Option to redirect to exact service url

Some clients will encode query parameters in their service url incorrectly.
If SSP/php's query builder utils are used then the service url is parsed,
and reconstructed differently then what is stored in the ticket. Sometimes
badly encoded parameters are lost.

Example: should space in a query param be encoded as '+' or '%20'

Author: pradtke

config-templates/module_casserver.php

@@ -32,6 +32,9 @@
             'attributes_to_transfer' => ['cn'],
         ],
     ],
+    // Don't use php or SSP's built in methods for constructing queries. Default is false
+    // Enabling this redirects the user back to the service with the exact service url provided.
+    'noReencode' => false,
 
     'legal_target_service_urls' => [
         //Any target service url string matching any of the following prefixes is accepted

tests/config/module_casserver.php

@@ -30,6 +30,10 @@
         ],
         'http://changeTicketParam' => [
             'ticketName' => 'myTicket',
+        ],
+        'https://buggy.edu' => [
+            // Don't use php or SSP's built in methods for constructing queries.
+            'noReencode' => true
         ]
     ],
 

tests/www/LoginIntegrationTest.php

@@ -227,6 +227,43 @@ public function testValidTicketNameOverride()
         );
     }
 
+    /**
+     * Some clients don't correctly encode query parameters that are part their service
+     * urls or encode a space in a different way then SSP will in a redirect. This workaround
+     * is to allow those clients to work
+     * @dataProvider buggyClientProvider
+     * @return void
+     */
+    public function testBuggyClientBadUrlEncodingWorkAround($service_url)
+    {
+        $this->authenticate();
+
+        /** @var array $resp */
+        $resp = $this->server->get(
+            self::$LINK_URL,
+            ['service' => $service_url],
+            [
+                CURLOPT_COOKIEJAR => $this->cookies_file,
+                CURLOPT_COOKIEFILE => $this->cookies_file
+            ]
+        );
+        $this->assertEquals(302, $resp['code']);
+
+        $this->assertStringStartsWith(
+            $service_url . '?ticket=ST-',
+            $resp['headers']['Location'],
+            'Ticket should be part of the redirect.'
+        );
+    }
+
+    public function buggyClientProvider(): array
+    {
+        return [
+            ['https://buggy.edu/kc/portal.do?solo&ct=Search%20Prot&curl=https://kc.edu/kc/IRB.do?se=1875*&runSearch=1'],
+            ['https://buggy.edu/kc'],
+        ];
+    }
+
 
     /**
      * Test outputting user info instead of redirecting

www/login.php

@@ -28,15 +28,15 @@
  *  language
  */
 
+use SimpleSAML\Configuration;
+use SimpleSAML\Locale\Language;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
 use SimpleSAML\Module\casserver\Cas\AttributeExtractor;
 use SimpleSAML\Module\casserver\Cas\Protocol\SamlValidateResponder;
 use SimpleSAML\Module\casserver\Cas\ServiceValidator;
 use SimpleSAML\Module\casserver\Cas\Ticket\TicketFactory;
 use SimpleSAML\Module\casserver\Cas\Ticket\TicketStore;
-use SimpleSAML\Configuration;
-use SimpleSAML\Locale\Language;
-use SimpleSAML\Logger;
-use SimpleSAML\Module;
 use SimpleSAML\Session;
 use SimpleSAML\Utils\HTTP;
 
@@ -223,7 +223,15 @@
             echo '<pre>' . htmlspecialchars($casResponse) . '</pre>';
         }
     } elseif ($redirect) {
-        HTTP::redirectTrustedURL(HTTP::addURLParameters($serviceUrl, $parameters));
+        if ($casconfig->getBoolean('noReencode', false)) {
+            // Some client encode query params wrong, and calling HTTP::addURLParameters
+            // will reencode them resulting in service mismatches
+            $extraParams = http_build_query($parameters);
+            $redirectUrl = $_GET['service'] . (strpos('?', $_GET['service']) === false ? '?' : '&') . $extraParams;
+            HTTP::redirectTrustedURL($redirectUrl);
+        } else {
+            HTTP::redirectTrustedURL(HTTP::addURLParameters($_GET['service'], $parameters));
+        }
     } else {
         HTTP::submitPOSTData($serviceUrl, $parameters);
     }