Fix logout url bug.

2023-02-14 00:06:00 +08:00 · 2023-02-14 00:06:00 +08:00 · 70850b1826
parent 9131449314
commit 70850b1826
1 changed files with 8 additions and 6 deletions
--- a/app/controllers/sso_login_box_controller.rb
+++ b/app/controllers/sso_login_box_controller.rb
@ -2,6 +2,7 @@ class SsoLoginBoxController < SessionsController
  require 'openssl'
  require 'onelogin/ruby-saml'
  OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
+  skip_before_action :verify_authenticity_token
  def sso_auth_page
    session[:referer_url] = params[:referer_url]
    # puts ["session", session, session.to_hash]
@ -43,8 +44,8 @@ class SsoLoginBoxController < SessionsController
          session[:sso_token] = user.id
          session[:user_id] = user.id
          session[:login_referer] = nil
-          if params[:referer_url].present?
-            redirect_to URI.parse(params[:referer_url]).path
+          if session[:referer_url].present?
+            redirect_to URI.parse(session[:referer_url]).path
          else
            redirect_to admin_dashboards_path
          end
@ -71,7 +72,8 @@ class SsoLoginBoxController < SessionsController
  # Create a SP initiated SLO
  def sp_logout_request
    # LogoutRequest accepts plain browser requests w/o paramters
-    settings = saml_settings
+    logout_url = URI.join("https://#{request.host}", params[:referer_url].to_s) rescue "https://#{request.host}"
+    settings = saml_settings(logout_url)

    if settings.idp_slo_service_url.nil?
      delete_session
@ -88,21 +90,21 @@ class SsoLoginBoxController < SessionsController
      # Save the transaction_id to compare it with the response we get back
      session[:transaction_id] = logout_request.uuid
      session[:logged_out_user] = logged_user
-
      relayState = "https://#{request.host}"
      redirect_to(logout_request.create(settings, :RelayState => relayState))
    end
  end
  private

-  def saml_settings
+  def saml_settings(logout_url=nil)
    settings = OneLogin::RubySaml::Settings.new
    request_host = request.host
+    logout_url ||= "https://#{request_host}"
    settings.assertion_consumer_service_url = "https://#{request_host}/ntu_sso/response"
    settings.issuer                         = request_host
    settings.idp_sso_target_url            = "https://adfs.ntu.edu.tw/adfs/ls/"
    # settings.idp_sso_target_binding        = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
-    settings.idp_slo_target_url            = "https://adfs.ntu.edu.tw/adfs/ls/clearall.aspx?url=https://#{request_host}"
+    settings.idp_slo_service_url            = "https://adfs.ntu.edu.tw/adfs/ls/clearall.aspx?url=#{logout_url}"
    # settings.idp_slo_service_binding        = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
    settings.idp_cert_fingerprint           = (File.read('adfs_fingerprint.txt') rescue '') #"0A:27:FC:D5:CE:DC:D8:44:CC:A9:58:8A:42:D1:F4:DF:38:2E:4A:C3"
    settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"