Adding omitted return that would prevent users from reaching the login page after being redirected to it. Tests added. Fixes #1542

2024-11-15 11:28:25 +00:00 · 2011-02-17 07:44:41 -05:00 · 2011-02-17 07:44:41 -05:00 · 5c4854b897
commit 5c4854b897
parent c638443b4d
2 changed files with 22 additions and 1 deletions
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@ -311,6 +311,7 @@ class AuthComponent extends Component {
 					$this->Session->write('Auth.redirect', $controller->referer(null, true));
 				}
 			}
+			return true;
 		} else {
 			if (!$this->_getUser()) {
 				if (!$request->is('ajax')) {
@ -328,7 +329,6 @@ class AuthComponent extends Component {
 				}
 			}
 		}
-
 		if (empty($this->authorize) || $this->isAuthorized()) {
 			return true;
 		}
--- a/cake/tests/cases/libs/controller/components/auth.test.php
+++ b/cake/tests/cases/libs/controller/components/auth.test.php
@ -866,6 +866,27 @@ class AuthTest extends CakeTestCase {
 		$this->Auth->Session->delete('Auth');
 	}

+/**
+ * test that no redirects or authoization tests occur on the loginAction
+ *
+ * @return void
+ */
+	function testNoRedirectOnLoginAction() {
+		$controller = $this->getMock('Controller');
+		$controller->methods = array('login');
+		
+		$url = '/AuthTest/login';
+		$this->Auth->request = $controller->request = new CakeRequest($url);
+		$this->Auth->request->addParams(Router::parse($url));
+		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->authorize = array('Controller');
+
+		$controller->expects($this->never())
+			->method('redirect');
+
+		$this->Auth->startup($controller);
+	}
+
 /**
 * Ensure that no redirect is performed when a 404 is reached
 * And the user doesn't have a session.