Skip to content

Commit

Permalink
Fix CAS redirect url (matrix-org#6634)
Browse files Browse the repository at this point in the history 
Build the same service URL when requesting the CAS ticket and when calling the proxyValidate URL.
  • Loading branch information
@Naugrimm @phil-flex
Naugrimm authored and phil-flex committed Jun 16, 2020
1 parent aea8194 commit af9afb7
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 11 deletions.
1 change: 1 addition & 0 deletions changelog.d/6634.bugfix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix single-sign on with CAS systems: pass the same service URL when requesting the CAS ticket and when calling the `proxyValidate` URL. Contributed by @Naugrimm.
27 changes: 16 additions & 11 deletions synapse/rest/client/v1/login.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,14 @@ def login_id_thirdparty_from_phone(identifier):
return {"type": "m.id.thirdparty", "medium": "msisdn", "address": msisdn}


def build_service_param(cas_service_url, client_redirect_url):
return "%s%s?redirectUrl=%s" % (
cas_service_url,
"/_matrix/client/r0/login/cas/ticket",
urllib.parse.quote(client_redirect_url, safe=""),
)


class LoginRestServlet(RestServlet):
PATTERNS = client_patterns("/login$", v1=True)
CAS_TYPE = "m.login.cas"
Expand Down Expand Up @@ -427,18 +435,15 @@ def get_sso_url(self, client_redirect_url):
class CasRedirectServlet(BaseSSORedirectServlet):
def __init__(self, hs):
super(CasRedirectServlet, self).__init__()
self.cas_server_url = hs.config.cas_server_url.encode("ascii")
self.cas_service_url = hs.config.cas_service_url.encode("ascii")
self.cas_server_url = hs.config.cas_server_url
self.cas_service_url = hs.config.cas_service_url

def get_sso_url(self, client_redirect_url):
client_redirect_url_param = urllib.parse.urlencode(
{b"redirectUrl": client_redirect_url}
).encode("ascii")
hs_redirect_url = self.cas_service_url + b"/_matrix/client/r0/login/cas/ticket"
service_param = urllib.parse.urlencode(
{b"service": b"%s?%s" % (hs_redirect_url, client_redirect_url_param)}
).encode("ascii")
return b"%s/login?%s" % (self.cas_server_url, service_param)
args = urllib.parse.urlencode(
{"service": build_service_param(self.cas_service_url, client_redirect_url)}
)

return "%s/login?%s" % (self.cas_server_url, args)


class CasTicketServlet(RestServlet):
Expand All @@ -458,7 +463,7 @@ async def on_GET(self, request):
uri = self.cas_server_url + "/proxyValidate"
args = {
"ticket": parse_string(request, "ticket", required=True),
"service": self.cas_service_url,
"service": build_service_param(self.cas_service_url, client_redirect_url),
}
try:
body = await self._http_client.get_raw(uri, args)
Expand Down

0 comments on commit af9afb7

Please sign in to comment.