Commit 2c8761b2 authored by Aaron Wells's avatar Aaron Wells

Bug 1620879: Make SAML auth return to initial URL after login

This is needed specifically for the
module/mobileapi/tokenform.php script

Also adding an anchor "#sso" at the extra login elements,
to allow the app to scroll that part into view.

behatnotneeded: Can't test in Behat (yet)

Change-Id: I4363976522b8339542002535d8ba57fdc70496ac
parent 2d93d2ee
......@@ -1292,7 +1292,7 @@ function auth_get_login_form_elements() {
if (!empty($extraelements) && $showbasicform) {
$loginlabel = array(
'type' => 'markup',
'value' => '<p>' . get_string('orloginvia') . '</p>'
'value' => '<p><a name="sso" />' . get_string('orloginvia') . '</p>'
);
$extraelements = array_merge(array('label' => $loginlabel), $extraelements);
$keys = array_keys($extraelements);
......
......@@ -86,6 +86,14 @@ if (!$wantsurl) {
$wantsurl = $CFG->wwwroot;
}
}
// taken from Moodle clean_param - make sure the wantsurl is correctly formed
include_once('validateurlsyntax.php');
if (!validateUrlSyntax($wantsurl, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
$wantsurl = $CFG->wwwroot;
}
// trim off any reference to login and stash
$SESSION->wantsurl = preg_replace('/\&login$/', '', $wantsurl);
$as = new SimpleSAML_Auth_Simple($sp);
$idp_entityid = null;
......@@ -145,10 +153,6 @@ $THEME = new Theme($USER);
// END of copied stuff from original init.php
// ***********************************************************************
if (!$SESSION->get('wantsurl')) {
$SESSION->set('wantsurl', preg_replace('/\&login$/', '', $wantsurl));
}
// now start the hunt for the associated authinstance for the organisation attached to the saml_attributes
global $instance;
$instance = auth_saml_find_authinstance($saml_attributes);
......@@ -310,7 +314,8 @@ function auth_saml_disco_screen($list, $preferred) {
$idps = array();
$lang = current_language();
$lang = strtolower(array_shift(explode('.', $lang)));
$lang = explode('.', $lang);
$lang = strtolower(array_shift($lang));
$haslogos = false;
foreach ($list as $entityid => $value) {
$desc = $name = $entityid;
......
......@@ -834,9 +834,14 @@ class PluginAuthSaml extends PluginAuth {
* Add "SSO Login" link below the normal login form.
*/
public static function login_form_elements() {
$url = get_config('wwwroot') . 'auth/saml/index.php';
if (isset($_GET['login'])) {
// We're on the transient login page. Redirect back to original page once we're done.
$url .= '?wantsurl=' . urlencode(get_full_script_path());
}
$elements = array(
'loginsaml' => array(
'value' => '<div class="login-externallink"><a class="btn btn-primary btn-xs" href="' . get_config('wwwroot') . 'auth/saml/index.php">' . get_string('login', 'auth.saml') . '</a></div>'
'value' => '<div class="login-externallink"><a class="btn btn-primary btn-xs" href="' . $url . '">' . get_string('login', 'auth.saml') . '</a></div>'
)
);
return $elements;
......
......@@ -242,21 +242,21 @@ function validateUrlSyntax( $urladdr, $options="" ){
$alphanum = '[a-zA-Z0-9]'; // Alpha Numeric
$unreserved = '[a-zA-Z0-9_.!~*' . '\'' . '()-]';
$escaped = '(%[0-9a-fA-F]{2})'; // Escape sequence - In Hex - %6d would be a 'm'
$reserved = '[;/?:@&=+$,]'; // Special characters in the URI
$reserved = '[;\/?:@&=+$,]'; // Special characters in the URI
// Beginning Regular Expression
// Scheme - Allows for 'http://', 'https://', 'mailto:', or 'ftp://'
$scheme = '(';
if ($aOptions['H'] === '') { $scheme .= 'http://'; }
elseif ($aOptions['S'] === '') { $scheme .= 'https://'; }
if ($aOptions['H'] === '') { $scheme .= 'http:\/\/'; }
elseif ($aOptions['S'] === '') { $scheme .= 'https:\/\/'; }
elseif ($aOptions['E'] === '') { $scheme .= 'mailto:'; }
elseif ($aOptions['F'] === '') { $scheme .= 'ftp://'; }
elseif ($aOptions['F'] === '') { $scheme .= 'ftp:\/\/'; }
else
{
if ($aOptions['H'] === '?') { $scheme .= '|(http://)'; }
if ($aOptions['S'] === '?') { $scheme .= '|(https://)'; }
if ($aOptions['H'] === '?') { $scheme .= '|(http:\/\/)'; }
if ($aOptions['S'] === '?') { $scheme .= '|(https:\/\/)'; }
if ($aOptions['E'] === '?') { $scheme .= '|(mailto:)'; }
if ($aOptions['F'] === '?') { $scheme .= '|(ftp://)'; }
if ($aOptions['F'] === '?') { $scheme .= '|(ftp:\/\/)'; }
$scheme = str_replace('(|', '(', $scheme); // fix first pipe
}
$scheme .= ')' . $aOptions['s'];
......@@ -299,7 +299,7 @@ function validateUrlSyntax( $urladdr, $options="" ){
$port_number = '(:(([0-5]?[0-9]{1,4})|(6[0-4][0-9]{3})|(65[0-4][0-9]{2})|(655[0-2][0-9])|(6553[0-5])))' . $aOptions['p'];
// Path - Can be as simple as '/' or have multiple folders and filenames
$path = '(/((;)?(' . $unreserved . '|' . $escaped . '|' . '[:@&=+$,]' . ')+(/)?)*)' . $aOptions['f'];
$path = '(\/((;)?(' . $unreserved . '|' . $escaped . '|' . '[:@&=+$,]' . ')+(\/)?)*)' . $aOptions['f'];
// Query Section - Accepts ?var1=value1&var2=value2 or ?2393,1221 and much more
$querystring = '(\?(' . $reserved . '|' . $unreserved . '|' . $escaped . ')*)' . $aOptions['q'];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment