Commit 9df22f1e authored by Clément OUDOT's avatar Clément OUDOT

Tolerate some differences in CAS service URI to behave like JASIG CAS (#LEMONLDAP-1031)

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_1_4-bugfixes@5165 1dbb9719-a921-0410-b57f-c3a383c2c641
parent bf663c70
......@@ -9,8 +9,9 @@ use strict;
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_CAS;
use base qw(Lemonldap::NG::Portal::_CAS Lemonldap::NG::Portal::_LibAccess);
use URI;
our $VERSION = '1.4.3';
our $VERSION = '1.4.9';
## @method void issuerDBInit()
# Nothing to do
......@@ -136,19 +137,37 @@ sub issuerForUnAuthUser {
$self->lmLog( "Service ticket session $ticket found", 'debug' );
my $service1_uri = URI->new($service);
my $service2_uri = URI->new( $casServiceSession->data->{service} );
# Check service
unless ( $service eq $casServiceSession->data->{service} ) {
$self->lmLog(
"Submitted service $service does not match initial service "
. $casServiceSession->data->{service},
'error'
);
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError();
}
unless ( $service1_uri->eq($service2_uri) ) {
$self->lmLog( "Submitted service $service math initial servce",
'debug' );
# Tolerate that relative URI are the same
if ( $service1_uri->rel($service2_uri) eq "./"
or $service2_uri->rel($service1_uri) eq "./" )
{
$self->lmLog(
"Submitted service $service1_uri does not exactly match initial service "
. $service2_uri
. ' but difference is tolerated.',
'warn'
);
}
else {
$self->lmLog(
"Submitted service $service does not match initial service "
. $casServiceSession->data->{service},
'error'
);
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError();
}
}
else {
$self->lmLog( "Submitted service $service math initial servce",
'debug' );
}
# Check renew
if ( $renew eq 'true' ) {
......@@ -259,21 +278,39 @@ sub issuerForUnAuthUser {
$self->lmLog( "$urlType ticket session $ticket found", 'debug' );
my $service1_uri = URI->new($service);
my $service2_uri = URI->new( $casServiceSession->data->{service} );
# Check service
unless ( $service eq $casServiceSession->data->{service} ) {
$self->lmLog(
"Submitted service $service does not match initial service "
. $casServiceSession->data->{service},
'error'
);
unless ( $service1_uri->eq($service2_uri) ) {
$self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateError( 'INVALID_SERVICE',
'Submitted service does not match initial service' );
}
# Tolerate that relative URI are the same
if ( $service1_uri->rel($service2_uri) eq "./"
or $service2_uri->rel($service1_uri) eq "./" )
{
$self->lmLog(
"Submitted service $service1_uri does not exactly match initial service "
. $service2_uri
. ' but difference is tolerated.',
'warn'
);
}
else {
$self->lmLog(
"Submitted service $service does not match initial service "
. $casServiceSession->data->{service},
'error'
);
$self->lmLog( "Submitted service $service match initial servce",
'debug' );
$self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateError( 'INVALID_SERVICE',
'Submitted service does not match initial service' );
}
}
else {
$self->lmLog( "Submitted service $service match initial service",
'debug' );
}
# Check renew
if ( $renew eq 'true' ) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment