Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web Server rewrite not taken into account to access module web interface #1093

Open
dweeves opened this issue Apr 10, 2019 · 2 comments

Comments

@dweeves
Copy link

commented Apr 10, 2019

Abstract case

  • cannot access a module with a web interface (not bound to SAML session) through a server rewrite without redirect to real (module.php/modulename/moduleroute) on a url with parameters.

Concrete case:

module selfregister, that allows for handling user registration.

Apache Rewrite Configuration:

RewriteRule ^/register module.php/selfregister/newUser.php [QSA,L]

Why it bothers

In some deployments, the "exposed" url needs to be "polished" (having /register) instead of (/module.php/selfregister/newUser.php) is a valid expectation i think.

To Reproduce

Steps to reproduce the behavior:

  1. Install a module that has its own web interface
  2. create an apache rewrite to this module web interface
  3. You'll get a 404 not found (because module does not match initial url)

Expected behavior

The real module name (selfregister) should be matched using $_SERVER['PATH_INFO'] (which is the apache rewritten url) rather than using the left part of original non apache rewritten URL.

So , having /register able to process module

Additional context

The problem lies in module detection using $request->getPathInfo() , which uses symfony request class, which tries to be a bit too "smart"

File:
/lib/SimpleSAML/Module.php , method process(), line 123

Real cause:
use of /vendor/symfony/http-foundation/Request.php , which computes the pathinfo from the request uri.

Current workaround (i.e : not fitting my requirement)

  • Force a real redirect in apache config [R,QSA,L] in the end of the redirect rule line
  • This is really not what i want, since exposing the "SAML module" internal url which i tried to avoid.
@tvdijen

This comment has been minimized.

Copy link
Member

commented Apr 10, 2019

This is a duplicate of #1023

@dweeves

This comment has been minimized.

Copy link
Author

commented Apr 10, 2019

submitted PR #1095 to solve this issue

@tvdijen tvdijen added this to the 1.18 milestone Jul 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.