NIHVIVO-1568 try to detect when a user restarts the login process: if they hit the Login link or come from a restricted page, it should restart the login process.
This commit is contained in:
jeb228
parent
6adb72b267
commit
e74677ce8a
2 changed files with 40 additions and 15 deletions
|
|
@ -89,9 +89,8 @@ public class Authenticate extends VitroHttpServlet {
|
|||
VitroRequest vreq = new VitroRequest(request);
|
||||
|
||||
try {
|
||||
if (loginProcessPagesAreEmpty(vreq)) {
|
||||
restartTheProcessIfAppropriate(vreq);
|
||||
recordLoginProcessPages(vreq);
|
||||
}
|
||||
|
||||
// Where do we stand in the process?
|
||||
State entryState = getCurrentLoginState(vreq);
|
||||
|
|
@ -139,11 +138,37 @@ public class Authenticate extends VitroHttpServlet {
|
|||
}
|
||||
|
||||
/**
|
||||
* Once these URLs have been set, don't change them.
|
||||
* Try to detect if they are re-starting the login process.
|
||||
*/
|
||||
private boolean loginProcessPagesAreEmpty(HttpServletRequest request) {
|
||||
private void restartTheProcessIfAppropriate(HttpServletRequest request) {
|
||||
String afterLoginUrl = decodeAfterLoginParameter(request);
|
||||
boolean doReturn = isReturnParameterSet(request);
|
||||
String referrer = whereDidWeComeFrom(request);
|
||||
|
||||
/*
|
||||
* If they have navigated to a restricted page, restart the process.
|
||||
*/
|
||||
if (afterLoginUrl != null) {
|
||||
LoginProcessBean.removeBean(request);
|
||||
}
|
||||
|
||||
/*
|
||||
* If they have used a login link, restart the process.
|
||||
*/
|
||||
if (doReturn) {
|
||||
LoginProcessBean.removeBean(request);
|
||||
}
|
||||
|
||||
/*
|
||||
* If they are using a login widget that is not the one they were
|
||||
* previously using, restart the process.
|
||||
*/
|
||||
if (LoginProcessBean.isBean(request)) {
|
||||
LoginProcessBean bean = LoginProcessBean.getBean(request);
|
||||
return ((bean.getAfterLoginUrl() == null) && (bean.getLoginPageUrl() == null));
|
||||
if (!referrer.equals(bean.getLoginPageUrl())) {
|
||||
LoginProcessBean.removeBean(request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -153,7 +178,8 @@ public class Authenticate extends VitroHttpServlet {
|
|||
* If they supply a return flag, record the current page as the after-login
|
||||
* page and use the Login page for the process.
|
||||
*
|
||||
* Otherwise, use the current page for the process.
|
||||
* Otherwise, use the current page for the process (unless the process has
|
||||
* already been set).
|
||||
*
|
||||
* The "current page" is the referrer, unless there is no referrer for some
|
||||
* reason. In that case, pretend it's the login page.
|
||||
|
|
@ -172,10 +198,14 @@ public class Authenticate extends VitroHttpServlet {
|
|||
bean.setAfterLoginUrl(referrer);
|
||||
bean.setLoginPageUrl(request.getContextPath() + Controllers.LOGIN);
|
||||
} else {
|
||||
if (bean.getAfterLoginUrl() == null) {
|
||||
bean.setAfterLoginUrl(referrer);
|
||||
}
|
||||
if (bean.getLoginPageUrl() == null) {
|
||||
bean.setLoginPageUrl(referrer);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private String decodeAfterLoginParameter(HttpServletRequest request) {
|
||||
String parm = request.getParameter(PARAMETER_AFTER_LOGIN);
|
||||
|
|
|
|||
|
|
@ -212,7 +212,6 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
// ----------------------------------------------------------------------
|
||||
|
||||
/** The "return" parameter is set, so we detect the restart. */
|
||||
@Ignore // TODO
|
||||
@Test
|
||||
public void restartFromALoginLink() {
|
||||
setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
|
||||
|
|
@ -220,7 +219,6 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
}
|
||||
|
||||
/** The "return" parameter is set, so we detect the restart. */
|
||||
@Ignore // TODO
|
||||
@Test
|
||||
public void restartFromABookmarkOfTheLoginLink() {
|
||||
setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
|
||||
|
|
@ -228,7 +226,6 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
}
|
||||
|
||||
/** The "afterLoginUrl" parameter is set, so we detect the restart. */
|
||||
@Ignore // TODO
|
||||
@Test
|
||||
public void restartFromARestrictedPage() {
|
||||
setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
|
||||
|
|
@ -236,7 +233,6 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
}
|
||||
|
||||
/** The referrer is not the loginProcessPage, so we detect the restart. */
|
||||
@Ignore // TODO
|
||||
@Test
|
||||
public void restartFromADifferentWidgetPage() {
|
||||
setProcessBean(LOGGING_IN, "username", URL_LOGIN, URL_SOMEWHERE_ELSE);
|
||||
|
|
@ -244,7 +240,6 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
}
|
||||
|
||||
/** The referrer is not the loginProcessPage, so we detect the restart. */
|
||||
@Ignore // TODO
|
||||
@Test
|
||||
public void restartFromTheLoginPageWhenWeWereUsingAWidgetPage() {
|
||||
setProcessBean(LOGGING_IN, "username", URL_SOMEWHERE_ELSE,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue