Restore relayState (#595)

fastcgi-server/man/llng-fastcgi-server.1p

@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 1"
-.TH llng-fastcgi-server 1 "2017-03-16" "perl v5.24.1" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 1 "2017-03-20" "perl v5.24.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm

@@ -228,7 +228,8 @@ sub extractFormInfo {
               ->{samlIDPMetaDataOptionsRelayStateURL};
 
             #  Extract RelayState information
-            if ( $self->extractRelayState( $relaystate, $relayStateURL ) ) {
+            if ( $self->extractRelayState( $req, $relaystate, $relayStateURL ) )
+            {
                 $self->logger->debug("RelayState $relaystate extracted");
             }
 
@@ -346,6 +347,16 @@ sub extractFormInfo {
                     $req->datas->{_proxiedArtifact} =
                       $samlSessionInfo->data->{Artifact};
 
+               # Save values in hidden fields in case of other user interactions
+                    $self->p->setHiddenFormValue( $req, 'SAMLRequest',
+                        $self->{_proxiedRequest} );
+                    $self->p->setHiddenFormValue( $req, 'Method',
+                        $self->{_proxiedMethod} );
+                    $self->p->setHiddenFormValue( $req, 'RelayState',
+                        $self->{_proxiedRelayState} );
+                    $self->p->setHiddenFormValue( $req, 'SAMLart',
+                        $self->{_proxiedArtifact} );
+
                     # Delete session
                     $samlSessionInfo->remove();
                 }
@@ -456,7 +467,7 @@ sub extractFormInfo {
             }
 
             # If URL in RelayState, different from portal, redirect user
-            if ( $self->extractRelayState($relaystate) ) {
+            if ( $self->extractRelayState( $req, $relaystate ) ) {
                 $self->logger->debug("RelayState $relaystate extracted");
                 $self->logger->debug(
                     "URL " . $req->urldc . " found in RelayState" );

lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t

@@ -8,7 +8,7 @@ BEGIN {
     require 't/saml-lib.pm';
 }
 
-my $maintests = 22;
+my $maintests = 20;
 my $debug     = 'error';
 my ( $issuer, $sp, $res );
 my %handlerOR = ( issuer => [], sp => [] );
@@ -95,44 +95,36 @@ SKIP: {
       ( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
     $fields{user} = $fields{password} = 'french';
     use URI::Escape;
-    my $s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
+    $query =
+      join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
     ok(
         $res = $issuer->_post(
             $url,
-            IO::String->new($s),
+            IO::String->new($query),
             accept => 'text/html',
-            length => length($s),
+            length => length($query),
         ),
         'Post authentication'
     );
     expectOK($res);
     my $idpId = expectCookie($res);
+    ( $host, $url, $query ) =
+      expectForm( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
+        'SAMLResponse', 'RelayState' );
 
     # Post SAML response to SP
-    ok(
-        $res->[2]->[0] =~
-          m#<form.+?action="http://auth.sp.com(.*?)".+?method="post"#,
-        'Form method is POST'
-    );
-    $url = $1;
-    ok(
-        $res->[2]->[0] =~
-          /<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
-        'Found SAML response'
-    );
-    $s = "SAMLResponse=$1";
     switch ('sp');
     ok(
         $res = $sp->_post(
-            $url, IO::String->new($s),
+            $url, IO::String->new($query),
             accept => 'text/html',
-            length => length($s),
+            length => length($query),
             cookie => 'lemonldapidp=http://auth.idp.com/saml/metadata',
         ),
         'Post SAML response to SP'
     );
     my $spId = expectCookie($res);
-    expectRedirection( $res, 'http://auth.sp.com' );
+    expectRedirection( $res, 'http://test1.example.com/' );
 
     ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
     expectOK($res);