NIHVIVO-1568 try to detect when a user restarts the login process: if they hit the Login link or come from a restricted page, it should restart the login process.

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java

@@ -89,9 +89,8 @@ public class Authenticate extends VitroHttpServlet {
 		VitroRequest vreq = new VitroRequest(request);
 
 		try {
-			if (loginProcessPagesAreEmpty(vreq)) {
+			restartTheProcessIfAppropriate(vreq);
-				recordLoginProcessPages(vreq);
+			recordLoginProcessPages(vreq);
-			}
 
 			// Where do we stand in the process?
 			State entryState = getCurrentLoginState(vreq);
@@ -139,11 +138,37 @@ public class Authenticate extends VitroHttpServlet {
 	}
 
 	/**
-	 * Once these URLs have been set, don't change them.
+	 * Try to detect if they are re-starting the login process.
 	 */
-	private boolean loginProcessPagesAreEmpty(HttpServletRequest request) {
+	private void restartTheProcessIfAppropriate(HttpServletRequest request) {
-		LoginProcessBean bean = LoginProcessBean.getBean(request);
+		String afterLoginUrl = decodeAfterLoginParameter(request);
-		return ((bean.getAfterLoginUrl() == null) && (bean.getLoginPageUrl() == null));
+		boolean doReturn = isReturnParameterSet(request);
+		String referrer = whereDidWeComeFrom(request);
+
+		/*
+		 * If they have navigated to a restricted page, restart the process.
+		 */
+		if (afterLoginUrl != null) {
+			LoginProcessBean.removeBean(request);
+		}
+
+		/*
+		 * If they have used a login link, restart the process.
+		 */
+		if (doReturn) {
+			LoginProcessBean.removeBean(request);
+		}
+
+		/*
+		 * If they are using a login widget that is not the one they were
+		 * previously using, restart the process.
+		 */
+		if (LoginProcessBean.isBean(request)) {
+			LoginProcessBean bean = LoginProcessBean.getBean(request);
+			if (!referrer.equals(bean.getLoginPageUrl())) {
+				LoginProcessBean.removeBean(request);
+			}
+		}
 	}
 
 	/**
@@ -153,7 +178,8 @@ public class Authenticate extends VitroHttpServlet {
 	 * If they supply a return flag, record the current page as the after-login
 	 * page and use the Login page for the process.
 	 * 
-	 * Otherwise, use the current page for the process.
+	 * Otherwise, use the current page for the process (unless the process has
+	 * already been set).
 	 * 
 	 * The "current page" is the referrer, unless there is no referrer for some
 	 * reason. In that case, pretend it's the login page.
@@ -172,8 +198,12 @@ public class Authenticate extends VitroHttpServlet {
 			bean.setAfterLoginUrl(referrer);
 			bean.setLoginPageUrl(request.getContextPath() + Controllers.LOGIN);
 		} else {
-			bean.setAfterLoginUrl(referrer);
+			if (bean.getAfterLoginUrl() == null) {
-			bean.setLoginPageUrl(referrer);
+				bean.setAfterLoginUrl(referrer);
+			}
+			if (bean.getLoginPageUrl() == null) {
+				bean.setLoginPageUrl(referrer);
+			}
 		}
 	}
 

webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java

@@ -212,7 +212,6 @@ public class AuthenticateTest extends AbstractTestClass {
 	// ----------------------------------------------------------------------
 
 	/** The "return" parameter is set, so we detect the restart. */
-	@Ignore // TODO
 	@Test
 	public void restartFromALoginLink() {
 		setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
@@ -220,7 +219,6 @@ public class AuthenticateTest extends AbstractTestClass {
 	}
 
 	/** The "return" parameter is set, so we detect the restart. */
-	@Ignore // TODO
 	@Test
 	public void restartFromABookmarkOfTheLoginLink() {
 		setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
@@ -228,7 +226,6 @@ public class AuthenticateTest extends AbstractTestClass {
 	}
 
 	/** The "afterLoginUrl" parameter is set, so we detect the restart. */
-	@Ignore // TODO
 	@Test
 	public void restartFromARestrictedPage() {
 		setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
@@ -236,7 +233,6 @@ public class AuthenticateTest extends AbstractTestClass {
 	}
 
 	/** The referrer is not the loginProcessPage, so we detect the restart. */
-	@Ignore // TODO
 	@Test
 	public void restartFromADifferentWidgetPage() {
 		setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
@@ -244,7 +240,6 @@ public class AuthenticateTest extends AbstractTestClass {
 	}
 
 	/** The referrer is not the loginProcessPage, so we detect the restart. */
-	@Ignore // TODO
 	@Test
 	public void restartFromTheLoginPageWhenWeWereUsingAWidgetPage() {
 		setProcessBean(LOGGING_IN, "username", URL_SOMEWHERE_ELSE,