FIX: disallow connected user to display add and login forms

a connected user is redirected to his profile page
when he tries to view the following pages:
- /<lang>/users/add
- /<lang>/users/login

src/Controller/Api/V1/UsersController.php

@@ -590,6 +590,12 @@ class UsersController extends AppController
     {
         $message = "";
         $lang = $this->selectedLanguage;
+
+        // If user is already logged in, redirects them to their profile page
+        if (!is_null($this->Auth->user('id'))) {
+            return $this->redirect("/$lang/users/". $this->Auth->user('id'));
+        }
+
         if (!empty($this->request->data)) {
             $user = $this->Users->newEntity($this->request->data);
         } else {
@@ -1271,13 +1277,19 @@ class UsersController extends AppController
      */
     public function login()
     {
+        $lang = $this->selectedLanguage;
+
+        // If user is already logged in, redirects them to their profile page
+        if (!is_null($this->Auth->user('id'))) {
+            return $this->redirect("/$lang/users/". $this->Auth->user('id'));
+        }
+
         if ($this->request->is('post')) {
             $user = $this->Auth->identify();
             if ($user) {
                 $user["user_type"] = $this->Users->UserTypes->get($user["user_type_id"])->get("name");
                 $this->Auth->setUser($user);
                 $this->Flash->success(__d("Forms", "You are logged"));
-                $lang = $this->selectedLanguage;
                 return $this->redirect($this->Auth->redirectUrl("/$lang/"));
             }
             $this->Flash->error(__d("Forms", "You are not logged"));

tests/TestCase/Controller/Api/V1/UsersControllerTest.php

@@ -185,6 +185,80 @@ class UsersControllerTest extends ApiIntegrationTestCase
         ];
     }
 
+
+    /**
+     * Check if a connected user is redirected to his profile page
+     * when he tries to view the following pages:
+     * - /<lang>/users/add
+     * - /<lang>/users/login
+     *
+     * @group form
+     * @group user
+     * @group userType_association
+     * @group userType_administration
+     * @group userType_person
+     * @group userType_provider
+     * @return void
+     */
+    public function testConnectedUserDoesNotDisplayAddFormOrLoginForm()
+    {
+        $addUserUrl = '/fr/users/add';
+        $loginUrl = '/fr/users/login';
+        $expectedUrlPrefix = '/fr/users/';
+
+        // User of type Administration connected
+        $this->setConnectedAdministrationSession();
+        $this->get("$addUserUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+        $this->get("$loginUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+
+        // User of type Association connected
+        $this->setConnectedAssociationSession();
+        $this->get("$addUserUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+        $this->get("$loginUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+
+        // User of type Company connected
+        $this->setConnectedCompanySession();
+        $this->get("$addUserUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+        $this->get("$loginUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+
+        // User of type Person connected
+        $this->setConnectedPersonSession();
+        $this->get("$addUserUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+        $this->get("$loginUrl");
+        $this->currentResponseIsRedirectionToAnotherUrl("$expectedUrlPrefix" . $this->getConnectedUserId(), 302);
+    }
+
+
+    /**
+     * Check if a anonymous user can display the following pages:
+     * - /<lang>/users/add
+     * - /<lang>/users/login
+     *
+     * @group form
+     * @group user
+     * @group anonymous
+     * @group wippp
+     * @return void
+     */
+    public function testAnonymousUserCanDisplayAddFormOrLoginForm()
+    {
+        $this->setAnonymousUserSession();
+        $this->get('/fr/users/add');
+        $this->assertResponseCode(302);
+        $this->assertRedirectContains('/fr/users/add?t1=');
+        $r = $this->checkUrlOk('/fr/users/login', ['html']);
+        $html = $r['html']['data'];
+        $this->assertContains('<html lang="fr">', $html);
+        $this->assertContains("Se connecter", $html);
+    }
+
     /**
      * Test add method like a end user (HTML form)
      * - Check that account creation URL redirects to a URL with a "t1" parameter containing a token
@@ -206,7 +280,6 @@ class UsersControllerTest extends ApiIntegrationTestCase
      * @group public
      * @group user
      * @group createUser
-     * @group wip
      *
      * @return void
      */