Render the Contao login page even if the current route is not a Contao page

[aschempp]

Fixed point 1 of #6805 for Contao 4.13

This must not be merged upstream!

[fritzmg]

I am not quite sure what to test here. Do you mean a custom controller that has a route starting with %contao.backend.route_prefix% but has no backend _scope?

[fritzmg]

I tried with

namespace App\Controller;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;

#[Route(path: '%contao.backend.route_prefix%/test')]
class TestController
{
    public function __invoke(): Response
    {
        return new Response('Hello World!');
    }
}

But this controller is always rendered, regardless of whether you have a valid back end login or not (as it should, I think?).

[aschempp]

This is not about the back end. I have a custom controller on a custom route, that has scope = frontend. The controller checks permissions using Symfony, which works fine because the front end firewall is active. But because it does not have a pageModel in the request attributes, the Contao 401 login page is not rendered if access is denied.

[fritzmg]

Ah, I see. I have the same issue within fritzmg/contao-file-access - I hacked it in by executing

$root = $this->findFirstPublishedRootByHostAndLanguage($request->getHost(), $request->getLocale());

if (null !== $root) {
    $root->loadDetails();
    $request->attributes->set('pageModel', $root);
    $GLOBALS['objPage'] = $root;
}

This means after this PR this should not be necessary anymore, correct?

[fritzmg]

I tested it - but it does not work if you set contao.legacy_routing: false. When Legacy Routing is disabled, Frontend::getRootPageFromUrl() will simply check for the pageModel attribute in the current request, which is of course missing.

contao/core-bundle/src/Resources/contao/classes/Frontend.php

Lines 302 to 321 in d26e0ce

	public static function getRootPageFromUrl()
	{
	if (!System::getContainer()->getParameter('contao.legacy_routing'))
	{
	$objRequest = System::getContainer()->get('request_stack')->getCurrentRequest();
	if ($objRequest instanceof Request)
	{
	$objPage = $objRequest->attributes->get('pageModel');
	if ($objPage instanceof PageModel)
	{
	$objPage->loadDetails();
	return PageModel::findByPk($objPage->rootId);
	}
	}
	throw new NoRootPageFoundException('No root page found');
	}

[aschempp]

Thanks @fritzmg. I have updated the PR to use other means to find the root page. The used method is deprecated, but since this is not going to be merged upstream I think that should be fine.

[fritzmg]

The used method is deprecated

Btw. which method do you mean? As far as I can see you did not use any deprecated methods 🤔

[leofeyer]

Wouldn‘t it be easier to backport the PageFinder service? This would also prevent conflicts when merging upstream.

[aschempp]

Wouldn‘t it be easier to backport the PageFinder service? This would also prevent conflicts when merging upstream.

I don‘t think its a good idea to backport this so late in the patch process…

[leofeyer]

Why not? It wouldn‘t break anything and it would ensure upstream mergeability, which is worth much more than following the "no new features in a bugfix release" rule. We could even make the service @internal in Contao 4.13, so that nobody uses it, if that is what you‘re worried about.

[fritzmg]

To be fair, it could also reduce duplicate code in Contao 4.13.

[aschempp]

The PageFinder is a feature, it allows a lot more than this bug fix requires. Not sure how we could fix the upstream mergeability issue, but that's a one-time thing, right? I would

1. merge everything before this PR upstream
2. merge this PR
3. merge upstream again, and remove all changes

That should do it?

[leofeyer]

Thank you @aschempp.