@@ -1,3 +1,5 @@ +* Added logger + === 0.0.2 / 2009-01-07 * 1 major enhancement History.txt @@ -12,8 +12,10 @@ Casablanca is a single sign-on client for the CAS 2.0 protocol. == TODO: -* Add logging * Add extra attributes returned from the server +* /login + - add gateway + - make service optional * Implement gateway and proxy * Check for single signout * Check for endless redirects README.rdoc @@ -9,8 +9,8 @@ Hoe.new('casablanca', Casablanca::VERSION) do |p| p.remote_rdoc_dir = '' # Release to root end -# require 'metric_fu' -# -# MetricFu::Configuration.run do |config| -# config.coverage = { :test_files => ['test/**/test_*.rb'] } -# end \ No newline at end of file +require 'metric_fu' + +MetricFu::Configuration.run do |config| + config.coverage = { :test_files => ['test/**/test_*.rb'] } +end \ No newline at end of file Rakefile @@ -3,7 +3,8 @@ irb = RUBY_PLATFORM =~ /mswin32/ ? 'irb.bat' : 'irb' options = { :sandbox => false, :irb => irb } libs = " -r irb/completion" -libs << " -r #{File.dirname(__FILE__)}/../lib/casablanca.rb" -libs << " -r #{File.dirname(__FILE__)}/../lib/casablanca/cli.rb" +libs << " -r #{File.expand_path(File.dirname(__FILE__))}/../lib/casablanca.rb" +libs << " -r #{File.expand_path(File.dirname(__FILE__))}/../lib/casablanca/client.rb" +libs << " -r #{File.expand_path(File.dirname(__FILE__))}/../lib/casablanca/cli.rb" exec "#{options[:irb]} #{libs} --simple-prompt" \ No newline at end of file bin/casablanca @@ -1,5 +1,5 @@ module Casablanca - VERSION = '0.0.2' + VERSION = '0.0.3' end require 'casablanca/client' require 'casablanca/response_parsers' \ No newline at end of file lib/casablanca.rb @@ -6,8 +6,19 @@ CASABLANCA CLIENT CONSOLE (#{Casablanca::VERSION}) Use C for a configured client (#{config.inspect}) Example: -t = C.get_service_ticket('admin', 'admin') -C.authenticate_ticket(t) + t = C.login('admin', 'admin') + C.authenticate_ticket(t) + + # use gateway to login to another service with + # the current session + C.service_url = "http://example.com/application" + t = C.gateway + C.authenticate_ticket(t) + + t = C.renew_service_ticket + C.authenticate_ticket(t) + + C.logout The configuration can be changed: C.cas_server_url = "http://example.com/cas_server" @@ -15,6 +26,7 @@ C.service_url = "http://example.com/application" ) -C = @client = Casablanca::CommandLineClient.new(config) +C = Casablanca::CommandLineClient.new(config) +C.logger.level = Logger::DEBUG puts INFO \ No newline at end of file lib/casablanca/cli.rb @@ -2,11 +2,12 @@ require 'uri' require 'cgi' require 'net/https' require 'rexml/document' +require 'logger' module Casablanca class Client - attr_accessor :cas_server_url, :service_url + attr_accessor :cas_server_url, :service_url, :logger def initialize(config) raise ":cas_server_url is required" unless config[:cas_server_url] @@ -18,14 +19,21 @@ module Casablanca # Validates a Ticket to the validation url of the CAS Server # and checks if the ticket is authenticated def authenticate_ticket(ticket) - response = request_validation(ticket) - ticket.authenticate(response) + request_validation(ticket) + ticket.authenticate + end + + def gateway + uri = URI.parse(login_url) + uri.merge_query(:gateway => 'true') + response = get(uri) + get_service_ticket(response) end ## # The login url of the Cas server. This page has the login form. def login_url - url = "#{@cas_server_url}/login?service=#{@service_url}" + "#{@cas_server_url}/login?service=#{@service_url}" end ## @@ -40,6 +48,14 @@ module Casablanca "#{@cas_server_url}/proxyValidate" end + def logger + unless @logger + @logger = ::Logger.new($stderr) + @logger.level = Logger::WARN + end + @logger + end + private def request_validation(ticket) @@ -47,49 +63,77 @@ module Casablanca uri = URI.parse(validate_url) uri.merge_query(ticket.to_request_params) response = get(uri) - puts "#{@cas_server_url} #{response.inspect}:\n#{response.body}" unless response.kind_of?(Net::HTTPSuccess) raise ResponseError, "#{response.code}, #{response.body}" end - response.body + ticket.body = response.body end def get(uri) https(uri) do |h| - h.get("#{uri.path}?#{uri.query}") - end + h.get("#{uri.path}?#{uri.query}", headers) + end end def https(uri) https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') begin - https.start do |h| + response = https.start do |h| yield(h) end rescue Errno::ECONNREFUSED => error raise CasServerException end + logger.debug(response_log(response)) + response + end + + def headers + {'cookie' => @ticket_granting_ticket || ''} + end + + def response_log(response) + msg = "################\n" + msg << " #{@cas_server_url} #{response.inspect}:\n" + msg << " body: #{response.body}\n" + msg << " headers:\n" + response.each_key do |k| + msg << " - #{k}: #{response[k]}\n" + end + msg end end class CommandLineClient < Client - + attr_reader :ticket_granting_ticket ## # Logs in to the CAS server and returns the response def login(username, password) - post(URI.parse(login_url), {:username => username, :password => password, :service => service_url}) + @ticket_granting_ticket = nil + response = post(URI.parse(login_url), {:username => username, :password => password, :service => service_url}) + set_ticket_granting_ticket(response) + get_service_ticket(response) end - - ## - # Logs in to the CAS server and returns the service ticket from the response - def get_service_ticket(username, password) - location = login(username, password)['location'] - query = {} - URI.parse(location).query.collect{|q| k,v = q.split('='); query[k] = v } - Ticket.new(query['ticket'], @service_url) + + def renew_service_ticket + get_service_ticket(get(URI.parse(login_url))) end + + def renew + uri = URI.parse(login_url) + uri.merge_query(:renew => 'true') + response = get(uri) + get_service_ticket(response) + end + + def logout(follow_url=nil) + @ticket_granting_ticket = nil + uri = URI.parse(logout_url) + uri.merge_query(:url => follow_url) if follow_url + get(uri) + end private @@ -99,23 +143,34 @@ module Casablanca https(uri) do |h| h.request(req) end - end + end + + def get_service_ticket(response) + if (location = response['location']) + query = {} + URI.parse(location).query.collect{|q| k,v = q.split('='); query[k] = v } + Ticket.new(query['ticket'], @service_url) + end + end + + def set_ticket_granting_ticket(response) + @ticket_granting_ticket = (response['set-cookie'] || '').split(/;/)[0] # tgt=TGC-1232569033r763536CC6753E6F357 + end end class Ticket attr_accessor :user, :failure_code, :failure_message attr_reader :service_url, :ticket - - def initialize(ticket, service_url, renew = false) + attr_writer :body + def initialize(ticket, service_url) @service_url = service_url @ticket = ticket - @renew = renew end ## # Create a Ticket from a Hash. Useful for unserializing def self.from_hash(hash) - ticket = Ticket.new(hash[:ticket], hash[:service_url], hash[:renew]) + ticket = Ticket.new(hash[:ticket], hash[:service_url]) ticket.user = hash[:user] ticket end @@ -125,7 +180,6 @@ module Casablanca def to_hash props = {} props[:user] = @user if authenticated? - props[:renew] = @renew if @renew props[:service_url] = @service_url props[:ticket] = @ticket props @@ -134,9 +188,9 @@ module Casablanca ## # Convert the ticket to a Hash for a request def to_request_params - params = {:service => @service_url, - :ticket => @ticket } - params[:renew] = 1 if @renew + params = {} + params[:service] = @service_url + params[:ticket] = @ticket if @ticket params end @@ -144,8 +198,8 @@ module Casablanca !!@user end - def authenticate(body) - response = CasResponseParser.parse(self, body) + def authenticate + response = CasResponseParser.parse(self, @body) authenticated? end end lib/casablanca/client.rb @@ -1,16 +1,7 @@ module Casablanca class RailsFilter - @@client = nil class << self - - def client=client - @@client = client - end - - def client - @@client - end ## # Configure the client @@ -22,21 +13,31 @@ module Casablanca def config config = {} yield config - @@client = Client.new(config) + @cas_server_url = config[:cas_server_url] + @service_url = config[:service_url] + # set logger to rails logger + @logger = ::ActionController::Base.logger end def filter(controller) - return true if previous_ticket(controller) && !controller.params[:renew] - ticket = Ticket.new(controller.params[:ticket], @@client.service_url, controller.params[:renew]) - if @@client.authenticate_ticket(ticket) - puts "Ticket authenticated" + client = Client.new(:cas_server_url => @cas_server_url, :service_url => @service_url) + client.logger = @logger + + #if gatewaying? + # client.ticket_granting_ticket = controller.params[:ticket_granting_ticket] + # ticket = client.gateway + # client.authenticate_ticket(ticket) + # return true if client.gateway + return true if previous_ticket(controller) && !controller.params[:renew] + ticket = Ticket.new(controller.params[:ticket], client.service_url) + if client.authenticate_ticket(ticket) + @logger.debug "Ticket authenticated" controller.session[:cas_user] = ticket.user - controller.session[:cas_ticket] = ticket.to_hash + controller.session[:cas_ticket_granting_ticket] = client.ticket_granting_ticket return true - else - puts "Ticket authentication failed: #{ticket.failure_message}" - controller.session[:cas_user] = nil - controller.session[:cas_ticket] = nil + else + @logger.warn "#{logger.inspect} Ticket authentication failed: #{ticket.failure_message}" + logout(controller) controller.send(:redirect_to, login_url) return false end @@ -49,10 +50,16 @@ module Casablanca end ## - # Logs out of the Cas server. + # The logout url of the Cas server. + def logout_url + @@client.logout_url + end + + ## + # Logs out of the Cas server. def logout(controller) - controller.send(:reset_session) - controller.send(:redirect_to, @@client.logout_url) + controller.session[:cas_user] = nil + controller.session[:cas_ticket_granting_ticket] = nil end private lib/casablanca/filters/rails.rb @@ -18,7 +18,7 @@ class TestClient < Test::Unit::TestCase def test_authenticate_ticket service_ticket = get_service_ticket @client = Client.new(:cas_server_url => "http://localhost:4567", :service_url => "http://localhost:3000") - mock_authenticate_ticket(VALID_REQUEST) + mock_authenticate_ticket(VALID_REQUEST) @client.authenticate_ticket(service_ticket) assert_equal 'admin', service_ticket.user end @@ -26,7 +26,7 @@ class TestClient < Test::Unit::TestCase def test_validate_expired_ticket mock_authenticate_ticket(INVALID_TICKET) ticket = 'ST-1231341579r871C5757B79767C21E' - service_ticket = Ticket.new(ticket, 'http://localhost:3000', true) + service_ticket = Ticket.new(ticket, 'http://localhost:3000') @client.authenticate_ticket(service_ticket) assert_equal 'INVALID_TICKET', service_ticket.failure_code #assert_equal "Ticket 'ST-1231341579r871C5757B79767C21E' has already been used up.", ticket.failure_message @@ -35,7 +35,7 @@ class TestClient < Test::Unit::TestCase def test_validate_invalid_ticket mock_authenticate_ticket(INVALID_TICKET) ticket = 'ST-1231242314r72465638160B31E8D1' - service_ticket = Ticket.new(ticket, 'http://localhost:3000', true) + service_ticket = Ticket.new(ticket, 'http://localhost:3000') @client.authenticate_ticket(service_ticket) assert_equal 'INVALID_TICKET', service_ticket.failure_code assert_equal "Ticket ST-1231242314r72465638160B31E8D1 not recognized.", service_ticket.failure_message @@ -69,16 +69,40 @@ class TestCommandLineClient < Test::Unit::TestCase def test_login mock_get_service_ticket - res = @client.login('admin', 'admin') - assert_equal '', res.body - assert_equal '303', res.code - assert_equal 0, res['location'] =~ /^http:\/\/localhost:3000\?ticket=ST-/ - assert_equal 61, res['location'].size + service_ticket = @client.login('admin', 'admin') + #assert_equal '', res.body + #assert_equal '303', res.code + #assert_equal 0, res['location'] =~ /^http:\/\/localhost:3000\?ticket=ST-/ + assert_equal 32, service_ticket.ticket.size + assert_equal 37, @client.ticket_granting_ticket.size end + def test_logout + mock_get_service_ticket + service_ticket = @client.login('admin', 'admin') + assert_equal 37, @client.ticket_granting_ticket.size + # if MOCK_REQUESTS + # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E')) + # end + service_ticket = @client.logout + assert_equal nil, @client.ticket_granting_ticket + end + + def test_logout_with_follow_url + mock_get_service_ticket + service_ticket = @client.login('admin', 'admin') + assert_equal 37, @client.ticket_granting_ticket.size + # if MOCK_REQUESTS + # @client.expects(:get).returns(MockResponse.new(body, '200', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E')) + # end + service_ticket = @client.logout('follow_url') + assert_equal nil, @client.ticket_granting_ticket + # TODO check for follow_url + end + def test_get_service_ticket mock_get_service_ticket - ticket = @client.get_service_ticket('admin', 'admin') + ticket = @client.login('admin', 'admin') assert_equal 0, ticket.ticket =~ /^ST-/ assert_equal 32, ticket.ticket.size end test/test_client.rb @@ -18,16 +18,16 @@ class Test::Unit::TestCase def mock_get_service_ticket if MOCK_REQUESTS - @client.expects(:post).returns(MockResponse.new('', '303', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E')) + @client.expects(:post).returns(MockResponse.new('', '303', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E', :'set-cookie' => 'tgt=TGC-1232569033r763536CC6753E6F357')) end end def get_service_ticket cli = CommandLineClient.new(:cas_server_url => "http://localhost:4567", :service_url => "http://localhost:3000") if MOCK_REQUESTS - cli.expects(:post).returns(MockResponse.new('', '303', :location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E')) + cli.expects(:post).returns(MockResponse.new('', '303', {:location => 'http://localhost:3000?ticket=ST-1231341579r871C5757B79767C21E', :'set-cookie' => 'tgt=TGC-1232569033r763536CC6753E6F357'})) end - cli.get_service_ticket('admin', 'admin') + cli.login('admin', 'admin') end end test/test_helper.rb @@ -1,5 +1,5 @@ require File.join(File.dirname(__FILE__), 'test_helper.rb') -require 'action_pack' +#require 'action_pack' class TestRailsFilter < Test::Unit::TestCase def setup @client = Client.new(:cas_server_url => "http://localhost:4567", :service_url => "http://localhost:3000") @@ -10,8 +10,18 @@ class TestRailsFilter < Test::Unit::TestCase def test_login_url assert_equal 'http://localhost:4567/login?service=http://localhost:3000', RailsFilter.login_url + end + + def test_logout_url + assert_equal 'http://localhost:4567/logout', RailsFilter.logout_url end + def test_logout + @controller.session = { :cas_ticket => 'ticket', :cas_user => 'admin' } + RailsFilter.logout(@controller) + assert_equal({:cas_user=>nil, :cas_ticket=>nil}, @controller.session) + end + def test_config Casablanca::RailsFilter.config do |config| config[:cas_server_url] = "http://example.com/cas_server" @@ -20,17 +30,6 @@ class TestRailsFilter < Test::Unit::TestCase assert_equal "http://example.com/cas_server", RailsFilter.client.cas_server_url assert_equal "http://example.com/application", RailsFilter.client.service_url end - # def test_filter_requires_config - # RailsFilter.config = nil - # assert_raises(RuntimeError) do - # RailsFilter.filter(Controller.new) - # end - # end - - def test_logout - RailsFilter.logout(@controller) - assert_equal({}, @controller.session) - end def test_filter_invalid_attempt mock_authenticate_ticket(INVALID_TICKET) @@ -70,6 +69,16 @@ class TestRailsFilter < Test::Unit::TestCase end +module ActionController + module Base + def self.logger + @logger = ::Logger.new($stderr) + @logger.level = ::Logger::ERROR + @logger + end + end +end + class Controller # < ActionController::Base attr_accessor :params, :session def initialize test/test_rails_filter.rb @@ -23,7 +23,6 @@ class TestTicket < Test::Unit::TestCase def test_from_hash props = {:ticket => 'ticket', :service_url => "http://localhost:3000", - :renew => 1, :user => 'admin' } ticket = Ticket.from_hash(props) assert_equal props, ticket.to_hash @@ -36,34 +35,31 @@ class TestTicket < Test::Unit::TestCase assert_equal(expected, ticket.to_request_params) end - def test_to_request_params_with_renew - ticket = Ticket.new('ticket', 'http://localhost:3000', true) - expected = {:ticket => 'ticket', - :service => "http://localhost:3000", - :renew => 1 } - assert_equal(expected, ticket.to_request_params) - end - def test_authenticate_valid_ticket - @ticket.authenticate(VALID_REQUEST) + @ticket.body = VALID_REQUEST + @ticket.authenticate assert_equal 'admin', @ticket.user end def test_authenticate_invalid_request_resets_ticket_to_unauthenticated - @ticket.authenticate(VALID_REQUEST) + @ticket.body = VALID_REQUEST + @ticket.authenticate assert_equal true, @ticket.authenticated? - @ticket.authenticate(INVALID_REQUEST) + @ticket.body = INVALID_REQUEST + @ticket.authenticate assert_equal false, @ticket.authenticated? end def test_authenticate_invalid_request - @ticket.authenticate(INVALID_REQUEST) + @ticket.body = INVALID_REQUEST + @ticket.authenticate assert_equal 'INVALID_REQUEST', @ticket.failure_code assert_equal 'Ticket or service parameter was missing in the request.', @ticket.failure_message end def test_authenticate_invalid_ticket - @ticket.authenticate(INVALID_TICKET) + @ticket.body = INVALID_TICKET + @ticket.authenticate assert_equal 'INVALID_TICKET', @ticket.failure_code assert_equal 'Ticket ST-1231242314r72465638160B31E8D1 not recognized.', @ticket.failure_message end test/test_ticket.rb 33eae876d1f3fe15d100221574f5b163a7ecf9d4 Petrik petrik@deheus.net http://github.com/p8/casablanca/commit/c440a7eb0e423b0cd44ba4b7f80ba41d30aacd9c c440a7eb0e423b0cd44ba4b7f80ba41d30aacd9c 2009-01-22T11:52:29-08:00 2009-01-22T11:52:29-08:00 Added logger. Changing rails client. Started implementing gatewaying 1a8be9aca65383ae35009fea00cc055d050a6f15 Petrik petrik@deheus.net