devise_cas_authenticatable 1.0.0.alpha1

data/.project

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>devise_cas_authenticatable</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+	</buildSpec>
+	<natures>
+		<nature>org.radrails.rails.core.railsnature</nature>
+	</natures>
+</projectDescription>

data/README.md

@@ -0,0 +1,104 @@
+devise_cas_authenticatable
+==========================
+
+Written by Nat Budin<br/>
+Taking a lot of inspiration from [devise_ldap_authenticatable](http://github.com/cschiewek/devise_ldap_authenticatable)
+
+devise_cas_authenticatable is [CAS](http://www.jasig.org/cas) single sign-on support for
+[Devise](http://github.com/plataformatec/devise) applications.  It acts as a replacement for
+database_authenticatable.  It builds on [rubycas-client](http://github.com/gunark/rubycas-client)
+and should support just about any conformant CAS server (although I have personally tested it
+using [rubycas-server](http://github.com/gunark/rubycas-server)).
+
+Requirements
+------------
+
+- Rails 2.3
+- Devise 1.0 (tested on 1.0.6)
+- rubycas-client 2.1
+
+Installation
+------------
+
+    gem install --pre devise_cas_authenticatable
+    
+and in your config/environment.rb:
+
+    config.gem 'devise_cas_authenticatable'
+    
+Setup
+-----
+
+Once devise\_cas\_authenticatable is installed, add the following to your user model:
+
+    devise :cas_authenticatable
+    
+You can also add other modules such as token_authenticatable, trackable, etc.  Please do not
+add database_authenticatable as this module is intended to replace it.
+
+You'll also need to set up the database schema for this:
+
+    create_table :users do |t|
+      t.cas_authenticatable
+    end
+
+and, optionally, indexes:
+
+    add_index :username, :unique => true
+
+Finally, you'll need to add some configuration to your config/initializers/devise.rb in order
+to tell your app how to talk to your CAS server:
+
+    Devise.setup do |config|
+      ...
+      config.cas_base_url = "https://cas.myorganization.com"
+      
+      # you can override these if you need to, but cas_base_url is usually enough
+      # config.cas_login_url = "https://cas.myorganization.com/login"
+      # config.cas_logout_url = "https://cas.myorganization.com/logout"
+      # config.cas_validate_url = "https://cas.myorganization.com/serviceValidate"
+      
+      # By default, devise_cas_authenticatable will create users.  If you would rather
+      # require user records to already exist locally before they can authenticate via
+      # CAS, uncomment the following line.
+      # config.cas_create_user = false  
+    end
+
+Extra attributes
+----------------
+
+If your CAS server passes along extra attributes you'd like to save in your user records,
+using the CAS extra_attributes parameter, you can define a method in your user model called
+cas_extra_attributes= to accept these.  For example:
+
+    class User < ActiveRecord::Base
+      devise :cas_authenticatable
+      
+      def cas_extra_attributes=(extra_attributes)
+        extra_attributes.each do |name, value|
+          case name.to_sym
+          when :fullname
+            self.fullname = value
+          when :email
+            self.email = value
+          end
+        end
+      end
+    end
+
+See also
+--------
+
+* [CAS](http://www.jasig.org/cas)
+* [rubycas-server](http://github.com/gunark/rubycas-server)
+* [rubycas-client](http://github.com/gunark/rubycas-client)
+* [Devise](http://github.com/plataformatec/devise)
+* [Warden](http://github.com/hassox/warden)
+
+TODO
+----
+
+* Implement CAS single sign-off support (maybe via a Rack middleware?)
+* Write test suite
+* Test on non-ActiveRecord ORMs
+* Test on Rails 3/Devise 1.1            

data/Rakefile

@@ -0,0 +1,41 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_cas_authenticatable plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the devise_cas_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'devise_cas_authenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_cas_authenticatable"
+    gemspec.summary = "CAS authentication module for Devise"
+    gemspec.description = "CAS authentication module for Devise"
+    gemspec.email = "natbudin@gmail.com"
+    gemspec.homepage = "http://github.com/nbudin/devise_cas_authenticatable"
+    gemspec.authors = ["Nat Budin"]
+    gemspec.add_runtime_dependency "devise", "~> 1.0.6"
+    gemspec.add_runtime_dependency "rubycas-client", "~> 2.1.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+1.0.0.alpha1

data/app/controllers/cas_sessions_controller.rb

@@ -0,0 +1,13 @@
+class CasSessionsController < ApplicationController
+  prepend_before_filter :require_no_authentication, :only => [:login]
+  include Devise::Controllers::InternalHelpers
+  
+  def destroy
+    sign_out(resource_name)
+    destination = request.protocol
+    destination << request.host
+    destination << ":#{request.port.to_s}" unless request.port == 80
+    destination << after_sign_out_path_for(resource_name)
+    redirect_to(::Devise.cas_client.logout_url(destination))
+  end
+end

data/lib/devise_cas_authenticatable/model.rb

@@ -0,0 +1,46 @@
+module Devise
+  module Models
+    module CasAuthenticatable
+      def self.included(base)
+        base.extend ClassMethods
+      end
+      
+      module ClassMethods
+        def authenticate_with_cas_ticket(ticket)
+          ::Devise.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
+          
+          if ticket.is_valid?
+            conditions = {:username => ticket.response.user}
+            puts conditions.inspect
+            
+            resource = find_for_cas_authentication(conditions)
+            resource = new(conditions) if (resource.nil? and ::Devise.cas_create_user)
+            return nil unless resource
+            
+            if resource.new_record?
+              if resource.respond_to? :cas_extra_attributes=
+                resource.cas_extra_attributes = ticket.response.extra_attributes
+              end
+              
+              create(conditions)
+            else
+              if ::Devise.cas_update_user
+                if resource.respond_to? :cas_extra_attributes=
+                  resource.cas_extra_attributes = ticket.response.extra_attributes
+                  resource.save
+                end
+              end
+              
+              resource
+            end
+          end
+        end
+        
+        protected
+        def find_for_cas_authentication(conditions)
+          find(:first, :conditions => conditions)
+        end
+      end
+    end
+  end
+end

data/lib/devise_cas_authenticatable/routes.rb

@@ -0,0 +1,9 @@
+ActionController::Routing::RouteSet::Mapper.class_eval do
+  protected
+  
+  def cas_authenticatable(routes, mapping)
+    routes.with_options(:controller => 'cas_sessions', :name_prefix => nil) do |session|
+      session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
+    end
+  end
+end

data/lib/devise_cas_authenticatable/schema.rb

@@ -0,0 +1,5 @@
+Devise::Schema.class_eval do
+  def cas_authenticatable
+    apply_schema :username, String
+  end
+end

data/lib/devise_cas_authenticatable/strategy.rb

@@ -0,0 +1,48 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class CasAuthenticatable < Base
+      def valid?
+        mapping.to.respond_to?(:authenticate_with_cas_ticket)
+      end
+      
+      def authenticate!
+        ticket = read_ticket(params)
+        if ticket
+          if resource = mapping.to.authenticate_with_cas_ticket(ticket)
+            success!(resource)
+          else
+            fail(:invalid)
+          end
+        elsif returning_from_cas?
+          fail(:invalid)
+        else
+          redirect!(login_url)
+        end
+      end
+      
+      protected
+      def returning_from_cas?
+        request.referer =~ /^#{::Devise.cas_client.cas_base_url}/
+      end
+     
+      def login_url
+        ::Devise.cas_client.add_service_to_login_url(request.url)
+      end
+  
+      def read_ticket(params)
+        ticket = params[:ticket]
+        return nil unless ticket
+      
+        if ticket =~ /^PT-/
+          ::CASClient::ProxyTicket.new(ticket, request.url, params[:renew])
+        else
+          ::CASClient::ServiceTicket.new(ticket, request.url, params[:renew])
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:cas_authenticatable, Devise::Strategies::CasAuthenticatable)

data/lib/devise_cas_authenticatable.rb

@@ -0,0 +1,38 @@
+require 'devise'
+
+require 'devise_cas_authenticatable/schema'
+require 'devise_cas_authenticatable/routes'
+require 'devise_cas_authenticatable/strategy'
+
+require 'rubycas-client'
+
+module Devise
+  mattr_accessor :cas_base_url
+  @@cas_base_url = nil
+  
+  mattr_accessor :cas_login_url
+  @@cas_login_url = nil
+  
+  mattr_accessor :cas_logout_url
+  @@cas_logout_url = nil
+  
+  mattr_accessor :cas_validate_url
+  @@cas_validate_url = nil
+  
+  mattr_accessor :cas_create_user
+  @@cas_create_user = true
+  
+  def self.cas_client
+    @@cas_client ||= CASClient::Client.new(
+        :cas_base_url => @@cas_base_url,
+        :login_url => @@cas_login_url,
+        :logout_url => @@cas_logout_url,
+        :validate_url => @@cas_validate_url
+      )
+  end
+end
+
+Devise.add_module(:cas_authenticatable,
+  :strategy => true,
+  :controller => :cas_sessions,
+  :model => 'devise_cas_authenticatable/model')

data/rails/init.rb

@@ -0,0 +1 @@
+require "devise_cas_authenticatable"

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification 
+name: devise_cas_authenticatable
+version: !ruby/object:Gem::Version 
+  prerelease: true
+  segments: 
+  - 1
+  - 0
+  - 0
+  - alpha1
+  version: 1.0.0.alpha1
+platform: ruby
+authors: 
+- Nat Budin
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-05-06 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        - 6
+        version: 1.0.6
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rubycas-client
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 1
+        - 0
+        version: 2.1.0
+  type: :runtime
+  version_requirements: *id002
+description: CAS authentication module for Devise
+email: natbudin@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- .project
+- README.md
+- Rakefile
+- VERSION
+- app/controllers/cas_sessions_controller.rb
+- lib/devise_cas_authenticatable.rb
+- lib/devise_cas_authenticatable/model.rb
+- lib/devise_cas_authenticatable/routes.rb
+- lib/devise_cas_authenticatable/schema.rb
+- lib/devise_cas_authenticatable/strategy.rb
+- rails/init.rb
+has_rdoc: true
+homepage: http://github.com/nbudin/devise_cas_authenticatable
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: CAS authentication module for Devise
+test_files: []
+