diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-06-12 16:49:12 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-06-12 16:49:12 +0000 |
| commit | 136cdc765afda57b9be02704e52b27334da42c73 (patch) | |
| tree | 57660df166c6bd057199d9202cf890457b3aea64 | |
| parent | 60d2a5e322cb0da01dd5e372d004aa1b65a5280d (diff) | |
| download | redmine-136cdc765afda57b9be02704e52b27334da42c73.tar.gz redmine-136cdc765afda57b9be02704e52b27334da42c73.zip | |
Don't redirect XHR requests to /login.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11962 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | test/functional/welcome_controller_test.rb | 16 |
2 files changed, 23 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7f42fff76..bb8dae56f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -195,7 +195,13 @@ class ApplicationController < ActionController::Base url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) end respond_to do |format| - format.html { redirect_to :controller => "account", :action => "login", :back_url => url } + format.html { + if request.xhr? + head :unauthorized + else + redirect_to :controller => "account", :action => "login", :back_url => url + end + } format.atom { redirect_to :controller => "account", :action => "login", :back_url => url } format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb index ff4655c48..aafc36159 100644 --- a/test/functional/welcome_controller_test.rb +++ b/test/functional/welcome_controller_test.rb @@ -136,4 +136,20 @@ class WelcomeControllerTest < ActionController::TestCase assert_equal [0, 100], @controller.api_offset_and_limit({:page => 1, :limit => 100}) assert_equal [200, 100], @controller.api_offset_and_limit({:page => 3, :limit => 100}) end + + def test_unhautorized_exception_with_anonymous_should_redirect_to_login + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + get :index + assert_response 302 + assert_redirected_to('/login?back_url='+CGI.escape('http://test.host/')) + end + + def test_unhautorized_exception_with_anonymous_and_xmlhttprequest_should_respond_with_401_to_anonymous + WelcomeController.any_instance.stubs(:index).raises(::Unauthorized) + + @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest" + get :index + assert_response 401 + end end |