casablanca 0.0.3 → 0.1.0

data/History.txt

@@ -1,11 +1,17 @@
+=== 0.1.0 / 2009-02-18
+
+* 1 major enhancement
+
+  * Implemented gatewaying for rails filter
+  
 === 0.0.2 / 2009-01-07
 
 * 1 major enhancement
 
-  * Implmented renew
+  * Implemented renew
   * Added logger
 
-=== 0.0.2 / 2009-01-07
+=== 0.0.1 / 2009-01-07
 
 * 1 major enhancement
 

data/Manifest.txt

@@ -2,15 +2,18 @@ History.txt
 Manifest.txt
 README.txt
 Rakefile
-init.rb
 bin/casablanca
+init.rb
 lib/casablanca.rb
 lib/casablanca/cli.rb
 lib/casablanca/client.rb
-lib/casablanca/filters/rails.rb
+lib/casablanca/rails/cas_proxy_callback_controller.rb
+lib/casablanca/rails/filter.rb
 lib/casablanca/response_parsers.rb
+test/mocks.rb
 test/test_client.rb
 test/test_helper.rb
 test/test_parser.rb
+test/test_rails_cas_proxy_callback_controller.rb
 test/test_rails_filter.rb
-test/test_ticket.rb
+test/test_ticket.rb

data/README.txt

@@ -4,20 +4,20 @@
 
 == DESCRIPTION:
 
-Casablanca is a single sign-on client for the CAS 2.0 protocol.
+Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 
 == FEATURES:
 
 * Includes a commandline Client to test getting service tickets from a CAS server
 * It can be run as a Rails plugin.
-* Gatewaying (permitting the user to continue without authentication).
+* Gatewaying (permitting the user to continue without authentication) is not implemented.
+  Just skip the filter for those actions.
 
 == TODO:
 
 * Add extra attributes returned from the server
-* Implement proxing
+* Implement proxying
 * Check for single signout
-* Check for endless redirects
 
 == SYNOPSIS:
 
@@ -39,16 +39,15 @@ In IRB:
 In a Rails project:
 - environment.rb:
 
-  Casablanca::RailsFilter.config do |config|
+  Casablanca::Rails::Config.config do |config|
      config[:cas_server_url]  = "http://localhost:4567"
-     config[:service_url]     = "http://localhost:3000"
      # Always require new credentials for authentication
      config[:renew]           = true
   end
   
 - Add the following to application.rb:
 
-  before_filter Casablanca::RailsFilter
+  before_filter Casablanca::Rails::Filter
   
   def current_person
     @current_person ||= login_from_cas unless @current_person == false
@@ -64,7 +63,7 @@ In a Rails project:
 
 - Add the following to you logout action
 
-  Casablanca::RailsFilter.logout(self)
+  Casablanca::Rails::Filter.logout(self)
   
 == REQUIREMENTS:
 

data/Rakefile

@@ -5,7 +5,7 @@ require 'hoe'
 require 'lib/casablanca.rb'
 
 Hoe.new('casablanca', Casablanca::VERSION) do |p|
-  p.developer('FIX', 'FIX@example.com')
+  p.developer('Petrik de Heus', 'FIX@example.com')
   p.remote_rdoc_dir = '' # Release to root  
 end
 

data/init.rb

@@ -1,3 +1,3 @@
 $: << File.expand_path(File.dirname(__FILE__))+'/lib'
 require 'casablanca'
-require 'casablanca/filters/rails'
+require 'casablanca/rails/filter'

data/lib/casablanca.rb

@@ -1,5 +1,5 @@
 module Casablanca
-  VERSION = '0.0.3'
+  VERSION = '0.1.0'
 end
 require 'casablanca/client'
 require 'casablanca/response_parsers'

data/lib/casablanca/client.rb

@@ -28,7 +28,9 @@ module Casablanca
     def login_url(params={})
       uri = URI.parse("#{@cas_server_url}/login")
       query = {:service => @service_url}
+      # TODO Check that only one of these can be set
       query[:renew] = 'true' if params[:renew]
+      query[:gateway] = 'true' if params[:gateway]      
       uri.merge_query(query)
       uri.to_s
     end

data/lib/casablanca/rails/cas_proxy_callback_controller.rb

@@ -0,0 +1,2 @@
+class CasProxyCallbackController < ActionController::Base
+end

data/lib/casablanca/rails/filter.rb

@@ -0,0 +1,157 @@
+module Casablanca::Rails
+   
+    class Config
+
+    class << self
+
+      ##
+      # Configure the client
+      #
+      #   Casablanca::Rails::Config.config do |config|
+      #     config[:cas_server_url]  = "http://localhost:4567"
+      #     # Always require new credentials for authentication
+      #     config[:renew]           = true
+      #   end
+      def config
+        config = {}
+        yield config
+        @cas_server_url = config[:cas_server_url]
+        @renew = config[:renew] # always renew the session
+        # set logger to rails logger
+        Casablanca::Client.logger = ::ActionController::Base.logger        
+      end
+      
+      def renew
+        @renew
+      end
+      
+      def cas_server_url
+        @cas_server_url
+      end
+      
+    end
+  end  
+  
+  class Filter
+
+    class << self
+      
+      ##
+      # Require a authenticated user to the CAS server otherwise redirect to
+      # the CAS server login url.
+      # Set session[:cas_user] to the authenticated CAS user if authenticated
+      def filter(controller)        
+        if authentication_required?(controller)
+          return get_credentials(controller)
+        elsif controller.params[:ticket]
+          return authenticate_ticket(controller)
+        else
+          return true
+        end
+      end
+
+      ##
+      # The login url of the Cas server. This page has the login form.
+      def login_url(controller, params={})
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))        
+        client.login_url(params)
+      end
+
+      ##
+      # The logout url of the Cas server.
+      def logout_url(controller, params={})
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))
+        client.logout_url(params)
+      end
+      
+      ##
+      # Logs out of the Cas server.      
+      def logout(controller)
+        controller.session[:cas_user] = nil
+      end
+      
+      def logger
+        Casablanca::Client.logger
+      end
+      
+      # Always require new credentials for authentication?
+      def renew?
+        Config.renew
+      end
+      
+      # Has the user already talked to the Cas server?
+      def authentication_required?(controller)
+        (controller.session[:cas_user].nil? || renew?) && controller.params[:ticket].nil?
+      end
+
+      def redirect_to_cas_login(controller, renew)
+        controller.session[:cas_renew] = renew
+        controller.send(:redirect_to, login_url(controller, :renew => renew))
+      end      
+
+      def get_credentials(controller)
+        if renew?
+          logger.debug "Always require credentials for authentication"
+        else
+          logger.debug "Not authenticated yet. Ticket parameter required"
+        end
+        redirect_to_cas_login(controller, renew?)
+        return false
+      end        
+
+      def authenticate_ticket(controller)
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))
+        ticket = Casablanca::Ticket.new(controller.params[:ticket], client.service_url, controller.session[:cas_renew])
+        if client.authenticate_ticket(ticket)
+          logger.debug "Ticket authenticated"
+          controller.session[:cas_user] = ticket.user
+          controller.session[:cas_renew] = nil
+          return true
+        else          
+          logger.debug "Ticket authentication failed: #{ticket.failure_message}"
+          logout(controller)
+          logger.debug "Renew login credentials"
+          redirect_to_cas_login(controller, renew?)
+          return false
+        end
+      end        
+
+      private
+
+      def service_url(controller)
+        params = controller.params.merge(:only_path => false).dup
+        params.delete(:ticket)
+        controller.url_for(params)
+      end        
+      
+    end
+  end
+
+
+  class GatewayFilter < Filter
+
+    class << self
+
+      # # Has the user already talked to the Cas server?
+      # def authentication_required?(controller)
+      #   super(controller)      
+      # end    
+
+      def get_credentials(controller)
+        if controller.session[:cas_gatewayed]
+          logger.debug "Allow user without credentials because gateway is set"
+          return true
+        end
+        return super(controller)
+      end
+    
+      def redirect_to_cas_login(controller, renew)
+        controller.session[:cas_gatewayed] = true
+        logger.debug "Redirecting to #{login_url(controller, :gateway => true)}"
+        controller.send(:redirect_to, login_url(controller, :gateway => true))
+      end
+      
+    end
+  end
+  
+end

data/test/mocks.rb

@@ -0,0 +1,66 @@
+
+class MockResponse < Net::HTTPResponse
+  attr_accessor :body, :code
+  def initialize(body, code=200, header={})
+      @body, @code, @header = body, code, header
+  end
+
+  def []= key, value
+      @header[key.to_sym] = value
+  end
+
+  def [] key
+      @header[key.to_sym]
+  end
+  
+  def kind_of?(klass)
+    if klass == Net::HTTPSuccess
+      code.to_i == 200
+    end
+  end
+end
+
+module ActionController
+  class Base
+    def self.logger
+      @logger = ::Logger.new($stderr)
+      @logger.level = LOGGER_LEVEL
+      @logger
+    end
+  end
+end
+
+class Controller < ActionController::Base
+  attr_accessor :params, :session
+  def initialize
+    @session = {}
+  end
+  
+  def request
+    Request.new
+  end
+  
+  def url_for(url)
+    if url.is_a? Hash
+      return "http://localhost:3000" if url[:only_path] == false
+    end
+    url
+  end
+  
+  def redirect_to(url)
+  end
+  
+  private
+  
+  def reset_session
+    @session = {}
+  end
+end
+
+class Request
+  def headers
+    {}
+  end
+  def post?
+  end
+end

data/test/test_client.rb

@@ -92,9 +92,9 @@ class TestCommandLineClient < Test::Unit::TestCase
     mock_get_service_ticket(@client)
     service_ticket = @client.login('admin', 'admin')
     assert_equal 37, @client.ticket_granting_ticket.size    
-    # if MOCK_REQUESTS
-      # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
-    # end
+    if MOCK_REQUESTS
+      @client.expects(:get).returns(MockResponse.new('<html></html>', '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
+    end
     service_ticket = @client.logout
     assert_equal nil, @client.ticket_granting_ticket
   end
@@ -103,9 +103,9 @@ class TestCommandLineClient < Test::Unit::TestCase
     mock_get_service_ticket(@client)
     service_ticket = @client.login('admin', 'admin')
     assert_equal 37, @client.ticket_granting_ticket.size    
-    # if MOCK_REQUESTS
-      # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
-    # end
+    if MOCK_REQUESTS
+      @client.expects(:get).returns(MockResponse.new('<html></html>', '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
+    end
     service_ticket = @client.logout('follow_url')
     assert_equal nil, @client.ticket_granting_ticket
     # TODO check for follow_url

data/test/test_helper.rb

@@ -1,11 +1,16 @@
-require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca.rb')))
-require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'filters', 'rails.rb')))
 require 'test/unit'
 require 'rubygems'
 require 'mocha'
+# require 'logger'
+require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca.rb')))
+require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'client.rb')))
+require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'rails', 'filter.rb')))
+require(File.expand_path(File.join(File.dirname(__FILE__), 'mocks.rb')))
+require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'rails', 'cas_proxy_callback_controller.rb')))
 
 # set to false if you're integration testing against a real server
-MOCK_REQUESTS = true
+MOCK_REQUESTS = true unless defined? MOCK_REQUESTS
+LOGGER_LEVEL = Logger::WARN unless defined? LOGGER_LEVEL
 
 class Test::Unit::TestCase
   include Casablanca
@@ -31,27 +36,7 @@ class Test::Unit::TestCase
   end 
 end
 
-class MockResponse < Net::HTTPResponse
-  attr_accessor :body, :code
-  def initialize(body, code=200, header={})
-      @body, @code, @header = body, code, header
-  end
-
-  def []= key, value
-      @header[key.to_sym] = value
-  end
-
-  def [] key
-      @header[key.to_sym]
-  end
-  
-  def kind_of?(klass)
-    if klass == Net::HTTPSuccess
-      code.to_i == 200
-    end
-  end
-end
-
+unless defined? VALID_REQUEST
 VALID_REQUEST = %(
 <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
   <cas:authenticationSuccess>
@@ -74,4 +59,5 @@ INVALID_TICKET = %(
   Ticket ST-1231242314r72465638160B31E8D1 not recognized.
   </cas:authenticationFailure>
 </cas:serviceResponse>
-)
+)
+end

data/test/test_rails_cas_proxy_callback_controller.rb

@@ -0,0 +1,6 @@
+require File.join(File.dirname(__FILE__), 'test_helper.rb')
+
+class TestRailsCasProxyCallbackController < Test::Unit::TestCase
+  def test_default
+  end
+end

data/test/test_rails_filter.rb

@@ -1,51 +1,59 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+  require File.join(File.dirname(__FILE__), 'test_helper.rb')
+
+class TestRailsConfig < Test::Unit::TestCase  
+  
+  def setup
+    @controller = Controller.new    
+    @controller.params = {}
+  end
+    
+  def test_config
+    Rails::Config.config do |config|
+       config[:cas_server_url]  = "http://example.com/cas_server"
+       config[:renew]           = true
+    end
+    assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller)
+    assert_equal true, Rails::Filter.renew?
+  end
+  
+end
 
 class TestRailsFilter < Test::Unit::TestCase
+  include Casablanca::Rails
   def setup
-    Casablanca::RailsFilter.config do |config|
+    Config.config do |config|
        config[:cas_server_url]  = "http://localhost:4567"
-       config[:service_url]     = "http://localhost:3000"
     end
     @controller = Controller.new    
-    @controller.params = {}       
+    @controller.params = {}
   end
   
   def test_login_url
-    assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', RailsFilter.login_url
+    assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', Filter.login_url(@controller)
   end
 
   def test_login_url_with_params
-    url = RailsFilter.login_url(:renew => true)
+    url = Filter.login_url(@controller, :renew => true)
     assert_equal true, (url =~ /service\=http%3A%2F%2Flocalhost%3A3000/) > 0
     assert_equal true, (url =~ /renew\=true/) > 0
   end
 
   def test_logout_url
-    assert_equal 'http://localhost:4567/logout?', RailsFilter.logout_url
+    assert_equal 'http://localhost:4567/logout?', Filter.logout_url(@controller)
   end  
   
   def test_logout
     @controller.session = { :cas_user => 'admin' }
-    RailsFilter.logout(@controller)
+    Filter.logout(@controller)
     assert_equal({:cas_user=>nil }, @controller.session)
   end
-  
-  def test_config
-    Casablanca::RailsFilter.config do |config|
-       config[:cas_server_url]  = "http://example.com/cas_server"
-       config[:service_url]     = "http://example.com/application"
-    end
-    # assert_equal "http://example.com/cas_server", RailsFilter.client.cas_server_url
-    # assert_equal "http://example.com/application", RailsFilter.client.service_url
-    assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Fexample.com%2Fapplication', RailsFilter.login_url       
-  end
 
   def test_filter_invalid_attempt
     service_ticket = get_service_ticket    
     params = {:ticket => 'service_ticket.ticket'}
     mock_authenticate_ticket(INVALID_REQUEST)
     @controller.params = params 
-    assert_equal false, RailsFilter.filter(@controller)
+    assert_equal false, Filter.filter(@controller)
   end
 
   def test_filter_authenticated_with_valid_ticket_from_request
@@ -53,58 +61,60 @@ class TestRailsFilter < Test::Unit::TestCase
     params = {:ticket => service_ticket.ticket}
     mock_authenticate_ticket(VALID_REQUEST)
     @controller.params = params
-    assert_equal true, RailsFilter.filter(@controller)
+    assert_equal true, Filter.filter(@controller)
     assert_equal 'admin', @controller.session[:cas_user]
   end
 
   def test_filter_already_authenticated_with_valid_ticket_from_session
     service_ticket = get_service_ticket    
     @controller.session = {:cas_user => 'admin'}
-    mock_authenticate_ticket(VALID_REQUEST)
-    assert_equal true, RailsFilter.filter(@controller)
+    assert_equal true, Filter.filter(@controller)
     assert_equal 'admin', @controller.session[:cas_user]    
   end
+  
+  def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+       config[:renew]  = true
+    end    
+    service_ticket = get_service_ticket    
+    @controller.session = {:cas_user => 'admin'}
+    assert_equal false, Filter.filter(@controller)
+    assert_equal 'admin', @controller.session[:cas_user]    
+  end  
 
-end
-
-module ActionController
-  module Base
-    def self.logger
-      @logger = ::Logger.new($stderr)
-      @logger.level = ::Logger::ERROR
-      @logger
-    end
+  def test_filter_not_authenticated
+    assert_equal false, Filter.filter(@controller)
   end
-end
 
-class Controller # < ActionController::Base
-  attr_accessor :params, :session
-  def initialize
-    @session = {}
-  end
-  
-  def request
-    Request.new
-  end
-  
-  def url_for(url)
-    url
-  end
-  
-  def redirect_to(url)
-  end
-  
-  private
-  
-  def reset_session
-    @session = {}
+  def test_filter_not_authenticated
+    assert_equal false, Filter.filter(@controller)
   end
+
 end
 
-class Request
-  def headers
-    {}
+class TestRailsGatewayFilter < TestRailsFilter
+  def setup
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+    end
+    @controller = Controller.new    
+    @controller.params = {}
+  end  
+
+  def test_filter_not_authenticated_sets_cas_gatewayed
+    # service_ticket = get_service_ticket
+    #mock_authenticate_ticket(VALID_REQUEST)
+    assert_equal false, GatewayFilter.filter(@controller)
+    assert_equal true, @controller.session[:cas_gatewayed]
   end
-  def post?
+
+  def test_filter_not_authenticated_already_tried
+    # service_ticket = get_service_ticket
+    @controller.session = {:cas_gatewayed => true}
+    #mock_authenticate_ticket(VALID_REQUEST)
+    assert_equal true, GatewayFilter.filter(@controller)
+    assert_equal nil, @controller.session[:cas_user]    
   end
+
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: casablanca
 version: !ruby/object:Gem::Version 
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors: 
-- FIX
+- Petrik de Heus
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2009-01-24 00:00:00 +01:00
+date: 2009-02-18 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,7 +22,7 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 1.8.3
     version: 
-description: Casablanca is a single sign-on client for the CAS 2.0 protocol.
+description: Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 email: 
 - FIX@example.com
 executables: 
@@ -38,16 +38,19 @@ files:
 - Manifest.txt
 - README.txt
 - Rakefile
-- init.rb
 - bin/casablanca
+- init.rb
 - lib/casablanca.rb
 - lib/casablanca/cli.rb
 - lib/casablanca/client.rb
-- lib/casablanca/filters/rails.rb
+- lib/casablanca/rails/cas_proxy_callback_controller.rb
+- lib/casablanca/rails/filter.rb
 - lib/casablanca/response_parsers.rb
+- test/mocks.rb
 - test/test_client.rb
 - test/test_helper.rb
 - test/test_parser.rb
+- test/test_rails_cas_proxy_callback_controller.rb
 - test/test_rails_filter.rb
 - test/test_ticket.rb
 has_rdoc: true
@@ -73,13 +76,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: casablanca
-rubygems_version: 1.2.0
+rubygems_version: 1.3.1
 signing_key: 
 specification_version: 2
-summary: Casablanca is a single sign-on client for the CAS 2.0 protocol.
+summary: Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 test_files: 
 - test/test_client.rb
 - test/test_helper.rb
 - test/test_parser.rb
+- test/test_rails_cas_proxy_callback_controller.rb
 - test/test_rails_filter.rb
 - test/test_ticket.rb

data/lib/casablanca/filters/rails.rb

@@ -1,88 +0,0 @@
-module Casablanca
-  class RailsFilter
-
-    class << self
-
-      ##
-      # Configure the client
-      #
-      #   Casablanca::RailsFilter.config do |config|
-      #     config[:cas_server_url]  = "http://localhost:4567"
-      #     config[:service_url]     = "http://localhost:3000"
-      #   end
-      def config
-        config = {}
-        yield config
-        @cas_server_url = config[:cas_server_url]
-        @service_url = config[:service_url]
-        @renew = config[:renew] # always renew the session
-        # set logger to rails logger
-        Client.logger = ::ActionController::Base.logger        
-      end
-      
-      def filter(controller)
-        
-        client = Client.new(:cas_server_url => @cas_server_url, :service_url => @service_url)
-        if !controller.session[:cas_user] && !controller.params[:ticket]
-          if renew?
-            logger.debug "Always require credentials for authentication"
-          else
-            logger.debug "Not authenticated yet. Ticket parameter required"
-          end
-          redirect_to_cas_login(controller, renew?)
-          return false
-        end
-        ticket = Ticket.new(controller.params[:ticket], client.service_url, controller.session[:cas_renew])
-        if client.authenticate_ticket(ticket)
-          logger.debug "Ticket authenticated"
-          controller.session[:cas_user] = ticket.user
-          controller.session[:cas_renew] = nil
-          return true
-        else          
-          logger.warn "Ticket authentication failed: #{ticket.failure_message}"
-          logout(controller)
-          logger.debug "Renew login credentials"
-          redirect_to_cas_login(controller, true)
-          return false
-        end
-      end
-
-      ##
-      # The login url of the Cas server. This page has the login form.
-      def login_url(params={})
-        client = Client.new(:cas_server_url => @cas_server_url, :service_url => @service_url)
-        client.login_url(params)
-      end
-
-      ##
-      # The logout url of the Cas server.
-      def logout_url(params={})
-        client = Client.new(:cas_server_url => @cas_server_url, :service_url => @service_url)
-        client.logout_url(params)
-      end
-      
-      ##
-      # Logs out of the Cas server.      
-      def logout(controller)
-        controller.session[:cas_user] = nil
-      end
-      
-      def logger
-        Client.logger
-      end
-      
-      private
-      
-      def redirect_to_cas_login(controller, renew)
-        controller.session[:cas_renew] = renew
-        controller.send(:redirect_to, login_url(:renew => renew))
-      end
-      
-      def renew?
-        @renew
-      end
-      
-    end
-  end
-
-end