From 624a4d302edc02c617330344187d53c2a6604c14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20LELEU?= <jerome.leleu@teamdlab.com>
Date: Thu, 30 Apr 2020 17:48:50 +0200
Subject: [PATCH] fix surrogation lost on bad password

---
 .../SurrogateInitialAuthenticationAction.java | 74 -------------------
 .../resources/templates/casLoginView.html     |  1 +
 2 files changed, 1 insertion(+), 74 deletions(-)
 delete mode 100644 cas/cas-server/src/main/java/org/apereo/cas/web/flow/action/SurrogateInitialAuthenticationAction.java

diff --git a/cas/cas-server/src/main/java/org/apereo/cas/web/flow/action/SurrogateInitialAuthenticationAction.java b/cas/cas-server/src/main/java/org/apereo/cas/web/flow/action/SurrogateInitialAuthenticationAction.java
deleted file mode 100644
index 364065eb..00000000
--- a/cas/cas-server/src/main/java/org/apereo/cas/web/flow/action/SurrogateInitialAuthenticationAction.java
+++ /dev/null
@@ -1,74 +0,0 @@
-package org.apereo.cas.web.flow.action;
-
-import org.apereo.cas.authentication.RememberMeCredential;
-import org.apereo.cas.authentication.SurrogateUsernamePasswordCredential;
-import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
-import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
-import org.apereo.cas.web.flow.actions.InitialAuthenticationAction;
-import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
-import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
-import org.apereo.cas.web.support.WebUtils;
-
-import lombok.extern.slf4j.Slf4j;
-import lombok.val;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.webflow.execution.Event;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * Copy of the original class without the downgrade to UsernamePasswordCredential when there is no surrogation separator.
- */
-@Slf4j
-public class SurrogateInitialAuthenticationAction extends InitialAuthenticationAction {
-    private final String separator;
-
-    public SurrogateInitialAuthenticationAction(final CasDelegatingWebflowEventResolver delegatingWebflowEventResolver,
-                                                final CasWebflowEventResolver webflowEventResolver,
-                                                final AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy,
-                                                final String separator) {
-        super(delegatingWebflowEventResolver, webflowEventResolver, adaptiveAuthenticationPolicy);
-        this.separator = separator;
-    }
-
-    @Override
-    protected Event doPreExecute(final RequestContext context) throws Exception {
-        val up = WebUtils.getCredential(context, UsernamePasswordCredential.class);
-        if (up == null) {
-            LOGGER.debug("Provided credentials cannot be found, or are already of type [{}]", SurrogateUsernamePasswordCredential.class.getName());
-            return super.doPreExecute(context);
-        }
-        if (up.getUsername().contains(this.separator)) {
-            LOGGER.debug("Credential username includes the separator [{}]. Converting to surrogate...", this.separator);
-            convertToSurrogateCredential(context, up);
-        }
-        return super.doPreExecute(context);
-    }
-
-    private void convertToSurrogateCredential(final RequestContext context, final UsernamePasswordCredential up) {
-        val sc = new SurrogateUsernamePasswordCredential();
-
-        val tUsername = up.getUsername();
-        val surrogateUsername = tUsername.substring(0, tUsername.indexOf(this.separator));
-        val realUsername = tUsername.substring(tUsername.indexOf(this.separator) + this.separator.length());
-        LOGGER.debug("Converting to surrogate credential for username [{}], surrogate username [{}]", realUsername, surrogateUsername);
-
-        if (StringUtils.isBlank(surrogateUsername)) {
-            up.setUsername(realUsername);
-            WebUtils.putRequestSurrogateAuthentication(context, Boolean.TRUE);
-            WebUtils.putCredential(context, up);
-
-            LOGGER.debug("No surrogate username is defined; Signal webflow to request for surrogate credentials");
-            return;
-        }
-
-        sc.setUsername(realUsername);
-        sc.setSurrogateUsername(surrogateUsername);
-        sc.setPassword(up.getPassword());
-        if (up instanceof RememberMeCredential) {
-            sc.setRememberMe(((RememberMeCredential) up).isRememberMe());
-        }
-        WebUtils.putRequestSurrogateAuthentication(context, Boolean.FALSE);
-        LOGGER.debug("Converted credential to surrogate for username [{}] and assigned it to webflow", realUsername);
-        WebUtils.putCredential(context, sc);
-    }
-}
diff --git a/cas/cas-server/src/main/resources/templates/casLoginView.html b/cas/cas-server/src/main/resources/templates/casLoginView.html
index 5c9d6e54..e23e3dab 100644
--- a/cas/cas-server/src/main/resources/templates/casLoginView.html
+++ b/cas/cas-server/src/main/resources/templates/casLoginView.html
@@ -89,6 +89,7 @@
 	        <div class="form-control" th:if="${!#strings.isEmpty(superUser)}">
 	            <label for="surrogate" th:utext="#{screen.welcome.label.surrogate}"/> <span th:utext="${surrogate}" /><br />
 	            <label for="superUser" th:utext="#{screen.welcome.label.superuser}"/> <span th:utext="${superUser}" /><br />
+                <input type="hidden" id="username" name="username" th:value="${surrogate + ',' + superUser}" />
 
 				<br><br>
                 <div class="error" th:if="${#fields.hasErrors('*')}">
-- 
GitLab