bcms_cas 1.0.1 → 1.1.0

data/README.markdown

@@ -7,8 +7,6 @@ as an example of a server.
 This module will allow user to login to the public area of the CMS, using the Login Form Portlet. It does not handle users that need to
 log into the CMS administrative area. It also handles single logout by redirecting the user to cas /logout service.
 
-As of 1.0.1, this is now managed via gemcutter.
-
 ## A. Instructions
 Here are the necessary steps to install this module.
 
@@ -16,7 +14,7 @@ Here are the necessary steps to install this module.
 2. Install the rubycas-client gem (See B below)
 3. Install the bcms_cas module, and configure it to point to your CAS server (see C below).
 4. Migrate the database to add the CAS Group (See D below)
-5. Alter the Login Form Portlet to submit to the CAS server. (See E below)
+5. Create a Login Form to submit to the CAS server. (See E below)
 
 ## B. Installing RubyCAS-Client
 This project depends on RubyCAS-client (http://code.google.com/p/rubycas-client/). RubyCAS-Client is a standard Rails PluginGem, and the instructions
@@ -28,66 +26,33 @@ This will add the latest version of a gem. The bcms_cas module will require the
 make any configuration changes in your rails project.
 
 ## C. Installing/Configuring the Module
-To install a BrowserCMS module follow the instructions here http://www.browsercms.org/doc/guides/html/installing_modules.html .
-After that you will need to configure the rubycas-client to point to the correct CAS server, along with any other
-configuration options you need. Add the following to your config/initializers/browsercms.rb:
+To install a BrowserCMS module see the following instructions http://www.browsercms.org/doc/guides/html/installing_modules.html . After you add the gem to your
+environment.rb, run the following command to generate the necessary configuration files.
 
+    $ ./script/generate bcms_cas
 
-    CASClient::Frameworks::Rails::Filter.configure(
-      :cas_base_url => "https://cas.yourdomainname.org",
-      :extra_attributes_session_key => :cas_extra_attributes
-    )
+This will generate several files. You will then need to edit one of them to point to the CAS server. Edit the config/initializers/bcms_cas.rb and change the server_url
+value to whatever domain name your cas server is located at. The file should look similar to this:
 
-Make sure your SITE_DOMAIN variable in production/development is correctly set to the right top level domain. This will be needed
-to allow redirects between the servers to happen correctly (it requires Absolute URLs). For example, in config/environments/production.rb:
+    Cas::Module.configure do |config|
+      config.server_url = "https://cas.yourdomainname.com"
+    end
 
-    SITE_DOMAIN="www.yourdomainname.com"
+Next edit the production.rb to make sure your SITE_DOMAIN variable in production is correctly set to the right top level domain. This will be needed
+to allow redirects between the servers to happen correctly (it requires Absolute URLs).
 
-### Extra Attributes (Optional)
-The :extra_attributes_session_key may not be needed, depending on what type of Authenticator your CAS server is using. You can
-safely leave it out if you are just using the normal CMS logic. A CAS server can send additional information back, and these will be stored as
-session variables that can be accessed in other methods.
+    SITE_DOMAIN="www.yourdomainname.com"
 
-## D. Add/Configure the 'CAS Authenticated User' Group
+## D. Configure the 'CAS Authenticated User' Group
 When you run rake db:migrate, this module will add a new group to the CMS called 'CAS Authenticated Users'. All users that
 log in successfully will be assigned to members of this group. You will potentially want to rename this group to something
 that more accurately reflects who these users are (i.e. Members, Staff, etc) and then set which sections of the website this
 group can visit.
 
-## E. Configure Login Form Portlet
-Alter the Login Form portlet to look something like this:
-
-    <% form_tag "https://cas.yourdomainname.org" do %>
-        <%= login_ticket_tag %>
-        <%= service_url_tag %>
-        <p>
-            <%= label_tag :login %>
-            <%= text_field_tag :username, @login %>
-        </p>
-        <p>
-            <%= label_tag :password %>
-            <%= password_field_tag :password %>
-            </p>
-        <p>
-            <%= label_tag :remember_me %>
-            <%= check_box_tag :remember_me, '1', @remember_me %>
-        </p>
-        <p><%= submit_tag "Login" %></p>
-    <% end %>
-
-The key changes are:
-
-1. The form needs to submit directly to the CAS server
-2. You need to add helpers for login_ticket_tag and service_url_tag. These generate hidden parameters CAS services need.
-3. Change the username parameter from :login to :username
-
-You must also create a file in your project called: app/portlets/helpers/login_portlet_helper.rb, with the following contents:
-
-        module LoginPortletHelper
-          include Cas::Login
-        end
-
-This will add the needed methods for the above class.
+## E. Create a Login Form
+
+Via the BrowserCMS UI, create a page and place a Login Form portlet on it. It should use the newly generated login view created by the bcms_cas generator. If
+the module is configured correctly, then logging in should correctly establish a CAS session.
 
 F. Known Issues
 
@@ -99,4 +64,5 @@ F. Known Issues
 * The CAS Login page has to be styled to match the look and feel of the site.
 * If the user types in wrong username/pw on CMS login form, they will be left on the CAS Login page, with message.
 * Every hit to a page with the login form portlet is fetching a LT from CAS. This is potentially slow. [Performance]
+* A user that logs in as a CAS user and then as a cmsadmin will experience odd UI permission problems. This is due to CMS login not correctly clearing all session state.
 

data/app/models/cas_user.rb

@@ -1,20 +1,24 @@
 #
-# This represents a user was autheniticated using a CAS service. Their user data is not saved in the database (in the users table_,
+# This represents a user was authenticated using a CAS service. Their user data is not saved in the database (in the users table_,
 # but is retrieved from an external service and stored purely as session data.
 #
 #
-class CasUser < GuestUser
+class CasUser < Cms::TemporaryUser
 
   GROUP_NAME = "cas_group"
 
   def initialize(attributes={})
     super({ :first_name => "CAS", :last_name => "User"}.merge(attributes))
-    @guest = false
   end
 
   # Using a single group for now. (This will need to be mapped to more groups later).
-  def group
-    @group ||= Group.find_by_code(GROUP_NAME)
+  def groups
+    @groups ||= [group]
   end
 
+  # @deprecated
+  # This exists only for backwards compatibility for when this used to inherit from GuestUser. It should be removed in 1.2.
+  def group
+    Group.find_by_code(GROUP_NAME)
+  end
 end

data/app/models/cms/temporary_user.rb

@@ -0,0 +1,27 @@
+module Cms
+
+  # This represents a 'temporary' user who is never stored in the database, but lives only as a limited duration (generally tied to a session)
+  # This can be used to represent an externally verified user who should be granted access to areas of the site.
+  class TemporaryUser < User
+
+    # Shouldn't save these users to the db.
+    def save(perform_validations=true)
+      false
+    end
+
+    # Shouldn't save these users to the db.
+    def save!(perform_validation=true)
+      raise NotImplementedError
+    end
+
+    # Determines if this user has access to the CMS UI.
+    #
+    # Note: This overrides User.cms_access? which is implicitly dependant on groups being a proxy/has_many Array, rather than
+    # just an array of groups.
+    def cms_access?
+      groups.each do |g|
+        return true if g.cms_access?
+      end
+    end
+  end
+end

data/lib/{cas → bcms_cas}/authentication.rb

@@ -1,4 +1,4 @@
-require 'cas/utils'
+require 'bcms_cas/utils'
 require 'casclient'
 require 'casclient/frameworks/rails/filter'
 
@@ -20,25 +20,23 @@ module Cas
 
     # Each instance of the controller will gain these methods.
     module InstanceMethods
+
+      # This exists because we want to force this to happen AFTER login_from_cas_ticket. There may be a better way to do this.
       def check_access_to_page_normally
-        logger.warn "Checking auth using normal Cms filter."
         check_access_to_page
       end
 
       # Attempts to set the current user based on the session attribute set by CAS.
       def login_from_cas_ticket
-        logger.debug "Attempting to login using CAS session variable."
+        logger.debug "Checking for cas login. The current_user is '#{@current_user.login}'." if @current_user
         if session[:cas_user]
-          logger.warn "Who is @current_user '#{@current_user.login}'?" if @current_user
-          logger.warn "Who is User.current '#{User.current.login}'?" if User.current
-
           user = CasUser.new(:login=>session[:cas_user])
 
           # Having to set both of these feels very duplicative. Ideally I would like a way
-          #   to set only once, but calling current_user= has sideeffects.
+          #   to set only once, but calling current_user= has side effects.
           @current_user = User.current = user
 
-          logger.info "Found session[:cas_user]. Created CasUser with login '#{user.login}' and set as current_user." if @current_user
+          logger.debug "CasUser information found in session. Setting current_user as '#{user.login}" if @current_user
         end
         @current_user
       end
@@ -57,7 +55,7 @@ module Cas
     module InstanceMethods
 
       def destroy_with_cas
-        logger.info "Handle single logout."
+        logger.debug "Logging user out of both cms and CAS server."
         logout_user
         Cas::Utils.logout(self, "http://#{SITE_DOMAIN}/")
       end

data/lib/bcms_cas/configuration.rb

@@ -0,0 +1,25 @@
+module Cas
+
+  module Module
+
+    class << self
+
+      attr_accessor :configuration
+      
+      def configure()
+        self.configuration ||= Configuration.new
+        yield(configuration)
+        self.configuration.execute
+      end
+    end
+  end
+
+  class Configuration
+    attr_accessor :server_url
+
+    def execute
+      params = {:cas_base_url => server_url, :extra_attributes_session_key => :cas_extra_attributes}
+      CASClient::Frameworks::Rails::Filter.configure(params)
+    end
+  end
+end

data/lib/{cas → bcms_cas}/login_portlet_extension.rb

@@ -16,7 +16,10 @@ module Cas::LoginPortlet
 
   ##
   # Returns the URL to the CAS login service.
-  def login_url
-    CASClient::Frameworks::Rails::Filter.login_url         
+  #
+  def login_url_tag
+    CASClient::Frameworks::Rails::Filter.login_url(@controller)      
   end
+
+  alias_method :login_url, :login_url_tag
 end

data/lib/bcms_cas.rb

@@ -1,3 +1,4 @@
 require 'bcms_cas/routes'
-require 'cas/authentication'
-require 'cas/login_portlet_extension'
+require 'bcms_cas/configuration'
+require 'bcms_cas/authentication'
+require 'bcms_cas/login_portlet_extension'

data/rails/init.rb

@@ -1,3 +1,6 @@
+# This seems necessary in order for rake gems:unpack to work.
+require 'browsercms'
+
 gem_root = File.expand_path(File.join(File.dirname(__FILE__), ".."))
 Cms.add_to_rails_paths gem_root
 Cms.add_generator_paths gem_root, "db/migrate/[0-9]*_*.rb"

data/rails_generators/bcms_cas/bcms_cas_generator.rb

@@ -0,0 +1,16 @@
+class BcmsCasGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.template "initializer.rb", "config/initializers/bcms_cas.rb"
+
+      # Provide a different default template for the Login Form.
+      m.directory File.join('app/views/portlets/login')
+      m.template "render.html.erb", "app/views/portlets/login/render.html.erb"
+
+      # Provide a helper for Login Form Portlet (this is a workaround for a core CMS bug where portlet helpers are not loaded from gems)
+      m.directory File.join('app/portlets/helpers')
+      m.template "login_portlet_helper.rb", "app/portlets/helpers/login_portlet_helper.rb"
+    end
+  end
+end

data/rails_generators/bcms_cas/templates/initializer.rb

@@ -0,0 +1,3 @@
+Cas::Module.configure do |config|
+  config.server_url = "https://some.domain.com"
+end

data/rails_generators/bcms_cas/templates/login_portlet_helper.rb

@@ -0,0 +1,4 @@
+# Necessary only while BrowserCMS can't load portlet helpers from gems. (Bug See https://browsermedia.lighthouseapp.com/projects/28481/tickets/280-loginportlethelper-methods-cant-be-found-in-loginportlet)
+module LoginPortletHelper
+  include Cas::LoginPortlet
+end

data/rails_generators/bcms_cas/templates/render.html.erb

@@ -0,0 +1,18 @@
+<%%# This will override the 'Stock' view provided by the LoginFormPortlet in order to make it work with CAS. -%>
+<%% form_tag login_url_tag do %>
+    <%%= login_ticket_tag %>
+    <%%= service_url_tag %>
+    <p>
+      <%%= label_tag :login %>
+      <%%= text_field_tag :username, @login %>
+    </p>
+    <p>
+      <%%= label_tag :password %>
+      <%%= password_field_tag :password %>
+    </p>
+    <p>
+      <%%= label_tag :remember_me %>
+      <%%= check_box_tag :remember_me, '1', @remember_me %>
+    </p>
+    <p><%%= submit_tag "Login" %></p>
+<%% end %>

data/test/unit/cas/configuration_test.rb

@@ -0,0 +1,25 @@
+require "test_helper"
+require 'mocha'
+
+class CasConfigurationTest < ActiveSupport::TestCase
+
+  def setup
+
+  end
+
+  def teardown
+
+  end
+
+  test "Simplified syntax for configuration that hides the details of the RubyCas-Client" do
+    expected_params = {:cas_base_url => "https://some.domain.com", :extra_attributes_session_key => :cas_extra_attributes}
+    CASClient::Frameworks::Rails::Filter.expects(:configure).with(expected_params)
+
+    Cas::Module.configure do |config|
+      config.server_url = "https://some.domain.com"
+    end
+
+    cfg = Cas::Module.configuration
+    assert_equal "https://some.domain.com", cfg.server_url
+  end
+end

data/test/unit/cas/login_portlet_test.rb

@@ -7,6 +7,10 @@ end
 
 class LoginPortletTest < ActiveSupport::TestCase
 
+  def setup
+    @obj = LoginObject.new
+  end
+
   test "service_url_tag" do
     obj = LoginObject.new
     assert obj.respond_to?(:service_url_tag)
@@ -30,4 +34,11 @@ class LoginPortletTest < ActiveSupport::TestCase
     assert_equal "http://example.com", obj.login_url
   end
 
+  test "Alias (to avoid helper conflicts)" do
+    CASClient::Frameworks::Rails::Filter.expects(:login_url).returns("http://example.com")
+
+    assert_equal "http://example.com", @obj.login_url_tag
+  end
+
+
 end

data/test/unit/cas_user_test.rb

@@ -3,22 +3,20 @@ require 'test_helper'
 class CasUserTest < ActiveSupport::TestCase
 
   def setup
-    @s = Section.create!(:name=>"root", :root=>true, :path=>"/")
-    @p = Page.create!(:name=>"Home", :section=>@s, :path=>"/p")
-    @g = Group.create!(:name=>"G", :code=>"cas_group")
-    @g.sections = Section.all
+    @viewable_section = Section.create!(:name=>"root", :root=>true, :path=>"/")
+    @viewable_page = Page.create!(:name=>"Home", :section=>@viewable_section, :path=>"/p")
+    @cas_group = Group.create!(:name=>"G", :code=>"cas_group")
+    @cas_group.sections = Section.all
   end
 
   test "group returns the cas_group" do
     user = CasUser.new
-
-    assert_equal @g, user.group
+    assert_equal @cas_group, user.group
   end
 
   test "cas_user should be able to view all sections (based on group)" do
     user = CasUser.new
-
-    assert user.able_to_view?(@p)
+    assert user.able_to_view?(@viewable_page)
   end
 
   test "setting login" do
@@ -31,5 +29,11 @@ class CasUserTest < ActiveSupport::TestCase
     assert !user.guest?
   end
 
+  test "determine if a user has cms_access" do
+    user = CasUser.new
+    user.groups << @cas_group
 
+    @cas_group.expects(:cms_access?).returns(true)
+    assert_equal true, user.cms_access? 
+  end
 end

data/test/unit/cms/temporary_user_test.rb

@@ -0,0 +1,42 @@
+require "test_helper"
+
+class TemporaryUserTest < ActiveSupport::TestCase
+
+  MINIMUM_VALID_ATTRIBUTES = {:login=>"abc@bm.com", :password=>"123", :password_confirmation=>"123", :email=>"abc@bm.com"}
+  def setup
+    @user = Cms::TemporaryUser.new(MINIMUM_VALID_ATTRIBUTES)
+  end
+
+  def teardown
+
+  end
+
+  test "Should not be able to save or save!" do
+    
+    assert_equal false, @user.save
+    assert_equal true, @user.valid?
+
+    assert_raise NotImplementedError do
+      @user.save! 
+    end
+
+  end
+  test "Shouldn't be able to update attributes" do
+    assert_equal false, @user.update_attribute(:login, "OTHER")
+    assert_equal false, @user.update_attributes({:login =>"OTHER"})
+  end
+
+  test "Should belong to no groups by default" do
+    assert_equal 0, @user.groups.size
+  end
+end
+
+
+class GuestUserTest <ActiveSupport::TestCase
+
+  test "Verify save behavior of Guest is similar to TemporaryUser" do
+    guest = GuestUser.new(TemporaryUserTest::MINIMUM_VALID_ATTRIBUTES)
+    assert_equal false, guest.save()
+    assert_equal true, guest.valid?
+  end
+end

data/test/unit/helpers/login_portlet_helper_test.rb

@@ -7,4 +7,10 @@ class LoginPortletHelperTest < ActionView::TestCase
     ticket = Cas::Utils.expects(:fetch_lt_from_cas).with().returns("ABC")
     assert_equal hidden_field_tag( :lt, "ABC"), login_ticket_tag
   end
+
+  test "Get login URL" do
+    @controller = mock
+    CASClient::Frameworks::Rails::Filter.expects(:login_url).with(@controller).returns("http://someurl.com")
+    assert_equal "http://someurl.com", login_url_tag
+  end
 end

metadata

@@ -1,7 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: bcms_cas
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
+  hash: 19
+  prerelease: false
+  segments: 
+  - 1
+  - 1
+  - 0
+  version: 1.1.0
 platform: ruby
 authors: 
 - BrowserMedia
@@ -9,29 +15,38 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-01-19 00:00:00 -05:00
+date: 2010-09-30 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: browsercms
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 3.0.6
-    version: 
+        hash: 5
+        segments: 
+        - 3
+        - 1
+        version: "3.1"
+  type: :runtime
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency 
   name: rubycas-client
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
         version: "0"
-    version: 
+  type: :runtime
+  version_requirements: *id002
 description: Allows a BrowserCMS project to connect to a CAS server to authenticate users.
 email: github@browsermedia.com
 executables: []
@@ -42,14 +57,29 @@ extra_rdoc_files:
 - README.markdown
 files: 
 - app/models/cas_user.rb
+- app/models/cms/temporary_user.rb
 - db/migrate/20091002162550_add_cas_user_group.rb
 - lib/bcms_cas.rb
+- lib/bcms_cas/authentication.rb
+- lib/bcms_cas/configuration.rb
+- lib/bcms_cas/login_portlet_extension.rb
 - lib/bcms_cas/routes.rb
-- lib/cas/authentication.rb
-- lib/cas/login_portlet_extension.rb
-- lib/cas/utils.rb
+- lib/bcms_cas/utils.rb
 - rails/init.rb
+- rails_generators/bcms_cas/bcms_cas_generator.rb
+- rails_generators/bcms_cas/templates/initializer.rb
+- rails_generators/bcms_cas/templates/login_portlet_helper.rb
+- rails_generators/bcms_cas/templates/render.html.erb
 - README.markdown
+- test/performance/browsing_test.rb
+- test/test_helper.rb
+- test/unit/cas/cas_authentication_test.rb
+- test/unit/cas/configuration_test.rb
+- test/unit/cas/login_portlet_test.rb
+- test/unit/cas_user_test.rb
+- test/unit/cas_utils_test.rb
+- test/unit/cms/temporary_user_test.rb
+- test/unit/helpers/login_portlet_helper_test.rb
 has_rdoc: true
 homepage: http://browsercms.org
 licenses: []
@@ -60,21 +90,27 @@ rdoc_options:
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
-  version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
-  version: 
 requirements: []
 
 rubyforge_project: browsercms
-rubygems_version: 1.3.5
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: A CAS Module for BrowserCMS
@@ -82,7 +118,9 @@ test_files:
 - test/performance/browsing_test.rb
 - test/test_helper.rb
 - test/unit/cas/cas_authentication_test.rb
+- test/unit/cas/configuration_test.rb
 - test/unit/cas/login_portlet_test.rb
 - test/unit/cas_user_test.rb
 - test/unit/cas_utils_test.rb
+- test/unit/cms/temporary_user_test.rb
 - test/unit/helpers/login_portlet_helper_test.rb