authlogic_bushido 0.9

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/Gemfile

@@ -0,0 +1,4 @@
+source 'http://rubygems.org'
+
+# Specify your gem's dependencies in authlogic_bushido.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/app/controllers/authlogic/cas/cas_authentication_controller.rb

@@ -0,0 +1,7 @@
+module Authlogic
+  module Cas
+    class CasAuthenticationController < ::ApplicationController
+      include ::Authlogic::Cas::ControllerActions::Session
+    end
+  end
+end

data/app/controllers/authlogic/cas/cas_client_controller.rb

@@ -0,0 +1,7 @@
+module Authlogic
+  module Cas
+    class CasClientController < ::ApplicationController
+      include ::Authlogic::Cas::ControllerActions::Service
+    end
+  end
+end

data/authlogic_bushido.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Akash Manohar J"]
+  gem.email         = ["akash@akash.im"]
+  gem.description   = %q{Bushido support for Authlogic}
+  gem.summary       = %q{Bushido support for Authlogic}
+  gem.homepage      = "http://github.com/Bushido/authlogic_bushido"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "authlogic_bushido"
+  gem.require_paths = ["lib"]
+  gem.version       = "0.9"
+
+  gem.add_development_dependency 'rspec-rails'
+  gem.add_development_dependency 'sqlite3'
+  gem.add_dependency 'rails'
+  gem.add_dependency 'rubycas-client', '2.2.1'
+  gem.add_dependency 'authlogic'
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  authlogic_cas_routes
+end

data/lib/authlogic_bushido.rb

@@ -0,0 +1 @@
+require File.expand_path(File.dirname(__FILE__)) + '/authlogic_cas'

data/lib/authlogic_cas/controller_actions/service.rb

@@ -0,0 +1,72 @@
+module Authlogic
+  module Cas
+    module ControllerActions
+      module Service
+        def service
+          cas_scope    = ::Authlogic::Cas.actor_model
+          ticket       = ticket_from params
+          auth_result  = cas_scope.authenticate_with_cas_ticket(ticket)
+          
+          (redirect_to(root_path, :notice => "Could not authenticate user") && return) if not auth_result
+
+          if ::Authlogic::Cas.cas_enable_single_sign_out
+            unique_cas_id = ticket.respond_to?(:user) ? ticket.user : ticket.response.user
+            ::Authlogic::Cas::SingleSignOut::Cache.store_unique_cas_id_for_service_ticket(ticket.ticket, unique_cas_id)
+          end
+
+          if Authlogic::Cas.authentication_model.create(auth_result)
+            redirect_to(root_path)
+          else
+            redirect_to(root_path, :notice => "Could not login. Try again please.")
+          end
+        end
+
+        def single_signout
+          if ::Authlogic::Cas.cas_enable_single_sign_out
+            service_ticket = read_service_ticket_name
+
+            if service_ticket
+              logger.info "Intercepted single-sign-out request for CAS session #{service_ticket}."
+              unique_cas_id = ::Authlogic::Cas::SingleSignOut::Cache.find_unique_cas_id_by_service_ticket(service_ticket)
+              update_persistence_token_for(unique_cas_id)
+            end
+          else
+            logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
+          end
+
+          render :nothing => true
+        end
+
+        protected
+
+        def update_persistence_token_for(unique_cas_id)
+          user = User.send("find_by_#{::Authlogic::Cas.cas_username_column.to_s}", unique_cas_id)
+          user.update_attribute(:persistence_token, ::Authlogic::Random.hex_token) if user
+        end
+        
+        def ticket_from(controller_params)
+          ticket_name = controller_params[:ticket]
+          return nil unless ticket_name
+
+          if ticket_name =~ /^PT-/
+            ::CASClient::ProxyTicket.new(ticket_name, cas_service_url, controller_params[:renew])
+          else
+            ::CASClient::ServiceTicket.new(ticket_name, cas_service_url, controller_params[:renew])
+          end
+        end
+        
+        def read_service_ticket_name
+          if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
+            false
+          elsif request.post? && params['logoutRequest'] =~
+              %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
+            $~[1]
+          else
+            false
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/authlogic_cas/controller_actions/session.rb

@@ -0,0 +1,32 @@
+module Authlogic
+  module Cas
+    module ControllerActions
+      module Session
+
+        def new_cas_session
+          redirect_to(cas_login_url) unless returning_from_cas?
+        end
+
+        def destroy_cas_session
+          @user_session = ::Authlogic::Cas.authentication_model.find
+          @user_session.destroy if @user_session
+          redirect_to ::Authlogic::Cas.cas_client.logout_url
+        end
+
+        protected
+
+        def returning_from_cas?
+          params[:ticket] || request.referer =~ /^#{::Authlogic::Cas.cas_client.cas_base_url}/
+        end
+
+
+        def cas_login_url
+          login_url_from_cas_client = ::Authlogic::Cas.cas_client.add_service_to_login_url(cas_service_url)
+          redirect_url = ""# "&redirect=#{cas_return_to_url}"
+          return "#{login_url_from_cas_client}#{redirect_url}"
+        end
+
+      end
+    end
+  end
+end

data/lib/authlogic_cas/engine.rb

@@ -0,0 +1,6 @@
+module Authlogic
+  module Cas
+    class Engine < Rails::Engine
+    end
+  end
+end

data/lib/authlogic_cas/rails_routes.rb

@@ -0,0 +1,16 @@
+module ActionDispatch::Routing
+   class RouteSet #:nodoc:
+     Mapper.class_eval do
+       def authlogic_cas_routes
+         Rails.application.routes.draw do
+           scope :module => :authlogic do
+             scope :module => :cas do
+               match "cas_client/service" => "cas_client#service",        :via => :get,  :as => "cas_service"
+               match "cas_client/service" => "cas_client#single_signout", :via => :post, :as => "cas_single_signout" 
+             end
+           end
+         end
+       end
+     end
+   end
+ end

data/lib/authlogic_cas/single_sign_out/cache.rb

@@ -0,0 +1,38 @@
+module Authlogic
+  module Cas
+    module SingleSignOut
+      class Cache
+
+        class << self
+        
+          def logger
+            @logger ||= Rails.logger
+          end
+          
+          def delete_service_ticket(service_ticket_name)
+            logger.info("Deleting index #{service_ticket_name}")
+            Rails.cache.delete(cache_key(service_ticket_name))
+          end
+          
+          def find_unique_cas_id_by_service_ticket(service_ticket_name)
+            unique_cas_id = Rails.cache.read(cache_key(service_ticket_name))
+            logger.debug("Found session id #{unique_cas_id.inspect} for index #{service_ticket_name.inspect}")
+            unique_cas_id
+          end
+          
+          def store_unique_cas_id_for_service_ticket(service_ticket_name, unique_cas_id)
+            Rails.cache.write(cache_key(service_ticket_name), unique_cas_id)
+          end
+          
+          protected
+          
+          def cache_key(service_ticket_name)
+            "authlogic_cas:#{service_ticket_name}"
+          end
+
+        end
+      end
+    end
+  end
+end
+

data/lib/authlogic_cas.rb

@@ -0,0 +1,104 @@
+require 'rails'
+require 'rubycas-client'
+require 'authlogic/random'
+require 'authlogic_cas/engine'
+require 'authlogic_cas/rails_routes'
+require 'authlogic_cas/single_sign_out/cache'
+require 'authlogic_cas/controller_actions/service'
+require 'authlogic_cas/controller_actions/session'
+
+
+module Authlogic
+  module Cas
+
+    @@cas_base_url = "https://bushi.do/cas"
+
+    # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+    @@cas_login_url = nil
+
+    # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+    @@cas_logout_url = nil
+
+    # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+    @@cas_validate_url = nil
+
+    # Should devise_cas_authenticatable enable single-sign-out? Requires use of a supported
+    # session_store. Currently supports active_record or redis.
+    # False by default.
+    @@cas_enable_single_sign_out = true
+
+    # Should devise_cas_authenticatable attempt to create new user records for
+    # unknown usernames?  True by default.
+    @@cas_create_user = true
+
+    # The model attribute used for query conditions. Should be the same as
+    # the rubycas-server username_column. :username by default
+    @@cas_username_column = :ido_id
+
+    # Name of the parameter passed in the logout query
+    @@cas_destination_logout_param_name = nil
+    
+    mattr_accessor(
+      :cas_base_url,
+      :authentication_model,
+      :actor_model,
+      :cas_login_url,
+      :cas_logout_url,
+      :cas_validate_url,
+      :cas_create_user,
+      :cas_destination_logout_param_name,
+      :cas_username_column,
+      :cas_enable_single_sign_out)
+
+
+    class << self
+    
+      def cas_client
+        @@cas_client ||= ::CASClient::Client.new(
+          :cas_destination_logout_param_name => @@cas_destination_logout_param_name,
+          :cas_base_url => @@cas_base_url,
+          :login_url => @@cas_login_url,
+          :logout_url => @@cas_logout_url,
+          :validate_url => @@cas_validate_url,
+          :enable_single_sign_out => @@cas_enable_single_sign_out
+          )
+      end
+      
+
+      def setup_authentication
+        define_authentication_method_for Authlogic::Cas.actor_model
+      end
+
+
+      def define_authentication_method_for(model)
+        model.instance_eval do
+          define_singleton_method :authenticate_with_cas_ticket do |ticket|
+            ::Authlogic::Cas.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
+            return nil if not ticket.is_valid?
+
+            conditions = {::Authlogic::Cas.cas_username_column => ticket.respond_to?(:user) ? ticket.user : ticket.response.user}
+            resource   = find(:first, :conditions => conditions)
+
+            resource = new(conditions.merge({:persistence_token => ::Authlogic::Random.hex_token})) if (resource.nil? and ::Authlogic::Cas.cas_create_user?)
+
+            return nil if not resource
+
+            if resource.respond_to? :bushido_extra_attributes
+              extra_attributes = ticket.respond_to?(:extra_attributes) ? ticket.extra_attributes : ticket.response.extra_attributes
+              resource.bushido_extra_attributes(extra_attributes)
+            end
+
+            resource.save
+            resource
+          end
+
+        end
+      end
+
+      def cas_create_user?
+        cas_create_user
+      end
+
+    end
+  end
+end

data/spec/authlogic_cas_spec.rb

@@ -0,0 +1,150 @@
+require 'spec_helper'
+
+describe "Authlogic::Cas" do
+
+  subject { ::Authlogic::Cas }
+
+  before :all do
+    ActorExample = Class.new
+    subject.actor_model = ActorExample
+  end
+  
+  it "should have methods to set actor_model and the authentication_model" do
+    subject.respond_to?(:actor_model).should be_true
+    subject.respond_to?(:actor_model=).should be_true
+    subject.respond_to?(:authentication_model).should be_true
+    subject.respond_to?(:authentication_model=).should be_true
+  end
+  
+  describe "defaults" do
+    it "should have the Bushido CAS server as the default" do
+      subject.cas_base_url.should == "https://bushi.do/cas"
+    end
+
+    it "should have cas_create_user set to true" do
+      subject.cas_create_user.should be_true
+    end
+
+    it "should have single signout enabled" do
+      subject.cas_enable_single_sign_out.should be_true
+    end
+
+    it "should have cas_username_column set to ido_id" do
+      subject.cas_username_column.should == :ido_id
+    end
+  end
+
+  
+  describe "cas_client" do
+    it "should return an instance of CASClient" do
+      subject.cas_client.should be_kind_of(::CASClient::Client)
+    end
+  end
+
+  
+  describe "setup_authentication" do
+    it "should define authentication method for the actor model" do
+      subject.should_receive(:define_authentication_method_for).with(subject.actor_model)
+      subject.setup_authentication
+    end
+  end
+
+  
+  describe "define_authentication_method_for" do
+    it "should define the authentication_with_cas_ticket method on the specified model" do
+      ActorExample.respond_to?(:authenticate_with_cas_ticket).should be_false
+      
+      subject.define_authentication_method_for(ActorExample)
+      ActorExample.respond_to?(:authenticate_with_cas_ticket).should be_true
+    end
+  end
+
+  describe "authenticate_with_cas_ticket" do
+    before :all do
+      subject.define_authentication_method_for(ActorExample)
+    end
+
+    before :each do
+      @example_ticket = double ::CASClient::ServiceTicket
+    end
+    
+    it "should check if a ticket has been validated" do
+      @example_ticket.stub!(:has_been_validated?).and_return(true)
+      @example_ticket.stub!(:is_valid?).and_return(false)
+      
+      ActorExample.authenticate_with_cas_ticket(@example_ticket)
+    end
+
+    it "should validate ticket if it has not been validated" do
+      @example_ticket.stub!(:has_been_validated?).and_return(false)
+      @example_ticket.stub!(:is_valid?).and_return(false)
+
+      subject.cas_client.should_receive(:validate_service_ticket).with(@example_ticket)
+      ActorExample.authenticate_with_cas_ticket(@example_ticket)
+    end
+
+    it "should return nil if the ticket is not valid" do
+      @example_ticket.stub!(:has_been_validated?).and_return(true)
+      @example_ticket.stub!(:is_valid?).and_return(false)
+
+      ActorExample.authenticate_with_cas_ticket(@example_ticket).should be_nil
+    end
+
+    it "should try to find the user and create a session for the user" do
+      @example_user = ActorExample.new
+      @example_user.stub!(:save)
+
+      @example_ticket.stub!(:has_been_validated?).and_return(true)
+      @example_ticket.stub!(:is_valid?).and_return(true)
+      @example_ticket.stub!(:user).and_return("example_unique_user_id")
+      
+      
+      ActorExample.stub!(:find).and_return(@example_user)
+
+      ActorExample.authenticate_with_cas_ticket(@example_ticket).should == @example_user
+    end
+
+    it "should create a new user incase the user with the unique CAS ID isn't found" do
+      @example_user = ActorExample.new
+      @example_user.stub!(:save)
+
+      @example_ticket.stub!(:has_been_validated?).and_return(true)
+      @example_ticket.stub!(:is_valid?).and_return(true)
+      @example_ticket.stub!(:user).and_return("example_unique_user_id")
+      
+      ActorExample.should_receive(:find).and_return(nil)
+      ActorExample.should_receive(:new).and_return(@example_user)      
+
+      ActorExample.authenticate_with_cas_ticket(@example_ticket).should == @example_user
+    end
+
+    it "should call the bushido_extra_attributes method on the actor model if defined" do
+      @example_user = ActorExample.new
+      @example_user.stub!(:save)
+      @example_user.stub!(:bushido_extra_attributes)
+      
+      @example_ticket.stub!(:has_been_validated?).and_return(true)
+      @example_ticket.stub!(:is_valid?).and_return(true)
+      @example_ticket.stub!(:user).and_return("example_unique_user_id")
+      @example_ticket.stub!(:extra_attributes).and_return({})
+      ActorExample.stub!(:find).and_return(@example_user)
+
+      @example_user.should_receive(:bushido_extra_attributes)
+
+      ActorExample.authenticate_with_cas_ticket(@example_ticket).should == @example_user
+    end
+  end
+
+  describe "cas_create_user?" do
+    it "should return true if @@cas_create_user is true" do
+      subject.cas_create_user = true
+      subject.cas_create_user?.should be_true
+    end
+
+    it "should return true if @@cas_create_user is false" do
+      subject.cas_create_user = false
+      subject.cas_create_user?.should be_false
+    end
+  end
+  
+end

data/spec/controllers/service_controller_spec.rb

@@ -0,0 +1,51 @@
+require "spec_helper"
+
+describe Authlogic::Cas::CasClientController do
+
+  before :all do
+    @ticket_name = "abc123"
+    @user = Authlogic::Cas.actor_model.new
+    @unique_cas_id = "xyz123"
+  end
+  
+  describe "GET service" do
+    it "should authenticate the user" do
+      Authlogic::Cas.actor_model.should_receive(:authenticate_with_cas_ticket).with(instance_of(::CASClient::ServiceTicket))
+      get 'service', {:ticket => @ticket_name}
+    end
+
+    it "should create a session for the user if on successful authentication" do
+      
+      AuthTestModel = Class.new
+      AuthTestModel.stub!(:create)
+      Authlogic::Cas.authentication_model = AuthTestModel
+      
+      ticket = double ::CASClient::ServiceTicket      
+      ticket.stub!(:user).and_return(@unique_cas_id)
+      ticket.stub!(:ticket).and_return(@ticket_name)
+      controller.stub!(:ticket_from).and_return(ticket)
+      
+      Authlogic::Cas.actor_model.should_receive(:authenticate_with_cas_ticket).with(ticket).and_return(@user)
+
+      Authlogic::Cas.
+        authentication_model.
+        should_receive(:create).
+        with(@user)
+      
+      get 'service', {:ticket => @ticket_name}
+    end
+  end
+
+  describe "POST service" do
+    it "should signout the user if a valid service ticket was passed" do
+      ::Authlogic::Cas::SingleSignOut::Cache.
+        should_receive(:find_unique_cas_id_by_service_ticket).
+        and_return(@unique_cas_id)
+
+      controller.should_receive(:update_persistence_token_for).with(@unique_cas_id)
+      post 'single_signout', {
+        'logoutRequest' => "<samlp:LogoutRequest><samlp:SessionIndex>#{@ticket_name}</samlp:SessionIndex></samlp:LogoutRequest>"
+      }
+    end
+  end
+end

data/spec/controllers/session_controller_spec.rb

@@ -0,0 +1,31 @@
+require "spec_helper"
+
+describe Authlogic::Cas::CasAuthenticationController do
+
+  describe "GET new_cas_session" do
+    it "should redirect to the cas_login_url if the user is not returning after CAS login" do
+      cas_login_url = controller.send(:cas_login_url)
+      
+      get 'new_cas_session'
+      response.should redirect_to(cas_login_url)
+    end
+  end
+
+  describe "destroy_cas_session" do
+    it "should destroy the user session and redirect to the logout page on the CAS server" do
+      AuthSession = Class.new
+      
+      Authlogic::Cas.authentication_model = AuthSession
+      session = Object.new
+      AuthSession.should_receive(:find).and_return(session)
+      session.should_receive(:destroy)
+      
+      get 'destroy_cas_session'
+    end
+  end
+
+  it "should redirect to te CAS logout url once logged out" do
+    
+  end
+end
+

data/spec/scenario/.gitignore

@@ -0,0 +1,15 @@
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile ~/.gitignore_global
+
+# Ignore bundler config
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+
+# Ignore all logfiles and tempfiles.
+/log/*.log
+/tmp

data/spec/scenario/Gemfile

@@ -0,0 +1,5 @@
+source 'http://rubygems.org'
+
+gem 'rails', '3.2.1'
+gem 'authlogic'
+gem 'authlogic_bushido', :path => "../../"

data/spec/scenario/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Altry::Application.load_tasks

data/spec/scenario/app/assets/javascripts/application.js

@@ -0,0 +1,9 @@
+// This is a manifest file that'll be compiled into including all the files listed below.
+// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
+// be included in the compiled file accessible from http://example.com/assets/application.js
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/scenario/app/assets/javascripts/main_controller.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

data/spec/scenario/app/assets/javascripts/user_sessions.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

data/spec/scenario/app/assets/javascripts/users.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

data/spec/scenario/app/assets/stylesheets/application.css

@@ -0,0 +1,7 @@
+/*
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
+ *= require_self
+ *= require_tree . 
+*/

data/spec/scenario/app/assets/stylesheets/main_controller.css.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the MainController controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/