7 files changed, 70 insertions, 8 deletions

diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 12b4e553f..b2c084739 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -77,6 +77,7 @@ class AdminUserController < AdminController
         post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id)
         post_redirect.save!
         url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true))
+        session[:user_id] = nil # Log out current (usually admin) user, so we get logged in as the other user
 
         redirect_to url
     end
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index f49fc9165..403cb9684 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -182,9 +182,11 @@ class UserController < ApplicationController
             return
         end
 
-        @user = post_redirect.user
-        @user.email_confirmed = true
-        @user.save!
+        if !User.stay_logged_in_on_redirect?(@user)
+            @user = post_redirect.user
+            @user.email_confirmed = true
+            @user.save!
+        end
 
         session[:user_id] = @user.id
         session[:user_circumstance] = post_redirect.circumstance
diff --git a/app/models/user.rb b/app/models/user.rb
index 28d130c46..691a59e48 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -264,6 +264,12 @@ class User < ActiveRecord::Base
     def User.view_hidden_requests?(user)
       !user.nil? && user.admin_level == 'super'
     end
+
+    # Should the user be kept logged into their own account
+    # if they follow a /c/ redirect link belonging to another user?
+    def User.stay_logged_in_on_redirect?(user)
+      !user.nil? && user.admin_level == 'super'
+    end
      
     # Does the user get "(admin)" links on each page on the main site?
     def admin_page_links?
diff --git a/config/test.yml b/config/test.yml
index 6a423b47a..90689395a 100644
--- a/config/test.yml
+++ b/config/test.yml
@@ -10,7 +10,8 @@
 SITE_NAME: 'Alaveteli'
 
 # Domain used in URLs generated by scripts (e.g. for going in some emails)
-DOMAIN: 'test.localdomain'
+# It makes things simpler if this is the same as the Rails test domain test.host
+DOMAIN: 'test.host'
  
 # ISO country code of country currrently deployed in
 # (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
diff --git a/spec/controllers/admin_user_controller_spec.rb b/spec/controllers/admin_user_controller_spec.rb
index 65ecbc37d..60ac6969d 100644
--- a/spec/controllers/admin_user_controller_spec.rb
+++ b/spec/controllers/admin_user_controller_spec.rb
@@ -2,7 +2,9 @@ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
 
 describe AdminUserController, "when administering users" do
     integrate_views
-    before { basic_auth_login @request }
+    before do
+        basic_auth_login @request
+    end
   
     it "shows the index/list page" do
         get :index
@@ -16,6 +18,19 @@ describe AdminUserController, "when administering users" do
     it "shows a user" do
         get :show, :id => users(:bob_smith_user)
     end
+    
+    it "logs in as another user" do
+        get :login_as,  :id => users(:bob_smith_user).id
+        post_redirect = PostRedirect.get_last_post_redirect
+        response.should redirect_to(:controller => 'user', :action => 'confirm', :email_token => post_redirect.email_token)
+    end
 
+    it "logs in as another user when already logged in as an admin" do
+        session[:user_id] = users(:admin_user).id
+        get :login_as,  :id => users(:bob_smith_user).id
+        post_redirect = PostRedirect.get_last_post_redirect
+        response.should redirect_to(:controller => 'user', :action => 'confirm', :email_token => post_redirect.email_token)
+        session[:user_id].should be_nil
+    end
 end
 
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index fbe33c529..40649b6e1 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -190,6 +190,43 @@ describe UserController, "when signing in" do
         ActionController::Routing::Routes.filters = old_filters
     end
 
+    it "should keep you logged in if you click a confirmation link and are already logged in as an admin" do
+        old_filters = ActionController::Routing::Routes.filters
+        ActionController::Routing::Routes.filters = RoutingFilter::Chain.new
+
+        get :signin, :r => "/list"
+        post_redirect = get_last_postredirect
+
+        post :signin, { :user_signin => { :email => 'unconfirmed@localhost', :password => 'jonespassword' },
+            :token => post_redirect.token
+        }
+        response.should send_email
+
+        deliveries = ActionMailer::Base.deliveries
+        deliveries.size.should  == 1
+        mail = deliveries[0]
+        mail.body =~ /(http:\/\/.*(\/c\/(.*)))/
+        mail_url = $1
+        mail_path = $2
+        mail_token = $3
+
+        # check is right confirmation URL
+        mail_token.should == post_redirect.email_token
+        params_from(:get, mail_path).should == { :controller => 'user', :action => 'confirm', :email_token => mail_token }
+
+        # Log in as an admin
+        session[:user_id] = users(:admin_user).id
+
+        # Get the confirmation URL, and check we’re still Joe
+        get :confirm, :email_token => post_redirect.email_token
+        session[:user_id].should == users(:admin_user).id
+        
+        # And the redirect should still work, of course
+        response.should redirect_to(:controller => 'request', :action => 'list', :post_redirect => 1)
+
+        ActionController::Routing::Routes.filters = old_filters
+    end
+
 end
 
 describe UserController, "when signing up" do
diff --git a/spec/helpers/link_to_helper_spec.rb b/spec/helpers/link_to_helper_spec.rb
index 3fa91a8f8..f11f2b5bb 100644
--- a/spec/helpers/link_to_helper_spec.rb
+++ b/spec/helpers/link_to_helper_spec.rb
@@ -28,13 +28,13 @@ describe LinkToHelper do
 
     describe "when appending something to a URL" do
         it 'should append to things without query strings' do
-            main_url('/a', '.json').should == 'http://test.localdomain/a.json'
+            main_url('/a', '.json').should == 'http://test.host/a.json'
         end
         it 'should append to things with query strings' do
-            main_url('/a?z=1', '.json').should == 'http://test.localdomain/a.json?z=1'
+            main_url('/a?z=1', '.json').should == 'http://test.host/a.json?z=1'
         end
         it 'should fail silently with invalid URLs' do
-            main_url('/a?z=9%', '.json').should == 'http://test.localdomain/a?z=9%'
+            main_url('/a?z=9%', '.json').should == 'http://test.host/a?z=9%'
         end
     end