devise_bushido_authenticatable 1.0.0.alpha10

data/lib/devise_cas_authenticatable/strategy.rb

@@ -0,0 +1,49 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class CasAuthenticatable < Base
+      # True if the mapping supports authenticate_with_cas_ticket.
+      def valid?
+        mapping.to.respond_to?(:authenticate_with_cas_ticket) && params[:ticket]
+      end
+      
+      # Try to authenticate a user using the CAS ticket passed in params.
+      # If the ticket is valid and the model's authenticate_with_cas_ticket method
+      # returns a user, then return success.  If the ticket is invalid, then either
+      # fail (if we're just returning from the CAS server, based on the referrer)
+      # or attempt to redirect to the CAS server's login URL.
+      def authenticate!
+        ticket = read_ticket(params)
+        if ticket
+          if resource = mapping.to.authenticate_with_cas_ticket(ticket)
+            success!(resource)
+          elsif ticket.is_valid?
+            redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => ticket.response.user)
+            #fail!("The user #{ticket.response.user} is not registered with this site.  Please use a different account.")
+          else
+            fail!(:invalid)
+          end
+        else
+          fail!(:invalid)
+        end
+      end
+      
+      protected
+      
+      def read_ticket(params)
+        ticket = params[:ticket]
+        return nil unless ticket
+        
+        service_url = ::Devise.cas_service_url(request.url, mapping)
+        if ticket =~ /^PT-/
+          ::CASClient::ProxyTicket.new(ticket, service_url, params[:renew])
+        else
+          ::CASClient::ServiceTicket.new(ticket, service_url, params[:renew])
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:cas_authenticatable, Devise::Strategies::CasAuthenticatable)

data/lib/devise_cas_authenticatable.rb

@@ -0,0 +1,93 @@
+require 'devise'
+
+require 'devise_cas_authenticatable/schema'
+require 'devise_cas_authenticatable/routes'
+require 'devise_cas_authenticatable/strategy'
+require 'devise_cas_authenticatable/exceptions'
+
+require 'rubycas-client'
+
+# Register as a Rails engine if Rails::Engine exists
+begin
+  Rails::Engine
+rescue
+else
+  module DeviseCasAuthenticatable
+    class Engine < Rails::Engine
+    end
+  end
+end
+
+module Devise
+  # The base URL of the CAS server.  For example, http://cas.example.com.  Specifying this
+  # is mandatory.
+  @@cas_base_url = nil
+
+  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+  @@cas_login_url = nil
+
+  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+  @@cas_logout_url = nil
+
+  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
+  @@cas_validate_url = nil
+
+  # Should devise_cas_authenticatable attempt to create new user records for
+  # unknown usernames?  True by default.
+  @@cas_create_user = true
+
+  # The model attribute used for query conditions. Should be the same as
+  # the rubycas-server username_column. :username by default
+  @@cas_username_column = :username
+
+  # Name of the parameter passed in the logout query
+  @@cas_destination_logout_param_name = nil
+
+  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column
+
+  def self.cas_create_user?
+    cas_create_user
+  end
+
+  # Return a CASClient::Client instance based on configuration parameters.
+  def self.cas_client
+    @@cas_client ||= CASClient::Client.new(
+        :cas_destination_logout_param_name => @@cas_destination_logout_param_name,
+        :cas_base_url => @@cas_base_url,
+        :login_url => @@cas_login_url,
+        :logout_url => @@cas_logout_url,
+        :validate_url => @@cas_validate_url
+      )
+  end
+
+  def self.cas_service_url(base_url, mapping)
+    cas_action_url(base_url, mapping, "service")
+  end
+
+  def self.cas_unregistered_url(base_url, mapping)
+    cas_action_url(base_url, mapping, "unregistered")
+  end
+
+  private
+  def self.cas_action_url(base_url, mapping, action)
+    u = URI.parse(base_url)
+    u.query = nil
+    u.path = if mapping.respond_to?(:fullpath)
+        mapping.fullpath
+      else
+        mapping.raw_path
+      end
+    u.path << "/"
+    u.path << action
+    u.to_s
+
+    return u.to_s
+  end
+
+end
+
+Devise.add_module(:cas_authenticatable,
+  :strategy => true,
+  :controller => :cas_sessions,
+  :route => :cas_authenticatable,
+  :model => 'devise_cas_authenticatable/model')

data/rails/init.rb

@@ -0,0 +1 @@
+require "devise_cas_authenticatable"

data/spec/routes_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe Devise::CasSessionsController do
+  include RSpec::Rails::ControllerExampleGroup
+  
+  it { should route(:get, "/users/service").to(:action => "service") }
+  it { should route(:get, "/users/sign_in").to(:action => "new") }
+  it { should route(:post, "/users/sign_in").to(:action => "create") }
+  it { should route(:get, "/users/sign_out").to(:action => "destroy") }
+  it { should route(:get, "/users/unregistered").to(:action => "unregistered") }
+  
+  it "should have the right route names" do
+    controller.should respond_to("user_service_path", "new_user_session_path", "user_session_path", "destroy_user_session_path")
+    controller.user_service_path.should == "/users/service"
+    controller.new_user_session_path.should == "/users/sign_in"
+    controller.user_session_path.should == "/users/sign_in"
+    controller.destroy_user_session_path.should == "/users/sign_out"
+    controller.unregistered_user_session_path.should == "/users/unregistered"
+  end
+end

data/spec/scenario/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+db/*.sqlite3
+log/*.log
+tmp/**/*

data/spec/scenario/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/scenario/app/controllers/home_controller.rb

@@ -0,0 +1,7 @@
+class HomeController < ApplicationController
+  before_filter :authenticate_user!
+  
+  def index
+    head(:ok)
+  end
+end

data/spec/scenario/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  devise :cas_authenticatable, :rememberable
+end

data/spec/scenario/app/views/layouts/application.html.erb

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Scenario</title>
+  <%= stylesheet_link_tag :all %>
+  <%= javascript_include_tag :defaults %>
+  <%= csrf_meta_tag %>
+</head>
+<body>
+  
+  <p class="alert"><%= alert %></p>
+  <p class="notice"><%= notice %></p>
+
+  <%= yield %>
+
+</body>
+</html>

data/spec/scenario/config/application.rb

@@ -0,0 +1,38 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(:default, Rails.env) if defined?(Bundler)
+
+require 'castronaut'
+class TestAdapter
+  def self.reset_valid_users!
+    @@valid_users = {
+      "joeuser" => "joepassword"
+    }
+  end
+  reset_valid_users!
+
+  def self.register_valid_user(username, password)
+    @@valid_users[username] = password
+  end
+  
+  def self.authenticate(username, password)
+    error_message = if @@valid_users[username] == password
+      nil
+    else
+      "Invalid password"
+    end
+    
+    Castronaut::AuthenticationResult.new(username, error_message)
+  end  
+end
+
+Castronaut::Adapters.register("test_adapter", TestAdapter)
+Castronaut.config = Castronaut::Configuration.load(File.expand_path(File.join(File.dirname(__FILE__), "castronaut.yml")))
+
+module Scenario
+  class Application < Rails::Application
+    config.active_support.deprecation = :stderr
+  end
+end

data/spec/scenario/config/boot.rb

@@ -0,0 +1,13 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+gemfile = File.expand_path('../../Gemfile', __FILE__)
+begin
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+rescue Bundler::GemNotFound => e
+  STDERR.puts e.message
+  STDERR.puts "Try running `bundle install`."
+  exit!
+end if File.exist?(gemfile)

data/spec/scenario/config/castronaut.yml

@@ -0,0 +1,32 @@
+organization_name: Foo Bar Baz Industries, LLC Inc. A division of Holdings Co.
+
+environment: development
+# The port the CAS webserver will start on
+server_port: 4567
+
+log_directory: log
+
+log_level: Logger::DEBUG
+
+ssl_enabled: false
+
+cas_database:
+  adapter: sqlite3
+  database: db/cas.sqlite3
+  timeout: 5000
+
+cas_adapter:
+  adapter: test_adapter
+
+# Use this example if you are using LDAP as your authentication source
+# cas_adapter:
+#   adapter: ldap
+#   host: localhost
+#   port: 389
+#   prefix: cn=
+#   base: dc=example, dc=com
+
+# Uncomment these to enable authentication callbacks
+# callbacks:
+#  on_authentication_success: http://example.com/authentication/success
+#  on_authentication_failed: http://example.com/authentication/failed

data/spec/scenario/config/database.yml

@@ -0,0 +1,22 @@
+# SQLite version 3.x
+#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/scenario/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Scenario::Application.initialize!

data/spec/scenario/config/environments/development.rb

@@ -0,0 +1,26 @@
+Scenario::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+end
+

data/spec/scenario/config/environments/production.rb

@@ -0,0 +1,49 @@
+Scenario::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Specifies the header that your server uses for sending files
+  config.action_dispatch.x_sendfile_header = "X-Sendfile"
+
+  # For nginx:
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
+
+  # If you have no front-end server that supports something like X-Sendfile,
+  # just comment this out and Rails will serve the files
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+end

data/spec/scenario/config/environments/test.rb

@@ -0,0 +1,35 @@
+Scenario::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/scenario/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/scenario/config/initializers/devise.rb

@@ -0,0 +1,3 @@
+Devise.setup do |config|
+  require "devise/orm/active_record"
+end

data/spec/scenario/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/spec/scenario/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/scenario/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Scenario::Application.config.secret_token = '70d2ec936ec5a91e883a9dc74bfeadd5a96cc242d3fd0857aa0151112ac71721475e01ae788e5c976a09ab62dd20240678cdc393c37cb777e872e59ea74adaad'

data/spec/scenario/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Scenario::Application.config.session_store :cookie_store, :key => '_scenario_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# Scenario::Application.config.session_store :active_record_store

data/spec/scenario/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/scenario/config/routes.rb

@@ -0,0 +1,8 @@
+require 'castronaut/application'
+Castronaut::Application.set(:path, "/cas_server")
+
+Scenario::Application.routes.draw do
+  devise_for :users
+  mount Castronaut::Application, :at => "/cas_server"
+  root :to => "home#index"
+end

data/spec/scenario/config/rubycas-server.yml

@@ -0,0 +1,13 @@
+url_path: /cas_server
+
+log:
+    level: DEBUG
+   
+database:
+    adapter: sqlite3
+    database: db/cas.sqlite3
+    pool: 5
+    timeout: 5000
+       
+authenticator:
+    class: TestAuthenticator

data/spec/scenario/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Scenario::Application

data/spec/scenario/db/migrate/20100401102949_create_tables.rb

@@ -0,0 +1,14 @@
+class CreateTables < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.cas_authenticatable
+      t.rememberable
+      t.string :email
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+ENV["RAILS_ENV"] = "test"
+$:.unshift File.dirname(__FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+
+require "scenario/config/environment"
+require "rails/test_help"
+require 'rspec/rails'
+require 'sham_rack'
+require 'capybara/rspec'
+
+RSpec.configure do |config| 
+  config.mock_with :mocha 
+end
+
+ShamRack.at('www.example.com') do |env|
+  request = Rack::Request.new(env)
+  request.path_info = request.path_info.sub(/^\/cas_server/, '')
+  
+  Castronaut::Application.call(request.env)
+end
+
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }

data/spec/strategy_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helper'
+
+describe Devise::Strategies::CasAuthenticatable, :type => "acceptance" do
+  include RSpec::Rails::RequestExampleGroup
+  
+  before do    
+    Devise.cas_base_url = "http://www.example.com/cas_server"
+    TestAdapter.reset_valid_users!
+
+    User.delete_all
+    User.create! do |u|
+      u.username = "joeuser"
+    end
+  end
+  
+  after do
+    visit destroy_user_session_url
+  end
+  
+  def cas_login_url
+    @cas_login_url ||= begin
+      uri = URI.parse(Devise.cas_base_url + "/login")
+      uri.query = Rack::Utils.build_nested_query(:service => user_service_url)
+      uri.to_s
+    end
+  end
+  
+  def cas_logout_url
+    @cas_logout_url ||= Devise.cas_base_url + "/logout"
+  end
+  
+  def sign_into_cas(username, password)
+    visit root_url
+    current_url.should == cas_login_url
+    fill_in "Username", :with => username
+    fill_in "Password", :with => password
+    click_on "Login"
+  end
+  
+  describe "GET /protected/resource" do
+    before { get '/' }
+
+    it 'should redirect to sign-in' do
+      response.should be_redirect
+      response.should redirect_to(new_user_session_url)
+    end
+  end
+  
+  describe "GET /users/sign_in" do
+    before { get new_user_session_url }
+    
+    it 'should redirect to CAS server' do
+      response.should be_redirect
+      response.should redirect_to(cas_login_url)
+    end
+  end
+  
+  it "should sign in with valid user" do
+    sign_into_cas "joeuser", "joepassword"
+    current_url.should == root_url
+  end
+  
+  it "should fail to sign in with an invalid user" do
+    sign_into_cas "invaliduser", "invalidpassword"
+    current_url.should_not == root_url
+  end
+  
+  it "should register new CAS users if set up to do so" do
+    User.count.should == 1
+    TestAdapter.register_valid_user("newuser", "newpassword")
+    Devise.cas_create_user = true
+    sign_into_cas "newuser", "newpassword"
+    
+    current_url.should == root_url
+    User.count.should == 2
+    User.find_by_username("newuser").should_not be_nil
+  end
+  
+  it "should fail CAS login if user is unregistered and cas_create_user is false" do
+    User.count.should == 1
+    TestAdapter.register_valid_user("newuser", "newpassword")
+    Devise.cas_create_user = false
+    sign_into_cas "newuser", "newpassword"
+    
+    current_url.should_not == root_url
+    User.count.should == 1
+    User.find_by_username("newuser").should be_nil
+
+    click_on "sign in using a different account"
+    current_url.should == cas_login_url
+    fill_in "Username", :with => "joeuser"
+    fill_in "Password", :with => "joepassword"
+    click_on "Login"
+    current_url.should == root_url
+  end
+end

data/spec/support/migrations.rb

@@ -0,0 +1,4 @@
+FileUtils.rm File.expand_path("../../scenario/db/*.sqlite3", __FILE__), :force => true
+ActiveRecord::Base.logger = Logger.new(nil)
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Migrator.migrate(File.expand_path("../../scenario/db/migrate/", __FILE__))