@@ -1,3 +1,9 @@ +=== 0.1.0 / 2009-02-18 + +* 1 major enhancement + + * Implemented gatewaying for rails filter + === 0.0.2 / 2009-01-07 * 1 major enhancement History.txt @@ -2,18 +2,18 @@ History.txt Manifest.txt README.txt Rakefile -init.rb bin/casablanca +init.rb lib/casablanca.rb lib/casablanca/cli.rb lib/casablanca/client.rb -lib/casablanca/rails/filter.rb lib/casablanca/rails/cas_proxy_callback_controller.rb +lib/casablanca/rails/filter.rb lib/casablanca/response_parsers.rb test/mocks.rb test/test_client.rb test/test_helper.rb test/test_parser.rb -test/test_rails_filter.rb test/test_rails_cas_proxy_callback_controller.rb -test/test_ticket.rb \ No newline at end of file +test/test_rails_filter.rb +test/test_ticket.rb Manifest.txt @@ -39,7 +39,7 @@ In IRB: In a Rails project: - environment.rb: - Casablanca::RailsFilter.config do |config| + Casablanca::Rails::Config.config do |config| config[:cas_server_url] = "http://localhost:4567" # Always require new credentials for authentication config[:renew] = true @@ -47,7 +47,7 @@ In a Rails project: - Add the following to application.rb: - before_filter Casablanca::RailsFilter + before_filter Casablanca::Rails::Filter def current_person @current_person ||= login_from_cas unless @current_person == false @@ -63,7 +63,7 @@ In a Rails project: - Add the following to you logout action - Casablanca::RailsFilter.logout(self) + Casablanca::Rails::Filter.logout(self) == REQUIREMENTS: README.txt @@ -1,5 +1,5 @@ module Casablanca - VERSION = '0.0.3.1' + VERSION = '0.1.0' end require 'casablanca/client' require 'casablanca/response_parsers' \ No newline at end of file lib/casablanca.rb @@ -1,13 +1,13 @@ -module Casablanca - - class RailsConfig +module Casablanca::Rails + + class Config class << self ## # Configure the client # - # Casablanca::RailsConfig.config do |config| + # Casablanca::Rails::Config.config do |config| # config[:cas_server_url] = "http://localhost:4567" # # Always require new credentials for authentication # config[:renew] = true @@ -18,7 +18,7 @@ module Casablanca @cas_server_url = config[:cas_server_url] @renew = config[:renew] # always renew the session # set logger to rails logger - Client.logger = ::ActionController::Base.logger + Casablanca::Client.logger = ::ActionController::Base.logger end def renew @@ -32,7 +32,7 @@ module Casablanca end end - class RailsFilter + class Filter class << self @@ -40,49 +40,27 @@ module Casablanca # Require a authenticated user to the CAS server otherwise redirect to # the CAS server login url. # Set session[:cas_user] to the authenticated CAS user if authenticated - def filter(controller) + def filter(controller) if authentication_required?(controller) - # TODO this should be in RailsGatewayFilter - if controller.session[:cas_gatewayed] - logger.debug "Allow user without credentials because gateway is set" - return true - end - if renew? - logger.debug "Always require credentials for authentication" - else - logger.debug "#{controller.session}" - logger.debug "Not authenticated yet. Ticket parameter required" - end - redirect_to_cas_login(controller, renew?) - return false - end - client = Client.new(:cas_server_url => RailsConfig.cas_server_url, :service_url => service_url(controller)) - ticket = Ticket.new(controller.params[:ticket], client.service_url, controller.session[:cas_renew]) - if client.authenticate_ticket(ticket) - logger.debug "Ticket authenticated" - controller.session[:cas_user] = ticket.user - controller.session[:cas_renew] = nil + return get_credentials(controller) + elsif controller.params[:ticket] + return authenticate_ticket(controller) + else return true - else - logger.debug "Ticket authentication failed: #{ticket.failure_message}" - logout(controller) - logger.debug "Renew login credentials" - redirect_to_cas_login(controller, renew?) - return false end end ## # The login url of the Cas server. This page has the login form. def login_url(controller, params={}) - client = Client.new(:cas_server_url => RailsConfig.cas_server_url, :service_url => service_url(controller)) + client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller)) client.login_url(params) end ## # The logout url of the Cas server. def logout_url(controller, params={}) - client = Client.new(:cas_server_url => RailsConfig.cas_server_url, :service_url => service_url(controller)) + client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller)) client.logout_url(params) end @@ -93,17 +71,17 @@ module Casablanca end def logger - Client.logger + Casablanca::Client.logger end # Always require new credentials for authentication? def renew? - RailsConfig.renew + Config.renew end # Has the user already talked to the Cas server? def authentication_required?(controller) - !controller.session[:cas_user] && !controller.params[:ticket] + (controller.session[:cas_user].nil? || renew?) && controller.params[:ticket].nil? end def redirect_to_cas_login(controller, renew) @@ -111,6 +89,33 @@ module Casablanca controller.send(:redirect_to, login_url(controller, :renew => renew)) end + def get_credentials(controller) + if renew? + logger.debug "Always require credentials for authentication" + else + logger.debug "Not authenticated yet. Ticket parameter required" + end + redirect_to_cas_login(controller, renew?) + return false + end + + def authenticate_ticket(controller) + client = Casablanca::Client.new(:cas_server_url => Config.cas_server_url, :service_url => service_url(controller)) + ticket = Casablanca::Ticket.new(controller.params[:ticket], client.service_url, controller.session[:cas_renew]) + if client.authenticate_ticket(ticket) + logger.debug "Ticket authenticated" + controller.session[:cas_user] = ticket.user + controller.session[:cas_renew] = nil + return true + else + logger.debug "Ticket authentication failed: #{ticket.failure_message}" + logout(controller) + logger.debug "Renew login credentials" + redirect_to_cas_login(controller, renew?) + return false + end + end + private def service_url(controller) @@ -123,7 +128,7 @@ module Casablanca end - class RailsGatewayFilter < RailsFilter + class GatewayFilter < Filter class << self @@ -131,6 +136,14 @@ module Casablanca # def authentication_required?(controller) # super(controller) # end + + def get_credentials(controller) + if controller.session[:cas_gatewayed] + logger.debug "Allow user without credentials because gateway is set" + return true + end + return super(controller) + end def redirect_to_cas_login(controller, renew) controller.session[:cas_gatewayed] = true lib/casablanca/rails/filter.rb @@ -9,8 +9,8 @@ require(File.expand_path(File.join(File.dirname(__FILE__), 'mocks.rb'))) require(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib', 'casablanca', 'rails', 'cas_proxy_callback_controller.rb'))) # set to false if you're integration testing against a real server -MOCK_REQUESTS = true -LOGGER_LEVEL = Logger::DEBUG +MOCK_REQUESTS = true unless defined? MOCK_REQUESTS +LOGGER_LEVEL = Logger::WARN unless defined? LOGGER_LEVEL class Test::Unit::TestCase include Casablanca @@ -36,6 +36,7 @@ class Test::Unit::TestCase end end +unless defined? VALID_REQUEST VALID_REQUEST = %( <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> @@ -58,4 +59,5 @@ INVALID_TICKET = %( Ticket ST-1231242314r72465638160B31E8D1 not recognized. </cas:authenticationFailure> </cas:serviceResponse> -) \ No newline at end of file +) +end \ No newline at end of file test/test_helper.rb @@ -8,19 +8,20 @@ class TestRailsConfig < Test::Unit::TestCase end def test_config - Casablanca::RailsConfig.config do |config| + Rails::Config.config do |config| config[:cas_server_url] = "http://example.com/cas_server" config[:renew] = true end - assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', RailsFilter.login_url(@controller) - assert_equal true, RailsFilter.renew? + assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller) + assert_equal true, Rails::Filter.renew? end end class TestRailsFilter < Test::Unit::TestCase + include Casablanca::Rails def setup - Casablanca::RailsConfig.config do |config| + Config.config do |config| config[:cas_server_url] = "http://localhost:4567" end @controller = Controller.new @@ -28,22 +29,22 @@ class TestRailsFilter < Test::Unit::TestCase end def test_login_url - assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', RailsFilter.login_url(@controller) + assert_equal 'http://localhost:4567/login?service=http%3A%2F%2Flocalhost%3A3000', Filter.login_url(@controller) end def test_login_url_with_params - url = RailsFilter.login_url(@controller, :renew => true) + url = Filter.login_url(@controller, :renew => true) assert_equal true, (url =~ /service\=http%3A%2F%2Flocalhost%3A3000/) > 0 assert_equal true, (url =~ /renew\=true/) > 0 end def test_logout_url - assert_equal 'http://localhost:4567/logout?', RailsFilter.logout_url(@controller) + assert_equal 'http://localhost:4567/logout?', Filter.logout_url(@controller) end def test_logout @controller.session = { :cas_user => 'admin' } - RailsFilter.logout(@controller) + Filter.logout(@controller) assert_equal({:cas_user=>nil }, @controller.session) end @@ -52,7 +53,7 @@ class TestRailsFilter < Test::Unit::TestCase params = {:ticket => 'service_ticket.ticket'} mock_authenticate_ticket(INVALID_REQUEST) @controller.params = params - assert_equal false, RailsFilter.filter(@controller) + assert_equal false, Filter.filter(@controller) end def test_filter_authenticated_with_valid_ticket_from_request @@ -60,31 +61,41 @@ class TestRailsFilter < Test::Unit::TestCase params = {:ticket => service_ticket.ticket} mock_authenticate_ticket(VALID_REQUEST) @controller.params = params - assert_equal true, RailsFilter.filter(@controller) + assert_equal true, Filter.filter(@controller) assert_equal 'admin', @controller.session[:cas_user] end def test_filter_already_authenticated_with_valid_ticket_from_session service_ticket = get_service_ticket @controller.session = {:cas_user => 'admin'} - mock_authenticate_ticket(VALID_REQUEST) - assert_equal true, RailsFilter.filter(@controller) + assert_equal true, Filter.filter(@controller) assert_equal 'admin', @controller.session[:cas_user] end + + def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required + Config.config do |config| + config[:cas_server_url] = "http://localhost:4567" + config[:renew] = true + end + service_ticket = get_service_ticket + @controller.session = {:cas_user => 'admin'} + assert_equal false, Filter.filter(@controller) + assert_equal 'admin', @controller.session[:cas_user] + end def test_filter_not_authenticated - assert_equal false, RailsFilter.filter(@controller) + assert_equal false, Filter.filter(@controller) end def test_filter_not_authenticated - assert_equal false, RailsFilter.filter(@controller) + assert_equal false, Filter.filter(@controller) end end class TestRailsGatewayFilter < TestRailsFilter def setup - RailsConfig.config do |config| + Config.config do |config| config[:cas_server_url] = "http://localhost:4567" end @controller = Controller.new @@ -94,7 +105,7 @@ class TestRailsGatewayFilter < TestRailsFilter def test_filter_not_authenticated_sets_cas_gatewayed # service_ticket = get_service_ticket #mock_authenticate_ticket(VALID_REQUEST) - assert_equal false, RailsGatewayFilter.filter(@controller) + assert_equal false, GatewayFilter.filter(@controller) assert_equal true, @controller.session[:cas_gatewayed] end @@ -102,7 +113,7 @@ class TestRailsGatewayFilter < TestRailsFilter # service_ticket = get_service_ticket @controller.session = {:cas_gatewayed => true} #mock_authenticate_ticket(VALID_REQUEST) - assert_equal true, RailsGatewayFilter.filter(@controller) + assert_equal true, GatewayFilter.filter(@controller) assert_equal nil, @controller.session[:cas_user] end test/test_rails_filter.rb 43b37e0fb1142f64aea319cae1f4d9caa254251c Petrik petrik@deheus.net http://github.com/p8/casablanca/commit/fe31392fb5b57c60417b2b3540d35460c44639d9 fe31392fb5b57c60417b2b3540d35460c44639d9 2009-02-18T14:47:28-08:00 2009-02-18T14:47:28-08:00 Fixed gatewaying 174bfdbf042931bbc0ad7d85a396472fd2a5f4d0 Petrik petrik@deheus.net