From e74677ce8a85f5bf98fa0c21d1c950763de6fc58 Mon Sep 17 00:00:00 2001 From: jeb228 Date: Mon, 10 Jan 2011 21:15:56 +0000 Subject: [PATCH] NIHVIVO-1568 try to detect when a user restarts the login process: if they hit the Login link or come from a restricted page, it should restart the login process. --- .../webapp/controller/edit/Authenticate.java | 50 +++++++++++++++---- .../controller/edit/AuthenticateTest.java | 5 -- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java index a8f6f502b..f113fa91f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java @@ -89,9 +89,8 @@ public class Authenticate extends VitroHttpServlet { VitroRequest vreq = new VitroRequest(request); try { - if (loginProcessPagesAreEmpty(vreq)) { - recordLoginProcessPages(vreq); - } + restartTheProcessIfAppropriate(vreq); + recordLoginProcessPages(vreq); // Where do we stand in the process? State entryState = getCurrentLoginState(vreq); @@ -139,11 +138,37 @@ public class Authenticate extends VitroHttpServlet { } /** - * Once these URLs have been set, don't change them. + * Try to detect if they are re-starting the login process. */ - private boolean loginProcessPagesAreEmpty(HttpServletRequest request) { - LoginProcessBean bean = LoginProcessBean.getBean(request); - return ((bean.getAfterLoginUrl() == null) && (bean.getLoginPageUrl() == null)); + private void restartTheProcessIfAppropriate(HttpServletRequest request) { + String afterLoginUrl = decodeAfterLoginParameter(request); + boolean doReturn = isReturnParameterSet(request); + String referrer = whereDidWeComeFrom(request); + + /* + * If they have navigated to a restricted page, restart the process. + */ + if (afterLoginUrl != null) { + LoginProcessBean.removeBean(request); + } + + /* + * If they have used a login link, restart the process. + */ + if (doReturn) { + LoginProcessBean.removeBean(request); + } + + /* + * If they are using a login widget that is not the one they were + * previously using, restart the process. + */ + if (LoginProcessBean.isBean(request)) { + LoginProcessBean bean = LoginProcessBean.getBean(request); + if (!referrer.equals(bean.getLoginPageUrl())) { + LoginProcessBean.removeBean(request); + } + } } /** @@ -153,7 +178,8 @@ public class Authenticate extends VitroHttpServlet { * If they supply a return flag, record the current page as the after-login * page and use the Login page for the process. * - * Otherwise, use the current page for the process. + * Otherwise, use the current page for the process (unless the process has + * already been set). * * The "current page" is the referrer, unless there is no referrer for some * reason. In that case, pretend it's the login page. @@ -172,8 +198,12 @@ public class Authenticate extends VitroHttpServlet { bean.setAfterLoginUrl(referrer); bean.setLoginPageUrl(request.getContextPath() + Controllers.LOGIN); } else { - bean.setAfterLoginUrl(referrer); - bean.setLoginPageUrl(referrer); + if (bean.getAfterLoginUrl() == null) { + bean.setAfterLoginUrl(referrer); + } + if (bean.getLoginPageUrl() == null) { + bean.setLoginPageUrl(referrer); + } } } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java index ad49ff80c..8f263c933 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java @@ -212,7 +212,6 @@ public class AuthenticateTest extends AbstractTestClass { // ---------------------------------------------------------------------- /** The "return" parameter is set, so we detect the restart. */ - @Ignore // TODO @Test public void restartFromALoginLink() { setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE); @@ -220,7 +219,6 @@ public class AuthenticateTest extends AbstractTestClass { } /** The "return" parameter is set, so we detect the restart. */ - @Ignore // TODO @Test public void restartFromABookmarkOfTheLoginLink() { setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE); @@ -228,7 +226,6 @@ public class AuthenticateTest extends AbstractTestClass { } /** The "afterLoginUrl" parameter is set, so we detect the restart. */ - @Ignore // TODO @Test public void restartFromARestrictedPage() { setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE); @@ -236,7 +233,6 @@ public class AuthenticateTest extends AbstractTestClass { } /** The referrer is not the loginProcessPage, so we detect the restart. */ - @Ignore // TODO @Test public void restartFromADifferentWidgetPage() { setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE); @@ -244,7 +240,6 @@ public class AuthenticateTest extends AbstractTestClass { } /** The referrer is not the loginProcessPage, so we detect the restart. */ - @Ignore // TODO @Test public void restartFromTheLoginPageWhenWeWereUsingAWidgetPage() { setProcessBean(LOGGING_IN, "username", URL_SOMEWHERE_ELSE,