Defect #43350
Updated by Go MAEDA 12 days ago
Summary Visiting /login returns 500. AccountController#login raises NameError for an undefined method no_store. This does not occur on PCs, but when accessed via smartphone, Steps to reproduce Visit /login?back_url=https://redmine.example.com/ while logged out Observe 500 Internal Server Error Actual result (log excerpt) (paste the masked log above) Expected result Login page renders with 200 OK. <pre> ``` I, [2025-10-13T11:49:22.511469 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Started GET "/login?back_url=https%3A%2F%2Fredmine.example.com%2F" for 0.0.0.0 at 2025-10-13 11:49:22 +0900 I, [2025-10-13T11:49:22.512771 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Processing by AccountController#login as HTML I, [2025-10-13T11:49:22.512839 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Parameters: {"back_url"=>"https://redmine.example.com/"} I, [2025-10-13T11:49:22.516355 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Current user: anonymous I, [2025-10-13T11:49:22.539509 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Completed 500 Internal Server Error in 27ms (ActiveRecord: 0.8ms | Allocations: 10959) F, [2025-10-13T11:49:22.541224 #3949158] FATAL -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] [44ae2f65-0842-4be5-a880-4ea141ca635e] NameError (undefined local variable or method `no_store' for #<AccountController:0x0000000003c2f8> no_store ^^^^^^^^): [44ae2f65-0842-4be5-a880-4ea141ca635e] [44ae2f65-0842-4be5-a880-4ea141ca635e] app/controllers/account_controller.rb:39:in `login' [44ae2f65-0842-4be5-a880-4ea141ca635e] lib/redmine/sudo_mode.rb:61:in `sudo_mode' </pre> ``` <pre> ``` Environment: Redmine version 5.1.10.stable Ruby version 3.1.5-p252 (2024-04-23) [x86_64-linux] Rails version 6.1.7.10 Environment production Database adapter PostgreSQL Mailer queue ActiveJob::QueueAdapters::AsyncAdapter Mailer delivery smtp </pre> ``` We have confirmed that the issue is resolved with the following patch. <pre> ``` grep -R --line-number "\bno_store\b" app plugins app/controllers/twofa_backup_codes_controller.rb:40: no_store app/controllers/twofa_backup_codes_controller.rb:68: no_store app/controllers/auth_sources_controller.rb:35: no_store app/controllers/auth_sources_controller.rb:43: no_store app/controllers/auth_sources_controller.rb:49: no_store app/controllers/auth_sources_controller.rb:58: no_store app/controllers/users_controller.rb:129: no_store app/controllers/users_controller.rb:167: no_store app/controllers/users_controller.rb:182: no_store app/controllers/users_controller.rb:221: no_store app/controllers/my_controller.rb:118: no_store app/controllers/twofa_controller.rb:50: no_store app/controllers/account_controller.rb:39: no_store app/controllers/account_controller.rb:99: no_store app/controllers/account_controller.rb:175: no_store app/controllers/account_controller.rb:225: no_store app/controllers/repositories_controller.rb:44: no_store app/controllers/repositories_controller.rb:51: no_store app/controllers/repositories_controller.rb:57: no_store app/controllers/repositories_controller.rb:65: no_store </pre> ``` <pre><code class="shell"> ```sh # target file list files=( "app/controllers/twofa_backup_codes_controller.rb" "app/controllers/auth_sources_controller.rb" "app/controllers/users_controller.rb" "app/controllers/my_controller.rb" "app/controllers/twofa_controller.rb" "app/controllers/repositories_controller.rb" "app/controllers/account_controller.rb" ) # file bakcup & replace for file in "${files[@]}"; do cp "$file" "$file.backup" sed -i 's/^\(\s*\)no_store$/\1response.headers["Cache-Control"] = "no-store"/' "$file" echo "Modified: $file" done </code></pre> ```