From 91307707ed2ff874ec5e2f25658a286019204e54 Mon Sep 17 00:00:00 2001 From: Matthias Meusburger Date: Mon, 12 Oct 2020 15:58:31 +0200 Subject: [PATCH] Bug 20854: Allow correct redirect on logout for Cas servers 3.0 and superior. Test plan: 1) Apply the patch 2) Set the system preference casLogout to "Yes" 3) Set the new system preference CasServerVersion to "CAS 3 or superior" 4) Check that you are redirected to Koha after a CAS logout from a CAS 3 server 5) Set the new system preference CasServerVersion to "CAS 2 or inferior" 6) Check that you are redirected to Koha after a CAS logout from a CAS 2 server Signed-off-by: Tomas Cohen Arazi Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- C4/Auth_with_cas.pm | 13 ++++++++++++- installer/data/mysql/atomicupdate/Bug_20854.perl | 8 ++++++++ installer/data/mysql/mandatory/sysprefs.sql | 1 + .../prog/en/modules/admin/preferences/admin.pref | 6 ++++++ t/db_dependent/Auth_with_cas.t | 8 +++++++- 5 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/Bug_20854.perl diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm index f334f09ede..5fe0640a71 100644 --- a/C4/Auth_with_cas.pm +++ b/C4/Auth_with_cas.pm @@ -71,7 +71,9 @@ sub logout_cas { my ($query, $type) = @_; my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type); $uri =~ s/\?logout\.x=1//; # We don't want to keep triggering a logout, if we got here, the borrower is already logged out of Koha - print $query->redirect( $cas->logout_url(url => $uri)); + my $logout_url = $cas->logout_url(url => $uri); + $logout_url = _fix_logout_url($logout_url); + print $query->redirect( $logout_url ); } # Login to CAS @@ -204,6 +206,15 @@ sub _get_cas_and_service { return ( $cas, $uri ); } +# Fix the logout URL when the cas server is 3.0 or superior +sub _fix_logout_url { + my $url = shift; + if (C4::Context->preference('casServerVersion') eq '3') { + $url =~ s/url=/service=/; + } + return $url; +} + # Get the current URL with parameters contained directly into URL (GET params) # This method replaces $query->url() which will give both GET and POST params sub _url_with_get_params { diff --git a/installer/data/mysql/atomicupdate/Bug_20854.perl b/installer/data/mysql/atomicupdate/Bug_20854.perl new file mode 100644 index 0000000000..89b33d2bc1 --- /dev/null +++ b/installer/data/mysql/atomicupdate/Bug_20854.perl @@ -0,0 +1,8 @@ +$DBversion = 'XXX'; # will be replaced by the RM +if( CheckVersion( $DBversion ) ) { + + $dbh->do( "INSERT IGNORE INTO systempreferences (variable, value, options, explanation, type) VALUES ('casServerVersion', '2', '2|3', 'Version of the CAS server Koha will connect to.', 'Choice');"); + + # Always end with this (adjust the bug info) + NewVersion( $DBversion, 20854, "Adds a casServerVersion system preference"); +} diff --git a/installer/data/mysql/mandatory/sysprefs.sql b/installer/data/mysql/mandatory/sysprefs.sql index 40e5dc3ee5..ef7d4561fb 100644 --- a/installer/data/mysql/mandatory/sysprefs.sql +++ b/installer/data/mysql/mandatory/sysprefs.sql @@ -120,6 +120,7 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, ` ('casAuthentication','0','','Enable or disable CAS authentication','YesNo'), ('casLogout','0','','Does a logout from Koha should also log the user out of CAS?','YesNo'), ('casServerUrl','https://localhost:8443/cas','','URL of the cas server','Free'), +('casServerVersion','2', '2|3','Version of the CAS server Koha will connect to.','Choice'), ('CatalogModuleRelink','0',NULL,'If OFF the linker will never replace the authids that are set in the cataloging module.','YesNo'), ('CataloguingLog','1',NULL,'If ON, log edit/create/delete actions on bibliographic data. WARNING: this feature is very resource consuming.','YesNo'), ('ChargeFinesOnClosedDays','0',NULL,'Charge fines on days the library is closed.','YesNo'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref index 77fe89a1ee..ec5f697fd6 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref @@ -148,6 +148,12 @@ Administration: - - "URL of the CAS Authentication Server: " - pref: casServerUrl + - + - pref: casServerVersion + choices: + 2: 'CAS 2 or inferior' + 3: 'CAS 3 or superior' + - Version of the CAS server Koha will connect to. SSL client certificate authentication: - - "Field to use for SSL client certificate authentication: " diff --git a/t/db_dependent/Auth_with_cas.t b/t/db_dependent/Auth_with_cas.t index b6d9e21f96..2f1075542e 100755 --- a/t/db_dependent/Auth_with_cas.t +++ b/t/db_dependent/Auth_with_cas.t @@ -17,7 +17,7 @@ use Modern::Perl; -use Test::More tests => 4; +use Test::More tests => 5; use CGI; use t::lib::Mocks; @@ -62,3 +62,9 @@ $ENV{SCRIPT_NAME} = '/cgi-bin/koha/circ/circulation-home.pl'; is(C4::Auth_with_cas::_url_with_get_params($cgi, 'intranet'), "$staff_base_url/cgi-bin/koha/circ/circulation-home.pl?bar=baz", "Intranet URL should be returned when using intranet login (Bug 13507)"); + +# logout parameter +t::lib::Mocks::mock_preference('casServerVersion','3'); +is(C4::Auth_with_cas::_fix_logout_url('https://mycasserver.url/logout/?url=https://mykoha.url'), + 'https://mycasserver.url/logout/?service=https://mykoha.url', + 'service parameter should be used on logout when Cas server is 3.0 or superior (Bug 20854)'); -- 2.39.5