rack-casual 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +39 -12
- data/examples/sinatra_app.rb +11 -4
- data/lib/generators/templates/initializer.rb +16 -9
- data/lib/rack/casual.rb +4 -0
- data/lib/rack/casual/authentication.rb +8 -3
- data/lib/rack/casual/client.rb +4 -5
- metadata +3 -3
data/README.md
CHANGED
@@ -4,23 +4,25 @@ Rack::Casual
|
|
4
4
|
A simple Rack middleware that does authentication using CAS or a token.
|
5
5
|
It kicks in whenever a 401 response is returned from the server.
|
6
6
|
|
7
|
-
|
7
|
+
Tested with
|
8
8
|
===========
|
9
9
|
|
10
|
-
* Ruby 1.8.7
|
10
|
+
* Ruby 1.8.7 / 1.9.2
|
11
11
|
* CAS 2.0 using rubycas-server
|
12
12
|
* Rails 3 and ActiveRecord 3
|
13
13
|
* Sinatra 1.0
|
14
14
|
|
15
|
+
Although ActiveRecord is not required, it uses ActiveRecord-ish methods to find and create users.
|
16
|
+
See examples/sinatra_app.rb for an example of which required methods the user model must support.
|
15
17
|
|
16
18
|
Installation
|
17
19
|
============
|
18
20
|
|
19
21
|
### Sinatra
|
20
22
|
|
21
|
-
|
23
|
+
$ gem install 'rack-casual'
|
22
24
|
|
23
|
-
See examples/sinatra_app.rb for a sample app.
|
25
|
+
See examples/sinatra_app.rb for a sample Sinatra app.
|
24
26
|
|
25
27
|
### Rails 3
|
26
28
|
|
@@ -33,11 +35,12 @@ Run bundle install, and add a configuration file:
|
|
33
35
|
$ rails generate rack_casual
|
34
36
|
|
35
37
|
This creates a config/initializers/rack-casual.rb file.
|
36
|
-
Make sure
|
38
|
+
Make sure *cas_url* points to your CAS server.
|
37
39
|
If your user model is called something other than "User", you can change this here.
|
38
40
|
|
39
41
|
Next you must configure your application to use the plugin.
|
40
|
-
For Rails3, you can add this to your config/application.rb
|
42
|
+
For Rails3, you can add this to your config/application.rb:
|
43
|
+
|
41
44
|
config.middleware.use "Rack::Casual::Authentication"
|
42
45
|
|
43
46
|
Finally, to authenticate your users, add a before_filter to your controller:
|
@@ -46,6 +49,17 @@ Finally, to authenticate your users, add a before_filter to your controller:
|
|
46
49
|
before_filter :authenticate!
|
47
50
|
end
|
48
51
|
|
52
|
+
If you want to have a named route to the CAS servers logout url, you can do this:
|
53
|
+
|
54
|
+
# config/routes.rb
|
55
|
+
match '/logout' => redirect(Rack::Casual::Client.logout_url), :as => :logout
|
56
|
+
|
57
|
+
If you pass a :url then the CAS server should display a message telling the user to follow
|
58
|
+
the given link.
|
59
|
+
|
60
|
+
# config/routes.rb
|
61
|
+
match '/logout' => redirect(Rack::Casual::Client.logout_url(:url => "http://foo.example.org/logged_out")), :as => :logout
|
62
|
+
|
49
63
|
|
50
64
|
Usage
|
51
65
|
=====
|
@@ -69,9 +83,7 @@ CAS is nice and all that, but it's not so nice for webservices.
|
|
69
83
|
Therefore Rack::Casual can authenticate requests using a token.
|
70
84
|
Make sure your User model has a auth_token attribute. You can call it whatever you want, but it defaults to auth_token.
|
71
85
|
|
72
|
-
From your client you can now authenticate using
|
73
|
-
|
74
|
-
http://your-app.com/my-protected-webservice?auth_token=secret
|
86
|
+
From your client you can now authenticate using a token: http://your-app.com/my-protected-webservice?auth_token=secret
|
75
87
|
|
76
88
|
If there are no users with that token, the client just receives the 401 error.
|
77
89
|
It does not fallback to CAS or create a user automatically (doh).
|
@@ -116,9 +128,24 @@ Tracking
|
|
116
128
|
|
117
129
|
If you have enabled tracking, Rack::Casual can update the logged in user with information about last login time and IP.
|
118
130
|
These variables will be updated if they are present in your User model:
|
119
|
-
|
120
|
-
|
121
|
-
|
131
|
+
|
132
|
+
* last_login_at (datetime)
|
133
|
+
* last_login_ip (string)
|
134
|
+
* login_count (integer)
|
135
|
+
|
136
|
+
Skipping URLs
|
137
|
+
=============
|
138
|
+
|
139
|
+
I couldn't find an easy way to disable a Rack Middleware in Rails, so I added a configure option to Rack::Casual called *ignore_url*.
|
140
|
+
Rack::Casual will not be called when the request.path matches the pattern in config.ignore_url.
|
141
|
+
|
142
|
+
Useful if you want a basic http authentication for /admin with a predefined set of users that is not part of your CAS infrastructure.
|
143
|
+
Just set config.ignore_url = '^/admin' and Rack::Casual won't do anything when accessing URLs that matches /admin
|
144
|
+
|
145
|
+
Known issues
|
146
|
+
============
|
147
|
+
|
148
|
+
If Rack::Casual fails to create the user you'll end up in a redirect loop.
|
122
149
|
|
123
150
|
TODO
|
124
151
|
====
|
data/examples/sinatra_app.rb
CHANGED
@@ -15,10 +15,11 @@ use Rack::Lint
|
|
15
15
|
use Rack::Casual::Authentication
|
16
16
|
|
17
17
|
Rack::Casual.setup do |config|
|
18
|
-
config.cas_url = "http://localhost:
|
18
|
+
config.cas_url = "http://localhost:8088"
|
19
19
|
config.auth_token = "auth_token"
|
20
20
|
config.session_key = "user"
|
21
21
|
config.create_user = false
|
22
|
+
config.ignore_url = "^/admin"
|
22
23
|
end
|
23
24
|
|
24
25
|
# User class with a few activerecord-ish methods to make Rack::Casual work properly.
|
@@ -58,10 +59,16 @@ end
|
|
58
59
|
|
59
60
|
set :sessions, true
|
60
61
|
|
61
|
-
before do
|
62
|
-
|
63
|
-
end
|
62
|
+
# before do
|
63
|
+
# halt 401, 'Forbidden dammit' unless session["user"]
|
64
|
+
# end
|
64
65
|
|
65
66
|
get '/' do
|
67
|
+
status 401 # should trigger rack-casual
|
66
68
|
%{Hello, your user-id is #{session["user"]}}
|
69
|
+
end
|
70
|
+
|
71
|
+
get '/admin' do
|
72
|
+
status 401 # should not trigger rack-casual because of ignore_url
|
73
|
+
"Welcome to the Admin section!"
|
67
74
|
end
|
@@ -34,20 +34,27 @@ Rack::Casual.setup do |config|
|
|
34
34
|
# If you have last_login_at and/or last_login_ip attributes on your User model,
|
35
35
|
# Rack::Casual can update these when user logs in.
|
36
36
|
# config.enable_tracking = true
|
37
|
+
|
38
|
+
# Skipping paths
|
39
|
+
# Rack::Casual ignores paths that matches this pattern.
|
40
|
+
# If you want to have a separate http authentication for /admin,
|
41
|
+
# you can set ignore_url = '^/admin'
|
42
|
+
# config.ignore_url = nil
|
43
|
+
|
44
|
+
##
|
45
|
+
## CAS server settings
|
46
|
+
##
|
37
47
|
|
38
48
|
# Name of the ticket parameter used by CAS.
|
39
49
|
# config.ticket_param = 'ticket'
|
40
50
|
|
41
|
-
#
|
42
|
-
#
|
43
|
-
# config.validate_url = nil
|
51
|
+
# CAS service validation path
|
52
|
+
# config.validate_url = '/serviceValidate'
|
44
53
|
|
45
|
-
# CAS login
|
46
|
-
#
|
47
|
-
# config.login_url = nil
|
54
|
+
# CAS login path
|
55
|
+
# config.login_url = '/login'
|
48
56
|
|
49
|
-
# CAS logout
|
50
|
-
#
|
51
|
-
# config.logout_url = nil
|
57
|
+
# CAS logout path
|
58
|
+
# config.logout_url = '/logout'
|
52
59
|
|
53
60
|
end
|
data/lib/rack/casual.rb
CHANGED
@@ -23,6 +23,10 @@ module Rack
|
|
23
23
|
:username => "username", # Name of username attribute in User model
|
24
24
|
:auth_token => "auth_token", # Name of authentication token attribute in User model
|
25
25
|
:tracking_enabled => true, # Enable tracking on user
|
26
|
+
:ignore_url => nil, # Skip processing urls that match this regex pattern
|
27
|
+
:login_url => '/login', # Path to CAS login action
|
28
|
+
:logout_url => '/logout', # Path to CAS logout action
|
29
|
+
:validate_url => '/serviceValidate' # Path to CAS service validate action
|
26
30
|
}
|
27
31
|
|
28
32
|
# Create attribute accessors for each key/value pair in options.
|
@@ -25,11 +25,16 @@ module Rack
|
|
25
25
|
def call(env)
|
26
26
|
@request = Rack::Request.new(env)
|
27
27
|
@env = env
|
28
|
-
|
29
|
-
|
28
|
+
|
29
|
+
# Skip middleware if ignore_url is set and matches request.path
|
30
|
+
if Rack::Casual.ignore_url && @request.path.match(Rack::Casual.ignore_url)
|
30
31
|
@app.call(env)
|
31
32
|
else
|
32
|
-
|
33
|
+
unless process_request_from_cas
|
34
|
+
@app.call(env)
|
35
|
+
else
|
36
|
+
handle_401(@app.call(env))
|
37
|
+
end
|
33
38
|
end
|
34
39
|
end
|
35
40
|
|
data/lib/rack/casual/client.rb
CHANGED
@@ -68,7 +68,6 @@ module Rack
|
|
68
68
|
http.use_ssl = (url.scheme == "https")
|
69
69
|
|
70
70
|
body = http.get(url.request_uri).body
|
71
|
-
puts "Result: #{body}"
|
72
71
|
result = Nokogiri.parse(body)
|
73
72
|
|
74
73
|
# set username and extra attributes
|
@@ -85,7 +84,7 @@ module Rack
|
|
85
84
|
def find_attributes(xml)
|
86
85
|
@extra_attributes = {}
|
87
86
|
xml.search("//cas:authenticationSuccess/*").each do |el|
|
88
|
-
puts " * Attribute #{el.name} = #{el.content.to_s}"
|
87
|
+
# puts " * Attribute #{el.name} = #{el.content.to_s}"
|
89
88
|
value = YAML::parse(el.content).value.first.value rescue nil
|
90
89
|
@extra_attributes[el.name] = value
|
91
90
|
end
|
@@ -109,9 +108,9 @@ module Rack
|
|
109
108
|
url = Rack::Casual.cas_url.sub(/\/+$/, '')
|
110
109
|
|
111
110
|
url << case action
|
112
|
-
when :login then
|
113
|
-
when :logout then
|
114
|
-
when :validate then
|
111
|
+
when :login then Rack::Casual.login_url
|
112
|
+
when :logout then Rack::Casual.logout_url
|
113
|
+
when :validate then Rack::Casual.validate_url
|
115
114
|
else
|
116
115
|
action.to_s
|
117
116
|
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 2
|
9
|
+
version: 0.1.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Gudleik Rasch
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-09-
|
17
|
+
date: 2010-09-09 00:00:00 +02:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|