From 975a9da4df07ebf3aa141baa022813dd355459af Mon Sep 17 00:00:00 2001
From: Glenn Rice <grice1@missouriwestern.edu>
Date: Mon, 28 Oct 2024 19:50:55 -0500
Subject: [PATCH] Make the Shibboleth bypass_query parameter actually work.

Currently the parameter works to sign in, but if you try to do anything
after signing in, then you are redirected to sign in to the Shibboleth
identity provider.  To prevent that the parameter needs to be considered
a persistent authentication parameter.
---
 lib/WeBWorK/ContentGenerator.pm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/WeBWorK/ContentGenerator.pm b/lib/WeBWorK/ContentGenerator.pm
index baa9f5a24e..9b9cb538e7 100644
--- a/lib/WeBWorK/ContentGenerator.pm
+++ b/lib/WeBWorK/ContentGenerator.pm
@@ -1070,6 +1070,10 @@ session_management_via is "key" then the "key" is added.
 sub hidden_authen_fields ($c, $id_prefix = undef) {
 	my @fields = ('user', 'effectiveUser');
 	push(@fields, 'key') if $c->ce->{session_management_via} ne 'session_cookie';
+
+	# Make the Shibboleth bypass_query parameter persistent if it is configured.
+	push(@fields, $c->ce->{shibboleth}{bypass_query}) if $c->ce->{shibboleth}{bypass_query};
+
 	return $c->hidden_fields({ id_prefix => $id_prefix }, @fields) if defined $id_prefix;
 	return $c->hidden_fields(@fields);
 }
@@ -1106,10 +1110,11 @@ sub url_authen_args ($c) {
 	# When cookie based session management is in use, there should be no need
 	# to reveal the user and key in the URL. Putting it there makes session
 	# hijacking easier, in particular should a student share such a URL.
+	# If the Shibboleth authentication module is in use, then make the bypass_query parameter persistent.
 	if ($ce->{session_management_via} eq 'session_cookie') {
-		return $c->url_args('effectiveUser');
+		return $c->url_args('effectiveUser', $c->ce->{shibboleth}{bypass_query} // ());
 	} else {
-		return $c->url_args('user', 'effectiveUser', 'key');
+		return $c->url_args('user', 'effectiveUser', 'key', $c->ce->{shibboleth}{bypass_query} // ());
 	}
 }
 
@@ -1188,6 +1193,9 @@ sub systemLink ($c, $urlpath, %options) {
 		}
 
 		$params{effectiveUser} = undef unless exists $params{effectiveUser};
+
+		# Make the Shibboleth bypass_query parameter persistent if it is configured.
+		$params{ $c->ce->{shibboleth}{bypass_query} } = undef if $c->ce->{shibboleth}{bypass_query};
 	}
 
 	my $url = $options{use_abs_url} ? $urlpath->to_abs : $urlpath;