From a3ca503ace5d559c172b36b4844e24a9775d030f Mon Sep 17 00:00:00 2001 From: Anton Stroganov Date: Fri, 14 Nov 2014 15:14:50 -0800 Subject: [PATCH 1/2] Accept a new "from" parameter in the urls this should be a path that will be combined with @service_url parameter for the user redirection after successful login. --- lib/casserver/server.rb | 16 ++++++++++++++-- lib/casserver/views/_login_form.erb | 1 + 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb index 77f7633a..ff77ff3f 100644 --- a/lib/casserver/server.rb +++ b/lib/casserver/server.rb @@ -304,6 +304,12 @@ def self.init_database! # optional params @service = clean_service_url(params['service']) + @from = params['from'] + @return_url = if @from.blank? + @service + else + @service + @from + end @renew = params['renew'] @gateway = params['gateway'] == 'true' || params['gateway'] == '1' @@ -334,7 +340,7 @@ def self.init_database! elsif tgt && !tgt_error $LOG.debug("Valid ticket granting ticket detected.") st = generate_service_ticket(@service, tgt.username, tgt) - service_with_ticket = service_uri_with_ticket(@service, st) + service_with_ticket = service_uri_with_ticket(@return_url, st) $LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.") redirect service_with_ticket, 303 # response code 303 means "See Other" (see Appendix B in CAS Protocol spec) elsif @gateway @@ -396,6 +402,12 @@ def self.init_database! # 2.2.1 (optional) @service = clean_service_url(params['service']) + @from = params['from'] + @return_url = if @from.blank? + @service + else + @service + @from + end # 2.2.2 (required) @username = params['username'] @@ -470,7 +482,7 @@ def self.init_database! @st = generate_service_ticket(@service, @username, tgt) begin - service_with_ticket = service_uri_with_ticket(@service, @st) + service_with_ticket = service_uri_with_ticket(@return_url, @st) $LOG.info("Redirecting authenticated user '#{@username}' at '#{@st.client_hostname}' to service '#{@service}'") redirect service_with_ticket, 303 # response code 303 means "See Other" (see Appendix B in CAS Protocol spec) diff --git a/lib/casserver/views/_login_form.erb b/lib/casserver/views/_login_form.erb index ab40351e..2e076902 100644 --- a/lib/casserver/views/_login_form.erb +++ b/lib/casserver/views/_login_form.erb @@ -29,6 +29,7 @@ + From 38ac42a5b507c3219e8c3b8bd1be1d84a186fe91 Mon Sep 17 00:00:00 2001 From: Anton Stroganov Date: Wed, 3 Dec 2014 14:54:05 -0800 Subject: [PATCH 2/2] make sure to strip the cas params otherwise the stale ticket is still in the return url and the user gets thrown into an infinite redirect loop --- lib/casserver/server.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb index ff77ff3f..98a14d6f 100644 --- a/lib/casserver/server.rb +++ b/lib/casserver/server.rb @@ -304,7 +304,7 @@ def self.init_database! # optional params @service = clean_service_url(params['service']) - @from = params['from'] + @from = clean_service_url(params['from']) @return_url = if @from.blank? @service else @@ -402,7 +402,7 @@ def self.init_database! # 2.2.1 (optional) @service = clean_service_url(params['service']) - @from = params['from'] + @from = clean_service_url(params['from']) @return_url = if @from.blank? @service else