RubyGems - devise_cas_authenticatable - Versions diffs - 1.0.0.alpha11 → 1.0.0.alpha12 - Mend

devise_cas_authenticatable 1.0.0.alpha11 → 1.0.0.alpha12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

data/.gitignore +1 -0
data/Gemfile.lock +2 -2
data/README.md +0 -1
data/app/controllers/devise/cas_sessions_controller.rb +52 -2
data/devise_cas_authenticatable.gemspec +2 -2
data/lib/devise_cas_authenticatable/routes.rb +3 -1
data/lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb +12 -0
data/lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb +27 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb +11 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb +31 -0
data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb +58 -0
data/lib/devise_cas_authenticatable/single_sign_out.rb +30 -0
data/lib/devise_cas_authenticatable/strategy.rb +6 -0
data/lib/devise_cas_authenticatable.rb +24 -4
metadata +32 -25

data/.gitignore CHANGED Viewed

@@ -1,4 +1,5 @@
 .bundle/*
+.idea/*
 .yardoc/*
 pkg/*
 spec/scenario/db/*.sqlite3

data/Gemfile.lock CHANGED Viewed

@@ -17,7 +17,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise_cas_authenticatable (1.0.0.alpha11)
+    devise_cas_authenticatable (1.0.0.alpha12)
       devise (>= 1.0.6)
       rubycas-client (>= 2.2.1)
@@ -69,7 +69,7 @@ GEM
     configuration (1.2.0)
     crypt-isaac (0.9.1)
     culerity (0.2.15)
-    devise (1.4.5)
+    devise (1.4.7)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       warden (~> 1.0.3)

data/README.md CHANGED Viewed

@@ -110,5 +110,4 @@ See also
 TODO
 ----
-* Implement CAS single sign-off support (maybe via a Rack middleware?)
 * Test on non-ActiveRecord ORMs

data/app/controllers/devise/cas_sessions_controller.rb CHANGED Viewed

@@ -16,6 +16,11 @@ class Devise::CasSessionsController < Devise::SessionsController
   end
   def destroy
+    # Delete the ticket->session ID mapping if one exists for this session
+    if ticket = session['cas_last_valid_ticket']
+      ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(ticket)
+    end
     # if :cas_create_user is false a CAS session might be open but not signed_in
     # in such case we destroy the session here
     if signed_in?(resource_name)
@@ -29,8 +34,53 @@ class Devise::CasSessionsController < Devise::SessionsController
     destination << after_sign_out_path_for(resource_name)
     redirect_to(::Devise.cas_client.logout_url(destination))
   end
-  private
+  def single_sign_out
+    if ::Devise.cas_enable_single_sign_out
+      session_index = read_session_index
+      if session_index
+        logger.debug "Intercepted single-sign-out request for CAS session #{session_index}."
+        session_id = ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.find_session_id_by_index(session_index)
+        if session_id
+          destroy_cas_session(session_id, session_index)
+        end
+      else
+        logger.warn "Ignoring CAS single-sign-out request as no session index could be parsed from the parameters."
+      end
+    else
+      logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
+    end
+    render :nothing => true
+  end
+  private
+  def read_session_index
+    if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
+      false
+    elsif request.post? && params['logoutRequest'] =~
+        %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
+      $~[1]
+    else
+      false
+    end
+  end
+  def destroy_cas_session(session_id, session_index)
+    if env[:session_store] && env[:session_store].respond_to?(:destroy_session)
+      if env[:session_store].destroy_session(session_id)
+        logger.debug "Destroyed session #{session_id} corresponding to service ticket #{session_index}."
+      else
+        logger.debug "Data for session #{session_id} was not found. It may have already been cleared by a local CAS logout request."
+      end
+    else
+      logger.warn "A single sign out request was received for ticket #{session_index} but the Rails session_store is not a type supported for single-sign-out by devise_cas_authenticatable."
+    end
+    ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(session_index)
+  end
   def returning_from_cas?
     params[:ticket] || request.referer =~ /^#{::Devise.cas_client.cas_base_url}/
   end

data/devise_cas_authenticatable.gemspec CHANGED Viewed

@@ -2,10 +2,10 @@
 Gem::Specification.new do |s|
   s.name = %q{devise_cas_authenticatable}
-  s.version = "1.0.0.alpha11"
+  s.version = "1.0.0.alpha12"
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Nat Budin"]
+  s.authors = ["Nat Budin", "Jeremy Haile"]
   s.description = %q{CAS authentication module for Devise}
   s.email = %q{natbudin@gmail.com}
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }

data/lib/devise_cas_authenticatable/routes.rb CHANGED Viewed

@@ -7,7 +7,8 @@ if ActionController::Routing.name =~ /ActionDispatch/
     def devise_cas_authenticatable(mapping, controllers)
       # service endpoint for CAS server
       get "service", :to => "#{controllers[:cas_sessions]}#service", :as => "service"
+      post "service", :to => "#{controllers[:cas_sessions]}#single_sign_out", :as => "single_sign_out"
       resource :session, :only => [], :controller => controllers[:cas_sessions], :path => "" do
         get :new, :path => mapping.path_names[:sign_in], :as => "new"
         get :unregistered
@@ -25,6 +26,7 @@ else
     def cas_authenticatable(routes, mapping)
       routes.with_options(:controller => 'devise/cas_sessions', :name_prefix => nil) do |session|
         session.send(:"#{mapping.name}_service", '/service', :action => 'service', :conditions => {:method => :get})
+        session.send(:"#{mapping.name}_service", '/service', :action => 'single_sign_out', :conditions => {:method => :post})
         session.send(:"unregistered_#{mapping.name}_session", '/unregistered', :action => "unregistered", :conditions => {:method => :get})
         session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => {:method => :get})
         session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => {:method => :post})

data/lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb ADDED Viewed

@@ -0,0 +1,12 @@
+ActiveRecord::SessionStore.class_eval do
+  include DeviseCasAuthenticatable::SingleSignOut::SetSession
+  alias_method_chain :set_session, :storage
+  def destroy_session(sid)
+    if session = Session::find_by_session_id(sid)
+      session.destroy
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require "action_controller/session/redis_session_store"
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module RedisSessionStore
+      include DeviseCasAuthenticatable::SingleSignOut::SetSession
+      def destroy_session(sid)
+        @pool.del(sid)
+      end
+    end
+  end
+end
+if ::Redis::Store.rails3?
+  ActionDispatch::Session::RedisSessionStore.class_eval do
+    include DeviseCasAuthenticatable::SingleSignOut::RedisSessionStore
+    alias_method_chain :set_session, :storage
+  end
+else
+  ActionController::Session::RedisSessionStore.class_eval do
+    include DeviseCasAuthenticatable::SingleSignOut::RedisSessionStore
+    alias_method_chain :set_session, :storage
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class Base
+        def logger
+          @logger ||= Rails.logger
+        end
+      end
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class RailsCache < Base
+          def store_session_id_for_index(session_index, session_id)
+            logger.debug("Storing #{session_id} for index #{session_index}")
+            Rails.cache.write(cache_key(session_index), session_id)
+          end
+          def find_session_id_by_index(session_index)
+            sid = Rails.cache.read(cache_key(session_index))
+            logger.debug("Found session id #{sid} for index #{session_index}")
+            sid
+          end
+          def delete_session_index(session_index)
+            logger.debug("Deleting index #{session_index}")
+            Rails.cache.delete(cache_key(session_index))
+          end
+          private
+          def cache_key(session_index)
+            "devise_cas_authenticatable:#{session_index}"
+          end
+      end
+    end
+  end
+end
+::DeviseCasAuthenticatable::SingleSignOut::Strategies.add( :rails_cache, DeviseCasAuthenticatable::SingleSignOut::Strategies::RailsCache )

data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb ADDED Viewed

@@ -0,0 +1,58 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module Strategies
+      class << self
+        # Add a strategy and store it in a hash.
+        def add(label, strategy, &block)
+          strategy ||= Class.new(DeviseCasAuthenticatable::SingleSignOut::Strategies::Base)
+          strategy.class_eval(&block) if block_given?
+          check_method(label, strategy, :store_session_id_for_index)
+          check_method(label, strategy, :find_session_id_by_index)
+          check_method(label, strategy, :delete_session_index)
+          unless strategy.ancestors.include?(DeviseCasAuthenticatable::SingleSignOut::Strategies::Base)
+            raise "#{label.inspect} is not a #{base}"
+          end
+          _strategies[label] = strategy.new()
+        end
+        # Update a previously given strategy.
+        def update(label, &block)
+          strategy = _strategies[label]
+          raise "Unknown strategy #{label.inspect}" unless strategy
+          add(label, strategy, &block)
+        end
+        # Provides access to strategies by label
+        def [](label)
+          _strategies[label]
+        end
+        def current_strategy
+          self[::Devise.cas_single_sign_out_mapping_strategy]
+        end
+        # Clears all declared.
+        def clear!
+          _strategies.clear
+        end
+        private
+        def _strategies
+          @strategies ||= {}
+        end
+        def check_method(label, strategy, method)
+          unless strategy.method_defined?(method)
+            raise NoMethodError, "#{method.to_s} is not declared in the #{label.inspect} strategy"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise_cas_authenticatable/single_sign_out.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module DeviseCasAuthenticatable
+  module SingleSignOut
+    module SetSession
+      def set_session_with_storage(env, sid, session_data)
+        if session_data['cas_last_valid_ticket_store']
+          ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.store_session_id_for_index(session_data['cas_last_valid_ticket'], sid)
+          session_data['cas_last_valid_ticket_store'] = nil
+        end
+        set_session_without_storage(env, sid, session_data)
+      end
+    end
+  end
+end
+if defined?(ActionDispatch)
+  # Need to make a small extension to rails to expose the session_store to our controllers
+  require 'action_dispatch/middleware/session/abstract_store'
+  ActionDispatch::Session::AbstractStore.class_eval do
+    def prepare_with_session_store!(env)
+      prepare_without_session_store!(env)
+      env[:session_store] = self
+    end
+    alias_method_chain :prepare!, :session_store
+  end
+end
+require 'devise_cas_authenticatable/single_sign_out/strategies'
+require 'devise_cas_authenticatable/single_sign_out/strategies/base'
+require 'devise_cas_authenticatable/single_sign_out/strategies/rails_cache'

data/lib/devise_cas_authenticatable/strategy.rb CHANGED Viewed

@@ -17,6 +17,12 @@ module Devise
         ticket = read_ticket(params)
         if ticket
           if resource = mapping.to.authenticate_with_cas_ticket(ticket)
+            # Store the ticket in the session for later usage
+            if ::Devise.cas_enable_single_sign_out
+              session['cas_last_valid_ticket'] = ticket.ticket
+              session['cas_last_valid_ticket_store'] = true
+            end
             success!(resource)
           elsif ticket.is_valid?
             redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => ticket.response.user)

data/lib/devise_cas_authenticatable.rb CHANGED Viewed

@@ -5,6 +5,16 @@ require 'devise_cas_authenticatable/routes'
 require 'devise_cas_authenticatable/strategy'
 require 'devise_cas_authenticatable/exceptions'
+require 'devise_cas_authenticatable/single_sign_out'
+if defined?(ActiveRecord::SessionStore)
+  require 'devise_cas_authenticatable/single_sign_out/session_store/active_record'
+end
+if defined?(Redis::Store)
+  require 'devise_cas_authenticatable/single_sign_out/session_store/redis'
+end
 require 'rubycas-client'
 # Register as a Rails engine if Rails::Engine exists
@@ -31,7 +41,16 @@ module Devise
   # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
   @@cas_validate_url = nil
+  # Should devise_cas_authenticatable enable single-sign-out? Requires use of a supported
+  # session_store. Currently supports active_record or redis.
+  # False by default.
+  @@cas_enable_single_sign_out = false
+  # What strategy should single sign out use for tracking token->session ID mapping.
+  # :rails_cache by default.
+  @@cas_single_sign_out_mapping_strategy = :rails_cache
   # Should devise_cas_authenticatable attempt to create new user records for
   # unknown usernames?  True by default.
   @@cas_create_user = true
@@ -43,12 +62,12 @@ module Devise
   # Name of the parameter passed in the logout query
   @@cas_destination_logout_param_name = nil
-  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column
+  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy
   def self.cas_create_user?
     cas_create_user
   end
   # Return a CASClient::Client instance based on configuration parameters.
   def self.cas_client
     @@cas_client ||= CASClient::Client.new(
@@ -56,7 +75,8 @@ module Devise
         :cas_base_url => @@cas_base_url,
         :login_url => @@cas_login_url,
         :logout_url => @@cas_logout_url,
-        :validate_url => @@cas_validate_url
+        :validate_url => @@cas_validate_url,
+        :enable_single_sign_out => @@cas_enable_single_sign_out
       )
   end

metadata CHANGED Viewed

@@ -1,20 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: devise_cas_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha11
+  version: 1.0.0.alpha12
   prerelease: 6
 platform: ruby
 authors:
 - Nat Budin
+- Jeremy Haile
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-09-16 00:00:00.000000000 -04:00
+date: 2011-09-28 00:00:00.000000000 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &2158960580 !ruby/object:Gem::Requirement
+  requirement: &2157571980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +23,10 @@ dependencies:
         version: 1.0.6
   type: :runtime
   prerelease: false
-  version_requirements: *2158960580
+  version_requirements: *2157571980
 - !ruby/object:Gem::Dependency
   name: rubycas-client
-  requirement: &2158959980 !ruby/object:Gem::Requirement
+  requirement: &2157571440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +34,10 @@ dependencies:
         version: 2.2.1
   type: :runtime
   prerelease: false
-  version_requirements: *2158959980
+  version_requirements: *2157571440
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &2158959480 !ruby/object:Gem::Requirement
+  requirement: &2157570280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +45,10 @@ dependencies:
         version: 3.0.7
   type: :development
   prerelease: false
-  version_requirements: *2158959480
+  version_requirements: *2157570280
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &2158958920 !ruby/object:Gem::Requirement
+  requirement: &2157568700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +56,10 @@ dependencies:
         version: 2.6.1
   type: :development
   prerelease: false
-  version_requirements: *2158958920
+  version_requirements: *2157568700
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &2158958500 !ruby/object:Gem::Requirement
+  requirement: &2157568240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,10 +67,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158958500
+  version_requirements: *2157568240
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &2158957800 !ruby/object:Gem::Requirement
+  requirement: &2157567540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,10 +78,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158957800
+  version_requirements: *2157567540
 - !ruby/object:Gem::Dependency
   name: sqlite3-ruby
-  requirement: &2158957240 !ruby/object:Gem::Requirement
+  requirement: &2157566640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -88,10 +89,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158957240
+  version_requirements: *2157566640
 - !ruby/object:Gem::Dependency
   name: sham_rack
-  requirement: &2158956680 !ruby/object:Gem::Requirement
+  requirement: &2157565160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -99,10 +100,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158956680
+  version_requirements: *2157565160
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &2158956260 !ruby/object:Gem::Requirement
+  requirement: &2157545440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -110,10 +111,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158956260
+  version_requirements: *2157545440
 - !ruby/object:Gem::Dependency
   name: crypt-isaac
-  requirement: &2158955460 !ruby/object:Gem::Requirement
+  requirement: &2157544760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -121,10 +122,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158955460
+  version_requirements: *2157544760
 - !ruby/object:Gem::Dependency
   name: launchy
-  requirement: &2158954660 !ruby/object:Gem::Requirement
+  requirement: &2157543980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -132,7 +133,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2158954660
+  version_requirements: *2157543980
 description: CAS authentication module for Devise
 email: natbudin@gmail.com
 executables: []
@@ -155,6 +156,12 @@ files:
 - lib/devise_cas_authenticatable/model.rb
 - lib/devise_cas_authenticatable/routes.rb
 - lib/devise_cas_authenticatable/schema.rb
+- lib/devise_cas_authenticatable/single_sign_out.rb
+- lib/devise_cas_authenticatable/single_sign_out/session_store/active_record.rb
+- lib/devise_cas_authenticatable/single_sign_out/session_store/redis.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb
+- lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb
 - lib/devise_cas_authenticatable/strategy.rb
 - rails/init.rb
 - spec/routes_spec.rb
@@ -203,7 +210,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3233699978426426317
+      hash: 3607945198939265999
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: