authpds 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +1 -3
- data/Rakefile +1 -2
- data/lib/authpds.rb +4 -14
- data/lib/authpds/acts_as_authentic.rb +3 -60
- data/lib/authpds/acts_as_authentic/core_attributes.rb +24 -0
- data/lib/authpds/acts_as_authentic/expiration.rb +19 -0
- data/lib/authpds/acts_as_authentic/institutions_attributes.rb +34 -0
- data/lib/authpds/controllers/authpds_controller.rb +3 -61
- data/lib/authpds/controllers/authpds_controller/core_attributes.rb +24 -0
- data/lib/authpds/controllers/authpds_controller/institution_attributes.rb +54 -0
- data/lib/authpds/controllers/authpds_controller/url_handling.rb +18 -0
- data/lib/authpds/controllers/authpds_sessions_controller.rb +0 -1
- data/lib/authpds/session.rb +15 -247
- data/lib/authpds/session/authentication.rb +24 -0
- data/lib/authpds/session/authlogic_callbacks.rb +12 -0
- data/lib/authpds/session/authorization.rb +16 -0
- data/lib/authpds/session/callbacks.rb +30 -0
- data/lib/authpds/session/config.rb +60 -0
- data/lib/authpds/session/core_attributes.rb +45 -0
- data/lib/authpds/session/exception_handling.rb +22 -0
- data/lib/authpds/session/institution_attributes.rb +15 -0
- data/lib/authpds/session/pds_user.rb +17 -0
- data/lib/authpds/session/record.rb +32 -0
- data/lib/authpds/session/url_handling.rb +55 -0
- data/lib/authpds/version.rb +1 -1
- data/test/{unit/authpds_controller_test.rb → authpds_controller_test.rb} +19 -11
- data/test/{unit/authpds_user_sessions_controller_test.rb → authpds_user_sessions_controller_test.rb} +3 -1
- data/test/fixtures/users.yml +2 -2
- data/test/pds_test.rb +83 -0
- data/test/support/config/institutions.yml +4 -4
- data/test/test_helper.rb +10 -4
- data/test/{unit/user_session_test.rb → user_session_test.rb} +34 -28
- data/test/{unit/user_test.rb → user_test.rb} +2 -2
- data/test/vcr_cassettes/bor_info_valid_newschool.yml +35 -0
- data/test/vcr_cassettes/bor_info_valid_nyu.yml +40 -0
- data/test/vcr_cassettes/get_attribute_authenticate.yml +36 -0
- data/test/vcr_cassettes/get_attribute_bor_id.yml +32 -0
- data/test/vcr_cassettes/get_attribute_bor_info.yml +40 -0
- data/test/vcr_cassettes/get_attribute_bor_verification.yml +32 -0
- data/test/vcr_cassettes/get_attribute_invalid_bor_info.yml +33 -0
- data/test/vcr_cassettes/invalid_bor_info.yml +33 -0
- data/test/vcr_cassettes/nyu.yml +40 -0
- metadata +104 -21
- data/test/unit/pds_test.rb +0 -62
data/README.rdoc
CHANGED
@@ -145,6 +145,4 @@ method, e.g. :before_persisting, :persist, :after_persisting. We're using the :
|
|
145
145
|
=== Access to the controller in Session
|
146
146
|
The class that Session extends, Authologic::Session::Base, has an explicit handle to the current controller via the instance method
|
147
147
|
:controller. This gives our custom instance methods access to cookies, session information, loggers, etc. and also allows them to
|
148
|
-
perform redirects and renders.
|
149
|
-
|
150
|
-
== Build Status {<img src="https://secure.travis-ci.org/scotdalton/authpds.png"/>}[http://travis-ci.org/scotdalton/authpds]
|
148
|
+
perform redirects and renders.
|
data/Rakefile
CHANGED
data/lib/authpds.rb
CHANGED
@@ -1,16 +1,6 @@
|
|
1
|
-
require 'active_support/dependencies'
|
2
1
|
require 'authlogic'
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
'exlibris/pds',
|
8
|
-
'controllers/authpds_controller',
|
9
|
-
'controllers/authpds_sessions_controller'
|
10
|
-
].each do |library|
|
11
|
-
require AUTHPDS_PATH + library
|
12
|
-
end
|
13
|
-
if ActiveRecord::Base.respond_to?(:add_acts_as_authentic_module)
|
14
|
-
ActiveRecord::Base.send(:include, Authpds::ActsAsAuthentic)
|
15
|
-
end
|
2
|
+
require 'require_all'
|
3
|
+
require_all "#{File.dirname(__FILE__)}/authpds/"
|
4
|
+
# Only include in active record if the model responds to the Authlogic method add_acts_as_authentic_module
|
5
|
+
ActiveRecord::Base.send(:include, Authpds::ActsAsAuthentic) if ActiveRecord::Base.respond_to?(:add_acts_as_authentic_module)
|
16
6
|
Authlogic::Session::Base.send(:include, Authpds::Session)
|
@@ -2,67 +2,10 @@ module Authpds
|
|
2
2
|
module ActsAsAuthentic
|
3
3
|
def self.included(klass)
|
4
4
|
klass.class_eval do
|
5
|
-
|
6
|
-
add_acts_as_authentic_module(
|
5
|
+
add_acts_as_authentic_module(Authpds::ActsAsAuthentic::CoreAttributes, :prepend)
|
6
|
+
add_acts_as_authentic_module(Authpds::ActsAsAuthentic::Expiration, :append)
|
7
|
+
add_acts_as_authentic_module(Authpds::ActsAsAuthentic::InstitutionAttributes, :append)
|
7
8
|
end
|
8
9
|
end
|
9
|
-
|
10
|
-
module InstanceMethods
|
11
|
-
def self.included(klass)
|
12
|
-
klass.class_eval do
|
13
|
-
serialize :user_attributes
|
14
|
-
attr_accessor :expiration_date
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
# Setting the username field also resets the persistence_token if the value changes.
|
19
|
-
def username=(value)
|
20
|
-
write_attribute(:username, value)
|
21
|
-
reset_persistence_token if username_changed?
|
22
|
-
end
|
23
|
-
|
24
|
-
def primary_institution
|
25
|
-
all_institutions[user_attributes[:primary_institution]] unless user_attributes.nil?
|
26
|
-
end
|
27
|
-
|
28
|
-
def primary_institution=(new_primary_institution)
|
29
|
-
new_primary_institution = new_primary_institution.code if new_primary_institution.is_a?(Institutions::Institution)
|
30
|
-
self.user_attributes=({:primary_institution => new_primary_institution.to_sym})
|
31
|
-
end
|
32
|
-
|
33
|
-
def institutions
|
34
|
-
user_attributes[:institutions].collect { |institution|
|
35
|
-
all_institutions[institution] } unless user_attributes.nil?
|
36
|
-
end
|
37
|
-
|
38
|
-
def institutions=(new_institutions)
|
39
|
-
raise ArgumentError.new("Institutions input should be an array.") unless new_institutions.is_a?(Array)
|
40
|
-
new_institutions.collect! { |institution| institution.to_sym }
|
41
|
-
new_institutions.select! { |institution|
|
42
|
-
all_institutions[ new_institutions.is_a?(Institutions::Institution) ? institution.code : institution.to_sym]
|
43
|
-
}
|
44
|
-
self.user_attributes=({:institutions => new_institutions}) unless new_institutions.empty?
|
45
|
-
end
|
46
|
-
|
47
|
-
# "Smart" updating of user_attributes. Maintains user_attributes that are not explicity overwritten.
|
48
|
-
def user_attributes=(new_attributes)
|
49
|
-
write_attribute(:user_attributes, new_attributes) and return unless new_attributes.kind_of?(Hash)
|
50
|
-
# Set new/updated attributes
|
51
|
-
write_attribute(:user_attributes, (user_attributes || {}).merge(new_attributes))
|
52
|
-
end
|
53
|
-
|
54
|
-
# Returns a boolean based on whether the User has been refreshed recently.
|
55
|
-
# If User#refreshed_at is older than User#expiration_date, the User is expired and the data
|
56
|
-
# may need to be refreshed.
|
57
|
-
def expired?
|
58
|
-
# If the record is older than the expiration date, it is expired.
|
59
|
-
(refreshed_at.nil?) ? true : refreshed_at < expiration_date
|
60
|
-
end
|
61
|
-
|
62
|
-
def all_institutions
|
63
|
-
Institutions.institutions
|
64
|
-
end
|
65
|
-
private :all_institutions
|
66
|
-
end
|
67
10
|
end
|
68
11
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Authpds
|
2
|
+
module ActsAsAuthentic
|
3
|
+
module CoreAttributes
|
4
|
+
def self.included(klass)
|
5
|
+
klass.class_eval do
|
6
|
+
serialize :user_attributes
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
# Setting the username field also resets the persistence_token if the value changes.
|
11
|
+
def username=(value)
|
12
|
+
write_attribute(:username, value)
|
13
|
+
reset_persistence_token if username_changed?
|
14
|
+
end
|
15
|
+
|
16
|
+
# "Smart" updating of user_attributes. Maintains user_attributes that are not explicity overwritten.
|
17
|
+
def user_attributes=(new_attributes)
|
18
|
+
write_attribute(:user_attributes, new_attributes) and return unless new_attributes.kind_of?(Hash)
|
19
|
+
# Set new/updated attributes
|
20
|
+
write_attribute(:user_attributes, (user_attributes || {}).merge(new_attributes))
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Authpds
|
2
|
+
module ActsAsAuthentic
|
3
|
+
module Expiration
|
4
|
+
def self.included(klass)
|
5
|
+
klass.class_eval do
|
6
|
+
attr_accessor :expiration_date
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
# Returns a boolean based on whether the User has been refreshed recently.
|
11
|
+
# If User#refreshed_at is older than User#expiration_date, the User is expired and the data
|
12
|
+
# may need to be refreshed.
|
13
|
+
def expired?
|
14
|
+
# If the record is older than the expiration date, it is expired.
|
15
|
+
(refreshed_at.nil?) ? true : refreshed_at < expiration_date
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Authpds
|
2
|
+
module ActsAsAuthentic
|
3
|
+
module InstitutionAttributes
|
4
|
+
require 'institutions'
|
5
|
+
|
6
|
+
def primary_institution
|
7
|
+
all_institutions[user_attributes[:primary_institution]] unless user_attributes.nil?
|
8
|
+
end
|
9
|
+
|
10
|
+
def primary_institution=(new_primary_institution)
|
11
|
+
new_primary_institution = new_primary_institution.code if new_primary_institution.is_a?(Institutions::Institution)
|
12
|
+
self.user_attributes=({:primary_institution => new_primary_institution.to_sym})
|
13
|
+
end
|
14
|
+
|
15
|
+
def institutions
|
16
|
+
user_attributes[:institutions].collect { |institution| all_institutions[institution] } unless user_attributes.nil?
|
17
|
+
end
|
18
|
+
|
19
|
+
def institutions=(new_institutions)
|
20
|
+
raise ArgumentError.new("Institutions input should be an array.") unless new_institutions.is_a?(Array)
|
21
|
+
new_institutions.collect! { |institution| institution.to_sym }
|
22
|
+
new_institutions = new_institutions.select { |institution|
|
23
|
+
all_institutions[ new_institutions.is_a?(Institutions::Institution) ? institution.code : institution.to_sym]
|
24
|
+
}
|
25
|
+
self.user_attributes=({:institutions => new_institutions}) unless new_institutions.empty?
|
26
|
+
end
|
27
|
+
|
28
|
+
def all_institutions
|
29
|
+
@all_institutions ||= Institutions.institutions
|
30
|
+
end
|
31
|
+
private :all_institutions
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -1,71 +1,13 @@
|
|
1
1
|
module Authpds
|
2
2
|
module Controllers
|
3
3
|
module AuthpdsController
|
4
|
-
|
5
|
-
# Set helper methods when this module is included.
|
6
4
|
def self.included(klass)
|
7
5
|
klass.class_eval do
|
8
|
-
|
6
|
+
include Authpds::Controllers::AuthpdsController::CoreAttributes
|
7
|
+
include Authpds::Controllers::AuthpdsController::InstitutionAttributes
|
8
|
+
include Authpds::Controllers::AuthpdsController::UrlHandling
|
9
9
|
end
|
10
10
|
end
|
11
|
-
|
12
|
-
# Get the current UserSession if it exists
|
13
|
-
def current_user_session
|
14
|
-
@current_user_session ||= UserSession.find
|
15
|
-
end
|
16
|
-
|
17
|
-
# Get the current User if there is a UserSession
|
18
|
-
def current_user
|
19
|
-
@current_user ||= current_user_session.record unless current_user_session.nil?
|
20
|
-
end
|
21
|
-
|
22
|
-
# Determine current primary institution based on:
|
23
|
-
# 0. institutions are not being used (returns nil)
|
24
|
-
# 1. institution query string parameter in URL
|
25
|
-
# 2. institution associated with the client IP
|
26
|
-
# 3. primary institution for the current user
|
27
|
-
# 4. first default institution
|
28
|
-
def current_primary_institution
|
29
|
-
@current_primary_institution ||=
|
30
|
-
(institution_param.nil? or all_institutions[institution_param].nil?) ?
|
31
|
-
(primary_institution_from_ip.nil?) ?
|
32
|
-
(current_user.nil? or current_user.primary_institution.nil?) ?
|
33
|
-
Institutions.defaults.first :
|
34
|
-
current_user.primary_institution :
|
35
|
-
primary_institution_from_ip :
|
36
|
-
all_institutions[institution_param]
|
37
|
-
end
|
38
|
-
|
39
|
-
# Override to add institution.
|
40
|
-
def url_for(options={})
|
41
|
-
options[institution_param_key] ||= institution_param unless institution_param.nil?
|
42
|
-
super options
|
43
|
-
end
|
44
|
-
|
45
|
-
def user_session_redirect_url(url)
|
46
|
-
(url.nil?) ? (request.referer.nil?) ? root_url : request.referer : url
|
47
|
-
end
|
48
|
-
|
49
|
-
# Grab the first institution that matches the client IP
|
50
|
-
def primary_institution_from_ip
|
51
|
-
Institutions.with_ip(request.remote_ip).first unless request.nil?
|
52
|
-
end
|
53
|
-
private :primary_institution_from_ip
|
54
|
-
|
55
|
-
def institution_param_key
|
56
|
-
@institution_param_key ||= UserSession.institution_param_key
|
57
|
-
end
|
58
|
-
private :institution_param_key
|
59
|
-
|
60
|
-
def institution_param
|
61
|
-
params["#{institution_param_key}"].to_sym unless params["#{institution_param_key}"].nil?
|
62
|
-
end
|
63
|
-
private :institution_param
|
64
|
-
|
65
|
-
def all_institutions
|
66
|
-
Institutions.institutions
|
67
|
-
end
|
68
|
-
private :all_institutions
|
69
11
|
end
|
70
12
|
end
|
71
13
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Authpds
|
2
|
+
module Controllers
|
3
|
+
module AuthpdsController
|
4
|
+
module CoreAttributes
|
5
|
+
# Set helper methods when this module is included.
|
6
|
+
def self.included(klass)
|
7
|
+
klass.class_eval do
|
8
|
+
helper_method :current_user_session, :current_user
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
# Get the current UserSession if it exists
|
13
|
+
def current_user_session
|
14
|
+
@current_user_session ||= UserSession.find
|
15
|
+
end
|
16
|
+
|
17
|
+
# Get the current User if there is a UserSession
|
18
|
+
def current_user
|
19
|
+
@current_user ||= current_user_session.record unless current_user_session.nil?
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module Authpds
|
2
|
+
module Controllers
|
3
|
+
module AuthpdsController
|
4
|
+
module InstitutionAttributes
|
5
|
+
require 'institutions'
|
6
|
+
|
7
|
+
# Set helper methods when this module is included.
|
8
|
+
def self.included(klass)
|
9
|
+
klass.class_eval do
|
10
|
+
helper_method :current_primary_institution
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
# Determine current primary institution based on:
|
15
|
+
# 0. institutions are not being used (returns nil)
|
16
|
+
# 1. institution query string parameter in URL
|
17
|
+
# 2. institution associated with the client IP
|
18
|
+
# 3. primary institution for the current user
|
19
|
+
# 4. first default institution
|
20
|
+
def current_primary_institution
|
21
|
+
@current_primary_institution ||=
|
22
|
+
(institution_param.nil? or all_institutions[institution_param].nil?) ?
|
23
|
+
(primary_institution_from_ip.nil?) ?
|
24
|
+
(@current_user.nil? or current_user.primary_institution.nil?) ?
|
25
|
+
Institutions.defaults.first :
|
26
|
+
current_user.primary_institution :
|
27
|
+
primary_institution_from_ip :
|
28
|
+
all_institutions[institution_param]
|
29
|
+
end
|
30
|
+
|
31
|
+
# Grab the first institution that matches the client IP
|
32
|
+
def primary_institution_from_ip
|
33
|
+
Institutions.with_ip(request.remote_ip).first unless request.nil?
|
34
|
+
end
|
35
|
+
private :primary_institution_from_ip
|
36
|
+
|
37
|
+
def institution_param_key
|
38
|
+
@institution_param_key ||= UserSession.institution_param_key
|
39
|
+
end
|
40
|
+
private :institution_param_key
|
41
|
+
|
42
|
+
def institution_param
|
43
|
+
params["#{institution_param_key}"].to_sym unless params["#{institution_param_key}"].nil?
|
44
|
+
end
|
45
|
+
private :institution_param
|
46
|
+
|
47
|
+
def all_institutions
|
48
|
+
@all_institutions ||= Institutions.institutions
|
49
|
+
end
|
50
|
+
private :all_institutions
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
module Authpds
|
2
|
+
module Controllers
|
3
|
+
module AuthpdsController
|
4
|
+
module UrlHandling
|
5
|
+
# Override Rails ActionController#url_for to add institution.
|
6
|
+
def url_for(options={})
|
7
|
+
options[institution_param_key] ||= institution_param unless institution_param.nil?
|
8
|
+
super options
|
9
|
+
end
|
10
|
+
|
11
|
+
# Controller method to generate the Appropriate redirect url
|
12
|
+
def user_session_redirect_url(url)
|
13
|
+
(url.nil?) ? (request.referer.nil?) ? root_url : request.referer : url
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/authpds/session.rb
CHANGED
@@ -41,257 +41,25 @@ module Authpds
|
|
41
41
|
# is fully generic and can be used for any custom purposes. :login_url is specific for the case of logging in from a remote sytem. The
|
42
42
|
# two methods can be used in conjuction, but any redirects or renders performed in :before_login, will supercede a redirect to :login_url.
|
43
43
|
module Session
|
44
|
+
include Authpds::Session::CoreAttributes
|
45
|
+
include Authpds::Session::Authentication
|
46
|
+
include Authpds::Session::Authorization
|
47
|
+
include Authpds::Session::AuthlogicCallbacks
|
48
|
+
include Authpds::Session::Callbacks
|
49
|
+
include Authpds::Session::ExceptionHandling
|
50
|
+
include Authpds::Session::InstitutionAttributes
|
51
|
+
include Authpds::Session::PdsUser
|
52
|
+
include Authpds::Session::Record
|
53
|
+
include Authpds::Session::UrlHandling
|
54
|
+
|
44
55
|
def self.included(klass)
|
45
56
|
klass.class_eval do
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
include AuthlogicCallbackMethods
|
57
|
+
extend Authpds::Session::Config
|
58
|
+
# Set the Authlogic Cookie Key
|
59
|
+
cookie_key "#{calling_system}_credentials"
|
60
|
+
# Set the persist_session method
|
51
61
|
persist :persist_session
|
52
62
|
end
|
53
63
|
end
|
54
|
-
|
55
|
-
module Config
|
56
|
-
# Base pds url
|
57
|
-
def pds_url(value = nil)
|
58
|
-
rw_config(:pds_url, value)
|
59
|
-
end
|
60
|
-
alias_method :pds_url=, :pds_url
|
61
|
-
|
62
|
-
# Name of the system
|
63
|
-
def calling_system(value = nil)
|
64
|
-
rw_config(:calling_system, value, "authpds")
|
65
|
-
end
|
66
|
-
alias_method :calling_system=, :calling_system
|
67
|
-
|
68
|
-
# Does the system allow anonymous access?
|
69
|
-
def anonymous(value = nil)
|
70
|
-
rw_config(:anonymous, value, true)
|
71
|
-
end
|
72
|
-
alias_method :anonymous=, :anonymous
|
73
|
-
|
74
|
-
# Mapping of PDS attributes
|
75
|
-
def pds_attributes(value = nil)
|
76
|
-
value.each_value { |pds_attr| pds_attr.gsub!("-", "_") } unless value.nil?
|
77
|
-
rw_config(:pds_attributes, value, {:email => "email", :firstname => "name", :lastname => "name", :primary_institution => "institute" })
|
78
|
-
end
|
79
|
-
alias_method :pds_attributes=, :pds_attributes
|
80
|
-
|
81
|
-
# Custom redirect logout url
|
82
|
-
def redirect_logout_url(value = nil)
|
83
|
-
rw_config(:redirect_logout_url, value, "")
|
84
|
-
end
|
85
|
-
alias_method :redirect_logout_url=, :redirect_logout_url
|
86
|
-
|
87
|
-
# Custom url to redirect to in case of system outage
|
88
|
-
def login_inaccessible_url(value = nil)
|
89
|
-
rw_config(:login_inaccessible_url, value, "")
|
90
|
-
end
|
91
|
-
alias_method :redirect_logout_url=, :redirect_logout_url
|
92
|
-
|
93
|
-
# PDS user method to call to identify record
|
94
|
-
def pds_record_identifier(value = nil)
|
95
|
-
rw_config(:pds_record_identifier, value, :id)
|
96
|
-
end
|
97
|
-
alias_method :pds_record_identifier=, :pds_record_identifier
|
98
|
-
|
99
|
-
# Querystring parameter key for the institution value
|
100
|
-
def institution_param_key(value = nil)
|
101
|
-
rw_config(:institution_param_key, value, "institute")
|
102
|
-
end
|
103
|
-
alias_method :institution_param_key=, :institution_param_key
|
104
|
-
|
105
|
-
# URL name for validation action
|
106
|
-
def validate_url_name(value = nil)
|
107
|
-
rw_config(:validate_url_name, value, "validate_url")
|
108
|
-
end
|
109
|
-
alias_method :validate_url_name=, :validate_url_name
|
110
|
-
end
|
111
|
-
|
112
|
-
module AuthpdsCallbackMethods
|
113
|
-
# Hook for more complicated logic to determine PDS user record identifier
|
114
|
-
def pds_record_identifier
|
115
|
-
@pds_record_identifier ||= self.class.pds_record_identifier
|
116
|
-
end
|
117
|
-
|
118
|
-
# Hook to determine if we should set up an SSO session
|
119
|
-
def valid_sso_session?
|
120
|
-
return false
|
121
|
-
end
|
122
|
-
|
123
|
-
# Hook to provide additional authorization requirements
|
124
|
-
def additional_authorization
|
125
|
-
return true
|
126
|
-
end
|
127
|
-
|
128
|
-
# Hook to add additional user attributes.
|
129
|
-
def additional_attributes
|
130
|
-
{}
|
131
|
-
end
|
132
|
-
|
133
|
-
# Hook to update expiration date if necessary
|
134
|
-
def expiration_date
|
135
|
-
1.week.ago
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
module InstanceMethods
|
140
|
-
require "cgi"
|
141
|
-
|
142
|
-
def self.included(klass)
|
143
|
-
klass.class_eval do
|
144
|
-
cookie_key "#{calling_system}_credentials"
|
145
|
-
end
|
146
|
-
end
|
147
|
-
|
148
|
-
# URL to redirect to for login.
|
149
|
-
# Preceded by :before_login
|
150
|
-
def login_url(params={})
|
151
|
-
return "#{self.class.pds_url}/pds?func=load-login&institute=#{institution_attributes["link_code"]}&calling_system=#{self.class.calling_system}&url=#{CGI::escape(validate_url(params))}"
|
152
|
-
end
|
153
|
-
|
154
|
-
# URL to redirect to after logout.
|
155
|
-
def logout_url(params={})
|
156
|
-
return "#{self.class.pds_url}/pds?func=logout&url=#{CGI::escape(controller.user_session_redirect_url(self.class.redirect_logout_url))}"
|
157
|
-
end
|
158
|
-
|
159
|
-
# URL to redirect to in the case of establishing a SSO session.
|
160
|
-
def sso_url(params={})
|
161
|
-
return "#{self.class.pds_url}/pds?func=sso&institute=#{institution_attributes["link_code"]}&calling_system=#{self.class.calling_system}&url=#{CGI::escape(validate_url(params))}"
|
162
|
-
end
|
163
|
-
|
164
|
-
def pds_user
|
165
|
-
begin
|
166
|
-
@pds_user ||= Authpds::Exlibris::Pds::BorInfo.new(self.class.pds_url, self.class.calling_system, pds_handle) unless pds_handle.nil?
|
167
|
-
return @pds_user unless @pds_user.nil? or @pds_user.error
|
168
|
-
rescue Exception => e
|
169
|
-
# Delete the PDS_HANDLE, since this isn't working.
|
170
|
-
# controller.cookies.delete(:PDS_HANDLE) unless pds_handle.nil?
|
171
|
-
handle_login_exception e
|
172
|
-
return nil
|
173
|
-
end
|
174
|
-
end
|
175
|
-
|
176
|
-
private
|
177
|
-
def authenticated?
|
178
|
-
authenticate
|
179
|
-
end
|
180
|
-
|
181
|
-
def authenticate
|
182
|
-
# Don't authenticate if the system is inaccessible.
|
183
|
-
# If the application session id is nil, skip this check.
|
184
|
-
return false if controller.cookies["#{self.class.calling_system}_inaccessible".to_sym] == session_id unless session_id.nil?
|
185
|
-
# If PDS session already established, authenticate
|
186
|
-
return true unless pds_user.nil?
|
187
|
-
# Establish a PDS session if the user logged in via an alternative SSO mechanism and this isn't being called after login
|
188
|
-
controller.redirect_to sso_url({
|
189
|
-
:return_url => controller.request.url }) if valid_sso_session? unless controller.params["action"] =="validate" or controller.performed?
|
190
|
-
# Otherwise, do not authenticate
|
191
|
-
return false
|
192
|
-
end
|
193
|
-
|
194
|
-
def authorized?
|
195
|
-
# Set all the information that is needed to make an authorization decision
|
196
|
-
set_record and return authorize
|
197
|
-
end
|
198
|
-
|
199
|
-
def authorize
|
200
|
-
# If PDS user is not nil (PDS session already established), authorize
|
201
|
-
!pds_user.nil? && additional_authorization
|
202
|
-
end
|
203
|
-
|
204
|
-
# Get the record associated with this PDS user.
|
205
|
-
def get_record(login)
|
206
|
-
record = klass.find_by_smart_case_login_field(login)
|
207
|
-
record = klass.new login_field => login if record.nil?
|
208
|
-
return record
|
209
|
-
end
|
210
|
-
|
211
|
-
# Set the record information associated with this PDS user.
|
212
|
-
def set_record
|
213
|
-
self.attempted_record = get_record(pds_user.send(pds_record_identifier))
|
214
|
-
self.attempted_record.expiration_date = expiration_date
|
215
|
-
# Do this part only if user data has expired.
|
216
|
-
if self.attempted_record.expired?
|
217
|
-
pds_attributes.each do |record_attr, pds_attr|
|
218
|
-
self.attempted_record.send("#{record_attr}=".to_sym,
|
219
|
-
pds_user.send(pds_attr.to_sym)) if self.attempted_record.respond_to?("#{record_attr}=".to_sym)
|
220
|
-
end
|
221
|
-
pds_user.class.public_instance_methods(false).each do |pds_attr_reader|
|
222
|
-
self.attempted_record.user_attributes = {
|
223
|
-
pds_attr_reader.to_sym => pds_user.send(pds_attr_reader.to_sym) }
|
224
|
-
end
|
225
|
-
end
|
226
|
-
self.attempted_record.user_attributes= additional_attributes
|
227
|
-
end
|
228
|
-
|
229
|
-
# Returns the URL for validating a UserSession on return from a remote login system.
|
230
|
-
def validate_url(params={})
|
231
|
-
url = controller.send(validate_url_name, :return_url => controller.user_session_redirect_url(params[:return_url]))
|
232
|
-
return url if params.nil? or params.empty?
|
233
|
-
url << "?" if url.match('\?').nil?
|
234
|
-
params.each do |key, value|
|
235
|
-
next if [:controller, :action, :return_url].include?(key)
|
236
|
-
url << "&#{self.class.calling_system}_#{key}=#{value}"
|
237
|
-
end
|
238
|
-
return url
|
239
|
-
end
|
240
|
-
|
241
|
-
def validate_url_name
|
242
|
-
@validate_url_name ||= self.class.validate_url_name
|
243
|
-
end
|
244
|
-
|
245
|
-
def institution_attributes
|
246
|
-
@institution_attributes =
|
247
|
-
(controller.current_primary_institution.nil? or controller.current_primary_institution.login.nil?) ?
|
248
|
-
{} : controller.current_primary_institution.login
|
249
|
-
end
|
250
|
-
|
251
|
-
def pds_attributes
|
252
|
-
@pds_attributes ||= self.class.pds_attributes
|
253
|
-
end
|
254
|
-
|
255
|
-
def session_id
|
256
|
-
@session_id ||=
|
257
|
-
(controller.session.respond_to?(:session_id)) ?
|
258
|
-
(controller.session.session_id) ?
|
259
|
-
controller.session.session_id : controller.session[:session_id] : controller.session[:session_id]
|
260
|
-
end
|
261
|
-
|
262
|
-
def anonymous?
|
263
|
-
self.class.anonymous
|
264
|
-
end
|
265
|
-
|
266
|
-
def pds_handle
|
267
|
-
return controller.cookies[:PDS_HANDLE] || controller.params[:pds_handle]
|
268
|
-
end
|
269
|
-
|
270
|
-
def handle_login_exception(error)
|
271
|
-
# Set a cookie saying that we've got some invalid stuff going on
|
272
|
-
# in this session. Either PDS is screwy, OpenSSO is screwy, or both.
|
273
|
-
# Either way, we want to skip logging in since it's problematic (if anonymous).
|
274
|
-
controller.cookies["#{self.class.calling_system}_inaccessible".to_sym] = {
|
275
|
-
:value => session_id,
|
276
|
-
:path => "/" } if anonymous?
|
277
|
-
# If anonymous access isn't allowed, we can't rightfully set the cookie.
|
278
|
-
# We probably should send to a system down page.
|
279
|
-
controller.redirect_to(self.class.login_inaccessible_url)
|
280
|
-
alert_the_authorities error
|
281
|
-
end
|
282
|
-
|
283
|
-
def alert_the_authorities(error)
|
284
|
-
controller.logger.error("Error in #{self.class}. Something is amiss with PDS authentication.\n#{error}\n#{error.backtrace.inspect}}")
|
285
|
-
end
|
286
|
-
end
|
287
|
-
|
288
|
-
module AuthlogicCallbackMethods
|
289
|
-
private
|
290
|
-
# Callback method from Authlogic.
|
291
|
-
# Called while trying to persist the session.
|
292
|
-
def persist_session
|
293
|
-
destroy unless (authenticated? and authorized?) or anonymous?
|
294
|
-
end
|
295
|
-
end
|
296
64
|
end
|
297
65
|
end
|