after first OAuth logout, impossible to login again

[restena-sw]

Prerequisites

• I have searched for duplicate or closed issues
• I can recreate the issue with all plugins disabled

Describe the issue

We are running 1.7-RC2 with OAuth authentication exclusively ($config['oauth_login_redirect'] = true;). The setup works: you can login, use OAuth tokens for the backend email servers, and finally log out via the logout button.

However, after a logout, it is impossible to log in again. One can successfully log in again on the IdP side, but RC immediately executes the _task=logout task and the session ends immediately.

Steps to reproduce:

• log in
• log out
• try to log in

Alternatively, go to the ?_task=logout page initially, log in, and observe how you are being logged out. Afterwards, even going to the base installation URL "remembers" the fact the next action to perform after logging in again is the logout action.

What browser(s) are you seeing the problem on?

Chrome, Firefox

What version of PHP are you using?

8.4

What version of Roundcube are you using?

1.7-RC2

JavaScript errors

No response

PHP errors

No response

[alecpl]

How about this?

--- a/program/include/rcmail_oauth.php
+++ b/program/include/rcmail_oauth.php
@@ -1347,7 +1347,7 @@ class rcmail_oauth
         // We store just the query string (not full URL) so it can be used directly with $_POST['_url']
         if (!empty($_SERVER['QUERY_STRING']) && !$this->rcmail->output->ajax_call) {
             // Only store if it's not a login or oauth action (prevents redirect loops)
-            if (!preg_match('/(_task=login|_action=oauth)/', $_SERVER['QUERY_STRING'])) {
+            if (!preg_match('/(_task=login|_task=logout|_action=oauth)/', $_SERVER['QUERY_STRING'])) {
                 $_SESSION['oauth_redirect_uri'] = $_SERVER['QUERY_STRING'];
                 $this->log_debug('storing original query string for post-auth redirect: %s', $_SERVER['QUERY_STRING']);
             }

[alecpl]

Patch merged.