Remember path in issuer requests (#1461)

2018-07-05 15:54:41 +02:00 · 2018-07-05 15:54:41 +02:00 · 890ea8aa27
commit 890ea8aa27
parent e0b2797e70
2 changed files with 31 additions and 39 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
@ -83,6 +83,7 @@ sub _redirect {
        $restore = 1;
        $self->logger->debug('Processing _redirect');
        $ir = $req->pdata->{ $self->ipath } ||= $self->storeRequest($req);
+        $req->pdata->{ $self->ipath . 'Path' } = \@path;
        $req->datas->{keepPdata} = 1;
        $req->{urldc} = $self->conf->{portal} . '/' . $self->path;
    }
@ -122,6 +123,8 @@ sub _forAuthUser {
    if ( my $r = $req->pdata->{ $self->ipath } ) {
        $self->logger->debug("Restoring request to $self->{path} issuer");
        $self->restoreRequest( $req, $r );
+        @path = @{ $req->pdata->{ $self->ipath . 'Path' } }
+          if ( $req->pdata->{ $self->ipath . 'Path' } );
    }

    # Clean pdata: keepPdata has been set, so pdata must be cleaned here
--- a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t
+++ b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t
@ -11,7 +11,7 @@ BEGIN {
 }

 my $maintests = 12;
-my $debug     = 'debug';
+my $debug     = 'error';
 my ( $idp, $proxy, $app, $res );
 my %handlerOR = ( idp => [], proxy => [], app => [] );

@ -78,11 +78,12 @@ SKIP: {
    $handlerOR{app} = \@Lemonldap::NG::Handler::Main::_onReload;

    # Query RP for auth
-    ok( $res = $app->_get( '/', accept => 'text/html' ), 'Unauth CAS app request' );
-    ok( expectCookie( $res, 'llngcasserver' ) eq 'proxy', 'Get CAS server cookie' );
+    ok( $res = $app->_get( '/', accept => 'text/html' ),
+        'Unauth CAS app request' );
+    ok( expectCookie( $res, 'llngcasserver' ) eq 'proxy',
+        'Get CAS server cookie' );
    my ( $url, $query ) =
-      expectRedirection( $res,
-        qr#http://auth.proxy.com(/cas/login)\?(.*)$# );
+      expectRedirection( $res, qr#http://auth.proxy.com(/cas/login)\?(.*)$# );

    # Push request to Proxy
    switch ('proxy');
@ -94,17 +95,18 @@ SKIP: {
        ),
        "Push request to proxy"
    );
-    my $proxyPdata = 'lemonldappdata=' . expectCookie($res, 'lemonldappdata');
+    my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );

-    my $host;
-    ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' );
+    my ( $host, $tmp );
+    ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );
    ok(
        $res = $proxy->_post(
-            '/',
+            $url,
            IO::String->new($query),
            length => length($query),
            accept => 'text/html',
-            cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata"
+            cookie =>
+              "lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata"
        ),
        'Confirm IdP'
    );
@ -124,7 +126,7 @@ SKIP: {
        'Launch SAML request to IdP'
    );
    my $tmp;
-    my $idpPdata = 'lemonldappdata=' . expectCookie($res, 'lemonldappdata');
+    my $idpPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );

    # Try to authenticate to IdP
    my $body = $res->[2]->[0];
@ -158,38 +160,25 @@ SKIP: {
            $url, IO::String->new($query),
            length => length($query),
            accept => 'text/html',
-            cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata",
+            cookie =>
+              "lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata",
        ),
        'POST SAML response'
    );
    my $spId = expectCookie($res);
-    ( $url, $query ) = expectRedirection( $res, 'http://auth.proxy.com' );
+    ($url) = expectRedirection( $res, qr#http://auth.proxy.com([^?]*)# );
    ok(
        $res = $proxy->_get(
-            '/',
+            $url,
            accept => 'text/html',
-            cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;lemonldap=$spId;$proxyPdata",
+            cookie =>
+"lemonldapidp=http://auth.idp.com/saml/metadata;lemonldap=$spId;$proxyPdata",
        ),
        'Follow internal redirection'
    );

-    ( $url, $query ) = expectRedirection( $res,
-        qr#http://auth.proxy.com(/cas/login)(?:\?(.*))?$# );
-    skip;
-    $url ||= '/';
-
-    # Follow internal redirection
-    ok(
-        $res = $proxy->_get(
-            $url,
-            query  => $query,
-            accept => 'text/html',
-            cookie =>
-              "lemonldap=$spId;lemonldapidp=http://auth.idp.com/saml/metadata"
-        ),
-        'Follow internal redirection from SAML-SP to CAS app'
-    );
-    ($query) = expectRedirection($res,qr#^http://auth.app.com/\?(ticket.*)$#);
+    ($query) =
+      expectRedirection( $res, qr#^http://auth.app.com/\?(ticket.*)$# );

    # Follow redirection to App
    switch ('app');
@ -332,16 +321,16 @@ sub proxy {
    return LLNG::Manager::Test->new(
        {
            ini => {
-                logLevel                        => $debug,
-                domain                          => 'proxy.com',
-                portal                          => 'http://auth.proxy.com',
-                authentication                  => 'SAML',
-                userDB                          => 'Same',
+                logLevel              => $debug,
+                domain                => 'proxy.com',
+                portal                => 'http://auth.proxy.com',
+                authentication        => 'SAML',
+                userDB                => 'Same',
                issuerDBCASActivation => 1,
                casAttr               => 'uid',
                casAttributes => { cn => 'cn', uid => 'uid', mail => 'mail', },
-                casAccessControlPolicy   => 'none',
-                multiValuesSeparator     => ';',
+                casAccessControlPolicy            => 'none',
+                multiValuesSeparator              => ';',
                samlIDPMetaDataExportedAttributes => {
                    idp => {
                        mail => "0;mail;;",