rack-cas 0.13.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cc8336d0e3209b2a97a12f4edf8c75ab4eba5394
-  data.tar.gz: 75d90457796e73f01d1a68e94c17fc833823306c
+  metadata.gz: daf9d3dbf75e0d6a514a5385e4eac0d3d9c892b7
+  data.tar.gz: 53e90cefe8b5aeaa46f417cb989fbc8a41452af4
 SHA512:
-  metadata.gz: 9e3411f27cb4033cdc3a9f908680fa456d9b0b36ea61e49abe55411d1e299fb44fa97eef5451aabf5b71bc18e1ea896dd830e4109466f322111e2fe24686ee05
-  data.tar.gz: e4fa2a3b97670d12d5ab8967c8e7413eeff4405d15e062e0b58d908983dcbd71ec0958c0c764b51ea7461111657f33ab974cb62d1333faf9789582ca05ad55c0
+  metadata.gz: a8869d32aef929055c0ce13d90c064a794512f52aaae28512357c875e50940df1e94f9f7ae5f2e2289e306ca9ebc6ab56e0044ea6583b2e2cd0c68919609eeb6
+  data.tar.gz: c73417fcef8ab4db3912b9fad3d9c090418c4ee47fffb5f3a88fa40e7615ab99e9aa704d49acfdc42c012872de97516965128f0c67eb09fe6b6bea5fc80ce328

data/README.md

@@ -1,4 +1,4 @@
-Rack-CAS [![Build Status](https://travis-ci.org/biola/rack-cas.png?branch=master)](https://travis-ci.org/biola/rack-cas)
+Rack-CAS [![Build Status](https://travis-ci.org/biola/rack-cas.svg?branch=master)](https://travis-ci.org/biola/rack-cas) [![Gem Version](https://badge.fury.io/rb/rack-cas.svg)](https://badge.fury.io/rb/rack-cas)
 ========
 Rack-CAS is simple [Rack](http://rack.github.com/) middleware to perform [CAS](http://en.wikipedia.org/wiki/Central_Authentication_Service) client authentication.
 
@@ -20,7 +20,7 @@ Requirements
 ============
 * Ruby >= 1.9.2
 * A working [CAS server](http://casino.rbcas.com)
-* An app that [returns a `401 Unauthorized`](#integration) status when authentication is requried
+* An app that [returns a `401 Unauthorized`](#integration) status when authentication is required
 
 Installation
 ============
@@ -38,7 +38,7 @@ If the the server URL depends on your environment, you can define it in the acco
 
 ### Single Logout ###
 
-If you wish to enable [single logout](http://jasig.github.io/cas/4.0.x/installation/Logout-Single-Signout.html) you'll need to modify your configuration as below.
+If you wish to enable [single logout](http://apereo.github.io/cas/4.0.x/installation/Logout-Single-Signout.html) you'll need to modify your configuration as below.
 
 #### Active Record ####
 
@@ -83,7 +83,27 @@ See the [example Sinatra app](https://gist.github.com/adamcrown/a7e7577594690335
 
 ### Single Sign Out ###
 
-Single sign out support outside of Rails is currently untested. We'll be adding instructions here soon.
+You will need to store sessions in session store supported by Rack CAS. 
+
+#### Active Record ####
+Add a migration that looks roughly like
+
+    class AddSessionStore < ActiveRecord::Migration
+    	def change
+    		create_table :sessions do |t|
+    			t.string :cas_ticket
+    			t.string :session_id
+    			t.text :data
+    			t.datetime :created_at
+    			t.datetime :updated_at
+    		end
+    	end
+    end
+
+Then use the middleware with
+
+    require 'rack-cas/session-store/rack/active_record'
+    use Rack::Session::RackCASActiveRecordStore
 
 Configuration
 =============
@@ -111,6 +131,29 @@ The same options can be passed to `FakeCAS`.
 use Rack::FakeCAS, exclude_path: '/api'
 ```
 
+Excluding Requests
+------------------
+
+If the path exclusion is not suitable to ignore the CAS authentication in some parts of your app, you can pass
+`exclude_request_validator` to the middleware with a custom validator. You need to pass a `Proc` object that will accept
+a `Rack::Request` object as a parameter.
+
+```ruby
+use Rack::CAS, server_url: '...', exclude_request_validator: Proc.new { |req| req.env['HTTP_CONTENT_TYPE'] == 'application/json' }
+```
+
+Ignore 401 Intercept
+--------------------
+
+For some requests you might want to ignore the 401 intercept made by the middleware. For example when we want CAS to
+authenticate API requests but leave the redirect handling to the client. For this you can use the
+`ignore_intercept_validator`. You need to pass a `Proc` object that will accept a `Rack::Request` object as a parameter.
+
+```ruby
+use Rack::CAS, server_url: '...', ignore_intercept_validator: Proc.new { |req| req.env['HTTP_CONTENT_TYPE'] == 'application/json' }
+use Rack::CAS, server_url: '...', ignore_intercept_validator: Proc.new { |req| req.env['PATH_INFO'] =~ 'api' }
+```
+
 SSL Cert Verification
 ---------------------
 

data/lib/rack-cas/cas_request.rb

@@ -1,6 +1,8 @@
 require 'nokogiri'
 
 class CASRequest
+  attr_reader :request
+
   def initialize(request)
     @request = request
   end

data/lib/rack-cas/configuration.rb

@@ -1,12 +1,13 @@
 module RackCAS
   class Configuration
-    SETTINGS = [:fake, :server_url, :session_store, :exclude_path, :exclude_paths, :extra_attributes_filter, :verify_ssl_cert, :renew, :use_saml_validation]
+    SETTINGS = [:fake, :server_url, :session_store, :exclude_path, :exclude_paths, :extra_attributes_filter,
+                :verify_ssl_cert, :renew, :use_saml_validation, :ignore_intercept_validator, :exclude_request_validator]
 
     SETTINGS.each do |setting|
       attr_accessor setting
 
       define_method "#{setting}?" do
-        !(send(setting).nil? || send(setting) == [])
+        ![nil, false, []].include? send(setting)
       end
     end
 
@@ -24,7 +25,7 @@ module RackCAS
           raise ArgumentError, "invalid setting: #{setting}"
         end
 
-        self.public_send "#{setting}=", value
+        public_send "#{setting}=", value
       end
 
       raise ArgumentError, 'server_url is required' unless server_url?

data/lib/rack-cas/session_store/active_record.rb

@@ -15,7 +15,8 @@ module RackCAS
 
     private
 
-    def get_session(env, sid)
+    # Rack 2.0 method
+    def find_session(env, sid)
       if sid.nil?
         sid = generate_sid
         data = nil
@@ -31,7 +32,8 @@ module RackCAS
       [sid, data]
     end
 
-    def set_session(env, sid, session_data, options)
+    # Rack 2.0 method
+    def write_session(req, sid, session_data, options)
       cas_ticket = (session_data['cas']['ticket'] unless session_data['cas'].nil?)
 
       session = if ActiveRecord.respond_to?(:version) && ActiveRecord.version >= Gem::Version.new('4.0.0')
@@ -46,12 +48,26 @@ module RackCAS
       success ? session.session_id : false
     end
 
-    def destroy_session(env, sid, options)
+    # Rack 2.0 method
+    def delete_session(req, sid, options)
       Session.where(session_id: sid).delete_all
 
       options[:drop] ? nil : generate_sid
     end
 
+    # Rack 1.* method
+    alias get_session find_session
+
+    # Rack 1.* method
+    def set_session(env, sid, session_data, options) # rack 1.x compatibilty
+      write_session(Rack::Request.new(env), sid, session_data, options)
+    end
+
+    # Rack 1.* method
+    def destroy_session(env, sid, options) # rack 1.x compatibilty
+      delete_session(Rack::Request.new(env), sid, options)
+    end
+
     def pack(data)
       ::Base64.encode64(Marshal.dump(data)) if data
     end

data/lib/rack-cas/session_store/mongoid.rb

@@ -27,7 +27,8 @@ module RackCAS
 
     private
 
-    def get_session(env, sid)
+    # Rack 2.0 method
+    def find_session(env, sid)
       if sid.nil?
         sid = generate_sid
         data = nil
@@ -43,7 +44,8 @@ module RackCAS
       [sid, data]
     end
 
-    def set_session(env, sid, session_data, options)
+    # Rack 2.0 method
+    def write_session(env, sid, session_data, options)
       cas_ticket = (session_data['cas']['ticket'] unless session_data['cas'].nil?)
 
       session = Session.find_or_initialize_by(_id: sid)
@@ -52,12 +54,26 @@ module RackCAS
       success ? session.id : false
     end
 
-    def destroy_session(env, sid, options)
+    # Rack 2.0 method
+    def delete_session(env, sid, options)
       Session.where(_id: sid).delete
 
       options[:drop] ? nil : generate_sid
     end
 
+    # Rack 1.* method
+    alias get_session find_session
+
+    # Rack 1.* method
+    def set_session(env, sid, session_data, options) # rack 1.x compatibilty
+      write_session(Rack::Request.new(env), sid, session_data, options)
+    end
+
+    # Rack 1.* method
+    def destroy_session(env, sid, options) # rack 1.x compatibilty
+      delete_session(Rack::Request.new(env), sid, options)
+    end
+
     def pack(data)
       if defined? Moped::BSON
         Moped::BSON::Binary.new(:generic, Marshal.dump(data))

data/lib/rack-cas/session_store/rack/active_record.rb

@@ -0,0 +1,10 @@
+require 'rack/session/abstract/id'
+require 'rack-cas/session_store/active_record'
+
+module Rack
+  module Session
+    class RackCASActiveRecordStore < Rack::Session::Abstract::ID
+      include RackCAS::ActiveRecordStore
+    end
+  end
+end

data/lib/rack-cas/version.rb

@@ -1,3 +1,3 @@
 module RackCAS
-  VERSION = '0.13.0'
+  VERSION = '0.14.0'
 end

data/lib/rack/cas.rb

@@ -16,9 +16,7 @@ class Rack::CAS
     request = Rack::Request.new(env)
     cas_request = CASRequest.new(request)
 
-    if cas_request.path_matches? RackCAS.config.exclude_path || RackCAS.config.exclude_paths
-      return @app.call(env)
-    end
+    return @app.call(env) if exclude_request?(cas_request)
 
     if cas_request.ticket_validation?
       log env, 'rack-cas: Intercepting ticket validation request.'
@@ -51,7 +49,7 @@ class Rack::CAS
 
     response = @app.call(env)
 
-    if response[0] == 401 # access denied
+    if response[0] == 401 && !ignore_intercept?(request) # access denied
       log env, 'rack-cas: Intercepting 401 access denied response. Redirecting to CAS login.'
 
       redirect_to server.login_url(request.url).to_s
@@ -66,6 +64,19 @@ class Rack::CAS
     @server ||= RackCAS::Server.new(RackCAS.config.server_url)
   end
 
+  def ignore_intercept?(request)
+    return false if (validator = RackCAS.config.ignore_intercept_validator).nil?
+    validator.call(request)
+  end
+
+  def exclude_request?(cas_request)
+    if (validator = RackCAS.config.exclude_request_validator)
+      validator.call(cas_request.request)
+    else
+      cas_request.path_matches? RackCAS.config.exclude_path || RackCAS.config.exclude_paths
+    end
+  end
+
   def get_user(service_url, ticket)
     server.validate_service(service_url, ticket)
   end

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: rack-cas
 version: !ruby/object:Gem::Version
-  version: 0.13.0
+  version: 0.14.0
 platform: ruby
 authors:
 - Adam Crownoble
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-01 00:00:00.000000000 Z
+date: 2016-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
@@ -84,14 +84,14 @@ dependencies:
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.6'
 - !ruby/object:Gem::Dependency
@@ -127,6 +127,7 @@ files:
 - lib/rack-cas/service_validation_response.rb
 - lib/rack-cas/session_store/active_record.rb
 - lib/rack-cas/session_store/mongoid.rb
+- lib/rack-cas/session_store/rack/active_record.rb
 - lib/rack-cas/session_store/rack/mongoid.rb
 - lib/rack-cas/session_store/rails/active_record.rb
 - lib/rack-cas/session_store/rails/mongoid.rb
@@ -160,3 +161,4 @@ signing_key:
 specification_version: 4
 summary: Rack-based CAS client
 test_files: []
+has_rdoc: