From ad79f1abb3f29b0d7acc8ce45746cf49b5f0704a Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Fri, 9 Dec 2022 15:41:35 +0100
Subject: [PATCH 1/5] add config option to include Unauthorized Url in returned
 Flash Message

---
 config/users.php                                         | 1 +
 .../UnauthorizedHandler/DefaultRedirectHandler.php       | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/config/users.php b/config/users.php
index ebb64c76e..e1cf234d2 100644
--- a/config/users.php
+++ b/config/users.php
@@ -224,6 +224,7 @@
         'AuthorizationMiddleware' => [
             'unauthorizedHandler' => [
                 'className' => 'CakeDC/Users.DefaultRedirect',
+                'addUnauthorizedUrlinFlashMessage' => true,
             ],
         ],
         'AuthorizationComponent' => [
diff --git a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
index 709a3fe43..837184e89 100644
--- a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
+++ b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
@@ -17,6 +17,7 @@
 use Authorization\Exception\ForbiddenException;
 use Authorization\Exception\MissingIdentityException;
 use Authorization\Middleware\UnauthorizedHandler\CakeRedirectHandler;
+use Cake\Core\Configure;
 use Cake\Http\ServerRequest;
 use Cake\Http\Session;
 use Cake\Routing\Router;
@@ -57,6 +58,7 @@ public function handle(Exception $exception, ServerRequestInterface $request, ar
         $response = parent::handle($exception, $request, $options);
         $session = $request->getAttribute('session');
         if ($session instanceof Session) {
+            $options['request'] = $request;
             $this->addFlashMessage($session, $options);
         }
 
@@ -108,8 +110,13 @@ protected function createFlashMessage($options): array
     {
         $message = (array)($options['flash'] ?? []);
 
+        $unauthorizedUrl = '';
+        if (Configure::read('Auth.AuthorizationMiddleware.unauthorizedHandler.addUnauthorizedUrlinFlashMessage')){
+            $unauthorizedUrl = __d('cake_d_c/users', 'Location = ') . (string)$options['request']->getUri();
+        }
+
         return $message + [
-            'message' => __d('cake_d_c/users', 'You are not authorized to access that location.'),
+            'message' => __d('cake_d_c/users', 'You are not authorized to access that location.') . $unauthorizedUrl,
             'key' => 'flash',
             'element' => 'flash/error',
             'params' => [],

From 1cc45a23340ea2482952267d692710e4bcbfb595 Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Fri, 16 Dec 2022 11:48:48 +0100
Subject: [PATCH 2/5] use debug config instead if add new configuration

---
 config/users.php                                              | 1 -
 src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/users.php b/config/users.php
index e1cf234d2..ebb64c76e 100644
--- a/config/users.php
+++ b/config/users.php
@@ -224,7 +224,6 @@
         'AuthorizationMiddleware' => [
             'unauthorizedHandler' => [
                 'className' => 'CakeDC/Users.DefaultRedirect',
-                'addUnauthorizedUrlinFlashMessage' => true,
             ],
         ],
         'AuthorizationComponent' => [
diff --git a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
index 837184e89..0be13c717 100644
--- a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
+++ b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
@@ -111,7 +111,7 @@ protected function createFlashMessage($options): array
         $message = (array)($options['flash'] ?? []);
 
         $unauthorizedUrl = '';
-        if (Configure::read('Auth.AuthorizationMiddleware.unauthorizedHandler.addUnauthorizedUrlinFlashMessage')){
+        if (Configure::read('debug')) {
             $unauthorizedUrl = __d('cake_d_c/users', 'Location = ') . (string)$options['request']->getUri();
         }
 

From 1de0ebe5e2812d7b630febfeb89ce483cd69d2ce Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Fri, 16 Dec 2022 12:58:51 +0100
Subject: [PATCH 3/5] add test testRedirectToLoginDebug to check location
 returned in message

---
 .../UnauthorizedHandler/DefaultRedirectHandler.php   |  2 +-
 .../Traits/Integration/LoginTraitIntegrationTest.php | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
index 0be13c717..2dfd8325b 100644
--- a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
+++ b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
@@ -113,7 +113,7 @@ protected function createFlashMessage($options): array
         $unauthorizedUrl = '';
         if (Configure::read('debug')) {
             $unauthorizedUrl = __d('cake_d_c/users', 'Location = ') . (string)$options['request']->getUri();
-        }
+        };
 
         return $message + [
             'message' => __d('cake_d_c/users', 'You are not authorized to access that location.') . $unauthorizedUrl,
diff --git a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
index 9bf8d74d4..7bcc7e6da 100644
--- a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
+++ b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
@@ -54,12 +54,24 @@ public function loginAsUserId($id)
      */
     public function testRedirectToLogin()
     {
+        Configure::write('debug',false);
         $this->enableRetainFlashMessages();
         $this->get('/pages/home');
+
         $this->assertRedirectContains('/login?redirect=http%3A%2F%2Flocalhost%2Fpages%2Fhome');
         $this->assertFlashMessage('You are not authorized to access that location.');
     }
 
+    public function testRedirectToLoginDebug()
+    {
+        Configure::write('debug',true);
+        $this->enableRetainFlashMessages();
+        $this->get('/pages/home');
+
+        $this->assertRedirectContains('/login?redirect=http%3A%2F%2Flocalhost%2Fpages%2Fhome');
+        $this->assertFlashMessage('You are not authorized to access that location.Location = http://localhost/pages/home');
+    }
+
     /**
      * Test login action with get request
      *

From 8356102dc75b3cab6e45389da7c7bd8e6fbc681b Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Fri, 16 Dec 2022 14:49:22 +0100
Subject: [PATCH 4/5] fix cs errors

---
 src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php | 2 +-
 .../Traits/Integration/LoginTraitIntegrationTest.php          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
index 2dfd8325b..0be13c717 100644
--- a/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
+++ b/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php
@@ -113,7 +113,7 @@ protected function createFlashMessage($options): array
         $unauthorizedUrl = '';
         if (Configure::read('debug')) {
             $unauthorizedUrl = __d('cake_d_c/users', 'Location = ') . (string)$options['request']->getUri();
-        };
+        }
 
         return $message + [
             'message' => __d('cake_d_c/users', 'You are not authorized to access that location.') . $unauthorizedUrl,
diff --git a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
index 7bcc7e6da..5d597cb85 100644
--- a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
+++ b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
@@ -54,7 +54,7 @@ public function loginAsUserId($id)
      */
     public function testRedirectToLogin()
     {
-        Configure::write('debug',false);
+        Configure::write('debug', false);
         $this->enableRetainFlashMessages();
         $this->get('/pages/home');
 
@@ -64,7 +64,7 @@ public function testRedirectToLogin()
 
     public function testRedirectToLoginDebug()
     {
-        Configure::write('debug',true);
+        Configure::write('debug', true);
         $this->enableRetainFlashMessages();
         $this->get('/pages/home');
 

From 9537acd901f3431d8fd0de047731ca490519098e Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Fri, 27 Oct 2023 14:24:40 +0200
Subject: [PATCH 5/5] fix wrong unit test

---
 .../Traits/Integration/LoginTraitIntegrationTest.php           | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
index 195bafdb6..810e92964 100644
--- a/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
+++ b/tests/TestCase/Controller/Traits/Integration/LoginTraitIntegrationTest.php
@@ -57,6 +57,7 @@ public function testRedirectToLogin()
         Configure::write('debug', false);
         $this->enableRetainFlashMessages();
         $this->get('/pages/home');
+
         $this->assertRedirectContains('/login?redirect=%2Fpages%2Fhome');
         $this->assertFlashMessage('You are not authorized to access that location.');
     }
@@ -67,7 +68,7 @@ public function testRedirectToLoginDebug()
         $this->enableRetainFlashMessages();
         $this->get('/pages/home');
 
-        $this->assertRedirectContains('/login?redirect=http%3A%2F%2Flocalhost%2Fpages%2Fhome');
+        $this->assertRedirectContains('/login?redirect=%2Fpages%2Fhome');
         $this->assertFlashMessage('You are not authorized to access that location.Location = http://localhost/pages/home');
     }