BUGFIX Fixed "Log in as someone else" action failure when submitting MemberLoginForm while logged in

MINOR Added test for "Log in as someone else" to SecurityTest MINOR Removed redundant code from SecurityTest git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@75032 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2009-04-23 05:11:50 +00:00 · 2009-04-23 05:11:50 +00:00 · 7cea3a6a1b
commit 7cea3a6a1b
parent 3469e4d22a
2 changed files with 34 additions and 8 deletions
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@ -44,8 +44,12 @@ class MemberLoginForm extends LoginForm {
 		}

 		if($checkCurrentUser && Member::currentUserID()) {
-			$fields = new FieldSet();
-			$actions = new FieldSet(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
+			$fields = new FieldSet(
+				new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
+			);
+			$actions = new FieldSet(
+				new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
+			);
 		} else {
 			if(!$fields) {
 				$fields = new FieldSet(
--- a/tests/security/SecurityTest.php
+++ b/tests/security/SecurityTest.php
@ -37,13 +37,35 @@ class SecurityTest extends FunctionalTest {
 		parent::tearDown();
 	}
 	
-	function testExternalBackUrlRedirectionDisallowed() {
-		$page = new SiteTree();
-		$page->URLSegment = 'testpage';
-		$page->Title = 'Testpage';
-		$page->write();
-		$page->publish('Stage','Live');
+	function testLogInAsSomeoneElse() {
+		$member = DataObject::get_one('Member');
+
+		/* Log in with any user that we can find */
+		$this->session()->inst_set('loggedInAs', $member->ID);
+
+		/* View the Security/login page */
+		$this->get('Security/login');
 		
+		$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action');
+		
+		/* We have only 1 input, one to allow the user to log in as someone else */
+		$this->assertEquals(count($items), 1, 'There is 1 input, allowing the user to log in as someone else.');
+		
+		/* Submit the form, using only the logout action and a hidden field for the authenticator */
+		$this->submitForm(
+			'MemberLoginForm_LoginForm', 
+			null,
+			array(
+				'AuthenticationMethod' => 'MemberAuthenticator',
+				'action_dologout' => 1,
+			)
+		);
+
+		/* Log the user out */
+		$this->session()->inst_set('loggedInAs', null);
+	}
+	
+	function testExternalBackUrlRedirectionDisallowed() {
 		// Test internal relative redirect
 		$response = $this->doTestLoginForm('noexpiry@silverstripe.com', '1nitialPassword', 'testpage');
 		$this->assertEquals(302, $response->getStatusCode());