CAS in progress (#595)

ffd9ca43 · Yadd · b36d45cc · ffd9ca43 · ffd9ca43 · ffd9ca43
Commit ffd9ca43 authored Dec 21, 2016 by Yadd
5 changed files
--- a/fastcgi-server/man/llng-fastcgi-server.1p
+++ b/fastcgi-server/man/llng-fastcgi-server.1p
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 1"
-.TH llng-fastcgi-server 1 "2016-11-12" "perl v5.24.1" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 1 "2016-12-20" "perl v5.24.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -53,11 +53,11 @@ sub run {
        $self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );

        # GET parameters
-        my $service = $self->getHiddenFormValue( $req, 'service' )
+        my $service = $self->p->getHiddenFormValue( $req, 'service' )
          || $req->param('service');
        my $renew =
-          $self->getHiddenFormValue( $req, 'renew' ) || $req->param('renew');
-        my $gateway = $self->getHiddenFormValue( $req, 'gateway' )
+          $self->p->getHiddenFormValue( $req, 'renew' ) || $req->param('renew');
+        my $gateway = $self->p->getHiddenFormValue( $req, 'gateway' )
          || $req->param('gateway');
        my $casServiceTicket;

@@ -171,9 +171,10 @@ sub run {

        $self->lmLog( "Redirect user to $service_url", 'debug' );

-        $self->{urldc} = $service_url;
+        $req->{urldc} = $service_url;

-        return $self->_subProcess(qw(autoRedirect));
+        $req->steps([]);
+        return PE_OK;
    }

    # 2. LOGOUT

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
@@ -49,7 +49,7 @@ sub init {
 # Case 1: Unauthentified users are redirected to the main portal

 sub _redirect {
-    my ( $self, $req ) = @_;
+    my ( $self, $req, @path ) = @_;
    my $prms = $req->params;
    foreach my $k ( keys %$prms ) {
        $self->p->setHiddenFormValue( $req, $k, $prms->{$k}, '', 0 );
@@ -72,17 +72,17 @@ sub _redirect {
            $self->p->sessionDatas,
            @{ $self->p->afterDatas },
            sub {
-                return $self->run(@_);
+                return $self->run(@_, @path);
              }
        ]
    );
 }

 sub _pRedirect {
-    my ( $self, $req ) = @_;
+    my ( $self, $req, @path ) = @_;
    $self->lmLog( 'Parsing posted datas', 'debug' );
    $req->parseBody;
-    return $self->_redirect($req);
+    return $self->_redirect( $req, @path );
 }

 # Case 3: authentified user, launch

--- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
+++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
@@ -130,7 +130,7 @@ SKIP: {
        'Post authentication'
    );
    ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
-    $cookies = $sp->getCookies($res);
+    $cookies = $issuer->getCookies($res);
    my $idpId;
    ok( $idpId = $cookies->{lemonldap}, 'Get cookie' )
      or explain( $res, 'Set-Cookie: something' );

--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
@@ -7,7 +7,7 @@ BEGIN {
    require 't/test-lib.pm';
 }

-my $maintests = 5;
+my $maintests = 13;
 my $debug     = 'debug';
 my ( $issuer, $sp, $res );
 my %handlerOR = ( issuer => [], sp => [] );
@@ -43,6 +43,56 @@ SKIP: {
        $res->[1],
        'location => http://auth.idp.com/cas/login?service=http://auth.sp.com/'
      );
+
+    # Query IdP
+    switch ('issuer');
+    ok(
+        $res = $issuer->_get(
+            '/cas/login',
+            query  => 'service=http://auth.sp.com/',
+            accept => 'text/html'
+        ),
+        'Query CAS server'
+    );
+    ok( $res->[0] == 200, 'Return code is 200' ) or explain( $res->[0], 200 );
+
+    # Try to authenticate to IdP
+    my $body = $res->[2]->[0];
+    $body =~ s/^.*?<form.*?>//s;
+    $body =~ s#</form>.*$##s;
+    my %fields =
+      ( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
+    $fields{user} = $fields{password} = 'dwho';
+    use URI::Escape;
+    my $s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
+    ok(
+        $res = $issuer->_post(
+            '/cas/login',
+            IO::String->new($s),
+            accept => 'text/html',
+            length => length($s),
+        ),
+        'Post authentication'
+    );
+    ok( $res->[0] == 302, 'Response is 302' ) or explain( $res->[0], 302 );
+    my $cookies = $issuer->getCookies($res);
+    my $idpId;
+    ok( $idpId = $cookies->{lemonldap}, 'Get cookie' )
+      or explain( $res, 'Set-Cookie: something' );
+    my $url;
+    ok( $url = $issuer->getRedirection($res), 'Get location header' )
+      or explain( $res->[1], 'Location: http://auth.sp.com/?ticket=...' );
+    ok( $url =~ m#(http://auth.sp.com/)\?(ticket=[^&]+)$#,
+        'Get ticket in redirection' )
+      or explain( $url, 'http://auth.sp.com/?ticket=...' );
+    $url = $1;
+    my $query = $2;
+
+    # Back to SP
+    switch ('sp');
+    ok( $res = $sp->_get( $url, query => $query, accept => 'text/html' ),
+        'Query SP with ticket' );
+
    #print STDERR Dumper($res);
 }