rubycas-client 2.2.1 → 2.3.0.rc1

data/lib/casclient/responses.rb

@@ -31,15 +31,14 @@ module CASClient
     
     attr_reader :protocol, :user, :pgt_iou, :proxies, :extra_attributes
     
-    def initialize(raw_text)
-      parse(raw_text)
+    def initialize(raw_text, options={})
+      parse(raw_text, options)
     end
     
-    def parse(raw_text)
+    def parse(raw_text, options)
       raise BadResponseException, 
         "CAS response is empty/blank." if raw_text.blank?
       @parse_datetime = Time.now
-      
       if raw_text =~ /^(yes|no)\n(.*?)\n$/m
         @protocol = 1.0
         @valid = $~[1] == 'yes'
@@ -53,7 +52,8 @@ module CASClient
       @protocol = 2.0
       
       if is_success?
-        @user = @xml.elements["cas:user"].text.strip if @xml.elements["cas:user"]
+        cas_user = @xml.elements["cas:user"]
+        @user = cas_user.text.strip if cas_user
         @pgt_iou =  @xml.elements["cas:proxyGrantingTicket"].text.strip if @xml.elements["cas:proxyGrantingTicket"]
         
         proxy_els = @xml.elements.to_a('//cas:authenticationSuccess/cas:proxies/cas:proxy')
@@ -65,16 +65,32 @@ module CASClient
         end
         
         @extra_attributes = {}
-        @xml.elements.to_a('//cas:authenticationSuccess/*').each do |el|
-          @extra_attributes.merge!(Hash.from_xml(el.to_s)) unless el.prefix == 'cas'
+        @xml.elements.to_a('//cas:authenticationSuccess/cas:attributes/* | //cas:authenticationSuccess/*[local-name() != \'proxies\' and local-name() != \'proxyGrantingTicket\' and local-name() != \'user\' and local-name() != \'attributes\']').each do |el|
+          # generating the hash requires prefixes to be defined, so add all of the namespaces
+          el.namespaces.each {|k,v| el.add_namespace(k,v)}
+          @extra_attributes.merge!(Hash.from_xml(el.to_s))
         end
         
         # unserialize extra attributes
         @extra_attributes.each do |k, v|
           if v.blank?
             @extra_attributes[k] = nil
-          else
-            @extra_attributes[k] = YAML.load(v)
+          elsif !options[:encode_extra_attributes_as]
+            begin
+                @extra_attributes[k] = YAML.load(v)
+              rescue ArgumentError
+                raise ArgumentError, "Did not find :encode_extra_attributes_as config parameter, hence default encoding scheme is YAML but CAS response recieved in encoded differently "
+              end
+          else 
+            if options[:encode_extra_attributes_as] == :json
+              begin
+                @extra_attributes[k] = JSON.parse(v)
+              rescue JSON::ParserError
+                @extra_attributes[k] = YAML.load(v)
+              end
+            else
+              @extra_attributes[k] = YAML.load(v)
+            end
           end
         end
       elsif is_failure?
@@ -84,9 +100,8 @@ module CASClient
         # this should never happen, since the response should already have been recognized as invalid
         raise BadResponseException, "BAD CAS RESPONSE:\n#{raw_text.inspect}\n\nXML DOC:\n#{doc.inspect}"
       end
-      
     end
-    
+
     def is_success?
       (instance_variable_defined?(:@valid) &&  @valid) || (protocol > 1.0 && xml.name == "authenticationSuccess")
     end
@@ -103,7 +118,7 @@ module CASClient
     
     attr_reader :proxy_ticket
     
-    def initialize(raw_text)
+    def initialize(raw_text, options={})
       parse(raw_text)
     end
     
@@ -141,7 +156,7 @@ module CASClient
     attr_reader :tgt, :ticket, :service_redirect_url
     attr_reader :failure_message
     
-    def initialize(http_response = nil)
+    def initialize(http_response = nil, options={})
       parse_http_response(http_response) if http_response
     end
     
@@ -160,9 +175,7 @@ module CASClient
         @ticket = $~[1]
       end
       
-      if (http_response.kind_of?(Net::HTTPSuccess) || http_response.kind_of?(Net::HTTPFound)) && @ticket.present?
-        log.info("Login was successful for ticket: #{@ticket.inspect}.")
-      else
+      if not ((http_response.kind_of?(Net::HTTPSuccess) || http_response.kind_of?(Net::HTTPFound)) && @ticket.present?)
         @failure = true
         # Try to extract the error message -- this only works with RubyCAS-Server.
         # For other servers we just return the entire response body (i.e. the whole error page).

data/lib/casclient/tickets/storage/active_record_ticket_store.rb

@@ -0,0 +1,67 @@
+module CASClient
+  module Tickets
+    module Storage
+
+      # A Ticket Store that keeps it's ticket in database tables using ActiveRecord.
+      #
+      # Services Tickets are stored in an extra column add to the ActiveRecord sessions table.
+      # Proxy Granting Tickets and their IOUs are stored in the cas_pgtious table.
+      #
+      # This ticket store takes the following config parameters
+      # :pgtious_table_name - the name of the table 
+      class ActiveRecordTicketStore < AbstractTicketStore
+
+        def initialize(config={})
+          config ||= {}
+          if config[:pgtious_table_name]
+            CasPgtiou.set_table_name = config[:pgtious_table_name]
+          end
+        end
+
+        def store_service_session_lookup(st, controller)
+          #get the session from the rack env using ActiveRecord::SessionStore::SESSION_RECORD_KEY = 'rack.session.record'
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          session = controller.request.env[ActiveRecord::SessionStore::SESSION_RECORD_KEY]
+          session.service_ticket = st
+        end
+
+        def get_session_for_service_ticket(st)
+          st = st.ticket if st.kind_of? ServiceTicket
+          session = ActiveRecord::SessionStore::Session.find_by_service_ticket(st)
+          session_id = session ? session.session_id : nil
+          [session_id, session]
+        end
+
+        def cleanup_service_session_lookup(st)
+          #no cleanup needed for this ticket store
+        end
+
+        def save_pgt_iou(pgt_iou, pgt)
+          pgtiou = CasPgtiou.create(:pgt_iou => pgt_iou, :pgt_id => pgt)
+        end
+
+        def retrieve_pgt(pgt_iou)
+          raise CASException, "No pgt_iou specified. Cannot retrieve the pgt." unless pgt_iou
+
+          pgtiou = CasPgtiou.find_by_pgt_iou(pgt_iou)
+          pgt = pgtiou.pgt_id
+
+          raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgt
+
+          pgtiou.destroy
+
+          pgt
+
+        end
+
+      end
+
+      class CasPgtiou < ActiveRecord::Base
+        #t.string :pgt_iou, :null => false
+        #t.string :pgt_id, :null => false
+        #t.timestamps
+      end
+    end
+  end
+end

data/lib/casclient/tickets/storage.rb

@@ -0,0 +1,167 @@
+module CASClient
+  module Tickets
+    module Storage
+      class AbstractTicketStore
+
+        attr_accessor :log
+        @log = CASClient::LoggerWrapper.new
+
+        def process_single_sign_out(si)
+
+          session_id, session = get_session_for_service_ticket(si)
+          if session
+            session.destroy
+            log.debug("Destroyed #{session.inspect} for session #{session_id.inspect} corresponding to service ticket #{si.inspect}.")
+          else
+            log.debug("Data for session #{session_id.inspect} was not found. It may have already been cleared by a local CAS logout request.")
+          end
+
+          if session_id
+            log.info("Single-sign-out for service ticket #{session_id.inspect} completed successfuly.")
+          else
+            log.debug("No session id found for CAS ticket #{si}")
+          end
+        end
+
+        def get_session_for_service_ticket(st)
+          session_id = read_service_session_lookup(si)
+          if session_id
+            session = ActiveRecord::SessionStore::Session.find_by_session_id(session_id)
+          else
+            log.warn("Couldn't destroy session with SessionIndex #{si} because no corresponding session id could be looked up.")
+          end
+          [session_id, session]
+        end
+
+        def store_service_session_lookup(st, controller)
+          raise 'Implement this in a subclass!'
+        end
+
+        def cleanup_service_session_lookup(st)
+          raise 'Implement this in a subclass!'
+        end
+
+        def save_pgt_iou(pgt_iou, pgt)
+          raise 'Implement this in a subclass!'
+        end
+
+        def retrieve_pgt(pgt_iou)
+          raise 'Implement this in a subclass!'
+        end
+
+        protected
+        def read_service_session_lookup(st)
+          raise 'Implement this in a subclass!'
+        end
+      end
+
+      # A Ticket Store that keeps it's tickets in a directory on the local filesystem.
+      # Service tickets are stored under tmp/sessions by default
+      # and Proxy Granting Tickets and their IOUs are stored in tmp/cas_pgt.pstore
+      # This Ticket Store works fine for small sites but will most likely have
+      # concurrency problems under heavy load. It also requires that all your
+      # worker processes have access to a shared file system.
+      #
+      # This ticket store takes the following config parameters
+      # :storage_dir - The directory to store data in. Defaults to RAILS_ROOT/tmp
+      # :service_session_lookup_dir - The directory to store Service Ticket/Session ID files in. Defaults to :storage_dir/sessions
+      # :pgt_store_path - The location to store the pgt PStore file. Defaults to :storage_dir/cas_pgt.pstore
+      class LocalDirTicketStore < AbstractTicketStore
+        require 'pstore'
+
+        DEFAULT_TMP_DIR = defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/tmp" : "#{Dir.pwd}/tmp"
+
+        def initialize(config={})
+          config ||= {}
+          @tmp_dir = config[:storage_dir] || DEFAULT_TMP_DIR
+          @service_session_lookup_dir = config[:service_session_lookup_dir] || "#{@tmp_dir}/sessions"
+          @pgt_store_path = config[:pgt_store_path] || "#{@tmp_dir}/cas_pgt.pstore"
+        end
+
+        # Creates a file in tmp/sessions linking a SessionTicket
+        # with the local Rails session id. The file is named
+        # cas_sess.<session ticket> and its text contents is the corresponding
+        # Rails session id.
+        # Returns the filename of the lookup file created.
+        def store_service_session_lookup(st, controller)
+          raise CASException, "No service_ticket specified." unless st
+          raise CASException, "No controller specified." unless controller
+
+          sid = controller.request.session_options[:id] || controller.session.session_id
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          f = File.new(filename_of_service_session_lookup(st), 'w')
+          f.write(sid)
+          f.close
+          return f.path
+        end
+
+        # Returns the local Rails session ID corresponding to the given
+        # ServiceTicket. This is done by reading the contents of the
+        # cas_sess.<session ticket> file created in a prior call to 
+        # #store_service_session_lookup.
+        def read_service_session_lookup(st)
+          raise CASException, "No service_ticket specified." unless st
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          ssl_filename = filename_of_service_session_lookup(st)
+          return File.exists?(ssl_filename) && IO.read(ssl_filename)
+        end
+
+        # Removes a stored relationship between a ServiceTicket and a local
+        # Rails session id. This should be called when the session is being
+        # closed.
+        #
+        # See #store_service_session_lookup.
+        def cleanup_service_session_lookup(st)
+          raise CASException, "No service_ticket specified." unless st
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          ssl_filename = filename_of_service_session_lookup(st)
+          File.delete(ssl_filename) if File.exists?(ssl_filename)
+        end
+
+        def save_pgt_iou(pgt_iou, pgt)
+          # TODO: pstore contents should probably be encrypted...
+          pstore = open_pstore
+
+          pstore.transaction do
+            pstore[pgt_iou] = pgt
+          end
+        end
+
+        def retrieve_pgt(pgt_iou)
+          raise CASException, "No pgt_iou specified. Cannot retrieve the pgt." unless pgt_iou
+
+          pstore = open_pstore
+
+          pgt = nil
+          pstore.transaction do
+            pgt = pstore[pgt_iou]
+          end
+
+          raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgt
+
+          # TODO: need to periodically clean the storage, otherwise it will just keep growing
+          pstore.transaction do
+            pstore.delete pgt_iou
+          end
+
+          pgt
+        end
+
+        private
+
+        # Returns the path and filename of the service session lookup file.
+        def filename_of_service_session_lookup(st)
+          st = st.ticket if st.kind_of? ServiceTicket
+          return "#{@service_session_lookup_dir}/cas_sess.#{st}"
+        end
+
+        def open_pstore
+          PStore.new(@pgt_store_path)
+        end
+      end
+    end
+  end
+end

data/lib/casclient/tickets.rb

@@ -2,7 +2,7 @@ module CASClient
   # Represents a CAS service ticket.
   class ServiceTicket
     attr_reader :ticket, :service, :renew
-    attr_accessor :response
+    attr_accessor :user, :extra_attributes, :pgt_iou, :success, :failure_code, :failure_message
     
     def initialize(ticket, service, renew = false)
       @ticket = ticket
@@ -11,11 +11,11 @@ module CASClient
     end
     
     def is_valid?
-      response.is_success?
+      success
     end
     
     def has_been_validated?
-      not response.nil?
+      not user.nil?
     end
   end
   

data/lib/casclient.rb

@@ -1,5 +1,6 @@
 require 'uri'
 require 'cgi'
+require 'logger'
 require 'net/https'
 require 'rexml/document'
 
@@ -65,7 +66,7 @@ end
 require 'casclient/tickets'
 require 'casclient/responses'
 require 'casclient/client'
-require 'casclient/version'
+require 'casclient/tickets/storage'
 
 # Detect legacy configuration and show appropriate error message
 module CAS
@@ -86,4 +87,4 @@ module CAS
     end
     end
   end
-end
+end

data/lib/rubycas-client.rb

@@ -1,5 +1 @@
-begin
-  require 'casclient'
-rescue MissingSourceFile
-  require 'lib/casclient'
-end
+require 'casclient'

data/rails_generators/active_record_ticket_store/USAGE

@@ -0,0 +1,9 @@
+Description:
+  Create a migration to add the service_ticket column to the sessions
+  table and create the cas_pgtious table for proxy ticket storage.
+  Pass the migration name as an optional parameter. The migration name
+  defaults to CreateActiveRecordTicketStore.
+
+Requirements:
+  You need to already have created the ActiveRecord::SessionStore sessions
+  table.

data/rails_generators/active_record_ticket_store/active_record_ticket_store_generator.rb

@@ -0,0 +1,29 @@
+class ActiveRecordTicketStoreGenerator < Rails::Generator::NamedBase
+
+  def initialize(runtime_args, runtime_options = {})
+    runtime_args << 'create_active_record_ticket_store' if runtime_args.empty?
+    super
+  end
+
+  def manifest
+    record do |m|
+      m.migration_template 'migration.rb', 'db/migrate',
+        :assigns => { :session_table_name => default_session_table_name, :pgtiou_table_name => default_pgtiou_table_name }
+      m.readme "README"
+    end
+  end
+
+  protected
+  def banner
+    "Usage: #{$0} #{spec.name} [CreateActiveRecordTicketStore] [options]"
+  end
+
+  def default_session_table_name
+    ActiveRecord::Base.pluralize_table_names ? 'session'.pluralize : 'session'
+  end
+
+  def default_pgtiou_table_name
+    ActiveRecord::Base.pluralize_table_names ? 'cas_pgtiou'.pluralize : 'cas_pgtiou'
+  end
+
+end

data/rails_generators/active_record_ticket_store/templates/README

@@ -0,0 +1 @@
+You need to make sure you have already created the sessions table for the ActiveRecord::SessionStore

data/rails_generators/active_record_ticket_store/templates/migration.rb

@@ -0,0 +1,24 @@
+class <%= class_name %> < ActiveRecord::Migration
+  def self.up
+    add_column :<%= session_table_name %>, :service_ticket, :string
+
+    add_index :<%= session_table_name %>, :service_ticket
+    
+    create_table :<%= pgtiou_table_name %> do |t|
+      t.string :pgt_iou, :null => false
+      t.string :pgt_id, :null => false
+      t.timestamps
+    end
+
+    add_index :<%= pgtiou_table_name %>, :pgt_iou, :unique => true
+  end
+
+  def self.down
+    drop_table :<%= pgtiou_table_name %>
+
+    remove_index :<%= session_table_name %>, :service_ticket
+
+    remove_column :<%= session_table_name %>, :service_ticket
+  end
+end
+