rack-cas 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012 by Biola University
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,47 @@
+Rack-CAS
+========
+Rack-CAS is simple [Rack](http://rack.github.com/) middleware to perform [CAS](http://jasig.org/cas) client authentication.
+
+Features
+========
+* __Rack based__
+* __Framework independent__  
+Works with but doesn't depend on Rails, Sinatra, etc.
+* __Minimal dependencies__  
+Current gem dependencies are [rack](http://rubygems.org/gems/rack), [addressable](http://rubygems.org/gems/addressable) and [nokogiri](http://rubygems.org/gems/nokogiri).
+* __Supports CAS extra attributes__  
+Extra attributes are a mess though. So let me know if your brand of CAS server isn't supported.
+
+Coming Soon
+===========
+* __Single sign out__
+
+Requirements
+============
+* Ruby >= 1.9.2
+* A working [CAS server](http://code.google.com/p/rubycas-server)
+
+Installation
+============
+
+    gem install rack-cas
+
+Or for [Bundler](http://gembundler.com):
+
+    gem 'rack-cas'
+
+Then in your `config.ru` file add
+
+    require 'rack/cas'
+    use Rack::CAS, server_url: 'https://login.example.com/cas'
+
+Integration
+===========
+Your app should __return a [401 status](http://httpstatus.es/401)__ whenever a request is made that requires authentication. Rack-CAS will catch these responses and attempt to authenticate via your CAS server.
+
+Once authentication with the CAS server has completed, Rack-CAS will set the following session variables:
+
+    request.session['cas']['user'] #=> johndoe
+    request.session['cas']['extra_attributes'] #=> { 'first_name' => 'John', 'last_name' => ... }
+
+__NOTE:__ `extra_attributes` will be an empty hash unless they've been [configured on your CAS server](http://code.google.com/p/rubycas-server/wiki/HowToSendExtraUserAttributes).

data/lib/rack-cas.rb

@@ -0,0 +1,2 @@
+module RackCAS
+end

data/lib/rack-cas/server.rb

@@ -0,0 +1,30 @@
+require 'rack-cas/url'
+require 'rack-cas/service_validation_response'
+
+module RackCAS
+  class Server
+    def initialize(url)
+      @url = RackCAS::URL.parse(url)
+    end
+
+    def login_url(service_url)
+      @url.dup.append_path('login').add_params(service: service_url)
+    end
+
+    def logout_url
+      @url.dup.append_path('logout')
+    end
+
+    def validate_service(service_url, ticket)
+      response = ServiceValidationResponse.new validate_service_url(service_url, ticket)
+      [response.user, response.extra_attributes]
+    end
+
+    protected
+
+    def validate_service_url(service_url, ticket)
+      service_url = URL.parse(service_url).remove_param('ticket').to_s
+      @url.dup.append_path('serviceValidate').add_params(service: service_url, ticket: ticket)
+    end
+  end
+end

data/lib/rack-cas/service_validation_response.rb

@@ -0,0 +1,60 @@
+module RackCAS
+  class ServiceValidationResponse
+    REQUEST_HEADERS = { 'Accept' => '*/*' }
+
+    def initialize(url)
+      @url = URL.parse(url)
+    end
+
+    def user
+      xml.xpath('/cas:serviceResponse/cas:authenticationSuccess/cas:user').text
+    end
+
+    def extra_attributes
+      attrs = {}
+
+      # Jasig style
+      if attr_node = xml.at('/cas:serviceResponse/cas:authenticationSuccess/cas:attributes')
+        attr_node.children.each do |node|
+          if node.is_a? Nokogiri::XML::Element
+            attrs[node.name] = node.text
+          end
+        end
+
+      # RubyCas-Server style
+      else
+        xml.at('/cas:serviceResponse/cas:authenticationSuccess').children.each do |node|
+          if node.is_a? Nokogiri::XML::Element
+            if !node.namespace || !node.namespace.prefix == 'cas'
+              # TODO: support JSON encoding
+              attrs[node.name] = YAML.load node.text.strip
+            end
+          end
+        end
+      end
+
+      attrs
+    end
+
+    protected
+
+    def response
+      return @response unless @response.nil?
+      
+      http = Net::HTTP.new(@url.host, @url.inferred_port)
+      http.use_ssl = true if @url.scheme == 'https'
+
+      http.start do |conn|
+        @response = conn.get(@url.request_uri, REQUEST_HEADERS)
+      end
+
+      @response
+    end
+
+    def xml
+      return @xml unless @xml.nil?
+      
+      @xml = Nokogiri::XML(response.body)
+    end
+  end
+end

data/lib/rack-cas/url.rb

@@ -0,0 +1,50 @@
+require 'addressable/uri'
+
+module RackCAS
+  class URL < Addressable::URI
+    def append_path(path)
+      self.tap do |u|
+        u.path = (u.path.split('/') + [path]).join('/')
+      end
+    end
+
+    def add_params(params)
+      self.tap do |u|
+        u.query_values = (u.query_values || {}).tap do |qv|
+          params.each do |key, value|
+            qv[key] = value
+          end
+        end
+      end
+    end
+
+    def remove_param(param)
+      remove_params(Array(param))
+    end
+
+    # params can be an array or a hash
+    def remove_params(params)
+      self.tap do |u|
+        u.query_values = (u.query_values || {}).tap do |qv|
+          params.each do |key, value|
+            qv.delete key
+          end
+        end
+      end
+    end
+
+    def dup
+      duplicated_uri = RackCAS::URL.new(
+        :scheme => self.scheme ? self.scheme.dup : nil,
+        :user => self.user ? self.user.dup : nil,
+        :password => self.password ? self.password.dup : nil,
+        :host => self.host ? self.host.dup : nil,
+        :port => self.port,
+        :path => self.path ? self.path.dup : nil,
+        :query => self.query ? self.query.dup : nil,
+        :fragment => self.fragment ? self.fragment.dup : nil
+      )
+      return duplicated_uri
+    end
+  end
+end

data/lib/rack-cas/version.rb

@@ -0,0 +1,3 @@
+module RackCAS
+  VERSION = '0.1.0'
+end

data/lib/rack/cas.rb

@@ -0,0 +1,79 @@
+require 'rack'
+require 'addressable/uri'
+require 'rack-cas/server'
+
+class Rack::CAS
+  attr_accessor :server_url
+
+  def initialize(app, config={})
+    @app = app
+    @server_url = config.delete(:server_url)
+    @config = config
+
+    raise ArgumentError, 'server_url is required' if @server_url.nil?
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+
+    if ticket_validation_request?(request)
+      user, extra_attrs = get_user(request)
+
+      store_session request, user, extra_attrs
+      return redirect_to ticketless_url(request)
+    end
+
+    if logout_request?(request)
+      request.session.clear
+      return redirect_to server.logout_url.to_s
+    end
+
+    response = @app.call(env)
+
+    if access_denied_response?(response)
+      redirect_to server.login_url(request.url).to_s
+    else
+      response
+    end
+  end
+
+  protected
+
+  def server
+    @server ||= RackCAS::Server.new(@server_url)
+  end
+
+  def logout_request?(request)
+    request.path_info == '/logout'
+  end
+
+  def ticket_validation_request?(request)
+    !get_ticket(request).nil?
+  end
+
+  def access_denied_response?(response)
+    response[0] == 401
+  end
+
+  def ticketless_url(request)
+    RackCAS::URL.parse(request.url).remove_param('ticket').to_s
+  end
+
+  def get_ticket(request)
+    request.params['ticket']
+  end
+
+  def get_user(request)
+    server.validate_service(request.url, get_ticket(request))
+  end
+
+  def store_session(request, user, extra_attrs = {})
+    request.session['cas'] = {}
+    request.session['cas']['user'] = user
+    request.session['cas']['extra_attributes'] = extra_attrs
+  end
+
+  def redirect_to(url, status=302)
+    [ status, { 'Location' => url, 'Content-Type' => 'text/plain' }, ["Redirecting you to #{url}"] ]
+  end
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: rack-cas
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Adam Crownoble
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple CAS authentication for Rails, Sinatra or any Rack-based site
+email: adam.crownoble@biola.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.markdown
+- MIT-LICENSE
+- lib/rack-cas.rb
+- lib/rack-cas/url.rb
+- lib/rack-cas/version.rb
+- lib/rack-cas/service_validation_response.rb
+- lib/rack-cas/server.rb
+- lib/rack/cas.rb
+homepage: https://github.com/biola/rack-cas
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Rack-based CAS client
+test_files: []