Merge pull request #1671 from ADmad/bugfix/auth-infinite-redirect

Fixed infinite redirects when authenticated user tried to access login p...
2024-11-15 03:18:26 +00:00 · 2013-09-27 12:13:36 -07:00 · 2013-09-27 12:13:36 -07:00 · ceb78fee9c
commit ceb78fee9c
parent 355e2efbc6 4dbf9107a8
2 changed files with 33 additions and 13 deletions
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@ -304,7 +304,10 @@ class AuthComponent extends Component {
 			return $this->_unauthenticated($controller);
 		}

-		if (empty($this->authorize) || $this->isAuthorized($this->user())) {
+		if ($this->_isLoginAction($controller) ||
+			empty($this->authorize) ||
+			$this->isAuthorized($this->user())
+		) {
 			return true;
 		}

@ -347,6 +350,11 @@ class AuthComponent extends Component {
 		}

 		if ($this->_isLoginAction($controller)) {
+			if (empty($controller->request->data)) {
+				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
+					$this->Session->write('Auth.redirect', $controller->referer(null, true));
+				}
+			}
 			return true;
 		}

@ -367,9 +375,7 @@ class AuthComponent extends Component {
 	}

 /**
- * Normalizes $loginAction and checks if current request url is same as login
- * action. If current url is same as login action, referrer url is saved in session
- * which is later accessible using redirectUrl().
+ * Normalizes $loginAction and checks if current request url is same as login action.
 *
 * @param Controller $controller A reference to the controller object.
 * @return boolean True if current action is login action else false.
@ -382,15 +388,7 @@ class AuthComponent extends Component {
 		$url = Router::normalize($url);
 		$loginAction = Router::normalize($this->loginAction);

-		if ($loginAction == $url) {
-			if (empty($controller->request->data)) {
-				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
-					$this->Session->write('Auth.redirect', $controller->referer(null, true));
-				}
-			}
-			return true;
-		}
-		return false;
+		return $loginAction === $url;
 	}

 /**
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@ -876,6 +876,28 @@ class AuthComponentTest extends CakeTestCase {
 		$this->Auth->Session->delete('Auth');
 	}

+/**
+ * testNoLoginRedirectForAuthenticatedUser method
+ *
+ * @return void
+ */
+	public function testNoLoginRedirectForAuthenticatedUser() {
+		$this->Controller->request['controller'] = 'auth_test';
+		$this->Controller->request['action'] = 'login';
+		$this->Controller->here = '/auth_test/login';
+		$this->Auth->request->url = 'auth_test/login';
+
+		$this->Auth->Session->write('Auth.User.id', '1');
+		$this->Auth->authenticate = array('Form');
+		$this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false);
+		$this->Auth->authorize = array('NoLoginRedirectMockAuthorize');
+		$this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login');
+
+		$return = $this->Auth->startup($this->Controller);
+		$this->assertTrue($return);
+		$this->assertNull($this->Controller->testUrl);
+	}
+
 /**
 * Default to loginRedirect, if set, on authError.
 *