From c3400a03af2dc98965195063ee073e26a87bb027 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?ANDRE=20s=C3=A9bastien?= <sandre@afi-sa.fr>
Date: Thu, 21 Apr 2022 15:46:39 +0200
Subject: [PATCH] dev: #155214 : CAS server can accept param gateway
---
VERSIONS_WIP/155214 | 1 +
library/Class/Auth/Cas.php | 10 ++++++++++
.../OmekaS/controllers/IndexController.php | 5 +++--
.../controllers/CasServerControllerTest.php | 19 +++++++++++++++++++
.../scenarios/OmekaS/OmekaSViewNoticeTest.php | 6 +++---
5 files changed, 36 insertions(+), 5 deletions(-)
create mode 100644 VERSIONS_WIP/155214
diff --git a/VERSIONS_WIP/155214 b/VERSIONS_WIP/155214
new file mode 100644
index 00000000000..ac45bd17c33
--- /dev/null
+++ b/VERSIONS_WIP/155214
@@ -0,0 +1 @@
+ - fonctionnalité #155214 : seveur CAS : prise en compte du paramètre 'gateway' qui permet de rediriger l'utilisateur sans demander l'authentification
\ No newline at end of file
diff --git a/library/Class/Auth/Cas.php b/library/Class/Auth/Cas.php
index c74b6f18b7a..1084f58e2a2 100644
--- a/library/Class/Auth/Cas.php
+++ b/library/Class/Auth/Cas.php
@@ -117,6 +117,16 @@ class Class_Auth_CasLogged extends Class_Auth_Logged {
class Class_Auth_CasNotLogged extends Class_Auth_NotLogged {
use Trait_Auth_CasAware;
+ public function processLogin() {
+ if ($this->_getParam('gateway')) {
+ $this->redirect_url = $this->_getServerUrl();
+ return $this->_handleRedirect();
+ }
+
+ return parent::processLogin();
+ }
+
+
protected function _doOnLoginSuccess() {
if (!$this->_hasPermission()) {
$this->controller->notify($this->_('Vous n\'avez pas les droits d\'accès à la ressource'));
diff --git a/library/digital_resources/OmekaS/controllers/IndexController.php b/library/digital_resources/OmekaS/controllers/IndexController.php
index 3e347458c58..0a4ba21bd19 100644
--- a/library/digital_resources/OmekaS/controllers/IndexController.php
+++ b/library/digital_resources/OmekaS/controllers/IndexController.php
@@ -43,10 +43,11 @@ class OmekaS_Plugin_IndexController extends Class_DigitalResource_Controller {
if ($profile_serializer->isSsoMandatory($sso_type) || Class_Users::hasIdentity()) {
$url = ($base_url = $data_profile->getItemBaseUrl())
- ? $base_url . 'cas/login?redirect_url=' . urlencode($url)
+ ? $base_url . 'cas/login?' . http_build_query(['gateway' => 'true',
+ 'redirect_url' => $url])
: $url_404;
}
$this->_javascriptRedirectTo($url);
}
-}
\ No newline at end of file
+}
diff --git a/tests/application/modules/opac/controllers/CasServerControllerTest.php b/tests/application/modules/opac/controllers/CasServerControllerTest.php
index de7c2dc5ca2..d8d9e472100 100644
--- a/tests/application/modules/opac/controllers/CasServerControllerTest.php
+++ b/tests/application/modules/opac/controllers/CasServerControllerTest.php
@@ -135,6 +135,25 @@ class CasServerControllerValidateActionTest extends AbstractControllerTestCase {
}
+ /** @test */
+ public function loginOnCasOneZeroWithGatewayTrueShouldRedirectToServiceWithoutTicket() {
+ ZendAfi_Auth::getInstance()->clearIdentity();
+ $this->dispatch(sprintf('/opac/cas-server-v10/login?service=%s&gateway=true',
+ urlencode('http://test.com?ressource_id=1234&message=go')));
+ $this->assertRedirectTo('http://test.com?ressource_id=1234&message=go',
+ $this->getResponseLocation());
+ }
+
+
+ /** @test */
+ public function loginOnCasOneZeroWithGatewayTagadaShouldRedirectToServiceWithoutTicket() {
+ ZendAfi_Auth::getInstance()->clearIdentity();
+ $this->dispatch('/opac/cas-server-v10/login?service=http://test.com&gateway=tagada');
+ $this->assertRedirectTo('http://test.com',
+ $this->getResponseLocation());
+ }
+
+
/** @test */
public function loginOnCasOneZeroWithoutOpenedSessionShouldDisplayLoginForm() {
ZendAfi_Auth::getInstance()->clearIdentity();
diff --git a/tests/scenarios/OmekaS/OmekaSViewNoticeTest.php b/tests/scenarios/OmekaS/OmekaSViewNoticeTest.php
index 6b879513745..0197ba99421 100644
--- a/tests/scenarios/OmekaS/OmekaSViewNoticeTest.php
+++ b/tests/scenarios/OmekaS/OmekaSViewNoticeTest.php
@@ -99,7 +99,7 @@ class OmekaSViewNoticeLoggedTest extends OmekaSViewNoticeTestCase {
/** @test */
public function moduleSsoActionShouldRedirectToOmekaServerWithCasWhenMandatory() {
$this->dispatch('/modules/sso/id/1288');
- $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
+ $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?gateway=true&redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
$this->_response->getBody());
}
@@ -108,7 +108,7 @@ class OmekaSViewNoticeLoggedTest extends OmekaSViewNoticeTestCase {
public function moduleSsoActionShouldRedirectToOmekaServerWithCasWhenOptional() {
$this->_setItemCasSso(2);
$this->dispatch('/modules/sso/id/1288');
- $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
+ $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?gateway=true&redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
$this->_response->getBody());
}
@@ -150,7 +150,7 @@ class OmekaSViewNoticeNotLoggedTest extends OmekaSViewNoticeTestCase {
/** @test */
public function moduleSsoActionShouldRedirectToOmekaServerWithCasWhenMandatory() {
$this->dispatch('/modules/sso/id/1288');
- $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
+ $this->assertContains('document.location.href="https://omekas.myserver.com/cas/login?gateway=true&redirect_url=https%3A%2F%2Fomekas.myserver.com%2Fs%2Fslug%2Fitem%2F88398"',
$this->_response->getBody());
}
--
GitLab