AuthComponent should only compare paths.

request->getRequestTarget() returns query string data in addition to the path. This causes comparison issues with loginAction that is generally path only. Refs #11943
cakephp · Apr 17, 2018 · 55d8332 · 55d8332
1 parent 887dc4d
commit 55d8332
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/src/Controller/Component/AuthComponent.php b/src/Controller/Component/AuthComponent.php
@@ -439,8 +439,8 @@ protected function _loginActionRedirectUrl()
      */
     protected function _isLoginAction(Controller $controller)
     {
-        $url = $controller->request->getRequestTarget();
-        $url = Router::normalize($url);
+        $uri = $controller->request->getUri();
+        $url = Router::normalize($uri->getPath());
         $loginAction = Router::normalize($this->_config['loginAction']);
 
         return $loginAction === $url;

diff --git a/tests/TestCase/Controller/Component/AuthComponentTest.php b/tests/TestCase/Controller/Component/AuthComponentTest.php
@@ -830,6 +830,36 @@ public function testNoLoginRedirectForAuthenticatedUser()
         $this->assertNull($this->Controller->testUrl);
     }
 
+    /**
+     * testNoLoginRedirectForAuthenticatedUser method
+     *
+     * @return void
+     * @triggers Controller.startup $this->Controller
+     */
+    public function testStartupLoginActionIgnoreQueryString()
+    {
+        $request = new ServerRequest([
+            'params' => [
+                'plugin' => null,
+                'controller' => 'auth_test',
+                'action' => 'login'
+            ],
+            'query' => ['redirect' => '/admin/articles'],
+            'url' => '/auth_test/login?redirect=%2Fadmin%2Farticles',
+            'session' => $this->Auth->session
+        ]);
+        $this->Controller->request = $request;
+
+        $this->Auth->session->clear();
+        $this->Auth->setConfig('authenticate', ['Form']);
+        $this->Auth->setConfig('authorize', false);
+        $this->Auth->setConfig('loginAction', ['controller' => 'auth_test', 'action' => 'login']);
+
+        $event = new Event('Controller.startup', $this->Controller);
+        $return = $this->Auth->startup($event);
+        $this->assertNull($return);
+    }
+
     /**
      * Default to loginRedirect, if set, on authError.
      *