devise_cas_authenticatable 1.0.0.alpha1
Sign up to get free protection for your applications and to get access to all the features.
- data/.project +12 -0
- data/README.md +104 -0
- data/Rakefile +41 -0
- data/VERSION +1 -0
- data/app/controllers/cas_sessions_controller.rb +13 -0
- data/lib/devise_cas_authenticatable/model.rb +46 -0
- data/lib/devise_cas_authenticatable/routes.rb +9 -0
- data/lib/devise_cas_authenticatable/schema.rb +5 -0
- data/lib/devise_cas_authenticatable/strategy.rb +48 -0
- data/lib/devise_cas_authenticatable.rb +38 -0
- data/rails/init.rb +1 -0
- metadata +102 -0
data/.project
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<projectDescription>
|
3
|
+
<name>devise_cas_authenticatable</name>
|
4
|
+
<comment></comment>
|
5
|
+
<projects>
|
6
|
+
</projects>
|
7
|
+
<buildSpec>
|
8
|
+
</buildSpec>
|
9
|
+
<natures>
|
10
|
+
<nature>org.radrails.rails.core.railsnature</nature>
|
11
|
+
</natures>
|
12
|
+
</projectDescription>
|
data/README.md
ADDED
@@ -0,0 +1,104 @@
|
|
1
|
+
devise_cas_authenticatable
|
2
|
+
==========================
|
3
|
+
|
4
|
+
Written by Nat Budin<br/>
|
5
|
+
Taking a lot of inspiration from [devise_ldap_authenticatable](http://github.com/cschiewek/devise_ldap_authenticatable)
|
6
|
+
|
7
|
+
devise_cas_authenticatable is [CAS](http://www.jasig.org/cas) single sign-on support for
|
8
|
+
[Devise](http://github.com/plataformatec/devise) applications. It acts as a replacement for
|
9
|
+
database_authenticatable. It builds on [rubycas-client](http://github.com/gunark/rubycas-client)
|
10
|
+
and should support just about any conformant CAS server (although I have personally tested it
|
11
|
+
using [rubycas-server](http://github.com/gunark/rubycas-server)).
|
12
|
+
|
13
|
+
Requirements
|
14
|
+
------------
|
15
|
+
|
16
|
+
- Rails 2.3
|
17
|
+
- Devise 1.0 (tested on 1.0.6)
|
18
|
+
- rubycas-client 2.1
|
19
|
+
|
20
|
+
Installation
|
21
|
+
------------
|
22
|
+
|
23
|
+
gem install --pre devise_cas_authenticatable
|
24
|
+
|
25
|
+
and in your config/environment.rb:
|
26
|
+
|
27
|
+
config.gem 'devise_cas_authenticatable'
|
28
|
+
|
29
|
+
Setup
|
30
|
+
-----
|
31
|
+
|
32
|
+
Once devise\_cas\_authenticatable is installed, add the following to your user model:
|
33
|
+
|
34
|
+
devise :cas_authenticatable
|
35
|
+
|
36
|
+
You can also add other modules such as token_authenticatable, trackable, etc. Please do not
|
37
|
+
add database_authenticatable as this module is intended to replace it.
|
38
|
+
|
39
|
+
You'll also need to set up the database schema for this:
|
40
|
+
|
41
|
+
create_table :users do |t|
|
42
|
+
t.cas_authenticatable
|
43
|
+
end
|
44
|
+
|
45
|
+
and, optionally, indexes:
|
46
|
+
|
47
|
+
add_index :username, :unique => true
|
48
|
+
|
49
|
+
Finally, you'll need to add some configuration to your config/initializers/devise.rb in order
|
50
|
+
to tell your app how to talk to your CAS server:
|
51
|
+
|
52
|
+
Devise.setup do |config|
|
53
|
+
...
|
54
|
+
config.cas_base_url = "https://cas.myorganization.com"
|
55
|
+
|
56
|
+
# you can override these if you need to, but cas_base_url is usually enough
|
57
|
+
# config.cas_login_url = "https://cas.myorganization.com/login"
|
58
|
+
# config.cas_logout_url = "https://cas.myorganization.com/logout"
|
59
|
+
# config.cas_validate_url = "https://cas.myorganization.com/serviceValidate"
|
60
|
+
|
61
|
+
# By default, devise_cas_authenticatable will create users. If you would rather
|
62
|
+
# require user records to already exist locally before they can authenticate via
|
63
|
+
# CAS, uncomment the following line.
|
64
|
+
# config.cas_create_user = false
|
65
|
+
end
|
66
|
+
|
67
|
+
Extra attributes
|
68
|
+
----------------
|
69
|
+
|
70
|
+
If your CAS server passes along extra attributes you'd like to save in your user records,
|
71
|
+
using the CAS extra_attributes parameter, you can define a method in your user model called
|
72
|
+
cas_extra_attributes= to accept these. For example:
|
73
|
+
|
74
|
+
class User < ActiveRecord::Base
|
75
|
+
devise :cas_authenticatable
|
76
|
+
|
77
|
+
def cas_extra_attributes=(extra_attributes)
|
78
|
+
extra_attributes.each do |name, value|
|
79
|
+
case name.to_sym
|
80
|
+
when :fullname
|
81
|
+
self.fullname = value
|
82
|
+
when :email
|
83
|
+
self.email = value
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
See also
|
90
|
+
--------
|
91
|
+
|
92
|
+
* [CAS](http://www.jasig.org/cas)
|
93
|
+
* [rubycas-server](http://github.com/gunark/rubycas-server)
|
94
|
+
* [rubycas-client](http://github.com/gunark/rubycas-client)
|
95
|
+
* [Devise](http://github.com/plataformatec/devise)
|
96
|
+
* [Warden](http://github.com/hassox/warden)
|
97
|
+
|
98
|
+
TODO
|
99
|
+
----
|
100
|
+
|
101
|
+
* Implement CAS single sign-off support (maybe via a Rack middleware?)
|
102
|
+
* Write test suite
|
103
|
+
* Test on non-ActiveRecord ORMs
|
104
|
+
* Test on Rails 3/Devise 1.1
|
data/Rakefile
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
|
5
|
+
desc 'Default: run unit tests.'
|
6
|
+
task :default => :test
|
7
|
+
|
8
|
+
desc 'Test the devise_cas_authenticatable plugin.'
|
9
|
+
Rake::TestTask.new(:test) do |t|
|
10
|
+
t.libs << 'lib'
|
11
|
+
t.libs << 'test'
|
12
|
+
t.pattern = 'test/**/*_test.rb'
|
13
|
+
t.verbose = true
|
14
|
+
end
|
15
|
+
|
16
|
+
desc 'Generate documentation for the devise_cas_authenticatable plugin.'
|
17
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
18
|
+
rdoc.rdoc_dir = 'rdoc'
|
19
|
+
rdoc.title = 'devise_cas_authenticatable'
|
20
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
21
|
+
rdoc.rdoc_files.include('README')
|
22
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
23
|
+
end
|
24
|
+
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'jeweler'
|
28
|
+
Jeweler::Tasks.new do |gemspec|
|
29
|
+
gemspec.name = "devise_cas_authenticatable"
|
30
|
+
gemspec.summary = "CAS authentication module for Devise"
|
31
|
+
gemspec.description = "CAS authentication module for Devise"
|
32
|
+
gemspec.email = "natbudin@gmail.com"
|
33
|
+
gemspec.homepage = "http://github.com/nbudin/devise_cas_authenticatable"
|
34
|
+
gemspec.authors = ["Nat Budin"]
|
35
|
+
gemspec.add_runtime_dependency "devise", "~> 1.0.6"
|
36
|
+
gemspec.add_runtime_dependency "rubycas-client", "~> 2.1.0"
|
37
|
+
end
|
38
|
+
Jeweler::GemcutterTasks.new
|
39
|
+
rescue LoadError
|
40
|
+
puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
|
41
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.0.0.alpha1
|
@@ -0,0 +1,13 @@
|
|
1
|
+
class CasSessionsController < ApplicationController
|
2
|
+
prepend_before_filter :require_no_authentication, :only => [:login]
|
3
|
+
include Devise::Controllers::InternalHelpers
|
4
|
+
|
5
|
+
def destroy
|
6
|
+
sign_out(resource_name)
|
7
|
+
destination = request.protocol
|
8
|
+
destination << request.host
|
9
|
+
destination << ":#{request.port.to_s}" unless request.port == 80
|
10
|
+
destination << after_sign_out_path_for(resource_name)
|
11
|
+
redirect_to(::Devise.cas_client.logout_url(destination))
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module Devise
|
2
|
+
module Models
|
3
|
+
module CasAuthenticatable
|
4
|
+
def self.included(base)
|
5
|
+
base.extend ClassMethods
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
def authenticate_with_cas_ticket(ticket)
|
10
|
+
::Devise.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
|
11
|
+
|
12
|
+
if ticket.is_valid?
|
13
|
+
conditions = {:username => ticket.response.user}
|
14
|
+
puts conditions.inspect
|
15
|
+
|
16
|
+
resource = find_for_cas_authentication(conditions)
|
17
|
+
resource = new(conditions) if (resource.nil? and ::Devise.cas_create_user)
|
18
|
+
return nil unless resource
|
19
|
+
|
20
|
+
if resource.new_record?
|
21
|
+
if resource.respond_to? :cas_extra_attributes=
|
22
|
+
resource.cas_extra_attributes = ticket.response.extra_attributes
|
23
|
+
end
|
24
|
+
|
25
|
+
create(conditions)
|
26
|
+
else
|
27
|
+
if ::Devise.cas_update_user
|
28
|
+
if resource.respond_to? :cas_extra_attributes=
|
29
|
+
resource.cas_extra_attributes = ticket.response.extra_attributes
|
30
|
+
resource.save
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
resource
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
protected
|
40
|
+
def find_for_cas_authentication(conditions)
|
41
|
+
find(:first, :conditions => conditions)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
ActionController::Routing::RouteSet::Mapper.class_eval do
|
2
|
+
protected
|
3
|
+
|
4
|
+
def cas_authenticatable(routes, mapping)
|
5
|
+
routes.with_options(:controller => 'cas_sessions', :name_prefix => nil) do |session|
|
6
|
+
session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
|
7
|
+
end
|
8
|
+
end
|
9
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'devise/strategies/base'
|
2
|
+
|
3
|
+
module Devise
|
4
|
+
module Strategies
|
5
|
+
class CasAuthenticatable < Base
|
6
|
+
def valid?
|
7
|
+
mapping.to.respond_to?(:authenticate_with_cas_ticket)
|
8
|
+
end
|
9
|
+
|
10
|
+
def authenticate!
|
11
|
+
ticket = read_ticket(params)
|
12
|
+
if ticket
|
13
|
+
if resource = mapping.to.authenticate_with_cas_ticket(ticket)
|
14
|
+
success!(resource)
|
15
|
+
else
|
16
|
+
fail(:invalid)
|
17
|
+
end
|
18
|
+
elsif returning_from_cas?
|
19
|
+
fail(:invalid)
|
20
|
+
else
|
21
|
+
redirect!(login_url)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
protected
|
26
|
+
def returning_from_cas?
|
27
|
+
request.referer =~ /^#{::Devise.cas_client.cas_base_url}/
|
28
|
+
end
|
29
|
+
|
30
|
+
def login_url
|
31
|
+
::Devise.cas_client.add_service_to_login_url(request.url)
|
32
|
+
end
|
33
|
+
|
34
|
+
def read_ticket(params)
|
35
|
+
ticket = params[:ticket]
|
36
|
+
return nil unless ticket
|
37
|
+
|
38
|
+
if ticket =~ /^PT-/
|
39
|
+
::CASClient::ProxyTicket.new(ticket, request.url, params[:renew])
|
40
|
+
else
|
41
|
+
::CASClient::ServiceTicket.new(ticket, request.url, params[:renew])
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
Warden::Strategies.add(:cas_authenticatable, Devise::Strategies::CasAuthenticatable)
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'devise'
|
2
|
+
|
3
|
+
require 'devise_cas_authenticatable/schema'
|
4
|
+
require 'devise_cas_authenticatable/routes'
|
5
|
+
require 'devise_cas_authenticatable/strategy'
|
6
|
+
|
7
|
+
require 'rubycas-client'
|
8
|
+
|
9
|
+
module Devise
|
10
|
+
mattr_accessor :cas_base_url
|
11
|
+
@@cas_base_url = nil
|
12
|
+
|
13
|
+
mattr_accessor :cas_login_url
|
14
|
+
@@cas_login_url = nil
|
15
|
+
|
16
|
+
mattr_accessor :cas_logout_url
|
17
|
+
@@cas_logout_url = nil
|
18
|
+
|
19
|
+
mattr_accessor :cas_validate_url
|
20
|
+
@@cas_validate_url = nil
|
21
|
+
|
22
|
+
mattr_accessor :cas_create_user
|
23
|
+
@@cas_create_user = true
|
24
|
+
|
25
|
+
def self.cas_client
|
26
|
+
@@cas_client ||= CASClient::Client.new(
|
27
|
+
:cas_base_url => @@cas_base_url,
|
28
|
+
:login_url => @@cas_login_url,
|
29
|
+
:logout_url => @@cas_logout_url,
|
30
|
+
:validate_url => @@cas_validate_url
|
31
|
+
)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
Devise.add_module(:cas_authenticatable,
|
36
|
+
:strategy => true,
|
37
|
+
:controller => :cas_sessions,
|
38
|
+
:model => 'devise_cas_authenticatable/model')
|
data/rails/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "devise_cas_authenticatable"
|
metadata
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: devise_cas_authenticatable
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: true
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
- alpha1
|
10
|
+
version: 1.0.0.alpha1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Nat Budin
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2010-05-06 00:00:00 -04:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: devise
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - ~>
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
segments:
|
29
|
+
- 1
|
30
|
+
- 0
|
31
|
+
- 6
|
32
|
+
version: 1.0.6
|
33
|
+
type: :runtime
|
34
|
+
version_requirements: *id001
|
35
|
+
- !ruby/object:Gem::Dependency
|
36
|
+
name: rubycas-client
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - ~>
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
segments:
|
43
|
+
- 2
|
44
|
+
- 1
|
45
|
+
- 0
|
46
|
+
version: 2.1.0
|
47
|
+
type: :runtime
|
48
|
+
version_requirements: *id002
|
49
|
+
description: CAS authentication module for Devise
|
50
|
+
email: natbudin@gmail.com
|
51
|
+
executables: []
|
52
|
+
|
53
|
+
extensions: []
|
54
|
+
|
55
|
+
extra_rdoc_files:
|
56
|
+
- README.md
|
57
|
+
files:
|
58
|
+
- .project
|
59
|
+
- README.md
|
60
|
+
- Rakefile
|
61
|
+
- VERSION
|
62
|
+
- app/controllers/cas_sessions_controller.rb
|
63
|
+
- lib/devise_cas_authenticatable.rb
|
64
|
+
- lib/devise_cas_authenticatable/model.rb
|
65
|
+
- lib/devise_cas_authenticatable/routes.rb
|
66
|
+
- lib/devise_cas_authenticatable/schema.rb
|
67
|
+
- lib/devise_cas_authenticatable/strategy.rb
|
68
|
+
- rails/init.rb
|
69
|
+
has_rdoc: true
|
70
|
+
homepage: http://github.com/nbudin/devise_cas_authenticatable
|
71
|
+
licenses: []
|
72
|
+
|
73
|
+
post_install_message:
|
74
|
+
rdoc_options:
|
75
|
+
- --charset=UTF-8
|
76
|
+
require_paths:
|
77
|
+
- lib
|
78
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
segments:
|
83
|
+
- 0
|
84
|
+
version: "0"
|
85
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
segments:
|
90
|
+
- 1
|
91
|
+
- 3
|
92
|
+
- 1
|
93
|
+
version: 1.3.1
|
94
|
+
requirements: []
|
95
|
+
|
96
|
+
rubyforge_project:
|
97
|
+
rubygems_version: 1.3.6
|
98
|
+
signing_key:
|
99
|
+
specification_version: 3
|
100
|
+
summary: CAS authentication module for Devise
|
101
|
+
test_files: []
|
102
|
+
|