Provide client request into template generation, particularly for logout.

diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index a31006a..74d3a4b 100644 (file)
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -820,5 +820,5 @@ pair<bool,long> ADFSLogout::run(SPRequest& request, bool isHandler) const
 
     if (param)
         return make_pair(true, request.sendRedirect(param));
-    return sendLogoutPage(app, request, false, "Logout complete.");
+    return sendLogoutPage(app, request, request, false, "Logout complete.");
 }

diff --git a/shibsp/ServiceProvider.cpp b/shibsp/ServiceProvider.cpp
index 944dc26..529d834 100644 (file)
--- a/shibsp/ServiceProvider.cpp
+++ b/shibsp/ServiceProvider.cpp
@@ -525,6 +525,7 @@ pair<bool,long> ServiceProvider::doHandler(SPRequest& request) const
     catch (exception& e) {
         TemplateParameters tp(&e);
         tp.m_map["requestURL"] = targetURL.substr(0,targetURL.find('?'));
+        tp.m_request = &request;
         return make_pair(true,sendError(log, request, app, "session", tp));
     }
 }

diff --git a/shibsp/handler/LogoutHandler.h b/shibsp/handler/LogoutHandler.h
index 8246aae..7026563 100644 (file)
--- a/shibsp/handler/LogoutHandler.h
+++ b/shibsp/handler/LogoutHandler.h
@@ -110,12 +110,17 @@ namespace shibsp {
          * Sends a response template to the user agent informing it of the results of a logout attempt.
          *
          * @param application   the Application to use in determining the logout template
+         * @param request       the HTTP client request to supply to the template
          * @param response      the HTTP response to use
          * @param local         true iff the logout operation was local to the SP, false iff global
          * @param status        optional logoutStatus key value to add to template
          */
         std::pair<bool,long> sendLogoutPage(
-            const Application& application, xmltooling::HTTPResponse& response, bool local=true, const char* status=NULL
+            const Application& application,
+            const xmltooling::HTTPRequest& request,
+            xmltooling::HTTPResponse& response,
+            bool local=true,
+            const char* status=NULL
             ) const;
     };
 

diff --git a/shibsp/handler/impl/LocalLogoutInitiator.cpp b/shibsp/handler/impl/LocalLogoutInitiator.cpp
index 8faaa71..832e640 100644 (file)
--- a/shibsp/handler/impl/LocalLogoutInitiator.cpp
+++ b/shibsp/handler/impl/LocalLogoutInitiator.cpp
@@ -104,10 +104,10 @@ pair<bool,long> LocalLogoutInitiator::run(SPRequest& request, bool isHandler) co
         vector<string> sessions(1, session_id);
         if (!notifyBackChannel(app, request.getRequestURL(), sessions, true)) {
             app.getServiceProvider().getSessionCache()->remove(app, request, &request);
-            return sendLogoutPage(app, request, true, "Partial logout failure.");
+            return sendLogoutPage(app, request, request, true, "Partial logout failure.");
         }
         request.getServiceProvider().getSessionCache()->remove(app, request, &request);
     }
 
-    return sendLogoutPage(app, request, true, "Logout was successful.");
+    return sendLogoutPage(app, request, request, true, "Logout was successful.");
 }

diff --git a/shibsp/handler/impl/LogoutHandler.cpp b/shibsp/handler/impl/LogoutHandler.cpp
index 695db99..c86b412 100644 (file)
--- a/shibsp/handler/impl/LogoutHandler.cpp
+++ b/shibsp/handler/impl/LogoutHandler.cpp
@@ -36,7 +36,9 @@ using namespace shibsp;
 using namespace xmltooling;
 using namespace std;
 
-pair<bool,long> LogoutHandler::sendLogoutPage(const Application& application, HTTPResponse& response, bool local, const char* status) const
+pair<bool,long> LogoutHandler::sendLogoutPage(
+    const Application& application, const HTTPRequest& request, HTTPResponse& response, bool local, const char* status
+    ) const
 {
     pair<bool,const char*> prop = application.getString(local ? "localLogout" : "globalLogout");
     if (prop.first) {
@@ -47,6 +49,7 @@ pair<bool,long> LogoutHandler::sendLogoutPage(const Application& application, HT
         if (!infile)
             throw ConfigurationException("Unable to access $1 HTML template.", params(1,local ? "localLogout" : "globalLogout"));
         TemplateParameters tp;
+        tp.m_request = &request;
         tp.setPropertySet(application.getPropertySet("Errors"));
         if (status)
             tp.m_map["logoutStatus"] = status;
@@ -62,7 +65,7 @@ pair<bool,long> LogoutHandler::sendLogoutPage(const Application& application, HT
 
 pair<bool,long> LogoutHandler::run(SPRequest& request, bool isHandler) const
 {
-    // If we're inside a chain, so do nothing.
+    // If we're inside a chain, do nothing.
     if (getParent())
         return make_pair(false,0L);
     
@@ -71,11 +74,7 @@ pair<bool,long> LogoutHandler::run(SPRequest& request, bool isHandler) const
         return make_pair(false,0L);
 
     // Try another front-channel notification. No extra parameters and the session is implicit.
-    pair<bool,long> ret = notifyFrontChannel(request.getApplication(), request, request);
-    if (ret.first)
-        return ret;
-
-    return make_pair(false,0L);
+    return notifyFrontChannel(request.getApplication(), request, request);
 }
 
 void LogoutHandler::receive(DDF& in, ostream& out)

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 9dbedd9..ade83f0 100644 (file)
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -515,7 +515,7 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
         checkError(logoutResponse, policy.getIssuerMetadata()); // throws if Status doesn't look good...
 
         // Return template for completion of global logout, or redirect to homeURL.
-        return sendLogoutPage(application, response, false, "Global logout completed.");
+        return sendLogoutPage(application, request, response, false, "Global logout completed.");
     }
 
     FatalProfileException ex("Incoming message was not a samlp:LogoutRequest or samlp:LogoutResponse.");

diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
index b4db0c0..00a1a66 100644 (file)
--- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp
+++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
@@ -275,7 +275,7 @@ pair<bool,long> SAML2LogoutInitiator::doRequest(
     if (!notifyBackChannel(application, httpRequest.getRequestURL(), sessions, false)) {
         session->unlock();
         application.getServiceProvider().getSessionCache()->remove(application, httpRequest, &httpResponse);
-        return sendLogoutPage(application, httpResponse, true, "Partial logout failure.");
+        return sendLogoutPage(application, httpRequest, httpResponse, true, "Partial logout failure.");
     }
 
 #ifndef SHIBSP_LITE
@@ -340,15 +340,15 @@ pair<bool,long> SAML2LogoutInitiator::doRequest(
             }
 
             if (!logoutResponse)
-                ret = sendLogoutPage(application, httpResponse, false, "Identity provider did not respond to logout request.");
+                ret = sendLogoutPage(application, httpRequest, httpResponse, false, "Identity provider did not respond to logout request.");
             else if (!logoutResponse->getStatus() || !logoutResponse->getStatus()->getStatusCode() ||
                    !XMLString::equals(logoutResponse->getStatus()->getStatusCode()->getValue(), saml2p::StatusCode::SUCCESS)) {
                 delete logoutResponse;
-                ret = sendLogoutPage(application, httpResponse, false, "Identity provider returned a SAML error in response to logout request.");
+                ret = sendLogoutPage(application, httpRequest, httpResponse, false, "Identity provider returned a SAML error in response to logout request.");
             }
             else {
                 delete logoutResponse;
-                ret = sendLogoutPage(application, httpResponse, false, "Logout completed successfully.");
+                ret = sendLogoutPage(application, httpRequest, httpResponse, false, "Logout completed successfully.");
             }
 
             if (session) {