From c6c9ac4ed515f5d74cd799b1daaeee73446f1aaf Mon Sep 17 00:00:00 2001 From: jeb228 Date: Wed, 15 Dec 2010 15:42:21 +0000 Subject: [PATCH] Fix yet another login bug - Login process URLs must be sticky. --- .../webapp/controller/edit/Authenticate.java | 12 ++++- .../controller/edit/AuthenticateTest.java | 47 ++++++++++++++++--- 2 files changed, 52 insertions(+), 7 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java index 7a625283b..a8f6f502b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java @@ -89,7 +89,9 @@ public class Authenticate extends VitroHttpServlet { VitroRequest vreq = new VitroRequest(request); try { - recordLoginProcessPages(vreq); + if (loginProcessPagesAreEmpty(vreq)) { + recordLoginProcessPages(vreq); + } // Where do we stand in the process? State entryState = getCurrentLoginState(vreq); @@ -136,6 +138,14 @@ public class Authenticate extends VitroHttpServlet { } + /** + * Once these URLs have been set, don't change them. + */ + private boolean loginProcessPagesAreEmpty(HttpServletRequest request) { + LoginProcessBean bean = LoginProcessBean.getBean(request); + return ((bean.getAfterLoginUrl() == null) && (bean.getLoginPageUrl() == null)); + } + /** * If they supply an after-login page, record it and use the Login page for * the process. Note that we expect it to be URL-encoded. diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java index 9d0b18937..9b7029060 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java @@ -4,6 +4,7 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit; import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.FORCED_PASSWORD_CHANGE; import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.LOGGING_IN; +import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.NOWHERE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; @@ -494,9 +495,8 @@ public class AuthenticateTest extends AbstractTestClass { * If there is no LoginProcessBean but we do have a 'loginForm' parameter, * treat it as if we had a status of LOGGING_IN. * - * TODO - * To be thorough, this should actually be implemented for all cases that - * could be encountered on a first go. + * TODO To be thorough, this should actually be implemented for all cases + * that could be encountered on a first go. */ @Test public void justGotHereFromWidget() { @@ -514,6 +514,39 @@ public class AuthenticateTest extends AbstractTestClass { } } + /** + * Once the process URLs have been set in the bean, they will not change. + */ + @Test + public void theProcessUrlsAreSticky() { + String afterLoginUrl = "/vivo/someStrangePage"; + String loginPageUrl = "/vivo/someWidgetPage"; + + // Put a process bean out there that has the URLs already set. + LoginProcessBean processBean = new LoginProcessBean(); + processBean.setState(NOWHERE); + processBean.setAfterLoginUrl(afterLoginUrl); + processBean.setLoginPageUrl(loginPageUrl); + LoginProcessBean.setBean(request, processBean); + + auth.doPost(request, response); + + // The bean should progress, but the URLs should not change. + if (!LoginProcessBean.isBean(request)) { + fail("login process bean is null"); + } + LoginProcessBean bean = LoginProcessBean.getBean(request); + assertEquals("state", LOGGING_IN, bean.getState()); + assertEquals("info message", "", bean.getInfoMessageAndClear()); + assertEquals("error message", "", bean.getErrorMessageAndClear()); + assertEquals("username", "", bean.getUsername()); + assertEquals("after login URL", afterLoginUrl, bean.getAfterLoginUrl()); + assertEquals("login page URL", loginPageUrl, bean.getLoginPageUrl()); + + assertNewLoginSessions(); + assertRedirect(loginPageUrl); + } + // ---------------------------------------------------------------------- // Helper methods // ---------------------------------------------------------------------- @@ -526,15 +559,17 @@ public class AuthenticateTest extends AbstractTestClass { } // the urls come directly from the url bundle every time. + String whereFrom = (urlBundle.referrer == null) ? URL_LOGIN + : urlBundle.referrer; if (urlBundle.afterLoginUrl != null) { processBean.setAfterLoginUrl(urlBundle.afterLoginUrl); processBean.setLoginPageUrl(URL_LOGIN); } else if (urlBundle.returnParameterSet) { - processBean.setAfterLoginUrl(urlBundle.referrer); + processBean.setAfterLoginUrl(whereFrom); processBean.setLoginPageUrl(URL_LOGIN); } else { - processBean.setAfterLoginUrl(urlBundle.referrer); - processBean.setLoginPageUrl(urlBundle.referrer); + processBean.setAfterLoginUrl(whereFrom); + processBean.setLoginPageUrl(whereFrom); } LoginProcessBean.setBean(request, processBean); }