Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add CASRedirectAfterValidation parameter to mimic java-cas-client's parameter #136

Open
wants to merge 8 commits into
base: master
Choose a base branch
from

Conversation

ruckc
Copy link

@ruckc ruckc commented Nov 4, 2017

This is a redo of #51. This is necessary when having APIs CAS protected, as it makes the logic even more cumbersome.

Copy link
Contributor

@dhawes dhawes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks okay and works as expected.

Some of the language used needs to be fixed for clarity. I've noted those places.

Title should be "add CASDisableRedirectAfterValidation".

README Outdated Show resolved Hide resolved
src/mod_auth_cas.c Outdated Show resolved Hide resolved
@@ -1844,8 +1856,10 @@ char *getResponseFromServer (request_rec *r, cas_cfg *c, char *ticket)
curl_easy_setopt(curl, CURLOPT_URL, apr_uri_unparse(r->pool, &validateURL, 0));

if(curl_easy_perform(curl) != CURLE_OK) {
if(c->CASDebug)
if(c->CASDebug) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "MOD_AUTH_CAS: query: %s", validateURL.query);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd probably move the previous log addition to line 1855 after validateURL.query is set so we get the whole validateURL printed out.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was moved. Good catch.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The log at line 1858 is redundant since it's logged at 1852 now.

apr_table_add(r->headers_out, "Location", newLocation);
return HTTP_MOVED_TEMPORARILY;
} else {
return OK;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it intended that we go all the way to https://github.com/ruckc/mod_auth_cas/blob/eba78415e60b2d597c5ee03afd5245f53129a15a/src/mod_auth_cas.c#L2231 to return OK? Should it return before that?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The return OK; was unmodified (except additional indention).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's now inside the if block that checks CASDisableRedirectAfterValidation ( eba7841#diff-b823cf0e10152100b941acd0fb5838a8R2141 ), so it never returns if CASDisableRedirectAfterValidation is On.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added an additional } else { return OK; }. In my office environment I had caught this but forgot to commit it back.

Copy link
Contributor

@dhawes dhawes Nov 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If that's the intention, this can be simplified by changing the check to:

if(parametersRemoved == TRUE && d->CASDisableRedirectAfterValidation == NULL )

I mostly ask because the original merge request would fall through to a later return where cas attributes were populated and headers were set. The side effect of this is that Require cas-attribute statements would work. In this commit that won't happen, so authorization will fail. What is desired here?

src/mod_auth_cas.h Outdated Show resolved Hide resolved
src/mod_auth_cas.c Outdated Show resolved Hide resolved
src/mod_auth_cas.h Outdated Show resolved Hide resolved
@ruckc
Copy link
Author

ruckc commented Nov 28, 2017

I believe these two commits address all of your concerns.

@ruckc
Copy link
Author

ruckc commented Nov 29, 2017

If there are no further issues I can close this PR and resubmit with these changes in a single commit.

src/mod_auth_cas.h Outdated Show resolved Hide resolved
@dhawes
Copy link
Contributor

dhawes commented Nov 30, 2017

There's no need to open another PR. When we're happy we'll just rebase, squash the commits, and make it nice and tidy.

@ruckc ruckc requested a review from dhawes January 30, 2020 13:56
Copy link
Contributor

@dhawes dhawes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see these changes rebased with master.

printPort = TRUE;

if(c->CASRootProxiedAs.is_initialized) {
if(d->CASDisableRedirectAfterValidation == NULL) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not:

                       if(d->CASDisableRedirectAfterValidation) {
                               return OK;
                       }

and keep everything in the "if(parametersRemoved == TRUE)" unchanged? The patch and code are much more readable like that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants