Permalink
Browse files

Fixed hole where Ticket not passed but still allowed through due to c…

…ookie
  • Loading branch information...
1 parent cd8304e commit 316149eaba613648caa2ed780bd0a04f5f5589a8 @dokie dokie committed with Mar 19, 2010
View
4 .gitignore
@@ -1,3 +1,5 @@
doc/rdoc
.yardoc
-pkg
+pkg
+nbproject
+*.gem
View
2 casrack_the_authenticator.gemspec
@@ -5,7 +5,7 @@
Gem::Specification.new do |s|
s.name = %q{casrack_the_authenticator}
- s.version = "1.6.0"
+ s.version = "1.6.1"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["James Rosen"]
View
1 lib/casrack_the_authenticator.rb
@@ -1,6 +1,7 @@
module CasrackTheAuthenticator
USERNAME_PARAM = :cas_user
+ TICKET_PARAM = :cas_ticket
autoload :Simple, 'casrack_the_authenticator/simple'
autoload :Configuration, 'casrack_the_authenticator/configuration'
View
3 lib/casrack_the_authenticator/require_cas.rb
@@ -23,7 +23,8 @@ def call(env)
# @return [true, false] whether the user is signed in via CAS.
def signed_in?(env)
- !Rack::Request.new(env).session[CasrackTheAuthenticator::USERNAME_PARAM].nil?
+ request = Rack::Request.new(env)
+ !request.session[CasrackTheAuthenticator::USERNAME_PARAM].nil? and !request.session[CasrackTheAuthenticator::TICKET_PARAM].nil?
end
# @return [Array<Integer, Hash, String>] a 401 Unauthorized Rack response.
View
8 lib/casrack_the_authenticator/simple.rb
@@ -1,5 +1,6 @@
require 'rack'
require 'rack/request'
+require 'pp'
module CasrackTheAuthenticator
@@ -38,10 +39,15 @@ def call(env)
# ticket processing
def process_return_from_cas(request)
- ticket = request.params['ticket']
+ ticket = request.params['ticket'] || request.session[CasrackTheAuthenticator::TICKET_PARAM]
+ pp ticket
if ticket
validator = ServiceTicketValidator.new(@configuration, service_url(request), ticket)
request.session[CasrackTheAuthenticator::USERNAME_PARAM] = validator.user
+ request.session[CasrackTheAuthenticator::TICKET_PARAM] = ticket
+ else
+ # Belt and Braces
+ redirect_to_cas(request)
end
end

0 comments on commit 316149e

Please sign in to comment.