From 657b44f9cf33ca35b06e06400902853159d143c6 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Mon, 4 Oct 2021 21:45:06 +0200 Subject: [PATCH] Redirect back from login after 403 (Not authorized) --- includes/view/AngelTypes_view.php | 2 +- resources/lang/de_DE/default.po | 5 ++++- resources/lang/en_US/default.po | 6 ++++++ resources/views/errors/403.twig | 10 ++++++++++ resources/views/layouts/parts/navbar.twig | 2 +- resources/views/pages/login.twig | 4 ++-- src/Controllers/AuthController.php | 4 +++- src/Renderer/Twig/Extensions/Session.php | 1 + tests/Unit/Controllers/AuthControllerTest.php | 8 ++++++-- tests/Unit/Renderer/Twig/Extensions/SessionTest.php | 1 + 10 files changed, 35 insertions(+), 8 deletions(-) diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index 17d14a87..f44bebce 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -578,7 +578,7 @@ function AngelTypes_about_view($angeltypes, $user_logged_in) $buttons[] = button(page_link_to('register'), register_title()); } - $buttons[] = button(page_link_to('login'), __('Login')); + $buttons[] = button(page_link_to('login'), __('login.login')); } $footerConfig = config('footer_items'); diff --git a/resources/lang/de_DE/default.po b/resources/lang/de_DE/default.po index a673df5e..eb2574c3 100644 --- a/resources/lang/de_DE/default.po +++ b/resources/lang/de_DE/default.po @@ -125,9 +125,12 @@ msgstr "Registrieren" #: resources/views/layouts/parts/navbar.twig:43 #: resources/views/pages/login.twig:4 resources/views/pages/login.twig:66 #: includes/view/AngelTypes_view.php:581 -msgid "Login" +msgid "login.login" msgstr "Login" +msgid "page.403.login" +msgstr "Bitte melde dich an." + #: resources/views/macros/form.twig:17 msgid "form.submit" msgstr "Absenden" diff --git a/resources/lang/en_US/default.po b/resources/lang/en_US/default.po index cde9addf..5f33f7c5 100644 --- a/resources/lang/en_US/default.po +++ b/resources/lang/en_US/default.po @@ -27,6 +27,12 @@ msgstr "Your password is incorrect. Please try it again." msgid "form.submit" msgstr "Submit" +msgid "login.login" +msgstr "Login" + +msgid "page.403.login" +msgstr "Please log in." + msgid "page.404.text" msgstr "" "This page could not be found or you don't have permission to view it. " diff --git a/resources/views/errors/403.twig b/resources/views/errors/403.twig index 73bf0274..03a96ed7 100644 --- a/resources/views/errors/403.twig +++ b/resources/views/errors/403.twig @@ -1,5 +1,15 @@ {% extends "errors/default.twig" %} +{% import 'macros/base.twig' as m %} {% block title %}{{ __("Forbidden") }}{% endblock %} {% block content_headline_text %}{{ __("You are not allowed to access this page") }}{% endblock %} + +{% block content_text %} + {% if is_guest() %} + {% do session_set('previous_page', request.url) %} + +

{{ __('page.403.login') }}

+

{{ m.button(__('login.login'), url('login')) }}

+ {% endif %} +{% endblock %} diff --git a/resources/views/layouts/parts/navbar.twig b/resources/views/layouts/parts/navbar.twig index 3024bf82..564e76ed 100644 --- a/resources/views/layouts/parts/navbar.twig +++ b/resources/views/layouts/parts/navbar.twig @@ -40,7 +40,7 @@ {% endif %} {% if has_permission_to('login') %} - {{ _self.toolbar_item(__('Login'), url('login'), 'login', 'box-arrow-in-right') }} + {{ _self.toolbar_item(__('login.login'), url('login'), 'login', 'box-arrow-in-right') }} {% endif %} {% if is_user() and has_permission_to('user_messages') %} diff --git a/resources/views/pages/login.twig b/resources/views/pages/login.twig index 90160faf..95220b1d 100644 --- a/resources/views/pages/login.twig +++ b/resources/views/pages/login.twig @@ -1,7 +1,7 @@ {% extends "layouts/app.twig" %} {% import 'macros/base.twig' as m %} -{% block title %}{{ __('Login') }}{% endblock %} +{% block title %}{{ __('login.login') }}{% endblock %} {% block content %}
@@ -66,7 +66,7 @@
diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index 0a6f3a20..860d5679 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -107,6 +107,8 @@ class AuthController extends BaseController */ public function loginUser(User $user): Response { + $previousPage = $this->session->get('previous_page'); + $this->session->invalidate(); $this->session->set('user_id', $user->id); $this->session->set('locale', $user->settings->language); @@ -114,7 +116,7 @@ class AuthController extends BaseController $user->last_login_at = new Carbon(); $user->save(['touch' => false]); - return $this->redirect->to($this->config->get('home_site')); + return $this->redirect->to($previousPage ?: $this->config->get('home_site')); } /** diff --git a/src/Renderer/Twig/Extensions/Session.php b/src/Renderer/Twig/Extensions/Session.php index 77b5b55a..8e691156 100644 --- a/src/Renderer/Twig/Extensions/Session.php +++ b/src/Renderer/Twig/Extensions/Session.php @@ -26,6 +26,7 @@ class Session extends TwigExtension { return [ new TwigFunction('session_get', [$this->session, 'get']), + new TwigFunction('session_set', [$this->session, 'set']), ]; } } diff --git a/tests/Unit/Controllers/AuthControllerTest.php b/tests/Unit/Controllers/AuthControllerTest.php index 673ca092..e3e53169 100644 --- a/tests/Unit/Controllers/AuthControllerTest.php +++ b/tests/Unit/Controllers/AuthControllerTest.php @@ -141,9 +141,9 @@ class AuthControllerTest extends TestCase $session->set('foo', 'bar'); $user = $this->createUser(); - $redirect->expects($this->once()) + $redirect->expects($this->exactly(2)) ->method('to') - ->with('news') + ->withConsecutive(['news'], ['/test']) ->willReturn($response); $controller = new AuthController($response, $session, $redirect, $config, $auth); @@ -152,6 +152,10 @@ class AuthControllerTest extends TestCase $this->assertFalse($session->has('foo')); $this->assertNotNull($user->last_login_at); $this->assertEquals(['user_id' => 42, 'locale' => 'de_DE'], $session->all()); + + // Redirect to previous page + $session->set('previous_page', '/test'); + $controller->loginUser($user); } /** diff --git a/tests/Unit/Renderer/Twig/Extensions/SessionTest.php b/tests/Unit/Renderer/Twig/Extensions/SessionTest.php index 7ce4dc3a..526017ed 100644 --- a/tests/Unit/Renderer/Twig/Extensions/SessionTest.php +++ b/tests/Unit/Renderer/Twig/Extensions/SessionTest.php @@ -21,5 +21,6 @@ class SessionTest extends ExtensionTest $functions = $extension->getFunctions(); $this->assertExtensionExists('session_get', [$session, 'get'], $functions); + $this->assertExtensionExists('session_set', [$session, 'set'], $functions); } }