rack-casual 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Gudleik Rasch
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,121 @@
+Rack::Casual
+============
+
+A very simple Rack authentication plugin using CAS or a token.
+It kicks in whenever a 401 response is returned from the server.
+
+The plugin has only been tested using ActiveRecord and Rails 3.
+
+Installation
+============
+
+Add this to your Gemfile:
+
+  gem 'rack-casual'
+  
+Run bundle install, and add a configuration file:
+
+  $ rails generate rack_casual
+  
+This creates a config/initializers/rack-casual.rb file. 
+Make sure base_url points to your CAS server.
+If your user model is called something other than "User", you can change this here.
+
+Next you must configure your application to use the plugin. 
+For Rails3, you can add this to your config/application.rb
+  config.middleware.use "Rack::Casual::Authentication"
+
+Finally, to authenticate your users, add a before_filter to your controller:
+
+  class ApplicationController < ActionController::Base
+    before_filter :authenticate!
+  end
+
+
+Usage
+=====
+
+Rack::Casual adds some helper methods to ActionController::Base
+
+  * logged_in? 
+  Returns true if session contains user-id
+  
+  * current_user
+  Returns the currently logged in user.
+  
+  * authenticate!
+  This is the method you want to use in a before_filter
+
+
+Authentication token
+====================
+
+CAS is nice and all that, but it's not so nice for webservices. 
+Therefore Rack::Casual can authenticate requests using a token.
+Make sure your User model has a auth_token attribute. You can call it whatever you want, but it defaults to auth_token.
+
+From your client you can now authenticate using this token:
+
+  http://your-app.com/my-protected-webservice?auth_token=secret
+  
+If there are no users with that token, the client just receives the 401 error. 
+It does not fallback to CAS or create a user automatically (doh).
+
+
+Finding users
+=============
+
+If you want to control how Rack::Casual finds the user, you can set a scope to be used.
+  # config/initializers/rack-casual.rb:
+  config.authentication_scope = :active
+  
+  # app/models/user.rb
+  class User < ActiveRecord::Base
+    def self.active
+      where(:active => true)
+    end
+  end
+  
+Then Rack::Casual will only search among users where active is true.
+A side effect of this is that Rack::Casual will try to create a user that already exists.
+However, this should not be a problem as long as your User model validates the uniqueness of the username.
+
+The default scope to use is
+
+Extra attributes
+================
+
+When creating users automatically, Rack::Casual can also add extra attributes if your CAS server provides this.
+For this to work your User model must have a cas_extra_attributes= instance method.
+Here's an example:
+
+  class User < ActiveRecord::Base
+    def cas_extra_attributes=(extra_attributes)
+      extra_attributes.each do |name, value|
+        case name.to_sym
+          when :name   then self.name   = value
+          when :email  then self.email  = value
+          when :phone  then self.phone  = value
+        end
+      end
+    end
+  end
+  
+
+Tracking
+========
+
+If you have enabled tracking, Rack::Casual can update the logged in user with information about last login time and IP.
+These variables will be updated if they are present in your User model:
+  * last_login_at (datetime)
+  * last_login_ip (string)
+  * login_count   (integer)
+
+TODO
+====
+
+1. Testing. How embarrasing. A gem without tests is like a forrest without trees.
+2. Replace ruby-cas with something "lighter", like casual, but casual doesn't seem to support extra attributes...
+   Note to self: http://rubycas-client.rubyforge.org/classes/CASClient/ValidationResponse.src/M000044.html
+
+Copyright (c) 2010 Gudleik Rasch <gudleik@gmail.com>, released under the MIT license

data/lib/generators/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Installs an initializer in config/initializers/ for Rack::Casual
+
+Example:
+    rails generate rack_casual
+
+    This will create:
+        config/initializers/rack-casual.rb

data/lib/generators/rack_casual_generator.rb

@@ -0,0 +1,8 @@
+class RackCasualGenerator < Rails::Generators::Base
+  source_root File.expand_path('../templates', __FILE__)
+  
+  def copy_initializer
+    copy_file "initializer.rb", "config/initializers/rack-casual.rb"
+  end
+  
+end

data/lib/generators/templates/initializer.rb

@@ -0,0 +1,58 @@
+# Configuration for Rack::Casual
+# Commented values are default.
+
+Rack::Casual.setup do |config|
+  
+  # Base URL to your CAS server -- required
+  config.base_url = 'http://localhost:8088'
+  
+  # If you want users to authenticate using an authentication token,
+  # set the auth_token_key to the name of the attribute in your user model.
+  # Users can now authenticate using http://your-app.com/?auth_token=a-very-secret-key
+  # Setting this value to nil disables token authentication.
+  # config.auth_token_key = 'auth_token'
+
+  # Name of the session key used to store the user-id
+  # Default is "user", so you get session[:user]
+  # config.session_key_user = "user"
+
+  # Rack::Casual can create the user automatically on successful login
+  # Set this to false to disable this feature.
+  # If you want to include extra attributes provided by your CAS server,
+  # you must add a cas_extra_attributes=(attributes) method in your User model.
+  # See the README for an example.
+  # config.create_user = true
+  
+  # If you have enabled create_user, here you can specify the name of your
+  # user class. Defaults to 'User'.
+  # config.user_class = "User"
+  
+  # This is the username attribute used by your User model.
+  # config.username = "username"
+  
+  # Finding the user
+  # You can set a custom scope that Rack::Casual should use when finding the user.
+  # If you have a active scope, you can set this to :active.
+  # config.authentication_scope = nil
+  
+  # Tracking
+  # If you have last_login_at and/or last_login_ip attributes on your User model,
+  # Rack::Casual can update these when user logs in.
+  # config.enable_tracking = true
+
+  # Name of the ticket parameter used by CAS.
+  # config.ticket_param = 'ticket'
+  
+  # URL to the service validation on your CAS server.
+  # nil = use defaults
+  # config.validate_url = nil
+  
+  # CAS login url.
+  # nil = use defaults
+  # config.login_url = nil
+  
+  # CAS logout url.
+  # nil = use defaults
+  # config.logout_url = nil
+  
+end

data/lib/rack/casual/authentication.rb

@@ -0,0 +1,79 @@
+module Rack
+  
+  module Casual
+    
+    class Authentication
+      
+      def initialize(app)
+        @app = app
+      end
+  
+      def call(env)
+        @request  = Rack::Request.new(env)
+        @response = @app.call(env)
+        @env = env
+    
+        process_request_from_cas
+        handle_401
+      end
+  
+      private
+  
+      def process_request_from_cas
+        if ticket = read_ticket
+          if user = UserFactory.authenticate_with_cas_ticket(ticket, @request)
+            # TODO: remove the params['ticket'] so the app doesn't see this...
+            @request.session[Rack::Casual.session_key_user] = user.id
+          else
+            # [ 403, { "Content-Type" => "text/plain" }, "Sorry, I was unable to authenticate you" ]
+          end
+        end
+      end
+
+      def handle_401
+        return @response unless @response[0] == 401
+    
+        if Rack::Casual.auth_token_key && @request.params[Rack::Casual.auth_token_key]
+          authenticate_with_token
+        else
+          redirect_to_cas
+        end
+      end
+      
+      def authenticate_with_token
+        user = UserFactory.authenticate_with_token(@request)
+        @request.session[Rack::Casual.session_key_user] = user.id if user
+        @app.call(@env)
+      end
+  
+      def redirect_to_cas
+        url = Rack::Casual.cas_client.add_service_to_login_url(service_url)
+        [ 302, 
+          { 
+            "Location"      => url,
+            "Content-Type"  => "text/plain" 
+          }, 
+          "Redirecting to CAS for authentication" 
+        ]
+      end
+  
+      def service_url
+        @request.url.sub(/[\?&]#{Rack::Casual.ticket_param}=[^\?&]+/, '')
+      end
+  
+      # Read ticket from params and create a CASClient ticket
+      def read_ticket
+        ticket = @request.params[Rack::Casual.ticket_param]
+        return nil unless ticket
+          
+        if ticket =~ /^PT-/
+          ::CASClient::ProxyTicket.new(ticket, service_url, @request.params[:renew])
+        else
+          ::CASClient::ServiceTicket.new(ticket, service_url, @request.params[:renew])
+        end
+      end
+
+    end
+  
+  end
+end

data/lib/rack/casual/controller.rb

@@ -0,0 +1,22 @@
+module Rack
+  
+  module Casual
+    
+    module Controller
+
+      def authenticate!
+        authenticate_or_request_with_http_token unless logged_in?
+      end
+
+      def logged_in?
+        !session[::Rack::Casual.session_key_user].nil?
+      end
+
+      def current_user
+        @current_user ||= ::Rack::Casual::UserFactory.authentication_scope.find(session[:user])
+      end
+
+    end
+  
+  end
+end

data/lib/rack/casual/user_factory.rb

@@ -0,0 +1,79 @@
+# encoding: utf-8
+module Rack  
+  module Casual
+    
+    class UserFactory
+
+      def self.authenticate_with_cas_ticket(ticket, request)
+        user = nil
+        Rack::Casual.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated?
+
+        if ticket.is_valid?
+
+          # find user
+          user = find(ticket.response.user)
+
+          if user.nil? && Rack::Casual.create_user
+            user = make(ticket.response.user)
+          end
+
+          return nil unless user
+
+          if user.respond_to?(:cas_extra_attributes=)
+            user.cas_extra_attributes = ticket.response.extra_attributes 
+          end
+
+          update_tracking(user, request)
+        end
+
+        user    
+      end
+
+      protected
+      
+      def self.authenticate_with_token(request)
+        user = authentication_scope.where(Rack::Casual.auth_token_key => request.params[Rack::Casual.auth_token_key]).first
+        update_tracking(user, request) if user
+        user
+      end
+
+      # Update tracking info (last logged in at / ip) if tracking_enabled is set.
+      # Saves the user regardless of whether tracking was updated or not.
+      def self.update_tracking(user, request)
+        if Rack::Casual.tracking_enabled
+          user.last_login_at = Time.now   if user.respond_to?(:last_login_at)
+          user.last_login_ip = request.ip if user.respond_to?(:last_login_ip)
+          user.login_count += 1           if user.respond_to?(:login_count)
+        end
+        user.save
+      end
+
+      # Find user by username
+      def self.find(username)
+        authentication_scope.where(Rack::Casual.username => username).first
+      end
+
+      # Initializes a new user
+      def self.make(username)
+        resource.new(Rack::Casual.username => username)
+      end
+
+      # Returns the user class
+      def self.resource
+        Rack::Casual.user_class.constantize
+      end
+      
+      # Returns the scope used to find users
+      def self.authentication_scope
+        if Rack::Casual.authentication_scope
+          puts "Authentication scope is kinda broken and should be avoided"
+          resource.send(Rack::Casual.authentication_scope)
+        else
+          resource.scoped
+        end
+      end
+      
+    end
+    
+  end  
+end

data/lib/rack/casual.rb

@@ -0,0 +1,92 @@
+# RackCasual
+# encoding: utf-8
+
+module Rack
+  
+  module Casual
+
+    autoload :Authentication, 'rack/casual/authentication'
+    autoload :UserFactory,    'rack/casual/user_factory'
+    autoload :Controller,     'rack/casual/controller'
+
+    # Base URI to your CAS server
+    mattr_accessor :base_url
+    @@base_url = 'http://192.168.0.15:8088'
+
+    # URI to CAS login
+    # Default is base_url/login
+    mattr_accessor :login_url
+    @@login_url = nil
+
+    # URI to CAS logout
+    # Default is base_url/logout
+    mattr_accessor :logout_url
+    @@logout_url = nil
+
+    # URI to service validation
+    # Default is base_url/serviceValidate
+    mattr_accessor :validate_url
+    @@validate_url = nil
+
+    # Name of authentication token to use in params
+    # Set to nil to disable token authentication
+    mattr_accessor :auth_token_key
+    @@auth_token_key = "auth_token"
+
+    # Name of the ticket parameter used by CAS
+    mattr_accessor :ticket_param
+    @@ticket_param = "ticket"
+
+    # Name of key to store user id
+    # Default is 'user' => session[:user]
+    mattr_accessor :session_key_user
+    @@session_key_user = "user"
+
+    # Use this scope when finding users
+    mattr_accessor :authentication_scope
+    @@authentication_scope = nil
+
+    # Set to true to auto-create users
+    mattr_accessor :create_user
+    @@create_user = true
+
+    # Name of the User class
+    mattr_accessor :user_class
+    @@user_class = "User"
+
+    # Username attribute on user
+    mattr_accessor :username
+    @@username = "username"
+
+    # Update user with last_login_at and last_login_ip info
+    mattr_accessor :tracking_enabled
+    @@tracking_enabled = true
+
+    # Default way to setup Devise. Run rails generate devise_install to create
+    # a fresh initializer with all configuration values.
+    def self.setup
+      yield self
+    end
+
+    def self.cas_client
+      @@cas_client ||= ::CASClient::Client.new(
+          :cas_base_url => @@base_url,
+          :login_url    => @@login_url,
+          :logout_url   => @@logout_url,
+          :validate_url => @@validate_url
+        )
+    end
+
+  end
+
+end
+
+if defined?(ActionController::Base)
+  class ActionController::Base
+    include ::Rack::Casual::Controller
+    
+    # before_filter :authenticate!
+    
+    helper_method :logged_in?, :current_user
+  end
+end

data/lib/rack-casual.rb

@@ -0,0 +1,2 @@
+require 'rubycas-client'
+require 'rack/casual'

metadata

@@ -0,0 +1,104 @@
+--- !ruby/object:Gem::Specification 
+name: rack-casual
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Gudleik Rasch
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-02 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rubycas-client
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 2
+        - 1
+        version: 2.2.1
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: activerecord
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id002
+description: Rack module for authentication using CAS and/or tokens
+email: 
+- gudleik@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/generators/rack_casual_generator.rb
+- lib/generators/templates/initializer.rb
+- lib/generators/USAGE
+- lib/rack/casual/authentication.rb
+- lib/rack/casual/controller.rb
+- lib/rack/casual/user_factory.rb
+- lib/rack/casual.rb
+- lib/rack-casual.rb
+- LICENSE
+- README.md
+has_rdoc: true
+homepage: http://github.com/gudleik/rack-casual
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 7
+      version: 1.3.7
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: CAS and token authentication using Rack
+test_files: []
+