diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7f42fff76..bb8dae56f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -195,7 +195,13 @@ class ApplicationController < ActionController::Base url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) end respond_to do |format| - format.html { redirect_to :controller => "account", :action => "login", :back_url => url } + format.html { + if request.xhr? + head :unauthorized + else + redirect_to :controller => "account", :action => "login", :back_url => url + end + } format.atom { redirect_to :controller => "account", :action => "login", :back_url => url } format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb index ff4655c48..aafc36159 100644 --- a/test/functional/welcome_controller_test.rb +++ b/test/functional/welcome_controller_test.rb @@ -136,4 +136,20 @@ class WelcomeControllerTest < ActionController::TestCase assert_equal [0, 100], @controller.api_offset_and_limit({:page => 1, :limit => 100}) assert_equal [200, 100], @controller.api_offset_and_limit({:page => 3, :limit => 100}) end + + def test_unhautorized_exception_with_anonymous_should_redirect_to_login + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + get :index + assert_response 302 + assert_redirected_to('/login?back_url='+CGI.escape('http://test.host/')) + end + + def test_unhautorized_exception_with_anonymous_and_xmlhttprequest_should_respond_with_401_to_anonymous + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest" + get :index + assert_response 401 + end end