Redirect user to the previous page after logging in (#1679).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1695 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2008-07-26 08:46:33 +00:00
parent 5564dfbbd5
commit 9f92554319
4 changed files with 25 additions and 15 deletions

View File

@ -15,6 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'uri'
class ApplicationController < ActionController::Base
before_filter :user_setup, :check_if_login_required, :set_localization
filter_parameter_logging :password
@ -77,8 +79,7 @@ class ApplicationController < ActionController::Base
def require_login
if !User.current.logged?
store_location
redirect_to :controller => "account", :action => "login"
redirect_to :controller => "account", :action => "login", :back_url => request.request_uri
return false
end
true
@ -115,20 +116,16 @@ class ApplicationController < ActionController::Base
end
end
# store current uri in session.
# return to this location by calling redirect_back_or_default
def store_location
session[:return_to_params] = params
end
# move to the last store_location call or to the passed default one
def redirect_back_or_default(default)
if session[:return_to_params].nil?
redirect_to default
else
redirect_to session[:return_to_params]
session[:return_to_params] = nil
back_url = params[:back_url]
if !back_url.blank?
uri = URI.parse(back_url)
# do not redirect user to another host
if uri.relative? || (uri.host == request.host)
redirect_to(back_url) and return
end
end
redirect_to default
end
def render_403

View File

@ -451,7 +451,8 @@ module ApplicationHelper
end
def back_url_hidden_field_tag
hidden_field_tag 'back_url', (params[:back_url] || request.env['HTTP_REFERER'])
back_url = params[:back_url] || request.env['HTTP_REFERER']
hidden_field_tag('back_url', back_url) unless back_url.blank?
end
def check_all_links(form_name)

View File

@ -1,5 +1,6 @@
<div id="login-form">
<% form_tag({:action=> "login"}) do %>
<%= back_url_hidden_field_tag %>
<table>
<tr>
<td align="right"><label for="username"><%=l(:field_login)%>:</label></td>

View File

@ -44,6 +44,17 @@ class AccountControllerTest < Test::Unit::TestCase
assert_nil assigns(:user)
end
def test_login_should_redirect_to_back_url_param
# request.uri is "test.host" in test environment
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
assert_redirected_to '/issues/show/1'
end
def test_login_should_not_redirect_to_another_host
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
assert_redirected_to '/my/page'
end
def test_login_with_wrong_password
post :login, :username => 'admin', :password => 'bad'
assert_response :success