diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | test/integration/admin_test.rb | 6 |
2 files changed, 13 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 68377b6f7..532595548 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -93,7 +93,13 @@ class ApplicationController < ActionController::Base def require_login if !User.current.logged? - redirect_to :controller => "account", :action => "login", :back_url => url_for(params) + # Extract only the basic url parameters on non-GET requests + if request.get? + url = url_for(params) + else + url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) + end + redirect_to :controller => "account", :action => "login", :back_url => url return false end true diff --git a/test/integration/admin_test.rb b/test/integration/admin_test.rb index 66c6b21cd..9ea9e9809 100644 --- a/test/integration/admin_test.rb +++ b/test/integration/admin_test.rb @@ -40,4 +40,10 @@ class AdminTest < ActionController::IntegrationTest locked_user = User.try_to_login("psmith", "psmith09") assert_equal nil, locked_user end + + test "Add a user as an anonymous user should fail" do + post '/users/add', :user => { :login => 'psmith', :firstname => 'Paul'}, :password => "psmith09", :password_confirmation => "psmith09" + assert_response :redirect + assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fusers%2Fnew" + end end |