Show URL base in login URL mismatch error message. (#330)

With the base missing, error messages like `http:://localhost/users/login did not match /users/login` would be produced, which cloaks the actual issue of the missing base in the configured login URL.
cakephp · Dec 17, 2019 · bf8181e · bf8181e
1 parent 0019bf5
commit bf8181e
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 1 deletion.
diff --git a/src/Authenticator/FormAuthenticator.php b/src/Authenticator/FormAuthenticator.php
@@ -83,10 +83,16 @@ protected function _getData(ServerRequestInterface $request): ?array
      */
     protected function _buildLoginUrlErrorResult(ServerRequestInterface $request): ResultInterface
     {
+        $uri = $request->getUri();
+        $base = $request->getAttribute('base');
+        if ($base !== null) {
+            $uri = $uri->withPath((string)$base . $uri->getPath());
+        }
+
         $errors = [
             sprintf(
                 'Login URL `%s` did not match `%s`.',
-                (string)$request->getUri(),
+                (string)$uri,
                 implode('` or `', (array)$this->getConfig('loginUrl'))
             ),
         ];

diff --git a/tests/TestCase/Authenticator/FormAuthenticatorTest.php b/tests/TestCase/Authenticator/FormAuthenticatorTest.php
@@ -176,6 +176,39 @@ public function testMultipleLoginUrlMismatch()
         $this->assertEquals([0 => 'Login URL `http://localhost/users/does-not-match` did not match `/en/users/login` or `/de/users/login`.'], $result->getErrors());
     }
 
+    /**
+     * testLoginUrlMismatchWithBase
+     *
+     * @return void
+     */
+    public function testLoginUrlMismatchWithBase()
+    {
+        $identifiers = new IdentifierCollection([
+            'Authentication.Password',
+        ]);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/users/login'],
+            [],
+            ['username' => 'mariano', 'password' => 'password']
+        );
+        $uri = $request->getUri();
+        $uri->base = '/base';
+        $request = $request->withUri($uri);
+        $request = $request->withAttribute('base', $uri->base);
+        $response = new Response();
+
+        $form = new FormAuthenticator($identifiers, [
+            'loginUrl' => '/users/login',
+        ]);
+
+        $result = $form->authenticate($request, $response);
+
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertEquals(Result::FAILURE_OTHER, $result->getStatus());
+        $this->assertEquals([0 => 'Login URL `http://localhost/base/users/login` did not match `/users/login`.'], $result->getErrors());
+    }
+
     /**
      * testSingleLoginUrlSuccess
      *
@@ -237,6 +270,39 @@ public function testMultipleLoginUrlSuccess()
         $this->assertEquals([], $result->getErrors());
     }
 
+    /**
+     * testLoginUrlSuccessWithBase
+     *
+     * @return void
+     */
+    public function testLoginUrlSuccessWithBase()
+    {
+        $identifiers = new IdentifierCollection([
+            'Authentication.Password',
+        ]);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/users/login'],
+            [],
+            ['username' => 'mariano', 'password' => 'password']
+        );
+        $uri = $request->getUri();
+        $uri->base = '/base';
+        $request = $request->withUri($uri);
+        $request = $request->withAttribute('base', $uri->base);
+        $response = new Response();
+
+        $form = new FormAuthenticator($identifiers, [
+            'loginUrl' => '/base/users/login',
+        ]);
+
+        $result = $form->authenticate($request, $response);
+
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertEquals(Result::SUCCESS, $result->getStatus());
+        $this->assertEquals([], $result->getErrors());
+    }
+
     /**
      * testRegexLoginUrlSuccess
      *