Class: Rack::CAS

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/cas.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, config = {}) ⇒ CAS

Returns a new instance of CAS.



9
10
11
12
13
# File 'lib/rack/cas.rb', line 9

def initialize(app, config={})
  @app = app

  RackCAS.config.update config
end

Instance Attribute Details

#server_urlObject

Returns the value of attribute server_url.



7
8
9
# File 'lib/rack/cas.rb', line 7

def server_url
  @server_url
end

Instance Method Details

#call(env) ⇒ Object



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/rack/cas.rb', line 15

def call(env)
  request = Rack::Request.new(env)
  cas_request = CASRequest.new(request)

  return @app.call(env) if exclude_request?(cas_request)

  if cas_request.ticket_validation?
    log env, 'rack-cas: Intercepting ticket validation request.'

    service_url = RackCAS.config.service? ? RackCAS.config.service : cas_request.service_url

    begin
      user, extra_attrs = get_user(request.url, cas_request.ticket)
    rescue RackCAS::ServiceValidationResponse::TicketInvalidError, RackCAS::SAMLValidationResponse::TicketInvalidError
      log env, 'rack-cas: Invalid ticket. Redirecting to CAS login.'

      return redirect_to server.(service_url).to_s
    end

    store_session request, user, cas_request.ticket, extra_attrs
    return redirect_to service_url
  end

  if cas_request.logout?
    log env, 'rack-cas: Intercepting logout request.'

    request.session.send (request.session.respond_to?(:destroy) ? :destroy : :clear)
    return redirect_to server.logout_url(request.params).to_s
  end

  if cas_request.single_sign_out? && RackCAS.config.session_store?
    log env, 'rack-cas: Intercepting single-sign-out request.'

    RackCAS.config.session_store.destroy_session_by_cas_ticket(cas_request.ticket)
    return [200, {'Content-Type' => 'text/plain'}, ['CAS Single-Sign-Out request intercepted.']]
  end

  response = @app.call(env)

  if response[0] == 401 && !ignore_intercept?(request) # access denied
    log env, 'rack-cas: Intercepting 401 access denied response. Redirecting to CAS login.'

    url = if RackCAS.config.service?
            configured_service_url = RackCAS::URL.parse(RackCAS.config.service)
            request_url            = RackCAS::URL.parse(request.url)
            request_url.host       = configured_service_url.host
            request_url.scheme     = configured_service_url.scheme
            request_url.to_s
          else
            cas_request.service_url
          end

    redirect_to server.(url).to_s
  else
    response
  end
end