From 4dbf9107a89ce56180eb1226d2696e1aaa23ac30 Mon Sep 17 00:00:00 2001
From: ADmad <admad.coder@gmail.com>
Date: Tue, 24 Sep 2013 13:46:31 +0530
Subject: [PATCH] Fixed infinite redirects for authenticated users accessing
 login page.

---
 .../Controller/Component/AuthComponent.php    | 24 +++++++++----------
 .../Component/AuthComponentTest.php           | 22 +++++++++++++++++
 2 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index fe1f1e8af..2a0097921 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -304,7 +304,10 @@ class AuthComponent extends Component {
 			return $this->_unauthenticated($controller);
 		}
 
-		if (empty($this->authorize) || $this->isAuthorized($this->user())) {
+		if ($this->_isLoginAction($controller) ||
+			empty($this->authorize) ||
+			$this->isAuthorized($this->user())
+		) {
 			return true;
 		}
 
@@ -347,6 +350,11 @@ class AuthComponent extends Component {
 		}
 
 		if ($this->_isLoginAction($controller)) {
+			if (empty($controller->request->data)) {
+				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
+					$this->Session->write('Auth.redirect', $controller->referer(null, true));
+				}
+			}
 			return true;
 		}
 
@@ -367,9 +375,7 @@ class AuthComponent extends Component {
 	}
 
 /**
- * Normalizes $loginAction and checks if current request url is same as login
- * action. If current url is same as login action, referrer url is saved in session
- * which is later accessible using redirectUrl().
+ * Normalizes $loginAction and checks if current request url is same as login action.
  *
  * @param Controller $controller A reference to the controller object.
  * @return boolean True if current action is login action else false.
@@ -382,15 +388,7 @@ class AuthComponent extends Component {
 		$url = Router::normalize($url);
 		$loginAction = Router::normalize($this->loginAction);
 
-		if ($loginAction == $url) {
-			if (empty($controller->request->data)) {
-				if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
-					$this->Session->write('Auth.redirect', $controller->referer(null, true));
-				}
-			}
-			return true;
-		}
-		return false;
+		return $loginAction === $url;
 	}
 
 /**
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index 1fcf626bb..89826f5a2 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -876,6 +876,28 @@ class AuthComponentTest extends CakeTestCase {
 		$this->Auth->Session->delete('Auth');
 	}
 
+/**
+ * testNoLoginRedirectForAuthenticatedUser method
+ *
+ * @return void
+ */
+	public function testNoLoginRedirectForAuthenticatedUser() {
+		$this->Controller->request['controller'] = 'auth_test';
+		$this->Controller->request['action'] = 'login';
+		$this->Controller->here = '/auth_test/login';
+		$this->Auth->request->url = 'auth_test/login';
+
+		$this->Auth->Session->write('Auth.User.id', '1');
+		$this->Auth->authenticate = array('Form');
+		$this->getMock('BaseAuthorize', array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false);
+		$this->Auth->authorize = array('NoLoginRedirectMockAuthorize');
+		$this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login');
+
+		$return = $this->Auth->startup($this->Controller);
+		$this->assertTrue($return);
+		$this->assertNull($this->Controller->testUrl);
+	}
+
 /**
  * Default to loginRedirect, if set, on authError.
  *