Controller is not protected from anonymous users

Closes #1
adamlundrigan · Jun 27, 2014 · 5b04224 · 5b04224
1 parent f52ea9d
commit 5b04224
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/src/LdcUserProfile/Controller/ProfileController.php b/src/LdcUserProfile/Controller/ProfileController.php
@@ -24,6 +24,10 @@ class ProfileController extends AbstractActionController
 
     public function indexAction()
     {
+        if (!$this->zfcUserAuthentication()->hasIdentity()) {
+            return $this->redirect()->toRoute('zfcuser/login', array(), array('query' => array('redirect' => 'ldc-user-profile')));
+        }
+
         $form = $this->getService()->constructFormForUser($this->zfcUserAuthentication()->getIdentity());
 
         $vm = new ViewModel(array(

diff --git a/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php b/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php
@@ -34,6 +34,7 @@ public function setUp()
         $this->mockModuleOptions = new \LdcUserProfile\Options\ModuleOptions();
 
         $sl = new ServiceManager();
+        $sl->setAllowOverride(true);
         $sl->setService('zfcuser_user_service', $this->mockUserService);
         $sl->setService('ldc-user-profile_service', $this->mockProfileService);
         $sl->setService('ldc-user-profile_module_options', $this->mockModuleOptions);
@@ -59,8 +60,9 @@ public function setUp()
         $this->controller->setServiceLocator($sl);
         $this->controller->setEvent($this->event);
 
-        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity]');
+        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
         $this->mockUserPlugin->shouldReceive('getIdentity')->andReturn($this->mockUserEntity);
+        $this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(true);
 
         $this->mockUrlPlugin = \Mockery::mock('Zend\Mvc\Controller\Plugin\Url[fromRoute]');
         $this->mockUrlPlugin->shouldReceive('fromRoute')->andReturn('/');
@@ -188,4 +190,23 @@ public function testGetModuleOptionsPullsFromServiceLocatorWhenNotDefined()
         $this->controller->setServiceLocator($serviceLocator);
         $this->assertSame($this->mockOptions, $this->controller->getModuleOptions());
     }
+
+    public function testControllerIsProtectedFromUnauthorizedUsers()
+    {
+        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
+        $this->mockUserPlugin->shouldReceive('getIdentity')->andReturn(null);
+        $this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(false);
+        $this->controller->getPluginManager()->setService('zfcUserAuthentication', $this->mockUserPlugin);
+
+        $this->event->setResponse($this->controller->getResponse());
+
+        $this->mockProfileService = \Mockery::mock('LdcUserProfile\Service\ProfileService');
+        $this->mockProfileService->shouldReceive('constructFormForUser')->never();
+        $this->controller->getServiceLocator()->setService('ldc-user-profile_service', $this->mockProfileService);
+
+        $result = $this->controller->indexAction();
+
+        $this->assertInstanceOf('Zend\Http\Response', $result);
+        $this->assertTrue($result->isRedirect());
+    }
 }