omniauth-iu-cas 1.1.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7fcacfc3df96726ec79e25aa3f3dabd8efafe08ecebbaf7877371180c5f7f4d2
+  data.tar.gz: ce6c14e677253f13e1b801e12f3d0d4be3f082da32ea659e4caea83534e8d1de
+SHA512:
+  metadata.gz: 381fa8c927be657ef5dc5cccd8cc9935532d4d254036f4c310018f5c4050c33a0da676332113a6277ecc9cca7270108e47c743a80339f9a7b55d2bb8f0453ca5
+  data.tar.gz: 400c42d2caa4c66dc418aa0b159b7b8ea5366addcd595955fe3ec1185ae2c8894f949debbf536abf978cadd189ee75894d3d31373c37f2310c4a0a12ac09a711

data/.editorconfig

@@ -0,0 +1,16 @@
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
+root = true
+
+[*]
+# Change these settings to your own preference
+indent_style = space
+indent_size = 2
+
+# We recommend you to keep these unchanged
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+vendor
+
+# RSpec
+.rspec

data/.ruby-version

@@ -0,0 +1 @@
+2.5.5

data/.travis.yml

@@ -0,0 +1,10 @@
+rvm:
+  - 2.4
+  - 2.5
+  - 2.6
+branches:
+  only:
+    - master
+before_install:
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '< 2'

data/CHANGELOG.md

@@ -0,0 +1,20 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
+project adheres to [Semantic Versioning](http://semver.org/)
+
+## 1.1.1-iu - 2019-08-21
+* Convert query parameters to custom IU Login (CAS) format.
+* Handle old style response from IU Login.
+* Add `cassvc` option.
+
+## 1.1.1 - 2016-09-19
+
+### Changed
+
+* Relax gemspec requirements, to add support for Rails 5.
+
+Note that the only tested versions of Ruby are now 2.1, 2.2, and 2.3 - older
+versions of Ruby should work, but are no longer officially supported.

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-cas.gemspec
+gemspec
+
+if RUBY_VERSION < "2.2.2"
+  # Rack 2 needs Ruby 2.2.2+
+  gem 'rack', '< 2'
+end

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2011 Derek Lindahl and CustomInk, LLC
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,133 @@
+# OmniAuth IU CAS Strategy [![Gem Version][version_badge]][version] [![Build Status][travis_status]][travis]
+
+[version_badge]: https://badge.fury.io/rb/omniauth-iu-cas.png
+[version]: http://badge.fury.io/rb/omniauth-iu-cas
+[travis]: https://travis-ci.org/IUBLibTech/omniauth-cas
+[travis_status]: https://secure.travis-ci.org/IUBLibTech/omniauth-cas.png
+[releases]: https://github.com/IUBLibTech/omniauth-cas/releases
+[upstream]: https://github.com/dlindahl/omniauth-cas
+[iu_login]: https://cas.iu.edu
+[kb_app_code]: https://kb.iu.edu/d/alqm
+
+This is a OmniAuth 1.0 compatible port of the previously available
+[OmniAuth CAS strategy][old_omniauth_cas] that was bundled with OmniAuth 0.3.
+
+It is forked from the original [omniauth-cas][upstream] and has been customized for use with [IU Login][iu_login].
+
+* [View the documentation][document_up]
+* [Changelog][releases]
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-cas'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-cas
+
+## Usage
+
+Use like any other OmniAuth strategy:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :cas, host: 'cas.yourdomain.com'
+end
+```
+
+### Configuration Options
+
+#### Required
+
+OmniAuth CAS requires at least one of the following two configuration options:
+
+  * `url` - Defines the URL of your CAS server (i.e. `http://example.org:8080`)
+  * `host` - Defines the host of your CAS server (i.e. `example.org`).
+
+#### Optional
+
+Other configuration options:
+
+  * `port` - The port to use for your configured CAS `host`. Optional if using `url`.
+  * `ssl` - TRUE to connect to your CAS server over SSL. Optional if using `url`.
+  * `service_validate_url` - The URL to use to validate a user. Defaults to `'/serviceValidate'`.
+  * `callback_url` - The URL custom URL path which CAS uses to call back to the service.  Defaults to `/users/auth/cas/callback`.
+  * `logout_url` - The URL to use to logout a user. Defaults to `'/logout'`.
+  * `login_url` - Defines the URL used to prompt users for their login information. Defaults to `/login` If no `host` is configured, the host application's domain will be used.
+  * `uid_field` - The user data attribute to use as your user's unique identifier. Defaults to `'user'` (which usually contains the user's login name).
+  * `ca_path` - Optional when `ssl` is `true`. Sets path of a CA certification directory. See [Net::HTTP][net_http] for more details.
+  * `disable_ssl_verification` - Optional when `ssl` is true. Disables verification.
+  * `on_single_sign_out` - Optional. Callback used when a [CAS 3.1 Single Sign Out][sso]
+    request is received.
+  * `cassvc` - Optional custom IU option. Set to pass an [application code][kb_app_code] to CAS.
+  * `fetch_raw_info` - Optional. Callback used to return additional "raw" user
+    info from other sources.
+
+    ```ruby
+    provider :cas,
+      fetch_raw_info: Proc.new { |strategy, opts, ticket, user_info, rawxml|
+        return {} if user_info.empty? || rawxml.nil? # Auth failed
+
+        extra_info = ExternalService.get(user_info[:user]).attributes
+        extra_info.merge!({'roles' => rawxml.xpath('//cas:roles').map(&:text)})
+        extra_info
+      }
+    ```
+
+Configurable options for values returned by CAS:
+
+  * `uid_key` - The user ID data attribute to use as your user's unique identifier. Defaults to `'user'` (which usually contains the user's login name).
+  * `name_key` - The data attribute containing user first and last name.  Defaults to `'name'`.
+  * `email_key` - The data attribute containing user email address.  Defaults to `'email'`.
+  * `nickname_key` - The data attribute containing user's nickname.  Defaults to `'user'`.
+  * `first_name_key` - The data attribute containing user first name.  Defaults to `'first_name'`.
+  * `last_name_key` - The data attribute containing user last name.  Defaults to `'last_name'`.
+  * `location_key` - The data attribute containing user location/address.  Defaults to `'location'`.
+  * `image_key` - The data attribute containing user image/picture.  Defaults to `'image'`.
+  * `phone_key` - The data attribute containing user contact phone number.  Defaults to `'phone'`.
+
+## Migrating from OmniAuth 0.3
+
+Given the following OmniAuth 0.3 configuration:
+
+```ruby
+provider :CAS, cas_server: 'https://cas.example.com/cas/'
+```
+
+Your new settings should look similar to this:
+
+```ruby
+provider :cas,
+         host:      'cas.example.com',
+         login_url: '/cas/login',
+  	     service_validate_url: '/cas/serviceValidate'
+```
+
+If you encounter problems wih SSL certificates you may want to set the `ca_path` parameter or activate `disable_ssl_verification` (not recommended).
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Thanks
+
+Special thanks go out to the following people
+
+  * Phillip Aldridge (@iterateNZ) and JB Barth (@jbbarth) for helping out with Issue #3
+  * Elber Ribeiro (@dynaum) for Ubuntu SSL configuration support
+  * @rbq for README updates and OmniAuth 0.3 migration guide
+
+[old_omniauth_cas]: https://github.com/intridea/omniauth/blob/0-3-stable/oa-enterprise/lib/omniauth/strategies/cas.rb
+[document_up]: http://dlindahl.github.com/omniauth-cas/
+[net_http]: http://ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html
+[sso]: https://wiki.jasig.org/display/CASUM/Single+Sign+Out

data/Rakefile

@@ -0,0 +1,15 @@
+#!/usr/bin/env rake
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+desc 'Default: run specs.'
+task default: :spec
+
+desc 'Run specs'
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = '--require spec_helper --color --order rand'
+end
+
+task :test do
+  fail %q{This application uses RSpec. Try running "rake spec"}
+end

data/lib/omniauth-iu-cas.rb

@@ -0,0 +1 @@
+require 'omniauth/cas'

data/lib/omniauth/cas.rb

@@ -0,0 +1,2 @@
+require 'omniauth/cas/version'
+require 'omniauth/strategies/cas'

data/lib/omniauth/cas/version.rb

@@ -0,0 +1,5 @@
+module Omniauth
+  module Cas
+    VERSION = '1.1.1.1'
+  end
+end

data/lib/omniauth/strategies/cas.rb

@@ -0,0 +1,232 @@
+require 'omniauth'
+require 'addressable/uri'
+
+module OmniAuth
+  module Strategies
+    class CAS
+      include OmniAuth::Strategy
+
+      # Custom Exceptions
+      class MissingCASTicket < StandardError; end
+      class InvalidCASTicket < StandardError; end
+
+      autoload :ServiceTicketValidator, 'omniauth/strategies/cas/service_ticket_validator'
+      autoload :LogoutRequest, 'omniauth/strategies/cas/logout_request'
+
+      attr_accessor :raw_info
+      alias_method :user_info, :raw_info
+
+      option :name, :cas # Required property by OmniAuth::Strategy
+
+      option :host, nil
+      option :port, nil
+      option :path, nil
+      option :ssl,  true
+      option :service_validate_url, '/serviceValidate'
+      option :login_url,            '/login'
+      option :logout_url,           '/logout'
+      # cassvc is IU specific. Possible values are IU, MFA, GUEST, ANY
+      option :cassvc, 'IU'
+      option :on_single_sign_out,   Proc.new {}
+      # A Proc or lambda that returns a Hash of additional user info to be
+      # merged with the info returned by the CAS server.
+      #
+      # @param [Object] An instance of OmniAuth::Strategies::CAS for the current request
+      # @param [String] The user's Service Ticket value
+      # @param [Hash] The user info for the Service Ticket returned by the CAS server
+      #
+      # @return [Hash] Extra user info
+      option :fetch_raw_info,       Proc.new { Hash.new }
+      # Make all the keys configurable with some defaults set here
+      option :uid_field, 'user'
+      option :name_key, 'name'
+      option :email_key, 'email'
+      option :nickname_key, 'user'
+      option :first_name_key, 'first_name'
+      option :last_name_key, 'last_name'
+      option :location_key, 'location'
+      option :image_key, 'image'
+      option :phone_key, 'phone'
+
+      # As required by https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
+      AuthHashSchemaKeys = %w{name email nickname first_name last_name location image phone}
+      info do
+        prune!({
+          name: raw_info[options[:name_key].to_s],
+          email: raw_info[options[:email_key].to_s],
+          nickname: raw_info[options[:nickname_key].to_s],
+          first_name: raw_info[options[:first_name_key].to_s],
+          last_name: raw_info[options[:last_name_key].to_s],
+          location: raw_info[options[:location_key].to_s],
+          image: raw_info[options[:image_key].to_s],
+          phone: raw_info[options[:phone_key].to_s]
+        })
+      end
+
+      extra do
+        prune!(
+          raw_info.delete_if{ |k,v| AuthHashSchemaKeys.include?(k) }
+        )
+      end
+
+      uid do
+        raw_info[options[:uid_field].to_s]
+      end
+
+      credentials do
+        prune!({ casticket: @ticket })
+      end
+
+      def callback_phase
+        if on_sso_path?
+          single_sign_out_phase
+        else
+          @ticket = request.params['casticket']
+          return fail!(:no_ticket, MissingCASTicket.new('No CAS Ticket')) unless @ticket
+          fetch_raw_info(@ticket)
+          return fail!(:invalid_ticket, InvalidCASTicket.new('Invalid CAS Ticket')) if raw_info.nil? or raw_info.empty?
+          super
+        end
+      end
+
+      def request_phase
+        service_url = append_params(callback_url, return_url)
+
+        [
+          302,
+          {
+            'Location' => login_url(service_url),
+            'Content-Type' => 'text/plain'
+          },
+          ["You are being redirected to CAS for sign-in."]
+        ]
+      end
+
+      def on_sso_path?
+        request.post? && request.params.has_key?('logoutRequest')
+      end
+
+      def single_sign_out_phase
+        logout_request_service.new(self, request).call(options)
+      end
+
+      # Build a CAS host with protocol and port
+      #
+      #
+      def cas_url
+        extract_url if options['url']
+        validate_cas_setup
+        @cas_url ||= begin
+          uri = Addressable::URI.new
+          uri.host = options.host
+          uri.scheme = options.ssl ? 'https' : 'http'
+          uri.port = options.port
+          uri.path = options.path
+          uri.to_s
+        end
+      end
+
+      def extract_url
+        url = Addressable::URI.parse(options.delete('url'))
+        options.merge!(
+          'host' => url.host,
+          'port' => url.port,
+          'path' => url.path,
+          'ssl' => url.scheme == 'https'
+        )
+      end
+
+      def validate_cas_setup
+        if options.host.nil? || options.login_url.nil?
+          raise ArgumentError.new(":host and :login_url MUST be provided")
+        end
+      end
+
+      # Build a service-validation URL from +service+ and +ticket+.
+      # If +service+ has a ticket param, first remove it. URL-encode
+      # +service+ and add it and the +ticket+ as paraemters to the
+      # CAS serviceValidate URL.
+      #
+      # @param [String] service the service (a.k.a. return-to) URL
+      # @param [String] ticket the ticket to validate
+      #
+      # @return [String] a URL like `http://cas.mycompany.com/serviceValidate?casurl=...&casticket=...`
+      def service_validate_url(service_url, ticket)
+        service_url = Addressable::URI.parse(service_url)
+        service_url.query_values = service_url.query_values.tap { |qs|
+          qs.delete('casticket')
+          qs.delete('cassvc')
+        }
+        cas_url + append_params(options.service_validate_url, {
+          casurl: service_url.to_s,
+          casticket: ticket,
+          cassvc: options.cassvc
+        })
+      end
+
+      # Build a CAS login URL from +service+.
+      #
+      # @param [String] service the service (a.k.a. return-to) URL
+      #
+      # @return [String] a URL like `http://cas.mycompany.com/login?service=...`
+      def login_url(service)
+        cas_url + append_params(options.login_url, { casurl: service, cassvc: options.cassvc })
+      end
+
+      # Adds URL-escaped +parameters+ to +base+.
+      #
+      # @param [String] base the base URL
+      # @param [String] params the parameters to append to the URL
+      #
+      # @return [String] the new joined URL.
+      def append_params(base, params)
+        params = params.each { |k,v| v = Rack::Utils.escape(v) }
+        Addressable::URI.parse(base).tap do |base_uri|
+          base_uri.query_values = (base_uri.query_values || {}).merge(params)
+        end.to_s
+      end
+
+      # Validate the Service Ticket
+      # @return [Object] the validated Service Ticket
+      def validate_service_ticket(ticket)
+        ServiceTicketValidator.new(self, options, callback_url, ticket).call
+      end
+
+    private
+
+      def fetch_raw_info(ticket)
+        validator = validate_service_ticket(ticket)
+        ticket_user_info = validator.user_info
+        ticket_success_body = validator.success_body
+        return unless ticket_success_body
+        custom_user_info = options.fetch_raw_info.call(self,
+          options, ticket, ticket_user_info, ticket_success_body)
+        self.raw_info = ticket_user_info.merge(custom_user_info)
+      end
+
+      # Deletes Hash pairs with `nil` values.
+      # From https://github.com/mkdynamic/omniauth-facebook/blob/972ed5e3456bcaed7df1f55efd7c05c216c8f48e/lib/omniauth/strategies/facebook.rb#L122-127
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def return_url
+        # If the request already has a `url` parameter, then it will already be appended to the callback URL.
+        if request.params && request.params['url']
+          {}
+        else
+          { url: request.referer }
+        end
+      end
+
+      def logout_request_service
+        LogoutRequest
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'cas', 'CAS'