From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <webmaster@jbsky.fr>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id E15A4734A0
 for <pve-devel@lists.proxmox.com>; Thu, 27 May 2021 23:57:50 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id D4523229A7
 for <pve-devel@lists.proxmox.com>; Thu, 27 May 2021 23:57:20 +0200 (CEST)
Received: from smtp.smtpout.orange.fr (smtp04.smtpout.orange.fr
 [80.12.242.126])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 945B722991
 for <pve-devel@lists.proxmox.com>; Thu, 27 May 2021 23:57:19 +0200 (CEST)
Received: from dovecot.localdomain ([90.118.15.232]) by mwinf5d51 with ME
 id 9xxD2500250Qfqq03xxDuZ; Thu, 27 May 2021 23:57:13 +0200
X-ME-Helo: dovecot.localdomain
X-ME-Auth: anVsaWVuLmJsYWlzNUBvcmFuZ2UuZnI=
X-ME-Date: Thu, 27 May 2021 23:57:13 +0200
X-ME-IP: 90.118.15.232
From: Julien BLAIS <webmaster@jbsky.fr>
To: pve-devel@lists.proxmox.com
Cc: Julien BLAIS <webmaster@jbsky.fr>
Date: Thu, 27 May 2021 23:55:13 +0200
Message-Id: <20210527215511.28243-3-webmaster@jbsky.fr>
In-Reply-To: <20210527215511.28243-1-webmaster@jbsky.fr>
References: <20210527215511.28243-1-webmaster@jbsky.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  1
 AWL -0.109 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years
 KAM_SHORT               0.001 Use of a URL Shortener for very short URL
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust RCVD_IN_MSPIKE_H2      -0.001 Average reputation (+2)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH] [PATCH pve-http-server] SSO feature: login with
 SAMLv2
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 21:57:50 -0000

Add a formatted page that allows redirection.
For performance reasons, a raw format is used instead of a redirection initiated by the HTTP header.

/!\ Modification of the redirection URL for the /access/ticket endpoint.

Signed-off-by: Julien BLAIS <webmaster@jbsky.fr>
---
 src/PVE/APIServer/Formatter/HTML.pm | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/PVE/APIServer/Formatter/HTML.pm b/src/PVE/APIServer/Formatter/HTML.pm
index 743d0ad..3a90aa8 100644
--- a/src/PVE/APIServer/Formatter/HTML.pm
+++ b/src/PVE/APIServer/Formatter/HTML.pm
@@ -277,7 +277,7 @@ PVE::APIServer::Formatter::register_page_formatter(
 	    my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
 		$data->{ticket}, $config->{cookie_name});
 
-	    my $headers = HTTP::Headers->new(Location => $get_portal_base_url->($config),
+	    my $headers = HTTP::Headers->new(Location => '/',
 					     'Set-Cookie' => $cookie);
 	    return HTTP::Response->new(301, "Moved", $headers);
 	}
@@ -293,4 +293,27 @@ PVE::APIServer::Formatter::register_page_formatter(
 	return ($raw, $portal_ct);
     });
 
+PVE::APIServer::Formatter::register_page_formatter(
+    'format' => $portal_format,
+    method => 'GET',
+    path => "/access/saml",
+    code => sub {
+	my ($res, $data, $param, $path, $auth, $config) = @_;
+
+	# Get realm from cookie, see TODO part in POST /access/ticket
+	my $cookie = PVE::APIServer::Formatter::create_auth_cookie(
+	$data->{realm}, 'realm');
+
+	my $page = qq[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+	<html>
+	<body>
+	<script type="text/javascript">if ('$data->{url}' != '') window.location.href='$data->{url}';</script>
+	</body>
+	</html>
+	];
+	my $headers = HTTP::Headers->new('Set-Cookie' => $cookie);
+	return HTTP::Response->new(200, "Moved", $headers, $page);
+
+    });
+
 1;
-- 
2.20.1