Fix double base directory in unauthorized redirects.

Turn off base path inclusion when the referrer is generated. In the case where there is no referrer header, we need to omit the base path as redirect() will add one in. Including a base path causes apps in sub-directories to behave incorrectly. Refs #7205
cakephp · Aug 17, 2015 · 5a4ab48 · 5a4ab48
1 parent 5643708
commit 5a4ab48
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/src/Controller/Component/AuthComponent.php b/src/Controller/Component/AuthComponent.php
@@ -405,6 +405,7 @@ protected function _unauthorized(Controller $controller)
             if (!empty($this->_config['loginRedirect'])) {
                 $default = $this->_config['loginRedirect'];
             }
+            $default['_base'] = false;
             $url = $controller->referer($default, true);
         } else {
             $url = $this->_config['unauthorizedRedirect'];

diff --git a/tests/TestCase/Controller/Component/AuthComponentTest.php b/tests/TestCase/Controller/Component/AuthComponentTest.php
@@ -734,24 +734,32 @@ public function testNoLoginRedirectForAuthenticatedUser()
     public function testDefaultToLoginRedirect()
     {
         $url = '/party/on';
-        $this->Auth->request = $Request = new Request($url);
-        $Request->env('HTTP_REFERER', false);
-        $this->Auth->request->addParams(Router::parse($url));
+        $this->Auth->request = $request = new Request($url);
+        $request->env('HTTP_REFERER', false);
+        $request->addParams(Router::parse($url));
+        $request->addPaths([
+            'base' => 'dirname',
+            'webroot' => '/dirname/',
+        ]);
+        Router::pushRequest($request);
+
         $this->Auth->config('authorize', ['Controller']);
         $this->Auth->setUser(['username' => 'mariano', 'password' => 'cake']);
         $this->Auth->config('loginRedirect', [
-            'controller' => 'something', 'action' => 'else'
+            'controller' => 'something',
+            'action' => 'else'
         ]);
 
         $response = new Response();
         $Controller = $this->getMock(
             'Cake\Controller\Controller',
             ['on', 'redirect'],
-            [$Request, $response]
+            [$request, $response]
         );
         $event = new Event('Controller.startup', $Controller);
 
-        $expected = Router::url($this->Auth->config('loginRedirect'));
+        // Should not contain basedir when redirect is called.
+        $expected = '/something/else';
         $Controller->expects($this->once())
             ->method('redirect')
             ->with($this->equalTo($expected));