rack-casual 0.1.1 → 0.1.2

data/README.md

@@ -4,23 +4,25 @@ Rack::Casual
 A simple Rack middleware that does authentication using CAS or a token.
 It kicks in whenever a 401 response is returned from the server.
 
-Compability
+Tested with
 ===========
 
-* Ruby 1.8.7 and 1.9.2
+* Ruby 1.8.7 / 1.9.2
 * CAS 2.0 using rubycas-server
 * Rails 3 and ActiveRecord 3
 * Sinatra 1.0
 
+Although ActiveRecord is not required, it uses ActiveRecord-ish methods to find and create users.
+See examples/sinatra_app.rb for an example of which required methods the user model must support.
 
 Installation
 ============
 
 ### Sinatra
 
-  $ gem install 'rack-casual'
+    $ gem install 'rack-casual'
   
-See examples/sinatra_app.rb for a sample app.
+See examples/sinatra_app.rb for a sample Sinatra app.
 
 ### Rails 3
 
@@ -33,11 +35,12 @@ Run bundle install, and add a configuration file:
     $ rails generate rack_casual
   
 This creates a config/initializers/rack-casual.rb file. 
-Make sure base_url points to your CAS server.
+Make sure *cas_url* points to your CAS server.
 If your user model is called something other than "User", you can change this here.
 
 Next you must configure your application to use the plugin. 
-For Rails3, you can add this to your config/application.rb
+For Rails3, you can add this to your config/application.rb:
+
   config.middleware.use "Rack::Casual::Authentication"
 
 Finally, to authenticate your users, add a before_filter to your controller:
@@ -46,6 +49,17 @@ Finally, to authenticate your users, add a before_filter to your controller:
       before_filter :authenticate!
     end
 
+If you want to have a named route to the CAS servers logout url, you can do this:
+
+    # config/routes.rb
+    match '/logout' => redirect(Rack::Casual::Client.logout_url), :as => :logout
+
+If you pass a :url then the CAS server should display a message telling the user to follow 
+the given link.
+  
+    # config/routes.rb
+    match '/logout' => redirect(Rack::Casual::Client.logout_url(:url => "http://foo.example.org/logged_out")), :as => :logout
+
 
 Usage
 =====
@@ -69,9 +83,7 @@ CAS is nice and all that, but it's not so nice for webservices.
 Therefore Rack::Casual can authenticate requests using a token.
 Make sure your User model has a auth_token attribute. You can call it whatever you want, but it defaults to auth_token.
 
-From your client you can now authenticate using this token:
-
-  http://your-app.com/my-protected-webservice?auth_token=secret
+From your client you can now authenticate using a token: http://your-app.com/my-protected-webservice?auth_token=secret
   
 If there are no users with that token, the client just receives the 401 error. 
 It does not fallback to CAS or create a user automatically (doh).
@@ -116,9 +128,24 @@ Tracking
 
 If you have enabled tracking, Rack::Casual can update the logged in user with information about last login time and IP.
 These variables will be updated if they are present in your User model:
-  * last_login_at (datetime)
-  * last_login_ip (string)
-  * login_count   (integer)
+
+* last_login_at (datetime)
+* last_login_ip (string)
+* login_count   (integer)
+
+Skipping URLs
+=============
+
+I couldn't find an easy way to disable a Rack Middleware in Rails, so I added a configure option to Rack::Casual called *ignore_url*.
+Rack::Casual will not be called when the request.path matches the pattern in config.ignore_url.
+
+Useful if you want a basic http authentication for /admin with a predefined set of users that is not part of your CAS infrastructure. 
+Just set config.ignore_url = '^/admin' and Rack::Casual won't do anything when accessing URLs that matches /admin
+
+Known issues
+============
+
+If Rack::Casual fails to create the user you'll end up in a redirect loop.
 
 TODO
 ====

data/examples/sinatra_app.rb

@@ -15,10 +15,11 @@ use Rack::Lint
 use Rack::Casual::Authentication
 
 Rack::Casual.setup do |config|
-  config.cas_url     = "http://localhost:8080"
+  config.cas_url     = "http://localhost:8088"
   config.auth_token  = "auth_token"
   config.session_key = "user"
   config.create_user = false
+  config.ignore_url    = "^/admin"
 end
 
 # User class with a few activerecord-ish methods to make Rack::Casual work properly.
@@ -58,10 +59,16 @@ end
 
 set :sessions, true
 
-before do
-  halt 401, 'Forbidden dammit' unless session["user"]
-end
+# before do
+#   halt 401, 'Forbidden dammit' unless session["user"]
+# end
 
 get '/' do
+  status 401    # should trigger rack-casual
   %{Hello, your user-id is #{session["user"]}}
+end
+
+get '/admin' do
+  status 401    # should not trigger rack-casual because of ignore_url
+  "Welcome to the Admin section!"
 end

data/lib/generators/templates/initializer.rb

@@ -34,20 +34,27 @@ Rack::Casual.setup do |config|
   # If you have last_login_at and/or last_login_ip attributes on your User model,
   # Rack::Casual can update these when user logs in.
   # config.enable_tracking = true
+  
+  # Skipping paths
+  # Rack::Casual ignores paths that matches this pattern.
+  # If you want to have a separate http authentication for /admin, 
+  # you can set ignore_url = '^/admin'
+  # config.ignore_url = nil 
+  
+  ##
+  ## CAS server settings
+  ##
 
   # Name of the ticket parameter used by CAS.
   # config.ticket_param = 'ticket'
   
-  # URL to the service validation on your CAS server.
-  # nil = use defaults
-  # config.validate_url = nil
+  # CAS service validation path
+  # config.validate_url = '/serviceValidate'
   
-  # CAS login url.
-  # nil = use defaults
-  # config.login_url = nil
+  # CAS login path
+  # config.login_url = '/login'
   
-  # CAS logout url.
-  # nil = use defaults
-  # config.logout_url = nil
+  # CAS logout path
+  # config.logout_url = '/logout'
   
 end

data/lib/rack/casual.rb

@@ -23,6 +23,10 @@ module Rack
       :username         => "username",          # Name of username attribute in User model
       :auth_token       => "auth_token",        # Name of authentication token attribute in User model
       :tracking_enabled => true,                # Enable tracking on user
+      :ignore_url       => nil,                 # Skip processing urls that match this regex pattern
+      :login_url        => '/login',            # Path to CAS login action  
+      :logout_url       => '/logout',           # Path to CAS logout action
+      :validate_url     => '/serviceValidate'   # Path to CAS service validate action
     }
 
     # Create attribute accessors for each key/value pair in options.

data/lib/rack/casual/authentication.rb

@@ -25,11 +25,16 @@ module Rack
       def call(env)
         @request  = Rack::Request.new(env)
         @env = env
-    
-        unless process_request_from_cas
+
+        # Skip middleware if ignore_url is set and matches request.path
+        if Rack::Casual.ignore_url && @request.path.match(Rack::Casual.ignore_url)
           @app.call(env)
         else
-          handle_401(@app.call(env))
+          unless process_request_from_cas
+            @app.call(env)
+          else
+            handle_401(@app.call(env))
+          end
         end
       end
   

data/lib/rack/casual/client.rb

@@ -68,7 +68,6 @@ module Rack
         http.use_ssl = (url.scheme == "https") 
     
         body = http.get(url.request_uri).body
-        puts "Result: #{body}"
         result = Nokogiri.parse(body)
 
         # set username and extra attributes
@@ -85,7 +84,7 @@ module Rack
       def find_attributes(xml)
         @extra_attributes = {}
         xml.search("//cas:authenticationSuccess/*").each do |el|
-          puts " * Attribute #{el.name} = #{el.content.to_s}"
+          # puts " * Attribute #{el.name} = #{el.content.to_s}"
           value = YAML::parse(el.content).value.first.value rescue nil
           @extra_attributes[el.name] = value
         end
@@ -109,9 +108,9 @@ module Rack
         url = Rack::Casual.cas_url.sub(/\/+$/, '')
     
         url << case action
-        when :login    then "/login"
-        when :logout   then "/logout"
-        when :validate then "/serviceValidate"
+        when :login    then Rack::Casual.login_url
+        when :logout   then Rack::Casual.logout_url
+        when :validate then Rack::Casual.validate_url
         else
           action.to_s
         end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Gudleik Rasch
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-03 00:00:00 +02:00
+date: 2010-09-09 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency