Ensure referrer is saved in session even when AuthComponent::$loginRedirect is set.

ADmad · ADmad · commit 342bf658111d · 2013-03-27T15:11:02.000+05:30
Clarified redirectUrl() docblock.
diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
@@ -310,7 +310,7 @@ public function startup(Controller $controller) {
 
 		if ($loginAction == $url) {
 			if (empty($request->data)) {
-				if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
+				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
 					$this->Session->write('Auth.redirect', $controller->referer(null, true));
 				}
 			}
@@ -554,7 +554,7 @@ public function login($user = null) {
 	}
 
 /**
- * Log a user out. 
+ * Log a user out.
  *
  * Returns the login action to redirect to. Triggers the logout() method of
  * all the authenticate objects, so they can perform custom logout logic.
@@ -645,9 +645,17 @@ public function redirect($url = null) {
 /**
  * Get the URL a use should be redirected to upon login.
  *
- * If no parameter is passed, gets the authentication redirect URL. Pass a url in to
- * set the destination a user should be redirected to upon logging in. Will fallback to
- * AuthComponent::$loginRedirect if there is no stored redirect value.
+ * Pass a url in to set the destination a user should be redirected to upon
+ * logging in.
+ *
+ * If no parameter is passed, gets the authentication redirect URL. The url
+ * returned is as per following rules:
+ *
+ *  - Returns the session Auth.redirect value if it is present and for the same
+ *    domain the current app is running on.
+ *  - If there is no session value and there is a $loginRedirect, the $loginRedirect
+ *    value is returned.
+ *  - If there is no session and no $loginRedirect, / is returned.
  *
  * @param string|array $url Optional URL to write as the login redirect URL.
  * @return string Redirect URL
@@ -663,8 +671,10 @@ public function redirectUrl($url = null) {
 			if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
 				$redir = $this->loginRedirect;
 			}
-		} else {
+		} elseif ($this->loginRedirect) {
 			$redir = $this->loginRedirect;
+		} else {
+			$redir = '/';
 		}
 		return Router::normalize($redir);
 	}
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -417,30 +417,6 @@ public function testLogin() {
 		$this->assertEquals($user, $this->Auth->user());
 	}
 
-/**
- * test that being redirected to the login page, with no post data does
- * not set the session value. Saving the session value in this circumstance
- * can cause the user to be redirected to an already public page.
- *
- * @return void
- */
-	public function testLoginActionNotSettingAuthRedirect() {
-		$_SERVER['HTTP_REFERER'] = '/pages/display/about';
-
-		$this->Controller->data = array();
-		$this->Controller->request->addParams(Router::parse('auth_test/login'));
-		$this->Controller->request->url = 'auth_test/login';
-		$this->Auth->Session->delete('Auth');
-
-		$this->Auth->loginRedirect = '/users/dashboard';
-		$this->Auth->loginAction = 'auth_test/login';
-		$this->Auth->userModel = 'AuthUser';
-
-		$this->Auth->startup($this->Controller);
-		$redirect = $this->Auth->Session->read('Auth.redirect');
-		$this->assertNull($redirect);
-	}
-
 /**
  * testAuthorizeFalse method
  *

Original file line number	Diff line number	Diff line change
`@@ -310,7 +310,7 @@ public function startup(Controller $controller) {`
`310`	`310`
`311`	`311`	`if ($loginAction == $url) {`
`312`	`312`	`if (empty($request->data)) {`
`313`		`- if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {`
	`313`	`+ if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {`
`314`	`314`	`$this->Session->write('Auth.redirect', $controller->referer(null, true));`
`315`	`315`	`}`
`316`	`316`	`}`
`@@ -554,7 +554,7 @@ public function login($user = null) {`
`554`	`554`	`}`
`555`	`555`
`556`	`556`	`/**`
`557`		`- * Log a user out.`
	`557`	`+ * Log a user out.`
`558`	`558`	`*`
`559`	`559`	`* Returns the login action to redirect to. Triggers the logout() method of`
`560`	`560`	`* all the authenticate objects, so they can perform custom logout logic.`
`@@ -645,9 +645,17 @@ public function redirect($url = null) {`
`645`	`645`	`/**`
`646`	`646`	`* Get the URL a use should be redirected to upon login.`
`647`	`647`	`*`
`648`		`- * If no parameter is passed, gets the authentication redirect URL. Pass a url in to`
`649`		`- * set the destination a user should be redirected to upon logging in. Will fallback to`
`650`		`- * AuthComponent::$loginRedirect if there is no stored redirect value.`
	`648`	`+ * Pass a url in to set the destination a user should be redirected to upon`
	`649`	`+ * logging in.`
	`650`	`+ *`
	`651`	`+ * If no parameter is passed, gets the authentication redirect URL. The url`
	`652`	`+ * returned is as per following rules:`
	`653`	`+ *`
	`654`	`+ * - Returns the session Auth.redirect value if it is present and for the same`
	`655`	`+ * domain the current app is running on.`
	`656`	`+ * - If there is no session value and there is a $loginRedirect, the $loginRedirect`
	`657`	`+ * value is returned.`
	`658`	`+ * - If there is no session and no $loginRedirect, / is returned.`
`651`	`659`	`*`
`652`	`660`	`* @param string\|array $url Optional URL to write as the login redirect URL.`
`653`	`661`	`* @return string Redirect URL`
`@@ -663,8 +671,10 @@ public function redirectUrl($url = null) {`
`663`	`671`	`if (Router::normalize($redir) == Router::normalize($this->loginAction)) {`
`664`	`672`	`$redir = $this->loginRedirect;`
`665`	`673`	`}`
`666`		`- } else {`
	`674`	`+ } elseif ($this->loginRedirect) {`
`667`	`675`	`$redir = $this->loginRedirect;`
	`676`	`+ } else {`
	`677`	`+ $redir = '/';`
`668`	`678`	`}`
`669`	`679`	`return Router::normalize($redir);`
`670`	`680`	`}`