rubycas-client 2.3.8 → 2.3.9.rc1

data/lib/casclient/frameworks/rails/cas_proxy_callback_controller.rb

@@ -22,8 +22,12 @@ class CasProxyCallbackController < ActionController::Base
     render :text => "Okay, the server is up, but please specify a pgtIou and pgtId." and return unless pgtIou and pgtId
     
     # TODO: pstore contents should probably be encrypted...
-    
-    casclient = CASClient::Frameworks::Rails::Filter.client
+
+    if Rails::VERSION::MAJOR > 2
+      casclient = RubyCAS::Filter.client
+    else
+      casclient = CASClient::Frameworks::Rails::Filter.client
+    end
 
     casclient.ticket_store.save_pgt_iou(pgtIou, pgtId)
 

data/lib/casclient/frameworks/rails/filter.rb

@@ -218,7 +218,10 @@ module CASClient
           end
           
           def unauthorized!(controller, vr = nil)
-            format = controller.request.format.to_sym
+            format = nil
+            unless controller.request.format.nil?
+              format = controller.request.format.to_sym
+            end
             format = (format == :js ? :json : format)
             case format
             when :xml, :json

data/lib/casclient/responses.rb

@@ -2,39 +2,39 @@ module CASClient
   module XmlResponse
     attr_reader :xml, :parse_datetime
     attr_reader :failure_code, :failure_message
-    
+
     def check_and_parse_xml(raw_xml)
       begin
-        doc = REXML::Document.new(raw_xml)
+        doc = REXML::Document.new(raw_xml, :raw => :all)
       rescue REXML::ParseException => e
         raise BadResponseException, 
           "MALFORMED CAS RESPONSE:\n#{raw_xml.inspect}\n\nEXCEPTION:\n#{e}"
       end
-      
+
       unless doc.elements && doc.elements["cas:serviceResponse"]
         raise BadResponseException, 
           "This does not appear to be a valid CAS response (missing cas:serviceResponse root element)!\nXML DOC:\n#{doc.to_s}"
       end
-      
+
       return doc.elements["cas:serviceResponse"].elements[1]
     end
-    
+
     def to_s
       xml.to_s
     end
   end
-  
+
   # Represents a response from the CAS server to a 'validate' request
   # (i.e. after validating a service/proxy ticket).
   class ValidationResponse
     include XmlResponse
-    
+
     attr_reader :protocol, :user, :pgt_iou, :proxies, :extra_attributes
-    
+
     def initialize(raw_text, options={})
       parse(raw_text, options)
     end
-    
+
     def parse(raw_text, options)
       raise BadResponseException, 
         "CAS response is empty/blank." if raw_text.blank?
@@ -45,17 +45,17 @@ module CASClient
         @user = $~[2]
         return
       end
-      
+
       @xml = check_and_parse_xml(raw_text)
-      
+
       # if we got this far then we've got a valid XML response, so we're doing CAS 2.0
       @protocol = 2.0
-      
+
       if is_success?
         cas_user = @xml.elements["cas:user"]
         @user = cas_user.text.strip if cas_user
         @pgt_iou =  @xml.elements["cas:proxyGrantingTicket"].text.strip if @xml.elements["cas:proxyGrantingTicket"]
-        
+
         proxy_els = @xml.elements.to_a('//cas:authenticationSuccess/cas:proxies/cas:proxy')
         if proxy_els.size > 0
           @proxies = []
@@ -63,13 +63,18 @@ module CASClient
             @proxies << el.text
           end
         end
-        
+
         @extra_attributes = {}
         @xml.elements.to_a('//cas:authenticationSuccess/cas:attributes/* | //cas:authenticationSuccess/*[local-name() != \'proxies\' and local-name() != \'proxyGrantingTicket\' and local-name() != \'user\' and local-name() != \'attributes\']').each do |el|
           inner_text = el.cdatas.length > 0 ? el.cdatas.join('') : el.text
-          @extra_attributes.merge! el.name => inner_text
+          name = el.name
+          unless (attrs = el.attributes).empty?
+            name       = attrs['name']
+            inner_text = attrs['value']
+          end
+          @extra_attributes.merge! name => inner_text
         end
-        
+
         # unserialize extra attributes
         @extra_attributes.each do |k, v|
           @extra_attributes[k] = parse_extra_attribute_value(v, options[:encode_extra_attributes_as])
@@ -85,26 +90,28 @@ module CASClient
 
     def parse_extra_attribute_value(value, encode_extra_attributes_as)
       attr_value = if value.blank?
-        nil
-      elsif !encode_extra_attributes_as
-        begin
-            YAML.load(value)
-          rescue ArgumentError
-            raise ArgumentError, "Did not find :encode_extra_attributes_as config parameter, hence default encoding scheme is YAML but CAS response recieved in encoded differently "
-          end
-      else
-        if encode_extra_attributes_as == :json
-          begin
-            JSON.parse(value)
-          rescue JSON::ParserError
-            value
-          end
-        else
-          YAML.load(value)
-        end
-      end
+         nil
+       elsif !encode_extra_attributes_as
+         begin
+           YAML.load(value)
+         rescue ArgumentError => e
+           raise ArgumentError, "Error parsing extra attribute with value #{value} as YAML: #{e}"
+         end
+       else
+         if encode_extra_attributes_as == :json
+           begin
+             JSON.parse(value)
+           rescue JSON::ParserError
+             value
+           end
+         elsif encode_extra_attributes_as == :raw
+           value
+         else
+           YAML.load(value)
+         end
+       end
 
-      unless (attr_value.kind_of? Enumerable) || attr_value.nil?
+      unless attr_value.kind_of?(Enumerable) || attr_value.kind_of?(TrueClass) || attr_value.kind_of?(FalseClass) || attr_value.nil?
         attr_value.to_s
       else
         attr_value
@@ -114,30 +121,30 @@ module CASClient
     def is_success?
       (instance_variable_defined?(:@valid) &&  @valid) || (protocol > 1.0 && xml.name == "authenticationSuccess")
     end
-    
+
     def is_failure?
       (instance_variable_defined?(:@valid) && !@valid) || (protocol > 1.0 && xml.name == "authenticationFailure" )
     end
   end
-  
+
   # Represents a response from the CAS server to a proxy ticket request 
   # (i.e. after requesting a proxy ticket).
   class ProxyResponse
     include XmlResponse
-    
+
     attr_reader :proxy_ticket
-    
+
     def initialize(raw_text, options={})
       parse(raw_text)
     end
-    
+
     def parse(raw_text)
       raise BadResponseException, 
         "CAS response is empty/blank." if raw_text.blank?
       @parse_datetime = Time.now
-      
+
       @xml = check_and_parse_xml(raw_text)
-      
+
       if is_success?
         @proxy_ticket = @xml.elements["cas:proxyTicket"].text.strip if @xml.elements["cas:proxyTicket"]
       elsif is_failure?
@@ -147,43 +154,43 @@ module CASClient
         # this should never happen, since the response should already have been recognized as invalid
         raise BadResponseException, "BAD CAS RESPONSE:\n#{raw_text.inspect}\n\nXML DOC:\n#{doc.inspect}"
       end
-      
+
     end
-    
+
     def is_success?
       xml.name == "proxySuccess"
     end
-    
+
     def is_failure?
       xml.name == "proxyFailure"
     end
   end
-  
+
   # Represents a response from the CAS server to a login request 
   # (i.e. after submitting a username/password).
   class LoginResponse
     attr_reader :tgt, :ticket, :service_redirect_url
     attr_reader :failure_message
-    
+
     def initialize(http_response = nil, options={})
       parse_http_response(http_response) if http_response
     end
-    
+
     def parse_http_response(http_response)
       header = http_response.to_hash
-      
+
       # FIXME: this regexp might be incorrect...
       if header['set-cookie'] && 
-          header['set-cookie'].first && 
-          header['set-cookie'].first =~ /tgt=([^&]+);/
+        header['set-cookie'].first && 
+        header['set-cookie'].first =~ /tgt=([^&]+);/
         @tgt = $~[1]
       end
-    
+
       location = header['location'].first if header['location'] && header['location'].first
       if location =~ /ticket=([^&]+)/
         @ticket = $~[1]
       end
-      
+
       if not ((http_response.kind_of?(Net::HTTPSuccess) || http_response.kind_of?(Net::HTTPFound)) && @ticket.present?)
         @failure = true
         # Try to extract the error message -- this only works with RubyCAS-Server.
@@ -195,19 +202,19 @@ module CASClient
           @failure_message = body
         end
       end
-      
+
       @service_redirect_url = location
     end
-    
+
     def is_success?
       !@failure && !ticket.blank?
     end
-    
+
     def is_failure?
       @failure == true
     end
   end
-  
+
   class BadResponseException < CASException
   end
 end

data/lib/casclient/tickets/storage.rb

@@ -4,14 +4,16 @@ module CASClient
       class AbstractTicketStore
 
         attr_accessor :log
-        @log = CASClient::LoggerWrapper.new
+        def log
+          @log ||= CASClient::LoggerWrapper.new
+        end
 
-        def process_single_sign_out(si)
+        def process_single_sign_out(st)
 
-          session_id, session = get_session_for_service_ticket(si)
+          session_id, session = get_session_for_service_ticket(st)
           if session
             session.destroy
-            log.debug("Destroyed #{session.inspect} for session #{session_id.inspect} corresponding to service ticket #{si.inspect}.")
+            log.debug("Destroyed #{session.inspect} for session #{session_id.inspect} corresponding to service ticket #{st.inspect}.")
           else
             log.debug("Data for session #{session_id.inspect} was not found. It may have already been cleared by a local CAS logout request.")
           end
@@ -19,16 +21,17 @@ module CASClient
           if session_id
             log.info("Single-sign-out for service ticket #{session_id.inspect} completed successfuly.")
           else
-            log.debug("No session id found for CAS ticket #{si}")
+            log.debug("No session id found for CAS ticket #{st}")
           end
         end
 
         def get_session_for_service_ticket(st)
-          session_id = read_service_session_lookup(si)
-          if session_id
-            session = ActiveRecord::SessionStore::Session.find_by_session_id(session_id)
+          session_id = read_service_session_lookup(st)
+          unless session_id.nil?
+            # This feels a bit hackish, but there isn't really a better way to go about it that I am aware of yet
+            session = ActiveRecord::SessionStore.session_class.find_by_session_id(session_id)
           else
-            log.warn("Couldn't destroy session with SessionIndex #{si} because no corresponding session id could be looked up.")
+            log.warn("Couldn't destroy session service ticket #{st} because no corresponding session id could be found.")
           end
           [session_id, session]
         end
@@ -53,6 +56,12 @@ module CASClient
         def read_service_session_lookup(st)
           raise 'Implement this in a subclass!'
         end
+
+        def session_id_from_controller(controller)
+          session_id = controller.request.session_options[:id] || controller.session.session_id
+          raise CASClient::CASException, "Failed to extract session_id from controller" if session_id.nil?
+          session_id
+        end
       end
 
       # A Ticket Store that keeps it's tickets in a directory on the local filesystem.
@@ -83,10 +92,10 @@ module CASClient
         # Rails session id.
         # Returns the filename of the lookup file created.
         def store_service_session_lookup(st, controller)
-          raise CASException, "No service_ticket specified." unless st
-          raise CASException, "No controller specified." unless controller
+          raise CASException, "No service_ticket specified." if st.nil?
+          raise CASException, "No controller specified." if controller.nil?
 
-          sid = controller.request.session_options[:id] || controller.session.session_id
+          sid = session_id_from_controller(controller)
 
           st = st.ticket if st.kind_of? ServiceTicket
           f = File.new(filename_of_service_session_lookup(st), 'w')
@@ -100,11 +109,11 @@ module CASClient
         # cas_sess.<session ticket> file created in a prior call to 
         # #store_service_session_lookup.
         def read_service_session_lookup(st)
-          raise CASException, "No service_ticket specified." unless st
+          raise CASException, "No service_ticket specified." if st.nil?
 
           st = st.ticket if st.kind_of? ServiceTicket
           ssl_filename = filename_of_service_session_lookup(st)
-          return File.exists?(ssl_filename) && IO.read(ssl_filename)
+          return IO.read(ssl_filename) if File.exists?(ssl_filename)
         end
 
         # Removes a stored relationship between a ServiceTicket and a local
@@ -113,7 +122,7 @@ module CASClient
         #
         # See #store_service_session_lookup.
         def cleanup_service_session_lookup(st)
-          raise CASException, "No service_ticket specified." unless st
+          raise CASException, "No service_ticket specified." if st.nil?
 
           st = st.ticket if st.kind_of? ServiceTicket
           ssl_filename = filename_of_service_session_lookup(st)
@@ -121,6 +130,9 @@ module CASClient
         end
 
         def save_pgt_iou(pgt_iou, pgt)
+          raise CASException, "Invalid pgt_iou" if pgt_iou.nil?
+          raise CASException, "Invalid pgt" if pgt.nil?
+
           # TODO: pstore contents should probably be encrypted...
           pstore = open_pstore
 
@@ -135,17 +147,14 @@ module CASClient
           pstore = open_pstore
 
           pgt = nil
+          # TODO: need to periodically clean the storage, otherwise it will just keep growing
           pstore.transaction do
             pgt = pstore[pgt_iou]
+            pstore.delete pgt_iou
           end
 
           raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgt
 
-          # TODO: need to periodically clean the storage, otherwise it will just keep growing
-          pstore.transaction do
-            pstore.delete pgt_iou
-          end
-
           pgt
         end
 

data/lib/casclient/tickets/storage/active_record_ticket_store.rb

@@ -19,25 +19,30 @@ module CASClient
         end
 
         def store_service_session_lookup(st, controller)
-          #get the session from the rack env using ActiveRecord::SessionStore::SESSION_RECORD_KEY = 'rack.session.record'
+          raise CASException, "No service_ticket specified." unless st
+          raise CASException, "No controller specified." unless controller
 
           st = st.ticket if st.kind_of? ServiceTicket
           session = controller.session
           session[:service_ticket] = st
         end
 
-        def get_session_for_service_ticket(st)
+        def read_service_session_lookup(st)
+          raise CASException, "No service_ticket specified." unless st
           st = st.ticket if st.kind_of? ServiceTicket
           session = ActiveRecord::SessionStore::Session.find_by_service_ticket(st)
-          session_id = session ? session.session_id : nil
-          [session_id, session]
+          session ? session.session_id : nil
         end
 
         def cleanup_service_session_lookup(st)
           #no cleanup needed for this ticket store
+          #we still raise the exception for API compliance
+          raise CASException, "No service_ticket specified." unless st
         end
 
         def save_pgt_iou(pgt_iou, pgt)
+          raise CASClient::CASException.new("Invalid pgt_iou") if pgt_iou.nil?
+          raise CASClient::CASException.new("Invalid pgt") if pgt.nil?
           pgtiou = CasPgtiou.create(:pgt_iou => pgt_iou, :pgt_id => pgt)
         end
 
@@ -45,9 +50,9 @@ module CASClient
           raise CASException, "No pgt_iou specified. Cannot retrieve the pgt." unless pgt_iou
 
           pgtiou = CasPgtiou.find_by_pgt_iou(pgt_iou)
-          pgt = pgtiou.pgt_id
 
-          raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgt
+          raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgtiou
+          pgt = pgtiou.pgt_id
 
           pgtiou.destroy