devise_bushido_authenticatable 1.0.0 → 1.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/.travis.yml

@@ -0,0 +1,6 @@
+rvm:
+  - 1.8.7 # (current default)
+  - 1.9.2
+gemfile:
+  - Gemfile
+script: "bundle exec rake spec"

data/Gemfile

@@ -1,26 +1,10 @@
 source "http://rubygems.org"
 
-gem 'devise'
-
-group :development do
-  gem 'linecache', '0.43', :platforms => :mri_18
-  gem 'ruby-debug', :platforms => :mri_18
-  gem 'ruby-debug19', :platforms => :mri_19
-  gem "jeweler"
-end
+# Specify your gem's dependencies in devise_bushido_authenticatable.gemspec
+gemspec
 
 group :test do
   gem "rails", ">= 2.3"
-
-  # had to comment this out to use with rails 2.3
-  # gem "rspec-rails", ">= 2.5.0"
-  gem 'rspec'
-
-  gem "mocha"
-  gem "shoulda"
-  gem "sqlite3-ruby"
-  gem "sham_rack"
-  gem "capybara"
-  gem 'crypt-isaac'
-  gem 'launchy'
+  gem "rspec-rails"
+  gem 'castronaut', :git => 'https://github.com/nbudin/castronaut.git', :branch => 'dam5s-merge'
 end

data/Gemfile.lock

@@ -1,97 +1,175 @@
+GIT
+  remote: https://github.com/nbudin/castronaut.git
+  revision: 61add645b9e6500a2afe7343ee74a83a06303c15
+  branch: dam5s-merge
+  specs:
+    castronaut (0.7.5)
+      activerecord (>= 2.0)
+      activesupport (>= 2.0)
+      builder (>= 2.0.0)
+      crypt-isaac (~> 0.9)
+      json (~> 1.5.1)
+      sinatra (>= 1.0)
+
+PATH
+  remote: .
+  specs:
+    devise_bushido_authenticatable (1.0.1)
+      devise (>= 1.0.6)
+      rubycas-client (>= 2.2.1)
+
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (2.3.2)
-      actionpack (= 2.3.2)
-    actionpack (2.3.2)
-      activesupport (= 2.3.2)
-    activerecord (2.3.2)
-      activesupport (= 2.3.2)
-    activeresource (2.3.2)
-      activesupport (= 2.3.2)
-    activesupport (2.3.2)
+    actionmailer (3.1.3)
+      actionpack (= 3.1.3)
+      mail (~> 2.3.0)
+    actionpack (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      i18n (~> 0.6)
+      rack (~> 1.3.5)
+      rack-cache (~> 1.1)
+      rack-mount (~> 0.8.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.0.3)
+    activemodel (3.1.3)
+      activesupport (= 3.1.3)
+      builder (~> 3.0.0)
+      i18n (~> 0.6)
+    activerecord (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+      arel (~> 2.2.1)
+      tzinfo (~> 0.3.29)
+    activeresource (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+    activesupport (3.1.3)
+      multi_json (~> 1.0)
     addressable (2.2.6)
-    archive-tar-minitar (0.5.2)
-    bcrypt-ruby (2.1.4)
-    capybara (1.0.0)
+    arel (2.2.1)
+    bcrypt-ruby (3.0.1)
+    builder (3.0.0)
+    capybara (1.1.2)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
-      selenium-webdriver (~> 0.2.0)
+      selenium-webdriver (~> 2.0)
       xpath (~> 0.1.4)
-    childprocess (0.2.0)
+    childprocess (0.2.3)
       ffi (~> 1.0.6)
-    columnize (0.3.4)
+    coderay (0.9.8)
     crypt-isaac (0.9.1)
-    devise (1.4.2)
-      bcrypt-ruby (~> 2.1.2)
+    devise (1.5.2)
+      bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
-      warden (~> 1.0.3)
-    diff-lcs (1.1.2)
-    ffi (1.0.9)
-    git (1.2.5)
-    jeweler (1.6.4)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-    json_pure (1.5.3)
+      warden (~> 1.1)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    ffi (1.0.11)
+    hike (1.2.1)
+    i18n (0.6.0)
+    json (1.5.4)
     launchy (2.0.5)
       addressable (~> 2.2.6)
-    linecache (0.43)
-    linecache19 (0.5.12)
-      ruby_core_source (>= 0.1.4)
-    mime-types (1.16)
-    mocha (0.9.12)
+    mail (2.3.0)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.1)
+    method_source (0.6.7)
+      ruby_parser (>= 2.3.1)
+    mime-types (1.17.2)
+    mocha (0.10.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.0.4)
     nokogiri (1.5.0)
     orm_adapter (0.0.5)
-    rack (1.3.2)
+    polyglot (0.3.3)
+    pry (0.9.7.4)
+      coderay (~> 0.9.8)
+      method_source (~> 0.6.7)
+      ruby_parser (>= 2.3.1)
+      slop (~> 2.1.0)
+    rack (1.3.5)
+    rack-cache (1.1)
+      rack (>= 0.4)
+    rack-mount (0.8.3)
+      rack (>= 1.0.0)
+    rack-protection (1.1.4)
+      rack
+    rack-ssl (1.3.2)
+      rack
     rack-test (0.6.1)
       rack (>= 1.0)
-    rails (2.3.2)
-      actionmailer (= 2.3.2)
-      actionpack (= 2.3.2)
-      activerecord (= 2.3.2)
-      activeresource (= 2.3.2)
-      activesupport (= 2.3.2)
-      rake (>= 0.8.3)
-    rake (0.9.2)
-    rspec (2.6.0)
-      rspec-core (~> 2.6.0)
-      rspec-expectations (~> 2.6.0)
-      rspec-mocks (~> 2.6.0)
-    rspec-core (2.6.4)
-    rspec-expectations (2.6.0)
+    rails (3.1.3)
+      actionmailer (= 3.1.3)
+      actionpack (= 3.1.3)
+      activerecord (= 3.1.3)
+      activeresource (= 3.1.3)
+      activesupport (= 3.1.3)
+      bundler (~> 1.0)
+      railties (= 3.1.3)
+    railties (3.1.3)
+      actionpack (= 3.1.3)
+      activesupport (= 3.1.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.11)
+      json (~> 1.4)
+    rspec (2.7.0)
+      rspec-core (~> 2.7.0)
+      rspec-expectations (~> 2.7.0)
+      rspec-mocks (~> 2.7.0)
+    rspec-core (2.7.1)
+    rspec-expectations (2.7.0)
       diff-lcs (~> 1.1.2)
-    rspec-mocks (2.6.0)
-    ruby-debug (0.10.4)
-      columnize (>= 0.1)
-      ruby-debug-base (~> 0.10.4.0)
-    ruby-debug-base (0.10.4)
-      linecache (>= 0.3)
-    ruby-debug-base19 (0.11.25)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby_core_source (>= 0.1.4)
-    ruby-debug19 (0.11.6)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby-debug-base19 (>= 0.11.19)
-    ruby_core_source (0.1.5)
-      archive-tar-minitar (>= 0.5.2)
-    rubyzip (0.9.4)
-    selenium-webdriver (0.2.2)
-      childprocess (>= 0.1.9)
-      ffi (>= 1.0.7)
-      json_pure
+    rspec-mocks (2.7.0)
+    rspec-rails (2.7.0)
+      actionpack (~> 3.0)
+      activesupport (~> 3.0)
+      railties (~> 3.0)
+      rspec (~> 2.7.0)
+    ruby_parser (2.3.1)
+      sexp_processor (~> 3.0)
+    rubycas-client (2.2.1)
+      activesupport
+    rubyzip (0.9.5)
+    selenium-webdriver (2.15.0)
+      childprocess (>= 0.2.1)
+      ffi (~> 1.0.9)
+      multi_json (~> 1.0.4)
       rubyzip
+    sexp_processor (3.0.9)
     sham_rack (1.3.3)
       rack
     shoulda (2.11.3)
-    sqlite3 (1.3.4)
+    sinatra (1.3.1)
+      rack (~> 1.3, >= 1.3.4)
+      rack-protection (~> 1.1, >= 1.1.2)
+      tilt (~> 1.3, >= 1.3.3)
+    slop (2.1.0)
+    sprockets (2.0.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.5)
     sqlite3-ruby (1.3.3)
       sqlite3 (>= 1.3.3)
-    warden (1.0.5)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.31)
+    warden (1.1.0)
       rack (>= 1.0)
     xpath (0.1.4)
       nokogiri (~> 1.3)
@@ -101,16 +179,15 @@ PLATFORMS
 
 DEPENDENCIES
   capybara
+  castronaut!
   crypt-isaac
-  devise
-  jeweler
+  devise_bushido_authenticatable!
   launchy
-  linecache (= 0.43)
   mocha
+  pry
   rails (>= 2.3)
   rspec
-  ruby-debug
-  ruby-debug19
+  rspec-rails
   sham_rack
   shoulda
   sqlite3-ruby

data/README.md

@@ -1,5 +1,5 @@
 devise_bushido_authenticatable
-===============================
+=======
 
 devise_bushido_authenticatable provides single sign-on support for Bushido applications, that use 
 [Devise](http://github.com/plataformatec/devise) for authentication. It acts as a **replacement for the database_authenticatable option that devise provides**
@@ -42,9 +42,10 @@ Setup
 
 ### 1.) Add the following to your devise model
 
+    attr_accessor :ido_id
     devise :bushido_authenticatable
     
-You can add other modules like trackable, but **do not use database_authenticatable**. bushido_authenticatable is a replacement for that.
+To the devise() method, you can add other modules like trackable, but **do not use database_authenticatable**. bushido_authenticatable is a replacement for that.
 
 ### 2.) Modify schema migration
 
@@ -75,6 +76,7 @@ When the user is authenticated, Bushido passed along the following extra attribu
 If you find any of these attributes useful and want to capture them, add a bushido_extra_attributes method to your User model (or whichever is your devise model). Below is an example that saves the email and the locale of a user.
 
     class User < ActiveRecord::Base
+      attr_accessor :ido_id
       devise :bushido_authenticatable
       
       def bushido_extra_attributes(extra_attributes)

data/Rakefile

@@ -1,46 +1 @@
-require 'bundler'
-
-Bundler.setup
-
-require 'rake'
-require 'rake/rdoctask'
-require 'rspec/mocks/version'
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:spec)
-
-desc 'Default: run specs.'
-task :default => :spec
-
-desc 'Generate documentation for the devise_bushido_authenticatable plugin.'
-Rake::RDocTask.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'devise_bushido_authenticatable'
-  rdoc.options << '--line-numbers' << '--inline-source'
-  rdoc.rdoc_files.include('README')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-
-begin
-  require 'jeweler'
-  Jeweler::Tasks.new do |gemspec|
-    gemspec.name = "devise_bushido_authenticatable"
-    gemspec.summary = "Bushido SSO authentication module for Devise"
-    gemspec.description = "Bushido SSO authentication module for Devise. A slight variant of the excellent work from Nat Budlin on devise_cas_authenticatable."
-    gemspec.email = "s@bushi.do"
-    gemspec.homepage = "http://github.com/bushido/bushido_cas_authenticatable"
-    gemspec.authors = ["Akash Manohar J", "Sean Grove", "Didier Lafforgue"]
-    gemspec.add_runtime_dependency "devise", ">= 1.0.6"
-    gemspec.add_runtime_dependency "rubycas-client", ">= 2.2.1"
-  end
-  Jeweler::RubygemsDotOrgTasks.new
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
-end
-
-# namespace :scenario do
-#   require File.expand_path('../spec/scenario/config/application', __FILE__)
-# 
-#   Scenario::Application.load_tasks
-# end
+require "bundler/gem_tasks"

data/app/controllers/devise/cas_sessions_controller.rb

@@ -1,19 +1,12 @@
 class Devise::CasSessionsController < Devise::SessionsController
-  unloadable
 
   def new
-    unless returning_from_cas?
-      redirect_to(cas_login_url)
-    end
+    redirect_to(cas_login_url) unless returning_from_cas?
   end
 
   def service
     warden.authenticate!(:scope => resource_name)
-
-    if params[:redirect]
-      return redirect_to params[:redirect]
-    end
-
+    return redirect_to params[:redirect] if params[:redirect]
     return redirect_to after_sign_in_path_for(resource_name)
   end
 
@@ -21,6 +14,11 @@ class Devise::CasSessionsController < Devise::SessionsController
   end
 
   def destroy
+    # Delete the ticket->session ID mapping if one exists for this session
+    if ticket = session['cas_last_valid_ticket']
+      ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(ticket)
+    end
+
     # if :cas_create_user is false a CAS session might be open but not signed_in
     # in such case we destroy the session here
     if signed_in?(resource_name)
@@ -31,7 +29,58 @@ class Devise::CasSessionsController < Devise::SessionsController
     redirect_to(::Devise.cas_client.logout_url)
   end
 
-  private
+  def single_sign_out
+    if ::Devise.cas_enable_single_sign_out
+      session_index = read_session_index
+      if session_index
+        logger.info "Intercepted single-sign-out request for CAS session #{session_index}."
+        session_id = ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.find_session_id_by_index(session_index)
+        destroy_cas_session(session_id, session_index) if session_id
+      else
+        logger.warn "Ignoring CAS single-sign-out request as no session index could be parsed from the parameters."
+      end
+    else
+      logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
+    end
+
+    render :nothing => true
+  end
+
+  protected
+
+  def read_session_index
+    if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
+      false
+    elsif request.post? && params['logoutRequest'] =~
+        %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
+      $~[1]
+    else
+      false
+    end
+  end
+
+  def destroy_cas_session(session_id, session_index)
+    if session_store && session_store.new.respond_to?(:destroy)
+      if session_store.respond_to? :find_by_session_id
+        user_session = session_store.find_by_session_id(session_id)
+      elsif session_store.respond_to? :find
+        user_session = session_store.find(session_id)
+      end
+      user_session.destroy if user_session
+    else
+      logger.info "A single sign out request was received for ticket #{session_index} but the Rails session_store is not a type supported for single-sign-out by devise_cas_authenticatable."
+    end
+    ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(session_index)
+  end
+  
+  def session_store
+    if ::Rails.respond_to? :application
+      return @session_store ||= Rails.application.config.session_store.session_class
+    elsif ::ActionController::Base.respond_to? :session_store
+      return @session_store ||= ActionController::Base.session_store.session_class
+    end
+  end
+
   def returning_from_cas?
     params[:ticket] || request.referer =~ /^#{::Devise.cas_client.cas_base_url}/
   end