From c7a0d4d8f5ea2c8365325070246c704b93a25469 Mon Sep 17 00:00:00 2001
From: olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>
Date: Fri, 25 Apr 2014 09:11:46 +0000
Subject: Add a helper to redirect on unauthorized error

In case we are going to return a HTTP_UNAUTHORIZED
error we can also redirect the client to an admin chosen
page to let the application handle the error on its own.

Signed-off-by: Simo Sorce <simo@redhat.com>

git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
---
 auth_mellon.h         |  3 +++
 auth_mellon_config.c  | 14 ++++++++++++++
 auth_mellon_handler.c |  8 ++++++++
 3 files changed, 25 insertions(+)

diff --git a/auth_mellon.h b/auth_mellon.h
index 192cff0..8347013 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -210,6 +210,9 @@ typedef struct am_dir_cfg_rec {
     /* No cookie error page. */
     const char *no_cookie_error_page;
 
+    /* Authorization error page. */
+    const char *no_success_error_page;
+
     /* Login path for IdP initiated logins */
     const char *login_path;
 
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
index 9b406e8..36f6b96 100644
--- a/auth_mellon_config.c
+++ b/auth_mellon_config.c
@@ -1045,6 +1045,15 @@ const command_rec auth_mellon_commands[] = {
         " return a 400 Bad Request error if this is unset and the user"
         " ha disabled cookies."
         ),
+    AP_INIT_TAKE1(
+        "MellonNoSuccessErrorPage",
+        ap_set_string_slot,
+        (void *)APR_OFFSETOF(am_dir_cfg_rec, no_success_error_page),
+        OR_AUTHCFG,
+        "Web page to display if the idp posts with a failed"
+        " authentication error. We will return a 401 Unauthorized error"
+        " if this is unset and the idp posts such assertion."
+        ),
     AP_INIT_TAKE1(
         "MellonSPMetadataFile",
         am_set_filestring_slot,
@@ -1271,6 +1280,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
     dir->session_length = -1; /* -1 means use default. */
 
     dir->no_cookie_error_page = NULL;
+    dir->no_success_error_page = NULL;
 
     dir->sp_metadata_file = NULL;
     dir->sp_private_key_file = NULL;
@@ -1425,6 +1435,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
                                      add_cfg->no_cookie_error_page :
                                      base_cfg->no_cookie_error_page);
 
+    new_cfg->no_success_error_page = (add_cfg->no_success_error_page != NULL ?
+                                     add_cfg->no_success_error_page :
+                                     base_cfg->no_success_error_page);
+
 
     new_cfg->sp_metadata_file = (add_cfg->sp_metadata_file ?
                                  add_cfg->sp_metadata_file :
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index e5c82a6..1de217a 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -1974,6 +1974,7 @@ static int am_handle_post_reply(request_rec *r)
     LassoServer *server;
     LassoLogin *login;
     char *relay_state;
+    am_dir_cfg_rec *dir_cfg = am_get_dir_cfg(r);
     int i, err;
 
     /* Make sure that this is a POST request. */
@@ -2048,6 +2049,13 @@ static int am_handle_post_reply(request_rec *r)
                 break;
             }
         }
+        if (err == HTTP_UNAUTHORIZED) {
+            if (dir_cfg->no_success_error_page != NULL) {
+                apr_table_setn(r->headers_out, "Location",
+                               dir_cfg->no_success_error_page);
+                return HTTP_SEE_OTHER;
+            }
+        }
         return err;
     }
 
-- 
cgit