Class: Devise::Strategies::WindAuthenticatable

Inherits:

Authenticatable

• Object
• Authenticatable
• Devise::Strategies::WindAuthenticatable

Includes:

Warden::Mixins::Urls

Defined in:

lib/devise_wind/strategy.rb

Constant Summary

HTTP_METHODS =

:stopdoc:

%w(GET HEAD PUT POST DELETE OPTIONS)

RESPONSE =

"rack.wind.response"

AUTHENTICATE_HEADER =

"WWW-Authenticate"

AUTHENTICATE_REGEXP =

/^Wind/

URL_FIELD_SELECTOR =

lambda { |field| field.to_s =~ %r{^https?://} }

Class Method Summary

• .build_header(params = {}) ⇒ Object

  Helper method for building the “WWW-Authenticate” header value.

• .parse_header(str) ⇒ Object

  Helper method for parsing “WWW-Authenticate” header values into a hash.

Instance Method Summary

• #authenticate! ⇒ Object
• #handle_response! ⇒ Object
• #valid? ⇒ Boolean

  valid? indicates the applicability of this strategy to the authn request.

• #valid_mapping? ⇒ Boolean
• #wind_redirect_url ⇒ Object
• #wind_response ⇒ Object
• #wind_response? ⇒ Boolean

Class Method Details

.build_header(params = {}) ⇒ Object

Helper method for building the “WWW-Authenticate” header value.

Rack::Wind.build_header(:server => "http://josh.openid.com/")
  #=> Wind server="https://wind.columbia.edu/"

# File 'lib/devise_wind/strategy.rb', line 20

def self.build_header(params = {})
  'Wind ' + params.map { |key, value|
    if value.is_a?(Array)
      "#{key}=\"#{value.join(',')}\""
    else
      "#{key}=\"#{value}\""
    end
  }.join(', ')
end

.parse_header(str) ⇒ Object

Helper method for parsing “WWW-Authenticate” header values into a hash.

Rack::Wind.parse_header("Wind identifier='http://josh.openid.com/'")
  #=> {:identifier => "http://josh.openid.com/"}

# File 'lib/devise_wind/strategy.rb', line 35

def self.parse_header(str)
  params = {}
  if str =~ AUTHENTICATE_REGEXP
    str = str.gsub(/#{AUTHENTICATE_REGEXP}\s+/, '')
    str.split(', ').each { |pair|
      key, *value = pair.split('=')
      value = value.join('=')
      value.gsub!(/^\"/, '').gsub!(/\"$/, "")
      value = value.split(',')
      params[key] = value.length > 1 ? value : value.first
    }
  end
  params
end

Instance Method Details

#authenticate! ⇒ Object

# File 'lib/devise_wind/strategy.rb', line 67

def authenticate!
  Rails.logger.debug("Authenticating with WIND for mapping #{mapping.to}")

  if wind_response
    handle_response!
  else # redirect to WIND login with a 30x status
    redirect! wind_redirect_url
  end
end

#handle_response! ⇒ Object

# File 'lib/devise_wind/strategy.rb', line 81

def handle_response!
  ticket_id = params['ticketid']
  validate_path = "/validate?ticketid=#{ticket_id}"
  wind_validate = Net::HTTP.new("wind.columbia.edu",443)
  wind_validate.use_ssl = true
  wind_validate.verify_mode = OpenSSL::SSL::VERIFY_NONE
  wind_validate.start
  wind_resp = wind_validate.get(validate_path)
  wind_validate.finish
  #puts wind_resp.body
  authdoc = Nokogiri::XML(wind_resp.body)
  ns = {'wind'=>'http://www.columbia.edu/acis/rad/authmethods/wind'}
  _user = authdoc.xpath('//wind:authenticationSuccess/wind:user', ns)
  wind_data = nil
  if _user.length > 0
    wind_data = {}
    wind_data[:uni] =  _user[0].content
    wind_data[:affils] = authdoc.xpath('//wind:authenticationSuccess/wind:affiliations/wind:affil',ns).collect {|x| x.content}
    Rails.logger.debug wind_data.inspect
    _resource = mapping.to.find_or_create_by_wind_login_field(wind_data[:uni])
    _resource.affiliations= wind_data[:affils]
    _resource.save!
    success! _resource
  #else
  #  fail!
  end
end

#valid? ⇒ Boolean

valid? indicates the applicability of this strategy to the authn request

Returns:

• (Boolean)

# File 'lib/devise_wind/strategy.rb', line 51

def valid?
  valid_mapping? # apply to any request for a wind user
end

#valid_mapping? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_wind/strategy.rb', line 55

def valid_mapping?
  mapping.to.respond_to?(:find_by_wind_login_field)
end

#wind_redirect_url ⇒ Object

# File 'lib/devise_wind/strategy.rb', line 77

def wind_redirect_url
  "https://#{mapping.to.wind_host}/login?destination=#{CGI.escapeHTML(request_url)}&service=#{CGI.escapeHTML(mapping.to.wind_service)}"
end

#wind_response ⇒ Object

# File 'lib/devise_wind/strategy.rb', line 63

def wind_response
  params['ticketid']
end

#wind_response? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_wind/strategy.rb', line 59

def wind_response?
  not wind_response.nil?
end