Skip to content

Commit

Permalink
fix(saml): fix profile initialization, improve error handling
Browse files Browse the repository at this point in the history 
Fixes #5153
Fixes #5270
  • Loading branch information
@cgx
cgx committed May 17, 2021
1 parent e536365 commit 1d88d36
Showing 1 changed file with 18 additions and 19 deletions.
37 changes: 18 additions & 19 deletions SoObjects/SOGo/SOGoSAML2Session.m
View file
Expand Up @@ -24,7 +24,6 @@
#include <lasso/xml/saml-2.0/saml2_attribute_value.h>
#include <lasso/xml/saml-2.0/samlp2_authn_request.h>


#import <NGObjWeb/WOApplication.h>
#import <NGObjWeb/WOContext.h>

Expand Down Expand Up @@ -237,22 +236,24 @@ - (id) init

- (void) _updateDataFromLogin
{
LassoSaml2Assertion *saml2Assertion;
GList *statementList, *attributeList;
LassoSaml2AttributeStatement *statement;
LassoMiscTextNode *textNode;
LassoNode *lassoNode;
LassoSaml2Assertion *saml2Assertion;
LassoSaml2Attribute *attribute;
LassoSaml2AttributeStatement *statement;
LassoSaml2AttributeValue *value;
LassoMiscTextNode *textNode;
LassoSaml2NameID *nameIdentifier;
SOGoSystemDefaults *sd;
NSString *loginAttribue;
SOGoSystemDefaults *sd;

gchar *dump;

saml2Assertion = LASSO_SAML2_ASSERTION (lasso_login_get_assertion (lassoLogin));

lassoNode = lasso_login_get_assertion (lassoLogin);
saml2Assertion = LASSO_SAML2_ASSERTION (lassoNode);
sd = [SOGoSystemDefaults sharedSystemDefaults];
loginAttribue = [sd SAML2LoginAttribute];

if (saml2Assertion)
{
/* deduce user login */
Expand All @@ -267,6 +268,7 @@ - (void) _updateDataFromLogin
while (!login && attributeList)
{
attribute = LASSO_SAML2_ATTRIBUTE (attributeList->data);

if (loginAttribue && (strcmp (attribute->Name, [loginAttribue UTF8String]) == 0))
{
value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data);
Expand Down Expand Up @@ -320,8 +322,7 @@ - (void) _updateDataFromLogin
assertion = nil;
}

nameIdentifier
= LASSO_SAML2_NAME_ID (LASSO_PROFILE (lassoLogin)->nameIdentifier);
nameIdentifier = LASSO_SAML2_NAME_ID (LASSO_PROFILE (lassoLogin)->nameIdentifier);
if (nameIdentifier)
{
/* deduce session id */
Expand All @@ -334,7 +335,7 @@ - (void) _updateDataFromLogin
- (id) _initWithDump: (NSDictionary *) saml2Dump
inContext: (WOContext *) context
{
// lasso_error_t rc;
lasso_error_t rc;
LassoServer *server;
LassoProfile *profile;
const gchar *dump;
Expand All @@ -346,10 +347,10 @@ - (id) _initWithDump: (NSDictionary *) saml2Dump
if (saml2Dump)
{
profile = LASSO_PROFILE (lassoLogin);

ASSIGN (login, [saml2Dump objectForKey: @"login"]);
ASSIGN (identifier, [saml2Dump objectForKey: @"identifier"]);
ASSIGN (assertion, [saml2Dump objectForKey: @"assertion"]);

ASSIGN(identity, [saml2Dump objectForKey: @"identity"]);
dump = [identity UTF8String];
if (dump)
Expand All @@ -359,11 +360,10 @@ - (id) _initWithDump: (NSDictionary *) saml2Dump
dump = [session UTF8String];
if (dump)
lasso_profile_set_session_from_dump (profile, dump);

lasso_login_accept_sso (lassoLogin);
// if (rc)
// [NSException raiseSAML2Exception: rc];
[self _updateDataFromLogin];

rc = lasso_login_accept_sso (lassoLogin);
if (!rc)
[self _updateDataFromLogin];
}
}

Expand Down Expand Up @@ -454,6 +454,7 @@ - (void) processAuthnResponse: (NSString *) authnResponse

responseData = strdup ([authnResponse UTF8String]);

profile = LASSO_PROFILE (lassoLogin);
rc = lasso_login_process_authn_response_msg (lassoLogin, responseData);
if (rc)
[NSException raiseSAML2Exception: rc];
Expand All @@ -469,8 +470,6 @@ - (void) processAuthnResponse: (NSString *) authnResponse
[saml2Dump setObject: identifier forKey: @"identifier"];
[saml2Dump setObject: assertion forKey: @"assertion"];

profile = LASSO_PROFILE (lassoLogin);

lasso_session = lasso_profile_get_session (profile);
if (lasso_session)
{
Expand Down

0 comments on commit 1d88d36

Please sign in to comment.