redirect (bounce, bounce_redirect) should use req.originalUrl instead of req.url

[andimeier]

When used in a node backend with hierarchical routers, the req.url will be stripped off of any "mount points".

For instance, if the node express server defines a sub-router like this:

app.use('/details', detailsRouter);

and in detailsRouter, the following route is defined:

detailsRouter.get(/general, cas.bounce, ...)

then cas.bounce and any other middleware function will see the following properties of req:

req.url: /general
req.originalUrl: /details/general

So, the "mount point" /general has been stripped off in the sub-router (see http://expressjs.com/de/api.html#req.originalUrl).

Now, when cas-authentication tries to assemble the target URL which it should redirect to once the authentication cycle has been successfully finished, it will request something like

http://SERVER.name/general?ticket...

which obvisouly cannot be resolved by the backend.

Solution: use req.originalUrl instead. I didn't file a PR yet because I am not sure if there are any side effects. If there is no reasoning against it, req.originalUrl should be used throughout.

Otherwise, cas-authentication cannot be used for a clean node express server with hierarchical routers without change.