Don't redirect XHR requests to /login.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index 7f42fff76a79c53c39998f36bf13d2df5d870d0b..bb8dae56fd346a784ef2657b4b6fdc22b8c28aff 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -195,7 +195,13 @@ class ApplicationController < ActionController::Base
          url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
        end
        respond_to do |format|
-        format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
+        format.html {
+          if request.xhr?
+            head :unauthorized
+          else
+            redirect_to :controller => "account", :action => "login", :back_url => url
+          end
+        }
          format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
          format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
          format.js   { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb

index ff4655c48ef65c0c925ec6d251110a0cf81a7f88..aafc361591e8843c1ca17820cd5adcecf02e9359 100644 (file)
--- a/test/functional/welcome_controller_test.rb
+++ b/test/functional/welcome_controller_test.rb
@@ -136,4 +136,20 @@ class WelcomeControllerTest < ActionController::TestCase
      assert_equal [0, 100], @controller.api_offset_and_limit({:page => 1, :limit => 100})
      assert_equal [200, 100], @controller.api_offset_and_limit({:page => 3, :limit => 100})
    end
+
+  def test_unhautorized_exception_with_anonymous_should_redirect_to_login
+    WelcomeController.any_instance.stubs(:index).raises(::Unauthorized)
+
+    get :index
+    assert_response 302
+    assert_redirected_to('/login?back_url='+CGI.escape('http://test.host/'))
+  end
+
+  def test_unhautorized_exception_with_anonymous_and_xmlhttprequest_should_respond_with_401_to_anonymous
+    WelcomeController.any_instance.stubs(:index).raises(::Unauthorized)
+
+    @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
+    get :index
+    assert_response 401
+  end
  end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 12 Jun 2013 16:49:12 +0000 (16:49 +0000)
app/controllers/application_controller.rb		patch \| blob \| history
test/functional/welcome_controller_test.rb		patch \| blob \| history