Skip to content
Snippets Groups Projects
Commit 8554b74b authored by Elmar Ludwig's avatar Elmar Ludwig
Browse files

fix redirect on shib login, fixes #3220 

Closes #3220

Merge request studip/studip!2207
parent abe91c4f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/classes/auth_plugins/StudipAuthShib.class.php
+ 4
31
View file @ 8554b74b
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
class StudipAuthShib extends StudipAuthSSO class StudipAuthShib extends StudipAuthSSO
{ {
public $env_remote_user = 'HTTP_REMOTE_USER'; public $env_remote_user = 'REMOTE_USER';
public $local_domain; public $local_domain;
public $session_initiator; public $session_initiator;
public $validate_url; public $validate_url;
...@@ -59,29 +59,6 @@ class StudipAuthShib extends StudipAuthSSO ...@@ -59,29 +59,6 @@ class StudipAuthShib extends StudipAuthSSO
return $this->userdata['username']; return $this->userdata['username'];
} }
/**
* Return the current URL (including parameters).
*/
function getURL()
{
$url = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
$url .= '://';
if (empty($_SERVER['SERVER_NAME'])) {
$url .= $_SERVER['HTTP_HOST'];
} else {
$url .= $_SERVER['SERVER_NAME'];
}
if ($_SERVER['HTTPS'] == 'on' && $_SERVER['SERVER_PORT'] != 443 ||
$_SERVER['HTTPS'] != 'on' && $_SERVER['SERVER_PORT'] != 80) {
$url .= ':' . $_SERVER['SERVER_PORT'];
}
$url .= $_SERVER['REQUEST_URI'];
return $url;
}
/** /**
* Validate the username passed to the auth plugin. * Validate the username passed to the auth plugin.
* Note: This triggers authentication if needed. * Note: This triggers authentication if needed.
...@@ -93,24 +70,20 @@ class StudipAuthShib extends StudipAuthSSO ...@@ -93,24 +70,20 @@ class StudipAuthShib extends StudipAuthSSO
return $this->getUser(); return $this->getUser();
} }
$remote_user = $_SERVER[$this->env_remote_user] ?? $_SERVER['REMOTE_USER'] ?? ''; $remote_user = $_SERVER[$this->env_remote_user] ?? null;
if (empty($remote_user) || isset($this->validate_url)) { if (empty($remote_user) || isset($this->validate_url)) {
if (Request::get('sso') === $this->plugin_name) { if (Request::get('sso') === $this->plugin_name) {
// force Shibboleth authentication (lazy session) // force Shibboleth authentication (lazy session)
$shib_url = URLHelper::getURL( $shib_url = URLHelper::getURL(
$this->session_initiator, $this->session_initiator,
['target' => $this->getURL()], ['target' => Request::url()],
true true
); );
// break redirection loop in case of misconfiguration // break redirection loop in case of misconfiguration
if ( if (strpos($_SERVER['HTTP_REFERER'] ?? '', 'target=') === false) {
isset($_SERVER['HTTP_REFERER'])
&& !str_contains($_SERVER['HTTP_REFERER'], 'target=')
) {
header('Location: ' . $shib_url); header('Location: ' . $shib_url);
echo '<html></html>';
exit(); exit();
} }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment