From 5b042242bf750fb81610498a428adcb6eb860726 Mon Sep 17 00:00:00 2001
From: Adam Lundrigan <adam@lundrigan.ca>
Date: Fri, 27 Jun 2014 12:34:23 -0230
Subject: [PATCH] Controller is not protected from anonymous users Closes #1

---
 .../Controller/ProfileController.php          |  4 ++++
 .../Controller/ProfileControllerTest.php      | 23 ++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/LdcUserProfile/Controller/ProfileController.php b/src/LdcUserProfile/Controller/ProfileController.php
index 596f046..0e826f6 100644
--- a/src/LdcUserProfile/Controller/ProfileController.php
+++ b/src/LdcUserProfile/Controller/ProfileController.php
@@ -24,6 +24,10 @@ class ProfileController extends AbstractActionController
 
     public function indexAction()
     {
+        if (!$this->zfcUserAuthentication()->hasIdentity()) {
+            return $this->redirect()->toRoute('zfcuser/login', array(), array('query' => array('redirect' => 'ldc-user-profile')));
+        }
+
         $form = $this->getService()->constructFormForUser($this->zfcUserAuthentication()->getIdentity());
 
         $vm = new ViewModel(array(
diff --git a/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php b/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php
index 9936440..a1f79a0 100644
--- a/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php
+++ b/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php
@@ -34,6 +34,7 @@ public function setUp()
         $this->mockModuleOptions = new \LdcUserProfile\Options\ModuleOptions();
 
         $sl = new ServiceManager();
+        $sl->setAllowOverride(true);
         $sl->setService('zfcuser_user_service', $this->mockUserService);
         $sl->setService('ldc-user-profile_service', $this->mockProfileService);
         $sl->setService('ldc-user-profile_module_options', $this->mockModuleOptions);
@@ -59,8 +60,9 @@ public function setUp()
         $this->controller->setServiceLocator($sl);
         $this->controller->setEvent($this->event);
 
-        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity]');
+        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
         $this->mockUserPlugin->shouldReceive('getIdentity')->andReturn($this->mockUserEntity);
+        $this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(true);
 
         $this->mockUrlPlugin = \Mockery::mock('Zend\Mvc\Controller\Plugin\Url[fromRoute]');
         $this->mockUrlPlugin->shouldReceive('fromRoute')->andReturn('/');
@@ -188,4 +190,23 @@ public function testGetModuleOptionsPullsFromServiceLocatorWhenNotDefined()
         $this->controller->setServiceLocator($serviceLocator);
         $this->assertSame($this->mockOptions, $this->controller->getModuleOptions());
     }
+
+    public function testControllerIsProtectedFromUnauthorizedUsers()
+    {
+        $this->mockUserPlugin = \Mockery::mock('ZfcUser\Controller\Plugin\ZfcUserAuthentication[getIdentity,hasIdentity]');
+        $this->mockUserPlugin->shouldReceive('getIdentity')->andReturn(null);
+        $this->mockUserPlugin->shouldReceive('hasIdentity')->andReturn(false);
+        $this->controller->getPluginManager()->setService('zfcUserAuthentication', $this->mockUserPlugin);
+
+        $this->event->setResponse($this->controller->getResponse());
+
+        $this->mockProfileService = \Mockery::mock('LdcUserProfile\Service\ProfileService');
+        $this->mockProfileService->shouldReceive('constructFormForUser')->never();
+        $this->controller->getServiceLocator()->setService('ldc-user-profile_service', $this->mockProfileService);
+
+        $result = $this->controller->indexAction();
+
+        $this->assertInstanceOf('Zend\Http\Response', $result);
+        $this->assertTrue($result->isRedirect());
+    }
 }