CAS login broken - Githubissues

tienthanh2509 commented 5 years ago

Description:

Rocket chat error while using CAS server

CAS client unable to handle key name contains .

Eg: org.apereo.cas.authentication.principal.REMEMBER_ME

Error: key org_apereo.cas.authentication.principal.remember_me must not contain '.'

Steps to reproduce:

Go to the login page
Click on CAS login button
Client get error 500

Expected behavior:

Ignore . in attribute name since it doesn't important

RockerChat server need handle attribute name before insert to the database in file app/cas/server/cas_server.js#L56

Actual behavior:

Client get error 500 and unable to login

Server Setup Information:

Version of Rocket.Chat Server: develop branch 3cde9fb710c3164e762618ba68d36cb012ee13ff
Operating System: Docker Node 10.x images node:10
Deployment Method: meteror run
Number of Running Instances: 1
DB Replicaset Oplog: 1
NodeJS Version: 10
MongoDB Version: 4.x
CAS version: 6.0.x

Additional context

None

Relevant logs:

Exception in callback of async function: Error: key org_apereo.cas.authentication.principal.remember_me must not contain '.'
I20190404-05:46:52.542(0)?     at serializeInto (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:914:19)
I20190404-05:46:52.542(0)?     at serializeObject (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:348:18)
I20190404-05:46:52.542(0)?     at serializeInto (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:938:17)
I20190404-05:46:52.542(0)?     at serializeObject (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:348:18)
I20190404-05:46:52.543(0)?     at serializeInto (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:938:17)
I20190404-05:46:52.543(0)?     at serializeObject (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:348:18)
I20190404-05:46:52.543(0)?     at serializeInto (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:728:17)
I20190404-05:46:52.543(0)?     at serializeObject (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:348:18)
I20190404-05:46:52.543(0)?     at serializeInto (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/parser/serializer.js:938:17)
I20190404-05:46:52.543(0)?     at BSON.serialize (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/bson/lib/bson/bson.js:63:28)
I20190404-05:46:52.543(0)?     at Query.toBin (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/connection/commands.js:146:25)
I20190404-05:46:52.543(0)?     at serializeCommands (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/connection/pool.js:1045:43)
I20190404-05:46:52.543(0)?     at Pool.write (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/connection/pool.js:1261:3)
I20190404-05:46:52.543(0)?     at executeWrite (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/wireprotocol/3_2_support.js:147:10)
I20190404-05:46:52.543(0)?     at WireProtocol.insert (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/wireprotocol/3_2_support.js:158:3)
I20190404-05:46:52.543(0)?     at Server.insert (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb-core/lib/topologies/server.js:815:35)
I20190404-05:46:52.543(0)?     at Server.insert (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/topologies/topology_base.js:321:25)
I20190404-05:46:52.544(0)?     at OrderedBulkOperation.finalOptionsHandler (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/bulk/common.js:1003:25)
I20190404-05:46:52.544(0)?     at executeCommands (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/bulk/ordered.js:165:17)
I20190404-05:46:52.544(0)?     at executeOperation (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/utils.js:420:24)
I20190404-05:46:52.544(0)?     at OrderedBulkOperation.execute (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/bulk/ordered.js:121:12)
I20190404-05:46:52.544(0)?     at bulkWrite (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/operations/collection_ops.js:115:8)
I20190404-05:46:52.544(0)?     at executeOperation (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/utils.js:420:24)
I20190404-05:46:52.544(0)?     at Collection.insertMany (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/collection.js:528:10)
I20190404-05:46:52.544(0)?     at Collection.insert (/app.home/.meteor/packages/npm-mongo/.3.1.1.v3rpzk.m5kk8++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/mongodb/lib/collection.js:675:15)
I20190404-05:46:52.544(0)?     at MongoConnection._insert (packages/mongo/mongo_driver.js:373:16)
I20190404-05:46:52.544(0)?     at MongoConnection.<anonymous> (packages/meteor.js:376:21)
I20190404-05:46:52.544(0)?     at MongoConnection.(anonymous function) [as insert] (packages/mongo/mongo_driver.js:754:49)
I20190404-05:46:52.544(0)?     at OptimizedApply (packages/rocketchat_monitoring.js:291:17)
I20190404-05:46:52.545(0)?     at Object.ret.(anonymous function) (packages/rocketchat_monitoring.js:3244:16)
I20190404-05:46:52.545(0)?     at Object.<anonymous> (packages/matb33_collection-hooks.js:395:18)
I20190404-05:46:52.545(0)?     at Object.collection.(anonymous function) [as insert] (packages/matb33_collection-hooks.js:146:21)
I20190404-05:46:52.545(0)?     at ns.Collection.insert (packages/mongo/collection.js:520:39)
I20190404-05:46:52.545(0)?     at ns.Collection.Mongo.Collection.(anonymous function) [as insert] (packages/dispatch_run-as-user.js:325:19)
I20190404-05:46:52.545(0)?     at BaseDb.insert (app/models/server/models/_BaseDb.js:210:33)
I20190404-05:46:52.545(0)?     at CredentialTokens.insert (app/models/server/models/_Base.js:123:19)
I20190404-05:46:52.545(0)?     at CredentialTokens.create (app/models/server/models/CredentialTokens.js:18:8)
I20190404-05:46:52.545(0)?     at app/cas/server/cas_server.js:56:21
I20190404-05:46:52.545(0)?     at runWithEnvironment (packages/meteor.js:1356:24)

Sample CAS response

=> Meteor server restarted
I20190404-05:50:27.217(0)? Begin CAS https request proxyValidate /proxyValidate?ticket=ST-4-1QoW28JUuzp8fAGhiOS8a8KlXgMsso&service=http%3A%2F%2F172.17.0.4%3A5001%2F_cas%2FXCFHC4QqmvahHfAEF
I20190404-05:50:27.256(0)? <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
I20190404-05:50:27.256(0)?     <cas:authenticationSuccess>
I20190404-05:50:27.256(0)?         <cas:user>test</cas:user>
I20190404-05:50:27.256(0)?         <cas:attributes>
I20190404-05:50:27.257(0)?             <cas:org.apereo.cas.authentication.principal.REMEMBER_ME>true</cas:org.apereo.cas.authentication.principal.REMEMBER_ME>
I20190404-05:50:27.257(0)?             <cas:credentialType>RememberMeUsernamePasswordCredential</cas:credentialType>
I20190404-05:50:27.257(0)?             <cas:isFromNewLogin>false</cas:isFromNewLogin>
I20190404-05:50:27.257(0)?             <cas:mail>test@example.com</cas:mail>
I20190404-05:50:27.257(0)?             <cas:authenticationDate>2019-04-04T05:29:42.738607Z[Etc/UTC]</cas:authenticationDate>
I20190404-05:50:27.257(0)?             <cas:authenticationMethod>LdapAuthenticationHandler</cas:authenticationMethod>
I20190404-05:50:27.257(0)?             <cas:displayName>Phạm Tiến Thành</cas:displayName>
I20190404-05:50:27.257(0)?             <cas:givenName>Thành</cas:givenName>
I20190404-05:50:27.257(0)?             <cas:successfulAuthenticationHandlers>LdapAuthenticationHandler</cas:successfulAuthenticationHandlers>
I20190404-05:50:27.257(0)?             <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
I20190404-05:50:27.257(0)?             <cas:sn>Phạm Tiến</cas:sn>
I20190404-05:50:27.257(0)?             </cas:attributes>
I20190404-05:50:27.257(0)?     </cas:authenticationSuccess>
I20190404-05:50:27.258(0)? </cas:serviceResponse>

tomcsi commented 4 years ago

Any update ?

tienthanh2509 commented 4 years ago

Can workaround by modify CAS library directly and build rocketchat again

From c40c9c63d39b4ffa490409c7797e8b501b16a2d5 Mon Sep 17 00:00:00 2001
From: Thanh Pham <thanhpt@tdmu.edu.vn>
Date: Sat, 27 Apr 2019 20:47:09 +0700
Subject: Fix broken CAS library

diff --git a/node_modules/cas/lib/cas.js b/node_modules/cas/lib/cas.js
index 3a49580..be099bb 100644
--- a/node_modules/cas/lib/cas.js
+++ b/node_modules/cas/lib/cas.js
@@ -375,8 +375,8 @@ CAS.prototype.validate = function(ticket, callback, service, renew)
     if (ticket.indexOf('PT-') == 0) {
       validate_path = 'proxyValidate';
     } else {
-      //validate_path = 'serviceValidate';
-      validate_path = 'proxyValidate';
+      validate_path = 'serviceValidate';
+    //   validate_path = 'proxyValidate';
     }
   }

@@ -399,7 +399,7 @@ CAS.prototype.validate = function(ticket, callback, service, renew)
   }

   var queryPath = url.format({
-      pathname: this.base_path+'/'+validate_path,
+      pathname: '/' + validate_path,
       query: query
     });

@@ -1025,6 +1025,9 @@ var parseAttributes = function(elemSuccess)
             var node = elemAttribute.children()[i];
             var attrName = node.name.toLowerCase().replace(/cas:/, '');
             if (attrName != '#text') {
+                if (attrName.indexOf('.') > 0) {
+                    continue
+                }
                 var attrValue = cheerio(node).text();
                 if (!attributes[attrName]) {
                     attributes[attrName] = [attrValue];

Demo site: https://chat.tdmu.edu.vn/

RocketChat / Rocket.Chat

CAS login broken #13999