Ensure referrer is saved in session even when AuthComponent::$loginRe…

…direct is set. Clarified redirectUrl() docblock.
cakephp · Mar 27, 2013 · 342bf65 · 342bf65
1 parent 9d367e1
commit 342bf65
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 30 deletions.
diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
@@ -310,7 +310,7 @@ public function startup(Controller $controller) {
 
 		if ($loginAction == $url) {
 			if (empty($request->data)) {
-				if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
+				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
 					$this->Session->write('Auth.redirect', $controller->referer(null, true));
 				}
 			}
@@ -554,7 +554,7 @@ public function login($user = null) {
 	}
 
 /**
- * Log a user out. 
+ * Log a user out.
  *
  * Returns the login action to redirect to. Triggers the logout() method of
  * all the authenticate objects, so they can perform custom logout logic.
@@ -645,9 +645,17 @@ public function redirect($url = null) {
 /**
  * Get the URL a use should be redirected to upon login.
  *
- * If no parameter is passed, gets the authentication redirect URL. Pass a url in to
- * set the destination a user should be redirected to upon logging in. Will fallback to
- * AuthComponent::$loginRedirect if there is no stored redirect value.
+ * Pass a url in to set the destination a user should be redirected to upon
+ * logging in.
+ *
+ * If no parameter is passed, gets the authentication redirect URL. The url
+ * returned is as per following rules:
+ *
+ *  - Returns the session Auth.redirect value if it is present and for the same
+ *    domain the current app is running on.
+ *  - If there is no session value and there is a $loginRedirect, the $loginRedirect
+ *    value is returned.
+ *  - If there is no session and no $loginRedirect, / is returned.
  *
  * @param string|array $url Optional URL to write as the login redirect URL.
  * @return string Redirect URL
@@ -663,8 +671,10 @@ public function redirectUrl($url = null) {
 			if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
 				$redir = $this->loginRedirect;
 			}
-		} else {
+		} elseif ($this->loginRedirect) {
 			$redir = $this->loginRedirect;
+		} else {
+			$redir = '/';
 		}
 		return Router::normalize($redir);
 	}

diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -417,30 +417,6 @@ public function testLogin() {
 		$this->assertEquals($user, $this->Auth->user());
 	}
 
-/**
- * test that being redirected to the login page, with no post data does
- * not set the session value. Saving the session value in this circumstance
- * can cause the user to be redirected to an already public page.
- *
- * @return void
- */
-	public function testLoginActionNotSettingAuthRedirect() {
-		$_SERVER['HTTP_REFERER'] = '/pages/display/about';
-
-		$this->Controller->data = array();
-		$this->Controller->request->addParams(Router::parse('auth_test/login'));
-		$this->Controller->request->url = 'auth_test/login';
-		$this->Auth->Session->delete('Auth');
-
-		$this->Auth->loginRedirect = '/users/dashboard';
-		$this->Auth->loginAction = 'auth_test/login';
-		$this->Auth->userModel = 'AuthUser';
-
-		$this->Auth->startup($this->Controller);
-		$redirect = $this->Auth->Session->read('Auth.redirect');
-		$this->assertNull($redirect);
-	}
-
 /**
  * testAuthorizeFalse method
  *