Mercurial > hg > Members > shoshi > webvirt

diff cake/tests/cases/libs/controller/components/auth.test.php @ 0:261e66bd5a0c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hg init
author Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
date Sun, 24 Jul 2011 21:08:31 +0900
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cake/tests/cases/libs/controller/components/auth.test.php	Sun Jul 24 21:08:31 2011 +0900
@@ -0,0 +1,1657 @@
+<?php
+/**
+ * AuthComponentTest file
+ *
+ * PHP versions 4 and 5
+ *
+ * CakePHP(tm) Tests <http://book.cakephp.org/view/1196/Testing>
+ * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ *  Licensed under The Open Group Test Suite License
+ *  Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://book.cakephp.org/view/1196/Testing CakePHP(tm) Tests
+ * @package       cake
+ * @subpackage    cake.cake.tests.cases.libs.controller.components
+ * @since         CakePHP(tm) v 1.2.0.5347
+ * @license       http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
+ */
+App::import('Component', array('Auth', 'Acl'));
+App::import('Model', 'DbAcl');
+App::import('Core', 'Xml');
+
+Mock::generate('AclComponent', 'AuthTestMockAclComponent');
+
+/**
+* TestAuthComponent class
+*
+* @package       cake
+* @subpackage    cake.tests.cases.libs.controller.components
+*/
+class TestAuthComponent extends AuthComponent {
+
+/**
+ * testStop property
+ *
+ * @var bool false
+ * @access public
+ */
+	var $testStop = false;
+
+/**
+ * Sets default login state
+ *
+ * @var bool true
+ * @access protected
+ */
+	var $_loggedIn = true;
+
+/**
+ * stop method
+ *
+ * @access public
+ * @return void
+ */
+	function _stop() {
+		$this->testStop = true;
+	}
+}
+
+/**
+* AuthUser class
+*
+* @package       cake
+* @subpackage    cake.tests.cases.libs.controller.components
+*/
+class AuthUser extends CakeTestModel {
+
+/**
+ * name property
+ *
+ * @var string 'AuthUser'
+ * @access public
+ */
+	var $name = 'AuthUser';
+
+/**
+ * useDbConfig property
+ *
+ * @var string 'test_suite'
+ * @access public
+ */
+	var $useDbConfig = 'test_suite';
+
+/**
+ * parentNode method
+ *
+ * @access public
+ * @return void
+ */
+	function parentNode() {
+		return true;
+	}
+
+/**
+ * bindNode method
+ *
+ * @param mixed $object
+ * @access public
+ * @return void
+ */
+	function bindNode($object) {
+		return 'Roles/Admin';
+	}
+
+/**
+ * isAuthorized method
+ *
+ * @param mixed $user
+ * @param mixed $controller
+ * @param mixed $action
+ * @access public
+ * @return void
+ */
+	function isAuthorized($user, $controller = null, $action = null) {
+		if (!empty($user)) {
+			return true;
+		}
+		return false;
+	}
+}
+
+/**
+ * AuthUserCustomField class
+ *
+ * @package       cake
+ * @subpackage    cake.tests.cases.libs.controller.components
+ */
+class AuthUserCustomField extends AuthUser {
+
+/**
+ * name property
+ *
+ * @var string 'AuthUser'
+ * @access public
+ */
+	var $name = 'AuthUserCustomField';
+}
+
+/**
+* UuidUser class
+*
+* @package       cake
+* @subpackage    cake.tests.cases.libs.controller.components
+*/
+class UuidUser extends CakeTestModel {
+
+/**
+ * name property
+ *
+ * @var string 'AuthUser'
+ * @access public
+ */
+	var $name = 'UuidUser';
+
+/**
+ * useDbConfig property
+ *
+ * @var string 'test_suite'
+ * @access public
+ */
+	var $useDbConfig = 'test_suite';
+
+/**
+ * useTable property
+ *
+ * @var string 'uuid'
+ * @access public
+ */
+	var $useTable = 'uuids';
+
+/**
+ * parentNode method
+ *
+ * @access public
+ * @return void
+ */
+	function parentNode() {
+		return true;
+	}
+
+/**
+ * bindNode method
+ *
+ * @param mixed $object
+ * @access public
+ * @return void
+ */
+	function bindNode($object) {
+		return 'Roles/Admin';
+	}
+
+/**
+ * isAuthorized method
+ *
+ * @param mixed $user
+ * @param mixed $controller
+ * @param mixed $action
+ * @access public
+ * @return void
+ */
+	function isAuthorized($user, $controller = null, $action = null) {
+		if (!empty($user)) {
+			return true;
+		}
+		return false;
+	}
+}
+
+/**
+* AuthTestController class
+*
+* @package       cake
+* @subpackage    cake.tests.cases.libs.controller.components
+*/
+class AuthTestController extends Controller {
+
+/**
+ * name property
+ *
+ * @var string 'AuthTest'
+ * @access public
+ */
+	var $name = 'AuthTest';
+
+/**
+ * uses property
+ *
+ * @var array
+ * @access public
+ */
+	var $uses = array('AuthUser');
+
+/**
+ * components property
+ *
+ * @var array
+ * @access public
+ */
+	var $components = array('Session', 'Auth', 'Acl');
+
+/**
+ * testUrl property
+ *
+ * @var mixed null
+ * @access public
+ */
+	var $testUrl = null;
+
+/**
+ * construct method
+ *
+ * @access private
+ * @return void
+ */
+	function __construct() {
+		$this->params = Router::parse('/auth_test');
+		Router::setRequestInfo(array($this->params, array('base' => null, 'here' => '/auth_test', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array())));
+		parent::__construct();
+	}
+
+/**
+ * beforeFilter method
+ *
+ * @access public
+ * @return void
+ */
+	function beforeFilter() {
+		$this->Auth->userModel = 'AuthUser';
+	}
+
+/**
+ * login method
+ *
+ * @access public
+ * @return void
+ */
+	function login() {
+	}
+
+/**
+ * admin_login method
+ *
+ * @access public
+ * @return void
+ */
+	function admin_login() {
+	}
+
+/**
+ * logout method
+ *
+ * @access public
+ * @return void
+ */
+	function logout() {
+		// $this->redirect($this->Auth->logout());
+	}
+
+/**
+ * add method
+ *
+ * @access public
+ * @return void
+ */
+	function add() {
+		echo "add";
+	}
+
+/**
+ * add method
+ *
+ * @access public
+ * @return void
+ */
+	function camelCase() {
+		echo "camelCase";
+	}
+
+/**
+ * redirect method
+ *
+ * @param mixed $url
+ * @param mixed $status
+ * @param mixed $exit
+ * @access public
+ * @return void
+ */
+	function redirect($url, $status = null, $exit = true) {
+		$this->testUrl = Router::url($url);
+		return false;
+	}
+
+/**
+ * isAuthorized method
+ *
+ * @access public
+ * @return void
+ */
+	function isAuthorized() {
+		if (isset($this->params['testControllerAuth'])) {
+			return false;
+		}
+		return true;
+	}
+
+/**
+ * Mock delete method
+ *
+ * @param mixed $url
+ * @param mixed $status
+ * @param mixed $exit
+ * @access public
+ * @return void
+ */
+	function delete($id = null) {
+		if ($this->TestAuth->testStop !== true && $id !== null) {
+			echo 'Deleted Record: ' . var_export($id, true);
+		}
+	}
+}
+
+/**
+ * AjaxAuthController class
+ *
+ * @package       cake
+ * @subpackage    cake.tests.cases.libs.controller.components
+ */
+class AjaxAuthController extends Controller {
+
+/**
+ * name property
+ *
+ * @var string 'AjaxAuth'
+ * @access public
+ */
+	var $name = 'AjaxAuth';
+
+/**
+ * components property
+ *
+ * @var array
+ * @access public
+ */
+	var $components = array('Session', 'TestAuth');
+
+/**
+ * uses property
+ *
+ * @var array
+ * @access public
+ */
+	var $uses = array();
+
+/**
+ * testUrl property
+ *
+ * @var mixed null
+ * @access public
+ */
+	var $testUrl = null;
+
+/**
+ * beforeFilter method
+ *
+ * @access public
+ * @return void
+ */
+	function beforeFilter() {
+		$this->TestAuth->ajaxLogin = 'test_element';
+		$this->TestAuth->userModel = 'AuthUser';
+		$this->TestAuth->RequestHandler->ajaxLayout = 'ajax2';
+	}
+
+/**
+ * add method
+ *
+ * @access public
+ * @return void
+ */
+	function add() {
+		if ($this->TestAuth->testStop !== true) {
+			echo 'Added Record';
+		}
+	}
+
+/**
+ * redirect method
+ *
+ * @param mixed $url
+ * @param mixed $status
+ * @param mixed $exit
+ * @access public
+ * @return void
+ */
+	function redirect($url, $status = null, $exit = true) {
+		$this->testUrl = Router::url($url);
+		return false;
+	}
+}
+
+/**
+* AuthTest class
+*
+* @package       cake
+* @subpackage    cake.tests.cases.libs.controller.components
+*/
+class AuthTest extends CakeTestCase {
+
+/**
+ * name property
+ *
+ * @var string 'Auth'
+ * @access public
+ */
+	var $name = 'Auth';
+
+/**
+ * fixtures property
+ *
+ * @var array
+ * @access public
+ */
+	var $fixtures = array('core.uuid', 'core.auth_user', 'core.auth_user_custom_field', 'core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action');
+
+/**
+ * initialized property
+ *
+ * @var bool false
+ * @access public
+ */
+	var $initialized = false;
+
+/**
+ * startTest method
+ *
+ * @access public
+ * @return void
+ */
+	function startTest() {
+		$this->_server = $_SERVER;
+		$this->_env = $_ENV;
+
+		$this->_securitySalt = Configure::read('Security.salt');
+		Configure::write('Security.salt', 'JfIxfs2guVoUubWDYhG93b0qyJfIxfs2guwvniR2G0FgaC9mi');
+
+		$this->_acl = Configure::read('Acl');
+		Configure::write('Acl.database', 'test_suite');
+		Configure::write('Acl.classname', 'DbAcl');
+
+		$this->Controller =& new AuthTestController();
+		$this->Controller->Component->init($this->Controller);
+		$this->Controller->Component->initialize($this->Controller);
+		$this->Controller->beforeFilter();
+
+		ClassRegistry::addObject('view', new View($this->Controller));
+
+		$this->Controller->Session->delete('Auth');
+		$this->Controller->Session->delete('Message.auth');
+
+		Router::reload();
+
+		$this->initialized = true;
+	}
+
+/**
+ * endTest method
+ *
+ * @access public
+ * @return void
+ */
+	function endTest() {
+		$_SERVER = $this->_server;
+		$_ENV = $this->_env;
+		Configure::write('Acl', $this->_acl);
+		Configure::write('Security.salt', $this->_securitySalt);
+
+		$this->Controller->Session->delete('Auth');
+		$this->Controller->Session->delete('Message.auth');
+		ClassRegistry::flush();
+		unset($this->Controller, $this->AuthUser);
+	}
+
+/**
+ * testNoAuth method
+ *
+ * @access public
+ * @return void
+ */
+	function testNoAuth() {
+		$this->assertFalse($this->Controller->Auth->isAuthorized());
+	}
+
+/**
+ * testIsErrorOrTests
+ *
+ * @access public
+ * @return void
+ */
+	function testIsErrorOrTests() {
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->name = 'CakeError';
+		$this->assertTrue($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->name = 'Post';
+		$this->Controller->params['action'] = 'thisdoesnotexist';
+		$this->assertTrue($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->scaffold = null;
+		$this->Controller->params['action'] = 'index';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+	}
+
+/**
+ * testIdentify method
+ *
+ * @access public
+ * @return void
+ */
+	function testIdentify() {
+		$this->AuthUser =& new AuthUser();
+		$user['id'] = 1;
+		$user['username'] = 'mariano';
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
+		$this->AuthUser->save($user, false);
+
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Auth->identify($user));
+	}
+
+/**
+ * testIdentifyWithConditions method
+ *
+ * @access public
+ * @return void
+ */
+	function testIdentifyWithConditions() {
+		$this->AuthUser =& new AuthUser();
+		$user['id'] = 1;
+		$user['username'] = 'mariano';
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
+		$this->AuthUser->save($user, false);
+
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->startup($this->Controller);
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->assertFalse($this->Controller->Auth->identify($user, array('AuthUser.id >' => 2)));
+
+		$this->Controller->Auth->userScope = array('id >' => 2);
+		$this->assertFalse($this->Controller->Auth->identify($user));
+		$this->assertTrue($this->Controller->Auth->identify($user, false));
+	}
+
+/**
+ * testLogin method
+ *
+ * @access public
+ * @return void
+ */
+	function testLogin() {
+		$this->AuthUser =& new AuthUser();
+		$user['id'] = 1;
+		$user['username'] = 'mariano';
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
+		$this->AuthUser->save($user, false);
+
+		$authUser = $this->AuthUser->find();
+
+		$this->Controller->data['AuthUser']['username'] = $authUser['AuthUser']['username'];
+		$this->Controller->data['AuthUser']['password'] = 'cake';
+
+		$this->Controller->params = Router::parse('auth_test/login');
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$expected = array('AuthUser' => array(
+			'id' => 1, 'username' => 'mariano', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s')
+		));
+		$this->assertEqual($user, $expected);
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->data['AuthUser']['username'] = 'blah';
+		$this->Controller->data['AuthUser']['password'] = '';
+
+		$this->Controller->Auth->startup($this->Controller);
+
+		$user = $this->Controller->Auth->user();
+		$this->assertFalse($user);
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 --';
+		$this->Controller->data['AuthUser']['password'] = '';
+
+		$this->Controller->Auth->startup($this->Controller);
+
+		$user = $this->Controller->Auth->user();
+		$this->assertFalse($user);
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->data['AuthUser']['username'] = 'now() or 1=1 # something';
+		$this->Controller->data['AuthUser']['password'] = '';
+
+		$this->Controller->Auth->startup($this->Controller);
+
+		$user = $this->Controller->Auth->user();
+		$this->assertFalse($user);
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->Auth->userModel = 'UuidUser';
+		$this->Controller->Auth->login('47c36f9c-bc00-4d17-9626-4e183ca6822b');
+
+		$user = $this->Controller->Auth->user();
+		$expected = array('UuidUser' => array(
+			'id' => '47c36f9c-bc00-4d17-9626-4e183ca6822b', 'title' => 'Unique record 1', 'count' => 2, 'created' => '2008-03-13 01:16:23', 'updated' => '2008-03-13 01:18:31'
+		));
+		$this->assertEqual($user, $expected);
+		$this->Controller->Session->delete('Auth');
+	}
+
+/**
+ * test that being redirected to the login page, with no post data does
+ * not set the session value.  Saving the session value in this circumstance
+ * can cause the user to be redirected to an already public page.
+ *
+ * @return void
+ */
+	function testLoginActionNotSettingAuthRedirect() {
+		$_referer = $_SERVER['HTTP_REFERER'];
+		$_SERVER['HTTP_REFERER'] = '/pages/display/about';
+
+		$this->Controller->data = array();
+		$this->Controller->params = Router::parse('auth_test/login');
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->Auth->loginRedirect = '/users/dashboard';
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$redirect = $this->Controller->Session->read('Auth.redirect');
+		$this->assertNull($redirect);
+	}
+
+/**
+ * testAuthorizeFalse method
+ *
+ * @access public
+ * @return void
+ */
+	function testAuthorizeFalse() {
+		$this->AuthUser =& new AuthUser();
+		$user = $this->AuthUser->find();
+		$this->Controller->Session->write('Auth', $user);
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->authorize = false;
+		$this->Controller->params = Router::parse('auth_test/add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result);
+
+		$this->Controller->Session->delete('Auth');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result);
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+
+		$this->Controller->params = Router::parse('auth_test/camelCase');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result);
+	}
+
+/**
+ * testAuthorizeController method
+ *
+ * @access public
+ * @return void
+ */
+	function testAuthorizeController() {
+		$this->AuthUser =& new AuthUser();
+		$user = $this->AuthUser->find();
+		$this->Controller->Session->write('Auth', $user);
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->authorize = 'controller';
+		$this->Controller->params = Router::parse('auth_test/add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result);
+
+		$this->Controller->params['testControllerAuth'] = 1;
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+		$this->assertFalse($result);
+
+		$this->Controller->Session->delete('Auth');
+	}
+
+/**
+ * testAuthorizeModel method
+ *
+ * @access public
+ * @return void
+ */
+	function testAuthorizeModel() {
+		$this->AuthUser =& new AuthUser();
+		$user = $this->AuthUser->find();
+		$this->Controller->Session->write('Auth', $user);
+
+		$this->Controller->params['controller'] = 'auth_test';
+		$this->Controller->params['action'] = 'add';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->authorize = array('model'=>'AuthUser');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result);
+
+		$this->Controller->Session->delete('Auth');
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+		$result = $this->Controller->Auth->isAuthorized();
+		$this->assertFalse($result);
+	}
+
+/**
+ * testAuthorizeCrud method
+ *
+ * @access public
+ * @return void
+ */
+	function testAuthorizeCrud() {
+		$this->AuthUser =& new AuthUser();
+		$user = $this->AuthUser->find();
+		$this->Controller->Session->write('Auth', $user);
+
+		$this->Controller->params['controller'] = 'auth_test';
+		$this->Controller->params['action'] = 'add';
+
+		$this->Controller->Acl->name = 'DbAclTest';
+
+		$this->Controller->Acl->Aro->id = null;
+		$this->Controller->Acl->Aro->create(array('alias' => 'Roles'));
+		$result = $this->Controller->Acl->Aro->save();
+		$this->assertTrue($result);
+
+		$parent = $this->Controller->Acl->Aro->id;
+
+		$this->Controller->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Admin'));
+		$result = $this->Controller->Acl->Aro->save();
+		$this->assertTrue($result);
+
+		$parent = $this->Controller->Acl->Aro->id;
+
+		$this->Controller->Acl->Aro->create(array(
+			'model' => 'AuthUser', 'parent_id' => $parent, 'foreign_key' => 1, 'alias'=> 'mariano'
+		));
+		$result = $this->Controller->Acl->Aro->save();
+		$this->assertTrue($result);
+
+		$this->Controller->Acl->Aco->create(array('alias' => 'Root'));
+		$result = $this->Controller->Acl->Aco->save();
+		$this->assertTrue($result);
+
+		$parent = $this->Controller->Acl->Aco->id;
+
+		$this->Controller->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'AuthTest'));
+		$result = $this->Controller->Acl->Aco->save();
+		$this->assertTrue($result);
+
+		$this->Controller->Acl->allow('Roles/Admin', 'Root');
+		$this->Controller->Acl->allow('Roles/Admin', 'Root/AuthTest');
+
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->authorize = 'crud';
+		$this->Controller->Auth->actionPath = 'Root/';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Auth->isAuthorized());
+
+		$this->Controller->Session->delete('Auth');
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+	}
+
+/**
+ * test authorize = 'actions' setting.
+ *
+ * @return void
+ */
+	function testAuthorizeActions() {
+		$this->AuthUser =& new AuthUser();
+		$user = $this->AuthUser->find();
+		$this->Controller->Session->write('Auth', $user);
+		$this->Controller->params['controller'] = 'auth_test';
+		$this->Controller->params['action'] = 'add';
+
+		$this->Controller->Acl =& new AuthTestMockAclComponent();
+		$this->Controller->Acl->setReturnValue('check', true);
+
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->authorize = 'actions';
+		$this->Controller->Auth->actionPath = 'Root/';
+
+		$this->Controller->Acl->expectAt(0, 'check', array(
+			$user, 'Root/AuthTest/add'
+		));
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($this->Controller->Auth->isAuthorized());
+	}
+
+/**
+ * Tests that deny always takes precedence over allow
+ *
+ * @access public
+ * @return void
+ */
+	function testAllowDenyAll() {
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->allow('*');
+		$this->Controller->Auth->deny('add', 'camelcase');
+
+		$this->Controller->params['action'] = 'delete';
+		$this->assertTrue($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->params['action'] = 'add';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->params['action'] = 'Add';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->params['action'] = 'camelCase';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+
+		$this->Controller->Auth->allow('*');
+		$this->Controller->Auth->deny(array('add', 'camelcase'));
+
+		$this->Controller->params['action'] = 'camelCase';
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+	}
+
+/**
+ * test the action() method
+ *
+ * @return void
+ */
+	function testActionMethod() {
+		$this->Controller->params['controller'] = 'auth_test';
+		$this->Controller->params['action'] = 'add';
+
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->actionPath = 'ROOT/';
+
+		$result = $this->Controller->Auth->action();
+		$this->assertEqual($result, 'ROOT/AuthTest/add');
+
+		$result = $this->Controller->Auth->action(':controller');
+		$this->assertEqual($result, 'ROOT/AuthTest');
+
+		$result = $this->Controller->Auth->action(':controller');
+		$this->assertEqual($result, 'ROOT/AuthTest');
+
+		$this->Controller->params['plugin'] = 'test_plugin';
+		$this->Controller->params['controller'] = 'auth_test';
+		$this->Controller->params['action'] = 'add';
+		$this->Controller->Auth->initialize($this->Controller);
+		$result = $this->Controller->Auth->action();
+		$this->assertEqual($result, 'ROOT/TestPlugin/AuthTest/add');
+	}
+
+/**
+ * test that deny() converts camel case inputs to lowercase.
+ *
+ * @return void
+ */
+	function testDenyWithCamelCaseMethods() {
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->allow('*');
+		$this->Controller->Auth->deny('add', 'camelCase');
+
+		$url = '/auth_test/camelCase';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+
+		$this->assertFalse($this->Controller->Auth->startup($this->Controller));
+	}
+
+/**
+ * test that allow() and allowedActions work with camelCase method names.
+ *
+ * @return void
+ */
+	function testAllowedActionsWithCamelCaseMethods() {
+		$url = '/auth_test/camelCase';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->allow('*');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+		$url = '/auth_test/camelCase';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+		$this->Controller->Auth->allowedActions = array('delete', 'add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
+
+		$url = '/auth_test/delete';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->allow(array('delete', 'add'));
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+	}
+
+	function testAllowedActionsSetWithAllowMethod() {
+		$url = '/auth_test/action_name';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->allow('action_name', 'anotherAction');
+		$this->assertEqual($this->Controller->Auth->allowedActions, array('action_name', 'anotheraction'));
+	}
+
+/**
+ * testLoginRedirect method
+ *
+ * @access public
+ * @return void
+ */
+	function testLoginRedirect() {
+		if (isset($_SERVER['HTTP_REFERER'])) {
+			$backup = $_SERVER['HTTP_REFERER'];
+		} else {
+			$backup = null;
+		}
+
+		$_SERVER['HTTP_REFERER'] = false;
+
+		$this->Controller->Session->write('Auth', array(
+			'AuthUser' => array('id' => '1', 'username' => 'nate')
+		));
+
+		$this->Controller->params = Router::parse('users/login');
+		$this->Controller->params['url']['url'] = 'users/login';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->loginRedirect = array(
+			'controller' => 'pages', 'action' => 'display', 'welcome'
+		);
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize($this->Controller->Auth->loginRedirect);
+		$this->assertEqual($expected, $this->Controller->Auth->redirect());
+
+		$this->Controller->Session->delete('Auth');
+
+		$this->Controller->params['url']['url'] = 'admin/';
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->loginRedirect = null;
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('admin/');
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+		$this->assertEqual($expected, $this->Controller->Auth->redirect());
+
+		$this->Controller->Session->delete('Auth');
+
+		//empty referer no session
+		$_SERVER['HTTP_REFERER'] = false;
+		$_ENV['HTTP_REFERER'] = false;
+		putenv('HTTP_REFERER=');
+		$url = '/posts/view/1';
+
+		$this->Controller->Session->write('Auth', array(
+			'AuthUser' => array('id' => '1', 'username' => 'nate'))
+		);
+		$this->Controller->testUrl = null;
+		$this->Controller->params = Router::parse($url);
+		array_push($this->Controller->methods, 'view', 'edit', 'index');
+
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->authorize = 'controller';
+		$this->Controller->params['testControllerAuth'] = true;
+
+		$this->Controller->Auth->loginAction = array(
+			'controller' => 'AuthTest', 'action' => 'login'
+		);
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('/');
+		$this->assertEqual($expected, $this->Controller->testUrl);
+
+
+		$this->Controller->Session->delete('Auth');
+		$_SERVER['HTTP_REFERER'] = Router::url('/admin/', true);
+
+		$this->Controller->Session->write('Auth', array(
+			'AuthUser' => array('id'=>'1', 'username'=>'nate'))
+		);
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->loginRedirect = false;
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('/admin');
+		$this->assertEqual($expected, $this->Controller->Auth->redirect());
+
+		//Ticket #4750
+		//named params
+		$this->Controller->Session->delete('Auth');
+		$url = '/posts/index/year:2008/month:feb';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('posts/index/year:2008/month:feb');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+
+		//passed args
+		$this->Controller->Session->delete('Auth');
+		$url = '/posts/view/1';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('posts/view/1');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+
+        // QueryString parameters
+		$_back = $_GET;
+		$_GET = array(
+			'url' => '/posts/index/29',
+			'print' => 'true',
+			'refer' => 'menu'
+		);
+		$this->Controller->Session->delete('Auth');
+		$url = '/posts/index/29?print=true&refer=menu';
+		$this->Controller->params = Dispatcher::parseParams($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('posts/index/29?print=true&refer=menu');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+
+		$_GET = array(
+			'url' => '/posts/index/29',
+			'print' => 'true',
+			'refer' => 'menu',
+			'ext' => 'html'
+		);
+		$this->Controller->Session->delete('Auth');
+		$url = '/posts/index/29?print=true&refer=menu';
+		$this->Controller->params = Dispatcher::parseParams($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('posts/index/29?print=true&refer=menu');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+		$_GET = $_back;
+
+		//external authed action
+		$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
+		$this->Controller->Session->delete('Auth');
+		$url = '/posts/edit/1';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('/posts/edit/1');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+
+		//external direct login link
+		$_SERVER['HTTP_REFERER'] = 'http://webmail.example.com/view/message';
+		$this->Controller->Session->delete('Auth');
+		$url = '/AuthTest/login';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = Router::normalize($url);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$expected = Router::normalize('/');
+		$this->assertEqual($expected, $this->Controller->Session->read('Auth.redirect'));
+
+		$_SERVER['HTTP_REFERER'] = $backup;
+		$this->Controller->Session->delete('Auth');
+	}
+
+/**
+ * Ensure that no redirect is performed when a 404 is reached
+ * And the user doesn't have a session.
+ *
+ * @return void
+ */
+	function testNoRedirectOn404() {
+		$this->Controller->Session->delete('Auth');
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->params = Router::parse('auth_test/something_totally_wrong');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue($result, 'Auth redirected a missing action %s');
+	}
+
+/**
+ * testEmptyUsernameOrPassword method
+ *
+ * @access public
+ * @return void
+ */
+	function testEmptyUsernameOrPassword() {
+		$this->AuthUser =& new AuthUser();
+		$user['id'] = 1;
+		$user['username'] = 'mariano';
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
+		$this->AuthUser->save($user, false);
+
+		$authUser = $this->AuthUser->find();
+
+		$this->Controller->data['AuthUser']['username'] = '';
+		$this->Controller->data['AuthUser']['password'] = '';
+
+		$this->Controller->params = Router::parse('auth_test/login');
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$this->assertTrue($this->Controller->Session->check('Message.auth'));
+		$this->assertEqual($user, false);
+		$this->Controller->Session->delete('Auth');
+	}
+
+/**
+ * testInjection method
+ *
+ * @access public
+ * @return void
+ */
+	function testInjection() {
+		$this->AuthUser =& new AuthUser();
+		$this->AuthUser->id = 2;
+		$this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
+
+		$this->Controller->data['AuthUser']['username'] = 'nate';
+		$this->Controller->data['AuthUser']['password'] = 'cake';
+		$this->Controller->params = Router::parse('auth_test/login');
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_array($this->Controller->Auth->user()));
+
+		$this->Controller->Session->delete($this->Controller->Auth->sessionKey);
+
+		$this->Controller->data['AuthUser']['username'] = 'nate';
+		$this->Controller->data['AuthUser']['password'] = 'cake1';
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+
+		$this->Controller->Session->delete($this->Controller->Auth->sessionKey);
+
+		$this->Controller->data['AuthUser']['username'] = '> n';
+		$this->Controller->data['AuthUser']['password'] = 'cake';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+
+		unset($this->Controller->data['AuthUser']['password']);
+		$this->Controller->data['AuthUser']['username'] = "1'1";
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+
+		unset($this->Controller->data['AuthUser']['username']);
+		$this->Controller->data['AuthUser']['password'] = "1'1";
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+	}
+
+/**
+ * test Hashing of passwords
+ *
+ * @return void
+ */
+	function testHashPasswords() {
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$data['AuthUser']['password'] = 'superSecret';
+		$data['AuthUser']['username'] = 'superman@dailyplanet.com';
+		$return = $this->Controller->Auth->hashPasswords($data);
+		$expected = $data;
+		$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
+		$this->assertEqual($return, $expected);
+
+		$data['Wrong']['password'] = 'superSecret';
+		$data['Wrong']['username'] = 'superman@dailyplanet.com';
+		$data['AuthUser']['password'] = 'IcantTellYou';
+		$return = $this->Controller->Auth->hashPasswords($data);
+		$expected = $data;
+		$expected['AuthUser']['password'] = Security::hash($expected['AuthUser']['password'], null, true);
+		$this->assertEqual($return, $expected);
+
+		if (PHP5) {
+			$xml = array(
+				'User' => array(
+					'username' => 'batman@batcave.com',
+					'password' => 'bruceWayne',
+				)
+			);
+			$data =& new Xml($xml);
+			$return = $this->Controller->Auth->hashPasswords($data);
+			$expected = $data;
+			$this->assertEqual($return, $expected);
+		}
+	}
+
+/**
+ * testCustomRoute method
+ *
+ * @access public
+ * @return void
+ */
+	function testCustomRoute() {
+		Router::reload();
+		Router::connect(
+			'/:lang/:controller/:action/*',
+			array('lang' => null),
+			array('lang' => '[a-z]{2,3}')
+		);
+
+		$url = '/en/users/login';
+		$this->Controller->params = Router::parse($url);
+		Router::setRequestInfo(array($this->Controller->passedArgs, array(
+			'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
+			'argSeparator' => ':', 'namedArgs' => array()
+		)));
+
+		$this->AuthUser =& new AuthUser();
+		$user = array(
+			'id' => 1, 'username' => 'felix',
+			'password' => Security::hash(Configure::read('Security.salt') . 'cake'
+		));
+		$user = $this->AuthUser->save($user, false);
+
+		$this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake');
+		$this->Controller->params['url']['url'] = substr($url, 1);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('lang' => 'en', 'controller' => 'users', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$this->assertTrue(!!$user);
+
+		$this->Controller->Session->delete('Auth');
+		Router::reload();
+		Router::connect('/', array('controller' => 'people', 'action' => 'login'));
+		$url = '/';
+		$this->Controller->params = Router::parse($url);
+		Router::setRequestInfo(array($this->Controller->passedArgs, array(
+			'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
+			'argSeparator' => ':', 'namedArgs' => array()
+		)));
+		$this->Controller->data['AuthUser'] = array('username' => 'felix', 'password' => 'cake');
+		$this->Controller->params['url']['url'] = substr($url, 1);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$this->assertTrue(!!$user);
+	}
+
+/**
+ * testCustomField method
+ *
+ * @access public
+ * @return void
+ */
+	function testCustomField() {
+		Router::reload();
+
+		$this->AuthUserCustomField =& new AuthUserCustomField();
+		$user = array(
+			'id' => 1, 'email' => 'harking@example.com',
+			'password' => Security::hash(Configure::read('Security.salt') . 'cake'
+		));
+		$user = $this->AuthUserCustomField->save($user, false);
+
+		Router::connect('/', array('controller' => 'people', 'action' => 'login'));
+		$url = '/';
+		$this->Controller->params = Router::parse($url);
+		Router::setRequestInfo(array($this->Controller->passedArgs, array(
+			'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
+			'argSeparator' => ':', 'namedArgs' => array()
+		)));
+		$this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake');
+		$this->Controller->params['url']['url'] = substr($url, 1);
+		$this->Controller->Auth->initialize($this->Controller);
+        $this->Controller->Auth->fields = array('username' => 'email', 'password' => 'password');
+		$this->Controller->Auth->loginAction = array('controller' => 'people', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUserCustomField';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$this->assertTrue(!!$user);
+    }
+
+/**
+ * testAdminRoute method
+ *
+ * @access public
+ * @return void
+ */
+	function testAdminRoute() {
+		$prefixes = Configure::read('Routing.prefixes');
+		Configure::write('Routing.prefixes', array('admin'));
+		Router::reload();
+
+		$url = '/admin/auth_test/add';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = ltrim($url, '/');
+		Router::setRequestInfo(array(
+			array(
+				'pass' => array(), 'action' => 'add', 'plugin' => null,
+				'controller' => 'auth_test', 'admin' => true,
+				'url' => array('url' => $this->Controller->params['url']['url'])
+			),
+			array(
+				'base' => null, 'here' => $url,
+				'webroot' => '/', 'passedArgs' => array(),
+			)
+		));
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = array(
+			'admin' => true, 'controller' => 'auth_test', 'action' => 'login'
+		);
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertEqual($this->Controller->testUrl, '/admin/auth_test/login');
+
+		Configure::write('Routing.prefixes', $prefixes);
+	}
+
+/**
+ * testPluginModel method
+ *
+ * @access public
+ * @return void
+ */
+	function testPluginModel() {
+		// Adding plugins
+		Cache::delete('object_map', '_cake_core_');
+		App::build(array(
+			'plugins' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'plugins' . DS),
+			'models' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'models' . DS)
+		), true);
+		App::objects('plugin', null, false);
+
+		$PluginModel =& ClassRegistry::init('TestPlugin.TestPluginAuthUser');
+		$user['id'] = 1;
+		$user['username'] = 'gwoo';
+		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake');
+		$PluginModel->save($user, false);
+
+		$authUser = $PluginModel->find();
+
+		$this->Controller->data['TestPluginAuthUser']['username'] = $authUser['TestPluginAuthUser']['username'];
+		$this->Controller->data['TestPluginAuthUser']['password'] = 'cake';
+
+		$this->Controller->params = Router::parse('auth_test/login');
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'TestPlugin.TestPluginAuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+		$user = $this->Controller->Auth->user();
+		$expected = array('TestPluginAuthUser' => array(
+			'id' => 1, 'username' => 'gwoo', 'created' => '2007-03-17 01:16:23', 'updated' => date('Y-m-d H:i:s')
+		));
+		$this->assertEqual($user, $expected);
+		$sessionKey = $this->Controller->Auth->sessionKey;
+		$this->assertEqual('Auth.TestPluginAuthUser', $sessionKey);
+		
+		$this->Controller->Auth->loginAction = null;
+		$this->Controller->Auth->__setDefaults();
+		$loginAction = $this->Controller->Auth->loginAction;
+		$expected = array(
+		    'controller'	=> 'test_plugin_auth_users',
+		    'action'		=> 'login',
+		    'plugin'		=> 'test_plugin'
+		);
+		$this->assertEqual($loginAction, $expected);
+
+		// Reverting changes
+		Cache::delete('object_map', '_cake_core_');
+		App::build();
+		App::objects('plugin', null, false);
+	}
+
+/**
+ * testAjaxLogin method
+ *
+ * @access public
+ * @return void
+ */
+	function testAjaxLogin() {
+		App::build(array('views' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'views'. DS)));
+		$_SERVER['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest";
+
+		if (!class_exists('dispatcher')) {
+			require CAKE . 'dispatcher.php';
+		}
+
+		ob_start();
+		$Dispatcher =& new Dispatcher();
+		$Dispatcher->dispatch('/ajax_auth/add', array('return' => 1));
+		$result = ob_get_clean();
+		$this->assertEqual("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result));
+		unset($_SERVER['HTTP_X_REQUESTED_WITH']);
+	}
+
+/**
+ * testLoginActionRedirect method
+ *
+ * @access public
+ * @return void
+ */
+	function testLoginActionRedirect() {
+		$admin = Configure::read('Routing.admin');
+		Configure::write('Routing.admin', 'admin');
+		Router::reload();
+
+		$url = '/admin/auth_test/login';
+		$this->Controller->params = Router::parse($url);
+		$this->Controller->params['url']['url'] = ltrim($url, '/');
+		Router::setRequestInfo(array(
+			array(
+				'pass' => array(), 'action' => 'admin_login', 'plugin' => null, 'controller' => 'auth_test',
+				'admin' => true, 'url' => array('url' => $this->Controller->params['url']['url']),
+			),
+			array(
+				'base' => null, 'here' => $url,
+				'webroot' => '/', 'passedArgs' => array(),
+			)
+		));
+
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = array('admin' => true, 'controller' => 'auth_test', 'action' => 'login');
+		$this->Controller->Auth->userModel = 'AuthUser';
+
+		$this->Controller->Auth->startup($this->Controller);
+
+		$this->assertNull($this->Controller->testUrl);
+
+		Configure::write('Routing.admin', $admin);
+	}
+
+/**
+ * Tests that shutdown destroys the redirect session var
+ *
+ * @access public
+ * @return void
+ */
+	function testShutDown() {
+		$this->Controller->Session->write('Auth.redirect', 'foo');
+		$this->Controller->Auth->_loggedIn = true;
+		$this->Controller->Auth->shutdown($this->Controller);
+		$this->assertFalse($this->Controller->Session->read('Auth.redirect'));
+	}
+
+/**
+ * test the initialize callback and its interactions with Router::prefixes()
+ *
+ * @return void
+ */
+	function testInitializeAndRoutingPrefixes() {
+		$restore = Configure::read('Routing');
+		Configure::write('Routing.prefixes', array('admin', 'super_user'));
+		Router::reload();
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->assertTrue(isset($this->Controller->Auth->actionMap['delete']));
+		$this->assertTrue(isset($this->Controller->Auth->actionMap['view']));
+		$this->assertTrue(isset($this->Controller->Auth->actionMap['add']));
+		$this->assertTrue(isset($this->Controller->Auth->actionMap['admin_view']));
+		$this->assertTrue(isset($this->Controller->Auth->actionMap['super_user_delete']));
+
+		Configure::write('Routing', $restore);
+	}
+
+/**
+ * test $settings in Controller::$components
+ *
+ * @access public
+ * @return void
+ */
+	function testComponentSettings() {
+		$this->Controller =& new AuthTestController();
+		$this->Controller->components = array(
+			'Auth' => array(
+				'fields' => array('username' => 'email', 'password' => 'password'),
+				'loginAction' => array('controller' => 'people', 'action' => 'login'),
+				'userModel' => 'AuthUserCustomField',
+				'sessionKey' => 'AltAuth.AuthUserCustomField'
+			),
+			'Session'
+		);
+		$this->Controller->Component->init($this->Controller);
+		$this->Controller->Component->initialize($this->Controller);
+		Router::reload();
+
+		$this->AuthUserCustomField =& new AuthUserCustomField();
+		$user = array(
+			'id' => 1, 'email' => 'harking@example.com',
+			'password' => Security::hash(Configure::read('Security.salt') . 'cake'
+		));
+		$user = $this->AuthUserCustomField->save($user, false);
+
+		Router::connect('/', array('controller' => 'people', 'action' => 'login'));
+		$url = '/';
+		$this->Controller->params = Router::parse($url);
+		Router::setRequestInfo(array($this->Controller->passedArgs, array(
+			'base' => null, 'here' => $url, 'webroot' => '/', 'passedArgs' => array(),
+			'argSeparator' => ':', 'namedArgs' => array()
+		)));
+		$this->Controller->data['AuthUserCustomField'] = array('email' => 'harking@example.com', 'password' => 'cake');
+		$this->Controller->params['url']['url'] = substr($url, 1);
+		$this->Controller->Auth->startup($this->Controller);
+
+		$user = $this->Controller->Auth->user();
+		$this->assertTrue(!!$user);
+
+		$expected = array(
+			'fields' => array('username' => 'email', 'password' => 'password'),
+			'loginAction' => array('controller' => 'people', 'action' => 'login'),
+			'logoutRedirect' => array('controller' => 'people', 'action' => 'login'),
+			'userModel' => 'AuthUserCustomField',
+			'sessionKey' => 'AltAuth.AuthUserCustomField'
+		);
+		$this->assertEqual($expected['fields'], $this->Controller->Auth->fields);
+		$this->assertEqual($expected['loginAction'], $this->Controller->Auth->loginAction);
+		$this->assertEqual($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect);
+		$this->assertEqual($expected['userModel'], $this->Controller->Auth->userModel);
+		$this->assertEqual($expected['sessionKey'], $this->Controller->Auth->sessionKey);
+	}
+
+/**
+ * test that logout deletes the session variables. and returns the correct url
+ *
+ * @return void
+ */
+	function testLogout() {
+		$this->Controller->Session->write('Auth.User.id', '1');
+		$this->Controller->Session->write('Auth.redirect', '/users/login');
+		$this->Controller->Auth->logoutRedirect = '/';
+		$result = $this->Controller->Auth->logout();
+
+		$this->assertEqual($result, '/');
+		$this->assertNull($this->Controller->Session->read('Auth.AuthUser'));
+		$this->assertNull($this->Controller->Session->read('Auth.redirect'));
+	}
+}