omniauth-cas 1.1.1 → 3.0.0.beta.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 09cce5081c4f84323fdc73cc34324fd597d78424
-  data.tar.gz: 9a70b93dee51a38340bd07630f83179992f254b1
+SHA256:
+  metadata.gz: 2600fefe7682305731ccd7117312c394c148c9d3d2812da453ebbb3a3c0a294a
+  data.tar.gz: 96b0f898f502ff223c5b3430ad308daec92914152a8ffead39e09d597f1cac02
 SHA512:
-  metadata.gz: 436b7b6a87016de8dd0b4c0e8d89697a5570f17d88662bd73b1ee407f9edb3cf8b058d523c1863e5ecaef9aba9ebaf3c52457005119a547398f7fb761f4949a0
-  data.tar.gz: d2e434a790244adbe2c83fdfc9900785acbf48f3f9592911a580ce3fefa35eca3e8561906898c4c134895fbcd6614ce2f019ecada702cf56d9a1a453ef9b8457
+  metadata.gz: a35c9f0cbb2d2d061d9de0497156b8565eef5994cb59a4ef97e72ed3722558d205d2d329b7b1cb206ff16774ef0109488b5ac2e079b53f87f574fb2c5804a84a
+  data.tar.gz: 7016220b6d2dabeb565a5a90d2b2a008bcbeb36c68c256cba6d2b549295477bf3aa42a442ff11d893c1f8eaa088e69965831122bd2ce2015acf67986c37027a7

data/CHANGELOG.md

@@ -2,8 +2,31 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
-project adheres to [Semantic Versioning](http://semver.org/)
+The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
+project adheres to [Semantic Versioning](https://semver.org/)
+
+## 3.0.0.beta.1 - 2024-01-12
+
+### Changed
+
+* Breaking change: Support OmniAuth 2 (#82).
+* Potential breaking change: case of `Omniauth::Cas::VERSION` module (#76).
+
+### Removed
+
+* Compatibility with EOL Ruby versions (#73).
+
+## 2.0.0 - 2010-11-14
+
+### Added
+
+* Add support for multivalued attributes ([#59](https://github.com/dlindahl/omniauth-cas/pull/59))
+* Successfully test against Ruby 2.4 and up ([#60](https://github.com/dlindahl/omniauth-cas/pull/60))
+
+### Changed
+
+* Forward success response to `fetch_raw_info` callback ([#51](https://github.com/dlindahl/omniauth-cas/pull/51))
+* Relax development dependencies to the latest versions
 
 ## 1.1.1 - 2016-09-19
 

data/README.md

@@ -1,12 +1,12 @@
-# OmniAuth CAS Strategy [![Gem Version][version_badge]][version] [![Build Status][travis_status]][travis]
+# OmniAuth CAS Strategy [![Gem Version][version_badge]][version] [![Build Status][github_actions_status]][github_actions]
 
-[version_badge]: https://badge.fury.io/rb/omniauth-cas.png
-[version]: http://badge.fury.io/rb/omniauth-cas
-[travis]: http://travis-ci.org/dlindahl/omniauth-cas
-[travis_status]: https://secure.travis-ci.org/dlindahl/omniauth-cas.png
+[version_badge]: https://badge.fury.io/rb/omniauth-cas.svg
+[version]: https://badge.fury.io/rb/omniauth-cas
+[github_actions]: https://github.com/dlindahl/omniauth-cas/actions
+[github_actions_status]: https://github.com/dlindahl/omniauth-cas/actions/workflows/ci.yml/badge.svg
 [releases]: https://github.com/dlindahl/omniauth-cas/releases
 
-This is a OmniAuth 1.0 compatible port of the previously available
+This is a [OmniAuth][omniauth] 2.1+ compatible port of the previously available
 [OmniAuth CAS strategy][old_omniauth_cas] that was bundled with OmniAuth 0.3.
 
 * [View the documentation][document_up]
@@ -42,7 +42,7 @@ end
 
 OmniAuth CAS requires at least one of the following two configuration options:
 
-  * `url` - Defines the URL of your CAS server (i.e. `http://example.org:8080`)
+  * `url` - Defines the URL of your CAS server (i.e. `https://example.org:8080`)
   * `host` - Defines the host of your CAS server (i.e. `example.org`).
 
 #### Optional
@@ -58,6 +58,7 @@ Other configuration options:
   * `uid_field` - The user data attribute to use as your user's unique identifier. Defaults to `'user'` (which usually contains the user's login name).
   * `ca_path` - Optional when `ssl` is `true`. Sets path of a CA certification directory. See [Net::HTTP][net_http] for more details.
   * `disable_ssl_verification` - Optional when `ssl` is true. Disables verification.
+  * `merge_multivalued_attributes` - When set to `true` returns attributes with multiple values as arrays. Defaults to `false` and returns the last value as a string.
   * `on_single_sign_out` - Optional. Callback used when a [CAS 3.1 Single Sign Out][sso]
     request is received.
   * `fetch_raw_info` - Optional. Callback used to return additional "raw" user
@@ -65,9 +66,13 @@ Other configuration options:
 
     ```ruby
     provider :cas,
-             fetch_raw_info: lambda { |strategy, options, ticket, user_info|
-               ExternalService.get(user_info[:user]).attributes
-            }
+      fetch_raw_info: Proc.new { |strategy, opts, ticket, user_info, rawxml|
+        return {} if user_info.empty? || rawxml.nil? # Auth failed
+
+        extra_info = ExternalService.get(user_info[:user]).attributes
+        extra_info.merge!({'roles' => rawxml.xpath('//cas:roles').map(&:text)})
+        extra_info
+      }
     ```
 
 Configurable options for values returned by CAS:
@@ -96,7 +101,7 @@ Your new settings should look similar to this:
 provider :cas,
          host:      'cas.example.com',
          login_url: '/cas/login',
-  	     service_validate_url: '/cas/serviceValidate'
+         service_validate_url: '/cas/serviceValidate'
 ```
 
 If you encounter problems wih SSL certificates you may want to set the `ca_path` parameter or activate `disable_ssl_verification` (not recommended).
@@ -117,7 +122,8 @@ Special thanks go out to the following people
   * Elber Ribeiro (@dynaum) for Ubuntu SSL configuration support
   * @rbq for README updates and OmniAuth 0.3 migration guide
 
+[omniauth]: https://github.com/omniauth/omniauth
 [old_omniauth_cas]: https://github.com/intridea/omniauth/blob/0-3-stable/oa-enterprise/lib/omniauth/strategies/cas.rb
-[document_up]: http://dlindahl.github.com/omniauth-cas/
-[net_http]: http://ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html
+[document_up]: https://dlindahl.github.io/omniauth-cas/
+[net_http]: https://ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html
 [sso]: https://wiki.jasig.org/display/CASUM/Single+Sign+Out

data/lib/omniauth/cas/version.rb

@@ -1,5 +1,7 @@
-module Omniauth
+# frozen_string_literal: true
+
+module OmniAuth
   module Cas
-    VERSION = '1.1.1'
+    VERSION = '3.0.0.beta.1'
   end
 end

data/lib/omniauth/cas.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'omniauth/cas/version'
-require 'omniauth/strategies/cas'
+require 'omniauth/strategies/cas'

data/lib/omniauth/strategies/cas/logout_request.rb

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
+
 module OmniAuth
   module Strategies
     class CAS
       class LogoutRequest
         def initialize(strategy, request)
-          @strategy, @request = strategy, request
+          @strategy = strategy
+          @request = request
         end
 
         def call(options = {})
@@ -11,10 +14,10 @@ module OmniAuth
 
           begin
             result = single_sign_out_callback.call(*logout_request)
-          rescue StandardError => err
-            return @strategy.fail! :logout_request, err
+          rescue StandardError => e
+            @strategy.fail! :logout_request, e
           else
-            result = [200,{},'OK'] if result == true || result.nil?
+            result = [200, {}, 'OK'] if result == true || result.nil?
           ensure
             return unless result
 
@@ -22,18 +25,18 @@ module OmniAuth
             # when Rack::Response#new wants [body,status,headers]? Additionally,
             # why does Rack::Response differ in argument order from the usual
             # Rack-like [status,headers,body] array?
-            return Rack::Response.new(result[2],result[0],result[1]).finish
+            return Rack::Response.new(result[2], result[0], result[1]).finish
           end
         end
 
-      private
+        private
 
         def logout_request
           @logout_request ||= begin
             saml = Nokogiri.parse(@request.params['logoutRequest'])
             name_id = saml.xpath('//saml:NameID').text
             sess_idx = saml.xpath('//samlp:SessionIndex').text
-            inject_params(name_id:name_id, session_index:sess_idx)
+            inject_params(name_id: name_id, session_index: sess_idx)
             @request
           end
         end
@@ -42,7 +45,7 @@ module OmniAuth
           rack_input = @request.env['rack.input'].read
           params = Rack::Utils.parse_query(rack_input, '&').merge new_params
           @request.env['rack.input'] = StringIO.new(Rack::Utils.build_query(params))
-        rescue
+        rescue StandardError
           # A no-op intended to ensure that the ensure block is run
           raise
         ensure

data/lib/omniauth/strategies/cas/service_ticket_validator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'net/http'
 require 'net/https'
 require 'nokogiri'
@@ -6,7 +8,9 @@ module OmniAuth
   module Strategies
     class CAS
       class ServiceTicketValidator
-        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }
+        VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }.freeze
+
+        attr_reader :success_body
 
         # Build a validator from a +configuration+, a
         # +return_to+ URL, and a +ticket+.
@@ -38,19 +42,30 @@ module OmniAuth
           parse_user_info(@success_body)
         end
 
-      private
+        private
+
+        # Merges attributes with multiple values into an array if support is
+        # enabled (disabled by default)
+        def attribute_value(user_info, attribute, value)
+          if @options.merge_multivalued_attributes && user_info.key?(attribute)
+            Array(user_info[attribute]).push(value)
+          else
+            value
+          end
+        end
 
         # turns an `<cas:authenticationSuccess>` node into a Hash;
         # returns nil if given nil
         def parse_user_info(node)
           return nil if node.nil?
+
           {}.tap do |hash|
             node.children.each do |e|
               node_name = e.name.sub(/^cas:/, '')
-              unless e.kind_of?(Nokogiri::XML::Text) || node_name == 'proxies'
+              unless e.is_a?(Nokogiri::XML::Text) || node_name == 'proxies'
                 # There are no child elements
                 if e.element_children.count == 0
-                  hash[node_name] = e.content
+                  hash[node_name] = attribute_value(hash, node_name, e.content)
                 elsif e.element_children.count
                   # JASIG style extra attributes
                   if node_name == 'attributes'
@@ -70,6 +85,7 @@ module OmniAuth
         # if the passed body is nil or if there is no such node.
         def find_authentication_success(body)
           return nil if body.nil? || body == ''
+
           begin
             doc = Nokogiri::XML(body)
             begin

data/lib/omniauth/strategies/cas.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'omniauth'
 require 'addressable/uri'
 
@@ -14,7 +16,7 @@ module OmniAuth
       autoload :LogoutRequest, 'omniauth/strategies/cas/logout_request'
 
       attr_accessor :raw_info
-      alias_method :user_info, :raw_info
+      alias user_info raw_info
 
       option :name, :cas # Required property by OmniAuth::Strategy
 
@@ -22,10 +24,11 @@ module OmniAuth
       option :port, nil
       option :path, nil
       option :ssl,  true
+      option :merge_multivalued_attributes, false
       option :service_validate_url, '/serviceValidate'
       option :login_url,            '/login'
       option :logout_url,           '/logout'
-      option :on_single_sign_out,   Proc.new {}
+      option :on_single_sign_out,   proc {}
       # A Proc or lambda that returns a Hash of additional user info to be
       # merged with the info returned by the CAS server.
       #
@@ -34,7 +37,7 @@ module OmniAuth
       # @param [Hash] The user info for the Service Ticket returned by the CAS server
       #
       # @return [Hash] Extra user info
-      option :fetch_raw_info,       Proc.new { Hash.new }
+      option :fetch_raw_info,       proc { {} }
       # Make all the keys configurable with some defaults set here
       option :uid_field, 'user'
       option :name_key, 'name'
@@ -47,24 +50,26 @@ module OmniAuth
       option :phone_key, 'phone'
 
       # As required by https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
-      AuthHashSchemaKeys = %w{name email nickname first_name last_name location image phone}
+      AUTH_HASH_SCHEMA_KEYS = %w[name email nickname first_name last_name location image phone].freeze
       info do
         prune!({
-          name: raw_info[options[:name_key].to_s],
-          email: raw_info[options[:email_key].to_s],
-          nickname: raw_info[options[:nickname_key].to_s],
-          first_name: raw_info[options[:first_name_key].to_s],
-          last_name: raw_info[options[:last_name_key].to_s],
-          location: raw_info[options[:location_key].to_s],
-          image: raw_info[options[:image_key].to_s],
-          phone: raw_info[options[:phone_key].to_s]
-        })
+                 name: raw_info[options[:name_key].to_s],
+                 email: raw_info[options[:email_key].to_s],
+                 nickname: raw_info[options[:nickname_key].to_s],
+                 first_name: raw_info[options[:first_name_key].to_s],
+                 last_name: raw_info[options[:last_name_key].to_s],
+                 location: raw_info[options[:location_key].to_s],
+                 image: raw_info[options[:image_key].to_s],
+                 phone: raw_info[options[:phone_key].to_s]
+               })
       end
 
       extra do
-        prune!(
-          raw_info.delete_if{ |k,v| AuthHashSchemaKeys.include?(k) }
-        )
+        if skip_info?
+          {}
+        else
+          prune!(raw_info.dup.delete_if { |k, _v| AUTH_HASH_SCHEMA_KEYS.include?(k) })
+        end
       end
 
       uid do
@@ -81,8 +86,10 @@ module OmniAuth
         else
           @ticket = request.params['ticket']
           return fail!(:no_ticket, MissingCASTicket.new('No CAS Ticket')) unless @ticket
+
           fetch_raw_info(@ticket)
           return fail!(:invalid_ticket, InvalidCASTicket.new('Invalid CAS Ticket')) if raw_info.empty?
+
           super
         end
       end
@@ -96,12 +103,12 @@ module OmniAuth
             'Location' => login_url(service_url),
             'Content-Type' => 'text/plain'
           },
-          ["You are being redirected to CAS for sign-in."]
+          ['You are being redirected to CAS for sign-in.']
         ]
       end
 
       def on_sso_path?
-        request.post? && request.params.has_key?('logoutRequest')
+        request.post? && request.params.key?('logoutRequest')
       end
 
       def single_sign_out_phase
@@ -135,9 +142,9 @@ module OmniAuth
       end
 
       def validate_cas_setup
-        if options.host.nil? || options.login_url.nil?
-          raise ArgumentError.new(":host and :login_url MUST be provided")
-        end
+        return unless options.host.nil? || options.login_url.nil?
+
+        raise ArgumentError, ':host and :login_url MUST be provided'
       end
 
       # Build a service-validation URL from +service+ and +ticket+.
@@ -153,9 +160,9 @@ module OmniAuth
         service_url = Addressable::URI.parse(service_url)
         service_url.query_values = service_url.query_values.tap { |qs| qs.delete('ticket') }
         cas_url + append_params(options.service_validate_url, {
-          service: service_url.to_s,
-          ticket: ticket
-        })
+                                  service: service_url.to_s,
+                                  ticket: ticket
+                                })
       end
 
       # Build a CAS login URL from +service+.
@@ -174,7 +181,7 @@ module OmniAuth
       #
       # @return [String] the new joined URL.
       def append_params(base, params)
-        params = params.each { |k,v| v = Rack::Utils.escape(v) }
+        params = params.each_value { |v| Rack::Utils.escape(v) }
         Addressable::URI.parse(base).tap do |base_uri|
           base_uri.query_values = (base_uri.query_values || {}).merge(params)
         end.to_s
@@ -186,11 +193,14 @@ module OmniAuth
         ServiceTicketValidator.new(self, options, callback_url, ticket).call
       end
 
-    private
+      private
 
       def fetch_raw_info(ticket)
-        ticket_user_info = validate_service_ticket(ticket).user_info
-        custom_user_info = options.fetch_raw_info.call(self, options, ticket, ticket_user_info)
+        validator = validate_service_ticket(ticket)
+        ticket_user_info = validator.user_info
+        ticket_success_body = validator.success_body
+        custom_user_info = options.fetch_raw_info.call(self,
+                                                       options, ticket, ticket_user_info, ticket_success_body)
         self.raw_info = ticket_user_info.merge(custom_user_info)
       end
 

data/lib/omniauth-cas.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'omniauth/cas'

metadata

@@ -1,127 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-cas
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 3.0.0.beta.1
 platform: ruby
 authors:
 - Derek Lindahl
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-26 00:00:00.000000000 Z
+date: 2024-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: omniauth
+  name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.8'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.12'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.12'
 - !ruby/object:Gem::Dependency
-  name: addressable
+  name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-- !ruby/object:Gem::Dependency
-  name: webmock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.19.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.19.0
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.1.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 3.1.0
-- !ruby/object:Gem::Dependency
-  name: rack-test
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  name: awesome_print
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.1'
 description: CAS Strategy for OmniAuth
 email:
 - dlindahl@customink.com
@@ -129,33 +59,26 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".editorconfig"
-- ".gitignore"
-- ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - lib/omniauth-cas.rb
 - lib/omniauth/cas.rb
 - lib/omniauth/cas/version.rb
 - lib/omniauth/strategies/cas.rb
 - lib/omniauth/strategies/cas/logout_request.rb
 - lib/omniauth/strategies/cas/service_ticket_validator.rb
-- omniauth-cas.gemspec
-- spec/fixtures/cas_failure.xml
-- spec/fixtures/cas_success.xml
-- spec/fixtures/cas_success_jasig.xml
-- spec/omniauth/strategies/cas/logout_request_spec.rb
-- spec/omniauth/strategies/cas/service_ticket_validator_spec.rb
-- spec/omniauth/strategies/cas_spec.rb
-- spec/spec_helper.rb
 homepage: https://github.com/dlindahl/omniauth-cas
 licenses: []
-metadata: {}
-post_install_message: 
+metadata:
+  bug_tracker_uri: https://github.com/dlindahl/omniauth-cas/issues
+  changelog_uri: https://github.com/dlindahl/omniauth-cas/blob/master/CHANGELOG.md
+  documentation_uri: https://dlindahl.github.io/omniauth-cas/
+  homepage_uri: https://github.com/dlindahl/omniauth-cas
+  rubygems_mfa_required: 'true'
+  source_code_uri: https://github.com/dlindahl/omniauth-cas
+  wiki_uri: https://github.com/dlindahl/omniauth-cas/wiki
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -163,23 +86,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.5.3
+signing_key:
 specification_version: 4
 summary: CAS Strategy for OmniAuth
-test_files:
-- spec/fixtures/cas_failure.xml
-- spec/fixtures/cas_success.xml
-- spec/fixtures/cas_success_jasig.xml
-- spec/omniauth/strategies/cas/logout_request_spec.rb
-- spec/omniauth/strategies/cas/service_ticket_validator_spec.rb
-- spec/omniauth/strategies/cas_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.editorconfig

@@ -1,16 +0,0 @@
-# EditorConfig helps developers define and maintain consistent
-# coding styles between different editors and IDEs
-# editorconfig.org
-
-root = true
-
-[*]
-# Change these settings to your own preference
-indent_style = space
-indent_size = 2
-
-# We recommend you to keep these unchanged
-end_of_line = lf
-charset = utf-8
-trim_trailing_whitespace = true
-insert_final_newline = true

data/.gitignore

@@ -1,21 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-vendor
-
-# RSpec
-.rspec

data/.ruby-version

@@ -1 +0,0 @@
-2.1.2

data/.travis.yml

@@ -1,9 +0,0 @@
-rvm:
-  - 2.1
-  - 2.2
-  - 2.3.1
-branches:
-  only:
-    - master
-before_install:
-  - gem install bundler

data/Gemfile

@@ -1,9 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in omniauth-cas.gemspec
-gemspec
-
-if RUBY_VERSION < "2.2.2"
-  # Rack 2 needs Ruby 2.2.2+
-  gem 'rack', '< 2'
-end

data/Rakefile

@@ -1,15 +0,0 @@
-#!/usr/bin/env rake
-require 'bundler/gem_tasks'
-
-require 'rspec/core/rake_task'
-desc 'Default: run specs.'
-task default: :spec
-
-desc 'Run specs'
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.rspec_opts = '--require spec_helper --color --order rand'
-end
-
-task :test do
-  fail %q{This application uses RSpec. Try running "rake spec"}
-end

data/omniauth-cas.gemspec

@@ -1,28 +0,0 @@
-# -*- encoding: utf-8 -*-
-require File.expand_path('../lib/omniauth/cas/version', __FILE__)
-
-Gem::Specification.new do |gem|
-  gem.authors       = ["Derek Lindahl"]
-  gem.email         = ["dlindahl@customink.com"]
-  gem.summary       = %q{CAS Strategy for OmniAuth}
-  gem.description   = gem.summary
-  gem.homepage      = "https://github.com/dlindahl/omniauth-cas"
-
-  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  gem.files         = `git ls-files`.split("\n")
-  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  gem.name          = "omniauth-cas"
-  gem.require_paths = ["lib"]
-  gem.version       = Omniauth::Cas::VERSION
-
-  gem.add_dependency 'omniauth',                '~> 1.2'
-  gem.add_dependency 'nokogiri',                '~> 1.5'
-  gem.add_dependency 'addressable',             '~> 2.3'
-
-  gem.add_development_dependency 'rake',        '~> 10.0'
-  gem.add_development_dependency 'webmock',     '~> 1.19.0'
-  gem.add_development_dependency 'rspec',       '~> 3.1.0'
-  gem.add_development_dependency 'rack-test',   '~> 0.6'
-
-  gem.add_development_dependency 'awesome_print'
-end

data/spec/fixtures/cas_failure.xml

@@ -1,4 +0,0 @@
-<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
-  <cas:authenticationFailure>
-  </cas:authenticationFailure>
-</cas:serviceResponse>

data/spec/fixtures/cas_success.xml

@@ -1,14 +0,0 @@
-<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
-  <cas:authenticationSuccess>
-    <cas:user>psegel</cas:user>
-    <cas:employeeid>54</cas:employeeid>
-    <cas:first_name>P. Segel</cas:first_name>
-    <cas:first_name>Peter</cas:first_name>
-    <cas:last_name>Segel</cas:last_name>
-    <cas:email>psegel@intridea.com</cas:email>
-    <cas:location>Washington, D.C.</cas:location>
-    <cas:image>/images/user.jpg</cas:image>
-    <cas:phone>555-555-5555</cas:phone>
-    <cas:hire_date>2004-07-13</cas:hire_date>
-  </cas:authenticationSuccess>
-</cas:serviceResponse>

data/spec/fixtures/cas_success_jasig.xml

@@ -1,16 +0,0 @@
-<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
-  <cas:authenticationSuccess>
-    <cas:user>psegel</cas:user>
-    <cas:attributes>
-      <cas:employeeid>54</cas:employeeid>
-      <cas:first_name>P. Segel</cas:first_name>
-      <cas:first_name>Peter</cas:first_name>
-      <cas:last_name>Segel</cas:last_name>
-      <cas:email>psegel@intridea.com</cas:email>
-      <cas:location>Washington, D.C.</cas:location>
-      <cas:image>/images/user.jpg</cas:image>
-      <cas:phone>555-555-5555</cas:phone>
-      <cas:hire_date>2004-07-13</cas:hire_date>
-    </cas:attributes>
-  </cas:authenticationSuccess>
-</cas:serviceResponse>

data/spec/omniauth/strategies/cas/logout_request_spec.rb

@@ -1,103 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Strategies::CAS::LogoutRequest do
-  let(:strategy) { double('strategy') }
-  let(:env) do
-    { 'rack.input' => StringIO.new('','r') }
-  end
-  let(:request) { double('request', params:params, env:env) }
-  let(:params) { { 'url' => url, 'logoutRequest' => logoutRequest } }
-  let(:url) { 'http://notes.dev/signed_in' }
-  let(:logoutRequest) do
-    %Q[
-      <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
-        <saml:NameID>@NOT_USED@</saml:NameID>
-        <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
-      </samlp:LogoutRequest>
-    ]
-  end
-
-  subject { described_class.new(strategy, request).call(options) }
-
-  describe 'SAML attributes' do
-    let(:callback) { Proc.new{} }
-    let(:options) do
-      { on_single_sign_out: callback }
-    end
-
-    before do
-      @rack_input = nil
-      allow(callback).to receive(:call) do |req|
-        @rack_input = req.env['rack.input'].read
-        true
-      end
-      subject
-    end
-
-    it 'are parsed and injected into the Rack Request parameters' do
-      expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-123456-123abc456def'
-    end
-
-    context 'that raise when parsed' do
-      let(:env) { { 'rack.input' => nil } }
-
-      before do
-        allow(strategy).to receive(:fail!)
-        subject
-        expect(strategy).to have_received(:fail!)
-      end
-
-      it 'responds with an error' do
-        expect(strategy).to have_received(:fail!)
-      end
-    end
-  end
-
-  describe 'with a configured callback' do
-    let(:options) do
-      { on_single_sign_out: callback }
-    end
-
-    context 'that returns TRUE' do
-      let(:callback) { Proc.new{true} }
-
-      it 'responds with OK' do
-        expect(subject[0]).to eq 200
-        expect(subject[2].body).to eq ['OK']
-      end
-    end
-
-    context 'that returns Nil' do
-      let(:callback) { Proc.new{} }
-
-      it 'responds with OK' do
-        expect(subject[0]).to eq 200
-        expect(subject[2].body).to eq ['OK']
-      end
-    end
-
-    context 'that returns a tuple' do
-      let(:callback) { Proc.new{ [400,{},'Bad Request'] } }
-
-      it 'responds with OK' do
-        expect(subject[0]).to eq 400
-        expect(subject[2].body).to eq ['Bad Request']
-      end
-    end
-
-    context 'that raises an error' do
-      let(:exception) { RuntimeError.new('error' )}
-      let(:callback) { Proc.new{raise exception} }
-
-      before do
-        allow(strategy).to receive(:fail!)
-        subject
-      end
-
-      it 'responds with an error' do
-        expect(strategy).to have_received(:fail!)
-          .with(:logout_request, exception)
-      end
-    end
-  end
-end

data/spec/omniauth/strategies/cas/service_ticket_validator_spec.rb

@@ -1,55 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Strategies::CAS::ServiceTicketValidator do
-  let(:strategy) do
-    double('strategy',
-      service_validate_url: 'https://example.org/serviceValidate'
-    )
-  end
-  let(:provider_options) do
-    double('provider_options',
-      disable_ssl_verification?: false,
-      ca_path: '/etc/ssl/certsZOMG'
-    )
-  end
-  let(:validator) do
-    OmniAuth::Strategies::CAS::ServiceTicketValidator.new( strategy, provider_options, '/foo', nil )
-  end
-
-  describe '#call' do
-    before do
-      stub_request(:get, 'https://example.org/serviceValidate?')
-        .to_return(status: 200, body: '')
-    end
-
-    subject { validator.call }
-
-    it 'returns itself' do
-      expect(subject).to eq validator
-    end
-
-    it 'uses the configured CA path' do
-      subject
-      expect(provider_options).to have_received :ca_path
-    end
-  end
-
-  describe '#user_info' do
-    let(:ok_fixture) do
-      File.expand_path(File.join(File.dirname(__FILE__), '../../../fixtures/cas_success.xml'))
-    end
-    let(:service_response) { File.read(ok_fixture) }
-
-    before do
-      stub_request(:get, 'https://example.org/serviceValidate?')
-        .to_return(status: 200, body:service_response)
-      validator.call
-    end
-
-    subject { validator.user_info }
-
-    it 'parses user info from the response' do
-      expect(subject).to include 'user' => 'psegel'
-    end
-  end
-end

data/spec/omniauth/strategies/cas_spec.rb

@@ -1,250 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Strategies::CAS, type: :strategy do
-  include Rack::Test::Methods
-
-  let(:my_cas_provider) { Class.new(OmniAuth::Strategies::CAS) }
-  before do
-    stub_const 'MyCasProvider', my_cas_provider
-  end
-  let(:app) do
-    Rack::Builder.new {
-      use OmniAuth::Test::PhonySession
-      use MyCasProvider, name: :cas, host: 'cas.example.org', ssl: false, port: 8080, uid_field: :employeeid
-      run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
-    }.to_app
-  end
-
-  # TODO: Verify that these are even useful tests
-  shared_examples_for 'a CAS redirect response' do
-    let(:redirect_params) { 'service=' + Rack::Utils.escape("http://example.org/auth/cas/callback?url=#{Rack::Utils.escape(return_url)}") }
-
-    before { get url, nil, request_env }
-
-    subject { last_response }
-
-    it { should be_redirect }
-
-    it 'redirects to the CAS server' do
-      expect(subject.headers).to include 'Location' => "http://cas.example.org:8080/login?#{redirect_params}"
-    end
-  end
-
-  describe '#cas_url' do
-    let(:params) { Hash.new }
-    let(:provider) { MyCasProvider.new(nil, params) }
-
-    subject { provider.cas_url }
-
-    it 'raises an ArgumentError' do
-      expect{subject}.to raise_error ArgumentError, %r{:host and :login_url MUST be provided}
-    end
-
-    context 'with an explicit :url option' do
-      let(:url) { 'https://example.org:8080/my_cas' }
-      let(:params) { super().merge url:url }
-
-      before { subject }
-
-      it { should eq url }
-
-      it 'parses the URL into it the appropriate strategy options' do
-        expect(provider.options).to include ssl:true
-        expect(provider.options).to include host:'example.org'
-        expect(provider.options).to include port:8080
-        expect(provider.options).to include path:'/my_cas'
-      end
-    end
-
-    context 'with explicit URL component' do
-      let(:params) { super().merge host:'example.org', port:1234, ssl:true, path:'/a/path' }
-
-      before { subject }
-
-      it { should eq 'https://example.org:1234/a/path' }
-
-      it 'parses the URL into it the appropriate strategy options' do
-        expect(provider.options).to include ssl:true
-        expect(provider.options).to include host:'example.org'
-        expect(provider.options).to include port:1234
-        expect(provider.options).to include path:'/a/path'
-      end
-    end
-  end
-
-  describe 'defaults' do
-    subject { MyCasProvider.default_options.to_hash }
-
-    it { should include('ssl' => true) }
-  end
-
-  describe 'GET /auth/cas' do
-    let(:return_url) { 'http://myapp.com/admin/foo' }
-
-    context 'with a referer' do
-      let(:url) { '/auth/cas' }
-
-      let(:request_env) { { 'HTTP_REFERER' => return_url } }
-
-      it_behaves_like 'a CAS redirect response'
-    end
-
-    context 'with an explicit return URL' do
-      let(:url) { "/auth/cas?url=#{return_url}" }
-
-      let(:request_env) { {} }
-
-      it_behaves_like 'a CAS redirect response'
-    end
-  end
-
-  describe 'GET /auth/cas/callback' do
-    context 'without a ticket' do
-      before { get '/auth/cas/callback' }
-
-      subject { last_response }
-
-      it { should be_redirect }
-
-      it 'redirects with a failure message' do
-        expect(subject.headers).to include 'Location' => '/auth/failure?message=no_ticket&strategy=cas'
-      end
-    end
-
-    context 'with an invalid ticket' do
-      before do
-        stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=9391d/).
-           to_return( body: File.read('spec/fixtures/cas_failure.xml') )
-        get '/auth/cas/callback?ticket=9391d'
-      end
-
-      subject { last_response }
-
-      it { should be_redirect }
-
-      it 'redirects with a failure message' do
-        expect(subject.headers).to include 'Location' => '/auth/failure?message=invalid_ticket&strategy=cas'
-      end
-    end
-
-    describe 'with a valid ticket' do
-      shared_examples :successful_validation do
-        before do
-          stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=593af/)
-            .with { |request| @request_uri = request.uri.to_s }
-            .to_return( body: File.read("spec/fixtures/#{xml_file_name}") )
-
-          get "/auth/cas/callback?ticket=593af&url=#{return_url}"
-        end
-
-        it 'strips the ticket parameter from the callback URL' do
-          expect(@request_uri.scan('ticket=').size).to eq 1
-        end
-
-        it 'properly encodes the service URL' do
-          expect(WebMock).to have_requested(:get, 'http://cas.example.org:8080/serviceValidate')
-            .with(query: {
-              ticket:  '593af',
-              service: 'http://example.org/auth/cas/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter')
-            })
-        end
-
-        context "request.env['omniauth.auth']" do
-          subject { last_request.env['omniauth.auth'] }
-
-          it { should be_kind_of Hash }
-
-          it 'identifes the provider' do
-            expect(subject.provider).to eq :cas
-          end
-
-          it 'returns the UID of the user' do
-            expect(subject.uid).to eq '54'
-          end
-
-          context 'the info hash' do
-            subject { last_request.env['omniauth.auth']['info'] }
-
-            it 'includes user info attributes' do
-              expect(subject.name).to eq 'Peter Segel'
-              expect(subject.first_name).to eq 'Peter'
-              expect(subject.last_name).to eq 'Segel'
-              expect(subject.nickname).to eq 'psegel'
-              expect(subject.email).to eq 'psegel@intridea.com'
-              expect(subject.location).to eq 'Washington, D.C.'
-              expect(subject.image).to eq '/images/user.jpg'
-              expect(subject.phone).to eq '555-555-5555'
-            end
-          end
-
-          context 'the extra hash' do
-            subject { last_request.env['omniauth.auth']['extra'] }
-
-            it 'includes additional user attributes' do
-              expect(subject.user).to eq 'psegel'
-              expect(subject.employeeid).to eq '54'
-              expect(subject.hire_date).to eq '2004-07-13'
-            end
-          end
-
-          context 'the credentials hash' do
-            subject { last_request.env['omniauth.auth']['credentials'] }
-
-            it 'has a ticket value' do
-              expect(subject.ticket).to eq '593af'
-            end
-          end
-        end
-
-        it 'calls through to the master app' do
-          expect(last_response.body).to eq 'true'
-        end
-      end
-
-      let(:return_url) { 'http://127.0.0.10/?some=parameter' }
-
-      context 'with JASIG flavored XML' do
-        let(:xml_file_name) { 'cas_success_jasig.xml' }
-
-        it_behaves_like :successful_validation
-      end
-
-      context 'with classic XML' do
-        let(:xml_file_name) { 'cas_success.xml' }
-
-        it_behaves_like :successful_validation
-      end
-    end
-  end
-
-  describe 'POST /auth/cas/callback' do
-    describe 'with a Single Sign-Out logoutRequest' do
-      let(:logoutRequest) do
-        %Q[
-          <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
-            <saml:NameID>@NOT_USED@</saml:NameID>
-            <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
-          </samlp:LogoutRequest>
-        ]
-      end
-
-      let(:logout_request) { double('logout_request', call:[200,{},'OK']) }
-
-      subject do
-        post 'auth/cas/callback', logoutRequest:logoutRequest
-      end
-
-      before do
-        allow_any_instance_of(MyCasProvider)
-          .to receive(:logout_request_service)
-          .and_return double('LogoutRequest', new:logout_request)
-
-        subject
-      end
-
-      it 'initializes a LogoutRequest' do
-        expect(logout_request).to have_received :call
-      end
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,13 +0,0 @@
-require 'bundler/setup'
-require 'awesome_print'
-
-RSpec.configure do |c|
-  c.filter_run focus: true
-  c.run_all_when_everything_filtered = true
-end
-
-require 'rack/test'
-require 'webmock/rspec'
-require 'omniauth-cas'
-
-OmniAuth.config.logger = Logger.new( '/dev/null' )