devise_cas_authenticatable 1.10.4 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e52720581da9cbfecdabb24df82f099b140b5c282885dd0aa3a1fbef559fcb1
-  data.tar.gz: bb55162fe23ae48432b59140811fadd15e24918f0aa2647bcbd51d2094a210e2
+  metadata.gz: 836c11beb6cfff139820be64809f25577cb2e835ff84f5a054bd6c0fc03d42fd
+  data.tar.gz: b642bbf0b62997007166096932e93ba276441d0aad2596f167e9ac7c2a7c1a5a
 SHA512:
-  metadata.gz: 8d3c2e442a37315c935dd021b5f05a6e38a8e3112b2b8f7e8d0e11c31db3622ae10785d377ec9942e43c4d12b8a94b7faea9e863759a53dc5543fb4d4e7e6584
-  data.tar.gz: 84dd388a716bc5f31f3f0fd263b550a85a39ba183e46b67492923871981b30c1ab77a96e326f9592383d416e6b4195a44e9cdd65819797ca6c37407cd487ded1
+  metadata.gz: f3502487105bb999d005e222080d1a16f2c8aee7192983c553f8dc1caec013a98782756f2ed111b45fb83d5200b0a4355d275e3ff86eff612e2ca4738bf73ec6
+  data.tar.gz: 05e4f421170c6bcce7f203964498764c9350a2c712e6ab40882337f02a730aabc7db81f72f5f776fd85db6dbcc1d14f276589e645c13c628c9cb09506f3bfd79

data/.github/workflows/ruby.yml

@@ -0,0 +1,32 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake spec

data/.gitignore

@@ -7,4 +7,3 @@ spec/scenario/tmp/*
 log/*
 db/*
 Gemfile.*lock
-Gemfile

data/CHANGELOG.md

@@ -1,143 +1,164 @@
-# Changelog for devise\_cas\_authenticatable
+# Changelog for devise_cas_authenticatable
+
+## Version 2.0.2 - Febuary 8, 2022
+
+- Remove the mistakenly-left-in single sign out config options. (If you try to set them, devise_cas_authenticatable
+  will now give a warning and do nothing.)
+- Remove the mistakenly-left-in single sign out handling code in the Warden strategy (fixes #160)
+
+## Version 2.0.1 - January 3, 2022
+
+- Rails 7 compatibility fixes (thanks @francesco-loreti!)
+
+## Version 2.0.0 - January 3, 2022
+
+- No changes from 2.0.0.alpha1. This version has been successfully tested by two developers in
+  production apps. (If you do run into issues, please report them in this Github project!)
+
+## Version 2.0.0.alpha1 - May 25, 2021
+
+- Switch from RubyCAS-client, which is deprecated, to rack-cas
+- Remove Devise.cas_client, Devise.cas_login_url, Devise.cas_logout_url, Devise.cas_validate_url, and cas_client_config_options as a result of this change
+- Remove single sign out support (since rack-cas supports it natively)
 
 ## Version 1.10.4 - April 26, 2019
 
-* Fixes for single sign out on Redis session store using newer Redis gems (thanks @ledestin!)
+- Fixes for single sign out on Redis session store using newer Redis gems (thanks @ledestin!)
 
 ## Version 1.10.3 - July 28, 2017
 
-* Rails 5.1 deprecation fix (thanks @jamgregory!)
+- Rails 5.1 deprecation fix (thanks @jamgregory!)
 
 ## Version 1.10.2 - July 28, 2017
 
-* Correct an issue where the single sign-out logs would incorrectly state the session was found (thanks @hugohernani!)
-* Document how to change the SSO strategy (thanks again @hugohernani!)
+- Correct an issue where the single sign-out logs would incorrectly state the session was found (thanks @hugohernani!)
+- Document how to change the SSO strategy (thanks again @hugohernani!)
 
 ## Version 1.10.1 - July 17, 2017
 
-* Yet another Rails 5 compatibility fix with single sign-out (CacheStore's API for destroying sessions changed)
+- Yet another Rails 5 compatibility fix with single sign-out (CacheStore's API for destroying sessions changed)
 
 ## Version 1.10.0 - February 6, 2017
 
-* Support Redis as a single sign-out store (thanks @tubsandcans!)
-* More Rails 5 compatibility fixes (thanks @debborafernandess and @drobny!)
+- Support Redis as a single sign-out store (thanks @tubsandcans!)
+- More Rails 5 compatibility fixes (thanks @debborafernandess and @drobny!)
 
 ## Version 1.9.2 - July 6, 2016
 
-* Fix middleware syntax for Rails 5 compatibility (thanks @drobny!)
+- Fix middleware syntax for Rails 5 compatibility (thanks @drobny!)
 
 ## Version 1.9.1 - May 11, 2016
 
-* Remove Gemfile symlink from built gem; hopefully this will make installation easier on Windows
+- Remove Gemfile symlink from built gem; hopefully this will make installation easier on Windows
 
 ## Version 1.9.0 - May 10, 2016
 
-* No longer requires net/telnet in order to work properly, so Ruby 2.3 can work out-of-the-box
+- No longer requires net/telnet in order to work properly, so Ruby 2.3 can work out-of-the-box
 
 ## Version 1.8.0 - May 4, 2016
 
-* May the 4th be with you!
-* Prevent redirect loops when using memcached as a session store (thanks @fabioperrella!)
+- May the 4th be with you!
+- Prevent redirect loops when using memcached as a session store (thanks @fabioperrella!)
 
 ## Version 1.7.1 - February 2, 2016
 
-* Work around weird `#try` behavior on older Rails versions
+- Work around weird `#try` behavior on older Rails versions
 
 ## Version 1.7.0 - December 18, 2015
 
-* Support RedisSessionStore (thanks @dandyn!)
-* Suppress warnings about `Devise.secret_key` not being set in production mode (thanks @joraff!)
+- Support RedisSessionStore (thanks @dandyn!)
+- Suppress warnings about `Devise.secret_key` not being set in production mode (thanks @joraff!)
 
 ## Version 1.6.1 - December 18, 2015
 
-* Allow single sign-out code to find the app's session store when NewRelic is in the middleware stack (thanks @brendancarney!)
+- Allow single sign-out code to find the app's session store when NewRelic is in the middleware stack (thanks @brendancarney!)
 
 ## Version 1.6.0 - October 21, 2015
 
-* Add support for the Dalli session store (thanks @bonyiii!)
+- Add support for the Dalli session store (thanks @bonyiii!)
 
 ## Version 1.5.0 - July 27, 2015
 
-* Generation of cas_action_url is now done by a customizable class, so you can use Rails routes to provide this (thanks to @eturino again!)
+- Generation of cas_action_url is now done by a customizable class, so you can use Rails routes to provide this (thanks to @eturino again!)
 
 ## Version 1.4.1 - July 23, 2015
 
-* Internal refactor to avoid conflicting with common route names, specifically logout_url (thanks to @eturino!)
+- Internal refactor to avoid conflicting with common route names, specifically logout_url (thanks to @eturino!)
 
 ## Version 1.4.0 - May 8, 2015
 
-* Allow changing the CAS response field used as the unique key for finding users (thanks once again to @gmoore!)
+- Allow changing the CAS response field used as the unique key for finding users (thanks once again to @gmoore!)
 
 ## Version 1.3.8 - April 24, 2015
 
-* Remove a deprecated dependency (thanks to @gmoore)
-* Fix a wrong variable name that could break debug logging (thanks again to @gmoore)
+- Remove a deprecated dependency (thanks to @gmoore)
+- Fix a wrong variable name that could break debug logging (thanks again to @gmoore)
 
 ## Version 1.3.7 - July 17, 2014
 
-* Be less verbose in the log during single sign-out (thanks to @liudangyi)
+- Be less verbose in the log during single sign-out (thanks to @liudangyi)
 
 ## Version 1.0.1 - July 6, 2014
 
-* Backport the 1.1.x series' logout_url features to the 1.0.x series for super-old apps
+- Backport the 1.1.x series' logout_url features to the 1.0.x series for super-old apps
 
 ## Version 1.3.6 - February 5, 2014
 
-* Better single sign-out support for ActiveRecord session store users and README fixes (thanks to @fernandomantoan)
+- Better single sign-out support for ActiveRecord session store users and README fixes (thanks to @fernandomantoan)
 
 ## Version 1.3.5 - January 30, 2014
 
-* Don't redirect to the (probably useless) Devise login page when the user is unauthorized - this is the CAS server's responsibility. (thanks to @kylejginavan)
+- Don't redirect to the (probably useless) Devise login page when the user is unauthorized - this is the CAS server's responsibility. (thanks to @kylejginavan)
 
 ## Version 1.3.4 - January 10, 2014
 
-* Redirect to CAS logout URL when Warden receives the :inactive status, which should allow using active_for_authentication? (thanks to @bentoncreation)
+- Redirect to CAS logout URL when Warden receives the :inactive status, which should allow using active_for_authentication? (thanks to @bentoncreation)
 
 ## Version 1.3.3 - December 13, 2013
 
-* Bug fix for single sign out when using Rack >= 1.5 (thanks to @activars)
+- Bug fix for single sign out when using Rack >= 1.5 (thanks to @activars)
 
 ## Version 1.3.2 - August 16, 2013
 
-* Rails 4 deprecation warning fix (thanks to @reidmix)
+- Rails 4 deprecation warning fix (thanks to @reidmix)
 
 ## Version 1.3.1 - July 29, 2013
 
-* Rails 4 compatibility fix (thanks to @McRipper)
+- Rails 4 compatibility fix (thanks to @McRipper)
 
 ## Version 1.3.0 - May 12, 2013
 
-* Drop support for Rails 2.3, Devise 1.0 and 1.1
-* Custom failure class for optional redirecting to logout url upon timeout (thanks to @geoffroh and @kylejginavan)
+- Drop support for Rails 2.3, Devise 1.0 and 1.1
+- Custom failure class for optional redirecting to logout url upon timeout (thanks to @geoffroh and @kylejginavan)
 
 ## Version 1.2.1 - April 16, 2013
 
-* Bug fix: use Devise.sign_out_via to configure the HTTP verb sign_out will accept.
+- Bug fix: use Devise.sign_out_via to configure the HTTP verb sign_out will accept.
 
 ## Version 1.2.0 - March 6, 2013
 
-* Rewrite of the single sign-out module to improve compatibility with newer Devise versions, other ORMs, and be less complex overall (thanks [Jeremy Haile](https://github.com/jeremyhaile) and [Endel Dreyer](https://github.com/endel)!)
+- Rewrite of the single sign-out module to improve compatibility with newer Devise versions, other ORMs, and be less complex overall (thanks [Jeremy Haile](https://github.com/jeremyhaile) and [Endel Dreyer](https://github.com/endel)!)
 
 ## Version 1.1.4 - January 23, 2013
 
-* Bug fix: don't modify request.protocol when generating a logout_url (thanks [Tse-Ching Ho](https://github.com/tsechingho)!)
+- Bug fix: don't modify request.protocol when generating a logout_url (thanks [Tse-Ching Ho](https://github.com/tsechingho)!)
 
 ## Version 1.1.3 - January 15, 2013
 
-* Rails 4 compatibility fixes (thanks [Aaron Patterson](https://github.com/tenderlove)!)
-* Support the service_url parameter in rubycas-client on logout (thanks [Kyle Ginavan](https://github.com/kylejginavan)!)
+- Rails 4 compatibility fixes (thanks [Aaron Patterson](https://github.com/tenderlove)!)
+- Support the service_url parameter in rubycas-client on logout (thanks [Kyle Ginavan](https://github.com/kylejginavan)!)
 
 ## Version 1.1.2 - May 23, 2012
 
-* Only do schema stuff if using Devise 2.0.x or below
+- Only do schema stuff if using Devise 2.0.x or below
 
 ## Version 1.1.1 - April 2, 2012
 
-* Add cas_client_config_options so that users can add unsupported RubyCAS options such as encode_extra_attributes_as
+- Add cas_client_config_options so that users can add unsupported RubyCAS options such as encode_extra_attributes_as
 
 ## Version 1.1.0 - March 5, 2012
 
-* Add configurable destination and follow URL support (thanks [Dyson Simmons](https://github.com/dyson)!)
-* Allow applications deployed at sub-URIs to work (thanks [Tod Detre](https://github.com/tod)!)
-* Only add trailing slash to base URI if it's not already present (thanks [joe81](https://github.com/joe81)!)
-* Some documentation updates.
+- Add configurable destination and follow URL support (thanks [Dyson Simmons](https://github.com/dyson)!)
+- Allow applications deployed at sub-URIs to work (thanks [Tod Detre](https://github.com/tod)!)
+- Only add trailing slash to base URI if it's not already present (thanks [joe81](https://github.com/joe81)!)
+- Some documentation updates.

data/Gemfile

@@ -0,0 +1,8 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in devise_cas_authenticatable.gemspec
+gemspec
+
+gem 'devise', '~> 4.8.0'
+gem 'rails', '~> 6.0.0'
+gem 'sqlite3', '~> 1.4'

data/README.md

@@ -1,4 +1,4 @@
-devise_cas_authenticatable [![Build Status](https://secure.travis-ci.org/nbudin/devise_cas_authenticatable.png)](http://travis-ci.org/nbudin/devise_cas_authenticatable)
+devise_cas_authenticatable [![Ruby](https://github.com/nbudin/devise_cas_authenticatable/actions/workflows/ruby.yml/badge.svg)](https://github.com/nbudin/devise_cas_authenticatable/actions/workflows/ruby.yml) [![Gem Version](https://badge.fury.io/rb/devise_cas_authenticatable.svg)](https://badge.fury.io/rb/devise_cas_authenticatable)
 ==========================
 
 Written by Nat Budin<br/>
@@ -6,16 +6,31 @@ Taking a lot of inspiration from [devise_ldap_authenticatable](http://github.com
 
 devise_cas_authenticatable is [CAS](http://www.jasig.org/cas) single sign-on support for
 [Devise](http://github.com/plataformatec/devise) applications.  It acts as a replacement for
-database_authenticatable.  It builds on [rubycas-client](https://github.com/rubycas/rubycas-client)
+database_authenticatable.  It builds on [rack-cas](https://github.com/biola/rack-cas)
 and should support just about any conformant CAS server (although I have personally tested it
 using [rubycas-server](http://github.com/gunark/rubycas-server)).
 
 Requirements
 ------------
 
-- Rails 3.0 or greater (works with 4.x versions as well)
-- Devise 1.2 or greater
-- rubycas-client
+- Rails 5.0 or greater
+- Devise 4.0 or greater
+
+devise_cas_authenticatable version 2 is a major rewrite
+-------------------------------------------------------
+
+devise_cas_authenticatable version 1 was based on
+[rubycas-client](https://github.com/rubycas/rubycas-client).  Now that rubycas-client is deprecated,
+devise_cas_authenticatable version 2 is based on [rack-cas](https://github.com/biola/rack-cas).
+
+In order to upgrade, you'll need to:
+
+* Make sure you're on a supported version of Devise (4.0 or above) and a supported version of Rails
+  (5.0 or above)
+* Add the rack-cas configuration to your application.rb (see below)
+* Remove the cas_base_url, cas_login_url, cas_logout_url, cas_validate_url, and
+  cas_client_config_options from your devise.rb initializer, if present
+* If using single sign out: [set up rack-cas's built-in single sign out support](https://github.com/biola/rack-cas#single-logout)
 
 Installation
 ------------
@@ -30,86 +45,71 @@ Setup
 
 Once devise\_cas\_authenticatable is installed, add the following to your user model:
 
-    devise :cas_authenticatable
+```ruby
+devise :cas_authenticatable
+```
 
 You can also add other modules such as token_authenticatable, trackable, etc.  Please do not
 add database_authenticatable as this module is intended to replace it.
 
 You'll also need to set up the database schema for this:
 
-    create_table :users do |t|
-      t.string :username, :null => false
-    end
+```ruby
+create_table :users do |t|
+  t.string :username, :null => false
+end
+```
 
 We also recommend putting a unique index on the `username` column:
 
-    add_index :users, :username, :unique => true
+```ruby
+add_index :users, :username, :unique => true
+```
 
 (Note: previously, devise\_cas\_authenticatable recommended using a `t.cas_authenticatable` method call to update the
 schema.  Devise 2.0 has deprecated this type of schema building method, so we now recommend just adding the `username`
 string column as above.  As of this writing, `t.cas_authenticatable` still works, but throws a deprecation warning in
 Devise 2.0.)
 
-Finally, you'll need to add some configuration to your config/initializers/devise.rb in order
-to tell your app how to talk to your CAS server:
-
-    Devise.setup do |config|
-      ...
-      config.cas_base_url = "https://cas.myorganization.com"
-
-      # you can override these if you need to, but cas_base_url is usually enough
-      # config.cas_login_url = "https://cas.myorganization.com/login"
-      # config.cas_logout_url = "https://cas.myorganization.com/logout"
-      # config.cas_validate_url = "https://cas.myorganization.com/serviceValidate"
-
-      # The CAS specification allows for the passing of a follow URL to be displayed when
-      # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
-      # URL via the destination param. Set either of these urls and specify either nil,
-      # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
-      # logout_url_param is set, a default will be detected for the service.
-      # config.cas_destination_url = 'https://cas.myorganization.com'
-      # config.cas_follow_url = 'https://cas.myorganization.com'
-      # config.cas_logout_url_param = nil
-
-      # You can specify the name of the destination argument with the following option.
-      # e.g. the following option will change it from 'destination' to 'url'
-      # config.cas_destination_logout_param_name = 'url'
-      
-      # By default, devise_cas_authenticatable will create users.  If you would rather
-      # require user records to already exist locally before they can authenticate via
-      # CAS, uncomment the following line.
-      # config.cas_create_user = false
-
-      # You can enable Single Sign Out, which by default is disabled.
-      # config.cas_enable_single_sign_out = true
-      
-      # If you don't want to use the username returned from your CAS server as the unique
-      # identifier, but some other field passed in cas_extra_attributes, you can specify
-      # the field name here.
-      # config.cas_user_identifier = nil
-
-      # If you want to use the Devise Timeoutable module with single sign out,
-      # uncommenting this will redirect timeouts to the logout url, so that the CAS can
-      # take care of signing out the other serviced applocations. Note that each
-      # application manages timeouts independently, so one application timing out will
-      # kill the session on all applications serviced by the CAS.
-      # config.warden do |manager|
-      #   manager.failure_app = DeviseCasAuthenticatable::SingleSignOut::WardenFailureApp
-      # end
-      
-      # You can also set another single sign out strategy so that you won't be attached to rails_cache.
-      # Be aware that to do so you also need to set the session_store.
-      # Example for setting redis_cache.
-      # There are some gems the help with it. One of them is called redis-rails and it can easily be set like this:
-      # Rails.application.config.session_store :redis_store, servers: ["redis://localhost:6379/0/session"]
-      # This is specially useful when you need to share session id accross apps (i.e. in a distributed environment)
-      # config.cas_single_sign_out_mapping_strategy = :redis_cache
-
-      # If you need to specify some extra configs for rubycas-client, you can do this via:
-      # config.cas_client_config_options = {
-      #     logger: Rails.logger
-      # }
-    end
+You'll need to configure rack-cas so that it knows where your CAS server is.  See the
+[rack-cas README](https://github.com/biola/rack-cas) for full instructions, but here is the
+bare minimum:
+
+```ruby
+config.rack_cas.server_url = "https://cas.myorganization.com" # replace with your server URL
+config.rack_cas.service = "/users/service" # If your user model isn't called User, change this
+```
+
+Finally, you may need to add some configuration to your config/initializers/devise.rb in order
+to tell your app how to talk to your CAS server.  This isn't always required.  Here's an example:
+
+```ruby
+Devise.setup do |config|
+  ...
+  # The CAS specification allows for the passing of a follow URL to be displayed when
+  # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
+  # URL via the destination param. Set either of these urls and specify either nil,
+  # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
+  # logout_url_param is set, a default will be detected for the service.
+  # config.cas_destination_url = 'https://cas.myorganization.com'
+  # config.cas_follow_url = 'https://cas.myorganization.com'
+  # config.cas_logout_url_param = nil
+
+  # You can specify the name of the destination argument with the following option.
+  # e.g. the following option will change it from 'destination' to 'url'
+  # config.cas_destination_logout_param_name = 'url'
+
+  # By default, devise_cas_authenticatable will create users.  If you would rather
+  # require user records to already exist locally before they can authenticate via
+  # CAS, uncomment the following line.
+  # config.cas_create_user = false
+
+  # If you don't want to use the username returned from your CAS server as the unique
+  # identifier, but some other field passed in cas_extra_attributes, you can specify
+  # the field name here.
+  # config.cas_user_identifier = nil
+end
+```
 
 Extra attributes
 ----------------
@@ -118,35 +118,31 @@ If your CAS server passes along extra attributes you'd like to save in your user
 using the CAS extra_attributes parameter, you can define a method in your user model called
 cas_extra_attributes= to accept these.  For example:
 
-    class User < ActiveRecord::Base
-      devise :cas_authenticatable
-
-      def cas_extra_attributes=(extra_attributes)
-        extra_attributes.each do |name, value|
-          case name.to_sym
-          when :fullname
-            self.fullname = value
-          when :email
-            self.email = value
-          end
-        end
+```ruby
+class User < ActiveRecord::Base
+  devise :cas_authenticatable
+
+  def cas_extra_attributes=(extra_attributes)
+    extra_attributes.each do |name, value|
+      case name.to_sym
+      when :fullname
+        self.fullname = value
+      when :email
+        self.email = value
       end
     end
+  end
+end
+```
 
 See also
 --------
 
 * [CAS](http://www.jasig.org/cas)
-* [rubycas-server](http://github.com/gunark/rubycas-server)
-* [rubycas-client](http://github.com/gunark/rubycas-client)
+* [rack-cas](https://github.com/biola/rack-cas)
 * [Devise](http://github.com/plataformatec/devise)
 * [Warden](http://github.com/hassox/warden)
 
-TODO
-----
-
-* Test on non-ActiveRecord ORMs
-
 License
 -------
 

data/app/controllers/devise/cas_sessions_controller.rb

@@ -1,97 +1,50 @@
 class Devise::CasSessionsController < Devise::SessionsController
-  include DeviseCasAuthenticatable::SingleSignOut::DestroySession
-
-  if Rails::VERSION::MAJOR < 4
-    unloadable # Rails 5 no longer requires this
-    skip_before_filter :verify_authenticity_token, :only => [:single_sign_out], :raise => false
-  else
-    skip_before_action :verify_authenticity_token, :only => [:single_sign_out], :raise => false
-  end
-
   def new
-    if memcache_checker.session_store_memcache? && !memcache_checker.alive?
-      raise "memcache is down, can't get session data from it"
-    end
-
-    redirect_to(cas_login_url)
+    # TODO: Figure out if there's a less hacky way to do this
+    RackCAS.config.service = cas_service_url
+    head 401
   end
 
   def service
-    redirect_to after_sign_in_path_for(warden.authenticate!(:scope => resource_name))
+    redirect_to after_sign_in_path_for(warden.authenticate!(:scope => resource_name)), allow_other_host: true
   end
 
-  def unregistered
-  end
+  def unregistered; end
 
   def destroy
     # if :cas_create_user is false a CAS session might be open but not signed_in
     # in such case we destroy the session here
     if signed_in?(resource_name)
       sign_out(resource_name)
+      session.delete('cas')
     else
       reset_session
     end
 
-    redirect_to(cas_logout_url)
-  end
-
-  def single_sign_out
-    if ::Devise.cas_enable_single_sign_out
-      session_index = read_session_index
-      if session_index
-        logger.debug "Intercepted single-sign-out request for CAS session #{session_index}."
-        session_id = ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.find_session_id_by_index(session_index)
-        if session_id
-          logger.debug "Found Session ID #{session_id} with index key #{session_index}"
-          destroy_cas_session(session_index, session_id)
-        end
-      else
-        logger.warn "Ignoring CAS single-sign-out request as no session index could be parsed from the parameters."
-      end
-    else
-      logger.warn "Ignoring CAS single-sign-out request as feature is not currently enabled."
-    end
-
-    head :ok
+    redirect_to(cas_logout_url, allow_other_host: true)
   end
 
   private
 
-  def read_session_index
-    if request.headers['CONTENT_TYPE'] =~ %r{^multipart/}
-      false
-    elsif request.post? && params['logoutRequest'] =~
-        %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
-      $~[1]
-    else
-      false
-    end
-  end
-
-  def destroy_cas_session(session_index, session_id)
-    if destroy_session_by_id(session_id)
-      logger.debug "Destroyed session #{session_id} corresponding to service ticket #{session_index}."
-    end
-    ::DeviseCasAuthenticatable::SingleSignOut::Strategies.current_strategy.delete_session_index(session_index)
-  end
-
   def cas_login_url
-    ::Devise.cas_client.add_service_to_login_url(::Devise.cas_service_url(request.url, devise_mapping))
+    RackCAS::Server.new(RackCAS.config.server_url).login_url(cas_service_url).to_s
   end
   helper_method :cas_login_url
 
   def request_url
     return @request_url if @request_url
+
     @request_url = request.protocol.dup
     @request_url << request.host
-    @request_url << ":#{request.port.to_s}" unless request.port == 80
+    @request_url << ":#{request.port}" unless request.port == 80
     @request_url
   end
 
   def cas_destination_url
     return unless ::Devise.cas_logout_url_param == 'destination'
+
     if !::Devise.cas_destination_url.blank?
-      url = Devise.cas_destination_url
+      Devise.cas_destination_url
     else
       url = request_url.dup
       url << after_sign_out_path_for(resource_name)
@@ -100,8 +53,9 @@ class Devise::CasSessionsController < Devise::SessionsController
 
   def cas_follow_url
     return unless ::Devise.cas_logout_url_param == 'follow'
+
     if !::Devise.cas_follow_url.blank?
-      url = Devise.cas_follow_url
+      Devise.cas_follow_url
     else
       url = request_url.dup
       url << after_sign_out_path_for(resource_name)
@@ -113,15 +67,17 @@ class Devise::CasSessionsController < Devise::SessionsController
   end
 
   def cas_logout_url
-    begin
-      ::Devise.cas_client.logout_url(cas_destination_url, cas_follow_url, cas_service_url)
-    rescue ArgumentError
-      # Older rubycas-clients don't accept a service_url
-      ::Devise.cas_client.logout_url(cas_destination_url, cas_follow_url)
+    server = RackCAS::Server.new(RackCAS.config.server_url)
+    destination_url = cas_destination_url
+    follow_url = cas_follow_url
+    service_url = cas_service_url
+
+    if destination_url
+      server.logout_url(destination: destination_url, gateway: 'true').to_s
+    elsif follow_url
+      server.logout_url(url: follow_url, service: service_url).to_s
+    else
+      server.logout_url(service: service_url).to_s
     end
   end
-
-  def memcache_checker
-    @memcache_checker ||= DeviseCasAuthenticatable::MemcacheChecker.new(Rails.configuration)
-  end
 end

data/app/views/devise/cas_sessions/unregistered.html.erb

@@ -1,3 +1,3 @@
-<p>The user <%=h params[:username] %> is not registered with this site.  
-  Please <%= link_to "sign in using a different account", 
-  Devise.cas_client.logout_url(send("new_#{resource_name}_session_url")) %>.</p>
+<p>The user <%=h params[:username] %> is not registered with this site.
+  Please <%= link_to "sign in using a different account",
+  RackCAS::Server.new(RackCAS.config.server_url).logout_url(destination: send("new_#{resource_name}_session_url")).to_s %>.</p>