concerto_cas_auth 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +23 -0
- data/app/controllers/concerto_cas_auth/application_controller.rb +9 -4
- data/app/views/concerto_cas_auth/omniauth_cas/_signin.html.erb +1 -1
- data/config/initializers/omniauth.rb +50 -36
- data/lib/concerto_cas_auth/engine.rb +4 -0
- data/lib/concerto_cas_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e695601f3786266ae7914bcf7f82ed91595b508
|
|
4
|
+
data.tar.gz: 2ba282b068c16cf0354005e530db401c03f1a359
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 79af688d03ce93a0dd6c4ffee8f3f49356cbe8d83a580030c91da5ee59b83f7cfbf3e1c259805db90de1e2dd12a29798344b80d15e339d1ccf52109a2a1d3c98
|
|
7
|
+
data.tar.gz: 4a9cdabdaf9653e18150fdce2fe8d2942a7066b57b6766dbfcf0338c69aced148ec2319d100383d377f27856c13a387a334718dbcfafed859a55ece7181d60ae
|
data/README.md
CHANGED
|
@@ -2,3 +2,26 @@ Concerto CAS Auth
|
|
|
2
2
|
=====================
|
|
3
3
|
|
|
4
4
|
Authenticate Concerto users through your own [CAS](http://en.wikipedia.org/wiki/Central_Authentication_Service) deployment.
|
|
5
|
+
|
|
6
|
+
Installing the plugin
|
|
7
|
+
----------------------
|
|
8
|
+
1. Log in using a system admin account in your Concerto deployment
|
|
9
|
+
2. Click on the "plugins" button on the top navigation bar under the admin section.
|
|
10
|
+
3. On the right side of the page, click on the "new plugin" button.
|
|
11
|
+
4. With RubyGems selected as the source, add the gem concerto_cas_auth in the text field.
|
|
12
|
+
5. Click save, you will now stop your Concerto web server, run the ```bundle``` command, and start your web server again.
|
|
13
|
+
6. Since the CAS plugin is not configured yet, you can log back into your Concerto accounts by visiting the ```your.concerto.url/users/sign_in``` route.
|
|
14
|
+
7. If the plugin was installed successfully, you will see a new CAS User Authentication settings tab under the "settings" page. This page can be found by clicking the "settings" button on the top navigation bar under the admin section.
|
|
15
|
+
|
|
16
|
+
Configuring the plugin
|
|
17
|
+
----------------------
|
|
18
|
+
1. Log in using a system admin account in your Concerto deployment
|
|
19
|
+
2. Click on the "settings" button on the top navigation bar under the admin section.
|
|
20
|
+
3. Click on the "CAS User Authentication" tab.
|
|
21
|
+
4. Configure the CAS URL to point towards your CAS deployment. For example, https://cas-auth.rpi.edu/cas.
|
|
22
|
+
5. The CAS uid key will be used as a unique identifier for each account. This will be returned by your CAS server upon authentication.
|
|
23
|
+
6. The CAS email key is required and will be used to access the email address returned by your CAS server upon authentication.
|
|
24
|
+
7. After saving these settings, you will need to restart your Concerto web server.
|
|
25
|
+
8. Your log in links at the top of the page should now point to your CAS authentication.
|
|
26
|
+
|
|
27
|
+
note: This plugin is essentially a wrapper around [omniauth-cas](https://github.com/dlindahl/omniauth-cas) with added logic for creating Concerto user accounts with the returned CAS information. Feel free to follow the omniauth-cas link and see a more detailed description of the configuration items.
|
|
@@ -11,7 +11,7 @@ module ConcertoCasAuth
|
|
|
11
11
|
omniauth_keys = ConcertoCasAuth::Engine.config.omniauth_keys
|
|
12
12
|
|
|
13
13
|
# Check if an identity records exists for the user attempting to sign in
|
|
14
|
-
if identity = ConcertoIdentity::Identity.
|
|
14
|
+
if identity = ConcertoIdentity::Identity.find_by_external_id(
|
|
15
15
|
cas_hash[omniauth_keys[:uid_key]])
|
|
16
16
|
# Return the matching user record
|
|
17
17
|
return identity.user
|
|
@@ -22,14 +22,19 @@ module ConcertoCasAuth
|
|
|
22
22
|
# Set user attributes
|
|
23
23
|
|
|
24
24
|
# First name is required for user validation
|
|
25
|
-
if !cas_hash[omniauth_keys[
|
|
26
|
-
user.first_name = cas_hash[omniauth_keys[
|
|
25
|
+
if !cas_hash[omniauth_keys[:first_name_key]].nil?
|
|
26
|
+
user.first_name = cas_hash[omniauth_keys[:first_name_key]]
|
|
27
27
|
else
|
|
28
28
|
user.first_name = cas_hash[omniauth_keys[:uid_key]]
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Email is required for user validation
|
|
32
|
-
|
|
32
|
+
if !cas_hash[omniauth_keys[:email_key]].nil?
|
|
33
|
+
user.email = cas_hash[omniauth_keys[:email_key]]
|
|
34
|
+
else
|
|
35
|
+
user.email = cas_hash[omniauth_keys[:uid_key]] +
|
|
36
|
+
"@" + omniauth_keys[:email_suffix].tr("@", "")
|
|
37
|
+
end
|
|
33
38
|
|
|
34
39
|
# Set user admin flag to false
|
|
35
40
|
user.is_admin = false
|
|
@@ -1 +1 @@
|
|
|
1
|
-
<%= link_to '
|
|
1
|
+
<%= link_to t('.sign_in'), root_url + 'auth/cas/' %>
|
|
@@ -1,42 +1,56 @@
|
|
|
1
|
-
|
|
2
|
-
#
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
1
|
+
if ActiveRecord::Base.connection.table_exists? 'concerto_configs'
|
|
2
|
+
# Concerto Configs are created if they don't exist already
|
|
3
|
+
# these are used to initialize and configure omniauth-cas
|
|
4
|
+
ConcertoConfig.make_concerto_config("cas_url", "https://cas.example.org/cas",
|
|
5
|
+
:value_type => "string",
|
|
6
|
+
:value_default => "https://cas.example.org/cas",
|
|
7
|
+
:category => "CAS User Authentication",
|
|
8
|
+
:seq_no => 1,
|
|
9
|
+
:description =>"Defines the url of your CAS server")
|
|
9
10
|
|
|
10
|
-
ConcertoConfig.make_concerto_config("cas_uid_key", "
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
:description =>'The CAS field name containing user login names (uid, username,email,etc)')
|
|
11
|
+
ConcertoConfig.make_concerto_config("cas_uid_key", "uid",
|
|
12
|
+
:value_type => "string",
|
|
13
|
+
:category => "CAS User Authentication",
|
|
14
|
+
:seq_no => 2,
|
|
15
|
+
:description => "CAS field name containing user login names")
|
|
16
16
|
|
|
17
|
-
ConcertoConfig.make_concerto_config("cas_email_key", "email",
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
:description =>'The CAS field name containing user email addresses (email, uid,etc)')
|
|
17
|
+
ConcertoConfig.make_concerto_config("cas_email_key", "email",
|
|
18
|
+
:value_type => "string",
|
|
19
|
+
:category => "CAS User Authentication",
|
|
20
|
+
:seq_no => 3,
|
|
21
|
+
:description => "CAS field name containing user email addresses")
|
|
23
22
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
:email_key => ConcertoConfig[:cas_email_key],
|
|
30
|
-
:callback_url => "/auth/cas/callback"
|
|
31
|
-
}
|
|
23
|
+
ConcertoConfig.make_concerto_config("cas_email_suffix", "@",
|
|
24
|
+
:value_type => "string",
|
|
25
|
+
:category => "CAS User Authentication",
|
|
26
|
+
:seq_no => 4,
|
|
27
|
+
:description => "Appends this suffix to a CAS returned user id. Leave blank if using email_key above")
|
|
32
28
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
29
|
+
ConcertoConfig.make_concerto_config("cas_first_name_key", "first_name",
|
|
30
|
+
:value_type => "string",
|
|
31
|
+
:category => "CAS User Authentication",
|
|
32
|
+
:seq_no => 5,
|
|
33
|
+
:description => "CAS field name containing first name")
|
|
34
|
+
|
|
35
|
+
# Store omniauth config values from main application's ConcertoConfig
|
|
36
|
+
omniauth_config = {
|
|
37
|
+
:host => URI.parse(ConcertoConfig[:cas_url]).host,
|
|
38
|
+
:url => ConcertoConfig[:cas_url],
|
|
39
|
+
:uid_key => ConcertoConfig[:cas_uid_key],
|
|
40
|
+
:first_name_key => ConcertoConfig[:cas_first_name_key],
|
|
41
|
+
:email_key => ConcertoConfig[:cas_email_key],
|
|
42
|
+
:email_suffix => ConcertoConfig[:cas_email_suffix],
|
|
43
|
+
:callback_url => "/auth/cas/callback"
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
# configure omniauth-cas gem based on specified yml configs
|
|
47
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
48
|
+
provider :cas, omniauth_config
|
|
49
|
+
end
|
|
37
50
|
|
|
38
|
-
# save omniauth configuration for later use in application
|
|
39
|
-
# to reference any unique identifiers for extra CAS options
|
|
40
|
-
ConcertoCasAuth::Engine.configure do
|
|
41
|
-
|
|
51
|
+
# save omniauth configuration for later use in application
|
|
52
|
+
# to reference any unique identifiers for extra CAS options
|
|
53
|
+
ConcertoCasAuth::Engine.configure do
|
|
54
|
+
config.omniauth_keys = omniauth_config
|
|
55
|
+
end
|
|
42
56
|
end
|
|
@@ -20,6 +20,10 @@ module ConcertoCasAuth
|
|
|
20
20
|
add_view_hook "ApplicationController", :signin_hook,
|
|
21
21
|
:partial => "concerto_cas_auth/omniauth_cas/signin"
|
|
22
22
|
|
|
23
|
+
# Controller hook to supply a redirect route (example: non public Concerto instances)
|
|
24
|
+
add_controller_hook "ApplicationController", :auth_plugin, :before do
|
|
25
|
+
@auth_url = "/auth/cas"
|
|
26
|
+
end
|
|
23
27
|
end
|
|
24
28
|
end
|
|
25
29
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: concerto_cas_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabe Perez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-09-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -131,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
131
131
|
version: '0'
|
|
132
132
|
requirements: []
|
|
133
133
|
rubyforge_project:
|
|
134
|
-
rubygems_version: 2.2.
|
|
134
|
+
rubygems_version: 2.2.3
|
|
135
135
|
signing_key:
|
|
136
136
|
specification_version: 4
|
|
137
137
|
summary: Provides user authentication using CAS
|