Class: CASClient::Frameworks::Rails::Filter

Inherits:
Object
  • Object
show all
Defined in:
lib/casclient/frameworks/rails/filter.rb

Direct Known Subclasses

GatewayFilter

Constant Summary collapse

@@config =

These are initialized when you call configure.

nil
@@client = 
nil
@@log = 
nil

Class Method Summary collapse

Class Method Details

.configure(config) ⇒ Object 



96
97
98
99
100
101
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 96

def configure(config)
  @@config = config
  @@config[:logger] = RAILS_DEFAULT_LOGGER unless @@config[:logger]
  @@client = CASClient::Client.new(config)
  @@log = client.log
end

.filter(controller) ⇒ Object 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 13

def filter(controller)
  raise "Cannot use the CASClient filter because it has not yet been configured." if config.nil?

  st = read_ticket(controller)
  
  last_st = controller.session[:cas_last_valid_ticket]
  
  if st && 
      last_st && 
      last_st.ticket == st.ticket && 
      last_st.service == st.service
    # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
    # The only time when this is acceptable is if the user manually does a refresh and the ticket
    # happens to be in the URL.
    log.warn("Re-using previously validated ticket since the new ticket and service are the same.")
    st = last_st
  elsif last_st &&
      !config[:authenticate_on_every_request] && 
      controller.session[client.username_session_key]
    # Re-use the previous ticket if the user already has a local CAS session (i.e. if they were already
    # previously authenticated for this service). This is to prevent redirection to the CAS server on every
    # request.
    # This behaviour can be disabled (so that every request is routed through the CAS server) by setting
    # the :authenticate_on_every_request config option to false. 
    log.debug "Existing local CAS session detected for #{controller.session[client.username_session_key].inspect}. "+
      "Previous ticket #{last_st.ticket.inspect} will be re-used."
    st = last_st
  end
  
  if st
    client.validate_service_ticket(st) unless st.has_been_validated?
    vr = st.response
    
    if st.is_valid?
      log.info("Ticket #{st.ticket.inspect} for service #{st.service.inspect} belonging to user #{vr.user.inspect} is VALID.")
      controller.session[client.username_session_key] = vr.user
      controller.session[client.extra_attributes_session_key] = vr.extra_attributes
      
      # RubyCAS-Client 1.x used :casfilteruser as it's username session key,
      # so we need to set this here to ensure compatibility with configurations
      # built around the old client.
      controller.session[:casfilteruser] = vr.user
      
      # Store the ticket in the session to avoid re-validating the same service
      # ticket with the CAS server.
      controller.session[:cas_last_valid_ticket] = st
      
      if vr.pgt_iou
        log.info("Receipt has a proxy-granting ticket IOU. Attempting to retrieve the proxy-granting ticket...")
        pgt = client.retrieve_proxy_granting_ticket(vr.pgt_iou)
        if pgt
          log.debug("Got PGT #{pgt.ticket.inspect} for PGT IOU #{pgt.iou.inspect}. This will be stored in the session.")
          controller.session[:cas_pgt] = pgt
          # For backwards compatibility with RubyCAS-Client 1.x configurations...
          controller.session[:casfilterpgt] = pgt
        else
          log.error("Failed to retrieve a PGT for PGT IOU #{vr.pgt_iou}!")
        end
      end
      
      return true
    else
      log.warn("Ticket #{st.ticket.inspect} failed validation -- #{vr.failure_code}: #{vr.failure_message}")
      redirect_to_cas_for_authentication(controller)
      return false
    end
  else
    if returning_from_gateway?(controller)
      log.info "Returning from CAS gateway without authentication."
      
      if use_gatewaying?
        log.info "This CAS client is configured to use gatewaying, so we will permit the user to continue without authentication."
        return true
      else
        log.warn "The CAS client is NOT configured to allow gatewaying, yet this request was gatewayed. Something is not right!"
      end
    end
    
    redirect_to_cas_for_authentication(controller)
    return false
  end
end

.redirect_to_cas_for_authentication(controller) ⇒ Object 



111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 111

def redirect_to_cas_for_authentication(controller)
  service_url = read_service_url(controller)
  redirect_url = client.(service_url)
  
  if use_gatewaying?
    controller.session[:cas_sent_to_gateway] = true
    redirect_url << "&gateway=true"
  else
    controller.session[:cas_sent_to_gateway] = false
  end
  
  log.debug("Redirecting to #{redirect_url.inspect}")
  controller.send(:redirect_to, redirect_url)
end

.returning_from_gateway?(controller) ⇒ Boolean

Returns:



107
108
109
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 107

def returning_from_gateway?(controller)
  controller.session[:cas_sent_to_gateway]
end

.use_gatewaying?Boolean

Returns:



103
104
105
 
# File 'lib/casclient/frameworks/rails/filter.rb', line 103

def use_gatewaying?
  @@config[:use_gatewaying]
end