Fix for ticket #1176. Have the gallery.dialog code add a g-in-dialog parameter to the url to let the controller know its in a dialog. The reauthenticate controller will format the password prompt as a page or a form content. If authentication is successful, then the original controller is called instead of being redirected to.

3 files changed, 50 insertions, 6 deletions

diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js
index 1e91e3ae..e6bd7392 100644
--- a/lib/gallery.dialog.js
+++ b/lib/gallery.dialog.js
@@ -27,7 +27,8 @@
 
        $("#g-dialog").gallery_show_loading();
 
-       $.getJSON(sHref, function(data) {
+       var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "g-in-dialog";
+       $.getJSON(url, function(data) {
          $("#g-dialog").html(unescape(data.form)).gallery_show_loading();
 
          if ($("#g-dialog form").length) {
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 40dd260b..7d2a0c43 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -82,10 +82,14 @@ class Admin_Controller extends Controller {
   }
 
   private static function _prompt_for_reauth($controller_name, $args) {
-    if (request::method() == "get" && !request::is_ajax()) {
+    if (request::method() == "get") {
       // Avoid anti-phishing protection by passing the url as session variable.
-      Session::instance()->set("continue_url", url::abs_current(true));
+      $reauthenticate = array("continue_url" => url::abs_current(true),
+                              "in_dialog" => strpos(Router::$query_string, "g-in-dialog") !== false,
+                              "controller" => $controller_name, "args" => $args);
+      Session::instance()->set("reauthenticate", $reauthenticate);
     }
+
     url::redirect("reauthenticate");
   }
 }
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index acb27f6a..fb1b13bc 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -22,7 +22,12 @@ class Reauthenticate_Controller extends Controller {
     if (!identity::active_user()->admin) {
       access::forbidden();
     }
-    return self::_show_form(self::_form());
+    $reauthenticate = Session::instance()->get("reauthenticate", array());
+    if (empty($reauthenticate["in_dialog"])) {
+      self::_show_form(self::_form());
+    } else {
+      print json_encode(array("form" => (string) self::_form()));
+    }
   }
 
   public function auth() {
@@ -31,18 +36,30 @@ class Reauthenticate_Controller extends Controller {
     }
     access::verify_csrf();
 
+    $reauthenticate = Session::instance()->get("reauthenticate", array());
+    Kohana_Log::add("error", Kohana::debug($reauthenticate));
+
     $form = self::_form();
     $valid = $form->validate();
     $user = identity::active_user();
     if ($valid) {
       message::success(t("Successfully re-authenticated!"));
       module::event("user_auth", $user);
-      url::redirect($form->continue_url->value);
+      Session::instance()->delete("reauthenticate");
+      if (empty($reauthenticate["in_dialog"])) {
+        url::redirect($reauthenticate["continue_url"]);
+      } else {
+        self::_call_admin_function($reauthenticate);
+      }
     } else {
       $name = $user->name;
       log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
       module::event("user_auth_failed", $name);
-      return self::_show_form($form);
+      if (empty($reauthenticate["in_dialog"])) {
+        self::_show_form($form);
+      } else {
+        print json_encode(array("form" => (string) $form));
+      }
     }
   }
 
@@ -52,6 +69,7 @@ class Reauthenticate_Controller extends Controller {
     $view->content = new View("reauthenticate.html");
     $view->content->form = $form;
     $view->content->user_name = identity::active_user()->name;
+
     print $view;
   }
 
@@ -70,4 +88,25 @@ class Reauthenticate_Controller extends Controller {
     $group->submit("")->value(t("Submit"));
     return $form;
   }
+
+  private static function _call_admin_function($reauthenticate) {
+    $controller_name = $reauthenticate["controller"];
+    $args = $reauthenticate["args"];
+    if ($controller_name == "index") {
+      $controller_name = "dashboard";
+    }
+
+    $controller_name = "Admin_{$controller_name}_Controller";
+    if ($args) {
+      $method = array_shift($args);
+    } else {
+      $method = "index";
+    }
+
+    if (!method_exists($controller_name, $method)) {
+      throw new Kohana_404_Exception();
+    }
+
+    call_user_func_array(array(new $controller_name, $method), $args);
+  }
 }