If a user submits a login widget, it should be recognized even if they were not already known to be logging in.

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java

@@ -74,6 +74,9 @@ public class Authenticate extends VitroHttpServlet {
 	/** If this parameter is "true" (ignoring case), cancel the login. */
 	private static final String PARAMETER_CANCEL = "cancel";
 
+	/** If this parameter is set, we are not NOWHERE. */
+	private static final String PARAMETER_LOGIN_FORM = "loginForm";
+
 	/** Where do we find the User/Session map in the servlet context? */
 	public static final String USER_SESSION_MAP_ATTR = "userURISessionMap";
 
@@ -214,9 +217,40 @@ public class Authenticate extends VitroHttpServlet {
 					+ "current state is NOWHERE");
 		}
 
+		if (weCameFromAColdWidget(request, currentState)) {
+			currentState = actLikeWeWereLoggingIn(request);
+		}
+
 		return currentState;
 	}
 
+	/**
+	 * If they submitted the login form, they shouldn't be NOWHERE.
+	 */
+	private boolean weCameFromAColdWidget(HttpServletRequest request,
+			State currentState) {
+		if (currentState == NOWHERE) {
+			if (null != request.getParameter(PARAMETER_LOGIN_FORM)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * They got here by submitting the login form. They should be treated as
+	 * already logging in.
+	 */
+	private State actLikeWeWereLoggingIn(HttpServletRequest request) {
+		LoginProcessBean bean = new LoginProcessBean();
+		bean.setState(LOGGING_IN);
+		bean.setLoginPageUrl(whereDidWeComeFrom(request));
+		bean.setAfterLoginUrl(whereDidWeComeFrom(request));
+		LoginProcessBean.setBean(request, bean);
+
+		return LOGGING_IN;
+	}
+
 	/**
 	 * They just got here. Start the process.
 	 */

webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java

@@ -183,8 +183,8 @@ public class AuthenticateTest extends AbstractTestClass {
 	private static final HowDidWeGetHere FROM_WIDGET = new HowDidWeGetHere(
 			null, false, URL_WIDGET);
 
-	private static final HowDidWeGetHere FROM_LOGIN = new HowDidWeGetHere(
+	private static final HowDidWeGetHere FROM_LOGIN = new HowDidWeGetHere(null,
-			null, false, URL_LOGIN);
+			false, URL_LOGIN);
 
 	/** "return" parameter with no referrer - like coming from the login page. */
 	private static final HowDidWeGetHere FROM_BOOKMARK_OF_LINK = new HowDidWeGetHere(
@@ -490,6 +490,30 @@ public class AuthenticateTest extends AbstractTestClass {
 		assertNewLoginSessions();
 	}
 
+	/**
+	 * If there is no LoginProcessBean but we do have a 'loginForm' parameter,
+	 * treat it as if we had a status of LOGGING_IN.
+	 * 
+	 * TODO
+	 * To be thorough, this should actually be implemented for all cases that
+	 * could be encountered on a first go.
+	 */
+	@Test
+	public void justGotHereFromWidget() {
+		if ((urlBundle.afterLoginUrl == null)
+				&& (!urlBundle.returnParameterSet)) {
+			request.addParameter("loginForm", "");
+			setLoginNameAndPassword(userInfo.username, "bogus_password");
+
+			auth.doPost(request, response);
+
+			assertProcessBean(LOGGING_IN, userInfo.username, "",
+					"The email or password you entered is incorrect.");
+			assertNewLoginSessions();
+			assertRedirectToContinueUrl();
+		}
+	}
+
 	// ----------------------------------------------------------------------
 	// Helper methods
 	// ----------------------------------------------------------------------