forked from MirrorHub/synapse
Fix CAS redirect url (#6634)
Build the same service URL when requesting the CAS ticket and when calling the proxyValidate URL.
This commit is contained in:
parent
190ab593b7
commit
1fcf9c6f95
2 changed files with 17 additions and 11 deletions
1
changelog.d/6634.bugfix
Normal file
1
changelog.d/6634.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix single-sign on with CAS systems: pass the same service URL when requesting the CAS ticket and when calling the `proxyValidate` URL. Contributed by @Naugrimm.
|
|
@ -72,6 +72,14 @@ def login_id_thirdparty_from_phone(identifier):
|
||||||
return {"type": "m.id.thirdparty", "medium": "msisdn", "address": msisdn}
|
return {"type": "m.id.thirdparty", "medium": "msisdn", "address": msisdn}
|
||||||
|
|
||||||
|
|
||||||
|
def build_service_param(cas_service_url, client_redirect_url):
|
||||||
|
return "%s%s?redirectUrl=%s" % (
|
||||||
|
cas_service_url,
|
||||||
|
"/_matrix/client/r0/login/cas/ticket",
|
||||||
|
urllib.parse.quote(client_redirect_url, safe=""),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class LoginRestServlet(RestServlet):
|
class LoginRestServlet(RestServlet):
|
||||||
PATTERNS = client_patterns("/login$", v1=True)
|
PATTERNS = client_patterns("/login$", v1=True)
|
||||||
CAS_TYPE = "m.login.cas"
|
CAS_TYPE = "m.login.cas"
|
||||||
|
@ -427,18 +435,15 @@ class BaseSSORedirectServlet(RestServlet):
|
||||||
class CasRedirectServlet(BaseSSORedirectServlet):
|
class CasRedirectServlet(BaseSSORedirectServlet):
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(CasRedirectServlet, self).__init__()
|
super(CasRedirectServlet, self).__init__()
|
||||||
self.cas_server_url = hs.config.cas_server_url.encode("ascii")
|
self.cas_server_url = hs.config.cas_server_url
|
||||||
self.cas_service_url = hs.config.cas_service_url.encode("ascii")
|
self.cas_service_url = hs.config.cas_service_url
|
||||||
|
|
||||||
def get_sso_url(self, client_redirect_url):
|
def get_sso_url(self, client_redirect_url):
|
||||||
client_redirect_url_param = urllib.parse.urlencode(
|
args = urllib.parse.urlencode(
|
||||||
{b"redirectUrl": client_redirect_url}
|
{"service": build_service_param(self.cas_service_url, client_redirect_url)}
|
||||||
).encode("ascii")
|
)
|
||||||
hs_redirect_url = self.cas_service_url + b"/_matrix/client/r0/login/cas/ticket"
|
|
||||||
service_param = urllib.parse.urlencode(
|
return "%s/login?%s" % (self.cas_server_url, args)
|
||||||
{b"service": b"%s?%s" % (hs_redirect_url, client_redirect_url_param)}
|
|
||||||
).encode("ascii")
|
|
||||||
return b"%s/login?%s" % (self.cas_server_url, service_param)
|
|
||||||
|
|
||||||
|
|
||||||
class CasTicketServlet(RestServlet):
|
class CasTicketServlet(RestServlet):
|
||||||
|
@ -458,7 +463,7 @@ class CasTicketServlet(RestServlet):
|
||||||
uri = self.cas_server_url + "/proxyValidate"
|
uri = self.cas_server_url + "/proxyValidate"
|
||||||
args = {
|
args = {
|
||||||
"ticket": parse_string(request, "ticket", required=True),
|
"ticket": parse_string(request, "ticket", required=True),
|
||||||
"service": self.cas_service_url,
|
"service": build_service_param(self.cas_service_url, client_redirect_url),
|
||||||
}
|
}
|
||||||
try:
|
try:
|
||||||
body = await self._http_client.get_raw(uri, args)
|
body = await self._http_client.get_raw(uri, args)
|
||||||
|
|
Loading…
Reference in a new issue