Performed review of "public intended" functionality provided in #1817

- Updated logic to take url from referrer rather than pass as a query parameter. - Added tests to cover functionality. - Updated 404 page with login action button if not signed in. - Updated 404 page with text to indicate permissions may be affecting visibility. Related to #1817 and #1706
2024-10-01 05:36:00 +00:00 · 2020-03-14 18:29:31 +00:00 · 2020-03-14 18:29:31 +00:00 · 7f6cbead33
commit 7f6cbead33
parent a95588dc2e
5 changed files with 62 additions and 15 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -76,8 +76,9 @@ class LoginController extends Controller
            ]);
        }

-        if ($request->has('intended')) {
-            redirect()->setIntendedUrl($request->get('intended'));
+        $previous = url()->previous('');
+        if (setting('app-public') && $previous && $previous !== url('/login')) {
+            redirect()->setIntendedUrl($previous);
        }

        return view('auth.login', [
--- a/resources/lang/en/errors.php
+++ b/resources/lang/en/errors.php
@ -83,6 +83,7 @@ return [
    // Error pages
    '404_page_not_found' => 'Page Not Found',
    'sorry_page_not_found' => 'Sorry, The page you were looking for could not be found.',
+    'sorry_page_not_found_permission_warning' => 'If you expected this page to exist, you might not have permission to view it.',
    'return_home' => 'Return to home',
    'error_occurred' => 'An Error Occurred',
    'app_down' => ':appName is down right now',
--- a/resources/views/common/header.blade.php
+++ b/resources/views/common/header.blade.php
@ -45,7 +45,7 @@
                        @if(setting('registration-enabled') && config('auth.method') === 'standard')
                            <a href="{{ url('/register') }}">@icon('new-user'){{ trans('auth.sign_up') }}</a>
                        @endif
-                        <a href="{{ action('Auth\LoginController@getLogin', ['intended' => url()->current()]) }}">@icon('login'){{ trans('auth.log_in') }}</a>
+                        <a href="{{ url('/login')  }}">@icon('login'){{ trans('auth.log_in') }}</a>
                    @endif
                </div>
                @if(signedInUser())
--- a/resources/views/errors/404.blade.php
+++ b/resources/views/errors/404.blade.php
@ -3,13 +3,17 @@
@section('content')
 <div class="container mt-l">

-    <div class="card mb-xl px-l pb-xl pt-l">
+    <div class="card mb-xl px-l pb-l pt-l">
        <div class="grid half v-center">
            <div>
                <h1 class="list-heading">{{ $message ?? trans('errors.404_page_not_found') }}</h1>
                <h5>{{ trans('errors.sorry_page_not_found') }}</h5>
+                <p>{{ trans('errors.sorry_page_not_found_permission_warning') }}</p>
            </div>
            <div class="text-right">
+                @if(!signedInUser())
+                    <a href="{{ url('/login') }}" class="button outline">{{ trans('auth.log_in') }}</a>
+                @endif
                <a href="{{ url('/') }}" class="button outline">{{ trans('errors.return_home') }}</a>
            </div>
        </div>
--- a/tests/PublicActionTest.php
+++ b/tests/PublicActionTest.php
@ -1,16 +1,25 @@
 <?php namespace Tests;

+use Auth;
+use BookStack\Auth\Permissions\PermissionService;
+use BookStack\Auth\Permissions\RolePermission;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use BookStack\Entities\Book;
+use BookStack\Entities\Chapter;
+use BookStack\Entities\Page;
+
 class PublicActionTest extends BrowserKitTest
 {

    public function test_app_not_public()
    {
        $this->setSettings(['app-public' => 'false']);
-        $book = \BookStack\Entities\Book::orderBy('name', 'asc')->first();
+        $book = Book::orderBy('name', 'asc')->first();
        $this->visit('/books')->seePageIs('/login');
        $this->visit($book->getUrl())->seePageIs('/login');

-        $page = \BookStack\Entities\Page::first();
+        $page = Page::first();
        $this->visit($page->getUrl())->seePageIs('/login');
    }

@ -35,7 +44,7 @@ class PublicActionTest extends BrowserKitTest
    public function test_books_viewable()
    {
        $this->setSettings(['app-public' => 'true']);
-        $books = \BookStack\Entities\Book::orderBy('name', 'asc')->take(10)->get();
+        $books = Book::orderBy('name', 'asc')->take(10)->get();
        $bookToVisit = $books[1];

        // Check books index page is showing
@ -52,7 +61,7 @@ class PublicActionTest extends BrowserKitTest
    public function test_chapters_viewable()
    {
        $this->setSettings(['app-public' => 'true']);
-        $chapterToVisit = \BookStack\Entities\Chapter::first();
+        $chapterToVisit = Chapter::first();
        $pageToVisit = $chapterToVisit->pages()->first();

        // Check chapters index page is showing
@ -70,15 +79,15 @@ class PublicActionTest extends BrowserKitTest
    public function test_public_page_creation()
    {
        $this->setSettings(['app-public' => 'true']);
-        $publicRole = \BookStack\Auth\Role::getSystemRole('public');
+        $publicRole = Role::getSystemRole('public');
        // Grant all permissions to public
        $publicRole->permissions()->detach();
-        foreach (\BookStack\Auth\Permissions\RolePermission::all() as $perm) {
+        foreach (RolePermission::all() as $perm) {
            $publicRole->attachPermission($perm);
        }
-        $this->app[\BookStack\Auth\Permissions\PermissionService::class]->buildJointPermissionForRole($publicRole);
+        $this->app[PermissionService::class]->buildJointPermissionForRole($publicRole);

-        $chapter = \BookStack\Entities\Chapter::first();
+        $chapter = Chapter::first();
        $this->visit($chapter->book->getUrl());
        $this->visit($chapter->getUrl())
            ->click('New Page')
@ -89,7 +98,7 @@ class PublicActionTest extends BrowserKitTest
            'name' => 'My guest page'
        ])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit'));

-        $user = \BookStack\Auth\User::getDefault();
+        $user = User::getDefault();
        $this->seeInDatabase('pages', [
            'name' => 'My guest page',
            'chapter_id' => $chapter->id,
@ -100,9 +109,9 @@ class PublicActionTest extends BrowserKitTest

    public function test_content_not_listed_on_404_for_public_users()
    {
-        $page = \BookStack\Entities\Page::first();
+        $page = Page::first();
        $this->asAdmin()->visit($page->getUrl());
-        \Auth::logout();
+        Auth::logout();
        view()->share('pageTitle', '');
        $this->forceVisit('/cats/dogs/hippos');
        $this->dontSee($page->name);
@ -139,4 +148,36 @@ class PublicActionTest extends BrowserKitTest
        $this->seeText("User-agent: *\nDisallow: /");
    }

+    public function test_public_view_then_login_redirects_to_previous_content()
+    {
+        $this->setSettings(['app-public' => 'true']);
+        $book = Book::query()->first();
+        $this->visit($book->getUrl())
+            ->see($book->name)
+            ->visit('/login')
+            ->type('admin@admin.com', '#email')
+            ->type('password', '#password')
+            ->press('Log In')
+            ->seePageUrlIs($book->getUrl());
+    }
+
+    public function test_access_hidden_content_then_login_redirects_to_intended_content()
+    {
+        $this->setSettings(['app-public' => 'true']);
+        $book = Book::query()->first();
+        $this->setEntityRestrictions($book);
+
+        try {
+            $this->visit($book->getUrl());
+        } catch (\Exception $exception) {}
+
+        $this->see('Book not found')
+            ->dontSee($book->name)
+            ->visit('/login')
+            ->type('admin@admin.com', '#email')
+            ->type('password', '#password')
+            ->press('Log In')
+            ->seePageUrlIs($book->getUrl())
+            ->see($book->name);
+    }
 }