From 136cdc765afda57b9be02704e52b27334da42c73 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Wed, 12 Jun 2013 16:49:12 +0000 Subject: [PATCH] Don't redirect XHR requests to /login. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11962 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/application_controller.rb | 8 +++++++- test/functional/welcome_controller_test.rb | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7f42fff76..bb8dae56f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -195,7 +195,13 @@ class ApplicationController < ActionController::Base url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) end respond_to do |format| - format.html { redirect_to :controller => "account", :action => "login", :back_url => url } + format.html { + if request.xhr? + head :unauthorized + else + redirect_to :controller => "account", :action => "login", :back_url => url + end + } format.atom { redirect_to :controller => "account", :action => "login", :back_url => url } format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb index ff4655c48..aafc36159 100644 --- a/test/functional/welcome_controller_test.rb +++ b/test/functional/welcome_controller_test.rb @@ -136,4 +136,20 @@ class WelcomeControllerTest < ActionController::TestCase assert_equal [0, 100], @controller.api_offset_and_limit({:page => 1, :limit => 100}) assert_equal [200, 100], @controller.api_offset_and_limit({:page => 3, :limit => 100}) end + + def test_unhautorized_exception_with_anonymous_should_redirect_to_login + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + get :index + assert_response 302 + assert_redirected_to('/login?back_url='+CGI.escape('http://test.host/')) + end + + def test_unhautorized_exception_with_anonymous_and_xmlhttprequest_should_respond_with_401_to_anonymous + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest" + get :index + assert_response 401 + end end -- 2.39.5