ProxyTicket not validated
showy opened this issue · 0 comments
showy commented
Hi,
The CAS server wasn't validating proxy tickets using the validate_service_ticket method.
--- a/lib/casserver/cas.rb
+++ b/lib/casserver/cas.rb
if service.nil? or ticket.nil?
error = Error.new(:INVALID_REQUEST, "Ticket or service parameter was missing in the request.")
$LOG.warn "#{error.code} - #{error.message}"
- elsif st = ServiceTicket.find_by_ticket(ticket)
+ elsif st = ( ServiceTicket.find_by_ticket(ticket) || ProxyTicket.find_by_ticket(ticket) )
if st.consumed?
error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has already been used up.")
$LOG.warn "#{error.code} - #{error.message}"
Addtionally the CAS server was throwing an undefined method (granted_by_tgt) for ProxyTicket objects while trying to get the user attributes associated for a ticket.
--- a/lib/casserver/server.rb
+++ b/lib/casserver/server.rb
@@ -700,7 +700,7 @@ module CASServer
@pgtiou = pgt.iou if pgt
end
- @extra_attributes = t.granted_by_tgt.extra_attributes || {}
+ @extra_attributes = t.granted_by_pgt.service_ticket.granted_by_tgt.extra_attributes || {}
end
else
@success = false