Don't include host and protocol in redirect URLs

When fixing #34 I neglected to fix the CakeRedirectHandler. This
syncs the behavior between both redirect implementations so that they
only include the path + query string, and handle base dirs as well.

Fixes #115

Backport #116 to 1.x

Author: markstory

src/Middleware/UnauthorizedHandler/CakeRedirectHandler.php

@@ -64,7 +64,17 @@ protected function getUrl(ServerRequestInterface $request, array $options)
     {
         $url = $options['url'];
         if ($options['queryParam'] !== null) {
-            $url['?'][$options['queryParam']] = (string)$request->getUri();
+            $uri = $request->getUri();
+            /** @psalm-suppress NoInterfaceProperties */
+            if (property_exists($uri, 'base')) {
+                $uri = $uri->withPath($uri->base . $uri->getPath());
+            }
+            $redirect = $uri->getPath();
+            if ($uri->getQuery()) {
+                $redirect .= '?' . $uri->getQuery();
+            }
+
+            $url['?'][$options['queryParam']] = $redirect;
         }
 
         return Router::url($url);

src/Middleware/UnauthorizedHandler/RedirectHandler.php

@@ -93,7 +93,16 @@ protected function getUrl(ServerRequestInterface $request, array $options)
     {
         $url = $options['url'];
         if ($options['queryParam'] !== null && $request->getMethod() === 'GET') {
-            $query = urlencode($options['queryParam']) . '=' . urlencode($request->getRequestTarget());
+            $uri = $request->getUri();
+            /** @psalm-suppress NoInterfaceProperties */
+            if (property_exists($uri, 'base')) {
+                $uri = $uri->withPath($uri->base . $uri->getPath());
+            }
+            $redirect = $uri->getPath();
+            if ($uri->getQuery()) {
+                $redirect .= '?' . $uri->getQuery();
+            }
+            $query = urlencode($options['queryParam']) . '=' . urlencode($redirect);
             if (strpos($url, '?') !== false) {
                 $query = '&' . $query;
             } else {

tests/TestCase/Middleware/UnauthorizedHandler/CakeRedirectHandlerTest.php

@@ -16,14 +16,12 @@
 
 use Authorization\Exception\Exception;
 use Authorization\Middleware\UnauthorizedHandler\CakeRedirectHandler;
+use Cake\Core\Configure;
 use Cake\Http\Response;
-use Cake\Http\ServerRequest;
+use Cake\Http\ServerRequestFactory;
 use Cake\Routing\Router;
 use Cake\TestSuite\TestCase;
 
-/**
- * Description of CakeRedirectHandlerTest
- */
 class CakeRedirectHandlerTest extends TestCase
 {
     public function setUp()
@@ -45,25 +43,28 @@ public function testHandleRedirectionDefault()
         $handler = new CakeRedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest();
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/admin/dashboard']
+        );
         $response = new Response();
-
         $response = $handler->handle($exception, $request, $response, [
             'exceptions' => [
                 Exception::class,
             ],
         ]);
 
         $this->assertEquals(302, $response->getStatusCode());
-        $this->assertEquals('/login?redirect=http%3A%2F%2Flocalhost%2F', $response->getHeaderLine('Location'));
+        $this->assertEquals('/login?redirect=%2Fadmin%2Fdashboard', $response->getHeaderLine('Location'));
     }
 
     public function testHandleRedirectionNamed()
     {
         $handler = new CakeRedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest();
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/admin/dashboard']
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -76,15 +77,17 @@ public function testHandleRedirectionNamed()
         ]);
 
         $this->assertEquals(302, $response->getStatusCode());
-        $this->assertEquals('/login?redirect=http%3A%2F%2Flocalhost%2F', $response->getHeaderLine('Location'));
+        $this->assertEquals('/login?redirect=%2Fadmin%2Fdashboard', $response->getHeaderLine('Location'));
     }
 
     public function testHandleRedirectionWithQuery()
     {
         $handler = new CakeRedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest();
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/']
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -100,15 +103,17 @@ public function testHandleRedirectionWithQuery()
         ]);
 
         $this->assertEquals(302, $response->getStatusCode());
-        $this->assertEquals('/login?foo=bar&redirect=http%3A%2F%2Flocalhost%2F', $response->getHeaderLine('Location'));
+        $this->assertEquals('/login?foo=bar&redirect=%2F', $response->getHeaderLine('Location'));
     }
 
     public function testHandleRedirectionNoQuery()
     {
         $handler = new CakeRedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest();
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/']
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -121,4 +126,31 @@ public function testHandleRedirectionNoQuery()
         $this->assertEquals(302, $response->getStatusCode());
         $this->assertEquals('/login', $response->getHeaderLine('Location'));
     }
+
+    public function testHandleRedirectWithBasePath()
+    {
+        $handler = new CakeRedirectHandler();
+        $exception = new Exception();
+
+        Configure::write('App.base', '/basedir');
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/admin/dashboard']
+        );
+        $response = new Response();
+
+        $response = $handler->handle($exception, $request, $response, [
+            'exceptions' => [
+                Exception::class,
+            ],
+            'url' => [
+                '_name' => 'login',
+            ],
+        ]);
+
+        $this->assertEquals(302, $response->getStatusCode());
+        $this->assertEquals(
+            '/basedir/login?redirect=%2Fbasedir%2Fadmin%2Fdashboard',
+            $response->getHeaderLine('Location')
+        );
+    }
 }

tests/TestCase/Middleware/UnauthorizedHandler/RedirectHandlerTest.php

@@ -16,8 +16,9 @@
 
 use Authorization\Exception\Exception;
 use Authorization\Middleware\UnauthorizedHandler\RedirectHandler;
+use Cake\Core\Configure;
 use Cake\Http\Response;
-use Cake\Http\ServerRequest;
+use Cake\Http\ServerRequestFactory;
 use Cake\TestSuite\TestCase;
 
 class RedirectHandlerTest extends TestCase
@@ -27,9 +28,9 @@ public function testHandleRedirection()
         $handler = new RedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest([
-            'environment' => ['REQUEST_METHOD' => 'GET'],
-        ]);
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_METHOD' => 'GET']
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -47,13 +48,13 @@ public function testHandleRedirectionWithQuery()
         $handler = new RedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest([
-            'environment' => [
+        $request = ServerRequestFactory::fromGlobals(
+            [
                 'REQUEST_METHOD' => 'GET',
                 'PATH_INFO' => '/path',
                 'QUERY_STRING' => 'key=value',
-            ],
-        ]);
+            ]
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -72,9 +73,9 @@ public function testHandleRedirectionNoQuery()
         $handler = new RedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest([
-            'environment' => ['REQUEST_METHOD' => 'GET'],
-        ]);
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_METHOD' => 'GET']
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -109,13 +110,13 @@ public function testHandleRedirectionIgnoreNonIdempotentMethods($method)
         $handler = new RedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest([
-            'environment' => [
+        $request = ServerRequestFactory::fromGlobals(
+            [
                 'REQUEST_METHOD' => $method,
                 'PATH_INFO' => '/path',
                 'QUERY_STRING' => 'key=value',
-            ],
-        ]);
+            ]
+        );
         $response = new Response();
 
         $response = $handler->handle($exception, $request, $response, [
@@ -129,12 +130,37 @@ public function testHandleRedirectionIgnoreNonIdempotentMethods($method)
         $this->assertEquals('/login?foo=bar', $response->getHeaderLine('Location'));
     }
 
+    public function testHandleRedirectWithBasePath()
+    {
+        $handler = new RedirectHandler();
+        $exception = new Exception();
+
+        Configure::write('App.base', '/basedir');
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/path', 'REQUEST_METHOD' => 'GET']
+        );
+        $response = new Response();
+
+        $response = $handler->handle($exception, $request, $response, [
+            'exceptions' => [
+                Exception::class,
+            ],
+            'url' => '/basedir/login',
+        ]);
+
+        $this->assertEquals(302, $response->getStatusCode());
+        $this->assertEquals(
+            '/basedir/login?redirect=%2Fbasedir%2Fpath',
+            $response->getHeaderLine('Location')
+        );
+    }
+
     public function testHandleException()
     {
         $handler = new RedirectHandler();
 
         $exception = new Exception();
-        $request = new ServerRequest();
+        $request = ServerRequestFactory::fromGlobals(['REQUEST_URI' => '/']);
         $response = new Response();
 
         $this->expectException(Exception::class);

tests/bootstrap.php

@@ -44,6 +44,7 @@
 
 Configure::write('debug', true);
 Configure::write('App', [
+    'base' => '',
     'namespace' => 'TestApp',
     'encoding' => 'UTF-8',
     'paths' => [