devise_cas_authenticatable 1.10.0 → 2.0.0.alpha1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/ruby.yml +32 -0
- data/.gitignore +0 -1
- data/CHANGELOG.md +22 -0
- data/Gemfile +8 -0
- data/README.md +84 -80
- data/app/controllers/devise/cas_sessions_controller.rb +23 -67
- data/app/views/devise/cas_sessions/unregistered.html.erb +3 -3
- data/devise_cas_authenticatable.gemspec +19 -27
- data/lib/devise_cas_authenticatable.rb +15 -70
- data/lib/devise_cas_authenticatable/model.rb +21 -28
- data/lib/devise_cas_authenticatable/routes.rb +22 -44
- data/lib/devise_cas_authenticatable/strategy.rb +14 -24
- data/spec/model_spec.rb +29 -35
- data/spec/routes_spec.rb +26 -26
- data/spec/scenario/app/assets/config/manifest.js +0 -0
- data/spec/scenario/app/controllers/home_controller.rb +2 -2
- data/spec/scenario/app/views/layouts/application.html.erb +1 -3
- data/spec/scenario/config/application.rb +1 -27
- data/spec/scenario/config/initializers/backtrace_silencers.rb +1 -1
- data/spec/scenario/config/initializers/devise.rb +2 -2
- data/spec/scenario/config/routes.rb +0 -4
- data/spec/scenario/db/migrate/20100401102949_create_tables.rb +3 -3
- data/spec/scenario/db/migrate/20111002012903_add_sessions_table.rb +1 -1
- data/spec/scenario/db/migrate/20121009092400_add_deactivated_flag_to_users.rb +1 -1
- data/spec/spec_helper.rb +38 -8
- data/spec/strategy_spec.rb +43 -82
- data/spec/support/migrations.rb +1 -1
- metadata +18 -122
- data/.travis.yml +0 -45
- data/Gemfile.devise12 +0 -11
- data/Gemfile.devise13 +0 -11
- data/Gemfile.devise14 +0 -11
- data/Gemfile.devise15 +0 -11
- data/Gemfile.devise20 +0 -11
- data/Gemfile.devise21 +0 -13
- data/Gemfile.devise30 +0 -12
- data/Gemfile.devise42 +0 -13
- data/lib/devise_cas_authenticatable/exceptions.rb +0 -10
- data/lib/devise_cas_authenticatable/memcache_checker.rb +0 -42
- data/lib/devise_cas_authenticatable/railtie.rb +0 -14
- data/lib/devise_cas_authenticatable/schema.rb +0 -20
- data/lib/devise_cas_authenticatable/session_store_identifier.rb +0 -29
- data/lib/devise_cas_authenticatable/single_sign_out.rb +0 -60
- data/lib/devise_cas_authenticatable/single_sign_out/rack.rb +0 -39
- data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb +0 -58
- data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb +0 -11
- data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb +0 -31
- data/lib/devise_cas_authenticatable/single_sign_out/strategies/redis_cache.rb +0 -33
- data/lib/devise_cas_authenticatable/single_sign_out/warden_failure_app.rb +0 -46
- data/spec/config_spec.rb +0 -27
- data/spec/memcache_checker_spec.rb +0 -49
- data/spec/scenario/config/castronaut.yml +0 -32
- data/spec/scenario/config/initializers/castronaut.rb +0 -1
- data/spec/scenario/config/initializers/session_store.rb +0 -8
- data/spec/single_sign_out_spec.rb +0 -51
- data/spec/support/urls.rb +0 -19
- data/spec/warden_failure_app_spec.rb +0 -53
@@ -1,3 +1,3 @@
|
|
1
|
-
<p>The user <%=h params[:username] %> is not registered with this site.
|
2
|
-
Please <%= link_to "sign in using a different account",
|
3
|
-
|
1
|
+
<p>The user <%=h params[:username] %> is not registered with this site.
|
2
|
+
Please <%= link_to "sign in using a different account",
|
3
|
+
RackCAS::Server.new(RackCAS.config.server_url).logout_url(destination: send("new_#{resource_name}_session_url")).to_s %>.</p>
|
@@ -1,40 +1,32 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
|
-
|
3
1
|
Gem::Specification.new do |s|
|
4
|
-
s.name =
|
5
|
-
s.version =
|
2
|
+
s.name = 'devise_cas_authenticatable'
|
3
|
+
s.version = '2.0.0.alpha1'
|
6
4
|
|
7
|
-
s.required_rubygems_version = Gem::Requirement.new(
|
8
|
-
s.authors = [
|
9
|
-
s.description =
|
10
|
-
s.license =
|
11
|
-
s.email =
|
5
|
+
s.required_rubygems_version = Gem::Requirement.new('> 1.3.1') if s.respond_to? :required_rubygems_version=
|
6
|
+
s.authors = ['Nat Budin', 'Jeremy Haile']
|
7
|
+
s.description = 'CAS authentication module for Devise'
|
8
|
+
s.license = 'MIT'
|
9
|
+
s.email = 'natbudin@gmail.com'
|
12
10
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
13
11
|
s.files = `git ls-files`.split("\n")
|
14
12
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
15
13
|
s.extra_rdoc_files = [
|
16
|
-
|
14
|
+
'README.md'
|
17
15
|
]
|
18
16
|
|
19
|
-
s.homepage =
|
20
|
-
s.require_paths = [
|
21
|
-
s.rubygems_version =
|
22
|
-
s.summary =
|
17
|
+
s.homepage = 'http://github.com/nbudin/devise_cas_authenticatable'
|
18
|
+
s.require_paths = ['lib']
|
19
|
+
s.rubygems_version = '1.5.0'
|
20
|
+
s.summary = 'CAS authentication module for Devise'
|
23
21
|
|
24
|
-
s.add_runtime_dependency(
|
25
|
-
s.add_runtime_dependency(
|
22
|
+
s.add_runtime_dependency('devise', ['>= 4.0.0'])
|
23
|
+
s.add_runtime_dependency('rack-cas')
|
26
24
|
|
27
|
-
s.add_development_dependency(
|
28
|
-
s.add_development_dependency(
|
29
|
-
s.add_development_dependency("test-unit", "~> 3.0")
|
30
|
-
s.add_development_dependency("mocha")
|
31
|
-
s.add_development_dependency("shoulda")
|
32
|
-
s.add_development_dependency("sqlite3")
|
33
|
-
s.add_development_dependency("sham_rack")
|
34
|
-
s.add_development_dependency("capybara")
|
35
|
-
s.add_development_dependency('crypt-isaac')
|
25
|
+
s.add_development_dependency('capybara')
|
26
|
+
s.add_development_dependency('database_cleaner-active_record')
|
36
27
|
s.add_development_dependency('launchy')
|
37
|
-
s.add_development_dependency('timecop')
|
38
28
|
s.add_development_dependency('pry')
|
29
|
+
s.add_development_dependency('rails')
|
30
|
+
s.add_development_dependency('rspec-rails')
|
31
|
+
s.add_development_dependency('sqlite3')
|
39
32
|
end
|
40
|
-
|
@@ -1,50 +1,16 @@
|
|
1
1
|
require 'devise'
|
2
|
+
require 'rack-cas'
|
3
|
+
require 'rack-cas/server'
|
2
4
|
|
3
|
-
require 'devise_cas_authenticatable/schema'
|
4
5
|
require 'devise_cas_authenticatable/routes'
|
5
6
|
require 'devise_cas_authenticatable/strategy'
|
6
|
-
require 'devise_cas_authenticatable/exceptions'
|
7
|
-
|
8
|
-
require 'devise_cas_authenticatable/session_store_identifier'
|
9
|
-
require 'devise_cas_authenticatable/single_sign_out'
|
10
|
-
|
11
7
|
require 'devise_cas_authenticatable/cas_action_url_factory_base'
|
12
8
|
|
13
|
-
|
14
|
-
|
15
|
-
require 'devise_cas_authenticatable/railtie' if defined?(Rails::Railtie)
|
16
|
-
require 'devise_cas_authenticatable/memcache_checker'
|
17
|
-
|
18
|
-
# Register as a Rails engine if Rails::Engine exists
|
19
|
-
begin
|
20
|
-
Rails::Engine
|
21
|
-
rescue
|
22
|
-
else
|
23
|
-
module DeviseCasAuthenticatable
|
24
|
-
class Engine < Rails::Engine
|
25
|
-
initializer "devise_cas_authenticatable.single_sign_on.warden_failure_app" do |app|
|
26
|
-
# requiring this here because the parent class calls Rails.application, which
|
27
|
-
# isn't set up until after bundler has required the modules in this engine
|
28
|
-
require 'devise_cas_authenticatable/single_sign_out/warden_failure_app'
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
9
|
+
module DeviseCasAuthenticatable
|
10
|
+
class Engine < Rails::Engine ; end
|
32
11
|
end
|
33
12
|
|
34
13
|
module Devise
|
35
|
-
# The base URL of the CAS server. For example, http://cas.example.com. Specifying this
|
36
|
-
# is mandatory.
|
37
|
-
@@cas_base_url = nil
|
38
|
-
|
39
|
-
# The login URL of the CAS server. If undefined, will default based on cas_base_url.
|
40
|
-
@@cas_login_url = nil
|
41
|
-
|
42
|
-
# The login URL of the CAS server. If undefined, will default based on cas_base_url.
|
43
|
-
@@cas_logout_url = nil
|
44
|
-
|
45
|
-
# The login URL of the CAS server. If undefined, will default based on cas_base_url.
|
46
|
-
@@cas_validate_url = nil
|
47
|
-
|
48
14
|
# The destination url for logout.
|
49
15
|
@@cas_destination_url = nil
|
50
16
|
|
@@ -67,8 +33,7 @@ module Devise
|
|
67
33
|
# unknown usernames? True by default.
|
68
34
|
@@cas_create_user = true
|
69
35
|
|
70
|
-
# The model attribute used for query conditions.
|
71
|
-
# the rubycas-server username_column. :username by default
|
36
|
+
# The model attribute used for query conditions. :username by default
|
72
37
|
@@cas_username_column = :username
|
73
38
|
|
74
39
|
# The CAS reponse value used to find users in the local database
|
@@ -78,42 +43,20 @@ module Devise
|
|
78
43
|
# Name of the parameter passed in the logout query
|
79
44
|
@@cas_destination_logout_param_name = nil
|
80
45
|
|
81
|
-
|
82
|
-
@@cas_client_config_options = {}
|
83
|
-
|
84
|
-
mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_user_identifier, :cas_client_config_options
|
46
|
+
mattr_accessor :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_user_identifier
|
85
47
|
|
86
48
|
def self.cas_create_user?
|
87
49
|
cas_create_user
|
88
50
|
end
|
89
51
|
|
90
|
-
# Return a CASClient::Client instance based on configuration parameters.
|
91
|
-
def self.cas_client
|
92
|
-
@@cas_client ||= begin
|
93
|
-
cas_options = {
|
94
|
-
:cas_destination_logout_param_name => @@cas_destination_logout_param_name,
|
95
|
-
:cas_base_url => @@cas_base_url,
|
96
|
-
:login_url => @@cas_login_url,
|
97
|
-
:logout_url => @@cas_logout_url,
|
98
|
-
:validate_url => @@cas_validate_url,
|
99
|
-
:enable_single_sign_out => @@cas_enable_single_sign_out
|
100
|
-
}
|
101
|
-
|
102
|
-
cas_options.merge!(@@cas_client_config_options) if @@cas_client_config_options
|
103
|
-
|
104
|
-
CASClient::Client.new(cas_options)
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
52
|
def self.cas_service_url(base_url, mapping)
|
109
|
-
cas_action_url(base_url, mapping,
|
53
|
+
cas_action_url(base_url, mapping, 'service')
|
110
54
|
end
|
111
55
|
|
112
56
|
def self.cas_unregistered_url(base_url, mapping)
|
113
|
-
cas_action_url(base_url, mapping,
|
57
|
+
cas_action_url(base_url, mapping, 'unregistered')
|
114
58
|
end
|
115
59
|
|
116
|
-
private
|
117
60
|
def self.cas_action_url(base_url, mapping, action)
|
118
61
|
cas_action_url_factory_class.new(base_url, mapping, action).call
|
119
62
|
end
|
@@ -123,8 +66,10 @@ module Devise
|
|
123
66
|
end
|
124
67
|
end
|
125
68
|
|
126
|
-
Devise.add_module(
|
127
|
-
:
|
128
|
-
:
|
129
|
-
:
|
130
|
-
:
|
69
|
+
Devise.add_module(
|
70
|
+
:cas_authenticatable,
|
71
|
+
strategy: true,
|
72
|
+
controller: :cas_sessions,
|
73
|
+
route: :cas_authenticatable,
|
74
|
+
model: 'devise_cas_authenticatable/model'
|
75
|
+
)
|
@@ -5,44 +5,39 @@ module Devise
|
|
5
5
|
def self.included(base)
|
6
6
|
base.extend ClassMethods
|
7
7
|
end
|
8
|
-
|
8
|
+
|
9
9
|
module ClassMethods
|
10
|
-
#
|
11
|
-
#
|
12
|
-
#
|
10
|
+
# Given a CAS details hash returned by rack-cas, return the resulting user object.
|
11
|
+
# Behavior is as follows:
|
12
|
+
#
|
13
13
|
# * Find a matching user by username (will use find_for_authentication if available).
|
14
14
|
# * If the user does not exist, but Devise.cas_create_user is set, attempt to create the
|
15
15
|
# user object in the database. If cas_extra_attributes= is defined, this will also
|
16
|
-
# pass in the
|
16
|
+
# pass in the extra_attributes hash.
|
17
17
|
# * Return the resulting user object.
|
18
|
-
def
|
19
|
-
|
20
|
-
|
21
|
-
if ticket.is_valid?
|
22
|
-
identifier = nil
|
23
|
-
ticket_response = ticket.respond_to?(:user) ? ticket : ticket.response
|
24
|
-
|
25
|
-
identifier = extract_user_identifier(ticket_response)
|
18
|
+
def authenticate_with_cas_details(cas_details)
|
19
|
+
identifier = cas_details['user']
|
26
20
|
|
27
|
-
|
28
|
-
|
29
|
-
|
21
|
+
# If cas_user_identifier isn't in extra_attributes,
|
22
|
+
# or the value is blank, then we're done here
|
23
|
+
return log_and_exit if identifier.nil?
|
30
24
|
|
31
|
-
|
25
|
+
logger.debug("Using conditions {#{::Devise.cas_username_column} => #{identifier}} to find the User")
|
32
26
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
resource.cas_extra_attributes = ticket_response.extra_attributes \
|
38
|
-
if resource.respond_to?(:cas_extra_attributes=)
|
27
|
+
conditions = { ::Devise.cas_username_column => identifier }
|
28
|
+
resource = find_or_build_resource_from_conditions(conditions)
|
29
|
+
return nil unless resource
|
39
30
|
|
40
|
-
|
41
|
-
resource
|
31
|
+
if resource.respond_to?(:cas_extra_attributes=)
|
32
|
+
resource.cas_extra_attributes = cas_details['extra_attributes']
|
42
33
|
end
|
34
|
+
|
35
|
+
resource.save
|
36
|
+
resource
|
43
37
|
end
|
44
38
|
|
45
39
|
private
|
40
|
+
|
46
41
|
def should_create_cas_users?
|
47
42
|
respond_to?(:cas_create_user?) ? cas_create_user? : ::Devise.cas_create_user?
|
48
43
|
end
|
@@ -65,9 +60,7 @@ module Devise
|
|
65
60
|
end
|
66
61
|
|
67
62
|
def find_resource_with_conditions(conditions)
|
68
|
-
|
69
|
-
return find_for_authentication(conditions) if respond_to?(:find_for_authentication)
|
70
|
-
find(:first, :conditions => conditions)
|
63
|
+
find_for_authentication(conditions)
|
71
64
|
end
|
72
65
|
end
|
73
66
|
end
|
@@ -1,55 +1,33 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
get
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
get :new, :path => mapping.path_names[:sign_in], :as => "new"
|
16
|
-
get :unregistered
|
17
|
-
post :create, :path => mapping.path_names[:sign_in]
|
18
|
-
match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => sign_out_via
|
19
|
-
end
|
1
|
+
ActionDispatch::Routing::Mapper.class_eval do
|
2
|
+
protected
|
3
|
+
|
4
|
+
def devise_cas_authenticatable(mapping, controllers)
|
5
|
+
sign_out_via = (Devise.respond_to?(:sign_out_via) && Devise.sign_out_via) || [:get, :post]
|
6
|
+
|
7
|
+
# service endpoint for CAS server
|
8
|
+
get 'service', to: "#{controllers[:cas_sessions]}#service", as: 'service'
|
9
|
+
|
10
|
+
resource :session, only: [], controller: controllers[:cas_sessions], path: '' do
|
11
|
+
get :new, path: mapping.path_names[:sign_in], as: 'new'
|
12
|
+
get :unregistered
|
13
|
+
post :create, path: mapping.path_names[:sign_in]
|
14
|
+
match :destroy, path: mapping.path_names[:sign_out], as: 'destroy', via: sign_out_via
|
20
15
|
end
|
16
|
+
end
|
21
17
|
|
22
|
-
|
23
|
-
|
24
|
-
|
18
|
+
def raise_no_secret_key #:nodoc:
|
19
|
+
# Devise_cas_authenticatable does not store passwords, so does not need a secret!
|
20
|
+
Rails.logger.warn <<~WARNING
|
25
21
|
Devise_cas_authenticatable has suppressed an exception from being raised for missing Devise.secret_key.
|
26
22
|
If devise_cas_authenticatable is the only devise module you are using for authentication you can safely ignore this warning.
|
27
23
|
However, if you use another module that requires the secret_key please follow these instructions from Devise:
|
28
24
|
|
29
25
|
Devise.secret_key was not set. Please add the following to your Devise initializer:
|
30
|
-
|
26
|
+
|
31
27
|
config.secret_key = '#{SecureRandom.hex(64)}'
|
32
|
-
|
33
|
-
Please ensure you restarted your application after installing Devise or setting the key.
|
34
|
-
WARNING
|
35
28
|
|
36
|
-
|
37
|
-
|
38
|
-
else
|
39
|
-
# Rails 2
|
40
|
-
|
41
|
-
ActionController::Routing::RouteSet::Mapper.class_eval do
|
42
|
-
protected
|
43
|
-
|
44
|
-
def cas_authenticatable(routes, mapping)
|
45
|
-
routes.with_options(:controller => 'devise/cas_sessions', :name_prefix => nil) do |session|
|
46
|
-
session.send(:"#{mapping.name}_service", '/service', :action => 'service', :conditions => {:method => :get})
|
47
|
-
session.send(:"#{mapping.name}_service", '/service', :action => 'single_sign_out', :conditions => {:method => :post})
|
48
|
-
session.send(:"unregistered_#{mapping.name}_session", '/unregistered', :action => "unregistered", :conditions => {:method => :get})
|
49
|
-
session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => {:method => :get})
|
50
|
-
session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => {:method => :post})
|
51
|
-
session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
|
52
|
-
end
|
53
|
-
end
|
29
|
+
Please ensure you restarted your application after installing Devise or setting the key.
|
30
|
+
WARNING
|
54
31
|
end
|
55
32
|
end
|
33
|
+
|
@@ -5,18 +5,21 @@ module Devise
|
|
5
5
|
class CasAuthenticatable < Base
|
6
6
|
# True if the mapping supports authenticate_with_cas_ticket.
|
7
7
|
def valid?
|
8
|
-
|
8
|
+
request = Rack::Request.new(env)
|
9
|
+
mapping.to.respond_to?(:authenticate_with_cas_details) && request.session['cas']
|
9
10
|
end
|
10
|
-
|
11
|
+
|
11
12
|
# Try to authenticate a user using the CAS ticket passed in params.
|
12
13
|
# If the ticket is valid and the model's authenticate_with_cas_ticket method
|
13
14
|
# returns a user, then return success. If the ticket is invalid, then either
|
14
15
|
# fail (if we're just returning from the CAS server, based on the referrer)
|
15
16
|
# or attempt to redirect to the CAS server's login URL.
|
16
17
|
def authenticate!
|
17
|
-
|
18
|
-
|
19
|
-
|
18
|
+
request = Rack::Request.new(env)
|
19
|
+
cas_details = request.session['cas']
|
20
|
+
if cas_details
|
21
|
+
resource = mapping.to.authenticate_with_cas_details(cas_details)
|
22
|
+
if resource
|
20
23
|
# Store the ticket in the session for later usage
|
21
24
|
if ::Devise.cas_enable_single_sign_out
|
22
25
|
session['cas_last_valid_ticket'] = ticket.ticket
|
@@ -24,28 +27,15 @@ module Devise
|
|
24
27
|
end
|
25
28
|
|
26
29
|
success!(resource)
|
27
|
-
elsif ticket.is_valid?
|
28
|
-
username = ticket.respond_to?(:user) ? ticket.user : ticket.response.user
|
29
|
-
redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => username)
|
30
30
|
else
|
31
|
-
|
31
|
+
username = cas_details['user']
|
32
|
+
redirect!(::Devise.cas_unregistered_url(request.url, mapping), :username => username)
|
32
33
|
end
|
33
34
|
else
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
protected
|
39
|
-
|
40
|
-
def read_ticket(params)
|
41
|
-
ticket = params[:ticket]
|
42
|
-
return nil unless ticket
|
43
|
-
|
44
|
-
service_url = ::Devise.cas_service_url(request.url, mapping)
|
45
|
-
if ticket =~ /^PT-/
|
46
|
-
::CASClient::ProxyTicket.new(ticket, service_url, params[:renew])
|
47
|
-
else
|
48
|
-
::CASClient::ServiceTicket.new(ticket, service_url, params[:renew])
|
35
|
+
# Throw to rack-cas to initiate a login
|
36
|
+
rack_cas_authenticate_response = Rack::Response.new(nil, 401)
|
37
|
+
custom!(rack_cas_authenticate_response.to_a)
|
38
|
+
throw :warden
|
49
39
|
end
|
50
40
|
end
|
51
41
|
end
|
data/spec/model_spec.rb
CHANGED
@@ -1,57 +1,51 @@
|
|
1
|
+
# rubocop:disable Metrics/BlockLength
|
2
|
+
|
1
3
|
require 'spec_helper'
|
2
4
|
|
3
|
-
describe Devise::Models::CasAuthenticatable do
|
5
|
+
describe Devise::Models::CasAuthenticatable do
|
4
6
|
|
5
|
-
describe
|
7
|
+
describe 'When the user lookup is by something other than username' do
|
6
8
|
before(:each) do
|
7
|
-
@ticket = CASClient::ServiceTicket.new("ST-test", nil)
|
8
|
-
@ticket.extra_attributes = {:id => 10}
|
9
|
-
@ticket.success = true
|
10
|
-
@ticket.user = "testusername"
|
11
|
-
|
12
9
|
Devise.cas_create_user = false
|
13
|
-
|
14
|
-
#
|
15
|
-
# We needed to stub :find_for_authentication to return false
|
16
|
-
# but wanted to allow other respond_to? calls to function
|
17
|
-
# normally
|
18
|
-
#
|
19
|
-
User.stubs(:respond_to?) do |arg|
|
20
|
-
if arg == :find_for_authentication
|
21
|
-
return false
|
22
|
-
else
|
23
|
-
return User.respond_to? arg
|
24
|
-
end
|
25
|
-
end
|
26
10
|
end
|
27
11
|
|
28
|
-
it
|
12
|
+
it 'should authenticate using whatever is specified in config.cas_user_identifier' do
|
29
13
|
Devise.cas_user_identifier = :id
|
30
14
|
Devise.cas_username_column = :id
|
31
15
|
|
32
|
-
User.
|
16
|
+
user = User.create!(username: 'testusername')
|
17
|
+
User.authenticate_with_cas_details(cas_details_for_user(user))
|
33
18
|
|
34
|
-
|
35
|
-
|
36
|
-
#Reset this otherwise it'll blow up other specs
|
19
|
+
# Reset this otherwise it'll blow up other specs
|
37
20
|
Devise.cas_user_identifier = nil
|
38
21
|
end
|
39
22
|
|
40
|
-
it
|
23
|
+
it 'should authenticate as normal is config.cas_user_identifier is not set' do
|
41
24
|
Devise.cas_user_identifier = nil
|
42
25
|
Devise.cas_username_column = :username
|
43
|
-
|
44
|
-
User.
|
26
|
+
|
27
|
+
user = User.create!(username: 'testusername')
|
28
|
+
User.authenticate_with_cas_details(cas_details_for_user(user))
|
45
29
|
end
|
46
30
|
|
47
|
-
it
|
31
|
+
it 'should return nil if cas_user_identifier is not in cas_extra_attributes' do
|
48
32
|
Devise.cas_user_identifier = :unknown_ticket_field
|
49
|
-
Devise.cas_username_column = :username
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
33
|
+
Devise.cas_username_column = :username
|
34
|
+
expect(
|
35
|
+
User.authenticate_with_cas_details(
|
36
|
+
{
|
37
|
+
'user' => 'testusername',
|
38
|
+
'extra_attributes' => { id: 10 }
|
39
|
+
}
|
40
|
+
)
|
41
|
+
).to be_nil
|
42
|
+
|
43
|
+
# Reset this otherwise it'll blow up other specs
|
54
44
|
Devise.cas_user_identifier = nil
|
55
45
|
end
|
46
|
+
|
47
|
+
def cas_details_for_user(user)
|
48
|
+
{ 'user' => user.username, 'extra_attributes' => { id: user.id } }
|
49
|
+
end
|
56
50
|
end
|
57
|
-
end
|
51
|
+
end
|