rubycas-client 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.txt +11 -0
- data/README.txt +19 -1
- data/lib/casclient.rb +13 -3
- data/lib/casclient/frameworks/rails/filter.rb +7 -1
- data/lib/casclient/version.rb +1 -1
- data/lib/rubycas-client.rb +5 -1
- metadata +2 -2
data/CHANGELOG.txt
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
= RubyCAS-Client Changelog
|
|
2
2
|
|
|
3
|
+
== Version 2.0.1 :: 2008-02-27
|
|
4
|
+
|
|
5
|
+
* The Rails filter no longer by default redirects to the CAS server on
|
|
6
|
+
every request. This restores the behaviour of RubyCAS-Client 1.x.
|
|
7
|
+
In other words, if a session[:cas_user] value exists, the filter
|
|
8
|
+
will assume that the user is authenticated without going through the
|
|
9
|
+
CAS server. This behaviour can be disabled (so that a CAS re-check is
|
|
10
|
+
done on every request) by setting the 'authenticate_on_every_request'
|
|
11
|
+
option to true. See the "Re-authenticating on every request" section
|
|
12
|
+
in the README.txt for details.
|
|
13
|
+
|
|
3
14
|
== Version 2.0.0 :: 2008-02-14
|
|
4
15
|
|
|
5
16
|
* COMPLETE RE-WRITE OF THE ENTIRE CLIENT FROM THE GROUND UP. Oh yes.
|
data/README.txt
CHANGED
|
@@ -93,7 +93,8 @@ Here is a more complicated configuration showing most of the configuration optio
|
|
|
93
93
|
:validate_url => "https://cas.example.foo/proxyValidate",
|
|
94
94
|
:session_username_key => :cas_user,
|
|
95
95
|
:session_extra_attributes_key => :cas_extra_attributes
|
|
96
|
-
:logger => cas_logger
|
|
96
|
+
:logger => cas_logger,
|
|
97
|
+
:authenticate_on_every_request => true
|
|
97
98
|
)
|
|
98
99
|
|
|
99
100
|
Note that it is normally not necessary to specify <tt>:login_url</tt>, <tt>:logout_url</tt>, and <tt>:validate_url</tt>.
|
|
@@ -108,6 +109,23 @@ info under <tt>session[:cas_extra_attributes]</tt>).
|
|
|
108
109
|
An arbitrary Logger instance can be given as the :logger parameter. In the example above we log all CAS activity to a
|
|
109
110
|
<tt>log/cas.log</tt> file in your Rails app's directory.
|
|
110
111
|
|
|
112
|
+
==== Re-authenticating on every request (i.e. the "single sign-out problem")
|
|
113
|
+
|
|
114
|
+
By default, the Rails filter will only authenticate with the CAS server when no session[:cas_user] value exists. Once the user
|
|
115
|
+
has been authenticated, no further CAS forwarding is done until the user's session is wiped. This saves you
|
|
116
|
+
the trouble of having to do this check yourself (since in most cases it is not advisable to go through the CAS server
|
|
117
|
+
on every request -- this is slow and would potentially lead to problems, for example for AJAX requests). However,
|
|
118
|
+
the disadvantage is that the filter no longer checks to make sure that the user's CAS session is still actually open.
|
|
119
|
+
In other words it is possible for the user's authentication session to be closed on the CAS server without the
|
|
120
|
+
client application knowing about it.
|
|
121
|
+
|
|
122
|
+
In the future RubyCAS-Client will support the new "Single Sign-Out" functionality in CAS 3.1, allowing the server to
|
|
123
|
+
notify the client application that the CAS session is closed, but for now it is up to you to handle this by, for example,
|
|
124
|
+
by wiping the local session[:cas_user] value periodically to force a CAS re-check.
|
|
125
|
+
|
|
126
|
+
Alternatively, it is possible to disable this authentication persistence behaviour by setting the <tt>:authenticate_on_every_request</tt>
|
|
127
|
+
configuration option to true as in the example above.
|
|
128
|
+
|
|
111
129
|
|
|
112
130
|
==== Defining a 'logout' action
|
|
113
131
|
|
data/lib/casclient.rb
CHANGED
|
@@ -70,10 +70,20 @@ require 'casclient/version'
|
|
|
70
70
|
# Detect legacy configuration and show appropriate error message
|
|
71
71
|
module CAS
|
|
72
72
|
module Filter
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
$stderr.puts "
|
|
73
|
+
class << self
|
|
74
|
+
def method_missing(method, *args)
|
|
75
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
76
|
+
$stderr.puts
|
|
77
|
+
$stderr.puts "WARNING: Your RubyCAS-Client configuration is no longer valid!!"
|
|
78
|
+
$stderr.puts
|
|
79
|
+
$stderr.puts "For information on the new configuration format please see: "
|
|
80
|
+
$stderr.puts
|
|
81
|
+
$stderr.puts " http://rubycas-client.googlecode.com/svn/trunk/rubycas-client/README.txt"
|
|
82
|
+
$stderr.puts
|
|
76
83
|
$stderr.puts "After upgrading your configuration you should also clear your application's session store."
|
|
84
|
+
$stderr.puts
|
|
85
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
86
|
+
end
|
|
77
87
|
end
|
|
78
88
|
end
|
|
79
89
|
end
|
|
@@ -21,7 +21,7 @@ module CASClient
|
|
|
21
21
|
# warn() rather than info() because we really shouldn't be re-validating the same ticket.
|
|
22
22
|
# The only time when this is acceptable is if the user manually does a refresh and the ticket
|
|
23
23
|
# happens to be in the URL.
|
|
24
|
-
log.warn("
|
|
24
|
+
log.warn("Re-using previously validated ticket since the new ticket and service are the same.")
|
|
25
25
|
st = lst
|
|
26
26
|
end
|
|
27
27
|
|
|
@@ -62,6 +62,12 @@ module CASClient
|
|
|
62
62
|
redirect_to_cas_for_authentication(controller)
|
|
63
63
|
return false
|
|
64
64
|
end
|
|
65
|
+
elsif !config[:authenticate_on_every_request] && controller.session[client.username_session_key]
|
|
66
|
+
# Don't re-authenticate with the CAS server if we already previously authenticated and the
|
|
67
|
+
# :authenticate_on_every_request option is disabled (it's disabled by default).
|
|
68
|
+
log.debug "Existing local CAS session detected for #{controller.session[client.username_session_key].inspect}. "+
|
|
69
|
+
"User will not be re-authenticated."
|
|
70
|
+
return true
|
|
65
71
|
else
|
|
66
72
|
if returning_from_gateway?(controller)
|
|
67
73
|
log.info "Returning from CAS gateway without authentication."
|
data/lib/casclient/version.rb
CHANGED
data/lib/rubycas-client.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubycas-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Zukowski
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2008-02-
|
|
13
|
+
date: 2008-02-27 00:00:00 -05:00
|
|
14
14
|
default_executable:
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|