casablanca 0.1.1 → 0.2.0

data/History.txt

@@ -1,3 +1,9 @@
+=== 0.2.0 / 2009-02-20
+
+* 1 major enhancement
+
+  * Implemented RenewFilter for rails filter
+  
 === 0.1.0 / 2009-02-18
 
 * 1 major enhancement

data/README.txt

@@ -35,20 +35,23 @@ In IRB:
 
 
 === Rails:
-- environment.rb:
+- Configure your Cas server url in environment.rb:
 
   Casablanca::Rails::Config.config do |config|
      config[:cas_server_url]  = "http://localhost:4567"
-     # Always require new credentials for authentication
-     config[:renew]           = true
   end
   
 
+- Add filters to the protected controllers
 
+For most cases you would want the default filter:
   before_filter Casablanca::Rails::Filter
-  # If you want users without credentials to view the page as well use the Gateway filter
-  # before_filter Casablanca::Rails::GatewayFilter
-
+  
+If you want users without credentials to view the page as well use the Gateway filter
+  before_filter Casablanca::Rails::GatewayFilter
+  
+If you want users to always require new credentials for authentication use the renew filter
+  before_filter Casablanca::Rails::RenewFilter  
 
 - Add something like the following to application.rb to get the current user from the Cas session:
   

data/lib/casablanca/rails/filter.rb

@@ -16,15 +16,10 @@ module Casablanca::Rails
         config = {}
         yield config
         @cas_server_url = config[:cas_server_url]
-        @renew = config[:renew] # always renew the session
         # set logger to rails logger
         Casablanca::Client.logger = ::ActionController::Base.logger        
       end
       
-      def renew
-        @renew
-      end
-      
       def cas_server_url
         @cas_server_url
       end
@@ -74,28 +69,18 @@ module Casablanca::Rails
         Casablanca::Client.logger
       end
       
-      # Always require new credentials for authentication?
-      def renew?
-        Config.renew
-      end
-      
       # Has the user already talked to the Cas server?
       def authentication_required?(controller)
-        (controller.session[:cas_user].nil? || renew?) && controller.params[:ticket].nil?
+        controller.session[:cas_user].nil? && controller.params[:ticket].nil?
       end
 
-      def redirect_to_cas_login(controller, renew)
-        controller.session[:cas_renew] = renew
-        controller.send(:redirect_to, login_url(controller, :renew => renew))
+      def redirect_to_cas_login(controller)
+        controller.send(:redirect_to, login_url(controller))
       end      
 
       def get_credentials(controller)
-        if renew?
-          logger.debug "Always require credentials for authentication"
-        else
-          logger.debug "Not authenticated yet. Ticket parameter required"
-        end
-        redirect_to_cas_login(controller, renew?)
+        logger.debug "Not authenticated yet. Ticket parameter required"
+        redirect_to_cas_login(controller)
         return false
       end        
 
@@ -111,7 +96,7 @@ module Casablanca::Rails
           logger.debug "Ticket authentication failed: #{ticket.failure_message}"
           logout(controller)
           logger.debug "Renew login credentials"
-          redirect_to_cas_login(controller, renew?)
+          redirect_to_cas_login(controller)
           return false
         end
       end        
@@ -145,7 +130,7 @@ module Casablanca::Rails
         return super(controller)
       end
     
-      def redirect_to_cas_login(controller, renew)
+      def redirect_to_cas_login(controller)
         controller.session[:cas_gatewayed] = true
         logger.debug "Redirecting to #{login_url(controller, :gateway => true)}"
         controller.send(:redirect_to, login_url(controller, :gateway => true))
@@ -153,5 +138,31 @@ module Casablanca::Rails
       
     end
   end
+
+  ##
+  # Always require new credentials for authentication?  
+  class RenewFilter < Filter
+
+    class << self
+
+      # Has the user already talked to the Cas server?
+      def authentication_required?(controller)
+        (controller.session[:cas_user].nil? || controller.session[:cas_renewed].nil?) && controller.params[:ticket].nil?
+      end
+
+      def get_credentials(controller)
+        logger.debug "Always require credentials for authentication"
+        redirect_to_cas_login(controller)
+        return false
+      end
+    
+      def redirect_to_cas_login(controller)
+        controller.session[:cas_renewed] = true
+        logger.debug "Redirecting to #{login_url(controller, :renew => true)}"        
+        controller.send(:redirect_to, login_url(controller, :renew => true))
+      end
+      
+    end
+  end  
   
 end

data/lib/casablanca.rb

@@ -1,5 +1,5 @@
 module Casablanca
-  VERSION = '0.1.1'
+  VERSION = '0.2.0'
 end
 require 'casablanca/client'
 require 'casablanca/response_parsers'

data/test/test_rails_filter.rb

@@ -10,10 +10,8 @@ class TestRailsConfig < Test::Unit::TestCase
   def test_config
     Rails::Config.config do |config|
        config[:cas_server_url]  = "http://example.com/cas_server"
-       config[:renew]           = true
     end
     assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller)
-    assert_equal true, Rails::Filter.renew?
   end
   
 end
@@ -71,17 +69,6 @@ class TestRailsFilter < Test::Unit::TestCase
     assert_equal true, Filter.filter(@controller)
     assert_equal 'admin', @controller.session[:cas_user]    
   end
-  
-  def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required
-    Config.config do |config|
-       config[:cas_server_url]  = "http://localhost:4567"
-       config[:renew]  = true
-    end    
-    service_ticket = get_service_ticket    
-    @controller.session = {:cas_user => 'admin'}
-    assert_equal false, Filter.filter(@controller)
-    assert_equal 'admin', @controller.session[:cas_user]    
-  end  
 
   def test_filter_not_authenticated
     assert_equal false, Filter.filter(@controller)
@@ -117,4 +104,34 @@ class TestRailsGatewayFilter < TestRailsFilter
     assert_equal nil, @controller.session[:cas_user]    
   end
 
+end
+
+class TestRailsRenewFilter < TestRailsFilter
+  def setup
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+    end
+    @controller = Controller.new    
+    @controller.params = {}
+  end
+
+  def test_filter_already_authenticated_on_cas_server_but_renew_required
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+    end    
+    service_ticket = get_service_ticket
+    @controller.session = {:cas_user => 'admin'}       
+    assert_equal false, RenewFilter.filter(@controller)
+  end
+
+  def test_filter_already_renewed_with_valid_ticket_from_session_should_not_renew
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+    end    
+    service_ticket = get_service_ticket    
+    @controller.session = {:cas_user => 'admin', :cas_renewed => true}
+    assert_equal true, RenewFilter.filter(@controller)
+    assert_equal 'admin', @controller.session[:cas_user]    
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: casablanca
 version: !ruby/object:Gem::Version 
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors: 
 - Petrik de Heus
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-02-19 00:00:00 +01:00
+date: 2009-02-20 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency