Fix partially #1422

2018-05-15 19:46:02 +02:00 · 2018-05-15 19:46:02 +02:00 · 86283952b0
commit 86283952b0
parent 80c76b18d8
2 changed files with 22 additions and 32 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@ -16,10 +16,6 @@ our $VERSION = '2.0.0';
 extends 'Lemonldap::NG::Portal::Main::Issuer',
  'Lemonldap::NG::Portal::Lib::CAS';

-# INTERFACE
-
-sub beforeAuth { 'exportRequestParameters' }
-
 # INITIALIZATION

 sub init {
@ -84,7 +80,11 @@ sub run {
        my $casServiceTicket;

        # Renew
-        if ( $renew and $renew eq 'true' ) {
+        if (    $renew
+            and $renew eq 'true'
+            and time - $req->sessionInfo->{_utime} >
+            $self->conf->{portalForceAuthnInterval} )
+        {

            # Authentication must be replayed
            $self->logger->debug("Authentication renew requested");
@ -707,17 +707,4 @@ sub _validate2 {
        $casProxyGrantingTicketIOU, $proxies, $attributes );
 }

-# Store request parameters in %ENV
-sub exportRequestParameters {
-    my ( $self, $req ) = @_;
-
-    foreach my $param (qw/service renew gateway/) {
-        if ( $req->param($param) ) {
-            $req->env->{ "llng_cas_" . $param } = $req->param($param);
-        }
-    }
-
-    return PE_OK;
-}
-
 1;
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t
@ -132,6 +132,7 @@ SKIP: {

    # Back to SP
    switch ('sp');
+
    # Follow redirection to CAS app
    ok(
        $res = $sp->_get(
@ -216,11 +217,12 @@ SKIP: {
        'Follow redirection'

    );
-    ($query) = expectRedirection($res,qr#http://auth.sp.com/?\?(ticket=.*)$#);
+    ($query) =
+      expectRedirection( $res, qr#http://auth.sp.com/?\?(ticket=.*)$# );

    # Follow redirection to CAS app
    switch ('sp');
-    ok($res=$sp->_get('/',query => $query),'Follow redirection');
+    ok( $res = $sp->_get( '/', query => $query ), 'Follow redirection' );

    expectCookie($res);

@ -313,18 +315,19 @@ sub issuer {
                    demo => 'Demo;Demo;Demo',
                    sql  => 'DBI;DBI;DBI',
                },
-                dbiAuthChain           => 'dbi:SQLite:dbname=t/userdb.db',
-                dbiAuthUser            => '',
-                dbiAuthPassword        => '',
-                dbiAuthTable           => 'users',
-                dbiAuthLoginCol        => 'user',
-                dbiAuthPasswordCol     => 'password',
-                dbiAuthPasswordHash    => '',
-                issuerDBCASActivation  => 1,
-                casAttr                => 'uid',
-                casAttributes          => { cn => 'cn', uid => 'uid', },
-                casAccessControlPolicy => 'none',
-                multiValuesSeparator   => ';',
+                dbiAuthChain             => 'dbi:SQLite:dbname=t/userdb.db',
+                dbiAuthUser              => '',
+                dbiAuthPassword          => '',
+                dbiAuthTable             => 'users',
+                dbiAuthLoginCol          => 'user',
+                dbiAuthPasswordCol       => 'password',
+                dbiAuthPasswordHash      => '',
+                issuerDBCASActivation    => 1,
+                casAttr                  => 'uid',
+                casAttributes            => { cn => 'cn', uid => 'uid', },
+                casAccessControlPolicy   => 'none',
+                multiValuesSeparator     => ';',
+                portalForceAuthnInterval => -1,
            }
        }
    );