From 80d81f3e6166dcae2824cbaeef8d349b831ffaee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20B=C3=A9guin?= <maxime.beguin@veo-labs.com>
Date: Fri, 12 Nov 2021 13:59:03 +0100
Subject: [PATCH] passport: fix CAS authentication when no sub path

Authentication using CAS wasn't working when CAS
URL didn't contain sub path (e.g.
https://my-cas-server instead of
https://my-cas-server/cas).
This issue appeared in current version (not
released yet).
---
 lib/passport/strategies/cas/CasStrategy.js | 23 ++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/lib/passport/strategies/cas/CasStrategy.js b/lib/passport/strategies/cas/CasStrategy.js
index a2ad8d4..9817cea 100644
--- a/lib/passport/strategies/cas/CasStrategy.js
+++ b/lib/passport/strategies/cas/CasStrategy.js
@@ -146,7 +146,7 @@ class CasStrategy extends Strategy {
       // Got a ticket to validate
 
       // Interrogate cas to validate the ticket
-      this.cas.validateTicket(url.format(serviceUrl), request.query.ticket).then((user) => {
+      this.cas.validateTicket(serviceUrl.href, request.query.ticket).then((user) => {
 
         // Offer the possibility to verify the user returned by CAS server
         // before considering him authenticated
@@ -170,11 +170,15 @@ class CasStrategy extends Strategy {
 
       // Build login url with service registered in cas server
       const casUrl = new url.URL(this.cas.getUrl());
-      const loginUrl = new url.URL(`${casUrl.pathname}${this.cas.getLoginUri()}`, this.cas.getUrl());
-      loginUrl.searchParams.append('service', url.format(serviceUrl));
+      const loginUrl = new url.URL(
+        `${casUrl.pathname === '/' ? '' : casUrl.pathname}${this.cas.getLoginUri()}`,
+        casUrl
+      );
+
+      loginUrl.searchParams.append('service', serviceUrl.href);
 
       // Redirect to cas login page
-      this.redirect(url.format(loginUrl), 307);
+      this.redirect(loginUrl.href, 307);
     }
   }
 
@@ -191,13 +195,16 @@ class CasStrategy extends Strategy {
     // Build login url with service registered in cas server
     const casUrl = new url.URL(this.cas.getUrl());
     const redirectUrl = new url.URL(this.logoutUri, serviceUrl);
-    const logoutUrl = new url.URL(`${casUrl.pathname}${this.cas.getLogoutUri()}`, casUrl);
-    logoutUrl.searchParams.append('service', url.format(serviceUrl));
-    logoutUrl.searchParams.append('url', url.format(redirectUrl));
+    const logoutUrl = new url.URL(
+      `${casUrl.pathname === '/' ? '' : casUrl.pathname}${this.cas.getLogoutUri()}`,
+      casUrl
+    );
+    logoutUrl.searchParams.append('service', serviceUrl.href);
+    logoutUrl.searchParams.append('url', redirectUrl.href);
 
     // Logout from cas by redirecting to cas logout url
     response.statusCode = 307;
-    response.setHeader('Location', url.format(logoutUrl));
+    response.setHeader('Location', logoutUrl.href);
     response.setHeader('Content-Length', '0');
     response.end();
   }