[FEATURE] Introduce ErrorHandler for 403 errors with redirect option

[TYPO3IncTeam]

ℹ️ View this commit on Github
👥 Authored by Torben Hansen [email protected]
✔️ Merged by Georg Ringer [email protected]

Commit message

[FEATURE] Introduce ErrorHandler for 403 errors with redirect option

When TYPO3 is configured to create links to access protected pages
using typolinkLinkAccessRestrictedPages = NONE (which is default),
a 403 response is returned, if the current frontend request does not
fulfill configured access permissions.

This change introduces a new Site errorHandler, which can be used
to handle 403 responses for access restricted pages and which
redirects the user to a configured page and adds a configurable
GET parameter (return_url or redirect_url) containing the original
URL. The configurable GET parameter can be used by 3rd party extensions
to redirect the user back to the original URL after a successful
login.

The TYPO3 extensions ext:felogin and ext:oidc both support the
configurable redirect parameter introduced in the new Site
errorHandler feature.

Resolves: #101252
Releases: main
Signed-off-by: Torben Hansen [email protected]
Change-Id: I06d8e384c5519975efdc8803c98c0a92a56a7653
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81945
Tested-by: core-ci [email protected]
Reviewed-by: Garvin Hicking [email protected]
Tested-by: Garvin Hicking [email protected]
Reviewed-by: Georg Ringer [email protected]
Reviewed-by: Markus Klein [email protected]
Tested-by: Georg Ringer [email protected]

➕ Added files

13.3/Feature-101252-IntroduceErrorHandlerFor403ErrorsWithRedirectOption.rst

.. include:: /Includes.rst.txt

.. _feature-101252-1715447531:

=============================================================================
Feature: #101252 - Introduce ErrorHandler for 403 errors with redirect option
=============================================================================

See :issue:`101252`

Description
===========

The new error handler :php:`RedirectLoginErrorHandler` has been added,
which makes it possible to redirect the user to a configurable page.

Requesting a login-protected URL would usually return a generic HTTP 403 error
in case of a missing fulfilled access permissions and the configuration
:php:`typolinkLinkAccessRestrictedPages = NONE` (default)
is set.

By enabling this new handler via the site settings, the 403 response
can be handled and a custom redirect can be performed.

The :php:`RedirectLoginErrorHandler` allows to define a
:php:`loginRedirectTarget`, which must be configured to the page, where the
login process is handled. Additionally, the :php:`loginRedirectParameter`
must be set to the URL parameter that will be used to hand over the original
URL to the target page.

The redirect is ensures that the original URL is added to the configured GET
parameter :php:`loginRedirectParameter`, so that the user can be redirected
back to the original page after a successful login.

The error handler allows :php:`return_url` or :php:`redirect_url` as values
for :php:`loginRedirectParameter`. Those values are used in extensions like
`EXT:felogin` or `EXT:oidc`.

..  important::

    Redirection to the originating URL via URI arguments requires that
    extensions like `EXT:felogin` are configured to allow these redirect modes
    (for example via
    :typoscript:`plugin.tx_felogin_login.settings.redirectMode=getpost,loginError`)

The new error handler works (with some minor exceptions) similar to the
"Forbidden (HTTP Status 403)" handler in TYPO3 extension `EXT:sierrha`.
It will still emit generic 403 HTTP error messages in certain scenarios,
like when a user is already logged in, but the permissions are not
satisfied.

Impact
======

It is now possible to configure a login redirection process when a user has no
access to a page and a 403 error is thrown, so that after login the
originating URL is requested again. Previously, this required custom
Middlewares or implementations of :php:`PageErrorHandlerInterface`.

.. index:: Frontend, ext:core