From 8554b74bb2cc62bda4bdeb8ba6b081fde5f619ce Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Sat, 30 Sep 2023 08:36:31 +0000
Subject: [PATCH] fix redirect on shib login, fixes #3220

Closes #3220

Merge request studip/studip!2207
---
 .../auth_plugins/StudipAuthShib.class.php     | 35 +++----------------
 1 file changed, 4 insertions(+), 31 deletions(-)

diff --git a/lib/classes/auth_plugins/StudipAuthShib.class.php b/lib/classes/auth_plugins/StudipAuthShib.class.php
index 3cba5866f3b..3eedc65c760 100644
--- a/lib/classes/auth_plugins/StudipAuthShib.class.php
+++ b/lib/classes/auth_plugins/StudipAuthShib.class.php
@@ -14,7 +14,7 @@
 
 class StudipAuthShib extends StudipAuthSSO
 {
-    public $env_remote_user = 'HTTP_REMOTE_USER';
+    public $env_remote_user = 'REMOTE_USER';
     public $local_domain;
     public $session_initiator;
     public $validate_url;
@@ -59,29 +59,6 @@ class StudipAuthShib extends StudipAuthSSO
         return $this->userdata['username'];
     }
 
-    /**
-     * Return the current URL (including parameters).
-     */
-    function getURL()
-    {
-        $url = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
-        $url .= '://';
-
-        if (empty($_SERVER['SERVER_NAME'])) {
-            $url .= $_SERVER['HTTP_HOST'];
-        } else {
-            $url .= $_SERVER['SERVER_NAME'];
-        }
-
-        if ($_SERVER['HTTPS'] == 'on' && $_SERVER['SERVER_PORT'] != 443 ||
-            $_SERVER['HTTPS'] != 'on' && $_SERVER['SERVER_PORT'] != 80) {
-            $url .= ':' . $_SERVER['SERVER_PORT'];
-        }
-
-        $url .= $_SERVER['REQUEST_URI'];
-        return $url;
-    }
-
     /**
      * Validate the username passed to the auth plugin.
      * Note: This triggers authentication if needed.
@@ -93,24 +70,20 @@ class StudipAuthShib extends StudipAuthSSO
             return $this->getUser();
         }
 
-        $remote_user = $_SERVER[$this->env_remote_user] ?? $_SERVER['REMOTE_USER'] ?? '';
+        $remote_user = $_SERVER[$this->env_remote_user] ?? null;
 
         if (empty($remote_user) || isset($this->validate_url)) {
             if (Request::get('sso') === $this->plugin_name) {
                 // force Shibboleth authentication (lazy session)
                 $shib_url = URLHelper::getURL(
                     $this->session_initiator,
-                    ['target' => $this->getURL()],
+                    ['target' => Request::url()],
                     true
                 );
 
                 // break redirection loop in case of misconfiguration
-                if (
-                    isset($_SERVER['HTTP_REFERER'])
-                    && !str_contains($_SERVER['HTTP_REFERER'], 'target=')
-                ) {
+                if (strpos($_SERVER['HTTP_REFERER'] ?? '', 'target=') === false) {
                     header('Location: ' . $shib_url);
-                    echo '<html></html>';
                     exit();
                 }
             }
-- 
GitLab