Class: CASClient::Frameworks::Rails::Filter

Inherits:
Object
  • Object
show all
Defined in:
lib/casclient/frameworks/rails/filter.rb

Direct Known Subclasses

GatewayFilter

Constant Summary collapse

@@config =

These are initialized when you call configure.

nil
@@client = 
nil
@@log = 
nil

Class Method Summary collapse

Class Method Details

.configure(config) ⇒ Object 



88
89
90
91
92
93
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 88

def configure(config)
  @@config = config
  @@config[:logger] = RAILS_DEFAULT_LOGGER unless @@config[:logger]
  @@client = CASClient::Client.new(config)
  @@log = client.log
end

.filter(controller) ⇒ Object 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 13

def filter(controller)
  raise "Cannot use the CASClient filter because it has not yet been configured." if config.nil?

  st = read_ticket(controller)
  
  lst = controller.session[:cas_last_valid_ticket]
  
  if st && lst && lst.ticket == st.ticket && lst.service == st.service
    # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
    # The only time when this is acceptable is if the user manually does a refresh and the ticket
    # happens to be in the URL.
    log.warn("Re-using previously validated ticket since the new ticket and service are the same.")
    st = lst
  end
  
  if st
    client.validate_service_ticket(st) unless st.has_been_validated?
    vr = st.response
    
    if st.is_valid?
      log.info("Ticket #{st.ticket.inspect} for service #{st.service.inspect} belonging to user #{vr.user.inspect} is VALID.")
      controller.session[client.username_session_key] = vr.user
      controller.session[client.extra_attributes_session_key] = vr.extra_attributes
      
      # RubyCAS-Client 1.x used :casfilteruser as it's username session key,
      # so we need to set this here to ensure compatibility with configurations
      # built around the old client.
      controller.session[:casfilteruser] = vr.user
      
      # Store the ticket in the session to avoid re-validating the same service
      # ticket with the CAS server.
      controller.session[:cas_last_valid_ticket] = st
      
      if vr.pgt_iou
        log.info("Receipt has a proxy-granting ticket IOU. Attempting to retrieve the proxy-granting ticket...")
        pgt = client.retrieve_proxy_granting_ticket(vr.pgt_iou)
        if pgt
          log.debug("Got PGT #{pgt.ticket.inspect} for PGT IOU #{pgt.iou.inspect}. This will be stored in the session.")
          controller.session[:cas_pgt] = pgt
          # For backwards compatibility with RubyCAS-Client 1.x configurations...
          controller.session[:casfilterpgt] = pgt
        else
          log.error("Failed to retrieve a PGT for PGT IOU #{vr.pgt_iou}!")
        end
      end
      
      return true
    else
      log.warn("Ticket #{st.ticket.inspect} failed validation -- #{vr.failure_code}: #{vr.failure_message}")
      redirect_to_cas_for_authentication(controller)
      return false
    end
  elsif !config[:authenticate_on_every_request] && controller.session[client.username_session_key]
    # Don't re-authenticate with the CAS server if we already previously authenticated and the
    # :authenticate_on_every_request option is disabled (it's disabled by default).
    log.debug "Existing local CAS session detected for #{controller.session[client.username_session_key].inspect}. "+
      "User will not be re-authenticated."
    return true
  else
    if returning_from_gateway?(controller)
      log.info "Returning from CAS gateway without authentication."
      
      if use_gatewaying?
        log.info "This CAS client is configured to use gatewaying, so we will permit the user to continue without authentication."
        return true
      else
        log.warn "The CAS client is NOT configured to allow gatewaying, yet this request was gatewayed. Something is not right!"
      end
    end
    
    redirect_to_cas_for_authentication(controller)
    return false
  end
end

.redirect_to_cas_for_authentication(controller) ⇒ Object 



103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 103

def redirect_to_cas_for_authentication(controller)
  service_url = read_service_url(controller)
  redirect_url = client.(service_url)
  
  if use_gatewaying?
    controller.session[:cas_sent_to_gateway] = true
    redirect_url << "&gateway=true"
  else
    controller.session[:cas_sent_to_gateway] = false
  end
  
  log.debug("Redirecting to #{redirect_url.inspect}")
  controller.send(:redirect_to, redirect_url)
end

.returning_from_gateway?(controller) ⇒ Boolean

Returns:

  • (Boolean) 


99
100
101
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 99

def returning_from_gateway?(controller)
  controller.session[:cas_sent_to_gateway]
end

.use_gatewaying?Boolean

Returns:

  • (Boolean) 


95
96
97
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 95

def use_gatewaying?
  @@config[:use_gatewaying]
end