authpds 0.2.0 → 0.2.1

data/README.rdoc

@@ -145,6 +145,4 @@ method, e.g. :before_persisting, :persist, :after_persisting.  We're using the :
 === Access to the controller in Session
 The class that Session extends, Authologic::Session::Base, has an explicit handle to the current controller via the instance method 
 :controller.  This gives our custom instance methods access to cookies, session information, loggers, etc. and also allows them to 
-perform redirects and renders.
-
-== Build Status {<img src="https://secure.travis-ci.org/scotdalton/authpds.png"/>}[http://travis-ci.org/scotdalton/authpds]
+perform redirects and renders.

data/Rakefile

@@ -24,9 +24,8 @@ Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
   t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
+  t.pattern = 'test/*_test.rb'
   t.verbose = false
 end
 

data/lib/authpds.rb

@@ -1,16 +1,6 @@
-require 'active_support/dependencies'
 require 'authlogic'
-AUTHPDS_PATH = File.dirname(__FILE__) + "/authpds/"
-[ 
-  'acts_as_authentic',
-  'session',
-  'exlibris/pds',
-  'controllers/authpds_controller',
-  'controllers/authpds_sessions_controller'
-].each do |library|
-  require AUTHPDS_PATH + library
-end
-if ActiveRecord::Base.respond_to?(:add_acts_as_authentic_module)
-  ActiveRecord::Base.send(:include, Authpds::ActsAsAuthentic)
-end
+require 'require_all'
+require_all "#{File.dirname(__FILE__)}/authpds/"
+# Only include in active record if the model responds to the Authlogic method add_acts_as_authentic_module
+ActiveRecord::Base.send(:include, Authpds::ActsAsAuthentic) if ActiveRecord::Base.respond_to?(:add_acts_as_authentic_module)
 Authlogic::Session::Base.send(:include, Authpds::Session)

data/lib/authpds/acts_as_authentic.rb

@@ -2,67 +2,10 @@ module Authpds
   module ActsAsAuthentic
     def self.included(klass)
       klass.class_eval do
-        require 'institutions'
-        add_acts_as_authentic_module(InstanceMethods, :prepend)
+        add_acts_as_authentic_module(Authpds::ActsAsAuthentic::CoreAttributes, :prepend)
+        add_acts_as_authentic_module(Authpds::ActsAsAuthentic::Expiration, :append)
+        add_acts_as_authentic_module(Authpds::ActsAsAuthentic::InstitutionAttributes, :append)
       end
     end
-
-    module InstanceMethods
-      def self.included(klass)
-        klass.class_eval do
-          serialize :user_attributes
-          attr_accessor :expiration_date
-        end
-      end
-
-      # Setting the username field also resets the persistence_token if the value changes.
-      def username=(value)
-        write_attribute(:username, value)
-        reset_persistence_token if username_changed?
-      end
-
-      def primary_institution
-        all_institutions[user_attributes[:primary_institution]] unless user_attributes.nil?
-      end
-
-      def primary_institution=(new_primary_institution)
-        new_primary_institution = new_primary_institution.code if new_primary_institution.is_a?(Institutions::Institution)
-        self.user_attributes=({:primary_institution => new_primary_institution.to_sym})
-      end
-
-      def institutions
-        user_attributes[:institutions].collect { |institution|
-          all_institutions[institution] } unless user_attributes.nil?
-      end
-
-      def institutions=(new_institutions)
-        raise ArgumentError.new("Institutions input should be an array.") unless new_institutions.is_a?(Array)
-        new_institutions.collect! { |institution| institution.to_sym }
-        new_institutions.select! { |institution|
-          all_institutions[ new_institutions.is_a?(Institutions::Institution) ? institution.code : institution.to_sym]
-        }
-        self.user_attributes=({:institutions => new_institutions}) unless new_institutions.empty?
-      end
-
-      # "Smart" updating of user_attributes.  Maintains user_attributes that are not explicity overwritten.
-      def user_attributes=(new_attributes)
-        write_attribute(:user_attributes, new_attributes) and return unless new_attributes.kind_of?(Hash)
-        # Set new/updated attributes
-        write_attribute(:user_attributes, (user_attributes || {}).merge(new_attributes))
-      end
-
-      # Returns a boolean based on whether the User has been refreshed recently.
-      # If User#refreshed_at is older than User#expiration_date, the User is expired and the data
-      # may need to be refreshed.
-      def expired?
-        # If the record is older than the expiration date, it is expired.
-        (refreshed_at.nil?) ? true : refreshed_at < expiration_date
-      end
-
-      def all_institutions
-        Institutions.institutions
-      end
-      private :all_institutions
-    end
   end
 end

data/lib/authpds/acts_as_authentic/core_attributes.rb

@@ -0,0 +1,24 @@
+module Authpds
+  module ActsAsAuthentic
+    module CoreAttributes
+      def self.included(klass)
+        klass.class_eval do
+          serialize :user_attributes
+        end
+      end
+
+      # Setting the username field also resets the persistence_token if the value changes.
+      def username=(value)
+        write_attribute(:username, value)
+        reset_persistence_token if username_changed?
+      end
+
+      # "Smart" updating of user_attributes.  Maintains user_attributes that are not explicity overwritten.
+      def user_attributes=(new_attributes)
+        write_attribute(:user_attributes, new_attributes) and return unless new_attributes.kind_of?(Hash)
+        # Set new/updated attributes
+        write_attribute(:user_attributes, (user_attributes || {}).merge(new_attributes))
+      end
+    end
+  end
+end

data/lib/authpds/acts_as_authentic/expiration.rb

@@ -0,0 +1,19 @@
+module Authpds
+  module ActsAsAuthentic
+    module Expiration
+      def self.included(klass)
+        klass.class_eval do
+          attr_accessor :expiration_date
+        end
+      end
+
+      # Returns a boolean based on whether the User has been refreshed recently.
+      # If User#refreshed_at is older than User#expiration_date, the User is expired and the data
+      # may need to be refreshed.
+      def expired?
+        # If the record is older than the expiration date, it is expired.
+        (refreshed_at.nil?) ? true : refreshed_at < expiration_date
+      end
+    end
+  end
+end

data/lib/authpds/acts_as_authentic/institutions_attributes.rb

@@ -0,0 +1,34 @@
+module Authpds
+  module ActsAsAuthentic
+    module InstitutionAttributes
+      require 'institutions'
+
+      def primary_institution
+        all_institutions[user_attributes[:primary_institution]] unless user_attributes.nil?
+      end
+
+      def primary_institution=(new_primary_institution)
+        new_primary_institution = new_primary_institution.code if new_primary_institution.is_a?(Institutions::Institution)
+        self.user_attributes=({:primary_institution => new_primary_institution.to_sym})
+      end
+
+      def institutions
+        user_attributes[:institutions].collect { |institution| all_institutions[institution] } unless user_attributes.nil?
+      end
+
+      def institutions=(new_institutions)
+        raise ArgumentError.new("Institutions input should be an array.") unless new_institutions.is_a?(Array)
+        new_institutions.collect! { |institution| institution.to_sym }
+        new_institutions = new_institutions.select { |institution|
+          all_institutions[ new_institutions.is_a?(Institutions::Institution) ? institution.code : institution.to_sym]
+        }
+        self.user_attributes=({:institutions => new_institutions}) unless new_institutions.empty?
+      end
+
+      def all_institutions
+        @all_institutions ||= Institutions.institutions
+      end
+      private :all_institutions
+    end
+  end
+end

data/lib/authpds/controllers/authpds_controller.rb

@@ -1,71 +1,13 @@
 module Authpds
   module Controllers
     module AuthpdsController
-
-      # Set helper methods when this module is included.
       def self.included(klass)
         klass.class_eval do
-          helper_method :current_user_session, :current_user, :current_primary_institution
+          include Authpds::Controllers::AuthpdsController::CoreAttributes
+          include Authpds::Controllers::AuthpdsController::InstitutionAttributes
+          include Authpds::Controllers::AuthpdsController::UrlHandling
         end
       end
-
-      # Get the current UserSession if it exists
-      def current_user_session
-        @current_user_session ||= UserSession.find
-      end
-
-      # Get the current User if there is a UserSession
-      def current_user
-        @current_user ||= current_user_session.record unless current_user_session.nil?
-      end
-
-      # Determine current primary institution based on:
-      #   0. institutions are not being used (returns nil)
-      #   1. institution query string parameter in URL
-      #   2. institution associated with the client IP
-      #   3. primary institution for the current user
-      #   4. first default institution
-      def current_primary_institution
-        @current_primary_institution ||=
-          (institution_param.nil? or all_institutions[institution_param].nil?) ?
-            (primary_institution_from_ip.nil?) ?
-              (current_user.nil? or current_user.primary_institution.nil?) ?
-                Institutions.defaults.first :
-                  current_user.primary_institution :
-                    primary_institution_from_ip :
-                      all_institutions[institution_param]
-      end
-
-      # Override to add institution.
-      def url_for(options={})
-        options[institution_param_key] ||= institution_param unless institution_param.nil?
-        super options
-      end
-
-      def user_session_redirect_url(url)
-        (url.nil?) ? (request.referer.nil?) ? root_url : request.referer : url
-      end
-
-      # Grab the first institution that matches the client IP
-      def primary_institution_from_ip
-        Institutions.with_ip(request.remote_ip).first unless request.nil?
-      end
-      private :primary_institution_from_ip
-
-      def institution_param_key
-        @institution_param_key ||= UserSession.institution_param_key
-      end
-      private :institution_param_key
-
-      def institution_param
-        params["#{institution_param_key}"].to_sym unless params["#{institution_param_key}"].nil?
-      end
-      private :institution_param
-
-      def all_institutions
-        Institutions.institutions
-      end
-      private :all_institutions
     end
   end
 end

data/lib/authpds/controllers/authpds_controller/core_attributes.rb

@@ -0,0 +1,24 @@
+module Authpds
+  module Controllers
+    module AuthpdsController
+      module CoreAttributes
+        # Set helper methods when this module is included.
+        def self.included(klass)
+          klass.class_eval do
+            helper_method :current_user_session, :current_user
+          end
+        end
+
+        # Get the current UserSession if it exists
+        def current_user_session
+          @current_user_session ||= UserSession.find
+        end
+
+        # Get the current User if there is a UserSession
+        def current_user
+          @current_user ||= current_user_session.record unless current_user_session.nil?
+        end
+      end
+    end
+  end
+end

data/lib/authpds/controllers/authpds_controller/institution_attributes.rb

@@ -0,0 +1,54 @@
+module Authpds
+  module Controllers
+    module AuthpdsController
+      module InstitutionAttributes
+        require 'institutions'
+
+        # Set helper methods when this module is included.
+        def self.included(klass)
+          klass.class_eval do
+            helper_method :current_primary_institution
+          end
+        end
+
+        # Determine current primary institution based on:
+        #   0. institutions are not being used (returns nil)
+        #   1. institution query string parameter in URL
+        #   2. institution associated with the client IP
+        #   3. primary institution for the current user
+        #   4. first default institution
+        def current_primary_institution
+          @current_primary_institution ||=
+            (institution_param.nil? or all_institutions[institution_param].nil?) ?
+              (primary_institution_from_ip.nil?) ?
+                (@current_user.nil? or current_user.primary_institution.nil?) ?
+                  Institutions.defaults.first :
+                    current_user.primary_institution :
+                      primary_institution_from_ip :
+                        all_institutions[institution_param]
+        end
+
+        # Grab the first institution that matches the client IP
+        def primary_institution_from_ip
+          Institutions.with_ip(request.remote_ip).first unless request.nil?
+        end
+        private :primary_institution_from_ip
+
+        def institution_param_key
+          @institution_param_key ||= UserSession.institution_param_key
+        end
+        private :institution_param_key
+
+        def institution_param
+          params["#{institution_param_key}"].to_sym unless params["#{institution_param_key}"].nil?
+        end
+        private :institution_param
+
+        def all_institutions
+          @all_institutions ||= Institutions.institutions
+        end
+        private :all_institutions
+      end
+    end
+  end
+end

data/lib/authpds/controllers/authpds_controller/url_handling.rb

@@ -0,0 +1,18 @@
+module Authpds
+  module Controllers
+    module AuthpdsController
+      module UrlHandling
+        # Override Rails ActionController#url_for to add institution.
+        def url_for(options={})
+          options[institution_param_key] ||= institution_param unless institution_param.nil?
+          super options
+        end
+
+        # Controller method to generate the Appropriate redirect url
+        def user_session_redirect_url(url)
+          (url.nil?) ? (request.referer.nil?) ? root_url : request.referer : url
+        end
+      end
+    end
+  end
+end

data/lib/authpds/controllers/authpds_sessions_controller.rb

@@ -1,7 +1,6 @@
 module Authpds
   module Controllers
     module AuthpdsSessionsController
-
       # GET /user_sessions/new
       # GET /login
       def new

data/lib/authpds/session.rb

@@ -41,257 +41,25 @@ module Authpds
   # is fully generic and can be used for any custom purposes.  :login_url is specific for the case of logging in from a remote sytem.  The
   # two methods can be used in conjuction, but any redirects or renders performed in :before_login, will supercede a redirect to :login_url.
   module Session
+    include Authpds::Session::CoreAttributes
+    include Authpds::Session::Authentication
+    include Authpds::Session::Authorization
+    include Authpds::Session::AuthlogicCallbacks
+    include Authpds::Session::Callbacks
+    include Authpds::Session::ExceptionHandling
+    include Authpds::Session::InstitutionAttributes
+    include Authpds::Session::PdsUser
+    include Authpds::Session::Record
+    include Authpds::Session::UrlHandling
+
     def self.included(klass)
       klass.class_eval do
-        require 'institutions'
-        extend Config
-        include AuthpdsCallbackMethods
-        include InstanceMethods
-        include AuthlogicCallbackMethods
+        extend Authpds::Session::Config
+        # Set the Authlogic Cookie Key
+        cookie_key "#{calling_system}_credentials"
+        # Set the persist_session method
         persist :persist_session
       end
     end
-
-    module Config
-      # Base pds url
-      def pds_url(value = nil)
-        rw_config(:pds_url, value)
-      end
-      alias_method :pds_url=, :pds_url
-
-      # Name of the system
-      def calling_system(value = nil)
-        rw_config(:calling_system, value, "authpds")
-      end
-      alias_method :calling_system=, :calling_system
-
-      # Does the system allow anonymous access?
-      def anonymous(value = nil)
-        rw_config(:anonymous, value, true)
-      end
-      alias_method :anonymous=, :anonymous
-
-      # Mapping of PDS attributes
-      def pds_attributes(value = nil)
-        value.each_value { |pds_attr| pds_attr.gsub!("-", "_") } unless value.nil?
-        rw_config(:pds_attributes, value, {:email => "email", :firstname => "name", :lastname => "name", :primary_institution => "institute" })
-      end
-      alias_method :pds_attributes=, :pds_attributes
-
-      # Custom redirect logout url
-      def redirect_logout_url(value = nil)
-        rw_config(:redirect_logout_url, value, "")
-      end
-      alias_method :redirect_logout_url=, :redirect_logout_url
-
-      # Custom url to redirect to in case of system outage
-      def login_inaccessible_url(value = nil)
-        rw_config(:login_inaccessible_url, value, "")
-      end
-      alias_method :redirect_logout_url=, :redirect_logout_url
-
-      # PDS user method to call to identify record
-      def pds_record_identifier(value = nil)
-        rw_config(:pds_record_identifier, value, :id)
-      end
-      alias_method :pds_record_identifier=, :pds_record_identifier
-
-      # Querystring parameter key for the institution value
-      def institution_param_key(value = nil)
-        rw_config(:institution_param_key, value, "institute")
-      end
-      alias_method :institution_param_key=, :institution_param_key
-
-      # URL name for validation action
-      def validate_url_name(value = nil)
-        rw_config(:validate_url_name, value, "validate_url")
-      end
-      alias_method :validate_url_name=, :validate_url_name
-    end
-
-    module AuthpdsCallbackMethods
-      # Hook for more complicated logic to determine PDS user record identifier
-      def pds_record_identifier
-        @pds_record_identifier ||= self.class.pds_record_identifier
-      end
-
-      # Hook to determine if we should set up an SSO session
-      def valid_sso_session?
-        return false
-      end
-
-      # Hook to provide additional authorization requirements
-      def additional_authorization
-        return true
-      end
-
-      # Hook to add additional user attributes.
-      def additional_attributes
-        {}
-      end
-
-      # Hook to update expiration date if necessary
-      def expiration_date
-        1.week.ago
-      end
-    end
-
-    module InstanceMethods
-      require "cgi"
-
-      def self.included(klass)
-        klass.class_eval do
-          cookie_key "#{calling_system}_credentials"
-        end
-      end
-
-      # URL to redirect to for login.
-      # Preceded by :before_login
-      def login_url(params={})
-        return "#{self.class.pds_url}/pds?func=load-login&institute=#{institution_attributes["link_code"]}&calling_system=#{self.class.calling_system}&url=#{CGI::escape(validate_url(params))}"
-      end
-
-      # URL to redirect to after logout.
-      def logout_url(params={})
-        return "#{self.class.pds_url}/pds?func=logout&url=#{CGI::escape(controller.user_session_redirect_url(self.class.redirect_logout_url))}"
-      end
-
-      # URL to redirect to in the case of establishing a SSO session.
-      def sso_url(params={})
-        return "#{self.class.pds_url}/pds?func=sso&institute=#{institution_attributes["link_code"]}&calling_system=#{self.class.calling_system}&url=#{CGI::escape(validate_url(params))}"
-      end
-
-      def pds_user
-        begin
-          @pds_user ||= Authpds::Exlibris::Pds::BorInfo.new(self.class.pds_url, self.class.calling_system, pds_handle) unless pds_handle.nil?
-          return @pds_user unless @pds_user.nil? or @pds_user.error
-        rescue Exception => e
-          # Delete the PDS_HANDLE, since this isn't working.
-          # controller.cookies.delete(:PDS_HANDLE) unless pds_handle.nil?
-          handle_login_exception e
-          return nil
-        end
-      end
-
-      private
-      def authenticated?
-        authenticate
-      end
-
-      def authenticate
-        # Don't authenticate if the system is inaccessible.
-        # If the application session id is nil, skip this check.
-        return false if controller.cookies["#{self.class.calling_system}_inaccessible".to_sym] == session_id unless session_id.nil?
-        # If PDS session already established, authenticate
-        return true unless pds_user.nil?
-        # Establish a PDS session if the user logged in via an alternative SSO mechanism and this isn't being called after login
-        controller.redirect_to sso_url({
-          :return_url => controller.request.url }) if valid_sso_session? unless controller.params["action"] =="validate" or controller.performed?
-        # Otherwise, do not authenticate
-        return false
-      end
-
-      def authorized?
-        # Set all the information that is needed to make an authorization decision
-        set_record and return authorize
-      end
-
-      def authorize
-        # If PDS user is not nil (PDS session already established), authorize
-        !pds_user.nil? && additional_authorization
-      end
-
-      # Get the record associated with this PDS user.
-      def get_record(login)
-        record = klass.find_by_smart_case_login_field(login)
-        record = klass.new login_field => login if record.nil?
-        return record
-      end
-
-      # Set the record information associated with this PDS user.
-      def set_record
-        self.attempted_record = get_record(pds_user.send(pds_record_identifier))
-        self.attempted_record.expiration_date = expiration_date
-        # Do this part only if user data has expired.
-        if self.attempted_record.expired?
-          pds_attributes.each do |record_attr, pds_attr|
-            self.attempted_record.send("#{record_attr}=".to_sym,
-              pds_user.send(pds_attr.to_sym)) if self.attempted_record.respond_to?("#{record_attr}=".to_sym)
-          end
-          pds_user.class.public_instance_methods(false).each do |pds_attr_reader|
-            self.attempted_record.user_attributes = {
-              pds_attr_reader.to_sym => pds_user.send(pds_attr_reader.to_sym) }
-          end
-        end
-        self.attempted_record.user_attributes= additional_attributes
-      end
-
-      # Returns the URL for validating a UserSession on return from a remote login system.
-      def validate_url(params={})
-        url = controller.send(validate_url_name, :return_url => controller.user_session_redirect_url(params[:return_url]))
-        return url if params.nil? or params.empty?
-        url << "?" if url.match('\?').nil?
-        params.each do |key, value|
-          next if [:controller, :action, :return_url].include?(key)
-          url << "&#{self.class.calling_system}_#{key}=#{value}"
-        end
-        return url
-      end
-
-      def validate_url_name
-        @validate_url_name ||= self.class.validate_url_name
-      end
-
-      def institution_attributes
-        @institution_attributes =
-          (controller.current_primary_institution.nil? or controller.current_primary_institution.login.nil?) ?
-            {} : controller.current_primary_institution.login
-      end
-
-      def pds_attributes
-        @pds_attributes ||= self.class.pds_attributes
-      end
-
-      def session_id
-        @session_id ||=
-          (controller.session.respond_to?(:session_id)) ?
-            (controller.session.session_id) ?
-              controller.session.session_id : controller.session[:session_id] : controller.session[:session_id]
-      end
-
-      def anonymous?
-        self.class.anonymous
-      end
-
-      def pds_handle
-        return controller.cookies[:PDS_HANDLE] || controller.params[:pds_handle]
-      end
-
-      def handle_login_exception(error)
-        # Set a cookie saying that we've got some invalid stuff going on
-        # in this session.  Either PDS is screwy, OpenSSO is screwy, or both.
-        # Either way, we want to skip logging in since it's problematic (if anonymous).
-        controller.cookies["#{self.class.calling_system}_inaccessible".to_sym] = {
-          :value => session_id,
-          :path => "/" } if anonymous?
-        # If anonymous access isn't allowed, we can't rightfully set the cookie.
-        # We probably should send to a system down page.
-        controller.redirect_to(self.class.login_inaccessible_url)
-        alert_the_authorities error
-      end
-
-      def alert_the_authorities(error)
-        controller.logger.error("Error in #{self.class}. Something is amiss with PDS authentication.\n#{error}\n#{error.backtrace.inspect}}")
-      end
-    end
-
-    module AuthlogicCallbackMethods
-      private
-      # Callback method from Authlogic.
-      # Called while trying to persist the session.
-      def persist_session
-        destroy unless (authenticated? and authorized?) or anonymous?
-      end
-    end
   end
 end