Class: Aker::Cas::ProxyMode

Inherits:

Modes::Base

• Object
• Warden::Strategies::Base
• Modes::Base
• Aker::Cas::ProxyMode

Includes:

Modes::Support::Rfc2617

Defined in:

lib/aker/cas/proxy_mode.rb

Overview

A non-interactive mode that provides CAS proxy authentication conformant to CAS 2.

This mode does not handle interactive CAS authentication; see Aker::Cas for that.

See Also:

• CAS 2 protocol specification

Author:

• David Yip

Class Method Summary

• .key ⇒ Symbol

  A key that refers to this mode; used for configuration convenience.

Instance Method Summary

• #credentials ⇒ Array<String>

  The supplied proxy ticket and the service URL.

• #kind ⇒ Symbol

  The type of credentials supplied by this mode.

• #scheme ⇒ String

  Used to build a WWW-Authenticate header that will be returned to a client failing non-interactive authentication.

• #service_url ⇒ String

  Builds the service URL for this application.

• #valid? ⇒ Boolean

  Returns true if a proxy ticket is present, false otherwise.

Methods included from Modes::Support::Rfc2617

#challenge, #realm

Methods inherited from Modes::Base

#authenticate!, #authority, #configuration, #interactive?, #store?

Methods included from Rack::EnvironmentHelper

#authority, #configuration, #interactive?

Class Method Details

.key ⇒ Symbol

A key that refers to this mode; used for configuration convenience.

Returns:

• (Symbol)

# File 'lib/aker/cas/proxy_mode.rb', line 23

def self.key
  :cas_proxy
end

Instance Method Details

#credentials ⇒ Array<String>

The supplied proxy ticket and the service URL.

The proxy ticket is received in the HTTP ‘Authorization` header, per RFC2616. The scheme must be `CasProxy`. Example:

> ‘Authorization: CasProxy PT-1272928074r13CBB9ACA794867F3E`

Returns:

• (Array<String>) —

  the proxy ticket or an empty array

See Also:

• CAS 2.0 protocol, section 3.7

# File 'lib/aker/cas/proxy_mode.rb', line 45

def credentials
  key = 'HTTP_AUTHORIZATION'
  matches = env[key].match(/CasProxy\s+([SP]T-[0-9A-Za-z\-]+)/) if env.has_key?(key)

  if matches && matches[1]
    [matches[1], service_url]
  else
    []
  end
end

#kind ⇒ Symbol

The type of credentials supplied by this mode.

Returns:

• (Symbol)

# File 'lib/aker/cas/proxy_mode.rb', line 31

def kind
  self.class.key
end

#scheme ⇒ String

Used to build a WWW-Authenticate header that will be returned to a client failing non-interactive authentication.

Returns:

• (String)

# File 'lib/aker/cas/proxy_mode.rb', line 67

def scheme
  "CasProxy"
end

#service_url ⇒ String

Builds the service URL for this application.

Colloquially, the service URL is the web server URL plus the application mount point. It does not include anything about the specific resource being requested. For instance, if you had the resource

> notis.nubic.northwestern.edu/lsdb/patients/105661

which was part of the ‘/lsdb` application, the service URL would be

> notis.nubic.northwestern.edu/lsdb

A little more formally, the URL is ‘url scheme + hostname + script name`. The port is also included if it is not the default for the URL scheme.

The service URL never ends with a ‘/`, even if the application is mounted at the root.

Returns:

• (String) —

  the service URL derived from the request environment

# File 'lib/aker/cas/proxy_mode.rb', line 95

def service_url
  url = "#{env['rack.url_scheme']}://"
  if env['HTTP_HOST']
    url << env['HTTP_HOST'] # includes the port
  else
    url << env['SERVER_NAME']
    default_port = { "http" => "80", "https" => "443" }[env['rack.url_scheme']]
    url << ":#{env["SERVER_PORT"]}" unless env["SERVER_PORT"].to_s == default_port
  end
  url << env["SCRIPT_NAME"]
end

#valid? ⇒ Boolean

Returns true if a proxy ticket is present, false otherwise.

Returns:

• (Boolean)

# File 'lib/aker/cas/proxy_mode.rb', line 58

def valid?
  !credentials.empty?
end