CDA does not work with wildcard vhosts
Concerned version
Version: 2.0.11
Summary
Summarize the bug encountered concisely
- Remove test1.example.com and test2.example.com from default vhosts
- Add test%.example.com, type CDA
- Set cookie domain to auth.example.com
- Try to navigate to test1.example.com
=> redirection loop, CDA is not triggered
Possible fixes
Wildcards are not expanded when constructing trustedDomainsRe
Quickfix:
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@@ -377,9 +377,17 @@ sub reloadConf {
$p =~ s#https?://([^/]*).*$#$1#;
$re->add( quotemeta($p) );
}
+
foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) {
+ my $expr = quotemeta($vhost);
+
+ # Handle wildcards
+ if ($vhost =~ /[\%\*]/) {
+ $expr =~ s/\\\*/\.*/;
+ $expr =~ s/\\\%/[\^\.]\*/;
+ }
+ $re->add( $expr );
$self->logger->debug("Vhost $vhost added in trusted domains");
- $re->add( quotemeta($vhost) );
$self->conf->{vhostOptions} ||= {};
if ( my $tmp =
$self->conf->{vhostOptions}->{$vhost}->{vhostAliases}
There might be a better way to handle this. In particular, we should probably not use isTrustedUrl to trigger CDA.