Show URL base in login URL mismatch error message. (#330)

ndm2 · markstory · commit da7999009830 · 2019-12-17T13:50:13.000-05:00
With the base missing, error messages like
`http:://localhost/users/login did not match /users/login` would be
produced, which cloaks the actual issue of the missing base in the
configured login URL.
diff --git a/src/Authenticator/FormAuthenticator.php b/src/Authenticator/FormAuthenticator.php
@@ -81,10 +81,16 @@ protected function _getData(ServerRequestInterface $request)
      */
     protected function _buildLoginUrlErrorResult($request)
     {
+        $uri = $request->getUri();
+        $base = $request->getAttribute('base');
+        if ($base !== null) {
+            $uri = $uri->withPath((string)$base . $uri->getPath());
+        }
+
         $errors = [
             sprintf(
                 'Login URL `%s` did not match `%s`.',
-                (string)$request->getUri(),
+                (string)$uri,
                 implode('` or `', (array)$this->getConfig('loginUrl'))
             ),
         ];
diff --git a/tests/TestCase/Authenticator/FormAuthenticatorTest.php b/tests/TestCase/Authenticator/FormAuthenticatorTest.php
@@ -175,6 +175,39 @@ public function testMultipleLoginUrlMismatch()
         $this->assertEquals([0 => 'Login URL `http://localhost/users/does-not-match` did not match `/en/users/login` or `/de/users/login`.'], $result->getErrors());
     }
 
+    /**
+     * testLoginUrlMismatchWithBase
+     *
+     * @return void
+     */
+    public function testLoginUrlMismatchWithBase()
+    {
+        $identifiers = new IdentifierCollection([
+            'Authentication.Password',
+        ]);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/users/login'],
+            [],
+            ['username' => 'mariano', 'password' => 'password']
+        );
+        $uri = $request->getUri();
+        $uri->base = '/base';
+        $request = $request->withUri($uri);
+        $request = $request->withAttribute('base', $uri->base);
+        $response = new Response();
+
+        $form = new FormAuthenticator($identifiers, [
+            'loginUrl' => '/users/login',
+        ]);
+
+        $result = $form->authenticate($request, $response);
+
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertEquals(Result::FAILURE_OTHER, $result->getStatus());
+        $this->assertEquals([0 => 'Login URL `http://localhost/base/users/login` did not match `/users/login`.'], $result->getErrors());
+    }
+
     /**
      * testSingleLoginUrlSuccess
      *
@@ -236,6 +269,39 @@ public function testMultipleLoginUrlSuccess()
         $this->assertEquals([], $result->getErrors());
     }
 
+    /**
+     * testLoginUrlSuccessWithBase
+     *
+     * @return void
+     */
+    public function testLoginUrlSuccessWithBase()
+    {
+        $identifiers = new IdentifierCollection([
+            'Authentication.Password',
+        ]);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/users/login'],
+            [],
+            ['username' => 'mariano', 'password' => 'password']
+        );
+        $uri = $request->getUri();
+        $uri->base = '/base';
+        $request = $request->withUri($uri);
+        $request = $request->withAttribute('base', $uri->base);
+        $response = new Response();
+
+        $form = new FormAuthenticator($identifiers, [
+            'loginUrl' => '/base/users/login',
+        ]);
+
+        $result = $form->authenticate($request, $response);
+
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertEquals(Result::SUCCESS, $result->getStatus());
+        $this->assertEquals([], $result->getErrors());
+    }
+
     /**
      * testRegexLoginUrlSuccess
      *
