From 0c5c3080711e311f2bc07a9236c29a65890a31c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Catt=C4=AB=20Cr=C5=ABd=C4=93l=C4=93s?=
 <17695588+wzy9607@users.noreply.github.com>
Date: Fri, 1 Sep 2023 22:26:57 +0800
Subject: [PATCH] fix: sendCasAuthenticationResponseErr when pgtUrlObj if not
 valid url (#2287)

* fix: sendCasAuthenticationResponseErr when pgtUrlObj if not valid url

check pgtUrlObj.Scheme first will cause panic if url.Parse returns error.

* Update cas.go

---------

Co-authored-by: hsluoyz <hsluoyz@qq.com>
---
 controllers/cas.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/controllers/cas.go b/controllers/cas.go
index 5a356e46..3cffbfa3 100644
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -121,15 +121,17 @@ func (c *RootController) CasP3ProxyValidate() {
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
+		if err != nil {
+			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
+			return
+		}
+
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
+
 		// make a request to pgturl passing pgt and pgtiou
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)