Permalink
Browse files

Ensure referrer is saved in session even when AuthComponent::$loginRe…

…direct is set.

Clarified redirectUrl() docblock.
  • Loading branch information...
ADmad committed Mar 26, 2013
1 parent 9d367e1 commit 342bf658111ded4606a9f3292dfd38b2561b8438
@@ -310,7 +310,7 @@ public function startup(Controller $controller) {
if ($loginAction == $url) {
if (empty($request->data)) {
if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
$this->Session->write('Auth.redirect', $controller->referer(null, true));
}
}
@@ -554,7 +554,7 @@ public function login($user = null) {
}
/**
* Log a user out.
* Log a user out.
*
* Returns the login action to redirect to. Triggers the logout() method of
* all the authenticate objects, so they can perform custom logout logic.
@@ -645,9 +645,17 @@ public function redirect($url = null) {
/**
* Get the URL a use should be redirected to upon login.
*
* If no parameter is passed, gets the authentication redirect URL. Pass a url in to
* set the destination a user should be redirected to upon logging in. Will fallback to
* AuthComponent::$loginRedirect if there is no stored redirect value.
* Pass a url in to set the destination a user should be redirected to upon
* logging in.
*
* If no parameter is passed, gets the authentication redirect URL. The url
* returned is as per following rules:
*
* - Returns the session Auth.redirect value if it is present and for the same
* domain the current app is running on.
* - If there is no session value and there is a $loginRedirect, the $loginRedirect
* value is returned.
* - If there is no session and no $loginRedirect, / is returned.
*
* @param string|array $url Optional URL to write as the login redirect URL.
* @return string Redirect URL
@@ -663,8 +671,10 @@ public function redirectUrl($url = null) {
if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
$redir = $this->loginRedirect;
}
} else {
} elseif ($this->loginRedirect) {
$redir = $this->loginRedirect;
} else {
$redir = '/';
}
return Router::normalize($redir);
}
@@ -417,30 +417,6 @@ public function testLogin() {
$this->assertEquals($user, $this->Auth->user());
}
/**
* test that being redirected to the login page, with no post data does
* not set the session value. Saving the session value in this circumstance
* can cause the user to be redirected to an already public page.
*
* @return void
*/
public function testLoginActionNotSettingAuthRedirect() {
$_SERVER['HTTP_REFERER'] = '/pages/display/about';
$this->Controller->data = array();
$this->Controller->request->addParams(Router::parse('auth_test/login'));
$this->Controller->request->url = 'auth_test/login';
$this->Auth->Session->delete('Auth');
$this->Auth->loginRedirect = '/users/dashboard';
$this->Auth->loginAction = 'auth_test/login';
$this->Auth->userModel = 'AuthUser';
$this->Auth->startup($this->Controller);
$redirect = $this->Auth->Session->read('Auth.redirect');
$this->assertNull($redirect);
}
/**
* testAuthorizeFalse method
*

0 comments on commit 342bf65

Please sign in to comment.