devise_cas_authenticatable 1.10.4 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +32 -0
  3. data/.gitignore +0 -1
  4. data/CHANGELOG.md +65 -44
  5. data/Gemfile +8 -0
  6. data/README.md +85 -89
  7. data/app/controllers/devise/cas_sessions_controller.rb +25 -69
  8. data/app/views/devise/cas_sessions/unregistered.html.erb +3 -3
  9. data/devise_cas_authenticatable.gemspec +19 -26
  10. data/lib/devise_cas_authenticatable/model.rb +21 -28
  11. data/lib/devise_cas_authenticatable/routes.rb +22 -44
  12. data/lib/devise_cas_authenticatable/strategy.rb +14 -30
  13. data/lib/devise_cas_authenticatable.rb +27 -79
  14. data/spec/model_spec.rb +29 -35
  15. data/spec/routes_spec.rb +26 -26
  16. data/spec/scenario/app/assets/config/manifest.js +0 -0
  17. data/spec/scenario/app/controllers/home_controller.rb +2 -2
  18. data/spec/scenario/app/views/layouts/application.html.erb +1 -3
  19. data/spec/scenario/config/application.rb +1 -27
  20. data/spec/scenario/config/initializers/backtrace_silencers.rb +1 -1
  21. data/spec/scenario/config/initializers/devise.rb +2 -2
  22. data/spec/scenario/config/routes.rb +0 -4
  23. data/spec/scenario/db/migrate/20100401102949_create_tables.rb +3 -3
  24. data/spec/scenario/db/migrate/20111002012903_add_sessions_table.rb +1 -1
  25. data/spec/scenario/db/migrate/20121009092400_add_deactivated_flag_to_users.rb +1 -1
  26. data/spec/spec_helper.rb +38 -8
  27. data/spec/strategy_spec.rb +43 -82
  28. data/spec/support/migrations.rb +1 -1
  29. metadata +21 -126
  30. data/.travis.yml +0 -45
  31. data/Gemfile.devise12 +0 -11
  32. data/Gemfile.devise13 +0 -11
  33. data/Gemfile.devise14 +0 -11
  34. data/Gemfile.devise15 +0 -11
  35. data/Gemfile.devise20 +0 -11
  36. data/Gemfile.devise21 +0 -13
  37. data/Gemfile.devise30 +0 -12
  38. data/Gemfile.devise42 +0 -13
  39. data/lib/devise_cas_authenticatable/exceptions.rb +0 -10
  40. data/lib/devise_cas_authenticatable/memcache_checker.rb +0 -42
  41. data/lib/devise_cas_authenticatable/railtie.rb +0 -14
  42. data/lib/devise_cas_authenticatable/schema.rb +0 -20
  43. data/lib/devise_cas_authenticatable/session_store_identifier.rb +0 -29
  44. data/lib/devise_cas_authenticatable/single_sign_out/rack.rb +0 -39
  45. data/lib/devise_cas_authenticatable/single_sign_out/strategies/base.rb +0 -11
  46. data/lib/devise_cas_authenticatable/single_sign_out/strategies/rails_cache.rb +0 -31
  47. data/lib/devise_cas_authenticatable/single_sign_out/strategies/redis_cache.rb +0 -38
  48. data/lib/devise_cas_authenticatable/single_sign_out/strategies.rb +0 -58
  49. data/lib/devise_cas_authenticatable/single_sign_out/warden_failure_app.rb +0 -46
  50. data/lib/devise_cas_authenticatable/single_sign_out/with_conn.rb +0 -14
  51. data/lib/devise_cas_authenticatable/single_sign_out.rb +0 -69
  52. data/spec/config_spec.rb +0 -27
  53. data/spec/memcache_checker_spec.rb +0 -49
  54. data/spec/scenario/config/castronaut.yml +0 -32
  55. data/spec/scenario/config/initializers/castronaut.rb +0 -1
  56. data/spec/scenario/config/initializers/session_store.rb +0 -8
  57. data/spec/single_sign_out_spec.rb +0 -51
  58. data/spec/support/urls.rb +0 -19
  59. data/spec/warden_failure_app_spec.rb +0 -53
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0e52720581da9cbfecdabb24df82f099b140b5c282885dd0aa3a1fbef559fcb1
4
- data.tar.gz: bb55162fe23ae48432b59140811fadd15e24918f0aa2647bcbd51d2094a210e2
3
+ metadata.gz: 836c11beb6cfff139820be64809f25577cb2e835ff84f5a054bd6c0fc03d42fd
4
+ data.tar.gz: b642bbf0b62997007166096932e93ba276441d0aad2596f167e9ac7c2a7c1a5a
5
5
  SHA512:
6
- metadata.gz: 8d3c2e442a37315c935dd021b5f05a6e38a8e3112b2b8f7e8d0e11c31db3622ae10785d377ec9942e43c4d12b8a94b7faea9e863759a53dc5543fb4d4e7e6584
7
- data.tar.gz: 84dd388a716bc5f31f3f0fd263b550a85a39ba183e46b67492923871981b30c1ab77a96e326f9592383d416e6b4195a44e9cdd65819797ca6c37407cd487ded1
6
+ metadata.gz: f3502487105bb999d005e222080d1a16f2c8aee7192983c553f8dc1caec013a98782756f2ed111b45fb83d5200b0a4355d275e3ff86eff612e2ca4738bf73ec6
7
+ data.tar.gz: 05e4f421170c6bcce7f203964498764c9350a2c712e6ab40882337f02a730aabc7db81f72f5f776fd85db6dbcc1d14f276589e645c13c628c9cb09506f3bfd79
@@ -0,0 +1,32 @@
1
+ # This workflow uses actions that are not certified by GitHub.
2
+ # They are provided by a third-party and are governed by
3
+ # separate terms of service, privacy policy, and support
4
+ # documentation.
5
+ # This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
6
+ # For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
7
+
8
+ name: Ruby
9
+
10
+ on:
11
+ push:
12
+ branches: [ main ]
13
+ pull_request:
14
+ branches: [ main ]
15
+
16
+ jobs:
17
+ test:
18
+
19
+ runs-on: ubuntu-latest
20
+ strategy:
21
+ matrix:
22
+ ruby-version: ['2.6', '2.7', '3.0']
23
+
24
+ steps:
25
+ - uses: actions/checkout@v2
26
+ - name: Set up Ruby
27
+ uses: ruby/setup-ruby@v1
28
+ with:
29
+ ruby-version: ${{ matrix.ruby-version }}
30
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
31
+ - name: Run tests
32
+ run: bundle exec rake spec
data/.gitignore CHANGED
@@ -7,4 +7,3 @@ spec/scenario/tmp/*
7
7
  log/*
8
8
  db/*
9
9
  Gemfile.*lock
10
- Gemfile
data/CHANGELOG.md CHANGED
@@ -1,143 +1,164 @@
1
- # Changelog for devise\_cas\_authenticatable
1
+ # Changelog for devise_cas_authenticatable
2
+
3
+ ## Version 2.0.2 - Febuary 8, 2022
4
+
5
+ - Remove the mistakenly-left-in single sign out config options. (If you try to set them, devise_cas_authenticatable
6
+ will now give a warning and do nothing.)
7
+ - Remove the mistakenly-left-in single sign out handling code in the Warden strategy (fixes #160)
8
+
9
+ ## Version 2.0.1 - January 3, 2022
10
+
11
+ - Rails 7 compatibility fixes (thanks @francesco-loreti!)
12
+
13
+ ## Version 2.0.0 - January 3, 2022
14
+
15
+ - No changes from 2.0.0.alpha1. This version has been successfully tested by two developers in
16
+ production apps. (If you do run into issues, please report them in this Github project!)
17
+
18
+ ## Version 2.0.0.alpha1 - May 25, 2021
19
+
20
+ - Switch from RubyCAS-client, which is deprecated, to rack-cas
21
+ - Remove Devise.cas_client, Devise.cas_login_url, Devise.cas_logout_url, Devise.cas_validate_url, and cas_client_config_options as a result of this change
22
+ - Remove single sign out support (since rack-cas supports it natively)
2
23
 
3
24
  ## Version 1.10.4 - April 26, 2019
4
25
 
5
- * Fixes for single sign out on Redis session store using newer Redis gems (thanks @ledestin!)
26
+ - Fixes for single sign out on Redis session store using newer Redis gems (thanks @ledestin!)
6
27
 
7
28
  ## Version 1.10.3 - July 28, 2017
8
29
 
9
- * Rails 5.1 deprecation fix (thanks @jamgregory!)
30
+ - Rails 5.1 deprecation fix (thanks @jamgregory!)
10
31
 
11
32
  ## Version 1.10.2 - July 28, 2017
12
33
 
13
- * Correct an issue where the single sign-out logs would incorrectly state the session was found (thanks @hugohernani!)
14
- * Document how to change the SSO strategy (thanks again @hugohernani!)
34
+ - Correct an issue where the single sign-out logs would incorrectly state the session was found (thanks @hugohernani!)
35
+ - Document how to change the SSO strategy (thanks again @hugohernani!)
15
36
 
16
37
  ## Version 1.10.1 - July 17, 2017
17
38
 
18
- * Yet another Rails 5 compatibility fix with single sign-out (CacheStore's API for destroying sessions changed)
39
+ - Yet another Rails 5 compatibility fix with single sign-out (CacheStore's API for destroying sessions changed)
19
40
 
20
41
  ## Version 1.10.0 - February 6, 2017
21
42
 
22
- * Support Redis as a single sign-out store (thanks @tubsandcans!)
23
- * More Rails 5 compatibility fixes (thanks @debborafernandess and @drobny!)
43
+ - Support Redis as a single sign-out store (thanks @tubsandcans!)
44
+ - More Rails 5 compatibility fixes (thanks @debborafernandess and @drobny!)
24
45
 
25
46
  ## Version 1.9.2 - July 6, 2016
26
47
 
27
- * Fix middleware syntax for Rails 5 compatibility (thanks @drobny!)
48
+ - Fix middleware syntax for Rails 5 compatibility (thanks @drobny!)
28
49
 
29
50
  ## Version 1.9.1 - May 11, 2016
30
51
 
31
- * Remove Gemfile symlink from built gem; hopefully this will make installation easier on Windows
52
+ - Remove Gemfile symlink from built gem; hopefully this will make installation easier on Windows
32
53
 
33
54
  ## Version 1.9.0 - May 10, 2016
34
55
 
35
- * No longer requires net/telnet in order to work properly, so Ruby 2.3 can work out-of-the-box
56
+ - No longer requires net/telnet in order to work properly, so Ruby 2.3 can work out-of-the-box
36
57
 
37
58
  ## Version 1.8.0 - May 4, 2016
38
59
 
39
- * May the 4th be with you!
40
- * Prevent redirect loops when using memcached as a session store (thanks @fabioperrella!)
60
+ - May the 4th be with you!
61
+ - Prevent redirect loops when using memcached as a session store (thanks @fabioperrella!)
41
62
 
42
63
  ## Version 1.7.1 - February 2, 2016
43
64
 
44
- * Work around weird `#try` behavior on older Rails versions
65
+ - Work around weird `#try` behavior on older Rails versions
45
66
 
46
67
  ## Version 1.7.0 - December 18, 2015
47
68
 
48
- * Support RedisSessionStore (thanks @dandyn!)
49
- * Suppress warnings about `Devise.secret_key` not being set in production mode (thanks @joraff!)
69
+ - Support RedisSessionStore (thanks @dandyn!)
70
+ - Suppress warnings about `Devise.secret_key` not being set in production mode (thanks @joraff!)
50
71
 
51
72
  ## Version 1.6.1 - December 18, 2015
52
73
 
53
- * Allow single sign-out code to find the app's session store when NewRelic is in the middleware stack (thanks @brendancarney!)
74
+ - Allow single sign-out code to find the app's session store when NewRelic is in the middleware stack (thanks @brendancarney!)
54
75
 
55
76
  ## Version 1.6.0 - October 21, 2015
56
77
 
57
- * Add support for the Dalli session store (thanks @bonyiii!)
78
+ - Add support for the Dalli session store (thanks @bonyiii!)
58
79
 
59
80
  ## Version 1.5.0 - July 27, 2015
60
81
 
61
- * Generation of cas_action_url is now done by a customizable class, so you can use Rails routes to provide this (thanks to @eturino again!)
82
+ - Generation of cas_action_url is now done by a customizable class, so you can use Rails routes to provide this (thanks to @eturino again!)
62
83
 
63
84
  ## Version 1.4.1 - July 23, 2015
64
85
 
65
- * Internal refactor to avoid conflicting with common route names, specifically logout_url (thanks to @eturino!)
86
+ - Internal refactor to avoid conflicting with common route names, specifically logout_url (thanks to @eturino!)
66
87
 
67
88
  ## Version 1.4.0 - May 8, 2015
68
89
 
69
- * Allow changing the CAS response field used as the unique key for finding users (thanks once again to @gmoore!)
90
+ - Allow changing the CAS response field used as the unique key for finding users (thanks once again to @gmoore!)
70
91
 
71
92
  ## Version 1.3.8 - April 24, 2015
72
93
 
73
- * Remove a deprecated dependency (thanks to @gmoore)
74
- * Fix a wrong variable name that could break debug logging (thanks again to @gmoore)
94
+ - Remove a deprecated dependency (thanks to @gmoore)
95
+ - Fix a wrong variable name that could break debug logging (thanks again to @gmoore)
75
96
 
76
97
  ## Version 1.3.7 - July 17, 2014
77
98
 
78
- * Be less verbose in the log during single sign-out (thanks to @liudangyi)
99
+ - Be less verbose in the log during single sign-out (thanks to @liudangyi)
79
100
 
80
101
  ## Version 1.0.1 - July 6, 2014
81
102
 
82
- * Backport the 1.1.x series' logout_url features to the 1.0.x series for super-old apps
103
+ - Backport the 1.1.x series' logout_url features to the 1.0.x series for super-old apps
83
104
 
84
105
  ## Version 1.3.6 - February 5, 2014
85
106
 
86
- * Better single sign-out support for ActiveRecord session store users and README fixes (thanks to @fernandomantoan)
107
+ - Better single sign-out support for ActiveRecord session store users and README fixes (thanks to @fernandomantoan)
87
108
 
88
109
  ## Version 1.3.5 - January 30, 2014
89
110
 
90
- * Don't redirect to the (probably useless) Devise login page when the user is unauthorized - this is the CAS server's responsibility. (thanks to @kylejginavan)
111
+ - Don't redirect to the (probably useless) Devise login page when the user is unauthorized - this is the CAS server's responsibility. (thanks to @kylejginavan)
91
112
 
92
113
  ## Version 1.3.4 - January 10, 2014
93
114
 
94
- * Redirect to CAS logout URL when Warden receives the :inactive status, which should allow using active_for_authentication? (thanks to @bentoncreation)
115
+ - Redirect to CAS logout URL when Warden receives the :inactive status, which should allow using active_for_authentication? (thanks to @bentoncreation)
95
116
 
96
117
  ## Version 1.3.3 - December 13, 2013
97
118
 
98
- * Bug fix for single sign out when using Rack >= 1.5 (thanks to @activars)
119
+ - Bug fix for single sign out when using Rack >= 1.5 (thanks to @activars)
99
120
 
100
121
  ## Version 1.3.2 - August 16, 2013
101
122
 
102
- * Rails 4 deprecation warning fix (thanks to @reidmix)
123
+ - Rails 4 deprecation warning fix (thanks to @reidmix)
103
124
 
104
125
  ## Version 1.3.1 - July 29, 2013
105
126
 
106
- * Rails 4 compatibility fix (thanks to @McRipper)
127
+ - Rails 4 compatibility fix (thanks to @McRipper)
107
128
 
108
129
  ## Version 1.3.0 - May 12, 2013
109
130
 
110
- * Drop support for Rails 2.3, Devise 1.0 and 1.1
111
- * Custom failure class for optional redirecting to logout url upon timeout (thanks to @geoffroh and @kylejginavan)
131
+ - Drop support for Rails 2.3, Devise 1.0 and 1.1
132
+ - Custom failure class for optional redirecting to logout url upon timeout (thanks to @geoffroh and @kylejginavan)
112
133
 
113
134
  ## Version 1.2.1 - April 16, 2013
114
135
 
115
- * Bug fix: use Devise.sign_out_via to configure the HTTP verb sign_out will accept.
136
+ - Bug fix: use Devise.sign_out_via to configure the HTTP verb sign_out will accept.
116
137
 
117
138
  ## Version 1.2.0 - March 6, 2013
118
139
 
119
- * Rewrite of the single sign-out module to improve compatibility with newer Devise versions, other ORMs, and be less complex overall (thanks [Jeremy Haile](https://github.com/jeremyhaile) and [Endel Dreyer](https://github.com/endel)!)
140
+ - Rewrite of the single sign-out module to improve compatibility with newer Devise versions, other ORMs, and be less complex overall (thanks [Jeremy Haile](https://github.com/jeremyhaile) and [Endel Dreyer](https://github.com/endel)!)
120
141
 
121
142
  ## Version 1.1.4 - January 23, 2013
122
143
 
123
- * Bug fix: don't modify request.protocol when generating a logout_url (thanks [Tse-Ching Ho](https://github.com/tsechingho)!)
144
+ - Bug fix: don't modify request.protocol when generating a logout_url (thanks [Tse-Ching Ho](https://github.com/tsechingho)!)
124
145
 
125
146
  ## Version 1.1.3 - January 15, 2013
126
147
 
127
- * Rails 4 compatibility fixes (thanks [Aaron Patterson](https://github.com/tenderlove)!)
128
- * Support the service_url parameter in rubycas-client on logout (thanks [Kyle Ginavan](https://github.com/kylejginavan)!)
148
+ - Rails 4 compatibility fixes (thanks [Aaron Patterson](https://github.com/tenderlove)!)
149
+ - Support the service_url parameter in rubycas-client on logout (thanks [Kyle Ginavan](https://github.com/kylejginavan)!)
129
150
 
130
151
  ## Version 1.1.2 - May 23, 2012
131
152
 
132
- * Only do schema stuff if using Devise 2.0.x or below
153
+ - Only do schema stuff if using Devise 2.0.x or below
133
154
 
134
155
  ## Version 1.1.1 - April 2, 2012
135
156
 
136
- * Add cas_client_config_options so that users can add unsupported RubyCAS options such as encode_extra_attributes_as
157
+ - Add cas_client_config_options so that users can add unsupported RubyCAS options such as encode_extra_attributes_as
137
158
 
138
159
  ## Version 1.1.0 - March 5, 2012
139
160
 
140
- * Add configurable destination and follow URL support (thanks [Dyson Simmons](https://github.com/dyson)!)
141
- * Allow applications deployed at sub-URIs to work (thanks [Tod Detre](https://github.com/tod)!)
142
- * Only add trailing slash to base URI if it's not already present (thanks [joe81](https://github.com/joe81)!)
143
- * Some documentation updates.
161
+ - Add configurable destination and follow URL support (thanks [Dyson Simmons](https://github.com/dyson)!)
162
+ - Allow applications deployed at sub-URIs to work (thanks [Tod Detre](https://github.com/tod)!)
163
+ - Only add trailing slash to base URI if it's not already present (thanks [joe81](https://github.com/joe81)!)
164
+ - Some documentation updates.
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in devise_cas_authenticatable.gemspec
4
+ gemspec
5
+
6
+ gem 'devise', '~> 4.8.0'
7
+ gem 'rails', '~> 6.0.0'
8
+ gem 'sqlite3', '~> 1.4'
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- devise_cas_authenticatable [![Build Status](https://secure.travis-ci.org/nbudin/devise_cas_authenticatable.png)](http://travis-ci.org/nbudin/devise_cas_authenticatable)
1
+ devise_cas_authenticatable [![Ruby](https://github.com/nbudin/devise_cas_authenticatable/actions/workflows/ruby.yml/badge.svg)](https://github.com/nbudin/devise_cas_authenticatable/actions/workflows/ruby.yml) [![Gem Version](https://badge.fury.io/rb/devise_cas_authenticatable.svg)](https://badge.fury.io/rb/devise_cas_authenticatable)
2
2
  ==========================
3
3
 
4
4
  Written by Nat Budin<br/>
@@ -6,16 +6,31 @@ Taking a lot of inspiration from [devise_ldap_authenticatable](http://github.com
6
6
 
7
7
  devise_cas_authenticatable is [CAS](http://www.jasig.org/cas) single sign-on support for
8
8
  [Devise](http://github.com/plataformatec/devise) applications. It acts as a replacement for
9
- database_authenticatable. It builds on [rubycas-client](https://github.com/rubycas/rubycas-client)
9
+ database_authenticatable. It builds on [rack-cas](https://github.com/biola/rack-cas)
10
10
  and should support just about any conformant CAS server (although I have personally tested it
11
11
  using [rubycas-server](http://github.com/gunark/rubycas-server)).
12
12
 
13
13
  Requirements
14
14
  ------------
15
15
 
16
- - Rails 3.0 or greater (works with 4.x versions as well)
17
- - Devise 1.2 or greater
18
- - rubycas-client
16
+ - Rails 5.0 or greater
17
+ - Devise 4.0 or greater
18
+
19
+ devise_cas_authenticatable version 2 is a major rewrite
20
+ -------------------------------------------------------
21
+
22
+ devise_cas_authenticatable version 1 was based on
23
+ [rubycas-client](https://github.com/rubycas/rubycas-client). Now that rubycas-client is deprecated,
24
+ devise_cas_authenticatable version 2 is based on [rack-cas](https://github.com/biola/rack-cas).
25
+
26
+ In order to upgrade, you'll need to:
27
+
28
+ * Make sure you're on a supported version of Devise (4.0 or above) and a supported version of Rails
29
+ (5.0 or above)
30
+ * Add the rack-cas configuration to your application.rb (see below)
31
+ * Remove the cas_base_url, cas_login_url, cas_logout_url, cas_validate_url, and
32
+ cas_client_config_options from your devise.rb initializer, if present
33
+ * If using single sign out: [set up rack-cas's built-in single sign out support](https://github.com/biola/rack-cas#single-logout)
19
34
 
20
35
  Installation
21
36
  ------------
@@ -30,86 +45,71 @@ Setup
30
45
 
31
46
  Once devise\_cas\_authenticatable is installed, add the following to your user model:
32
47
 
33
- devise :cas_authenticatable
48
+ ```ruby
49
+ devise :cas_authenticatable
50
+ ```
34
51
 
35
52
  You can also add other modules such as token_authenticatable, trackable, etc. Please do not
36
53
  add database_authenticatable as this module is intended to replace it.
37
54
 
38
55
  You'll also need to set up the database schema for this:
39
56
 
40
- create_table :users do |t|
41
- t.string :username, :null => false
42
- end
57
+ ```ruby
58
+ create_table :users do |t|
59
+ t.string :username, :null => false
60
+ end
61
+ ```
43
62
 
44
63
  We also recommend putting a unique index on the `username` column:
45
64
 
46
- add_index :users, :username, :unique => true
65
+ ```ruby
66
+ add_index :users, :username, :unique => true
67
+ ```
47
68
 
48
69
  (Note: previously, devise\_cas\_authenticatable recommended using a `t.cas_authenticatable` method call to update the
49
70
  schema. Devise 2.0 has deprecated this type of schema building method, so we now recommend just adding the `username`
50
71
  string column as above. As of this writing, `t.cas_authenticatable` still works, but throws a deprecation warning in
51
72
  Devise 2.0.)
52
73
 
53
- Finally, you'll need to add some configuration to your config/initializers/devise.rb in order
54
- to tell your app how to talk to your CAS server:
55
-
56
- Devise.setup do |config|
57
- ...
58
- config.cas_base_url = "https://cas.myorganization.com"
59
-
60
- # you can override these if you need to, but cas_base_url is usually enough
61
- # config.cas_login_url = "https://cas.myorganization.com/login"
62
- # config.cas_logout_url = "https://cas.myorganization.com/logout"
63
- # config.cas_validate_url = "https://cas.myorganization.com/serviceValidate"
64
-
65
- # The CAS specification allows for the passing of a follow URL to be displayed when
66
- # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
67
- # URL via the destination param. Set either of these urls and specify either nil,
68
- # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
69
- # logout_url_param is set, a default will be detected for the service.
70
- # config.cas_destination_url = 'https://cas.myorganization.com'
71
- # config.cas_follow_url = 'https://cas.myorganization.com'
72
- # config.cas_logout_url_param = nil
73
-
74
- # You can specify the name of the destination argument with the following option.
75
- # e.g. the following option will change it from 'destination' to 'url'
76
- # config.cas_destination_logout_param_name = 'url'
77
-
78
- # By default, devise_cas_authenticatable will create users. If you would rather
79
- # require user records to already exist locally before they can authenticate via
80
- # CAS, uncomment the following line.
81
- # config.cas_create_user = false
82
-
83
- # You can enable Single Sign Out, which by default is disabled.
84
- # config.cas_enable_single_sign_out = true
85
-
86
- # If you don't want to use the username returned from your CAS server as the unique
87
- # identifier, but some other field passed in cas_extra_attributes, you can specify
88
- # the field name here.
89
- # config.cas_user_identifier = nil
90
-
91
- # If you want to use the Devise Timeoutable module with single sign out,
92
- # uncommenting this will redirect timeouts to the logout url, so that the CAS can
93
- # take care of signing out the other serviced applocations. Note that each
94
- # application manages timeouts independently, so one application timing out will
95
- # kill the session on all applications serviced by the CAS.
96
- # config.warden do |manager|
97
- # manager.failure_app = DeviseCasAuthenticatable::SingleSignOut::WardenFailureApp
98
- # end
99
-
100
- # You can also set another single sign out strategy so that you won't be attached to rails_cache.
101
- # Be aware that to do so you also need to set the session_store.
102
- # Example for setting redis_cache.
103
- # There are some gems the help with it. One of them is called redis-rails and it can easily be set like this:
104
- # Rails.application.config.session_store :redis_store, servers: ["redis://localhost:6379/0/session"]
105
- # This is specially useful when you need to share session id accross apps (i.e. in a distributed environment)
106
- # config.cas_single_sign_out_mapping_strategy = :redis_cache
107
-
108
- # If you need to specify some extra configs for rubycas-client, you can do this via:
109
- # config.cas_client_config_options = {
110
- # logger: Rails.logger
111
- # }
112
- end
74
+ You'll need to configure rack-cas so that it knows where your CAS server is. See the
75
+ [rack-cas README](https://github.com/biola/rack-cas) for full instructions, but here is the
76
+ bare minimum:
77
+
78
+ ```ruby
79
+ config.rack_cas.server_url = "https://cas.myorganization.com" # replace with your server URL
80
+ config.rack_cas.service = "/users/service" # If your user model isn't called User, change this
81
+ ```
82
+
83
+ Finally, you may need to add some configuration to your config/initializers/devise.rb in order
84
+ to tell your app how to talk to your CAS server. This isn't always required. Here's an example:
85
+
86
+ ```ruby
87
+ Devise.setup do |config|
88
+ ...
89
+ # The CAS specification allows for the passing of a follow URL to be displayed when
90
+ # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
91
+ # URL via the destination param. Set either of these urls and specify either nil,
92
+ # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
93
+ # logout_url_param is set, a default will be detected for the service.
94
+ # config.cas_destination_url = 'https://cas.myorganization.com'
95
+ # config.cas_follow_url = 'https://cas.myorganization.com'
96
+ # config.cas_logout_url_param = nil
97
+
98
+ # You can specify the name of the destination argument with the following option.
99
+ # e.g. the following option will change it from 'destination' to 'url'
100
+ # config.cas_destination_logout_param_name = 'url'
101
+
102
+ # By default, devise_cas_authenticatable will create users. If you would rather
103
+ # require user records to already exist locally before they can authenticate via
104
+ # CAS, uncomment the following line.
105
+ # config.cas_create_user = false
106
+
107
+ # If you don't want to use the username returned from your CAS server as the unique
108
+ # identifier, but some other field passed in cas_extra_attributes, you can specify
109
+ # the field name here.
110
+ # config.cas_user_identifier = nil
111
+ end
112
+ ```
113
113
 
114
114
  Extra attributes
115
115
  ----------------
@@ -118,35 +118,31 @@ If your CAS server passes along extra attributes you'd like to save in your user
118
118
  using the CAS extra_attributes parameter, you can define a method in your user model called
119
119
  cas_extra_attributes= to accept these. For example:
120
120
 
121
- class User < ActiveRecord::Base
122
- devise :cas_authenticatable
123
-
124
- def cas_extra_attributes=(extra_attributes)
125
- extra_attributes.each do |name, value|
126
- case name.to_sym
127
- when :fullname
128
- self.fullname = value
129
- when :email
130
- self.email = value
131
- end
132
- end
121
+ ```ruby
122
+ class User < ActiveRecord::Base
123
+ devise :cas_authenticatable
124
+
125
+ def cas_extra_attributes=(extra_attributes)
126
+ extra_attributes.each do |name, value|
127
+ case name.to_sym
128
+ when :fullname
129
+ self.fullname = value
130
+ when :email
131
+ self.email = value
133
132
  end
134
133
  end
134
+ end
135
+ end
136
+ ```
135
137
 
136
138
  See also
137
139
  --------
138
140
 
139
141
  * [CAS](http://www.jasig.org/cas)
140
- * [rubycas-server](http://github.com/gunark/rubycas-server)
141
- * [rubycas-client](http://github.com/gunark/rubycas-client)
142
+ * [rack-cas](https://github.com/biola/rack-cas)
142
143
  * [Devise](http://github.com/plataformatec/devise)
143
144
  * [Warden](http://github.com/hassox/warden)
144
145
 
145
- TODO
146
- ----
147
-
148
- * Test on non-ActiveRecord ORMs
149
-
150
146
  License
151
147
  -------
152
148
 
@@ -1,97 +1,50 @@
1
1
  class Devise::CasSessionsController < Devise::SessionsController
2
- include DeviseCasAuthenticatable::SingleSignOut::DestroySession
3
-
4
- if Rails::VERSION::MAJOR < 4
5
- unloadable # Rails 5 no longer requires this
6
- skip_before_filter :verify_authenticity_token, :only => [:single_sign_out], :raise => false
7
- else
8
- skip_before_action :verify_authenticity_token, :only => [:single_sign_out], :raise => false
9
- end
10
-
11
2
  def new
12
- if memcache_checker.session_store_memcache? && !memcache_checker.alive?
13
- raise "memcache is down, can't get session data from it"
14
- end
15
-
16
- redirect_to(cas_login_url)
3
+ # TODO: Figure out if there's a less hacky way to do this
4
+ RackCAS.config.service = cas_service_url
5
+ head 401
17
6
  end
18
7
 
19
8
  def service
20
- redirect_to after_sign_in_path_for(warden.authenticate!(:scope => resource_name))
9
+ redirect_to after_sign_in_path_for(warden.authenticate!(:scope => resource_name)), allow_other_host: true
21
10
  end
22
11
 
23
- def unregistered
24
- end
12
+ def unregistered; end
25
13
 
26
14
  def destroy
27
15
  # if :cas_create_user is false a CAS session might be open but not signed_in
28
16
  # in such case we destroy the session here
29
17
  if signed_in?(resource_name)
30
18
  sign_out(resource_name)
19
+ session.delete('cas')
31
20
  else
32
21
  reset_session
33
22
  end
34
23
 
35
- redirect_to(cas_logout_url)
36
- end
37
-
38
- def single_sign_out
39
- if ::Devise.cas_enable_single_sign_out
40
- session_index = read_session_index
41
- if session_index
42
- logger.debug "Intercepted single-sign-out request for CAS session #{session_index}."
43
- session_id = ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.find_session_id_by_index(session_index)
44
- if session_id
45
- logger.debug "Found Session ID #{session_id} with index key #{session_index}"
46
- destroy_cas_session(session_index, session_id)
47
- end
48
- else
49
- logger.warn "Ignoring CAS single-sign-out request as no session index could be parsed from the parameters."
50
- end
51
- else
52
- logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
53
- end
54
-
55
- head :ok
24
+ redirect_to(cas_logout_url, allow_other_host: true)
56
25
  end
57
26
 
58
27
  private
59
28
 
60
- def read_session_index
61
- if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
62
- false
63
- elsif request.post? && params['logoutRequest'] =~
64
- %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
65
- $~[1]
66
- else
67
- false
68
- end
69
- end
70
-
71
- def destroy_cas_session(session_index, session_id)
72
- if destroy_session_by_id(session_id)
73
- logger.debug "Destroyed session #{session_id} corresponding to service ticket #{session_index}."
74
- end
75
- ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(session_index)
76
- end
77
-
78
29
  def cas_login_url
79
- ::Devise.cas_client.add_service_to_login_url(::Devise.cas_service_url(request.url, devise_mapping))
30
+ RackCAS::Server.new(RackCAS.config.server_url).login_url(cas_service_url).to_s
80
31
  end
81
32
  helper_method :cas_login_url
82
33
 
83
34
  def request_url
84
35
  return @request_url if @request_url
36
+
85
37
  @request_url = request.protocol.dup
86
38
  @request_url << request.host
87
- @request_url << ":#{request.port.to_s}" unless request.port == 80
39
+ @request_url << ":#{request.port}" unless request.port == 80
88
40
  @request_url
89
41
  end
90
42
 
91
43
  def cas_destination_url
92
44
  return unless ::Devise.cas_logout_url_param == 'destination'
45
+
93
46
  if !::Devise.cas_destination_url.blank?
94
- url = Devise.cas_destination_url
47
+ Devise.cas_destination_url
95
48
  else
96
49
  url = request_url.dup
97
50
  url << after_sign_out_path_for(resource_name)
@@ -100,8 +53,9 @@ class Devise::CasSessionsController < Devise::SessionsController
100
53
 
101
54
  def cas_follow_url
102
55
  return unless ::Devise.cas_logout_url_param == 'follow'
56
+
103
57
  if !::Devise.cas_follow_url.blank?
104
- url = Devise.cas_follow_url
58
+ Devise.cas_follow_url
105
59
  else
106
60
  url = request_url.dup
107
61
  url << after_sign_out_path_for(resource_name)
@@ -113,15 +67,17 @@ class Devise::CasSessionsController < Devise::SessionsController
113
67
  end
114
68
 
115
69
  def cas_logout_url
116
- begin
117
- ::Devise.cas_client.logout_url(cas_destination_url, cas_follow_url, cas_service_url)
118
- rescue ArgumentError
119
- # Older rubycas-clients don't accept a service_url
120
- ::Devise.cas_client.logout_url(cas_destination_url, cas_follow_url)
70
+ server = RackCAS::Server.new(RackCAS.config.server_url)
71
+ destination_url = cas_destination_url
72
+ follow_url = cas_follow_url
73
+ service_url = cas_service_url
74
+
75
+ if destination_url
76
+ server.logout_url(destination: destination_url, gateway: 'true').to_s
77
+ elsif follow_url
78
+ server.logout_url(url: follow_url, service: service_url).to_s
79
+ else
80
+ server.logout_url(service: service_url).to_s
121
81
  end
122
82
  end
123
-
124
- def memcache_checker
125
- @memcache_checker ||= DeviseCasAuthenticatable::MemcacheChecker.new(Rails.configuration)
126
- end
127
83
  end
@@ -1,3 +1,3 @@
1
- <p>The user <%=h params[:username] %> is not registered with this site.
2
- Please <%= link_to "sign in using a different account",
3
- Devise.cas_client.logout_url(send("new_#{resource_name}_session_url")) %>.</p>
1
+ <p>The user <%=h params[:username] %> is not registered with this site.
2
+ Please <%= link_to "sign in using a different account",
3
+ RackCAS::Server.new(RackCAS.config.server_url).logout_url(destination: send("new_#{resource_name}_session_url")).to_s %>.</p>