passport: fix CAS authentication when no sub path

Authentication using CAS wasn't working when CAS URL didn't contain sub path (e.g. https://my-cas-server instead of https://my-cas-server/cas). This issue appeared in current version (not released yet).
veo-labs · Nov 12, 2021 · 80d81f3 · 80d81f3
1 parent 291c151
commit 80d81f3
Showing 1 changed file with 15 additions and 8 deletions.
diff --git a/lib/passport/strategies/cas/CasStrategy.js b/lib/passport/strategies/cas/CasStrategy.js
@@ -146,7 +146,7 @@ class CasStrategy extends Strategy {
       // Got a ticket to validate
 
       // Interrogate cas to validate the ticket
-      this.cas.validateTicket(url.format(serviceUrl), request.query.ticket).then((user) => {
+      this.cas.validateTicket(serviceUrl.href, request.query.ticket).then((user) => {
 
         // Offer the possibility to verify the user returned by CAS server
         // before considering him authenticated
@@ -170,11 +170,15 @@ class CasStrategy extends Strategy {
 
       // Build login url with service registered in cas server
       const casUrl = new url.URL(this.cas.getUrl());
-      const loginUrl = new url.URL(`${casUrl.pathname}${this.cas.getLoginUri()}`, this.cas.getUrl());
-      loginUrl.searchParams.append('service', url.format(serviceUrl));
+      const loginUrl = new url.URL(
+        `${casUrl.pathname === '/' ? '' : casUrl.pathname}${this.cas.getLoginUri()}`,
+        casUrl
+      );
+
+      loginUrl.searchParams.append('service', serviceUrl.href);
 
       // Redirect to cas login page
-      this.redirect(url.format(loginUrl), 307);
+      this.redirect(loginUrl.href, 307);
     }
   }
 
@@ -191,13 +195,16 @@ class CasStrategy extends Strategy {
     // Build login url with service registered in cas server
     const casUrl = new url.URL(this.cas.getUrl());
     const redirectUrl = new url.URL(this.logoutUri, serviceUrl);
-    const logoutUrl = new url.URL(`${casUrl.pathname}${this.cas.getLogoutUri()}`, casUrl);
-    logoutUrl.searchParams.append('service', url.format(serviceUrl));
-    logoutUrl.searchParams.append('url', url.format(redirectUrl));
+    const logoutUrl = new url.URL(
+      `${casUrl.pathname === '/' ? '' : casUrl.pathname}${this.cas.getLogoutUri()}`,
+      casUrl
+    );
+    logoutUrl.searchParams.append('service', serviceUrl.href);
+    logoutUrl.searchParams.append('url', redirectUrl.href);
 
     // Logout from cas by redirecting to cas logout url
     response.statusCode = 307;
-    response.setHeader('Location', url.format(logoutUrl));
+    response.setHeader('Location', logoutUrl.href);
     response.setHeader('Content-Length', '0');
     response.end();
   }