Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Extendable strategies interface (part of omniauth authenticator solution) #109

Closed
wants to merge 20 commits into
from

Conversation

Projects
None yet
4 participants

Slotos commented Jul 5, 2012

Summary of changes:

  • Moved code that creates user session into separate method, making it possible to use it in sinatra extensions
  • Moved logout code into separate method, using it in session creation method to trigger single sign out upon identity change
  • Added login_links accessor, using it to gather and display login links for oauth providers
  • Using bundler with bin/rubycas-server Debatable
  • Activated sessions to track service and renew parameters through omniauth sequence, resetting them on login page visit. I remember meeting one use case that would redirect user to previously saved service which could seem illogical, however I've dismissed it at the time since it required direct url visiting, which is outside of regular user scenarios. Can't remember the case now. Needs review.
  • Some minor changes, like path filters based on params hash, avoiding "no authenticators" error when there are only strategies etc.

Implemented generic omniauth (1.0+) strategy: https://github.com/Slotos/rubycas-strategy-omniauth. Tested it with facebook and twitter, but it should work with krb5 and cas omniauth strategies as well. Omniauth 1.0 version of LDAP authenticator should work too, given there is one.
Remote-to-local mapping expects SQL database and two tables: user table and token table. Extending functionality for other storage and schema options would be a good idea, once such need arises.

What I wish to do but may not have time to do it:

  • Move all authenticators into strategies. Display login form only when at least one strategy have registered itself in login/pass authenticators list.

Another example of behaviour implemented with this interface would be https://github.com/Slotos/rubycas-strategy-impostor.

No whitespace diff link

I can't bring myself to delete this line. THE WORLD SHOULD KNOW!

Slotos added some commits Jun 13, 2012

@Slotos Slotos Removing redundant code and provinding simplistic test coverage
def self.init_matchers!
  self.class_eval{}
end

Never forget !!
40b5400
@Slotos Slotos Adding ability to provide your own `require` and `register` strings f…
…or matchers.
3f5300a
@Slotos Slotos Returning from init_authenticators! is there are none while matchers …
…are present
90d9c17
@Slotos Slotos Modified confirm_authentication method to accept username and service…
… arguments instead of relying on instance variables
391b90b
@Slotos Slotos Purging `self.reconfigure!`. It was for config testing which is now h…
…andled differently.
ca2333a
@Slotos Slotos Adding route filters that allow me to remove omniauth specific routes…
… from rubycas-server code.
2c3e262
@Slotos Slotos confirm_attributes! sets cookies to uri_path path, regardless of loca…
…tion from where it was called.
b293bc6
@Slotos Slotos Revised strategy loading a bit 76c14de
@Slotos Slotos Updated specs.
TODO: Check service URI even when user is logged in.
31d0367
@Slotos Slotos Cleaning up pry. Friday ._. 1f86eec
@Slotos Slotos Cosmetic method name change in wake of offloading all session manglin…
…g to that method.
de16184
@Slotos Slotos Updating strategies config format to allow for strategy reuse c863d1a
@Slotos Slotos Minor changes:
- using bundler in bin/rubycas-server
- bringing config.ru in line with recent main repository changes
- not saving renew parameter in session anymore, its effect is immediate, not delayed, unlike service
b9240e1
@Slotos Slotos Establishing new session will log out old one if present. 782a74e
@Slotos Slotos oauth_links -> login_links
In addition turning login links into array of links, leaving placing and wrapping up to theme.
7cb2675
@Slotos Slotos Altered placement of login links. d725540
@Slotos Slotos Return of session[:renew].
Without it omniauth failure will result in redirect to service without renewing session.
986b48c
@Slotos Slotos Merge branch 'master' of git://github.com/rubycas/rubycas-server cf07371
@Slotos Slotos Updating r18n to 1.0.1.
Backstory: for some weird reason bundles would enforce version 1.0.1 on me. Had to change localization.rb to make it work.
59776e1
Owner

zuk commented Oct 24, 2012

Well this is interesting... gonna try to get to this next week.

Wow this is really cool. I was looking at the token implementation and that whould be a really nice solution for the problem I'm having atm.

Slotos commented Nov 7, 2012

@zuk Do you need feedback on my part perchance?

@zuk need help reviewing? I'd really like rubycas to get some active development going again.

Owner

zuk commented Nov 12, 2012

Yeah sorry guys, I'm getting increasingly swamped with my thesis + work.
Bart, if you're willing to go through this, go ahead by all means. I think
getting a third party to review this would be really helpful. I haven't
been paying attention to omniauth in general at all (I probably should...)
so I'm probably not the best person to think about this anyway. I'm willing
to get this merged as long as someone tells me this isn't as scary as it
looks. (Also having some docs for this — even stubs — written up into the
RubyCAS GitHub wiki would be help...)

On Mon, Nov 12, 2012 at 5:30 AM, Bart ten Brinke
notifications@github.comwrote:

So far I've found one small issue in rubycas-token:

      matcher = matcher.filter("`#{@config['expire_column']}` >=?", DateTime.now) if config['expire_column']

should be:

      matcher = matcher.filter("`#{@config['expire_column']}` >=?", DateTime.now) if @config['expire_column']


Reply to this email directly or view it on GitHubhttps://github.com/rubycas/rubycas-server/pull/109#issuecomment-10282742.

@Slotos Slotos closed this Jan 27, 2015

amireh commented Sep 5, 2015

Was this ever merged, otherwise can it still be? (Sorry to necro the thread.)

I think everybody switched to casino.

Sent from my iPhone

On 5 sep. 2015, at 17:45, Ahmad Amireh notifications@github.com wrote:

Was this ever merged, otherwise can it still be? (Sorry to necro the thread.)


Reply to this email directly or view it on GitHub.

amireh commented Sep 6, 2015

Thank you so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment