Fix the "log in as" function

Previously the "log in as" function after 3b6e5a692b852a88f55b21a7210f60a6f7cfc24b
would attempt to log the admin user out before issuing the redirect. Unfortunately
this approach does not work on WhatDoTheyKnow, where the admin pages are served via
a different domain (secure.mysociety.org) and so do not share session information with
the rest of the site.

This commit changes it to mark the PostRedirect with circumstance == "login_as",
which signals the user controller to log out the previous user even if they are
an admin. In other words, the user is logged out on the main site rather than the
admin site, skirting this problem.

Closes #450.

1 files changed, 24 insertions, 0 deletions

diff --git a/spec/integration/admin_spec.rb b/spec/integration/admin_spec.rb
new file mode 100644
index 000000000..7fecd60d2
--- /dev/null
+++ b/spec/integration/admin_spec.rb
@@ -0,0 +1,24 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+require "base64"
+
+describe "When administering the site" do
+    it "allows an admin to log in as another user" do
+        # First log in as Joe Admin
+        admin_user = users(:admin_user)
+        admin_user.email_confirmed = true
+        admin_user.save!
+        post_via_redirect "/profile/sign_in", :user_signin => {:email => admin_user.email, :password => "jonespassword"}
+        response.should be_success
+        
+        # Now fetch the "log in as" link to log in as Bob
+        basic_auth_login @request
+        admin_username = MySociety::Config.get('ADMIN_USERNAME')
+        admin_password = MySociety::Config.get('ADMIN_PASSWORD')
+        get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}", nil, {
+          "Authorization" => "Basic " + Base64.b64encode("#{admin_username}:#{admin_password}").strip
+        }
+        response.should be_success
+        session[:user_id].should == users(:bob_smith_user).id
+    end
+end