From e2c71600698ca65d9bad2a9079000bc91c62f55b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 20 Sep 2011 18:42:52 +0000
Subject: [PATCH] adding some error support in idpdiscovery

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2917 44740490-163a-0410-bde0-09ae8108e29a
---
 .../discojuice/www/discojuice/idpdiscovery.js | 38 ++++++++++++-------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/modules/discojuice/www/discojuice/idpdiscovery.js b/modules/discojuice/www/discojuice/idpdiscovery.js
index b851ece53..0d8a7013b 100644
--- a/modules/discojuice/www/discojuice/idpdiscovery.js
+++ b/modules/discojuice/www/discojuice/idpdiscovery.js
@@ -54,46 +54,56 @@ var IdPDiscovery = function() {
 		
 		"returnTo": function(e) {
 			
-// 			console.log('ReturnTo');
-// 			console.log(e);
-// 			return;
-			
 			var returnTo = query['return'] ||Â null;
 			var returnIDParam = query.returnIDParam || 'entityID';
+			var allowed = false;
+
 			if(!returnTo) {
 				DiscoJuice.Utils.log('Missing required parameter [return]');
 				return;
 			}
-			if (acl) {
-				var allowed = false;
+			if (!acl) {
+				allowed = true;
+			} else {
+
 				
 				var returnToHost = this.getHostname(returnTo);
 				
-// 				console.log('returnURLs2');
-// 				console.log(returnURLs);
-				
 				for (var i = 0; i < returnURLs.length; i++) {
 					if (returnURLs[i] == returnToHost) allowed = true;
 
 				}
 				
 				if (!allowed) {
+					
+					returnTo += '&error=' + encodeURIComponent('IdP Discovery: Access denied. Access not granted to return results to host [' + returnToHost + ']');
+					
 					DiscoJuice.Utils.log('Access denied for return parameter [' + returnToHost + ']');
 					DiscoJuice.Utils.log('Allowed hosts');
 					DiscoJuice.Utils.log(returnURLs);
-					return;
 				}
 			}
 			
-			if (e && e.auth) {
-				returnTo += '&auth=' + e.auth;
-			}
+
 			
-			if (!e.entityID) {
+			// Return error with access denied.
+			if (!allowed) {
+				
+				window.location = returnTo;
+				
+			// Return without entity found...
+			} else if (!e.entityID) {
 				DiscoJuice.Utils.log('ReturnTo without Entityid');
 				DiscoJuice.Utils.log(e);
 				window.location = returnTo;
+			
+			// Return entityid
 			} else {
+				
+				if (e && e.auth) {
+					returnTo += '&auth=' + e.auth;
+				}
+				
 				DiscoJuice.Utils.log('ReturnTo with Entityid');
 				window.location = returnTo + '&' + returnIDParam + '=' + escape(e.entityID);
 			}
-- 
GitLab