rubycas-client 2.3.8 → 2.3.9.rc1

data/.simplecov

@@ -0,0 +1,7 @@
+SimpleCov.start do
+  add_filter "/spec/.*_spec\.rb"
+  add_filter "/spec/.*/shared_examples.*"
+  add_filter "/spec/.*/.*helper(s?).rb"
+end
+
+# vim: filetype=ruby

data/.travis.yml

@@ -1,5 +1,7 @@
+language: ruby
 rvm:
   - 1.8.7
   - 1.9.2
   - 1.9.3
   - ree
+  - jruby-18mode

data/Gemfile

@@ -1,13 +1,26 @@
 source "http://rubygems.org"
 
 group :development do
-  gem "json", "~> 1.6.1"
-  gem "rspec", "~> 2.7.0"
+  gem "json"
+  gem "rspec"
   gem "bundler", ">= 1.0"
-  gem "jeweler", "~> 1.6.2"
-  gem "actionpack"
+  gem "jeweler"
+  gem "actionpack", :require => 'action_pack'
+  gem "activerecord", :require => 'active_record'
   gem "rake"
-  gem "rcov"
+  gem "simplecov", :require => false
+  gem "guard"
+  gem "guard-rspec"
+  gem "database_cleaner"
+
+  platforms :ruby do
+    gem "sqlite3"
+  end
+
+  platforms :jruby do
+    gem "jruby-openssl"
+    gem "activerecord-jdbcsqlite3-adapter"
+  end
 end
 
 gem "activesupport", :require => "active_support"

data/Gemfile.lock

@@ -4,35 +4,68 @@ GEM
     actionpack (2.3.11)
       activesupport (= 2.3.11)
       rack (~> 1.1.0)
+    activerecord (2.3.11)
+      activesupport (= 2.3.11)
+    activerecord-jdbc-adapter (1.2.2)
+    activerecord-jdbcsqlite3-adapter (1.2.2)
+      activerecord-jdbc-adapter (~> 1.2.2)
+      jdbc-sqlite3 (~> 3.7.2)
     activesupport (2.3.11)
+    bouncy-castle-java (1.5.0146.1)
+    database_cleaner (0.7.1)
     diff-lcs (1.1.3)
+    ffi (1.0.11)
+    ffi (1.0.11-java)
     git (1.2.5)
+    guard (1.0.0)
+      ffi (>= 0.5.0)
+      thor (~> 0.14.6)
+    guard-rspec (0.6.0)
+      guard (>= 0.10.0)
+    jdbc-sqlite3 (3.7.2)
     jeweler (1.6.4)
       bundler (~> 1.0)
       git (>= 1.2.5)
       rake
-    json (1.6.1)
+    jruby-openssl (0.7.5)
+      bouncy-castle-java (>= 1.5.0146.1)
+    json (1.6.5)
+    json (1.6.5-java)
+    multi_json (1.0.4)
     rack (1.1.2)
     rake (0.9.2.2)
-    rcov (0.9.11)
-    rspec (2.7.0)
-      rspec-core (~> 2.7.0)
-      rspec-expectations (~> 2.7.0)
-      rspec-mocks (~> 2.7.0)
-    rspec-core (2.7.1)
-    rspec-expectations (2.7.0)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
       diff-lcs (~> 1.1.2)
-    rspec-mocks (2.7.0)
+    rspec-mocks (2.8.0)
+    simplecov (0.5.4)
+      multi_json (~> 1.0.3)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+    sqlite3 (1.3.5)
+    thor (0.14.6)
 
 PLATFORMS
+  java
   ruby
 
 DEPENDENCIES
   actionpack
+  activerecord
+  activerecord-jdbcsqlite3-adapter
   activesupport
   bundler (>= 1.0)
-  jeweler (~> 1.6.2)
-  json (~> 1.6.1)
+  database_cleaner
+  guard
+  guard-rspec
+  jeweler
+  jruby-openssl
+  json
   rake
-  rcov
-  rspec (~> 2.7.0)
+  rspec
+  simplecov
+  sqlite3

data/Guardfile

@@ -0,0 +1,11 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'rspec', :version => 2, :cli => '-c -f doc' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+  watch(%r{^spec/support/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch(%r{^spec/support/(.+)\.rb$})     { "spec" }
+end
+

data/History.txt

@@ -1,5 +1,27 @@
 = RubyCAS-Client Changelog
 
+== Version 2.3.9rc1 :: 2012-03-24
+
+* Bug Fixes
+  * Fixed issue that caused Single Sign Out to fail (@bryanlarsen and @soorajb)
+  * Fixed issue in Filter#unauthorized! (@mscottford)
+  * Fixed #38, boolean values are now preserved in extra attribute yaml
+    parsing
+
+* New functionality
+  * Tweak the CasProxyCallbackController so it can be used with
+    rubycas-client-rails in Rails 3 (@bryanlarsen)
+  * Add support for calling the CAS Server through an HTTP proxy (@shevaun)
+  * Add support for specifying the service url to be added to the
+    logout url (@dyson)
+  * add support for extra attributes as xml attributes (@bhenderson)
+  * Add :raw mode to extra attribute parsing
+
+* Other
+  * Made writing and running rspec tests much easier
+  * Added tests for Ticket Stores
+  * Official support for jruby 1.6
+
 == Version 2.3.8 :: 2011-12-19
 
 * Bug Fixes

data/README.rdoc

@@ -1,4 +1,4 @@
-= RubyCAS-Client
+= RubyCAS-Client 
 
 Authors::   Matt Zukowski <matt AT roughest DOT net> and Matt Campbell <matt AT soupmatt DOT com>; inspired by code by Ola Bini <ola.bini AT ki DOT se> and Matt Walker <mwalker AT tamu DOT edu>
 Copyright:: Portions contributed by Matt Zukowski are copyright (c) 2009 Urbacon Ltd.
@@ -8,7 +8,7 @@ License::   MIT License
 Websites::  http://github.com/rubycas/rubycas-client
             http://github.com/rubycas/rubycas-client/wiki
             http://rubydoc.info/github/rubycas/rubycas-client/master/frames
-
+Build Status:: {<img src="http://travis-ci.org/rubycas/rubycas-client.png" />}[http://travis-ci.org/rubycas/rubycas-client]
 
 === RubyCAS-Client is a Ruby client library for Yale's Central Authentication Service (CAS) protocol.
 

data/Rakefile

@@ -24,18 +24,6 @@ Jeweler::Tasks.new do |gem|
 end
 Jeweler::RubygemsDotOrgTasks.new
 
-begin
-  require 'rcov/rcovtask'
-  Rcov::RcovTask.new do |test|
-    test.libs << 'test'
-    test.pattern = 'test/**/test_*.rb'
-    test.verbose = true
-    test.rcov_opts << '--exclude "gems/*"'
-  end
-rescue LoadError
-  puts "Hiding rcov tasks because rcov is not available"
-end
-
 begin
   require 'rspec/core/rake_task'
   desc 'Run RSpecs to confirm that all functionality is working as expected'

data/VERSION

@@ -1 +1 @@
-2.3.8
+2.3.9.rc1

data/lib/casclient.rb

@@ -56,7 +56,7 @@ module CASClient
     # Log using the appropriate method if we have a logger
     # if we dont' have a logger, gracefully ignore.
     def method_missing(name, *args)
-      if @real_logger && @real_logger.respond_to?(name)
+      if !@real_logger.nil? && @real_logger.respond_to?(name)
         @real_logger.send(name, *args)
       end
     end

data/lib/casclient/client.rb

@@ -4,27 +4,28 @@ module CASClient
     attr_reader :cas_base_url, :cas_destination_logout_param_name
     attr_reader :log, :username_session_key, :extra_attributes_session_key
     attr_reader :ticket_store
+    attr_reader :proxy_host, :proxy_port
     attr_writer :login_url, :validate_url, :proxy_url, :logout_url, :service_url
     attr_accessor :proxy_callback_url, :proxy_retrieval_url
-    
+
     def initialize(conf = nil)
       configure(conf) if conf
     end
-    
+
     def configure(conf)
       #TODO: raise error if conf contains unrecognized cas options (this would help detect user typos in the config)
 
       raise ArgumentError, "Missing :cas_base_url parameter!" unless conf[:cas_base_url]
-      
+
       if conf.has_key?("encode_extra_attributes_as")
         unless (conf[:encode_extra_attributes_as] == :json || conf[:encode_extra_attributes_as] == :yaml)
           raise ArgumentError, "Unkown Value for :encode_extra_attributes_as parameter! Allowed options are json or yaml - #{conf[:encode_extra_attributes_as]}"
         end
       end
-   
-      @cas_base_url      = conf[:cas_base_url].gsub(/\/$/, '')       
+
+      @cas_base_url      = conf[:cas_base_url].gsub(/\/$/, '')
       @cas_destination_logout_param_name = conf[:cas_destination_logout_param_name]
-      
+
       @login_url    = conf[:login_url]
       @logout_url   = conf[:logout_url]
       @validate_url = conf[:validate_url]
@@ -32,7 +33,11 @@ module CASClient
       @service_url  = conf[:service_url]
       @force_ssl_verification  = conf[:force_ssl_verification]
       @proxy_callback_url  = conf[:proxy_callback_url]
-      
+
+      #proxy server settings
+      @proxy_host = conf[:proxy_host]
+      @proxy_port = conf[:proxy_port]
+
       @username_session_key         = conf[:username_session_key] || :cas_user
       @extra_attributes_session_key = conf[:extra_attributes_session_key] || :cas_extra_attributes
       @ticket_store_class = case conf[:ticket_store]
@@ -45,13 +50,13 @@ module CASClient
       end
       @ticket_store = @ticket_store_class.new conf[:ticket_store_config]
       raise CASException, "The Ticket Store is not a subclass of AbstractTicketStore, it is a #{@ticket_store_class}" unless @ticket_store.kind_of? CASClient::Tickets::Storage::AbstractTicketStore
-      
+
       @log = CASClient::LoggerWrapper.new
       @log.set_real_logger(conf[:logger]) if conf[:logger]
       @ticket_store.log = @log
       @conf_options = conf
     end
-    
+
     def cas_destination_logout_param_name
       @cas_destination_logout_param_name || "destination"
     end
@@ -59,11 +64,11 @@ module CASClient
     def login_url
       @login_url || (cas_base_url + "/login")
     end
-    
+
     def validate_url
       @validate_url || (cas_base_url + "/proxyValidate")
     end
-    
+
     # Returns the CAS server's logout url.
     #
     # If a logout_url has not been explicitly configured,
@@ -72,39 +77,40 @@ module CASClient
     # destination_url:: Set this if you want the user to be
     #                   able to immediately log back in. Generally
     #                   you'll want to use something like <tt>request.referer</tt>.
-    #                   Note that the above behaviour describes RubyCAS-Server 
+    #                   Note that the above behaviour describes RubyCAS-Server
     #                   -- other CAS server implementations might use this
     #                   parameter differently (or not at all).
     # follow_url:: This satisfies section 2.3.1 of the CAS protocol spec.
     #              See http://www.ja-sig.org/products/cas/overview/protocol
-    def logout_url(destination_url = nil, follow_url = nil)
+    def logout_url(destination_url = nil, follow_url = nil, service_url = nil)
       url = @logout_url || (cas_base_url + "/logout")
-      
+      uri = URI.parse(url)
+      service_url = (service_url if service_url) || @service_url
+      h = uri.query ? query_to_hash(uri.query) : {}
+
       if destination_url
         # if present, remove the 'ticket' parameter from the destination_url
         duri = URI.parse(destination_url)
-        h = duri.query ? query_to_hash(duri.query) : {}
-        h.delete('ticket')
-        duri.query = hash_to_query(h)
+        dh = duri.query ? query_to_hash(duri.query) : {}
+        dh.delete('ticket')
+        duri.query = hash_to_query(dh)
         destination_url = duri.to_s.gsub(/\?$/, '')
-      end
-      
-      if destination_url || follow_url
-        uri = URI.parse(url)
-        h = uri.query ? query_to_hash(uri.query) : {}
         h[cas_destination_logout_param_name] = destination_url if destination_url
+        h['gateway'] = 'true'
+      elsif follow_url
         h['url'] = follow_url if follow_url
-        uri.query = hash_to_query(h)
-        uri.to_s
+        h['service'] = service_url
       else
-        url
+        h['service'] = service_url
       end
+      uri.query = hash_to_query(h)
+      uri.to_s
     end
-    
+
     def proxy_url
       @proxy_url || (cas_base_url + "/proxy")
     end
-    
+
     def validate_service_ticket(st)
       uri = URI.parse(validate_url)
       h = uri.query ? query_to_hash(uri.query) : {}
@@ -113,7 +119,7 @@ module CASClient
       h['renew'] = "1" if st.renew
       h['pgtUrl'] = proxy_callback_url if proxy_callback_url
       uri.query = hash_to_query(h)
-      
+
       response = request_cas_response(uri, ValidationResponse)
       st.user = response.user
       st.extra_attributes = response.extra_attributes
@@ -121,22 +127,20 @@ module CASClient
       st.success = response.is_success?
       st.failure_code = response.failure_code
       st.failure_message = response.failure_message
-      
+
       return st
     end
     alias validate_proxy_ticket validate_service_ticket
-    
+
     # Returns true if the configured CAS server is up and responding;
     # false otherwise.
     def cas_server_is_up?
       uri = URI.parse(login_url)
-      
+
       log.debug "Checking if CAS server at URI '#{uri}' is up..."
-      
-      https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = (uri.scheme == 'https')
-      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
-      
+
+      https = https_connection(uri)
+
       begin
         raw_res = https.start do |conn|
           conn.get("#{uri.path}?#{uri.query}")
@@ -145,22 +149,22 @@ module CASClient
         log.warn "CAS server did not respond! (#{e.inspect})"
         return false
       end
-      
+
       log.debug "CAS server responded with #{raw_res.inspect}:\n#{raw_res.body}"
-      
+
       return raw_res.kind_of?(Net::HTTPSuccess)
     end
-    
-    # Requests a login using the given credentials for the given service; 
+
+    # Requests a login using the given credentials for the given service;
     # returns a LoginResponse object.
     def login_to_service(credentials, service)
       lt = request_login_ticket
-      
+
       data = credentials.merge(
         :lt => lt,
-        :service => service 
+        :service => service
       )
-      
+
       res = submit_data_to_cas(login_url, data)
       response = CASClient::LoginResponse.new(res)
 
@@ -170,7 +174,7 @@ module CASClient
 
       return response
     end
-  
+
     # Requests a login ticket from the CAS server for use in a login request;
     # returns a LoginTicket object.
     #
@@ -178,18 +182,16 @@ module CASClient
     # tickets in this manner is not part of the official CAS spec.
     def request_login_ticket
       uri = URI.parse(login_url+'Ticket')
-      https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = (uri.scheme == 'https')
-      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
+      https = https_connection(uri)
       res = https.post(uri.path, ';')
-      
+
       raise CASException, res.body unless res.kind_of? Net::HTTPSuccess
-      
+
       res.body.strip
     end
-    
+
     # Requests a proxy ticket from the CAS server for the given service
-    # using the given pgt (proxy granting ticket); returns a ProxyTicket 
+    # using the given pgt (proxy granting ticket); returns a ProxyTicket
     # object.
     #
     # The pgt required to request a proxy ticket is obtained as part of
@@ -200,17 +202,17 @@ module CASClient
       h['pgt'] = pgt.ticket
       h['targetService'] = target_service
       uri.query = hash_to_query(h)
-      
+
       response = request_cas_response(uri, ProxyResponse)
-      
+
       pt = ProxyTicket.new(response.proxy_ticket, target_service)
       pt.success = response.is_success?
       pt.failure_code = response.failure_code
       pt.failure_message = response.failure_message
-      
+
       return pt
     end
-    
+
     def retrieve_proxy_granting_ticket(pgt_iou)
       pgt = @ticket_store.retrieve_pgt(pgt_iou)
 
@@ -218,24 +220,29 @@ module CASClient
 
       ProxyGrantingTicket.new(pgt, pgt_iou)
     end
-    
+
     def add_service_to_login_url(service_url)
       uri = URI.parse(login_url)
       uri.query = (uri.query ? uri.query + "&" : "") + "service=#{CGI.escape(service_url)}"
       uri.to_s
     end
-    
+
     private
+
+    def https_connection(uri)
+      https = Net::HTTP::Proxy(proxy_host, proxy_port).new(uri.host, uri.port)
+      https.use_ssl = (uri.scheme == 'https')
+      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
+      https
+    end
+
     # Fetches a CAS response of the given type from the given URI.
     # Type should be either ValidationResponse or ProxyResponse.
     def request_cas_response(uri, type, options={})
       log.debug "Requesting CAS response for URI #{uri}"
-      
+
       uri = URI.parse(uri) unless uri.kind_of? URI
-      https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = (uri.scheme == 'https')
-      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
-      
+      https = https_connection(uri)
       begin
         raw_res = https.start do |conn|
           conn.get("#{uri.path}?#{uri.query}")
@@ -244,7 +251,7 @@ module CASClient
         log.error "CAS server did not respond! (#{e.inspect})"
         raise "The CAS authentication server at #{uri} is not responding!"
       end
-      
+
       # We accept responses of type 422 since RubyCAS-Server generates these
       # in response to requests from the client that are processable but contain
       # invalid CAS data (for example an invalid service ticket).
@@ -254,25 +261,23 @@ module CASClient
         log.error "CAS server responded with an error! (#{raw_res.inspect})"
         raise "The CAS authentication server at #{uri} responded with an error (#{raw_res.inspect})!"
       end
-     
+
       type.new(raw_res.body, @conf_options)
     end
-    
+
     # Submits some data to the given URI and returns a Net::HTTPResponse.
     def submit_data_to_cas(uri, data)
       uri = URI.parse(uri) unless uri.kind_of? URI
       req = Net::HTTP::Post.new(uri.path)
       req.set_form_data(data, ';')
-      https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = (uri.scheme == 'https')
-      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
+      https = https_connection(uri)
       https.start {|conn| conn.request(req) }
     end
-    
+
     def query_to_hash(query)
       CGI.parse(query)
     end
-      
+
     def hash_to_query(hash)
       pairs = []
       hash.each do |k, vals|