devise_cas_authenticatable 1.10.0 → 2.0.0.alpha1

data/app/views/devise/cas_sessions/unregistered.html.erb

@@ -1,3 +1,3 @@
-<p>The user <%=h params[:username] %> is not registered with this site.  
-  Please <%= link_to "sign in using a different account", 
-  Devise.cas_client.logout_url(send("new_#{resource_name}_session_url")) %>.</p>
+<p>The user <%=h params[:username] %> is not registered with this site.
+  Please <%= link_to "sign in using a different account",
+  RackCAS::Server.new(RackCAS.config.server_url).logout_url(destination: send("new_#{resource_name}_session_url")).to_s %>.</p>

data/devise_cas_authenticatable.gemspec

@@ -1,40 +1,32 @@
-# -*- encoding: utf-8 -*-
-
 Gem::Specification.new do |s|
-  s.name = %q{devise_cas_authenticatable}
-  s.version = "1.10.0"
+  s.name = 'devise_cas_authenticatable'
+  s.version = '2.0.0.alpha1'
 
-  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Nat Budin", "Jeremy Haile"]
-  s.description = %q{CAS authentication module for Devise}
-  s.license = "MIT"
-  s.email = %q{natbudin@gmail.com}
+  s.required_rubygems_version = Gem::Requirement.new('> 1.3.1') if s.respond_to? :required_rubygems_version=
+  s.authors = ['Nat Budin', 'Jeremy Haile']
+  s.description = 'CAS authentication module for Devise'
+  s.license = 'MIT'
+  s.email = 'natbudin@gmail.com'
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.extra_rdoc_files = [
-    "README.md"
+    'README.md'
   ]
 
-  s.homepage = %q{http://github.com/nbudin/devise_cas_authenticatable}
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.5.0}
-  s.summary = %q{CAS authentication module for Devise}
+  s.homepage = 'http://github.com/nbudin/devise_cas_authenticatable'
+  s.require_paths = ['lib']
+  s.rubygems_version = '1.5.0'
+  s.summary = 'CAS authentication module for Devise'
 
-  s.add_runtime_dependency(%q<devise>, [">= 1.2.0"])
-  s.add_runtime_dependency(%q<rubycas-client>, [">= 2.2.1"])
+  s.add_runtime_dependency('devise', ['>= 4.0.0'])
+  s.add_runtime_dependency('rack-cas')
 
-  s.add_development_dependency("rails", ">= 3.0.7")
-  s.add_development_dependency("rspec-rails")
-  s.add_development_dependency("test-unit", "~> 3.0")
-  s.add_development_dependency("mocha")
-  s.add_development_dependency("shoulda")
-  s.add_development_dependency("sqlite3")
-  s.add_development_dependency("sham_rack")
-  s.add_development_dependency("capybara")
-  s.add_development_dependency('crypt-isaac')
+  s.add_development_dependency('capybara')
+  s.add_development_dependency('database_cleaner-active_record')
   s.add_development_dependency('launchy')
-  s.add_development_dependency('timecop')
   s.add_development_dependency('pry')
+  s.add_development_dependency('rails')
+  s.add_development_dependency('rspec-rails')
+  s.add_development_dependency('sqlite3')
 end
-

data/lib/devise_cas_authenticatable.rb

@@ -1,50 +1,16 @@
 require 'devise'
+require 'rack-cas'
+require 'rack-cas/server'
 
-require 'devise_cas_authenticatable/schema'
 require 'devise_cas_authenticatable/routes'
 require 'devise_cas_authenticatable/strategy'
-require 'devise_cas_authenticatable/exceptions'
-
-require 'devise_cas_authenticatable/session_store_identifier'
-require 'devise_cas_authenticatable/single_sign_out'
-
 require 'devise_cas_authenticatable/cas_action_url_factory_base'
 
-require 'rubycas-client'
-
-require 'devise_cas_authenticatable/railtie' if defined?(Rails::Railtie)
-require 'devise_cas_authenticatable/memcache_checker'
-
-# Register as a Rails engine if Rails::Engine exists
-begin
-  Rails::Engine
-rescue
-else
-  module DeviseCasAuthenticatable
-    class Engine < Rails::Engine
-      initializer "devise_cas_authenticatable.single_sign_on.warden_failure_app" do |app|
-        # requiring this here because the parent class calls Rails.application, which
-        # isn't set up until after bundler has required the modules in this engine
-        require 'devise_cas_authenticatable/single_sign_out/warden_failure_app'
-      end
-    end
-  end
+module DeviseCasAuthenticatable
+  class Engine < Rails::Engine ; end
 end
 
 module Devise
-  # The base URL of the CAS server.  For example, http://cas.example.com.  Specifying this
-  # is mandatory.
-  @@cas_base_url = nil
-
-  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
-  @@cas_login_url = nil
-
-  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
-  @@cas_logout_url = nil
-
-  # The login URL of the CAS server.  If undefined, will default based on cas_base_url.
-  @@cas_validate_url = nil
-
   # The destination url for logout.
   @@cas_destination_url = nil
 
@@ -67,8 +33,7 @@ module Devise
   # unknown usernames?  True by default.
   @@cas_create_user = true
 
-  # The model attribute used for query conditions. Should be the same as
-  # the rubycas-server username_column. :username by default
+  # The model attribute used for query conditions. :username by default
   @@cas_username_column = :username
 
   # The CAS reponse value used to find users in the local database
@@ -78,42 +43,20 @@ module Devise
   # Name of the parameter passed in the logout query
   @@cas_destination_logout_param_name = nil
 
-  # Additional options for CAS client object
-  @@cas_client_config_options = {}
-
-  mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_user_identifier, :cas_client_config_options
+  mattr_accessor :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_user_identifier
 
   def self.cas_create_user?
     cas_create_user
   end
 
-  # Return a CASClient::Client instance based on configuration parameters.
-  def self.cas_client
-    @@cas_client ||= begin
-      cas_options = {
-        :cas_destination_logout_param_name => @@cas_destination_logout_param_name,
-        :cas_base_url => @@cas_base_url,
-        :login_url => @@cas_login_url,
-        :logout_url => @@cas_logout_url,
-        :validate_url => @@cas_validate_url,
-        :enable_single_sign_out => @@cas_enable_single_sign_out
-      }
-
-      cas_options.merge!(@@cas_client_config_options) if @@cas_client_config_options
-
-      CASClient::Client.new(cas_options)
-    end
-  end
-
   def self.cas_service_url(base_url, mapping)
-    cas_action_url(base_url, mapping, "service")
+    cas_action_url(base_url, mapping, 'service')
   end
 
   def self.cas_unregistered_url(base_url, mapping)
-    cas_action_url(base_url, mapping, "unregistered")
+    cas_action_url(base_url, mapping, 'unregistered')
   end
 
-  private
   def self.cas_action_url(base_url, mapping, action)
     cas_action_url_factory_class.new(base_url, mapping, action).call
   end
@@ -123,8 +66,10 @@ module Devise
   end
 end
 
-Devise.add_module(:cas_authenticatable,
-  :strategy => true,
-  :controller => :cas_sessions,
-  :route => :cas_authenticatable,
-  :model => 'devise_cas_authenticatable/model')
+Devise.add_module(
+  :cas_authenticatable,
+  strategy: true,
+  controller: :cas_sessions,
+  route: :cas_authenticatable,
+  model: 'devise_cas_authenticatable/model'
+)

data/lib/devise_cas_authenticatable/model.rb

@@ -5,44 +5,39 @@ module Devise
       def self.included(base)
         base.extend ClassMethods
       end
-      
+
       module ClassMethods
-        # Authenticate a CAS ticket and return the resulting user object.  Behavior is as follows:
-        # 
-        # * Check ticket validity using RubyCAS::Client.  Return nil if the ticket is invalid.
+        # Given a CAS details hash returned by rack-cas, return the resulting user object.
+        # Behavior is as follows:
+        #
         # * Find a matching user by username (will use find_for_authentication if available).
         # * If the user does not exist, but Devise.cas_create_user is set, attempt to create the
         #   user object in the database.  If cas_extra_attributes= is defined, this will also
-        #   pass in the ticket's extra_attributes hash.
+        #   pass in the extra_attributes hash.
         # * Return the resulting user object.
-        def authenticate_with_cas_ticket(ticket)
-          ::Devise.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
-          
-          if ticket.is_valid?
-            identifier = nil
-            ticket_response = ticket.respond_to?(:user) ? ticket : ticket.response
-
-            identifier = extract_user_identifier(ticket_response)
+        def authenticate_with_cas_details(cas_details)
+          identifier = cas_details['user']
 
-            # If cas_user_identifier isn't in extra_attributes,
-            # or the value is blank, then we're done here
-            return log_and_exit if identifier.nil?
+          # If cas_user_identifier isn't in extra_attributes,
+          # or the value is blank, then we're done here
+          return log_and_exit if identifier.nil?
 
-            logger.debug("Using conditions {#{::Devise.cas_username_column} => #{identifier}} to find the User")
+          logger.debug("Using conditions {#{::Devise.cas_username_column} => #{identifier}} to find the User")
 
-            conditions = { ::Devise.cas_username_column => identifier }
-            resource = find_or_build_resource_from_conditions(conditions)
-            return nil unless resource
-            
-            resource.cas_extra_attributes = ticket_response.extra_attributes \
-              if resource.respond_to?(:cas_extra_attributes=)
+          conditions = { ::Devise.cas_username_column => identifier }
+          resource = find_or_build_resource_from_conditions(conditions)
+          return nil unless resource
 
-            resource.save
-            resource
+          if resource.respond_to?(:cas_extra_attributes=)
+            resource.cas_extra_attributes = cas_details['extra_attributes']
           end
+
+          resource.save
+          resource
         end
 
         private
+
         def should_create_cas_users?
           respond_to?(:cas_create_user?) ? cas_create_user? : ::Devise.cas_create_user?
         end
@@ -65,9 +60,7 @@ module Devise
         end
 
         def find_resource_with_conditions(conditions)
-          # We don't want to override Devise 1.1's find_for_authentication
-          return find_for_authentication(conditions) if respond_to?(:find_for_authentication)
-          find(:first, :conditions => conditions)
+          find_for_authentication(conditions)
         end
       end
     end

data/lib/devise_cas_authenticatable/routes.rb

@@ -1,55 +1,33 @@
-if defined? ActionDispatch::Routing
-  # Rails 3, 4
-  
-  ActionDispatch::Routing::Mapper.class_eval do
-    protected
-  
-    def devise_cas_authenticatable(mapping, controllers)
-      sign_out_via = (Devise.respond_to?(:sign_out_via) && Devise.sign_out_via) || [:get, :post]
-
-      # service endpoint for CAS server
-      get "service", :to => "#{controllers[:cas_sessions]}#service", :as => "service"
-      post "service", :to => "#{controllers[:cas_sessions]}#single_sign_out", :as => "single_sign_out"
-
-      resource :session, :only => [], :controller => controllers[:cas_sessions], :path => "" do
-        get :new, :path => mapping.path_names[:sign_in], :as => "new"
-        get :unregistered
-        post :create, :path => mapping.path_names[:sign_in]
-        match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => sign_out_via
-      end      
+ActionDispatch::Routing::Mapper.class_eval do
+  protected
+
+  def devise_cas_authenticatable(mapping, controllers)
+    sign_out_via = (Devise.respond_to?(:sign_out_via) && Devise.sign_out_via) || [:get, :post]
+
+    # service endpoint for CAS server
+    get 'service', to: "#{controllers[:cas_sessions]}#service", as: 'service'
+
+    resource :session, only: [], controller: controllers[:cas_sessions], path: '' do
+      get :new, path: mapping.path_names[:sign_in], as: 'new'
+      get :unregistered
+      post :create, path: mapping.path_names[:sign_in]
+      match :destroy, path: mapping.path_names[:sign_out], as: 'destroy', via: sign_out_via
     end
+  end
 
-    def raise_no_secret_key #:nodoc:
-      # Devise_cas_authenticatable does not store passwords, so does not need a secret!
-      Rails.logger.warn <<-WARNING
+  def raise_no_secret_key #:nodoc:
+    # Devise_cas_authenticatable does not store passwords, so does not need a secret!
+    Rails.logger.warn <<~WARNING
       Devise_cas_authenticatable has suppressed an exception from being raised for missing Devise.secret_key.
       If devise_cas_authenticatable is the only devise module you are using for authentication you can safely ignore this warning.
       However, if you use another module that requires the secret_key please follow these instructions from Devise:
 
       Devise.secret_key was not set. Please add the following to your Devise initializer:
-  
+
           config.secret_key = '#{SecureRandom.hex(64)}'
-      
-      Please ensure you restarted your application after installing Devise or setting the key.
-WARNING
 
-    end
-  end
-else
-  # Rails 2
-  
-  ActionController::Routing::RouteSet::Mapper.class_eval do
-    protected
-    
-    def cas_authenticatable(routes, mapping)
-      routes.with_options(:controller => 'devise/cas_sessions', :name_prefix => nil) do |session|
-        session.send(:"#{mapping.name}_service", '/service', :action => 'service', :conditions => {:method => :get})
-        session.send(:"#{mapping.name}_service", '/service', :action => 'single_sign_out', :conditions => {:method => :post})
-        session.send(:"unregistered_#{mapping.name}_session", '/unregistered', :action => "unregistered", :conditions => {:method => :get})
-        session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => {:method => :get})
-        session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => {:method => :post})
-        session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
-      end
-    end
+      Please ensure you restarted your application after installing Devise or setting the key.
+    WARNING
   end
 end
+

data/lib/devise_cas_authenticatable/strategy.rb

@@ -5,18 +5,21 @@ module Devise
     class CasAuthenticatable < Base
       # True if the mapping supports authenticate_with_cas_ticket.
       def valid?
-        mapping.to.respond_to?(:authenticate_with_cas_ticket) && params[:ticket]
+        request = Rack::Request.new(env)
+        mapping.to.respond_to?(:authenticate_with_cas_details) && request.session['cas']
       end
-      
+
       # Try to authenticate a user using the CAS ticket passed in params.
       # If the ticket is valid and the model's authenticate_with_cas_ticket method
       # returns a user, then return success.  If the ticket is invalid, then either
       # fail (if we're just returning from the CAS server, based on the referrer)
       # or attempt to redirect to the CAS server's login URL.
       def authenticate!
-        ticket = read_ticket(params)
-        if ticket
-          if resource = mapping.to.authenticate_with_cas_ticket(ticket)
+        request = Rack::Request.new(env)
+        cas_details = request.session['cas']
+        if cas_details
+          resource = mapping.to.authenticate_with_cas_details(cas_details)
+          if resource
             # Store the ticket in the session for later usage
             if ::Devise.cas_enable_single_sign_out
               session['cas_last_valid_ticket'] = ticket.ticket
@@ -24,28 +27,15 @@ module Devise
             end
 
             success!(resource)
-          elsif ticket.is_valid?
-            username = ticket.respond_to?(:user) ? ticket.user : ticket.response.user
-            redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => username)
           else
-            fail!(:invalid)
+            username = cas_details['user']
+            redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => username)
           end
         else
-          fail!(:invalid)
-        end
-      end
-      
-      protected
-      
-      def read_ticket(params)
-        ticket = params[:ticket]
-        return nil unless ticket
-        
-        service_url = ::Devise.cas_service_url(request.url, mapping)
-        if ticket =~ /^PT-/
-          ::CASClient::ProxyTicket.new(ticket, service_url, params[:renew])
-        else
-          ::CASClient::ServiceTicket.new(ticket, service_url, params[:renew])
+          # Throw to rack-cas to initiate a login
+          rack_cas_authenticate_response = Rack::Response.new(nil, 401)
+          custom!(rack_cas_authenticate_response.to_a)
+          throw :warden
         end
       end
     end

data/spec/model_spec.rb

@@ -1,57 +1,51 @@
+# rubocop:disable Metrics/BlockLength
+
 require 'spec_helper'
 
-describe Devise::Models::CasAuthenticatable do  
+describe Devise::Models::CasAuthenticatable do
 
-  describe "When the user lookup is by something other than username" do
+  describe 'When the user lookup is by something other than username' do
     before(:each) do
-      @ticket = CASClient::ServiceTicket.new("ST-test", nil)
-      @ticket.extra_attributes = {:id => 10}
-      @ticket.success = true
-      @ticket.user = "testusername"
-
       Devise.cas_create_user = false
-
-      #
-      # We needed to stub :find_for_authentication to return false
-      # but wanted to allow other respond_to? calls to function
-      # normally 
-      #
-      User.stubs(:respond_to?) do |arg|
-        if arg == :find_for_authentication
-          return false
-        else
-          return User.respond_to? arg
-        end
-      end
     end
 
-    it "should authenticate using whatever is specified in config.cas_user_identifier" do
+    it 'should authenticate using whatever is specified in config.cas_user_identifier' do
       Devise.cas_user_identifier = :id
       Devise.cas_username_column = :id
 
-      User.expects(:find).with(:first, {:conditions => {:id => 10}})
+      user = User.create!(username: 'testusername')
+      User.authenticate_with_cas_details(cas_details_for_user(user))
 
-      User.authenticate_with_cas_ticket(@ticket)
-
-      #Reset this otherwise it'll blow up other specs
+      # Reset this otherwise it'll blow up other specs
       Devise.cas_user_identifier = nil
     end
 
-    it "should authenticate as normal is config.cas_user_identifier is not set" do
+    it 'should authenticate as normal is config.cas_user_identifier is not set' do
       Devise.cas_user_identifier = nil
       Devise.cas_username_column = :username
-      User.expects(:find).with(:first, {:conditions => {:username => @ticket.user}})
-      User.authenticate_with_cas_ticket(@ticket)
+
+      user = User.create!(username: 'testusername')
+      User.authenticate_with_cas_details(cas_details_for_user(user))
     end
 
-    it "should return nil if cas_user_identifier is not in cas_extra_attributes" do
+    it 'should return nil if cas_user_identifier is not in cas_extra_attributes' do
       Devise.cas_user_identifier = :unknown_ticket_field
-      Devise.cas_username_column = :username   
-      User.expects(:find).never
-      User.authenticate_with_cas_ticket(@ticket).should be_nil 
-
-      #Reset this otherwise it'll blow up other specs
+      Devise.cas_username_column = :username
+      expect(
+        User.authenticate_with_cas_details(
+          {
+            'user' => 'testusername',
+            'extra_attributes' => { id: 10 }
+          }
+        )
+      ).to be_nil
+
+      # Reset this otherwise it'll blow up other specs
       Devise.cas_user_identifier = nil
     end
+
+    def cas_details_for_user(user)
+      { 'user' => user.username, 'extra_attributes' => { id: user.id } }
+    end
   end
-end
+end