Adding omitted return that would prevent users from reaching the logi…

…n page after being redirected to it. Tests added. Fixes #1542

cake/libs/controller/components/auth.php

@@ -311,6 +311,7 @@ public function startup($controller) {
 					$this->Session->write('Auth.redirect', $controller->referer(null, true));
 				}
 			}
+			return true;
 		} else {
 			if (!$this->_getUser()) {
 				if (!$request->is('ajax')) {
@@ -328,7 +329,6 @@ public function startup($controller) {
 				}
 			}
 		}
-
 		if (empty($this->authorize) || $this->isAuthorized()) {
 			return true;
 		}

cake/tests/cases/libs/controller/components/auth.test.php

@@ -866,6 +866,27 @@ function testLoginRedirect() {
 		$this->Auth->Session->delete('Auth');
 	}
 
+/**
+ * test that no redirects or authoization tests occur on the loginAction
+ *
+ * @return void
+ */
+	function testNoRedirectOnLoginAction() {
+		$controller = $this->getMock('Controller');
+		$controller->methods = array('login');
+
+		$url = '/AuthTest/login';
+		$this->Auth->request = $controller->request = new CakeRequest($url);
+		$this->Auth->request->addParams(Router::parse($url));
+		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->authorize = array('Controller');
+
+		$controller->expects($this->never())
+			->method('redirect');
+
+		$this->Auth->startup($controller);
+	}
+
 /**
  * Ensure that no redirect is performed when a 404 is reached
  * And the user doesn't have a session.