From ed252f724620ad350f7c5daac0bebbe18ff98a4c Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Wed, 20 Apr 2011 16:23:40 -0700 Subject: [PATCH] [#309] Set the back_url after sending a lost password so HTTP_REFERER isn't used Contributed by Robert Chady --- app/controllers/account_controller.rb | 2 +- test/integration/account_test.rb | 26 +++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 5d6f890f..00cae2cc 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -67,7 +67,7 @@ class AccountController < ApplicationController if token.save Mailer.deliver_lost_password(token) flash[:notice] = l(:notice_account_lost_email_sent) - redirect_to :action => 'login' + redirect_to :action => 'login', :back_url => home_url return end end diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index 178852f6..94405788 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -77,7 +77,7 @@ class AccountTest < ActionController::IntegrationTest assert_template "account/lost_password" post "account/lost_password", :mail => 'jSmith@somenet.foo' - assert_redirected_to "/login" + assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2F" token = Token.find(:first) assert_equal 'recovery', token.action @@ -143,6 +143,30 @@ class AccountTest < ActionController::IntegrationTest assert_redirected_to '/login' log_user('newuser', 'newpass') end + + should_eventually "login after losing password should redirect back to home" do + visit "/login" + assert_response :success + + click_link "Lost password" + assert_response :success + + # Lost password form + fill_in "mail", :with => "admin@somenet.foo" + click_button "Submit" + + assert_response :success # back to login page + assert_equal "/login", current_path + + fill_in "Login:", :with => 'admin' + fill_in "Password:", :with => 'test' + click_button "login" + + assert_response :success + assert_equal "/", current_path + + end + if Object.const_defined?(:Mocha)