vibes-rubycas-client 2.3.0.alpha → 2.3.0.alpha2

data/Gemfile

@@ -6,10 +6,11 @@ source "http://rubygems.org"
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  gem "shoulda", ">= 0"
+  gem "riot"
+  gem "rr"
   gem "bundler", "~> 1.0.0"
   gem "jeweler", "~> 1.6.2"
-  gem "rcov", ">= 0"
+  gem "rcov"
 end
 
 gem "activesupport", "~> 2.3.11"

data/Gemfile.lock

@@ -9,7 +9,9 @@ GEM
       rake
     rake (0.9.2)
     rcov (0.9.9)
-    shoulda (2.11.3)
+    riot (0.12.4)
+      rr
+    rr (1.0.2)
 
 PLATFORMS
   ruby
@@ -19,4 +21,5 @@ DEPENDENCIES
   bundler (~> 1.0.0)
   jeweler (~> 1.6.2)
   rcov
-  shoulda
+  riot
+  rr

data/History.txt

@@ -1,5 +1,26 @@
 = RubyCAS-Client Changelog
 
+== Version 2.3.0 :: Prerelease
+
+* New Functionality
+  * Add configuration option to expect complex extra attributes to be encoded
+    in json instead of yaml
+  * Split out storage mechanism for single sign out and proxy ticket storage so
+    that it is modular
+
+* Changes to existing functionality
+  * Change gem building from hoe to jeweler
+  * expect extra attributes to be nested under a cas:attributes elemenet to
+    improve compatibility with other extra attribute implementations
+  * Unauthorized requests to URLs ending in .json now show an JSON formatted
+    response
+
+* Bug Fixes
+  * Fixed bug introduced by upstream patch that broke proxy ticket validation
+    when using extra attributes
+  * Fixed bug where extra attributes key was set on the session with a null
+    value when faking with no extra attributes
+
 == Version 2.2.1 :: 2010-06-24
 
 * Removed a 3rd party patch to the logging mechanism that broke the client under

data/README.rdoc

@@ -1,13 +1,13 @@
 = RubyCAS-Client
 
-Author::    Matt Zukowski <matt AT roughest DOT net>; inspired by code by Ola Bini <ola.bini AT ki DOT se> and Matt Walker <mwalker AT tamu DOT edu>
+Authors::   Matt Campbell and Rahul Joshi, forked from original project by Matt Zukowski <matt AT roughest DOT net>; inspired by code by Ola Bini <ola.bini AT ki DOT se> and Matt Walker <mwalker AT tamu DOT edu>
 Copyright:: Portions contributed by Matt Zukowski are copyright (c) 2009 Urbacon Ltd.
+            Protions contributed by Matt Campbell and Rahul Joshi are copyright (c) 2011 Vibes Media LLC.
             Other portions are copyright of their respective authors.
 License::   MIT License
-Websites::  http://github.com/gunark/rubycas-client
-            http://code.google.com/p/rubycas-client
-            http://rubyforge.org/projects/rubycas-client
-            
+Websites::  http://github.com/vibes/rubycas-client
+            http://github.com/vibes/rubycas-client/wiki
+            http://rubydoc.info/github/vibes/rubycas-client/master/frames
 
 
 === RubyCAS-Client is a Ruby client library for Yale's Central Authentication Service (CAS) protocol.
@@ -234,7 +234,6 @@ In your <tt>config/environment.rb</tt>:
 
   CASClient::Frameworks::Rails::Filter.configure(
     :cas_base_url => "https://cas.example.foo/",
-    :proxy_retrieval_url => "https://cas-proxy-callback.example.foo/cas_proxy_callback/retrieve_pgt",
     :proxy_callback_url => "https://cas-proxy-callback.example.foo/cas_proxy_callback/receive_pgt",
     :logger => cas_logger
   )
@@ -254,12 +253,9 @@ but your Rails server wouldn't respond to the CAS server's callback until the CA
 
 The simplest workaround is this:
 
-1. Create an empty rails app (i.e. something like <tt>rails cas_proxy_callback</tt>)
-2. Make sure that you have the CAS plugin installed. If you installed it as a gem, you don't have to do anything since
-   it is already installed. If you want to install as a plugin, see the instructions in the "Installing" section above.
-3. Make sure that the server is up and running, and configure your proxy_callback_url and proxy_retrieval_url to point
-   to the new server as described above (or rather, make Pound point to the new server, if that's how you're handling https).
-   
+Run rails using a server that handles multiple concurrent requests. In development, you can use Phusion Passenger Standalone,
+POW (http://pow.cx/), unicorn and many others. In production, I imagine you already support multiple concurrent requests.
+
 That's it. The proxy_callback_controller doesn't require any additional configuration. It doesn't access the database
 or anything of that sort.
 
@@ -315,6 +311,12 @@ In your test or Cucumber step definition, simply fake out CAS.
 This functionality was present in the original version of this plugin.
 The value of the username is stored in session[:cas_user] (or the user specified field) and session[:casfilteruser] for backwards-compatibility.
 
+If you need to fake out extra attributes, you can do so like this:
+
+  CASClient::Frameworks::Rails::Filter.fake("homer", {:role => "user", :email => "homer@test.foo"})
+
+And the extra attributes will get put in the proper place in the session.
+
 == License
 
 RubyCAS-Client is licensed for use under the terms of the MIT License.

data/Rakefile

@@ -27,8 +27,8 @@ Jeweler::RubygemsDotOrgTasks.new
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/test_*.rb'
+  test.libs << 'test'
+  test.pattern = 'test/**/*_test.rb'
   test.verbose = true
 end
 

data/VERSION

@@ -1 +1 @@
-2.3.0.alpha
+2.3.0.alpha2

data/lib/casclient/client.rb

@@ -3,6 +3,7 @@ module CASClient
   class Client
     attr_reader :cas_base_url 
     attr_reader :log, :username_session_key, :extra_attributes_session_key
+    attr_reader :ticket_store
     attr_writer :login_url, :validate_url, :proxy_url, :logout_url, :service_url
     attr_accessor :proxy_callback_url, :proxy_retrieval_url
     
@@ -15,6 +16,12 @@ module CASClient
 
       raise ArgumentError, "Missing :cas_base_url parameter!" unless conf[:cas_base_url]
       
+      if conf.has_key?("encode_extra_attributes_as")
+        unless (conf[:encode_extra_attributes_as] == :json || conf[:encode_extra_attributes_as] == :yaml)
+          raise ArgumentError, "Unkown Value for :encode_extra_attributes_as parameter! Allowed options are json or yaml - #{conf[:encode_extra_attributes_as]}"
+        end
+      end
+   
       @cas_base_url      = conf[:cas_base_url].gsub(/\/$/, '')       
       
       @login_url    = conf[:login_url]
@@ -24,13 +31,16 @@ module CASClient
       @service_url  = conf[:service_url]
       @force_ssl_verification  = conf[:force_ssl_verification]
       @proxy_callback_url  = conf[:proxy_callback_url]
-      @proxy_retrieval_url = conf[:proxy_retrieval_url]
       
       @username_session_key         = conf[:username_session_key] || :cas_user
       @extra_attributes_session_key = conf[:extra_attributes_session_key] || :cas_extra_attributes
+      @ticket_store_class = conf[:ticket_store] || CASClient::Tickets::Storage::LocalDirTicketStore
+      @ticket_store = @ticket_store_class.new conf[:ticket_store_config]
+      raise CASException, "The Ticket Store is not a subclass of AbstractTicketStore, it is a #{@ticket_store_class}" unless @ticket_store.kind_of? CASClient::Tickets::Storage::AbstractTicketStore
       
       @log = CASClient::LoggerWrapper.new
       @log.set_real_logger(conf[:logger]) if conf[:logger]
+      @conf_options = conf
     end
     
     def login_url
@@ -181,28 +191,11 @@ module CASClient
     end
     
     def retrieve_proxy_granting_ticket(pgt_iou)
-      uri = URI.parse(proxy_retrieval_url)
-      uri.query = (uri.query ? uri.query + "&" : "") + "pgtIou=#{CGI.escape(pgt_iou)}"
-      retrieve_url = uri.to_s
-      
-      log.debug "Retrieving PGT for PGT IOU #{pgt_iou.inspect} from #{retrieve_url.inspect}"
-      
-#      https = Net::HTTP.new(uri.host, uri.port)
-#      https.use_ssl = (uri.scheme == 'https')
-#      res = https.post(uri.path, ';')
-      uri = URI.parse(uri) unless uri.kind_of? URI
-      https = Net::HTTP.new(uri.host, uri.port)
-      https.use_ssl = (uri.scheme == 'https')
-      https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
-      
-      res = https.start do |conn|
-        conn.get("#{uri.path}?#{uri.query}")
-      end
-      
-      
-      raise CASException, res.body unless res.kind_of? Net::HTTPSuccess
-      
-      ProxyGrantingTicket.new(res.body.strip, pgt_iou)
+      pgt = @ticket_store.retrieve_pgt(pgt_iou)
+
+      raise CASException, "Couldn't find pgt for pgt_iou #{pgt_iou}" unless pgt
+
+      ProxyGrantingTicket.new(pgt, pgt_iou)
     end
     
     def add_service_to_login_url(service_url)
@@ -214,7 +207,7 @@ module CASClient
     private
     # Fetches a CAS response of the given type from the given URI.
     # Type should be either ValidationResponse or ProxyResponse.
-    def request_cas_response(uri, type)
+    def request_cas_response(uri, type, options={})
       log.debug "Requesting CAS response for URI #{uri}"
       
       uri = URI.parse(uri) unless uri.kind_of? URI
@@ -240,8 +233,8 @@ module CASClient
         log.error "CAS server responded with an error! (#{raw_res.inspect})"
         raise "The CAS authentication server at #{uri} responded with an error (#{raw_res.inspect})!"
       end
-      
-      type.new(raw_res.body)
+     
+      type.new(raw_res.body, @conf_options)
     end
     
     # Submits some data to the given URI and returns a Net::HTTPResponse.

data/lib/casclient/frameworks/rails/cas_proxy_callback_controller.rb

@@ -24,6 +24,11 @@ class CasProxyCallbackController < ActionController::Base
     render :text => "Okay, the server is up, but please specify a pgtIou and pgtId." and return unless pgtIou and pgtId
     
     # TODO: pstore contents should probably be encrypted...
+    
+    casclient = CASClient::Frameworks::Rails::Filter.client
+
+    casclient.ticket_store.save_pgt_iou(pgtIou, pgtId)
+
     pstore = open_pstore
     
     pstore.transaction do
@@ -33,37 +38,6 @@ class CasProxyCallbackController < ActionController::Base
     render :text => "PGT received. Thank you!" and return
   end
   
-  # Retreives a proxy granting ticket, sends it to output, and deletes the pgt from session storage.
-  # Note that this action should ALWAYS be called via https, otherwise you have a gaping security hole --
-  # in fact, the action will not work if the request is not made via SSL or is not local (we allow for local
-  # non-SSL requests since this allows for the use of reverse HTTPS proxies like Pound).
-  def retrieve_pgt
-    #render_error "You can only retrieve PGTs via HTTPS or local connections." and return unless
-    #  request.ssl? or request.env['REMOTE_HOST'] == "127.0.0.1"
-    
-    pgtIou = params['pgtIou']
-    
-    render_error "No pgtIou specified. Cannot retreive the pgtId." and return unless pgtIou
-  
-    pstore = open_pstore
-  
-    pgt = nil
-    pstore.transaction do
-      pgt = pstore[pgtIou]
-    end
-    
-    if not pgt
-      render_error "Invalid pgtIou specified. Perhaps this pgt has already been retrieved?" and return
-    end
-    
-    render :text => pgt
-    
-    # TODO: need to periodically clean the storage, otherwise it will just keep growing
-    pstore.transaction do
-      pstore.delete pgtIou
-    end
-  end
-  
   private
     def render_error(msg)
       # Note that the error messages are mostly just for debugging, since the CAS server never reads them.

data/lib/casclient/frameworks/rails/filter.rb

@@ -18,11 +18,10 @@ module CASClient
             if @@fake_user
               controller.session[client.username_session_key] = @@fake_user
               controller.session[:casfilteruser] = @@fake_user
-              controller.session[client.extra_attributes_session_key] = @@fake_extra_attributes
+              controller.session[client.extra_attributes_session_key] = @@fake_extra_attributes if @@fake_extra_attributes
               return true
             end
             
-            
             last_st = controller.session[:cas_last_valid_ticket]
             
             if single_sign_out(controller)
@@ -79,7 +78,7 @@ module CASClient
                   controller.session[:casfilteruser] = vr.user
                   
                   if config[:enable_single_sign_out]
-                    f = store_service_session_lookup(st, controller.request.session_options[:id] || controller.session.session_id)
+                    f = @@client.ticket_store.store_service_session_lookup(st, controller.request.session_options[:id] || controller.session.session_id)
                     log.debug("Wrote service session lookup file to #{f.inspect} with session id #{controller.request.session_options[:id] || controller.session.session_id.inspect}.")
                   end
                 end
@@ -219,17 +218,25 @@ module CASClient
           def logout(controller, service = nil)
             referer = service || controller.request.referer
             st = controller.session[:cas_last_valid_ticket]
-            delete_service_session_lookup(st) if st
+            @@client.ticket_store.delete_service_session_lookup(st) if st
             controller.send(:reset_session)
             controller.send(:redirect_to, client.logout_url(referer))
           end
           
           def unauthorized!(controller, vr = nil)
-            if controller.params[:format] == "xml"
+            format = controller.request.format.to_sym
+            format = (format == :js ? :json : format)
+            case format
+            when :xml, :json
               if vr
-                controller.send(:render, :xml => "<errors><error>#{vr.failure_message}</error></errors>", :status => 401)
+                case format
+                when :xml
+                  controller.send(:render, :xml => { :error => vr.failure_message }.to_xml(:root => 'errors'), :status => :unauthorized)
+                when :json
+                  controller.send(:render, :json => { :errors => { :error => vr.failure_message }}, :status => :unauthorized)
+                end
               else
-                controller.send(:head, 401)
+                controller.send(:head, :unauthorized)
               end
             else
               redirect_to_cas_for_authentication(controller)
@@ -302,7 +309,7 @@ module CASClient
 
 
               if current_sess_store == required_sess_store
-                session_id = read_service_session_lookup(si)
+                session_id = @@client.ticket_store.read_service_session_lookup(si)
 
                 if session_id
                   session = current_sess_store::Session.find_by_session_id(session_id)
@@ -362,46 +369,6 @@ module CASClient
             log.debug("Guessed service url: #{service_url.inspect}")
             return service_url
           end
-          
-          # Creates a file in tmp/sessions linking a SessionTicket
-          # with the local Rails session id. The file is named
-          # cas_sess.<session ticket> and its text contents is the corresponding 
-          # Rails session id.
-          # Returns the filename of the lookup file created.
-          def store_service_session_lookup(st, sid)
-            st = st.ticket if st.kind_of? ServiceTicket
-            f = File.new(filename_of_service_session_lookup(st), 'w')
-            f.write(sid)
-            f.close
-            return f.path
-          end
-          
-          # Returns the local Rails session ID corresponding to the given
-          # ServiceTicket. This is done by reading the contents of the
-          # cas_sess.<session ticket> file created in a prior call to 
-          # #store_service_session_lookup.
-          def read_service_session_lookup(st)
-            st = st.ticket if st.kind_of? ServiceTicket
-            ssl_filename = filename_of_service_session_lookup(st)
-            return File.exists?(ssl_filename) && IO.read(ssl_filename)
-          end
-          
-          # Removes a stored relationship between a ServiceTicket and a local
-          # Rails session id. This should be called when the session is being
-          # closed.
-          #
-          # See #store_service_session_lookup.
-          def delete_service_session_lookup(st)
-            st = st.ticket if st.kind_of? ServiceTicket
-            ssl_filename = filename_of_service_session_lookup(st)
-            File.delete(ssl_filename) if File.exists?(ssl_filename)
-          end
-          
-          # Returns the path and filename of the service session lookup file.
-          def filename_of_service_session_lookup(st)
-            st = st.ticket if st.kind_of? ServiceTicket
-            return "#{RAILS_ROOT}/tmp/sessions/cas_sess.#{st}"
-          end
         end
       end
     

data/lib/casclient/responses.rb

@@ -31,7 +31,8 @@ module CASClient
     
     attr_reader :protocol, :user, :pgt_iou, :proxies, :extra_attributes
     
-    def initialize(raw_text)
+    def initialize(raw_text, options={})
+      conf_options = options
       parse(raw_text)
     end
     
@@ -66,23 +67,22 @@ module CASClient
         end
         
         @extra_attributes = {}
-        @xml.elements.to_a('//cas:authenticationSuccess/*').each do |el|
+        @xml.elements.to_a('//cas:authenticationSuccess/cas:attributes/*').each do |el|
           # generating the hash requires prefixes to be defined, so add all of the namespaces
           el.namespaces.each {|k,v| el.add_namespace(k,v)}
-          @extra_attributes.merge!(Hash.from_xml(el.to_s)) unless ([cas_user, @xml.elements["cas:proxyGrantingTicket"], @xml.elements["cas:proxies"]].include?(el))
+          @extra_attributes.merge!(Hash.from_xml(el.to_s))
         end
         
         # unserialize extra attributes
         @extra_attributes.each do |k, v|
-          Rails.logger.debug "#{k.inspect} => #{v.inspect}"
           if v.blank?
             @extra_attributes[k] = nil
+          elsif v.kind_of?(String)
+            @extra_attributes[k] = v
+          elsif conf.has_key?('encode_extra_attributes_as') && conf_options[:encode_extra_attributes_as] == :json 
+            @extra_attributes[k] = JSON.parse(v)
           else
-            begin
-              @extra_attributes[k] = JSON.parse(v)
-            rescue JSON::ParserError => e
-              @extra_attributes[k] = v
-            end
+            @extra_attributes[k] = YAML.load(v)
           end
         end
       elsif is_failure?
@@ -92,9 +92,8 @@ module CASClient
         # this should never happen, since the response should already have been recognized as invalid
         raise BadResponseException, "BAD CAS RESPONSE:\n#{raw_text.inspect}\n\nXML DOC:\n#{doc.inspect}"
       end
-      
     end
-    
+
     def is_success?
       (instance_variable_defined?(:@valid) &&  @valid) || (protocol > 1.0 && xml.name == "authenticationSuccess")
     end
@@ -111,7 +110,7 @@ module CASClient
     
     attr_reader :proxy_ticket
     
-    def initialize(raw_text)
+    def initialize(raw_text, options={})
       parse(raw_text)
     end
     
@@ -149,7 +148,7 @@ module CASClient
     attr_reader :tgt, :ticket, :service_redirect_url
     attr_reader :failure_message
     
-    def initialize(http_response = nil)
+    def initialize(http_response = nil, options={})
       parse_http_response(http_response) if http_response
     end
     

data/lib/casclient/tickets/storage.rb

@@ -0,0 +1,131 @@
+module CASClient
+  module Tickets
+    module Storage
+      class AbstractTicketStore
+        def store_service_session_lookup(st, sid)
+          raise 'Implement this in a subclass!'
+        end
+
+        def read_servcie_session_lookup(st)
+          raise 'Implement this in a subclass!'
+        end
+
+        def delete_service_session_lookup(st)
+          raise 'Implement this in a subclass!'
+        end
+
+        def save_pgt_iou(pgt_iou, pgt)
+          raise 'Implement this in a subclass!'
+        end
+
+        def retrieve_pgt(pgt_iou)
+          raise 'Implement this in a subclass!'
+        end
+      end
+
+      # A Ticket Store that keeps it's tickets in a directory on the local filesystem.
+      # Service tickets are stored under tmp/sessions by default
+      # and Proxy Granting Tickets and their IOUs are stored in tmp/cas_pgt.pstore
+      # This Ticket Store works fine for small sites but will most likely have
+      # concurrency problems under heavy load. It also requires that all your
+      # worker processes have access to a shared file system.
+      #
+      # This ticket store takes the following config parameters
+      # :storage_dir - The directory to store data in. Defaults to RAILS_ROOT/tmp
+      # :service_session_lookup_dir - The directory to store Service Ticket/Session ID files in. Defaults to :storage_dir/sessions
+      # :pgt_store_path - The location to store the pgt PStore file. Defaults to :storage_dir/cas_pgt.pstore
+      class LocalDirTicketStore < AbstractTicketStore
+        require 'pstore'
+
+        def initialize(config={})
+          config ||= {}
+          @tmp_dir = config[:storage_dir] || "#{RAILS_ROOT}/tmp"
+          @service_session_lookup_dir = config[:service_session_lookup_dir] || "#{@tmp_dir}/sessions"
+          @pgt_store_path = config[:pgt_store_path] || "#{@tmp_dir}/cas_pgt.pstore"
+        end
+
+        # Creates a file in tmp/sessions linking a SessionTicket
+        # with the local Rails session id. The file is named
+        # cas_sess.<session ticket> and its text contents is the corresponding 
+        # Rails session id.
+        # Returns the filename of the lookup file created.
+        def store_service_session_lookup(st, sid)
+          raise CASException, "No service_ticket specified." unless st
+          raise CASException, "No session_id specified." unless sid
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          f = File.new(filename_of_service_session_lookup(st), 'w')
+          f.write(sid)
+          f.close
+          return f.path
+        end
+
+        # Returns the local Rails session ID corresponding to the given
+        # ServiceTicket. This is done by reading the contents of the
+        # cas_sess.<session ticket> file created in a prior call to 
+        # #store_service_session_lookup.
+        def read_service_session_lookup(st)
+          raise CASException, "No service_ticket specified." unless st
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          ssl_filename = filename_of_service_session_lookup(st)
+          return File.exists?(ssl_filename) && IO.read(ssl_filename)
+        end
+
+        # Removes a stored relationship between a ServiceTicket and a local
+        # Rails session id. This should be called when the session is being
+        # closed.
+        #
+        # See #store_service_session_lookup.
+        def delete_service_session_lookup(st)
+          raise CASException, "No service_ticket specified." unless st
+
+          st = st.ticket if st.kind_of? ServiceTicket
+          ssl_filename = filename_of_service_session_lookup(st)
+          File.delete(ssl_filename) if File.exists?(ssl_filename)
+        end
+
+        def save_pgt_iou(pgt_iou, pgt)
+          # TODO: pstore contents should probably be encrypted...
+          pstore = open_pstore
+
+          pstore.transaction do
+            pstore[pgt_iou] = pgt
+          end
+        end
+
+        def retrieve_pgt(pgt_iou)
+          raise CASException, "No pgt_iou specified. Cannot retrieve the pgt." unless pgt_iou
+
+          pstore = open_pstore
+
+          pgt = nil
+          pstore.transaction do
+            pgt = pstore[pgt_iou]
+          end
+
+          raise CASException, "Invalid pgt_iou specified. Perhaps this pgt has already been retrieved?" unless pgt
+
+          # TODO: need to periodically clean the storage, otherwise it will just keep growing
+          pstore.transaction do
+            pstore.delete pgt_iou
+          end
+
+          pgt
+        end
+
+        private
+
+        # Returns the path and filename of the service session lookup file.
+        def filename_of_service_session_lookup(st)
+          st = st.ticket if st.kind_of? ServiceTicket
+          return "#{@service_session_lookup_dir}/cas_sess.#{st}"
+        end
+
+        def open_pstore
+          PStore.new(@pgt_store_path)
+        end
+      end
+    end
+  end
+end

data/lib/casclient.rb

@@ -66,6 +66,7 @@ end
 require 'casclient/tickets'
 require 'casclient/responses'
 require 'casclient/client'
+require 'casclient/tickets/storage'
 
 # Detect legacy configuration and show appropriate error message
 module CAS

data/test/teststrap.rb

@@ -0,0 +1,7 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'casclient'
+require 'riot'
+require 'riot/rr'
+
+Riot.reporter = Riot::VerboseStoryReporter

data/test/units/casclient/frameworks/rails/filter_test.rb

@@ -0,0 +1,32 @@
+require 'teststrap'
+require 'casclient/frameworks/rails/filter'
+
+context CASClient::Frameworks::Rails::Filter do
+  helper(:controller_with_session) do |session|
+    controller = Object.new
+    stub(controller).session {session}
+    controller
+  end
+  setup do
+    CASClient::Frameworks::Rails::Filter.configure(
+      :cas_base_url => 'http://test.local/',
+      :logger => stub!
+    )
+  end
+  context "that has fake called with a username" do
+    setup { CASClient::Frameworks::Rails::Filter.fake('tester@test.com') }
+    should 'set the session user on #filter' do
+      setup { Hash.new }
+      CASClient::Frameworks::Rails::Filter.filter(controller_with_session(topic))
+      topic
+    end.equals :cas_user => 'tester@test.com', :casfilteruser => 'tester@test.com'
+  end
+  context "that has fake called with a username and attributes" do
+    setup { CASClient::Frameworks::Rails::Filter.fake('tester@test.com', {:test => 'stuff', :this => 'that'}) }
+    should 'set the session user and attributes on #filter' do
+      setup { Hash.new }
+      CASClient::Frameworks::Rails::Filter.filter(controller_with_session(topic))
+      topic
+    end.equals :cas_user => 'tester@test.com', :casfilteruser => 'tester@test.com', :cas_extra_attributes => {:test => 'stuff', :this => 'that' }
+  end
+end

data/vibes-rubycas-client.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{vibes-rubycas-client}
-  s.version = "2.3.0.alpha"
+  s.version = "2.3.0.alpha2"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["Matt Campbell", "Rahul Joshi", "Matt Zukowski", "Matt Walker"]
-  s.date = %q{2011-06-09}
+  s.date = %q{2011-06-11}
   s.description = %q{We've taken the rubycas-client and added some enterprisey features and improved compatibility with JASIG's CAS server}
   s.extra_rdoc_files = [
     "LICENSE.txt",
@@ -17,7 +17,6 @@ Gem::Specification.new do |s|
   ]
   s.files = [
     ".rvmrc",
-    ".source_index",
     "CHANGELOG.txt",
     "Gemfile",
     "Gemfile.lock",
@@ -57,13 +56,14 @@ Gem::Specification.new do |s|
     "examples/rails/script/server",
     "lib/casclient.rb",
     "lib/casclient/client.rb",
-    "lib/casclient/frameworks/merb/filter.rb",
-    "lib/casclient/frameworks/merb/strategy.rb",
     "lib/casclient/frameworks/rails/cas_proxy_callback_controller.rb",
     "lib/casclient/frameworks/rails/filter.rb",
     "lib/casclient/responses.rb",
     "lib/casclient/tickets.rb",
+    "lib/casclient/tickets/storage.rb",
     "lib/vibes-rubycas-client.rb",
+    "test/teststrap.rb",
+    "test/units/casclient/frameworks/rails/filter_test.rb",
     "vibes-rubycas-client.gemspec"
   ]
   s.homepage = %q{http://github.com/vibes/rubycas-client}
@@ -78,20 +78,23 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<activesupport>, ["~> 2.3.11"])
-      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<riot>, [">= 0"])
+      s.add_development_dependency(%q<rr>, [">= 0"])
       s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_development_dependency(%q<jeweler>, ["~> 1.6.2"])
       s.add_development_dependency(%q<rcov>, [">= 0"])
     else
       s.add_dependency(%q<activesupport>, ["~> 2.3.11"])
-      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<riot>, [">= 0"])
+      s.add_dependency(%q<rr>, [">= 0"])
       s.add_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_dependency(%q<jeweler>, ["~> 1.6.2"])
       s.add_dependency(%q<rcov>, [">= 0"])
     end
   else
     s.add_dependency(%q<activesupport>, ["~> 2.3.11"])
-    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<riot>, [">= 0"])
+    s.add_dependency(%q<rr>, [">= 0"])
     s.add_dependency(%q<bundler>, ["~> 1.0.0"])
     s.add_dependency(%q<jeweler>, ["~> 1.6.2"])
     s.add_dependency(%q<rcov>, [">= 0"])

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: vibes-rubycas-client
 version: !ruby/object:Gem::Version 
-  hash: -1851332218
+  hash: -3702664408
   prerelease: 6
   segments: 
   - 2
   - 3
   - 0
   - alpha
-  version: 2.3.0.alpha
+  - 2
+  version: 2.3.0.alpha2
 platform: ruby
 authors: 
 - Matt Campbell
@@ -19,7 +20,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-09 00:00:00 -05:00
+date: 2011-06-11 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -49,12 +50,26 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  name: shoulda
+  name: riot
   version_requirements: *id002
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  name: rr
+  version_requirements: *id003
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :development
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -66,11 +81,11 @@ dependencies:
         - 0
         version: 1.0.0
   name: bundler
-  version_requirements: *id003
+  version_requirements: *id004
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -82,11 +97,11 @@ dependencies:
         - 2
         version: 1.6.2
   name: jeweler
-  version_requirements: *id004
+  version_requirements: *id005
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -96,7 +111,7 @@ dependencies:
         - 0
         version: "0"
   name: rcov
-  version_requirements: *id005
+  version_requirements: *id006
   prerelease: false
 description: We've taken the rubycas-client and added some enterprisey features and improved compatibility with JASIG's CAS server
 email: 
@@ -109,7 +124,6 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .rvmrc
-- .source_index
 - CHANGELOG.txt
 - Gemfile
 - Gemfile.lock
@@ -149,13 +163,14 @@ files:
 - examples/rails/script/server
 - lib/casclient.rb
 - lib/casclient/client.rb
-- lib/casclient/frameworks/merb/filter.rb
-- lib/casclient/frameworks/merb/strategy.rb
 - lib/casclient/frameworks/rails/cas_proxy_callback_controller.rb
 - lib/casclient/frameworks/rails/filter.rb
 - lib/casclient/responses.rb
 - lib/casclient/tickets.rb
+- lib/casclient/tickets/storage.rb
 - lib/vibes-rubycas-client.rb
+- test/teststrap.rb
+- test/units/casclient/frameworks/rails/filter_test.rb
 - vibes-rubycas-client.gemspec
 has_rdoc: true
 homepage: http://github.com/vibes/rubycas-client

data/lib/casclient/frameworks/merb/filter.rb

@@ -1,105 +0,0 @@
-module CASClient
-  module Frameworks
-    module Merb
-      module Filter
-        attr_reader :client
-
-        def cas_filter
-          @client ||= CASClient::Client.new(config)
-
-          service_ticket = read_ticket(self)
-
-          cas_login_url = client.add_service_to_login_url(read_service_url(self))
-
-          last_service_ticket = session[:cas_last_valid_ticket]
-          if (service_ticket && last_service_ticket && 
-              last_service_ticket.ticket == service_ticket.ticket && 
-              last_service_ticket.service == service_ticket.service)
-
-            # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
-            # The only time when this is acceptable is if the user manually does a refresh and the ticket
-            # happens to be in the URL.
-            log.warn("Reusing previously validated ticket since the new ticket and service are the same.")
-            service_ticket = last_service_ticket
-          elsif last_service_ticket &&
-            !config[:authenticate_on_every_request] && 
-            session[client.username_session_key]
-            # Re-use the previous ticket if the user already has a local CAS session (i.e. if they were already
-            # previously authenticated for this service). This is to prevent redirection to the CAS server on every
-            # request.
-            # This behaviour can be disabled (so that every request is routed through the CAS server) by setting
-            # the :authenticate_on_every_request config option to false. 
-            log.debug "Existing local CAS session detected for #{session[client.username_session_key].inspect}. "+
-              "Previous ticket #{last_service_ticket.ticket.inspect} will be re-used."
-              service_ticket = last_service_ticket
-          end
-
-          if service_ticket
-            client.validate_service_ticket(service_ticket) unless service_ticket.has_been_validated?
-            validation_response = service_ticket.response
-
-            if service_ticket.is_valid?
-              log.info("Ticket #{service_ticket.inspect} for service #{service_ticket.service.inspect} " + 
-                "belonging to user #{validation_response.user.inspect} is VALID.")
-
-              session[client.username_session_key] = validation_response.user
-              session[client.extra_attributes_session_key] = validation_response.extra_attributes
-
-              # Store the ticket in the session to avoid re-validating the same service
-              # ticket with the CAS server.
-              session[:cas_last_valid_ticket] = service_ticket
-              return true
-            else  
-              log.warn("Ticket #{service_ticket.ticket.inspect} failed validation -- " + 
-                "#{validation_response.failure_code}: #{validation_response.failure_message}")
-              redirect cas_login_url
-              throw :halt
-            end
-          else
-            log.warn("No ticket -- redirecting to #{cas_login_url}")
-            redirect cas_login_url
-            throw :halt
-          end
-        end
-
-        private
-        # Copied from Rails adapter
-        def read_ticket(controller)
-          ticket = controller.params[:ticket]
-
-          return nil unless ticket
-
-          log.debug("Request contains ticket #{ticket.inspect}.")
-
-          if ticket =~ /^PT-/
-            ProxyTicket.new(ticket, read_service_url(controller), controller.params[:renew])
-          else
-            ServiceTicket.new(ticket, read_service_url(controller), controller.params[:renew])
-          end
-        end
-
-        # Also copied from Rails adapter
-        def read_service_url(controller)
-          if config[:service_url]
-            log.debug("Using explicitly set service url: #{config[:service_url]}")
-            return config[:service_url]
-          end
-
-          params = controller.params.dup
-          params.delete(:ticket)
-          service_url = request.protocol + '://' + request.host / controller.url(params.to_hash.symbolize_keys!)
-          log.debug("Guessed service url: #{service_url.inspect}")
-          return service_url
-        end
-
-        def log
-          ::Merb.logger
-        end
-
-        def config
-          ::Merb::Plugins.config[:"rubycas-client"]
-        end
-      end
-    end
-  end
-end

data/lib/casclient/frameworks/merb/strategy.rb

@@ -1,110 +0,0 @@
-# The 'cas' strategy attempts to login users based on the CAS protocol 
-# http://www.ja-sig.org/products/cas/overview/background/index.html
-# 
-# install the rubycas-client gem
-# http://rubyforge.org/projects/rubycas-client/
-#
-require 'casclient'
-class Merb::Authentication
-  module Strategies
-    class CAS < Merb::Authentication::Strategy
-
-      include CASClient
-
-      def run!
-        @client ||= Client.new(config)
-
-        service_ticket = read_ticket
-
-        cas_login_url = @client.add_service_to_login_url(service_url)
-
-        last_service_ticket = session[:cas_last_valid_ticket]
-        if (service_ticket && last_service_ticket && 
-            last_service_ticket.ticket == service_ticket.ticket && 
-            last_service_ticket.service == service_ticket.service)
-
-          # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
-          # The only time when this is acceptable is if the user manually does a refresh and the ticket
-          # happens to be in the URL.
-          log.warn("Reusing previously validated ticket since the new ticket and service are the same.")
-          service_ticket = last_service_ticket
-        elsif last_service_ticket &&
-          !config[:authenticate_on_every_request] && 
-          session[@client.username_session_key]
-          # Re-use the previous ticket if the user already has a local CAS session (i.e. if they were already
-          # previously authenticated for this service). This is to prevent redirection to the CAS server on every
-          # request.
-          # This behaviour can be disabled (so that every request is routed through the CAS server) by setting
-          # the :authenticate_on_every_request config option to false. 
-          log.debug "Existing local CAS session detected for #{session[@client.username_session_key].inspect}. "+
-                  "Previous ticket #{last_service_ticket.ticket.inspect} will be re-used."
-                  service_ticket = last_service_ticket
-        end
-
-        if service_ticket
-          @client.validate_service_ticket(service_ticket) unless service_ticket.has_been_validated?
-          validation_response = service_ticket.response
-
-          if service_ticket.is_valid?
-            log.info("Ticket #{service_ticket.inspect} for service #{service_ticket.service.inspect} " + 
-                    "belonging to user #{validation_response.user.inspect} is VALID.")
-
-            session[@client.username_session_key] = validation_response.user
-            session[@client.extra_attributes_session_key] = validation_response.extra_attributes
-
-            # Store the ticket in the session to avoid re-validating the same service
-            # ticket with the CAS server.
-            session[:cas_last_valid_ticket] = service_ticket
-            return true
-          else  
-            log.warn("Ticket #{service_ticket.ticket.inspect} failed validation -- " + 
-                    "#{validation_response.failure_code}: #{validation_response.failure_message}")
-            redirect!(cas_login_url)
-            return false
-          end
-        else
-          log.warn("No ticket -- redirecting to #{cas_login_url}")
-          redirect!(cas_login_url)
-          return false
-        end
-      end
-
-      def read_ticket
-        ticket = request.params[:ticket]
-
-        return nil unless ticket
-
-        log.debug("Request contains ticket #{ticket.inspect}.")
-
-        if ticket =~ /^PT-/
-          ProxyTicket.new(ticket, service_url, request.params[:renew])
-        else
-          ServiceTicket.new(ticket, service_url, request.params[:renew])
-        end
-      end
-
-      def service_url
-        if config[:service_url]
-          log.debug("Using explicitly set service url: #{config[:service_url]}")
-          return config[:service_url]
-        end
-
-        params = request.params.dup
-        params.delete(:ticket)
-        service_url = "#{request.protocol}://#{request.host}" + request.path
-        log.debug("Guessed service url: #{service_url.inspect}")
-        return service_url
-      end
-
-      def config
-        ::Merb::Plugins.config[:"rubycas-client"]
-      end
-
-      def log
-        ::Merb.logger
-      end
-
-    end # CAS
-  end # Strategies
-end
-