Redirect user to the previous page after logging in (#1679).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1695 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
5564dfbbd5
commit
9f92554319
|
@ -15,6 +15,8 @@
|
||||||
# along with this program; if not, write to the Free Software
|
# along with this program; if not, write to the Free Software
|
||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
|
require 'uri'
|
||||||
|
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
before_filter :user_setup, :check_if_login_required, :set_localization
|
before_filter :user_setup, :check_if_login_required, :set_localization
|
||||||
filter_parameter_logging :password
|
filter_parameter_logging :password
|
||||||
|
@ -77,8 +79,7 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
def require_login
|
def require_login
|
||||||
if !User.current.logged?
|
if !User.current.logged?
|
||||||
store_location
|
redirect_to :controller => "account", :action => "login", :back_url => request.request_uri
|
||||||
redirect_to :controller => "account", :action => "login"
|
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
true
|
true
|
||||||
|
@ -115,20 +116,16 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# store current uri in session.
|
|
||||||
# return to this location by calling redirect_back_or_default
|
|
||||||
def store_location
|
|
||||||
session[:return_to_params] = params
|
|
||||||
end
|
|
||||||
|
|
||||||
# move to the last store_location call or to the passed default one
|
|
||||||
def redirect_back_or_default(default)
|
def redirect_back_or_default(default)
|
||||||
if session[:return_to_params].nil?
|
back_url = params[:back_url]
|
||||||
redirect_to default
|
if !back_url.blank?
|
||||||
else
|
uri = URI.parse(back_url)
|
||||||
redirect_to session[:return_to_params]
|
# do not redirect user to another host
|
||||||
session[:return_to_params] = nil
|
if uri.relative? || (uri.host == request.host)
|
||||||
|
redirect_to(back_url) and return
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
redirect_to default
|
||||||
end
|
end
|
||||||
|
|
||||||
def render_403
|
def render_403
|
||||||
|
|
|
@ -451,7 +451,8 @@ module ApplicationHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def back_url_hidden_field_tag
|
def back_url_hidden_field_tag
|
||||||
hidden_field_tag 'back_url', (params[:back_url] || request.env['HTTP_REFERER'])
|
back_url = params[:back_url] || request.env['HTTP_REFERER']
|
||||||
|
hidden_field_tag('back_url', back_url) unless back_url.blank?
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_all_links(form_name)
|
def check_all_links(form_name)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
<div id="login-form">
|
<div id="login-form">
|
||||||
<% form_tag({:action=> "login"}) do %>
|
<% form_tag({:action=> "login"}) do %>
|
||||||
|
<%= back_url_hidden_field_tag %>
|
||||||
<table>
|
<table>
|
||||||
<tr>
|
<tr>
|
||||||
<td align="right"><label for="username"><%=l(:field_login)%>:</label></td>
|
<td align="right"><label for="username"><%=l(:field_login)%>:</label></td>
|
||||||
|
|
|
@ -44,6 +44,17 @@ class AccountControllerTest < Test::Unit::TestCase
|
||||||
assert_nil assigns(:user)
|
assert_nil assigns(:user)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_login_should_redirect_to_back_url_param
|
||||||
|
# request.uri is "test.host" in test environment
|
||||||
|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
|
||||||
|
assert_redirected_to '/issues/show/1'
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_login_should_not_redirect_to_another_host
|
||||||
|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
|
||||||
|
assert_redirected_to '/my/page'
|
||||||
|
end
|
||||||
|
|
||||||
def test_login_with_wrong_password
|
def test_login_with_wrong_password
|
||||||
post :login, :username => 'admin', :password => 'bad'
|
post :login, :username => 'admin', :password => 'bad'
|
||||||
assert_response :success
|
assert_response :success
|
||||||
|
|
Loading…
Reference in New Issue