From: Anton Khorev Date: Sat, 26 Apr 2025 17:18:24 +0000 (+0300) Subject: Show referer link in already logged in warning X-Git-Tag: live~9^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/e6b25effed79d6a7a318e71df038cac6b149a029 Show referer link in already logged in warning --- diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 19fe05f30..090a9ea5c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -16,6 +16,9 @@ class SessionsController < ApplicationController def new referer = safe_referer(params[:referer]) if params[:referer] + @safe_referer = referer + @safe_referer = nil if referer != params[:referer] + parse_oauth_referer referer end diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb index 6427a01e8..391a96291 100644 --- a/app/views/sessions/new.html.erb +++ b/app/views/sessions/new.html.erb @@ -28,8 +28,18 @@ <% end %> <% if current_user %> -
- <%= t ".already_logged_in_html", :user => tag.strong(current_user.display_name) %> +
+

+ <%= t ".already_logged_in_html", :user => tag.strong(current_user.display_name) %> +

+ <% if @safe_referer %> +

+ <%= t ".access_another_page" %> +

+

+ <%= link_to t(".visit_referring_page"), @safe_referer, :class => "btn btn-warning" %> +

+ <% end %>
<% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index 444d75a97..6e8ee4762 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1976,6 +1976,8 @@ en: tab_title: "Log In" login_to_authorize_html: "Log in to OpenStreetMap to access %{client_app_name}." already_logged_in_html: "You are already logged in as %{user}. Logging in again will change your current account." + access_another_page: "You arrived here while trying to access another page. If you want to access that page using your current account, click the button below:" + visit_referring_page: "Visit referring page" email or username: "Email Address or Username" password: "Password" remember: "Remember me" diff --git a/test/system/user_login_test.rb b/test/system/user_login_test.rb index 643ebf8d8..9800752a6 100644 --- a/test/system/user_login_test.rb +++ b/test/system/user_login_test.rb @@ -11,6 +11,7 @@ class UserLoginTest < ApplicationSystemTestCase assert_button "First User" within_content_body do assert_text "logged in as First User" + assert_no_link "Visit referring page" end fill_in "username", :with => user2.email @@ -20,6 +21,36 @@ class UserLoginTest < ApplicationSystemTestCase assert_button "Second User" end + test "Warn on login page when already logged in with referer link" do + user1 = create(:user, :display_name => "First User") + sign_in_as(user1) + + visit login_path(:referer => about_path) + + assert_button "First User" + within_content_body do + assert_text "logged in as First User" + assert_link "Visit referring page" + + click_on "Visit referring page" + end + + assert_current_path about_path + end + + test "Only show safe referer links inside warnings" do + user1 = create(:user, :display_name => "First User") + sign_in_as(user1) + + visit login_path(:referer => "https://example.com/") + + assert_button "First User" + within_content_body do + assert_text "logged in as First User" + assert_no_link "Visit referring page" + end + end + test "Show OpenID form when OpenID provider button is clicked" do visit login_path