Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
fix: make requested code-changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Naugrimm
Naugrimm committed Mar 11, 2020
1 parent 99f5ddd commit 9770386
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 19 deletions.
2 changes: 1 addition & 1 deletion changelog.d/6634.bugfix
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Build the same service URL when requesting the CAS ticket and when calling the proxyValidate URL.
Fix single-sign on with CAS systems: pass the same service URL when requesting the CAS ticket and when calling the `proxyValidate` URL. Contributed by @Naugrimm.
35 changes: 17 additions & 18 deletions synapse/rest/client/v1/login.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,14 @@ def login_id_thirdparty_from_phone(identifier):
return {"type": "m.id.thirdparty", "medium": "msisdn", "address": msisdn}


def build_service_param(cas_service_url, client_redirect_url):
return "%s%s?redirectUrl=%s" % (
cas_service_url,
"/_matrix/client/r0/login/cas/ticket",
urllib.parse.quote(client_redirect_url, safe=""),
)


class LoginRestServlet(RestServlet):
PATTERNS = client_patterns("/login$", v1=True)
CAS_TYPE = "m.login.cas"
Expand Down Expand Up @@ -428,18 +436,15 @@ def get_sso_url(self, client_redirect_url):
class CasRedirectServlet(BaseSSORedirectServlet):
def __init__(self, hs):
super(CasRedirectServlet, self).__init__()
self.cas_server_url = hs.config.cas_server_url.encode("ascii")
self.cas_service_url = hs.config.cas_service_url.encode("ascii")
self.cas_server_url = hs.config.cas_server_url
self.cas_service_url = hs.config.cas_service_url

def get_sso_url(self, client_redirect_url):
client_redirect_url_param = urllib.parse.urlencode(
{b"redirectUrl": client_redirect_url}
).encode("ascii")
hs_redirect_url = self.cas_service_url + b"/_matrix/client/r0/login/cas/ticket"
service_param = urllib.parse.urlencode(
{b"service": b"%s?%s" % (hs_redirect_url, client_redirect_url_param)}
).encode("ascii")
return b"%s/login?%s" % (self.cas_server_url, service_param)
args = urllib.parse.urlencode(
{"service": build_service_param(self.cas_service_url, client_redirect_url)}
)

return "%s/login?%s" % (self.cas_server_url, args)


class CasTicketServlet(RestServlet):
Expand All @@ -448,10 +453,7 @@ class CasTicketServlet(RestServlet):
def __init__(self, hs):
super(CasTicketServlet, self).__init__()
self.cas_server_url = hs.config.cas_server_url
self.cas_service_url = (
hs.config.cas_service_url.encode("ascii")
+ b"/_matrix/client/r0/login/cas/ticket?redirectUrl="
)
self.cas_service_url = hs.config.cas_service_url
self.cas_displayname_attribute = hs.config.cas_displayname_attribute
self.cas_required_attributes = hs.config.cas_required_attributes
self._sso_auth_handler = SSOAuthHandler(hs)
Expand All @@ -460,12 +462,9 @@ def __init__(self, hs):
async def on_GET(self, request):
client_redirect_url = parse_string(request, "redirectUrl", required=True)
uri = self.cas_server_url + "/proxyValidate"
service_url = self.cas_service_url + urllib.parse.quote(
client_redirect_url, safe=""
).encode("ascii")
args = {
"ticket": parse_string(request, "ticket", required=True),
"service": service_url,
"service": build_service_param(self.cas_service_url, client_redirect_url),
}
try:
body = await self._http_client.get_raw(uri, args)
Expand Down

0 comments on commit 9770386

Please sign in to comment.