Class: Aker::Cas::ProxyMode
- Inherits:
-
Modes::Base
- Object
- Warden::Strategies::Base
- Modes::Base
- Aker::Cas::ProxyMode
- Includes:
- Modes::Support::Rfc2617
- Defined in:
- lib/aker/cas/proxy_mode.rb
Overview
A non-interactive mode that provides CAS proxy authentication conformant to CAS 2.
This mode does not handle interactive CAS authentication; see Aker::Cas for that.
Class Method Summary collapse
-
.key ⇒ Symbol
A key that refers to this mode; used for configuration convenience.
Instance Method Summary collapse
-
#credentials ⇒ Array<String>
The supplied proxy ticket and the service URL.
-
#kind ⇒ Symbol
The type of credentials supplied by this mode.
-
#scheme ⇒ String
Used to build a WWW-Authenticate header that will be returned to a client failing non-interactive authentication.
-
#service_url ⇒ String
Builds the service URL for this application.
-
#valid? ⇒ Boolean
Returns true if a proxy ticket is present, false otherwise.
Methods included from Modes::Support::Rfc2617
Methods inherited from Modes::Base
#authenticate!, #authority, #configuration, #interactive?, #store?
Methods included from Rack::EnvironmentHelper
#authority, #configuration, #interactive?
Class Method Details
.key ⇒ Symbol
A key that refers to this mode; used for configuration convenience.
23 24 25 |
# File 'lib/aker/cas/proxy_mode.rb', line 23 def self.key :cas_proxy end |
Instance Method Details
#credentials ⇒ Array<String>
The supplied proxy ticket and the service URL.
The proxy ticket is received in the HTTP ‘Authorization` header, per RFC2616. The scheme must be `CasProxy`. Example:
> ‘Authorization: CasProxy PT-1272928074r13CBB9ACA794867F3E`
45 46 47 48 49 50 51 52 53 54 |
# File 'lib/aker/cas/proxy_mode.rb', line 45 def credentials key = 'HTTP_AUTHORIZATION' matches = env[key].match(/CasProxy\s+([SP]T-[0-9A-Za-z\-]+)/) if env.has_key?(key) if matches && matches[1] [matches[1], service_url] else [] end end |
#kind ⇒ Symbol
The type of credentials supplied by this mode.
31 32 33 |
# File 'lib/aker/cas/proxy_mode.rb', line 31 def kind self.class.key end |
#scheme ⇒ String
Used to build a WWW-Authenticate header that will be returned to a client failing non-interactive authentication.
67 68 69 |
# File 'lib/aker/cas/proxy_mode.rb', line 67 def scheme "CasProxy" end |
#service_url ⇒ String
Builds the service URL for this application.
Colloquially, the service URL is the web server URL plus the application mount point. It does not include anything about the specific resource being requested. For instance, if you had the resource
> notis.nubic.northwestern.edu/lsdb/patients/105661
which was part of the ‘/lsdb` application, the service URL would be
> notis.nubic.northwestern.edu/lsdb
A little more formally, the URL is ‘url scheme + hostname + script name`. The port is also included if it is not the default for the URL scheme.
The service URL never ends with a ‘/`, even if the application is mounted at the root.
95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/aker/cas/proxy_mode.rb', line 95 def service_url url = "#{env['rack.url_scheme']}://" if env['HTTP_HOST'] url << env['HTTP_HOST'] # includes the port else url << env['SERVER_NAME'] default_port = { "http" => "80", "https" => "443" }[env['rack.url_scheme']] url << ":#{env["SERVER_PORT"]}" unless env["SERVER_PORT"].to_s == default_port end url << env["SCRIPT_NAME"] end |
#valid? ⇒ Boolean
Returns true if a proxy ticket is present, false otherwise.
58 59 60 |
# File 'lib/aker/cas/proxy_mode.rb', line 58 def valid? !credentials.empty? end |