From a444d21e1aeaa55beb3fb104e4bdc8f95a791c89 Mon Sep 17 00:00:00 2001
From: SvenDowideit <SvenDowideit@0b4bb1d4-4e5a-0410-9cc4-b2b747904278>
Date: Wed, 29 Aug 2012 01:38:17 +0000
Subject: [PATCH] Item12056: CasLogin shows template auth screen if a logged in
 user navigates to it

git-svn-id: http://svn.foswiki.org/trunk/CasLoginContrib@15342 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
---
 data/System/CasLoginContrib.txt        |  1 +
 lib/Foswiki/Contrib/CasLoginContrib.pm |  2 +-
 lib/Foswiki/LoginManager/CasLogin.pm   | 42 ++++++++++++++++++--------
 3 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/data/System/CasLoginContrib.txt b/data/System/CasLoginContrib.txt
index af34ce3..b2327aa 100644
--- a/data/System/CasLoginContrib.txt
+++ b/data/System/CasLoginContrib.txt
@@ -51,6 +51,7 @@ This is a re-write of the TWiki CASLogin work done by Greg Abbas, Charlie Reitsm
 |  Author(s): | Foswiki:Main.SvenDowideit |
 |  Copyright: | &copy; SvenDowideit@fosiki.com |
 |  License: | [[http://www.gnu.org/licenses/gpl.html][GPL 3 (Gnu General Public License)]] |
+|  Aug 2012 | 1.6.2 - Item12056: CasLogin shows template auth screen if a logged in user navigates to it |
 |  Aug 2012 | 1.6.1 - quick fix for Foswiki::Tasks.Item12054: recursion in CasLogin if access is denied to the user that has just logged in |
 |  Aug 2012 | initial release of the  third re-implementation |
 |  Release: | %$RELEASE% |
diff --git a/lib/Foswiki/Contrib/CasLoginContrib.pm b/lib/Foswiki/Contrib/CasLoginContrib.pm
index e24fc61..0ef67eb 100644
--- a/lib/Foswiki/Contrib/CasLoginContrib.pm
+++ b/lib/Foswiki/Contrib/CasLoginContrib.pm
@@ -31,7 +31,7 @@ our $VERSION = '$Rev$';    # version of *this file*.
 # date    - a date in 1 Jun 2009 format. Three letter English month names only.
 # Note: it's important that this string is exactly the same in the extension
 # topic - if you use %$RELEASE% with BuildContrib this is done automatically.
-our $RELEASE = '1.6.1';
+our $RELEASE = '1.6.2';
 
 our $SHORTDESCRIPTION = 'CAS SSO Login for foswiki';
 
diff --git a/lib/Foswiki/LoginManager/CasLogin.pm b/lib/Foswiki/LoginManager/CasLogin.pm
index 0e214bd..bd9f841 100644
--- a/lib/Foswiki/LoginManager/CasLogin.pm
+++ b/lib/Foswiki/LoginManager/CasLogin.pm
@@ -82,25 +82,32 @@ sub loadSession {
 
 # LoginManager::loadSession does a redirect on logout, so we have to deal with (CAS) logout before it.
     my $authUser = $this->SUPER::loadSession();
+    my $uri      = Foswiki::Func::getUrlHost() . $query->uri();
 
     #print STDERR "hello : $authUser\n";
     #print STDERR "params: ".join(', ', $query->param())."\n";
-    #print STDERR "uri: ".Foswiki::Func::getUrlHost().$query->uri()."\n";
+    #print STDERR "uri: $uri\n";
+    #print STDERR "relative ".$query->url(-relative=>1);                    
+    #print STDERR "full ".$query->url(-full=>1);                    
+    #print STDERR "query ".$query->url(-query=>1);                    
     #check returned ticket
     if ( defined($ticket) ) {
-        my $uri = Foswiki::Func::getUrlHost() . $query->uri();
         $uri =~ s/[?;&]ticket=.*$//;
-        $authUser = $this->{CAS}->validateST( $uri, $ticket );
-
-        #        print STDERR "login? $authUser => $ticket\n";
-        #TODO: protect against auth as basemapper admin?
+        my $casUser = $this->{CAS}->validateST( $uri, $ticket );
+        if ($casUser) {
+            $authUser = $casUser;
+            #        print STDERR "login? $authUser => $ticket\n";
+            #TODO: protect against auth as basemapper admin?
 
        #if its an email address, we can make the generated wikiname more usefull
-        $authUser =~ s/(\.|@)(.)/$1.uc($2)/ge;
-        $authUser = ucfirst($authUser);
+            $authUser =~ s/(\.|@)(.)/$1.uc($2)/ge;
+            $authUser = ucfirst($authUser);
 
-        $this->userLoggedIn($authUser);
-        my $origurl = $query->param('foswiki_origin');
+            $this->userLoggedIn($authUser);
+        } else {
+            # a bad ticket - so ignore
+            # its a bit difficult if its a resubmit of an old ticket to the login script :/
+        }
     }
     else {
         if (   defined( $query->param('sudo') )
@@ -112,8 +119,14 @@ sub loadSession {
             $this->userLoggedIn($authUser);
         }
         else {
-            if ( $foswiki->inContext('login') ) {
-                $this->forceAuthentication();
+            if ( $foswiki->inContext('login') || $foswiki->inContext('logon') )
+            {
+                if ( !$this->forceAuthentication() ) {
+                    my $full = $query->url(-full=>1);
+                    $uri =~ s/^$full//;
+                    $uri = Foswiki::Func::getScriptUrl(undef, undef, 'view').$uri;
+                    $foswiki->redirect( $uri, 0 );
+                }
             }
         }
     }
@@ -133,8 +146,11 @@ Triggered on auth fail
 sub forceAuthentication {
     my $this    = shift;
     my $session = $this->{session};
+    my $query   = $session->{request};
 
-    if ( !$session->inContext('authenticated') && !defined($query->param('ticket'))) {
+    if (   !$session->inContext('authenticated')
+        && !defined( $query->param('ticket') ) )
+    {
         $session->redirect( $this->loginUrl(), 0 );
         return 1;
     }