changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist

services/web/app/coffee/Features/Authentication/AuthenticationController.coffee

@@ -90,7 +90,7 @@ module.exports = AuthenticationController =
 		AuthenticationController._globalLoginWhitelist.push endpoint
 
 	requireGlobalLogin: (req, res, next) ->
-		if req.url in AuthenticationController._globalLoginWhitelist
+		if req._parsedUrl.pathname in AuthenticationController._globalLoginWhitelist
 			return next()
 
 		if req.headers['authorization']?
@@ -98,6 +98,7 @@ module.exports = AuthenticationController =
 		else if req.session.user?
 			return next()
 		else
+			logger.log url:req.url, "user trying to access endpoint not in global whitelist"
 			return res.redirect "/login"
 
 	httpAuth: require('express').basicAuth (user, pass)->

services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee

@@ -284,12 +284,22 @@ describe "AuthenticationController", ->
 		describe "with white listed url", ->
 			beforeEach ->
 				@AuthenticationController.addEndpointToLoginWhitelist "/login"
-				@req.url = "/login"
+				@req._parsedUrl.pathname = "/login"
 				@AuthenticationController.requireGlobalLogin @req, @res, @next
 			
 			it "should call next() directly", ->
 				@next.called.should.equal true
+
+		describe "with white listed url and a query string", ->
+			beforeEach ->
+				@AuthenticationController.addEndpointToLoginWhitelist "/login"
+				@req._parsedUrl.pathname = "/login"
+				@req.url = "/login?query=something"
+				@AuthenticationController.requireGlobalLogin @req, @res, @next
 			
+			it "should call next() directly", ->
+				@next.called.should.equal true		
+
 		describe "with http auth", ->
 			beforeEach ->
 				@req.headers["authorization"] = "Mock Basic Auth"

services/web/test/UnitTests/coffee/helpers/MockRequest.coffee

@@ -5,6 +5,7 @@ class MockRequest
 
 	params: {}
 	query: {}
+	_parsedUrl:{}
 	i18n:
 		translate:->