def require_login
if !User.current.logged?
- redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
+ # Extract only the basic url parameters on non-GET requests
+ if request.get?
+ url = url_for(params)
+ else
+ url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
+ end
+ redirect_to :controller => "account", :action => "login", :back_url => url
return false
end
true
locked_user = User.try_to_login("psmith", "psmith09")
assert_equal nil, locked_user
end
+
+ test "Add a user as an anonymous user should fail" do
+ post '/users/add', :user => { :login => 'psmith', :firstname => 'Paul'}, :password => "psmith09", :password_confirmation => "psmith09"
+ assert_response :redirect
+ assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fusers%2Fnew"
+ end
end
projects / redmine.git / commitdiff