devise_cas_authenticatable 1.3.8 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +7 -2
- data/devise_cas_authenticatable.gemspec +1 -1
- data/lib/devise_cas_authenticatable.rb +5 -1
- data/lib/devise_cas_authenticatable/model.rb +19 -2
- data/spec/model_spec.rb +57 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5045437ac67c0de59651c56e17ef93d148d0c3ce
|
4
|
+
data.tar.gz: 8e103d5ea3b58c6920d7f913e495686389358c16
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 33ca2e7317e10bfcba93ab009c24466f63cf16b58848c73af13682988e1b216864cc81aa9290f397340f22e82431fa5117643ec8cb24e9e023b690167da9ccca
|
7
|
+
data.tar.gz: 051b51fd7c164a1f3fde624a43c3272d840845ca2f6c53f4f0c588e70fe88f836895320a33d4b807158999792e8bb7ecb89617f8d89102b4dde3f4865041aa82
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# Changelog for devise\_cas\_authenticatable
|
2
2
|
|
3
|
+
## Version 1.4.0 - May 8, 2015
|
4
|
+
|
5
|
+
* Allow changing the CAS response field used as the unique key for finding users (thanks once again to @gmoore!)
|
6
|
+
|
3
7
|
## Version 1.3.8 - April 24, 2015
|
4
8
|
|
5
9
|
* Remove a deprecated dependency (thanks to @gmoore)
|
data/README.md
CHANGED
@@ -13,7 +13,7 @@ using [rubycas-server](http://github.com/gunark/rubycas-server)).
|
|
13
13
|
Requirements
|
14
14
|
------------
|
15
15
|
|
16
|
-
- Rails 2.3 or greater (works with 3.x versions as well)
|
16
|
+
- Rails 2.3 or greater (works with 3.x and 4.x versions as well)
|
17
17
|
- Devise 1.0 or greater
|
18
18
|
- rubycas-client
|
19
19
|
|
@@ -81,7 +81,7 @@ to tell your app how to talk to your CAS server:
|
|
81
81
|
# You can specify the name of the destination argument with the following option.
|
82
82
|
# e.g. the following option will change it from 'destination' to 'url'
|
83
83
|
# config.cas_destination_logout_param_name = 'url'
|
84
|
-
|
84
|
+
|
85
85
|
# By default, devise_cas_authenticatable will create users. If you would rather
|
86
86
|
# require user records to already exist locally before they can authenticate via
|
87
87
|
# CAS, uncomment the following line.
|
@@ -89,6 +89,11 @@ to tell your app how to talk to your CAS server:
|
|
89
89
|
|
90
90
|
# You can enable Single Sign Out, which by default is disabled.
|
91
91
|
# config.cas_enable_single_sign_out = true
|
92
|
+
|
93
|
+
# If you don't want to use the username returned from your CAS server as the unique
|
94
|
+
# identifier, but some other field passed in cas_extra_attributes, you can specify
|
95
|
+
# the field name here.
|
96
|
+
# config.cas_user_identifier = nil
|
92
97
|
|
93
98
|
# If you want to use the Devise Timeoutable module with single sign out,
|
94
99
|
# uncommenting this will redirect timeouts to the logout url, so that the CAS can
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{devise_cas_authenticatable}
|
5
|
-
s.version = "1.
|
5
|
+
s.version = "1.4.0"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Nat Budin", "Jeremy Haile"]
|
@@ -66,6 +66,10 @@ module Devise
|
|
66
66
|
# The model attribute used for query conditions. Should be the same as
|
67
67
|
# the rubycas-server username_column. :username by default
|
68
68
|
@@cas_username_column = :username
|
69
|
+
|
70
|
+
# The CAS reponse value used to find users in the local database
|
71
|
+
# it is required that this field be in cas_extra_attributes
|
72
|
+
@@cas_user_identifier = nil
|
69
73
|
|
70
74
|
# Name of the parameter passed in the logout query
|
71
75
|
@@cas_destination_logout_param_name = nil
|
@@ -73,7 +77,7 @@ module Devise
|
|
73
77
|
# Additional options for CAS client object
|
74
78
|
@@cas_client_config_options = {}
|
75
79
|
|
76
|
-
mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_client_config_options
|
80
|
+
mattr_accessor :cas_base_url, :cas_login_url, :cas_logout_url, :cas_validate_url, :cas_destination_url, :cas_follow_url, :cas_logout_url_param, :cas_create_user, :cas_destination_logout_param_name, :cas_username_column, :cas_enable_single_sign_out, :cas_single_sign_out_mapping_strategy, :cas_user_identifier, :cas_client_config_options
|
77
81
|
|
78
82
|
def self.cas_create_user?
|
79
83
|
cas_create_user
|
@@ -19,7 +19,24 @@ module Devise
|
|
19
19
|
::Devise.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
|
20
20
|
|
21
21
|
if ticket.is_valid?
|
22
|
-
|
22
|
+
identifier = nil
|
23
|
+
ticket_response = ticket.respond_to?(:user) ? ticket : ticket.response
|
24
|
+
|
25
|
+
if ::Devise.cas_user_identifier.blank?
|
26
|
+
identifier = ticket_response.user
|
27
|
+
else
|
28
|
+
identifier = ticket_response.extra_attributes[::Devise.cas_user_identifier]
|
29
|
+
end
|
30
|
+
|
31
|
+
# If cas_user_identifier isn't in extra_attributes, or the value is blank, then we're done here
|
32
|
+
if identifier.nil?
|
33
|
+
logger.warn("Could not find a value for [#{::Devise.cas_user_identifier}] in cas_extra_attributes so we cannot find the User.")
|
34
|
+
logger.warn("Make sure config.cas_user_identifier is set to a field that appears in cas_extra_attributes")
|
35
|
+
return nil
|
36
|
+
end
|
37
|
+
|
38
|
+
logger.debug("Using conditions {#{::Devise.cas_username_column} => #{identifier}} to find the User")
|
39
|
+
conditions = {::Devise.cas_username_column => identifier}
|
23
40
|
# We don't want to override Devise 1.1's find_for_authentication
|
24
41
|
resource = if respond_to?(:find_for_authentication)
|
25
42
|
find_for_authentication(conditions)
|
@@ -31,7 +48,7 @@ module Devise
|
|
31
48
|
return nil unless resource
|
32
49
|
|
33
50
|
if resource.respond_to? :cas_extra_attributes=
|
34
|
-
resource.cas_extra_attributes =
|
51
|
+
resource.cas_extra_attributes = ticket_response.extra_attributes
|
35
52
|
end
|
36
53
|
resource.save
|
37
54
|
resource
|
data/spec/model_spec.rb
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Devise::Models::CasAuthenticatable do
|
4
|
+
|
5
|
+
describe "When the user lookup is by something other than username" do
|
6
|
+
before(:each) do
|
7
|
+
@ticket = CASClient::ServiceTicket.new("ST-test", nil)
|
8
|
+
@ticket.extra_attributes = {:id => 10}
|
9
|
+
@ticket.success = true
|
10
|
+
@ticket.user = "testusername"
|
11
|
+
|
12
|
+
Devise.cas_create_user = false
|
13
|
+
|
14
|
+
#
|
15
|
+
# We needed to stub :find_for_authentication to return false
|
16
|
+
# but wanted to allow other respond_to? calls to function
|
17
|
+
# normally
|
18
|
+
#
|
19
|
+
User.stubs(:respond_to?) do |arg|
|
20
|
+
if arg == :find_for_authentication
|
21
|
+
return false
|
22
|
+
else
|
23
|
+
return User.respond_to? arg
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should authenticate using whatever is specified in config.cas_user_identifier" do
|
29
|
+
Devise.cas_user_identifier = :id
|
30
|
+
Devise.cas_username_column = :id
|
31
|
+
|
32
|
+
User.expects(:find).with(:first, {:conditions => {:id => 10}})
|
33
|
+
|
34
|
+
User.authenticate_with_cas_ticket(@ticket)
|
35
|
+
|
36
|
+
#Reset this otherwise it'll blow up other specs
|
37
|
+
Devise.cas_user_identifier = nil
|
38
|
+
end
|
39
|
+
|
40
|
+
it "should authenticate as normal is config.cas_user_identifier is not set" do
|
41
|
+
Devise.cas_user_identifier = nil
|
42
|
+
Devise.cas_username_column = :username
|
43
|
+
User.expects(:find).with(:first, {:conditions => {:username => @ticket.user}})
|
44
|
+
User.authenticate_with_cas_ticket(@ticket)
|
45
|
+
end
|
46
|
+
|
47
|
+
it "should return nil if cas_user_identifier is not in cas_extra_attributes" do
|
48
|
+
Devise.cas_user_identifier = :unknown_ticket_field
|
49
|
+
Devise.cas_username_column = :username
|
50
|
+
User.expects(:find).never
|
51
|
+
User.authenticate_with_cas_ticket(@ticket).should be_nil
|
52
|
+
|
53
|
+
#Reset this otherwise it'll blow up other specs
|
54
|
+
Devise.cas_user_identifier = nil
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_cas_authenticatable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nat Budin
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-05-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: devise
|
@@ -234,6 +234,7 @@ files:
|
|
234
234
|
- lib/devise_cas_authenticatable/strategy.rb
|
235
235
|
- rails/init.rb
|
236
236
|
- spec/config_spec.rb
|
237
|
+
- spec/model_spec.rb
|
237
238
|
- spec/routes_spec.rb
|
238
239
|
- spec/scenario/.gitignore
|
239
240
|
- spec/scenario/app/controllers/application_controller.rb
|
@@ -296,6 +297,7 @@ specification_version: 4
|
|
296
297
|
summary: CAS authentication module for Devise
|
297
298
|
test_files:
|
298
299
|
- spec/config_spec.rb
|
300
|
+
- spec/model_spec.rb
|
299
301
|
- spec/routes_spec.rb
|
300
302
|
- spec/scenario/.gitignore
|
301
303
|
- spec/scenario/app/controllers/application_controller.rb
|