Browse files

Ensure referrer is saved in session even when AuthComponent::$loginRe…

…direct is set.

Clarified redirectUrl() docblock.
  • Loading branch information...
1 parent 9d367e1 commit 342bf658111ded4606a9f3292dfd38b2561b8438 @ADmad ADmad committed Mar 26, 2013
View
22 lib/Cake/Controller/Component/AuthComponent.php
@@ -310,7 +310,7 @@ public function startup(Controller $controller) {
if ($loginAction == $url) {
if (empty($request->data)) {
- if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
+ if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
$this->Session->write('Auth.redirect', $controller->referer(null, true));
}
}
@@ -554,7 +554,7 @@ public function login($user = null) {
}
/**
- * Log a user out.
+ * Log a user out.
*
* Returns the login action to redirect to. Triggers the logout() method of
* all the authenticate objects, so they can perform custom logout logic.
@@ -645,9 +645,17 @@ public function redirect($url = null) {
/**
* Get the URL a use should be redirected to upon login.
*
- * If no parameter is passed, gets the authentication redirect URL. Pass a url in to
- * set the destination a user should be redirected to upon logging in. Will fallback to
- * AuthComponent::$loginRedirect if there is no stored redirect value.
+ * Pass a url in to set the destination a user should be redirected to upon
+ * logging in.
+ *
+ * If no parameter is passed, gets the authentication redirect URL. The url
+ * returned is as per following rules:
+ *
+ * - Returns the session Auth.redirect value if it is present and for the same
+ * domain the current app is running on.
+ * - If there is no session value and there is a $loginRedirect, the $loginRedirect
+ * value is returned.
+ * - If there is no session and no $loginRedirect, / is returned.
*
* @param string|array $url Optional URL to write as the login redirect URL.
* @return string Redirect URL
@@ -663,8 +671,10 @@ public function redirectUrl($url = null) {
if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
$redir = $this->loginRedirect;
}
- } else {
+ } elseif ($this->loginRedirect) {
$redir = $this->loginRedirect;
+ } else {
+ $redir = '/';
}
return Router::normalize($redir);
}
View
24 lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -418,30 +418,6 @@ public function testLogin() {
}
/**
- * test that being redirected to the login page, with no post data does
- * not set the session value. Saving the session value in this circumstance
- * can cause the user to be redirected to an already public page.
- *
- * @return void
- */
- public function testLoginActionNotSettingAuthRedirect() {
- $_SERVER['HTTP_REFERER'] = '/pages/display/about';
-
- $this->Controller->data = array();
- $this->Controller->request->addParams(Router::parse('auth_test/login'));
- $this->Controller->request->url = 'auth_test/login';
- $this->Auth->Session->delete('Auth');
-
- $this->Auth->loginRedirect = '/users/dashboard';
- $this->Auth->loginAction = 'auth_test/login';
- $this->Auth->userModel = 'AuthUser';
-
- $this->Auth->startup($this->Controller);
- $redirect = $this->Auth->Session->read('Auth.redirect');
- $this->assertNull($redirect);
- }
-
-/**
* testAuthorizeFalse method
*
* @return void

0 comments on commit 342bf65

Please sign in to comment.