RubyGems - cassy - Versions diffs - 1.1.4 → 2.2.0 - Mend

cassy 1.1.4 → 2.2.0

Files changed (13) hide show

checksums.yaml +7 -0
data/README.md +156 -0
data/Rakefile +17 -1
data/lib/cassy/authenticators/base.rb +6 -2
data/lib/cassy/authenticators/devise.rb +13 -5
data/lib/cassy/authenticators/test.rb +8 -1
data/lib/cassy/cas.rb +109 -192
data/lib/cassy/engine.rb +3 -5
data/lib/cassy/routes.rb +4 -4
data/lib/cassy/utils.rb +1 -2
data/lib/cassy/version.rb +3 -0
metadata +156 -103
data/README.markdown +0 -70

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d02c0cb8713326b7d31872a36f9c654d0e6029f9
+  data.tar.gz: b31c080549d0595d9a442b73facffb3711e8143e
+SHA512:
+  metadata.gz: 59d9cb6a3fcf836fa1dc313bfb1673b2f575767a07736cb03486b78e3e4f111610a8cc227b18d16965d0fc6ec0f06becf8db20974d2c79d437846d2ab8b7744c
+  data.tar.gz: 5f2720661a41e3f6d43bb30cca09988e9f839b0829a5fdecdadbc884e62c9fc31e6ba97068bd50d69934a8862245b49fb22627c4404b47bea2f43ccef987b05d

data/README.md ADDED

@@ -0,0 +1,156 @@
+# Cassy
+This project is designed to be a Rails engine that uses a large portion of the code from the [rubycas-server][https://github.com/gunark/rubycas-server] project. Certain portions of this code belong to the rubycas-server project owners.
+## Installation
+This engine currently only works with Rails 3 and above. To have it work with the application you must do four things:
+1. Put this line in your project's `Gemfile`:
+```
+gem 'cassy'
+```
+2. Create a configuration file at `config/cassy.yml` and fill it with these values:
+```
+# Times are in seconds.
+maximum_unused_login_ticket_lifetime: 300
+maximum_unused_service_ticket_lifetime: 300
+authenticator:
+  class: Cassy::Authenticators::Devise
+```
+The first two keys are the time-to-expiry for the login and service tickets respectively. The class for the authentication can be any constant which responds to a `validates` method. Only Devise authentication is supported at the moment.
+3. Create a new initializer (probably called `config/initializers/cassy.rb`) and point cassy at the configuration file for your application:
+```
+Cassy::Engine.config.config_file = Rails.root + "config/cassy.yml"
+```
+4. Tell Cassy to load its routes in your application by calling `cassy` in `config/routes.rb`:
+```
+Rails.application.routes.draw do
+  cassy
+  # your routes go here
+end
+```
+Boom, done. Now this application will act as a CAS server.
+For customization options please see the "Customization" section below.
+## Configuration
+The configuration options for this gem goes into a file called `config/cassy.yml` at the root of the project if you've set it up as advised, and this allows the engine to be configured.
+These configuration options are detailed here for your convenience. For specific term definitions, please consult the CAS spec.
+* `authenticator`: Must specify at least one key, `class`, which is a string version of a constant that will be used for authentication in the system. This constant *must* respond to `validate`.
+* `maximum_unused_login_ticket_lifetime`: The time before a login ticket would expire.
+* `maximum_unused_service_ticket_lifetime`: The time before a service ticket would expire.
+* `username_field`: Defines the field on the users table which is used for the lookup for the username. Defaults to " username".
+* `username_label`: Allows for the "Username" label on the sign in page to be given a different value. Helpful if you want to call it "Email" or "User Name" instead.
+* `client_app_user_field`: Defines the field name for the username on the *client* application side.
+* `service_list`: List of services that use this server to authenticate, separated by environment.
+* `default_redirect_url`: If the requested service isn't in the service_list (or is blank) then tickets will be generated for the valid services then the user will be redirected to here. Needs to be specified per environment as per the sample below. The default_redirect_url needs to be on the same domain as (at least) one of the urls on the service_list.
+* `loosely_match_services`: If this is set to true, a request for the service http://www.something.com/something_else can be matched to the ticket for http://www.something.com.
+* `enable_single_sign_out`: If this is set to true, calling send_logout_notification on a service ticket will send a request to the service telling it to clear the associated users session. Calling destroy_and_logout_all_service_tickets on a ticket granting ticket will send a session-terminating request to each service before destroying itself.
+* `no_concurrent_sessions`: (requires enable_single_sign_out to be true) If this is true, when someone logs in, a session-terminating request is sent to each service for any old service tickets related to the current user.
+* `concurrent_session_types`:  If no_concurrent_sessions is true, concurrent_session_types can be specified so that a user can have concurrent sessions on different device types.  If enabled, override `session_type` in `SessionsController` to return the session_type (any string).
+A sample `cassy.yml` file:
+```
+maximum_unused_login_ticket_lifetime: 7200
+maximum_unused_service_ticket_lifetime: 7200
+maximum_session_lifetime: 7200
+  username_field: username
+  client_app_user_field: id
+service_list:
+  production:
+  - https://agencieshq.com/users/service
+  - https://administratorshq.agencieshq.com/users/service
+  development:
+  - http://localhost:3000/users/service
+  - http://localhost:3001/users/service
+  - http://localhost:3002/users/service
+default_redirect_url:
+  development: http://localhost:3000
+  production: http://www.something.com
+loosely_match_services: true
+authenticator:
+  class: Cassy::Authenticators::Devise
+no_concurrent_sessions: true
+concurrent_session_types: [:mobile, :desktop]
+extra_attributes:
+  - user_id
+  - user_username
+```
+## Customization
+### Sessions Controller
+In Cassy, it is possible to override the controller which is used for authentication. To do this, the controller can be configured in `config/routes.rb`:
+```
+cassy :controllers => "sessions"
+```
+By doing this, it will point at the `SessionsController` rather than the default of `Cassy::SessionsController`. This controller then should inherit from `Cassy::SessionsController` to inherit the original behaviour and will need to point to the views of Cassy:
+```
+class SessionsController < Cassy::SessionsController
+  def new
+    # custom behaviour goes here
+    super
+  end
+end
+```
+## Contributing
+### Versioning
+We use [Semantic Versioning](http://semver.org/) for our open source dependencies, and a modified version of Semantic Versioning in our internal dependencies.
+#### Open Source
+`MAJOR.MINOR.PATCH`
+**1** MAJOR version when you make incompatible API changes
+**2** MINOR version when you add functionality in a backwards-compatible manner, and
+**3** PATCH version when you make backwards-compatible bug fixes.
+#### Internal
+**1** MAJOR version when major changes are made.
+**2** MINOR version when you make incompatible API changes
+**3** PATCH version when you make any backwards-compatible change.
+### Releasing
+#### Prerequisites
+- Gemfury CLI installed
+- Gemfury Credentials from 1Password
+#### Instructions
+**1.** Update `lib/{gem_name}/version.rb` according to the versioning rules above.
+**2.** Create a Pull Request with the version change to the repository.
+**3.** Once the pull request is merged, run `gem build {gem_name}.gemspec`
+**4.** Run `fury push {gem_name}_{version}.gem`.

data/Rakefile CHANGED

@@ -5,9 +5,25 @@ rescue LoadError
   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
 end
+# load rspec so we can set up the environment correctly using spec_helper
 require 'rspec/core/rake_task'
+require_relative './spec/spec_helper.rb'
 RSpec::Core::RakeTask.new(:spec)
 Bundler::GemHelper.install_tasks
-task :default => :spec
+# load our dummy app so we have access to rails rake tasks such as db:create and db:migrate
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+begin
+  load 'rails/tasks/engine.rake'
+rescue LoadError
+  # for Rails 3.0.x we need to load the Rakefile directly, as the engine rake task doesn't exist
+  load APP_RAKEFILE
+end
+task(:default).clear
+task :default => [
+  'db:create',
+  'db:migrate',
+  'spec'
+]

data/lib/cassy/authenticators/base.rb CHANGED

@@ -5,6 +5,7 @@ module Cassy
         attr_accessor :options
         attr_reader :username # make this accessible so that we can pick up any
                               # transformations done within the authenticator
+        attr_accessor :client_app_user_field
       end
       # This is called at server startup.
@@ -18,6 +19,9 @@ module Cassy
         raise NotImplementedError
       end
+      def self.find_user_from_ticket(ticket)
+        raise NotImplementedError
+      end
       # This is called prior to #validate (i.e. each time the user tries to log in).
       # Any per-instance initialization for the authenticator should be done here.
       #
@@ -60,8 +64,8 @@ module Cassy
       def self.read_standard_credentials(credentials)
         @username = credentials[:username]
         @password = credentials[:password]
-        @service = credentials[:service]
-        @request = credentials[:request]
+        @service  = credentials[:service]
+        @request  = credentials[:request]
       end
       def extra_attributes_to_extract

data/lib/cassy/authenticators/devise.rb CHANGED

@@ -1,18 +1,26 @@
 module Cassy
   module Authenticators
     class Devise < Base
       def self.find_user(credentials)
         # Find the user with the given email
         method = "find_by_#{Cassy.config[:username_field] || 'email'}"
         User.send(method, credentials[:username])
       end
+      def self.find_user_from_ticket(ticket)
+        return if ticket.nil?
+        key  = Cassy.config[:client_app_user_field] || Cassy.config[:username_field] || "email"
+        method = "find_by_#{key}"
+        username = Cassy.config[:concurrent_session_types] ? Cassy.config[:concurrent_session_types].each{ |cst| break ticket.username.rpartition("-#{cst}").first if ticket.username.match("-#{cst}") } : ticket.username
+        User.send(method, username)
+      end
       def self.validate(credentials)
         user = find_user(credentials)
-        # Did we find a user, and is their password valid?
-        user && user.valid_password?(credentials[:password])
+        # Did we find a user, are they active? and is their password valid?
+        user && user.active_for_authentication? && user.valid_password?(credentials[:password])
       end
     end
   end
-end
+end

data/lib/cassy/authenticators/test.rb CHANGED

@@ -15,13 +15,20 @@ class Cassy::Authenticators::Test < Cassy::Authenticators::Base
     return @password == valid_password
   end
   def self.find_user(*args)
     # To stop NotImplementedError raising
     @user = Object.new
     def @user.full_name
       "Example User"
     end
+    def @user.username
+      "Users Username"
+    end
     @user
   end
+  class << self
+    alias_method :find_user_from_ticket, :find_user
+  end
 end

data/lib/cassy/cas.rb CHANGED

@@ -9,19 +9,6 @@ require 'cassy/utils'
 module Cassy
   module CAS
-    class Error
-      attr_reader :code, :message
-      def initialize(code, message)
-        @code = code
-        @message = message
-      end
-      def to_s
-        message
-      end
-    end
     def settings
       Cassy.config
     end
@@ -37,35 +24,15 @@ module Cassy
       lt
     end
-    # Creates a TicketGrantingTicket for the given username. This is done when the user logs in
-    # for the first time to establish their SSO session (after their credentials have been validated).
-    #
-    # The optional 'extra_attributes' parameter takes a hash of additional attributes
-    # that will be sent along with the username in the CAS response to subsequent
-    # validation requests from clients.
-    def generate_ticket_granting_ticket(username, extra_attributes={})
-      # 3.6 (ticket granting cookie/ticket)
-      tgt = Cassy::TicketGrantingTicket.new
-      tgt.ticket = "TGC-" + Cassy::Utils.random_string
-      tgt.username = username
-      tgt.extra_attributes = extra_attributes
-      tgt.client_hostname = env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']
-      tgt.save!
-      tgt
+    def find_or_generate_service_tickets(username, tgt, hostname)
+      @service_tickets={}
+      valid_services.each do |service|
+        @service_tickets[service] = Cassy::ServiceTicket.find_or_generate(service, username, tgt, hostname)
+      end
     end
-    def generate_service_ticket(service, username, tgt)
-      # 3.1 (service ticket)
-      st = ServiceTicket.new
-      st.ticket = "ST-" + Cassy::Utils.random_string
-      st.service = service
-      st.username = username
-      st.granted_by_tgt_id = tgt.id
-      st.client_hostname = env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']
-      st.save!
-      logger.debug("Generated service ticket '#{st.ticket}' for service '#{st.service}'" +
-        " for user '#{st.username}' at '#{st.client_hostname}'")
-      st
+    def valid_services
+      @valid_services || settings[:service_list][Rails.env]
     end
     def generate_proxy_ticket(target_service, pgt)
@@ -99,7 +66,7 @@ module Cassy
       https.start do |conn|
         path = uri.path.empty? ? '/' : uri.path
         path += '?' + uri.query unless (uri.query.nil? || uri.query.empty?)
         pgt = ProxyGrantingTicket.new
         pgt.ticket = "PGT-" + Cassy::Utils.random_string(60)
         pgt.iou = "PGTIOU-" + Cassy::Utils.random_string(57)
@@ -114,7 +81,7 @@ module Cassy
         response = conn.request_get(path)
         # TODO: follow redirects... 2.5.4 says that redirects MAY be followed
         # NOTE: The following response codes are valid according to the JA-SIG implementation even without following redirects
         if %w(200 202 301 302 304).include?(response.code)
           # 3.4 (proxy-granting ticket IOU)
           pgt.save!
@@ -127,162 +94,12 @@ module Cassy
       end
     end
-    def validate_login_ticket(ticket)
-      logger.debug("Validating login ticket '#{ticket}'")
-      success = false
-      if ticket.nil?
-        error = "Your login request did not include a login ticket. There may be a problem with the authentication system."
-        logger.warn "Missing login ticket."
-      elsif lt = LoginTicket.find_by_ticket(ticket)
-        if lt.consumed?
-          error = "The login ticket you provided has already been used up. Please try logging in again."
-          logger.warn "Login ticket '#{ticket}' previously used up"
-        elsif Time.now - lt.created_on < settings[:maximum_unused_login_ticket_lifetime]
-          logger.info "Login ticket '#{ticket}' successfully validated"
-        else
-          error = "You took too long to enter your credentials. Please try again."
-          logger.warn "Expired login ticket '#{ticket}'"
-        end
-      else
-        error = "The login ticket you provided is invalid. There may be a problem with the authentication system."
-        logger.warn "Invalid login ticket '#{ticket}'"
-      end
-      lt.consume! if lt && !error.blank?
-      error
-    end
-    def validate_ticket_granting_ticket(ticket)
-      logger.debug("Validating ticket granting ticket '#{ticket}'")
-      if ticket.nil?
-        error = "No ticket granting ticket given."
-        logger.debug error
-      elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
-        if settings[:maximum_session_lifetime] && Time.now - tgt.created_on > settings[:maximum_session_lifetime]
-  	tgt.destroy
-          error = "Your session has expired. Please log in again."
-          logger.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired."
-        else
-          logger.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated."
-        end
-      else
-        error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
-        logger.warn(error)
-      end
-      [tgt, error]
-    end
-    def validate_service_ticket(service, ticket, allow_proxy_tickets = false)
-      logger.debug "Validating service/proxy ticket '#{ticket}' for service '#{service}'"
-      if service.nil? or ticket.nil?
-        error = Error.new(:INVALID_REQUEST, "Ticket or service parameter was missing in the request.")
-        logger.warn "#{error.code} - #{error.message}"
-      elsif st = ServiceTicket.find_by_ticket(ticket)
-        if st.consumed?
-          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has already been used up.")
-          logger.warn "#{error.code} - #{error.message}"
-        elsif st.kind_of?(Cassy::ProxyTicket) && !allow_proxy_tickets
-          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' is a proxy ticket, but only service tickets are allowed here.")
-          logger.warn "#{error.code} - #{error.message}"
-        elsif Time.now - st.created_on > settings[:maximum_unused_service_ticket_lifetime]
-          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has expired.")
-          logger.warn "Ticket '#{ticket}' has expired."
-        elsif !st.matches_service? service
-          error = Error.new(:INVALID_SERVICE, "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
-            " but the requested service '#{service}' does not match the service '#{st.service}' associated with this ticket.")
-          logger.warn "#{error.code} - #{error.message}"
-        else
-          logger.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
-        end
-      else
-        error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' not recognized.")
-        logger.warn("#{error.code} - #{error.message}")
-      end
-      if st
-        st.consume!
-      end
-      [st, error]
-    end
-    def validate_proxy_ticket(service, ticket)
-      pt, error = validate_service_ticket(service, ticket, true)
-      if pt.kind_of?(Cassy::ProxyTicket) && !error
-        if not pt.granted_by_pgt
-          error = Error.new(:INTERNAL_ERROR, "Proxy ticket '#{pt}' belonging to user '#{pt.username}' is not associated with a proxy granting ticket.")
-        elsif not pt.granted_by_pgt.service_ticket
-          error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{pt.granted_by_pgt}'"+
-            " (associated with proxy ticket '#{pt}' and belonging to user '#{pt.username}' is not associated with a service ticket.")
-        end
-      end
-      [pt, error]
-    end
-    def validate_proxy_granting_ticket(ticket)
-      if ticket.nil?
-        error = Error.new(:INVALID_REQUEST, "pgt parameter was missing in the request.")
-        logger.warn("#{error.code} - #{error.message}")
-      elsif pgt = ProxyGrantingTicket.find_by_ticket(ticket)
-        if pgt.service_ticket
-          logger.info("Proxy granting ticket '#{ticket}' belonging to user '#{pgt.service_ticket.username}' successfully validated.")
-        else
-          error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{ticket}' is not associated with a service ticket.")
-          logger.error("#{error.code} - #{error.message}")
-        end
-      else
-        error = Error.new(:BAD_PGT, "Invalid proxy granting ticket '#{ticket}' (no matching ticket found in the database).")
-        logger.warn("#{error.code} - #{error.message}")
-      end
-      [pgt, error]
-    end
-    # Takes an existing ServiceTicket object (presumably pulled from the database)
-    # and sends a POST with logout information to the service that the ticket
-    # was generated for.
-    #
-    # This makes possible the "single sign-out" functionality added in CAS 3.1.
-    # See http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
-    def send_logout_notification_for_service_ticket(st)
-      uri = URI.parse(st.service)
-      uri.path = '/' if uri.path.empty?
-      time = Time.now
-      rand = Cassy::Utils.random_string
-      begin
-        response = Net::HTTP.post_form(uri, {'logoutRequest' => URI.escape(%{<samlp:LogoutRequest ID="#{rand}" Version="2.0" IssueInstant="#{time.rfc2822}">
-          <saml:NameID></saml:NameID>
-          <samlp:SessionIndex>#{st.ticket}</samlp:SessionIndex>
-          </samlp:LogoutRequest>})})
-        if response.kind_of? Net::HTTPSuccess
-          logger.info "Logout notification successfully posted to #{st.service.inspect}."
-          return true
-        else
-          logger.error "Service #{st.service.inspect} responed to logout notification with code '#{response.code}'!"
-          return false
-        end
-      rescue Exception => e
-        logger.error "Failed to send logout notification to service #{st.service.inspect} due to #{e}"
-        return false
-      end
-    end
     def service_uri_with_ticket(service, st)
       raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? Cassy::ServiceTicket
       # This will choke with a URI::InvalidURIError if service URI is not properly URI-escaped...
       # This exception is handled further upstream (i.e. in the controller).
       service_uri = URI.parse(service)
       if service.include? "?"
         if service_uri.query.empty?
           query_separator = ""
@@ -325,5 +142,105 @@ module Cassy
     end
     module_function :clean_service_url
+    def base_service_url(full_service_url)
+      # strips a url back to the domain part only
+      # so that a service ticket can work for all urls on a given domain
+      # eg http://www.something.com/something_else
+      # is stripped back to
+      # http://www.something.com
+      # expects it to be in 'http://x' form
+      return unless full_service_url
+      match = full_service_url.match(/(http(s?):\/\/[a-z0-9\.:]*)/)
+      match && match[0]
+    end
+    module_function :base_service_url
+    def detect_ticketing_service(service)
+      # try to find the service in the valid_services list
+      # if loosely_matched_services is true, try to match the base url of the service to one in the valid_services list
+      # if still no luck, check if there is a default_redirect_url that we can use
+      @service||= service
+      @ticketing_service||= valid_services.detect{|s| s == @service } ||
+        (settings[:loosely_match_services] == true && valid_services.detect{|s| base_service_url(s) == base_service_url(@service)})
+      if !@ticketing_service && settings[:default_redirect_url]
+        @default_redirect_url||= settings[:default_redirect_url][Rails.env]
+        @ticketing_service = @default_redirect_url
+      end
+      @username||= params[:username].try(:strip)
+      @password||= params[:password]
+      @lt||= params['lt']
+    end
+    module_function :detect_ticketing_service
+    def cas_login(session_type = nil)
+      if valid_credentials?
+        username = ticket_username
+        username = "#{username}-#{session_type}" if Cassy.config[:concurrent_session_types]
+        @tgt||= Cassy::TicketGrantingTicket.generate(username, @extra_attributes, @hostname)
+        @existing_ticket_for_service = @tgt.granted_service_tickets.where(:service => @service).where("created_on > ?", Time.now - Cassy.config[:maximum_session_lifetime]).where("consumed IS NOT NULL").first
+        response.set_cookie('tgt', @tgt.to_s)
+        if @ticketing_service
+          find_or_generate_service_tickets(username, @tgt, @hostname)
+          @st = @service_tickets[@ticketing_service]
+          @service_with_ticket = @service && @st ? service_uri_with_ticket(@service, @st) : @default_redirect_url
+        end
+        # if there is an existing ticket for the service that redirected to cassy,
+        # then the session isn't valid on the serviced app and we don't want to redirect to it.
+        # Returning false here will fail the cas_login and the controller will see the instance variable and redirect to logout.
+        !@existing_ticket_for_service
+      else
+        false
+      end
+    end
+    module_function :cas_login
+    # Initializes authenticator, returns true / false depending on if user credentials are accurate
+    def valid_credentials?
+      detect_ticketing_service(params[:service])
+      @extra_attributes = {}
+      # Should probably be moved out of the request cycle and into an after init hook on the engine
+      credentials = { :username => @username,
+                      :password => @password,
+                      :service  => @service,
+                      :request  => @env
+                    }
+      @user = authenticator.find_user(credentials) || authenticator.find_user_from_ticket(@tgt)
+      valid = ((@user == @ticketed_user) || authenticator.validate(credentials)) && !!@user
+      if valid && @user
+        authenticator.extra_attributes_to_extract.each do |attr|
+          @extra_attributes[attr] = @user.send(attr)
+        end
+      end
+      return valid
+    end
+    module_function :valid_credentials?
+    protected
+    def ticket_username
+      # Store this into someticket.username
+      # It will get used to find users in client apps
+      user = @user || @ticketed_user
+      @cas_client_username = user.send(settings["client_app_user_field"]) if settings["client_app_user_field"].present? && !!user
+      @cas_client_username || @username
+    end
+    def ticketed_user(ticket)
+      # Find the SSO's instance of the user
+      @ticketed_user ||= authenticator.find_user_from_ticket(ticket) unless !ticket
+    end
+    def authenticator
+      unless @authenticator
+        auth_settings = Cassy.config["authenticator"]
+        @authenticator ||= auth_settings["class"].constantize
+        @authenticator.configure(auth_settings)
+      end
+      @authenticator
+    end
   end
 end

data/lib/cassy/engine.rb CHANGED

@@ -1,10 +1,8 @@
 module Cassy
   class Engine < Rails::Engine
-    config.config_file = ENV["RUBYCAS_CONFIG_FILE"] || "/etc/rubycas-server/config.yml"
-    config.after_initialize do
-      config.configuration = HashWithIndifferentAccess.new(YAML.load_file(config.config_file))
+    config.config_file = ENV["RUBYCAS_CONFIG_FILE"]
+    config.after_initialize do
+      config.configuration = HashWithIndifferentAccess.new(YAML.load(ERB.new(File.read(config.config_file)).result))
     end
   end
 end

data/lib/cassy/routes.rb CHANGED

@@ -4,15 +4,15 @@ module ActionDispatch::Routing
       options[:controllers] ||= HashWithIndifferentAccess.new
       options[:controllers][:sessions] ||= "cassy/sessions"
       scope(:path => "cas") do
-        root :to => "#{options[:controllers][:sessions]}#new"
+        mount Cassy::API => '/api'
         get 'login', :to => "#{options[:controllers][:sessions]}#new"
         post 'login', :to => "#{options[:controllers][:sessions]}#create"
         get 'logout', :to => "#{options[:controllers][:sessions]}#destroy"
         get 'serviceValidate', :to => "#{options[:controllers][:sessions]}#service_validate"
         get 'proxyValidate',   :to => "#{options[:controllers][:sessions]}#proxy_validate"
       end
     end
   end
-end
+end

data/lib/cassy/utils.rb CHANGED

@@ -1,5 +1,4 @@
-require 'crypt-isaac'
+require 'crypt/isaac'
 # Misc utility function used throughout by the RubyCAS-Server.
 module Cassy
   module Utils

data/lib/cassy/version.rb ADDED

@@ -0,0 +1,3 @@
+module Cassy
+  VERSION = "2.2.0"
+end

metadata CHANGED

@@ -1,161 +1,214 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: cassy
-version: !ruby/object:Gem::Version
-  prerelease:
-  version: 1.1.4
+version: !ruby/object:Gem::Version
+  version: 2.2.0
 platform: ruby
-authors:
-- ryan@rubyx.com
+authors:
+- ryan bigg
+- geoff@reinteractive.net
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-08-24 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2017-06-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: crypt-isaac
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
   name: rails
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - "="
-      - !ruby/object:Gem::Version
-        version: 3.0.7
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.9
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
   type: :runtime
   prerelease: false
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+- !ruby/object:Gem::Dependency
+  name: grape-entity
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 2.6.0
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.0
   type: :development
   prerelease: false
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+- !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &id004 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: "1.0"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
   prerelease: false
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
   name: database_cleaner
-  requirement: &id005 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &id006 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: launchy
-  requirement: &id007 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: devise
-  requirement: &id008 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: "1.3"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.4
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id008
-description: An engine that provides a CAS server to the application it's included within.
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An engine that provides a CAS server to the application it's included
+  within.
 email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/cassy.rb
+- lib/cassy/authenticators.rb
 - lib/cassy/authenticators/base.rb
 - lib/cassy/authenticators/devise.rb
 - lib/cassy/authenticators/test.rb
-- lib/cassy/authenticators.rb
 - lib/cassy/cas.rb
 - lib/cassy/engine.rb
 - lib/cassy/generators/views_generator.rb
 - lib/cassy/models.rb
 - lib/cassy/routes.rb
 - lib/cassy/utils.rb
-- lib/cassy.rb
+- lib/cassy/version.rb
 - lib/tasks/cassy_tasks.rake
-- MIT-LICENSE
-- Rakefile
-- README.markdown
 homepage:
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 68583265356027286
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 68583265356027286
-      segments:
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.8
+rubygems_version: 2.6.4
 signing_key:
-specification_version: 3
-summary: Insert Cassy summary.
+specification_version: 4
+summary: Cassy is a rails CAS engine
 test_files: []

data/README.markdown DELETED

@@ -1,70 +0,0 @@
-# Cassy
-This project is designed to be a Rails 3.0 engine that uses a large portion of the code from the [rubycas-server][https://github.com/gunark/rubycas-server] project. Certain portions of this code belong to the rubycas-server project owners.
-## Installation
-This engine currently only works with Rails 3.0. To have it work with the application you must do three things:
-**Install as a gem**
-Put this line in your project's `Gemfile`:
-    gem 'cassy'
-Create a new initializer (probably called `config/initializers/cassy.rb`) and point cassy at the correct configuration file of your application:
-    Cassy::Engine.config.config_file = Rails.root + "config/cassy.yml"
-Create this configuration file at `config/cassy.yml`. Fill it with these values:
-    # Times are in seconds.
-    maximum_unused_login_ticket_lifetime: 300
-    maximum_unused_service_ticket_lifetime: 300
-    authenticator:
-      class: Cassy::Authenticators::Devise
-The first two keys are the time-to-expiry for the login and service tickets respectively. The class for the authentication can be any constant which responds to a `validates` method. By default, only Devise authentication is supported at the moment.
-Next, you will need to tell Cassy to load its routes in your application which you can do by calling `cassy` in `config/routes.rb`:
-    Rails.application.routes.draw do
-      cassy
-      # your routes go here
-    end
-Boom, done. Now this application will act as a CAS server.
-For customization options please see the "Customization" section below.
-## Configuration
-The configuration options for this gem goes into a file called `config/cassy.yml` at the root of the project if you've set it up as advised, and this allows the engine to be configured.
-These configuration options are detailed here for your convenience. For specific term definitions, please consult the CAS spec.
-`authenticator`: Must specify at least one key, `class`, which is a string version of a constant that will be used for authentication in the system. This constant *must* respond to `validate`.
-`maximum_unused_login_ticket_lifetime`: The time before a login ticket would expire.
-`maximum_unused_service_ticket_lifetime`: The time before a service ticket would expire.
-`username_field`: Defines the field on the users table which is used for the lookup for the username. Defaults to "username".
-`username_label`: Allows for the "Username" label on the sign in page to be given a different value. Helpful if you want to call it "Email" or "User Name" instead.
-## Customization
-### Sessions Controller
-In Cassy, it is possible to override the controller which is used for authentication. To do this, the controller can be configured in `config/routes.rb`:
-    cassy :controllers => "sessions"
-By doing this, it will point at the `SessionsController` rather than the default of `Cassy::SessionsController`. This controller then should inherit from `Cassy::SessionsController` to inherit the original behaviour and will need to point to the views of Cassy:
-    class SessionsController < Cassy::SessionsController
-      def new
-        # custom behaviour goes here
-        super
-      end