From 7cea3a6a1b41493a770fe54c4f0941510c0c7c20 Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Thu, 23 Apr 2009 05:11:50 +0000
Subject: [PATCH] BUGFIX Fixed "Log in as someone else" action failure when
 submitting MemberLoginForm while logged in MINOR Added test for "Log in as
 someone else" to SecurityTest MINOR Removed redundant code from SecurityTest

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@75032 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/MemberLoginForm.php    |  8 ++++++--
 tests/security/SecurityTest.php | 34 +++++++++++++++++++++++++++------
 2 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/security/MemberLoginForm.php b/security/MemberLoginForm.php
index 6f604b54d..0777ad732 100644
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@@ -44,8 +44,12 @@ class MemberLoginForm extends LoginForm {
 		}
 
 		if($checkCurrentUser && Member::currentUserID()) {
-			$fields = new FieldSet();
-			$actions = new FieldSet(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
+			$fields = new FieldSet(
+				new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
+			);
+			$actions = new FieldSet(
+				new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
+			);
 		} else {
 			if(!$fields) {
 				$fields = new FieldSet(
diff --git a/tests/security/SecurityTest.php b/tests/security/SecurityTest.php
index 88c5401d4..9080a81bf 100644
--- a/tests/security/SecurityTest.php
+++ b/tests/security/SecurityTest.php
@@ -37,13 +37,35 @@ class SecurityTest extends FunctionalTest {
 		parent::tearDown();
 	}
 	
-	function testExternalBackUrlRedirectionDisallowed() {
-		$page = new SiteTree();
-		$page->URLSegment = 'testpage';
-		$page->Title = 'Testpage';
-		$page->write();
-		$page->publish('Stage','Live');
+	function testLogInAsSomeoneElse() {
+		$member = DataObject::get_one('Member');
+
+		/* Log in with any user that we can find */
+		$this->session()->inst_set('loggedInAs', $member->ID);
+
+		/* View the Security/login page */
+		$this->get('Security/login');
 		
+		$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action');
+		
+		/* We have only 1 input, one to allow the user to log in as someone else */
+		$this->assertEquals(count($items), 1, 'There is 1 input, allowing the user to log in as someone else.');
+		
+		/* Submit the form, using only the logout action and a hidden field for the authenticator */
+		$this->submitForm(
+			'MemberLoginForm_LoginForm', 
+			null,
+			array(
+				'AuthenticationMethod' => 'MemberAuthenticator',
+				'action_dologout' => 1,
+			)
+		);
+
+		/* Log the user out */
+		$this->session()->inst_set('loggedInAs', null);
+	}
+	
+	function testExternalBackUrlRedirectionDisallowed() {
 		// Test internal relative redirect
 		$response = $this->doTestLoginForm('noexpiry@silverstripe.com', '1nitialPassword', 'testpage');
 		$this->assertEquals(302, $response->getStatusCode());