From e78f8a2270a81566435133eff93a55deba14ddc6 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Tue, 5 Jan 2021 11:38:20 +0100
Subject: [PATCH] Refactor CAS code (#2321)

---
 .../lib/Lemonldap/NG/Portal/Issuer/CAS.pm     | 23 ++++++-------
 .../lib/Lemonldap/NG/Portal/Lib/CAS.pm        | 34 +++++++++++++++----
 2 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index d6d0fddf1..d92c859b6 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -59,10 +59,9 @@ sub init {
     );
 
     # Add CAS Services, so we can check service= parameter on logout
-    foreach my $casSrv ( keys %{ $self->conf->{casAppMetaDataOptions} } ) {
+    foreach my $casSrv ( keys %{ $self->casAppList } ) {
         if ( my $serviceUrl =
-            $self->conf->{casAppMetaDataOptions}->{$casSrv}
-            ->{casAppMetaDataOptionsService} )
+            $self->casAppList->{$casSrv}->{casAppMetaDataOptionsService} )
         {
             push @{ $self->p->{additionalTrustedDomains} }, $serviceUrl;
             $self->logger->debug(
@@ -96,14 +95,14 @@ sub storeEnvAndCheckGateway {
 
     if ( $service and $service =~ m#^(https?://[^/]+)(/.*)?$# ) {
         my ( $host, $uri ) = ( $1, $2 );
-        my $app = $self->casAppList->{$host};
+        my $app = $self->getCasApp($service);
 
         if ($app) {
             $req->env->{llng_cas_app} = $app;
 
             # Store target authentication level in pdata
-            my $targetAuthnLevel = $self->conf->{casAppMetaDataOptions}->{$app}
-              ->{casAppMetaDataOptionsAuthnLevel};
+            my $targetAuthnLevel =
+              $self->casAppList->{$app}->{casAppMetaDataOptionsAuthnLevel};
             $req->pdata->{targetAuthnLevel} = $targetAuthnLevel
               if $targetAuthnLevel;
 
@@ -168,12 +167,12 @@ sub run {
             return PE_ERROR;
         }
         my ( $host, $uri ) = ( $1, $2 );
-        my $app = $self->casAppList->{$host};
+        my $app = $self->getCasApp($service);
 
         my $spAuthnLevel = 0;
         if ($app) {
-            $spAuthnLevel = $self->conf->{casAppMetaDataOptions}->{$app}
-              ->{casAppMetaDataOptionsAuthnLevel} || 0;
+            $spAuthnLevel =
+              $self->casAppList->{$app}->{casAppMetaDataOptionsAuthnLevel} || 0;
         }
 
         # Renew
@@ -851,10 +850,8 @@ sub getUsernameForApp {
 
     my $username_attribute =
       (       $app
-          and $self->conf->{casAppMetaDataOptions}->{$app}
-          ->{casAppMetaDataOptionsUserAttribute} )
-      ? $self->conf->{casAppMetaDataOptions}->{$app}
-      ->{casAppMetaDataOptionsUserAttribute}
+          and $self->casAppList->{$app}->{casAppMetaDataOptionsUserAttribute} )
+      ? $self->casAppList->{$app}->{casAppMetaDataOptionsUserAttribute}
       : (    $self->conf->{casAttr}
           || $self->conf->{whatToTrace} );
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
index b23ff6cca..284efe800 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
@@ -5,6 +5,7 @@ use Mouse;
 use Lemonldap::NG::Common::FormEncode;
 use XML::Simple;
 use Lemonldap::NG::Common::UserAgent;
+use URI;
 
 our $VERSION = '2.0.8';
 
@@ -43,20 +44,21 @@ sub loadSrv {
     return 1;
 }
 
-# Load CAS application list, key is the service URL
+# Load CAS application list
 sub loadApp {
     my ($self) = @_;
-    unless ( $self->conf->{casAppMetaDataOptions}
+    if ( $self->conf->{casAppMetaDataOptions}
         and %{ $self->conf->{casAppMetaDataOptions} } )
     {
+        $self->casAppList( $self->conf->{casAppMetaDataOptions} );
+    }
+    else {
         $self->logger->info("No CAS apps found in configuration");
     }
+
     foreach ( keys %{ $self->conf->{casAppMetaDataOptions} } ) {
-        my $tmp =
-          $self->conf->{casAppMetaDataOptions}->{$_}
-          ->{casAppMetaDataOptionsService};
-        $tmp =~ s#^(https?://[^/]+).*$#$1#;
-        $self->casAppList->{$tmp} = $_;
+
+        # Load access rule
         my $rule = $self->conf->{casAppMetaDataOptions}->{$_}
           ->{casAppMetaDataOptionsRule};
         if ( length $rule ) {
@@ -497,6 +499,24 @@ sub retrievePT {
     return $pt;
 }
 
+# Get CAS App from service URL
+sub getCasApp {
+    my ( $self, $url ) = @_;
+
+    my $hostname = URI->new($url)->host;
+    return undef unless $hostname;
+
+    for my $app ( keys %{ $self->casAppList } ) {
+        my $appHost =
+          URI->new( $self->casAppList->{$app}->{casAppMetaDataOptionsService} )
+          ->host;
+
+        return $app if ( $hostname eq $appHost );
+
+    }
+    return undef;
+}
+
 1;
 __END__