@@ -3,11 +3,11 @@ class Cms::SessionsController < Cms::ApplicationController before_filter :redirect_to_cms_site, :only => [:new] layout "cms/login" - + def new - + end - + def create logout_keeping_session! user = User.authenticate(params[:login], params[:password]) @@ -21,7 +21,7 @@ class Cms::SessionsController < Cms::ApplicationController handle_remember_cookie! new_cookie_flag flash[:notice] = "Logged in successfully" if params[:success_url] # Coming from login portlet - redirect_to((!params[:success_url].blank? && params[:success_url]) || session[:return_to] || "/") + redirect_to((!params[:success_url].blank? && params[:success_url]) || session[:return_to] || "/") session[:return_to] = nil else redirect_back_or_default(cms_home_url) @@ -30,7 +30,7 @@ class Cms::SessionsController < Cms::ApplicationController note_failed_signin @login = params[:login] @remember_me = params[:remember_me] - flash[:login_error] = "Log in failed" + flash[:login_error] = "Log in failed" if params[:success_url] # Coming from login portlet if params[:success_url].blank? success_url = session[:return_to] || "/" @@ -42,23 +42,30 @@ class Cms::SessionsController < Cms::ApplicationController flash[:success_url] = success_url redirect_to request.referrer else - render :action => "new" - end + render :action => "new" + end end end def destroy + logout_user + redirect_back_or_default("/") + end + + protected + + # Pulled this out as a separate method so that modules (like bcms_cas) can override/alias destroy and + # not have a redirect happen as a side effect. + def logout_user logout_killing_session! cookies.delete :openSectionNodes flash[:notice] = "You have been logged out." - redirect_back_or_default("/") end -protected # Track failed login attempts def note_failed_signin flash[:error] = "Couldn't log you in as '#{params[:login]}'" logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}" end - + end app/controllers/cms/sessions_controller.rb @@ -67,5 +67,10 @@ class Cms::SessionsControllerCacheEnabledTest < ActionController::TestCase log @response.body assert_select "title", "CMS Login" end - + + test "destroy" do + Cms::SessionsController.any_instance.expects(:logout_user) + delete :destroy + assert_redirected_to "/" + end end test/functional/cms/sessions_controller_test.rb 1c71ae0a39a00f7945ca68df1271a325f1da5f0d peakpg peakpg@gmail.com http://github.com/browsermedia/browsercms/commit/df8e5f18f0aedf5c753f2deff20def32c3e17eb0 df8e5f18f0aedf5c753f2deff20def32c3e17eb0 2009-11-05T09:20:58-08:00 2009-11-05T09:20:58-08:00 Added a hook method for SessionController (primary for CAS module) 4cbc31cf3ed45679de521ad75c48cfb16039fa65 peakpg peakpg@gmail.com