From 0b859197da5ec7c675cbca319cda481a8cda0198 Mon Sep 17 00:00:00 2001 From: Yang Luo Date: Fri, 1 Sep 2023 21:47:26 +0800 Subject: [PATCH] Fix CAS "/proxyValidate" API --- controllers/cas.go | 25 +++++++++++++++---------- routers/router.go | 4 ++-- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/controllers/cas.go b/controllers/cas.go index 898a7510..5a356e46 100644 --- a/controllers/cas.go +++ b/controllers/cas.go @@ -35,6 +35,11 @@ const ( UnauthorizedService string = "UNAUTHORIZED_SERVICE" ) +func queryUnescape(service string) string { + s, _ := url.QueryUnescape(service) + return s +} + func (c *RootController) CasValidate() { ticket := c.Input().Get("ticket") service := c.Input().Get("service") @@ -60,24 +65,25 @@ func (c *RootController) CasServiceValidate() { if !strings.HasPrefix(ticket, "ST") { c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format) } - c.CasP3ServiceAndProxyValidate() + c.CasP3ProxyValidate() } func (c *RootController) CasProxyValidate() { + // https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20 + // "/proxyValidate" should accept both service tickets and proxy tickets. + c.CasP3ProxyValidate() +} + +func (c *RootController) CasP3ServiceValidate() { ticket := c.Input().Get("ticket") format := c.Input().Get("format") - if !strings.HasPrefix(ticket, "PT") { + if !strings.HasPrefix(ticket, "ST") { c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format) } - c.CasP3ServiceAndProxyValidate() + c.CasP3ProxyValidate() } -func queryUnescape(service string) string { - s, _ := url.QueryUnescape(service) - return s -} - -func (c *RootController) CasP3ServiceAndProxyValidate() { +func (c *RootController) CasP3ProxyValidate() { ticket := c.Input().Get("ticket") format := c.Input().Get("format") service := c.Input().Get("service") @@ -263,7 +269,6 @@ func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format stri Message: msg, }, } - if format == "json" { c.Data["json"] = serviceResponse c.ServeJSON() diff --git a/routers/router.go b/routers/router.go index d85c9248..314f26c3 100644 --- a/routers/router.go +++ b/routers/router.go @@ -273,7 +273,7 @@ func initAPI() { beego.Router("/cas/:organization/:application/proxy", &controllers.RootController{}, "GET:CasProxy") beego.Router("/cas/:organization/:application/validate", &controllers.RootController{}, "GET:CasValidate") - beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate") - beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate") + beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceValidate") + beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ProxyValidate") beego.Router("/cas/:organization/:application/samlValidate", &controllers.RootController{}, "POST:SamlValidate") }