rubycas-client 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.txt +11 -0
- data/README.txt +19 -1
- data/lib/casclient.rb +13 -3
- data/lib/casclient/frameworks/rails/filter.rb +7 -1
- data/lib/casclient/version.rb +1 -1
- data/lib/rubycas-client.rb +5 -1
- metadata +2 -2
data/CHANGELOG.txt
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
= RubyCAS-Client Changelog
|
|
2
2
|
|
|
3
|
+
== Version 2.0.1 :: 2008-02-27
|
|
4
|
+
|
|
5
|
+
* The Rails filter no longer by default redirects to the CAS server on
|
|
6
|
+
every request. This restores the behaviour of RubyCAS-Client 1.x.
|
|
7
|
+
In other words, if a session[:cas_user] value exists, the filter
|
|
8
|
+
will assume that the user is authenticated without going through the
|
|
9
|
+
CAS server. This behaviour can be disabled (so that a CAS re-check is
|
|
10
|
+
done on every request) by setting the 'authenticate_on_every_request'
|
|
11
|
+
option to true. See the "Re-authenticating on every request" section
|
|
12
|
+
in the README.txt for details.
|
|
13
|
+
|
|
3
14
|
== Version 2.0.0 :: 2008-02-14
|
|
4
15
|
|
|
5
16
|
* COMPLETE RE-WRITE OF THE ENTIRE CLIENT FROM THE GROUND UP. Oh yes.
|
data/README.txt
CHANGED
|
@@ -93,7 +93,8 @@ Here is a more complicated configuration showing most of the configuration optio
|
|
|
93
93
|
:validate_url => "https://cas.example.foo/proxyValidate",
|
|
94
94
|
:session_username_key => :cas_user,
|
|
95
95
|
:session_extra_attributes_key => :cas_extra_attributes
|
|
96
|
-
:logger => cas_logger
|
|
96
|
+
:logger => cas_logger,
|
|
97
|
+
:authenticate_on_every_request => true
|
|
97
98
|
)
|
|
98
99
|
|
|
99
100
|
Note that it is normally not necessary to specify <tt>:login_url</tt>, <tt>:logout_url</tt>, and <tt>:validate_url</tt>.
|
|
@@ -108,6 +109,23 @@ info under <tt>session[:cas_extra_attributes]</tt>).
|
|
|
108
109
|
An arbitrary Logger instance can be given as the :logger parameter. In the example above we log all CAS activity to a
|
|
109
110
|
<tt>log/cas.log</tt> file in your Rails app's directory.
|
|
110
111
|
|
|
112
|
+
==== Re-authenticating on every request (i.e. the "single sign-out problem")
|
|
113
|
+
|
|
114
|
+
By default, the Rails filter will only authenticate with the CAS server when no session[:cas_user] value exists. Once the user
|
|
115
|
+
has been authenticated, no further CAS forwarding is done until the user's session is wiped. This saves you
|
|
116
|
+
the trouble of having to do this check yourself (since in most cases it is not advisable to go through the CAS server
|
|
117
|
+
on every request -- this is slow and would potentially lead to problems, for example for AJAX requests). However,
|
|
118
|
+
the disadvantage is that the filter no longer checks to make sure that the user's CAS session is still actually open.
|
|
119
|
+
In other words it is possible for the user's authentication session to be closed on the CAS server without the
|
|
120
|
+
client application knowing about it.
|
|
121
|
+
|
|
122
|
+
In the future RubyCAS-Client will support the new "Single Sign-Out" functionality in CAS 3.1, allowing the server to
|
|
123
|
+
notify the client application that the CAS session is closed, but for now it is up to you to handle this by, for example,
|
|
124
|
+
by wiping the local session[:cas_user] value periodically to force a CAS re-check.
|
|
125
|
+
|
|
126
|
+
Alternatively, it is possible to disable this authentication persistence behaviour by setting the <tt>:authenticate_on_every_request</tt>
|
|
127
|
+
configuration option to true as in the example above.
|
|
128
|
+
|
|
111
129
|
|
|
112
130
|
==== Defining a 'logout' action
|
|
113
131
|
|
data/lib/casclient.rb
CHANGED
|
@@ -70,10 +70,20 @@ require 'casclient/version'
|
|
|
70
70
|
# Detect legacy configuration and show appropriate error message
|
|
71
71
|
module CAS
|
|
72
72
|
module Filter
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
$stderr.puts "
|
|
73
|
+
class << self
|
|
74
|
+
def method_missing(method, *args)
|
|
75
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
76
|
+
$stderr.puts
|
|
77
|
+
$stderr.puts "WARNING: Your RubyCAS-Client configuration is no longer valid!!"
|
|
78
|
+
$stderr.puts
|
|
79
|
+
$stderr.puts "For information on the new configuration format please see: "
|
|
80
|
+
$stderr.puts
|
|
81
|
+
$stderr.puts " http://rubycas-client.googlecode.com/svn/trunk/rubycas-client/README.txt"
|
|
82
|
+
$stderr.puts
|
|
76
83
|
$stderr.puts "After upgrading your configuration you should also clear your application's session store."
|
|
84
|
+
$stderr.puts
|
|
85
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
86
|
+
end
|
|
77
87
|
end
|
|
78
88
|
end
|
|
79
89
|
end
|
|
@@ -21,7 +21,7 @@ module CASClient
|
|
|
21
21
|
# warn() rather than info() because we really shouldn't be re-validating the same ticket.
|
|
22
22
|
# The only time when this is acceptable is if the user manually does a refresh and the ticket
|
|
23
23
|
# happens to be in the URL.
|
|
24
|
-
log.warn("
|
|
24
|
+
log.warn("Re-using previously validated ticket since the new ticket and service are the same.")
|
|
25
25
|
st = lst
|
|
26
26
|
end
|
|
27
27
|
|
|
@@ -62,6 +62,12 @@ module CASClient
|
|
|
62
62
|
redirect_to_cas_for_authentication(controller)
|
|
63
63
|
return false
|
|
64
64
|
end
|
|
65
|
+
elsif !config[:authenticate_on_every_request] && controller.session[client.username_session_key]
|
|
66
|
+
# Don't re-authenticate with the CAS server if we already previously authenticated and the
|
|
67
|
+
# :authenticate_on_every_request option is disabled (it's disabled by default).
|
|
68
|
+
log.debug "Existing local CAS session detected for #{controller.session[client.username_session_key].inspect}. "+
|
|
69
|
+
"User will not be re-authenticated."
|
|
70
|
+
return true
|
|
65
71
|
else
|
|
66
72
|
if returning_from_gateway?(controller)
|
|
67
73
|
log.info "Returning from CAS gateway without authentication."
|
data/lib/casclient/version.rb
CHANGED
data/lib/rubycas-client.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubycas-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Zukowski
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2008-02-
|
|
13
|
+
date: 2008-02-27 00:00:00 -05:00
|
|
14
14
|
default_executable:
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|