p8-casablanca 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +6 -0
- data/README.txt +14 -9
- data/lib/casablanca/rails/filter.rb +33 -22
- data/lib/casablanca.rb +1 -1
- data/test/test_rails_filter.rb +30 -13
- metadata +2 -2
data/History.txt
CHANGED
data/README.txt
CHANGED
|
@@ -9,11 +9,11 @@ Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
|
|
|
9
9
|
== FEATURES:
|
|
10
10
|
|
|
11
11
|
* Includes a commandline Client to test getting service tickets from a CAS server
|
|
12
|
-
* It can be run as a Rails plugin
|
|
12
|
+
* It can be run as a Rails plugin
|
|
13
|
+
* Supports gatewaying and renewing
|
|
13
14
|
|
|
14
15
|
== TODO:
|
|
15
16
|
|
|
16
|
-
* Add extra attributes returned from the server
|
|
17
17
|
* Implement proxying
|
|
18
18
|
* Check for single signout
|
|
19
19
|
|
|
@@ -35,22 +35,27 @@ In IRB:
|
|
|
35
35
|
|
|
36
36
|
|
|
37
37
|
=== Rails:
|
|
38
|
-
|
|
38
|
+
Configure your Cas server url in environment.rb:
|
|
39
39
|
|
|
40
40
|
Casablanca::Rails::Config.config do |config|
|
|
41
41
|
config[:cas_server_url] = "http://localhost:4567"
|
|
42
|
-
# Always require new credentials for authentication
|
|
43
|
-
config[:renew] = true
|
|
44
42
|
end
|
|
45
43
|
|
|
46
44
|
|
|
45
|
+
Add filters to the protected controllers.
|
|
46
|
+
For most cases you would want the default filter:
|
|
47
47
|
|
|
48
48
|
before_filter Casablanca::Rails::Filter
|
|
49
|
-
|
|
50
|
-
|
|
49
|
+
|
|
50
|
+
If you want users without credentials to view the page as well use the Gateway filter
|
|
51
|
+
|
|
52
|
+
before_filter Casablanca::Rails::GatewayFilter
|
|
53
|
+
|
|
54
|
+
If you want users to always require new credentials for authentication use the renew filter
|
|
51
55
|
|
|
56
|
+
before_filter Casablanca::Rails::RenewFilter
|
|
52
57
|
|
|
53
|
-
|
|
58
|
+
Add something like the following to application.rb to get the current user from the Cas session:
|
|
54
59
|
|
|
55
60
|
def current_user
|
|
56
61
|
if session[:cas_user] && @user.nil?
|
|
@@ -60,7 +65,7 @@ In IRB:
|
|
|
60
65
|
@user
|
|
61
66
|
end
|
|
62
67
|
|
|
63
|
-
|
|
68
|
+
Your logout action could look like:
|
|
64
69
|
|
|
65
70
|
def logout
|
|
66
71
|
Casablanca::Rails::Filter.logout(self)
|
|
@@ -16,15 +16,10 @@ module Casablanca::Rails
|
|
|
16
16
|
config = {}
|
|
17
17
|
yield config
|
|
18
18
|
@cas_server_url = config[:cas_server_url]
|
|
19
|
-
@renew = config[:renew] # always renew the session
|
|
20
19
|
# set logger to rails logger
|
|
21
20
|
Casablanca::Client.logger = ::ActionController::Base.logger
|
|
22
21
|
end
|
|
23
22
|
|
|
24
|
-
def renew
|
|
25
|
-
@renew
|
|
26
|
-
end
|
|
27
|
-
|
|
28
23
|
def cas_server_url
|
|
29
24
|
@cas_server_url
|
|
30
25
|
end
|
|
@@ -74,28 +69,18 @@ module Casablanca::Rails
|
|
|
74
69
|
Casablanca::Client.logger
|
|
75
70
|
end
|
|
76
71
|
|
|
77
|
-
# Always require new credentials for authentication?
|
|
78
|
-
def renew?
|
|
79
|
-
Config.renew
|
|
80
|
-
end
|
|
81
|
-
|
|
82
72
|
# Has the user already talked to the Cas server?
|
|
83
73
|
def authentication_required?(controller)
|
|
84
|
-
|
|
74
|
+
controller.session[:cas_user].nil? && controller.params[:ticket].nil?
|
|
85
75
|
end
|
|
86
76
|
|
|
87
|
-
def redirect_to_cas_login(controller
|
|
88
|
-
controller.
|
|
89
|
-
controller.send(:redirect_to, login_url(controller, :renew => renew))
|
|
77
|
+
def redirect_to_cas_login(controller)
|
|
78
|
+
controller.send(:redirect_to, login_url(controller))
|
|
90
79
|
end
|
|
91
80
|
|
|
92
81
|
def get_credentials(controller)
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
else
|
|
96
|
-
logger.debug "Not authenticated yet. Ticket parameter required"
|
|
97
|
-
end
|
|
98
|
-
redirect_to_cas_login(controller, renew?)
|
|
82
|
+
logger.debug "Not authenticated yet. Ticket parameter required"
|
|
83
|
+
redirect_to_cas_login(controller)
|
|
99
84
|
return false
|
|
100
85
|
end
|
|
101
86
|
|
|
@@ -111,7 +96,7 @@ module Casablanca::Rails
|
|
|
111
96
|
logger.debug "Ticket authentication failed: #{ticket.failure_message}"
|
|
112
97
|
logout(controller)
|
|
113
98
|
logger.debug "Renew login credentials"
|
|
114
|
-
redirect_to_cas_login(controller
|
|
99
|
+
redirect_to_cas_login(controller)
|
|
115
100
|
return false
|
|
116
101
|
end
|
|
117
102
|
end
|
|
@@ -145,7 +130,7 @@ module Casablanca::Rails
|
|
|
145
130
|
return super(controller)
|
|
146
131
|
end
|
|
147
132
|
|
|
148
|
-
def redirect_to_cas_login(controller
|
|
133
|
+
def redirect_to_cas_login(controller)
|
|
149
134
|
controller.session[:cas_gatewayed] = true
|
|
150
135
|
logger.debug "Redirecting to #{login_url(controller, :gateway => true)}"
|
|
151
136
|
controller.send(:redirect_to, login_url(controller, :gateway => true))
|
|
@@ -153,5 +138,31 @@ module Casablanca::Rails
|
|
|
153
138
|
|
|
154
139
|
end
|
|
155
140
|
end
|
|
141
|
+
|
|
142
|
+
##
|
|
143
|
+
# Always require new credentials for authentication?
|
|
144
|
+
class RenewFilter < Filter
|
|
145
|
+
|
|
146
|
+
class << self
|
|
147
|
+
|
|
148
|
+
# Has the user already talked to the Cas server?
|
|
149
|
+
def authentication_required?(controller)
|
|
150
|
+
(controller.session[:cas_user].nil? || controller.session[:cas_renewed].nil?) && controller.params[:ticket].nil?
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def get_credentials(controller)
|
|
154
|
+
logger.debug "Always require credentials for authentication"
|
|
155
|
+
redirect_to_cas_login(controller)
|
|
156
|
+
return false
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
def redirect_to_cas_login(controller)
|
|
160
|
+
controller.session[:cas_renewed] = true
|
|
161
|
+
logger.debug "Redirecting to #{login_url(controller, :renew => true)}"
|
|
162
|
+
controller.send(:redirect_to, login_url(controller, :renew => true))
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
end
|
|
166
|
+
end
|
|
156
167
|
|
|
157
168
|
end
|
data/lib/casablanca.rb
CHANGED
data/test/test_rails_filter.rb
CHANGED
|
@@ -10,10 +10,8 @@ class TestRailsConfig < Test::Unit::TestCase
|
|
|
10
10
|
def test_config
|
|
11
11
|
Rails::Config.config do |config|
|
|
12
12
|
config[:cas_server_url] = "http://example.com/cas_server"
|
|
13
|
-
config[:renew] = true
|
|
14
13
|
end
|
|
15
14
|
assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller)
|
|
16
|
-
assert_equal true, Rails::Filter.renew?
|
|
17
15
|
end
|
|
18
16
|
|
|
19
17
|
end
|
|
@@ -71,17 +69,6 @@ class TestRailsFilter < Test::Unit::TestCase
|
|
|
71
69
|
assert_equal true, Filter.filter(@controller)
|
|
72
70
|
assert_equal 'admin', @controller.session[:cas_user]
|
|
73
71
|
end
|
|
74
|
-
|
|
75
|
-
def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required
|
|
76
|
-
Config.config do |config|
|
|
77
|
-
config[:cas_server_url] = "http://localhost:4567"
|
|
78
|
-
config[:renew] = true
|
|
79
|
-
end
|
|
80
|
-
service_ticket = get_service_ticket
|
|
81
|
-
@controller.session = {:cas_user => 'admin'}
|
|
82
|
-
assert_equal false, Filter.filter(@controller)
|
|
83
|
-
assert_equal 'admin', @controller.session[:cas_user]
|
|
84
|
-
end
|
|
85
72
|
|
|
86
73
|
def test_filter_not_authenticated
|
|
87
74
|
assert_equal false, Filter.filter(@controller)
|
|
@@ -117,4 +104,34 @@ class TestRailsGatewayFilter < TestRailsFilter
|
|
|
117
104
|
assert_equal nil, @controller.session[:cas_user]
|
|
118
105
|
end
|
|
119
106
|
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
class TestRailsRenewFilter < TestRailsFilter
|
|
110
|
+
def setup
|
|
111
|
+
Config.config do |config|
|
|
112
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
113
|
+
end
|
|
114
|
+
@controller = Controller.new
|
|
115
|
+
@controller.params = {}
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def test_filter_already_authenticated_on_cas_server_but_renew_required
|
|
119
|
+
Config.config do |config|
|
|
120
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
121
|
+
end
|
|
122
|
+
service_ticket = get_service_ticket
|
|
123
|
+
@controller.session = {:cas_user => 'admin'}
|
|
124
|
+
assert_equal false, RenewFilter.filter(@controller)
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def test_filter_already_renewed_with_valid_ticket_from_session_should_not_renew
|
|
128
|
+
Config.config do |config|
|
|
129
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
130
|
+
end
|
|
131
|
+
service_ticket = get_service_ticket
|
|
132
|
+
@controller.session = {:cas_user => 'admin', :cas_renewed => true}
|
|
133
|
+
assert_equal true, RenewFilter.filter(@controller)
|
|
134
|
+
assert_equal 'admin', @controller.session[:cas_user]
|
|
135
|
+
end
|
|
136
|
+
|
|
120
137
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: p8-casablanca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Petrik de Heus
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-02-
|
|
12
|
+
date: 2009-02-20 00:00:00 -08:00
|
|
13
13
|
default_executable: casablanca
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|