Fix yet another login bug - Login process URLs must be sticky.

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java

@@ -89,7 +89,9 @@ public class Authenticate extends VitroHttpServlet {
 		VitroRequest vreq = new VitroRequest(request);
 
 		try {
-			recordLoginProcessPages(vreq);
+			if (loginProcessPagesAreEmpty(vreq)) {
+				recordLoginProcessPages(vreq);
+			}
 
 			// Where do we stand in the process?
 			State entryState = getCurrentLoginState(vreq);
@@ -136,6 +138,14 @@ public class Authenticate extends VitroHttpServlet {
 
 	}
 
+	/**
+	 * Once these URLs have been set, don't change them.
+	 */
+	private boolean loginProcessPagesAreEmpty(HttpServletRequest request) {
+		LoginProcessBean bean = LoginProcessBean.getBean(request);
+		return ((bean.getAfterLoginUrl() == null) && (bean.getLoginPageUrl() == null));
+	}
+
 	/**
 	 * If they supply an after-login page, record it and use the Login page for
 	 * the process. Note that we expect it to be URL-encoded.

webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java

@@ -4,6 +4,7 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit;
 
 import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.FORCED_PASSWORD_CHANGE;
 import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.LOGGING_IN;
+import static edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State.NOWHERE;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
@@ -494,9 +495,8 @@ public class AuthenticateTest extends AbstractTestClass {
 	 * If there is no LoginProcessBean but we do have a 'loginForm' parameter,
 	 * treat it as if we had a status of LOGGING_IN.
 	 * 
-	 * TODO
+	 * TODO To be thorough, this should actually be implemented for all cases
-	 * To be thorough, this should actually be implemented for all cases that
+	 * that could be encountered on a first go.
-	 * could be encountered on a first go.
 	 */
 	@Test
 	public void justGotHereFromWidget() {
@@ -514,6 +514,39 @@ public class AuthenticateTest extends AbstractTestClass {
 		}
 	}
 
+	/**
+	 * Once the process URLs have been set in the bean, they will not change.
+	 */
+	@Test
+	public void theProcessUrlsAreSticky() {
+		String afterLoginUrl = "/vivo/someStrangePage";
+		String loginPageUrl = "/vivo/someWidgetPage";
+
+		// Put a process bean out there that has the URLs already set.
+		LoginProcessBean processBean = new LoginProcessBean();
+		processBean.setState(NOWHERE);
+		processBean.setAfterLoginUrl(afterLoginUrl);
+		processBean.setLoginPageUrl(loginPageUrl);
+		LoginProcessBean.setBean(request, processBean);
+
+		auth.doPost(request, response);
+
+		// The bean should progress, but the URLs should not change.
+		if (!LoginProcessBean.isBean(request)) {
+			fail("login process bean is null");
+		}
+		LoginProcessBean bean = LoginProcessBean.getBean(request);
+		assertEquals("state", LOGGING_IN, bean.getState());
+		assertEquals("info message", "", bean.getInfoMessageAndClear());
+		assertEquals("error message", "", bean.getErrorMessageAndClear());
+		assertEquals("username", "", bean.getUsername());
+		assertEquals("after login URL", afterLoginUrl, bean.getAfterLoginUrl());
+		assertEquals("login page URL", loginPageUrl, bean.getLoginPageUrl());
+
+		assertNewLoginSessions();
+		assertRedirect(loginPageUrl);
+	}
+
 	// ----------------------------------------------------------------------
 	// Helper methods
 	// ----------------------------------------------------------------------
@@ -526,15 +559,17 @@ public class AuthenticateTest extends AbstractTestClass {
 		}
 
 		// the urls come directly from the url bundle every time.
+		String whereFrom = (urlBundle.referrer == null) ? URL_LOGIN
+				: urlBundle.referrer;
 		if (urlBundle.afterLoginUrl != null) {
 			processBean.setAfterLoginUrl(urlBundle.afterLoginUrl);
 			processBean.setLoginPageUrl(URL_LOGIN);
 		} else if (urlBundle.returnParameterSet) {
-			processBean.setAfterLoginUrl(urlBundle.referrer);
+			processBean.setAfterLoginUrl(whereFrom);
 			processBean.setLoginPageUrl(URL_LOGIN);
 		} else {
-			processBean.setAfterLoginUrl(urlBundle.referrer);
+			processBean.setAfterLoginUrl(whereFrom);
-			processBean.setLoginPageUrl(urlBundle.referrer);
+			processBean.setLoginPageUrl(whereFrom);
 		}
 		LoginProcessBean.setBean(request, processBean);
 	}