Improve code redirection for indexController

- add comments
- forward request is done in the controller (no Minz_Request::forward() in the
view, please)
- "soft" forward to the login form (no need of 302)
- show a 403 page (no authenticated) for rss output when token is wrong

3 files changed, 19 insertions, 16 deletions

diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index 7114fc196..c718fcd5c 100755
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -3,7 +3,10 @@
 class FreshRSS_feed_Controller extends Minz_ActionController {
 	public function firstAction () {
 		if (!$this->view->loginOk) {
-			$token = $this->view->conf->token;	//TODO: check the token logic again, and if it is still needed
+			// Token is useful in the case that anonymous refresh is forbidden
+			// and CRON task cannot be used with php command so the user can
+			// set a CRON task to refresh his feeds by using token inside url
+			$token = $this->view->conf->token;
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token == $token_param);
 			$action = Minz_Request::actionName ();
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index af08edb46..a680c914a 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) {
 			$token_param = Minz_Request::param ('token', '');
 			$token_is_ok = ($token != '' && $token === $token_param);
-			if (!($output === 'rss' && $token_is_ok)) {
+			if ($output === 'rss' && !$token_is_ok) {
+				Minz_Error::error (
+					403,
+					array ('error' => array (Minz_Translate::t ('access_denied')))
+				);
+				return;
+			} elseif ($output !== 'rss') {
+				// "hard" redirection is not required, just ask dispatcher to
+				// forward to the login form without 302 redirection
+				Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'));
 				return;
 			}
 		}
diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml
index 1810a95b3..78271291e 100644
--- a/app/views/index/index.phtml
+++ b/app/views/index/index.phtml
@@ -3,9 +3,7 @@
 $output = Minz_Request::param ('output', 'normal');
 
 if ($this->loginOk || Minz_Configuration::allowAnonymous()) {
-	if ($output === 'normal') {
-		$this->renderHelper ('view/normal_view');
-	} elseif ($output === 'rss') {
+	if ($output === 'rss') {
 		$this->renderHelper ('view/rss_view');
 	} elseif ($output === 'reader') {
 		$this->renderHelper ('view/reader_view');
@@ -17,16 +15,9 @@ if ($this->loginOk || Minz_Configuration::allowAnonymous()) {
 		$this->renderHelper ('view/normal_view');
 	}
 } elseif ($output === 'rss') {
-	// TODO: verification of token and redirection must be done in the
-	// controller, not in the view
-	$token = $this->conf->token;
-	$token_param = Minz_Request::param ('token', '');
-	$token_is_ok = ($token != '' && $token == $token_param);
-	if ($token_is_ok) {
-		$this->renderHelper ('view/rss_view');
-	} else {
-		Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true);
-	}
+	// token has already been checked in the controller so we can show the view
+	$this->renderHelper ('view/rss_view');
 } else {
-	Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true);
+	// Normally, it should not happen, but log it anyway
+	Minz_Log::record ('Something is wrong in ' . __FILE__ . ' line ' . __LINE__, Minz_Log::ERROR);
 }