redirect (bounce, bounce_redirect) should use req.originalUrl instead of req.url #7
Description
When used in a node backend with hierarchical routers, the req.url will be stripped off of any "mount points".
For instance, if the node express server defines a sub-router like this:
app.use('/details', detailsRouter);
and in detailsRouter, the following route is defined:
detailsRouter.get(/general, cas.bounce, ...)
then cas.bounce and any other middleware function will see the following properties of req:
req.url: /general
req.originalUrl: /details/general
So, the "mount point" /general has been stripped off in the sub-router (see http://expressjs.com/de/api.html#req.originalUrl).
Now, when cas-authentication tries to assemble the target URL which it should redirect to once the authentication cycle has been successfully finished, it will request something like
http://SERVER.name/general?ticket...
which obvisouly cannot be resolved by the backend.
Solution: use req.originalUrl instead. I didn't file a PR yet because I am not sure if there are any side effects. If there is no reasoning against it, req.originalUrl should be used throughout.
Otherwise, cas-authentication cannot be used for a clean node express server with hierarchical routers without change.