RubyGems - devise_cas_authenticatable - Versions diffs - 1.0.0.alpha11 → 1.0.0.alpha12 - Mend

devise_cas_authenticatable 1.0.0.alpha11 → 1.0.0.alpha12

Files changed (15) hide show

data/.gitignore +1 -0
data/Gemfile.lock +2 -2
data/README.md +0 -1
data/app/controllers/devise/cas_sessions_controller.rb +52 -2
data/devise_cas_authenticatable.gemspec +2 -2
data/lib/devise_cas_authenticatable/routes.rb +3 -1
data/lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb +12 -0
data/lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb +27 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb +11 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb +31 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb +58 -0
data/lib/devise_cas_authenticatable/single_sign_out.rb +30 -0
data/lib/devise_cas_authenticatable/strategy.rb +6 -0
data/lib/devise_cas_authenticatable.rb +24 -4
metadata +32 -25

data/.gitignore CHANGED Viewed

@@ -1,4 +1,5 @@
 .bundle/*
+.idea/*
 .yardoc/*
 pkg/*
 spec/scenario/db/*.sqlite3

data/Gemfile.lock CHANGED Viewed

@@ -17,7 +17,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise_cas_authenticatable (1.0.0.alpha11)
+    devise_cas_authenticatable (1.0.0.alpha12)
       devise (>= 1.0.6)
       rubycas-client (>= 2.2.1)
@@ -69,7 +69,7 @@ GEM
     configuration (1.2.0)
     crypt-isaac (0.9.1)
     culerity (0.2.15)
-    devise (1.4.5)
+    devise (1.4.7)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       warden (~> 1.0.3)

data/README.md CHANGED Viewed

@@ -110,5 +110,4 @@ See also
 TODO
 ----
-* Implement CAS single sign-off support (maybe via a Rack middleware?)
 * Test on non-ActiveRecord ORMs

data/app/controllers/devise/cas_sessions_controller.rb CHANGED Viewed

@@ -16,6 +16,11 @@ class Devise::CasSessionsController < Devise::SessionsController
   end
   def destroy
+    # Delete the ticket->session ID mapping if one exists for this session
+    if ticket = session['cas_last_valid_ticket']
+      ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(ticket)
+    end
     # if :cas_create_user is false a CAS session might be open but not signed_in
     # in such case we destroy the session here
     if signed_in?(resource_name)
@@ -29,8 +34,53 @@ class Devise::CasSessionsController < Devise::SessionsController
     destination << after_sign_out_path_for(resource_name)
     redirect_to(::Devise.cas_client.logout_url(destination))
   end
-  private
+  def single_sign_out
+    if ::Devise.cas_enable_single_sign_out
+      session_index = read_session_index
+      if session_index
+        logger.debug "Intercepted single-sign-out request for CAS session #{session_index}."
+        session_id = ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.find_session_id_by_index(session_index)
+        if session_id
+          destroy_cas_session(session_id, session_index)
+        end
+      else
+        logger.warn "Ignoring CAS single-sign-out request as no session index could be parsed from the parameters."
+      end
+    else
+      logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
+    end
+    render :nothing => true
+  end
+  private
+  def read_session_index
+    if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
+      false
+    elsif request.post? && params['logoutRequest'] =~
+        %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
+      $~[1]
+    else
+      false
+    end
+  end
+  def destroy_cas_session(session_id, session_index)
+    if env[:session_store] && env[:session_store].respond_to?(:destroy_session)
+      if env[:session_store].destroy_session(session_id)
+        logger.debug "Destroyed session #{session_id} corresponding to service ticket #{session_index}."
+      else
+        logger.debug "Data for session #{session_id} was not found. It may have already been cleared by a local CAS logout request."
+      end
+    else
+      logger.warn "A single sign out request was received for ticket #{session_index} but the Rails session_store is not a type supported for single-sign-out by devise_cas_authenticatable."
+    end
+    ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(session_index)
+  end
   def returning_from_cas?
     params[:ticket] || request.referer =~ /^#{::Devise.cas_client.cas_base_url}/
   end

data/devise_cas_authenticatable.gemspec CHANGED Viewed

@@ -2,10 +2,10 @@
 Gem::Specification.new do |s|
   s.name = %q{devise_cas_authenticatable}
-  s.version = "1.0.0.alpha11"
+  s.version = "1.0.0.alpha12"
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Nat Budin"]
+  s.authors = ["Nat Budin", "Jeremy Haile"]
   s.description = %q{CAS authentication module for Devise}
   s.email = %q{natbudin@gmail.com}
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }

data/lib/devise_cas_authenticatable/routes.rb CHANGED Viewed

@@ -7,7 +7,8 @@ if ActionController::Routing.name =~ /ActionDispatch/
     def devise_cas_authenticatable(mapping, controllers)
       # service endpoint for CAS server
       get "service", :to => "#{controllers[:cas_sessions]}#service", :as => "service"
+      post "service", :to => "#{controllers[:cas_sessions]}#single_sign_out", :as => "single_sign_out"
       resource :session, :only => [], :controller => controllers[:cas_sessions], :path => "" do
         get :new, :path => mapping.path_names[:sign_in], :as => "new"
         get :unregistered
@@ -25,6 +26,7 @@ else
     def cas_authenticatable(routes, mapping)
       routes.with_options(:controller => 'devise/cas_sessions', :name_prefix => nil) do |session|
         session.send(:"#{mapping.name}_service", '/service', :action => 'service', :conditions => {:method => :get})
+        session.send(:"#{mapping.name}_service", '/service', :action => 'single_sign_out', :conditions => {:method => :post})
         session.send(:"unregistered_#{mapping.name}_session", '/unregistered', :action => "unregistered", :conditions => {:method => :get})
         session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => {:method => :get})
         session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => {:method => :post})

data/lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb ADDED Viewed

@@ -0,0 +1,12 @@
+ActiveRecord::SessionStore.class_eval do
+  include DeviseCasAuthenticatable::SingleSignOut::SetSession
+  alias_method_chain :set_session, :storage
+  def destroy_session(sid)
+    if session = Session::find_by_session_id(sid)
+      session.destroy
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require "action_controller/session/redis_session_store"
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module RedisSessionStore
+      include DeviseCasAuthenticatable::SingleSignOut::SetSession
+      def destroy_session(sid)
+        @pool.del(sid)
+      end
+    end
+  end
+end
+if ::Redis::Store.rails3?
+  ActionDispatch::Session::RedisSessionStore.class_eval do
+    include DeviseCasAuthenticatable::SingleSignOut::RedisSessionStore
+    alias_method_chain :set_session, :storage
+  end
+else
+  ActionController::Session::RedisSessionStore.class_eval do
+    include DeviseCasAuthenticatable::SingleSignOut::RedisSessionStore
+    alias_method_chain :set_session, :storage
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class Base
+        def logger
+          @logger ||= Rails.logger
+        end
+      end
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class RailsCache < Base
+          def store_session_id_for_index(session_index, session_id)
+            logger.debug("Storing #{session_id} for index #{session_index}")
+            Rails.cache.write(cache_key(session_index), session_id)
+          end
+          def find_session_id_by_index(session_index)
+            sid = Rails.cache.read(cache_key(session_index))
+            logger.debug("Found session id #{sid} for index #{session_index}")
+            sid
+          end
+          def delete_session_index(session_index)
+            logger.debug("Deleting index #{session_index}")
+            Rails.cache.delete(cache_key(session_index))
+          end
+          private
+          def cache_key(session_index)
+            "devise_cas_authenticatable:#{session_index}"
+          end
+      end
+    end
+  end
+end
+::DeviseCasAuthenticatable::SingleSignOut::Strategies.add( :rails_cache, DeviseCasAuthenticatable::SingleSignOut::Strategies::RailsCache )

data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb ADDED Viewed

@@ -0,0 +1,58 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class << self
+        # Add a strategy and store it in a hash.
+        def add(label, strategy, &block)
+          strategy ||= Class.new(DeviseCasAuthenticatable::SingleSignOut::Strategies::Base)
+          strategy.class_eval(&block) if block_given?
+          check_method(label, strategy, :store_session_id_for_index)
+          check_method(label, strategy, :find_session_id_by_index)
+          check_method(label, strategy, :delete_session_index)
+          unless strategy.ancestors.include?(DeviseCasAuthenticatable::SingleSignOut::Strategies::Base)
+            raise "#{label.inspect} is not a #{base}"
+          end
+          _strategies[label] = strategy.new()
+        end
+        # Update a previously given strategy.
+        def update(label, &block)
+          strategy = _strategies[label]
+          raise "Unknown strategy #{label.inspect}" unless strategy
+          add(label, strategy, &block)
+        end
+        # Provides access to strategies by label
+        def [](label)
+          _strategies[label]
+        end
+        def current_strategy
+          self[::Devise.cas_single_sign_out_mapping_strategy]
+        end
+        # Clears all declared.
+        def clear!
+          _strategies.clear
+        end
+        private
+        def _strategies
+          @strategies ||= {}
+        end
+        def check_method(label, strategy, method)
+          unless strategy.method_defined?(method)
+            raise NoMethodError, "#{method.to_s} is not declared in the #{label.inspect} strategy"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module SetSession
+      def set_session_with_storage(env, sid, session_data)
+        if session_data['cas_last_valid_ticket_store']
+          ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.store_session_id_for_index(session_data['cas_last_valid_ticket'], sid)
+          session_data['cas_last_valid_ticket_store'] = nil
+        end
+        set_session_without_storage(env, sid, session_data)
+      end
+    end
+  end
+end
+if defined?(ActionDispatch)
+  # Need to make a small extension to rails to expose the session_store to our controllers
+  require 'action_dispatch/middleware/session/abstract_store'
+  ActionDispatch::Session::AbstractStore.class_eval do
+    def prepare_with_session_store!(env)
+      prepare_without_session_store!(env)
+      env[:session_store] = self
+    end
+    alias_method_chain :prepare!, :session_store
+  end
+end
+require 'devise_cas_authenticatable/single_sign_out/strategies'
+require 'devise_cas_authenticatable/single_sign_out/strategies/base'
+require 'devise_cas_authenticatable/single_sign_out/strategies/rails_cache'

data/lib/devise_cas_authenticatable/strategy.rb CHANGED Viewed

@@ -17,6 +17,12 @@ module Devise
         ticket = read_ticket(params)
         if ticket
           if resource = mapping.to.authenticate_with_cas_ticket(ticket)
+            # Store the ticket in the session for later usage
+            if ::Devise.cas_enable_single_sign_out
+              session['cas_last_valid_ticket'] = ticket.ticket
+              session['cas_last_valid_ticket_store'] = true
+            end
             success!(resource)
           elsif ticket.is_valid?
             redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => ticket.response.user)

data/lib/devise_cas_authenticatable.rb CHANGED Viewed

@@ -5,6 +5,16 @@ require 'devise_cas_authenticatable/routes'
 require 'devise_cas_authenticatable/strategy'
 require 'devise_cas_authenticatable/exceptions'
+require 'devise_cas_authenticatable/single_sign_out'
+if defined?(ActiveRecord::SessionStore)
+  require 'devise_cas_authenticatable/single_sign_out/session_store/active_record'
+end
+if defined?(Redis::Store)
+  require 'devise_cas_authenticatable/single_sign_out/session_store/redis'
+end
 require 'rubycas-client'
 # Register as a Rails engine if Rails::Engine exists
@@ -31,7 +41,16 @@ module Devise
   # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
   @@cas_validate_url = nil
+  # Should devise_cas_authenticatable enable single-sign-out? Requires use of a supported
+  # session_store. Currently supports active_record or redis.
+  # False by default.
+  @@cas_enable_single_sign_out = false
+  # What strategy should single sign out use for tracking token->session ID mapping.
+  # :rails_cache by default.
+  @@cas_single_sign_out_mapping_strategy = :rails_cache
   # Should devise_cas_authenticatable attempt to create new user records for
   # unknown usernames?  True by default.
   @@cas_create_user = true
@@ -43,12 +62,12 @@ module Devise
   # Name of the parameter passed in the logout query
   @@cas_destination_logout_param_name = nil
-  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column
+  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy
   def self.cas_create_user?
     cas_create_user
   end
   # Return a CASClient::Client instance based on configuration parameters.
   def self.cas_client
     @@cas_client ||= CASClient::Client.new(
@@ -56,7 +75,8 @@ module Devise
         :cas_base_url => @@cas_base_url,
         :login_url => @@cas_login_url,
         :logout_url => @@cas_logout_url,
-        :validate_url => @@cas_validate_url
+        :validate_url => @@cas_validate_url,
+        :enable_single_sign_out => @@cas_enable_single_sign_out
       )
   end

metadata CHANGED Viewed

@@ -1,20 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: devise_cas_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha11
+  version: 1.0.0.alpha12
   prerelease: 6
 platform: ruby
 authors:
 - Nat Budin
+- Jeremy Haile
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-09-16 00:00:00.000000000 -04:00
+date: 2011-09-28 00:00:00.000000000 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &2158960580 !ruby/object:Gem::Requirement
+  requirement: &2157571980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +23,10 @@ dependencies:
         version: 1.0.6
   type: :runtime
   prerelease: false
-  version_requirements: *2158960580
+  version_requirements: *2157571980
 - !ruby/object:Gem::Dependency
   name: rubycas-client
-  requirement: &2158959980 !ruby/object:Gem::Requirement
+  requirement: &2157571440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +34,10 @@ dependencies:
         version: 2.2.1
   type: :runtime
   prerelease: false
-  version_requirements: *2158959980
+  version_requirements: *2157571440
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &2158959480 !ruby/object:Gem::Requirement
+  requirement: &2157570280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +45,10 @@ dependencies:
         version: 3.0.7
   type: :development
   prerelease: false
-  version_requirements: *2158959480
+  version_requirements: *2157570280
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &2158958920 !ruby/object:Gem::Requirement
+  requirement: &2157568700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +56,10 @@ dependencies:
         version: 2.6.1
   type: :development
   prerelease: false
-  version_requirements: *2158958920
+  version_requirements: *2157568700
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &2158958500 !ruby/object:Gem::Requirement
+  requirement: &2157568240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,10 +67,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158958500
+  version_requirements: *2157568240
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &2158957800 !ruby/object:Gem::Requirement
+  requirement: &2157567540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,10 +78,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158957800
+  version_requirements: *2157567540
 - !ruby/object:Gem::Dependency
   name: sqlite3-ruby
-  requirement: &2158957240 !ruby/object:Gem::Requirement
+  requirement: &2157566640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -88,10 +89,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158957240
+  version_requirements: *2157566640
 - !ruby/object:Gem::Dependency
   name: sham_rack
-  requirement: &2158956680 !ruby/object:Gem::Requirement
+  requirement: &2157565160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -99,10 +100,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158956680
+  version_requirements: *2157565160
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &2158956260 !ruby/object:Gem::Requirement
+  requirement: &2157545440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -110,10 +111,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158956260
+  version_requirements: *2157545440
 - !ruby/object:Gem::Dependency
   name: crypt-isaac
-  requirement: &2158955460 !ruby/object:Gem::Requirement
+  requirement: &2157544760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -121,10 +122,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158955460
+  version_requirements: *2157544760
 - !ruby/object:Gem::Dependency
   name: launchy
-  requirement: &2158954660 !ruby/object:Gem::Requirement
+  requirement: &2157543980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -132,7 +133,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158954660
+  version_requirements: *2157543980
 description: CAS authentication module for Devise
 email: natbudin@gmail.com
 executables: []
@@ -155,6 +156,12 @@ files:
 - lib/devise_cas_authenticatable/model.rb
 - lib/devise_cas_authenticatable/routes.rb
 - lib/devise_cas_authenticatable/schema.rb
+- lib/devise_cas_authenticatable/single_sign_out.rb
+- lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb
+- lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb
 - lib/devise_cas_authenticatable/strategy.rb
 - rails/init.rb
 - spec/routes_spec.rb
@@ -203,7 +210,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3233699978426426317
+      hash: 3607945198939265999
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: