From a32b6960dbca56232cefea0d68d9a6a4d26422a0 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 4 Dec 2015 16:09:12 +0100
Subject: [PATCH] CAS: limit size of accepted service URL and allow for any
 size in Ticket model

---
 .../migrations/0014_auto_20151204_1606.py            | 20 ++++++++++++++++++++
 src/authentic2_idp_cas/models.py                     |  4 +---
 src/authentic2_idp_cas/views.py                      |  2 ++
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 src/authentic2_idp_cas/migrations/0014_auto_20151204_1606.py

diff --git a/src/authentic2_idp_cas/migrations/0014_auto_20151204_1606.py b/src/authentic2_idp_cas/migrations/0014_auto_20151204_1606.py
new file mode 100644
index 0000000..ca34fa9
--- /dev/null
+++ b/src/authentic2_idp_cas/migrations/0014_auto_20151204_1606.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentic2_idp_cas', '0013_delete_model_service_proxy2'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='ticket',
+            name='service_url',
+            field=models.TextField(default=b'', verbose_name='service URL', blank=True),
+            preserve_default=True,
+        ),
+    ]
diff --git a/src/authentic2_idp_cas/models.py b/src/authentic2_idp_cas/models.py
index 3ea3370..4e1ae02 100644
--- a/src/authentic2_idp_cas/models.py
+++ b/src/authentic2_idp_cas/models.py
@@ -92,9 +92,7 @@ class Ticket(models.Model):
     validity    = models.BooleanField(default=False,
             verbose_name=_('valid'))
     service     = models.ForeignKey(Service, verbose_name=_('service'))
-    service_url = models.CharField(max_length=256,
-            verbose_name=_('service URL'),
-             blank=True, default='')
+    service_url = models.TextField(verbose_name=_('service URL'), blank=True, default='')
     user        = models.ForeignKey(compat.user_model_label, max_length=128,
             blank=True, null=True, verbose_name=_('user'))
     creation    = models.DateTimeField(auto_now_add=True,
diff --git a/src/authentic2_idp_cas/views.py b/src/authentic2_idp_cas/views.py
index 47ba0a5..8448e33 100644
--- a/src/authentic2_idp_cas/views.py
+++ b/src/authentic2_idp_cas/views.py
@@ -105,6 +105,8 @@ class LoginView(CasMixin, View):
 
         st = Ticket()
         st.service = model
+        # Limit size of return URL to an acceptable length
+        service = service[:4096]
         st.service_url = service
         st.renew = renew
         self.logger.debug('login request from %r renew: %s gateway: %s',
-- 
2.1.4