Skip to content
Permalink
Browse files

Login redirect fix for tab safe re-login using query string.

  • Loading branch information...
dereuromark committed Sep 5, 2016
1 parent 8932977 commit cfadb8f284d08a2784d2261fdbf21eda24e27e52
Showing with 96 additions and 112 deletions.
  1. +32 −21 src/Controller/Component/AuthComponent.php
  2. +64 −91 tests/TestCase/Controller/Component/AuthComponentTest.php
@@ -364,15 +364,10 @@ protected function _unauthenticated(Controller $controller)
return $result;
}
if (!$this->storage()->redirectUrl()) {
$this->storage()->redirectUrl($this->request->here(false));
}
if (!$controller->request->is('ajax')) {
$this->flash($this->_config['authError']);
$this->storage()->redirectUrl($controller->request->here(false));
return $controller->redirect($this->_config['loginAction']);
return $controller->redirect($this->_loginActionRedirectUrl());
}
if (!empty($this->_config['ajaxLogin'])) {
@@ -390,6 +385,23 @@ protected function _unauthenticated(Controller $controller)
return $this->response;
}
/**
* @return array|string
*/
protected function _loginActionRedirectUrl()
{
$currentUrl = $this->request->here(false);
$loginAction = $this->_config['loginAction'];
if (is_array($loginAction)) {
$loginAction['?']['redirect'] = $currentUrl;
} else {
$loginAction .= '?redirect=' . rawurlencode($currentUrl);
}
return $loginAction;
}
/**
* Normalizes config `loginAction` and checks if current request URL is same as login action.
*
@@ -660,7 +672,6 @@ public function logout()
}
$user = (array)$this->user();
$this->dispatchEvent('Auth.logout', [$user]);
$this->storage()->redirectUrl(false);
$this->storage()->delete();
return Router::normalize($this->_config['logoutRedirect']);
@@ -700,8 +711,6 @@ protected function _getUser()
{
$user = $this->user();
if ($user) {
$this->storage()->redirectUrl(false);
return true;
}
@@ -745,25 +754,27 @@ protected function _getUser()
*/
public function redirectUrl($url = null)
{
if ($url !== null) {
$redir = $url;
$this->storage()->redirectUrl($redir);
} elseif ($redir = $this->storage()->redirectUrl()) {
$this->storage()->redirectUrl(false);
$redirectUrl = $this->request->query('redirect');
if ($redirectUrl && (substr($redirectUrl, 0, 1) !== '/')) {
$redirectUrl = null;
}
if (Router::normalize($redir) === Router::normalize($this->_config['loginAction'])) {
$redir = $this->_config['loginRedirect'];
if ($url !== null) {
$redirectUrl = $url;
} elseif ($redirectUrl) {
if (Router::normalize($redirectUrl) === Router::normalize($this->_config['loginAction'])) {
$redirectUrl = $this->_config['loginRedirect'];
}
} elseif ($this->_config['loginRedirect']) {
$redir = $this->_config['loginRedirect'];
$redirectUrl = $this->_config['loginRedirect'];
} else {
$redir = '/';
$redirectUrl = '/';
}
if (is_array($redir)) {
return Router::url($redir + ['_base' => false]);
if (is_array($redirectUrl)) {
return Router::url($redirectUrl + ['_base' => false]);
}
return $redir;
return $redirectUrl;
}
/**
Oops, something went wrong.

0 comments on commit cfadb8f

Please sign in to comment.
You can’t perform that action at this time.