From 755a5c3a6b35d09ff2a0d8b69b4f25b68e9e505e Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Tue, 14 Apr 2020 21:05:26 +0200
Subject: [PATCH] post confirm to issuer url after restoring (#2142)

---
 .../lib/Lemonldap/NG/Portal/Main/Display.pm               | 1 +
 .../lib/Lemonldap/NG/Portal/Main/Issuer.pm                | 5 +++++
 lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl  | 2 +-
 .../t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t              | 8 ++++++--
 lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t        | 8 ++++++--
 lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t       | 7 +++++--
 6 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 73a03a88f..8803764e5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -76,6 +76,7 @@ sub display {
             MSG             => $req->info,
             HIDDEN_INPUTS   => $self->buildHiddenForm($req),
             ACTIVE_TIMER    => $req->data->{activeTimer},
+            FORM_ACTION     => $req->data->{confirmFormAction} || "#",
             FORM_METHOD     => $self->conf->{confirmFormMethod},
             CHOICE_PARAM    => $self->conf->{authChoiceParam},
             CHOICE_VALUE    => $req->data->{_authChoice},
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
index 34db8c70a..7885538c0 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
@@ -12,6 +12,7 @@ use Mouse;
 use MIME::Base64;
 use IO::String;
 use URI::Escape;
+use URI;
 use Lemonldap::NG::Common::FormEncode;
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
@@ -137,6 +138,10 @@ sub _forAuthUser {
         $self->restoreRequest( $req, $r );
         @path = @{ $req->pdata->{ $self->ipath . 'Path' } }
           if ( $req->pdata->{ $self->ipath . 'Path' } );
+
+        # In case a confirm form is shown, we need it to POST on the
+        # current Path
+        $req->data->{confirmFormAction} = URI->new($req->uri)->path;
     }
 
     # Clean pdata: keepPdata has been set, so pdata must be cleaned here
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl b/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
index f35a4d5d5..65d880797 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
@@ -2,7 +2,7 @@
 
 <div id="logincontent" class="container">
 
-  <form id="form" action="#" method="<TMPL_VAR NAME="FORM_METHOD">" class="confirm" role="form">
+  <form id="form" action="<TMPL_VAR NAME="FORM_ACTION">" method="<TMPL_VAR NAME="FORM_METHOD">" class="confirm" role="form">
 
     <TMPL_VAR NAME="HIDDEN_INPUTS">
     <TMPL_IF NAME="AUTH_URL">
diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
index 5cdf5228b..4feb42a79 100644
--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
@@ -193,10 +193,14 @@ SKIP: {
         ),
         'Follow internal redirection from SAML-SP to OIDC-OP'
     );
-    ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
+
+    $spPdata = expectCookie( $res, 'lemonldappdata' );
+
+    ( $host, $tmp, $query ) =
+      expectForm( $res, undef, qr#^/oauth2/authorize#, 'confirm' );
     ok(
         $res = $sp->_get(
-            $url,
+            '/oauth2/authorize',
             query  => $query,
             accept => 'text/html',
             cookie => "lemonldap=$spId;$spPdata"
diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
index 354ef0c70..b8c640518 100644
--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
@@ -176,10 +176,14 @@ SKIP: {
         ),
         'Follow internal redirection from SAML-SP to OIDC-OP'
     );
-    ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
+
+    ( $host, $url, $query ) =
+      expectForm( $res, undef, qr#/oauth2/authorize#, 'confirm' );
+    $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
+
     ok(
         $res = $sp->_get(
-            $url,
+            '/oauth2/authorize',
             query  => $query,
             accept => 'text/html',
             cookie => "lemonldap=$spId;$spPdata"
diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
index 0a54807f2..50d0c5cd3 100644
--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
@@ -179,10 +179,13 @@ SKIP: {
         ),
         'Follow internal redirection from SAML-SP to OIDC-OP'
     );
-    ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
+
+    $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
+    ( $host, $tmp, $query ) =
+      expectForm( $res, undef, qr#^/oauth2/authorize#, 'confirm' );
     ok(
         $res = $sp->_get(
-            $url,
+            '/oauth2/authorize',
             query  => $query,
             accept => 'text/html',
             cookie => "lemonldap=$spId;$spPdata"