar enough with the application's structure to understand the function/purpose/intent:
$redirect = function($url) use ($json) {
if ($json)
Http::response(200, JsonDataEncoder::encode(array(
'status' => 302, 'redirect' => $url)), 'application/json');
else
Http::redirect($url);
};
