1 files changed, 20 insertions, 0 deletions

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index e62dce943..1dd14a24a 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -27,6 +27,7 @@ class AccountControllerTest < Redmine::ControllerTest
   def test_get_login
     get :login
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
 
     assert_select 'input[name=username][autocomplete=username]'
     assert_select 'input[name=password][autocomplete=current-password]'
@@ -521,6 +522,7 @@ class AccountControllerTest < Redmine::ControllerTest
 
     get :lost_password
     assert_response :success
+    assert_includes @response.headers['Cache-Control'], 'no-store'
 
     assert_select 'input[type=hidden][name=token][value=?]', token.value
   end
@@ -658,4 +660,22 @@ class AccountControllerTest < Redmine::ControllerTest
       end
     end
   end
+
+  def test_validate_back_url
+    request.host = 'example.com'
+
+    assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com/admin')
+    assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com/admin')
+    assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com/issues?query_id=1#top')
+    assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com/issues')
+  end
+
+  def test_validate_back_url_with_port
+    request.host = 'example.com:3000'
+
+    assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com:3000/admin')
+    assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com:3000/admin')
+    assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com:3000/issues?query_id=1#top')
+    assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com:3000/issues')
+  end
 end