p8-casablanca 0.0.3.1 → 0.1.0

data/History.txt

@@ -1,11 +1,17 @@
+=== 0.1.0 / 2009-02-18
+
+* 1 major enhancement
+
+  * Implemented gatewaying for rails filter
+  
 === 0.0.2 / 2009-01-07
 
 * 1 major enhancement
 
-  * Implmented renew
+  * Implemented renew
   * Added logger
 
-=== 0.0.2 / 2009-01-07
+=== 0.0.1 / 2009-01-07
 
 * 1 major enhancement
 

data/Manifest.txt

@@ -2,18 +2,18 @@ History.txt
 Manifest.txt
 README.txt
 Rakefile
-init.rb
 bin/casablanca
+init.rb
 lib/casablanca.rb
 lib/casablanca/cli.rb
 lib/casablanca/client.rb
-lib/casablanca/rails/filter.rb
 lib/casablanca/rails/cas_proxy_callback_controller.rb
+lib/casablanca/rails/filter.rb
 lib/casablanca/response_parsers.rb
 test/mocks.rb
 test/test_client.rb
 test/test_helper.rb
 test/test_parser.rb
-test/test_rails_filter.rb
 test/test_rails_cas_proxy_callback_controller.rb
-test/test_ticket.rb
+test/test_rails_filter.rb
+test/test_ticket.rb

data/README.txt

@@ -10,17 +10,16 @@ Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 
 * Includes a commandline Client to test getting service tickets from a CAS server
 * It can be run as a Rails plugin.
-* Gatewaying (permitting the user to continue without authentication) is not implemented.
-  Just skip the filter for those actions.
 
 == TODO:
 
-* Implement proxing
+* Add extra attributes returned from the server
+* Implement proxying
 * Check for single signout
 
 == SYNOPSIS:
 
-Commandline:
+=== Commandline:
 
   % casablanca
 
@@ -35,35 +34,39 @@ In IRB:
   C.authenticate_ticket(ticket)
 
 
-In a Rails project:
+=== Rails:
 - environment.rb:
 
-  Casablanca::RailsFilter.config do |config|
+  Casablanca::Rails::Config.config do |config|
      config[:cas_server_url]  = "http://localhost:4567"
-     config[:service_url]     = "http://localhost:3000"
      # Always require new credentials for authentication
      config[:renew]           = true
   end
   
-- Add the following to application.rb:
 
-  before_filter Casablanca::RailsFilter
+
+  before_filter Casablanca::Rails::Filter
+  # If you want users without credentials to view the page as well use the Gateway filter
+  # before_filter Casablanca::Rails::GatewayFilter
+
+
+- Add something like the following to application.rb to get the current user from the Cas session:
   
-  def current_person
-    @current_person ||= login_from_cas unless @current_person == false
-  end
-    
-  def login_from_cas
-    if session[:cas_user]
-      person = Person.find_by_name(session[:cas_user])
-      logout_killing_session! unless person
-      person
+  def current_user
+    if session[:cas_user] && @user.nil?
+        @user = User.find_by_name(session[:cas_user])
+        logout_killing_session! unless @user
     end
+    @user
   end
 
-- Add the following to you logout action
+- Your logout action could look like:
 
-  Casablanca::RailsFilter.logout(self)
+  def logout
+    Casablanca::Rails::Filter.logout(self)
+    redirect_to Casablanca::RailsFilter.logout_url(self)
+  end
+  
   
 == REQUIREMENTS:
 

data/Rakefile

@@ -5,7 +5,7 @@ require 'hoe'
 require 'lib/casablanca.rb'
 
 Hoe.new('casablanca', Casablanca::VERSION) do |p|
-  p.developer('FIX', 'FIX@example.com')
+  p.developer('Petrik de Heus', 'FIX@example.com')
   p.remote_rdoc_dir = '' # Release to root  
 end
 

data/lib/casablanca.rb

@@ -1,5 +1,5 @@
 module Casablanca
-  VERSION = '0.0.3.1'
+  VERSION = '0.1.1'
 end
 require 'casablanca/client'
 require 'casablanca/response_parsers'

data/lib/casablanca/client.rb

@@ -28,7 +28,9 @@ module Casablanca
     def login_url(params={})
       uri = URI.parse("#{@cas_server_url}/login")
       query = {:service => @service_url}
+      # TODO Check that only one of these can be set
       query[:renew] = 'true' if params[:renew]
+      query[:gateway] = 'true' if params[:gateway]      
       uri.merge_query(query)
       uri.to_s
     end

data/lib/casablanca/rails/cas_proxy_callback_controller.rb

@@ -0,0 +1,2 @@
+class CasProxyCallbackController < ActionController::Base
+end

data/lib/casablanca/rails/filter.rb

@@ -0,0 +1,157 @@
+module Casablanca::Rails
+   
+    class Config
+
+    class << self
+
+      ##
+      # Configure the client
+      #
+      #   Casablanca::Rails::Config.config do |config|
+      #     config[:cas_server_url]  = "http://localhost:4567"
+      #     # Always require new credentials for authentication
+      #     config[:renew]           = true
+      #   end
+      def config
+        config = {}
+        yield config
+        @cas_server_url = config[:cas_server_url]
+        @renew = config[:renew] # always renew the session
+        # set logger to rails logger
+        Casablanca::Client.logger = ::ActionController::Base.logger        
+      end
+      
+      def renew
+        @renew
+      end
+      
+      def cas_server_url
+        @cas_server_url
+      end
+      
+    end
+  end  
+  
+  class Filter
+
+    class << self
+      
+      ##
+      # Require a authenticated user to the CAS server otherwise redirect to
+      # the CAS server login url.
+      # Set session[:cas_user] to the authenticated CAS user if authenticated
+      def filter(controller)        
+        if authentication_required?(controller)
+          return get_credentials(controller)
+        elsif controller.params[:ticket]
+          return authenticate_ticket(controller)
+        else
+          return true
+        end
+      end
+
+      ##
+      # The login url of the Cas server. This page has the login form.
+      def login_url(controller, params={})
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))        
+        client.login_url(params)
+      end
+
+      ##
+      # The logout url of the Cas server.
+      def logout_url(controller, params={})
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))
+        client.logout_url(params)
+      end
+      
+      ##
+      # Logs out of the Cas server.      
+      def logout(controller)
+        controller.session[:cas_user] = nil
+      end
+      
+      def logger
+        Casablanca::Client.logger
+      end
+      
+      # Always require new credentials for authentication?
+      def renew?
+        Config.renew
+      end
+      
+      # Has the user already talked to the Cas server?
+      def authentication_required?(controller)
+        (controller.session[:cas_user].nil? || renew?) && controller.params[:ticket].nil?
+      end
+
+      def redirect_to_cas_login(controller, renew)
+        controller.session[:cas_renew] = renew
+        controller.send(:redirect_to, login_url(controller, :renew => renew))
+      end      
+
+      def get_credentials(controller)
+        if renew?
+          logger.debug "Always require credentials for authentication"
+        else
+          logger.debug "Not authenticated yet. Ticket parameter required"
+        end
+        redirect_to_cas_login(controller, renew?)
+        return false
+      end        
+
+      def authenticate_ticket(controller)
+        client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller))
+        ticket = Casablanca::Ticket.new(controller.params[:ticket], client.service_url, controller.session[:cas_renew])
+        if client.authenticate_ticket(ticket)
+          logger.debug "Ticket authenticated"
+          controller.session[:cas_user] = ticket.user
+          controller.session[:cas_renew] = nil
+          return true
+        else          
+          logger.debug "Ticket authentication failed: #{ticket.failure_message}"
+          logout(controller)
+          logger.debug "Renew login credentials"
+          redirect_to_cas_login(controller, renew?)
+          return false
+        end
+      end        
+
+      private
+
+      def service_url(controller)
+        params = controller.params.merge(:only_path => false).dup
+        params.delete(:ticket)
+        controller.url_for(params)
+      end        
+      
+    end
+  end
+
+
+  class GatewayFilter < Filter
+
+    class << self
+
+      # # Has the user already talked to the Cas server?
+      # def authentication_required?(controller)
+      #   super(controller)      
+      # end    
+
+      def get_credentials(controller)
+        if controller.session[:cas_gatewayed]
+          logger.debug "Allow user without credentials because gateway is set"
+          return true
+        end
+        return super(controller)
+      end
+    
+      def redirect_to_cas_login(controller, renew)
+        controller.session[:cas_gatewayed] = true
+        logger.debug "Redirecting to #{login_url(controller, :gateway => true)}"
+        controller.send(:redirect_to, login_url(controller, :gateway => true))
+      end
+      
+    end
+  end
+  
+end

data/test/mocks.rb

@@ -24,7 +24,7 @@ module ActionController
   class Base
     def self.logger
       @logger = ::Logger.new($stderr)
-      @logger.level = ::Logger::ERROR
+      @logger.level = LOGGER_LEVEL
       @logger
     end
   end
@@ -41,6 +41,9 @@ class Controller < ActionController::Base
   end
   
   def url_for(url)
+    if url.is_a? Hash
+      return "http://localhost:3000" if url[:only_path] == false
+    end
     url
   end
   

data/test/test_client.rb

@@ -92,9 +92,9 @@ class TestCommandLineClient < Test::Unit::TestCase
     mock_get_service_ticket(@client)
     service_ticket = @client.login('admin', 'admin')
     assert_equal 37, @client.ticket_granting_ticket.size    
-    # if MOCK_REQUESTS
-      # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
-    # end
+    if MOCK_REQUESTS
+      @client.expects(:get).returns(MockResponse.new('<html></html>', '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
+    end
     service_ticket = @client.logout
     assert_equal nil, @client.ticket_granting_ticket
   end
@@ -103,9 +103,9 @@ class TestCommandLineClient < Test::Unit::TestCase
     mock_get_service_ticket(@client)
     service_ticket = @client.login('admin', 'admin')
     assert_equal 37, @client.ticket_granting_ticket.size    
-    # if MOCK_REQUESTS
-      # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
-    # end
+    if MOCK_REQUESTS
+      @client.expects(:get).returns(MockResponse.new('<html></html>', '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E'))
+    end
     service_ticket = @client.logout('follow_url')
     assert_equal nil, @client.ticket_granting_ticket
     # TODO check for follow_url

data/test/test_helper.rb

@@ -1,13 +1,16 @@
 require 'test/unit'
 require 'rubygems'
 require 'mocha'
+# require 'logger'
 require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca.rb')))
+require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'client.rb')))
 require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'rails', 'filter.rb')))
 require(File.expand_path(File.join(File.dirname(__FILE__), 'mocks.rb')))
 require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'rails', 'cas_proxy_callback_controller.rb')))
 
 # set to false if you're integration testing against a real server
-MOCK_REQUESTS = true
+MOCK_REQUESTS = true unless defined? MOCK_REQUESTS
+LOGGER_LEVEL = Logger::WARN unless defined? LOGGER_LEVEL
 
 class Test::Unit::TestCase
   include Casablanca
@@ -33,6 +36,7 @@ class Test::Unit::TestCase
   end 
 end
 
+unless defined? VALID_REQUEST
 VALID_REQUEST = %(
 <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
   <cas:authenticationSuccess>
@@ -55,4 +59,5 @@ INVALID_TICKET = %(
   Ticket ST-1231242314r72465638160B31E8D1 not recognized.
   </cas:authenticationFailure>
 </cas:serviceResponse>
-)
+)
+end

data/test/test_rails_filter.rb

@@ -1,53 +1,59 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+  require File.join(File.dirname(__FILE__), 'test_helper.rb')
+
+class TestRailsConfig < Test::Unit::TestCase  
+  
+  def setup
+    @controller = Controller.new    
+    @controller.params = {}
+  end
+    
+  def test_config
+    Rails::Config.config do |config|
+       config[:cas_server_url]  = "http://example.com/cas_server"
+       config[:renew]           = true
+    end
+    assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller)
+    assert_equal true, Rails::Filter.renew?
+  end
+  
+end
 
 class TestRailsFilter < Test::Unit::TestCase
+  include Casablanca::Rails
   def setup
-    Casablanca::RailsFilter.config do |config|
+    Config.config do |config|
        config[:cas_server_url]  = "http://localhost:4567"
-       config[:service_url]     = "http://localhost:3000"
     end
     @controller = Controller.new    
-    @controller.params = {}       
+    @controller.params = {}
   end
   
   def test_login_url
-    assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', RailsFilter.login_url
+    assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', Filter.login_url(@controller)
   end
 
   def test_login_url_with_params
-    url = RailsFilter.login_url(:renew => true)
+    url = Filter.login_url(@controller, :renew => true)
     assert_equal true, (url =~ /service\=http%3A%2F%2Flocalhost%3A3000/) > 0
     assert_equal true, (url =~ /renew\=true/) > 0
   end
 
   def test_logout_url
-    assert_equal 'http://localhost:4567/logout?', RailsFilter.logout_url
+    assert_equal 'http://localhost:4567/logout?', Filter.logout_url(@controller)
   end  
   
   def test_logout
     @controller.session = { :cas_user => 'admin' }
-    RailsFilter.logout(@controller)
+    Filter.logout(@controller)
     assert_equal({:cas_user=>nil }, @controller.session)
   end
-  
-  def test_config
-    Casablanca::RailsFilter.config do |config|
-       config[:cas_server_url]  = "http://example.com/cas_server"
-       config[:service_url]     = "http://example.com/application"
-       config[:renew]           = true
-    end
-    # assert_equal "http://example.com/cas_server", RailsFilter.client.cas_server_url
-    # assert_equal "http://example.com/application", RailsFilter.client.service_url
-    assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Fexample.com%2Fapplication', RailsFilter.login_url
-    assert_equal true, RailsFilter.renew?
-  end
 
   def test_filter_invalid_attempt
     service_ticket = get_service_ticket    
     params = {:ticket => 'service_ticket.ticket'}
     mock_authenticate_ticket(INVALID_REQUEST)
     @controller.params = params 
-    assert_equal false, RailsFilter.filter(@controller)
+    assert_equal false, Filter.filter(@controller)
   end
 
   def test_filter_authenticated_with_valid_ticket_from_request
@@ -55,24 +61,60 @@ class TestRailsFilter < Test::Unit::TestCase
     params = {:ticket => service_ticket.ticket}
     mock_authenticate_ticket(VALID_REQUEST)
     @controller.params = params
-    assert_equal true, RailsFilter.filter(@controller)
+    assert_equal true, Filter.filter(@controller)
     assert_equal 'admin', @controller.session[:cas_user]
   end
 
   def test_filter_already_authenticated_with_valid_ticket_from_session
     service_ticket = get_service_ticket    
     @controller.session = {:cas_user => 'admin'}
-    mock_authenticate_ticket(VALID_REQUEST)
-    assert_equal true, RailsFilter.filter(@controller)
+    assert_equal true, Filter.filter(@controller)
     assert_equal 'admin', @controller.session[:cas_user]    
   end
+  
+  def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+       config[:renew]  = true
+    end    
+    service_ticket = get_service_ticket    
+    @controller.session = {:cas_user => 'admin'}
+    assert_equal false, Filter.filter(@controller)
+    assert_equal 'admin', @controller.session[:cas_user]    
+  end  
 
   def test_filter_not_authenticated
-    assert_equal false, RailsFilter.filter(@controller)
+    assert_equal false, Filter.filter(@controller)
   end
 
   def test_filter_not_authenticated
-    assert_equal false, RailsFilter.filter(@controller)
+    assert_equal false, Filter.filter(@controller)
+  end
+
+end
+
+class TestRailsGatewayFilter < TestRailsFilter
+  def setup
+    Config.config do |config|
+       config[:cas_server_url]  = "http://localhost:4567"
+    end
+    @controller = Controller.new    
+    @controller.params = {}
+  end  
+
+  def test_filter_not_authenticated_sets_cas_gatewayed
+    # service_ticket = get_service_ticket
+    #mock_authenticate_ticket(VALID_REQUEST)
+    assert_equal false, GatewayFilter.filter(@controller)
+    assert_equal true, @controller.session[:cas_gatewayed]
+  end
+
+  def test_filter_not_authenticated_already_tried
+    # service_ticket = get_service_ticket
+    @controller.session = {:cas_gatewayed => true}
+    #mock_authenticate_ticket(VALID_REQUEST)
+    assert_equal true, GatewayFilter.filter(@controller)
+    assert_equal nil, @controller.session[:cas_user]    
   end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: p8-casablanca
 version: !ruby/object:Gem::Version 
-  version: 0.0.3.1
+  version: 0.1.0
 platform: ruby
 authors: 
 - Petrik de Heus
@@ -9,19 +9,20 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-24 00:00:00 -08:00
+date: 2009-02-18 00:00:00 -08:00
 default_executable: casablanca
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: hoe
+  type: :development
   version_requirement: 
   version_requirements: !ruby/object:Gem::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.8.2
+        version: 1.8.3
     version: 
-description: 
+description: Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 email: 
 - FIX@example.com
 executables: 
@@ -35,24 +36,25 @@ extra_rdoc_files:
 files: 
 - History.txt
 - Manifest.txt
+- README.txt
 - Rakefile
-- init.rb
 - bin/casablanca
+- init.rb
 - lib/casablanca.rb
 - lib/casablanca/cli.rb
 - lib/casablanca/client.rb
-- lib/casablanca/filters/rails.rb
+- lib/casablanca/rails/cas_proxy_callback_controller.rb
+- lib/casablanca/rails/filter.rb
 - lib/casablanca/response_parsers.rb
 - test/mocks.rb
 - test/test_client.rb
 - test/test_helper.rb
 - test/test_parser.rb
+- test/test_rails_cas_proxy_callback_controller.rb
 - test/test_rails_filter.rb
 - test/test_ticket.rb
-- test/test_rails_cas_proxy_callback_controller.rb
-- README.txt
 has_rdoc: true
-homepage: 
+homepage: http://rubyforge.org/projects/casablanca/
 post_install_message: 
 rdoc_options: 
 - --main
@@ -77,12 +79,11 @@ rubyforge_project: casablanca
 rubygems_version: 1.2.0
 signing_key: 
 specification_version: 2
-summary: A single sign-on client for the CAS 2.0 protocol
+summary: Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
 test_files: 
-- test/mocks.rb
 - test/test_client.rb
 - test/test_helper.rb
 - test/test_parser.rb
+- test/test_rails_cas_proxy_callback_controller.rb
 - test/test_rails_filter.rb
 - test/test_ticket.rb
-- test/test_rails_cas_proxy_callback_controller.rb