Class: CASClient::Client
- Inherits:
-
Object
- Object
- CASClient::Client
- Defined in:
- lib/casclient/client.rb
Overview
The client brokers all HTTP transactions with the CAS server.
Instance Attribute Summary collapse
-
#cas_base_url ⇒ Object
readonly
Returns the value of attribute cas_base_url.
-
#cas_destination_logout_param_name ⇒ Object
readonly
Returns the value of attribute cas_destination_logout_param_name.
-
#extra_attributes_session_key ⇒ Object
readonly
Returns the value of attribute extra_attributes_session_key.
-
#log ⇒ Object
readonly
Returns the value of attribute log.
- #login_url ⇒ Object
-
#logout_url(destination_url = nil, follow_url = nil) ⇒ Object
Returns the CAS server’s logout url.
-
#proxy_callback_url ⇒ Object
Returns the value of attribute proxy_callback_url.
-
#proxy_retrieval_url ⇒ Object
Returns the value of attribute proxy_retrieval_url.
- #proxy_url ⇒ Object
-
#service_url ⇒ Object
writeonly
Sets the attribute service_url.
-
#ticket_store ⇒ Object
readonly
Returns the value of attribute ticket_store.
-
#username_session_key ⇒ Object
readonly
Returns the value of attribute username_session_key.
- #validate_url ⇒ Object
Instance Method Summary collapse
- #add_service_to_login_url(service_url) ⇒ Object
-
#cas_server_is_up? ⇒ Boolean
Returns true if the configured CAS server is up and responding; false otherwise.
- #configure(conf) ⇒ Object
-
#initialize(conf = nil) ⇒ Client
constructor
A new instance of Client.
-
#login_to_service(credentials, service) ⇒ Object
Requests a login using the given credentials for the given service; returns a LoginResponse object.
-
#request_login_ticket ⇒ Object
Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.
-
#request_proxy_ticket(pgt, target_service) ⇒ Object
Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.
- #retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object
- #validate_service_ticket(st) ⇒ Object (also: #validate_proxy_ticket)
Constructor Details
#initialize(conf = nil) ⇒ Client
Returns a new instance of Client.
10 11 12 |
# File 'lib/casclient/client.rb', line 10 def initialize(conf = nil) configure(conf) if conf end |
Instance Attribute Details
#cas_base_url ⇒ Object (readonly)
Returns the value of attribute cas_base_url.
4 5 6 |
# File 'lib/casclient/client.rb', line 4 def cas_base_url @cas_base_url end |
#cas_destination_logout_param_name ⇒ Object (readonly)
Returns the value of attribute cas_destination_logout_param_name.
4 5 6 |
# File 'lib/casclient/client.rb', line 4 def cas_destination_logout_param_name @cas_destination_logout_param_name end |
#extra_attributes_session_key ⇒ Object (readonly)
Returns the value of attribute extra_attributes_session_key.
5 6 7 |
# File 'lib/casclient/client.rb', line 5 def extra_attributes_session_key @extra_attributes_session_key end |
#log ⇒ Object (readonly)
Returns the value of attribute log.
5 6 7 |
# File 'lib/casclient/client.rb', line 5 def log @log end |
#login_url ⇒ Object
59 60 61 |
# File 'lib/casclient/client.rb', line 59 def login_url @login_url || (cas_base_url + "/login") end |
#logout_url(destination_url = nil, follow_url = nil) ⇒ Object
Returns the CAS server’s logout url.
If a logout_url has not been explicitly configured, the default is cas_base_url + “/logout”.
- destination_url
-
Set this if you want the user to be able to immediately log back in. Generally you’ll want to use something like
request.referer
. Note that the above behaviour describes RubyCAS-Server – other CAS server implementations might use this parameter differently (or not at all). - follow_url
-
This satisfies section 2.3.1 of the CAS protocol spec. See www.ja-sig.org/products/cas/overview/protocol
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/casclient/client.rb', line 80 def logout_url(destination_url = nil, follow_url = nil) url = @logout_url || (cas_base_url + "/logout") if destination_url # if present, remove the 'ticket' parameter from the destination_url duri = URI.parse(destination_url) h = duri.query ? query_to_hash(duri.query) : {} h.delete('ticket') duri.query = hash_to_query(h) destination_url = duri.to_s.gsub(/\?$/, '') end if destination_url || follow_url uri = URI.parse(url) h = uri.query ? query_to_hash(uri.query) : {} h[cas_destination_logout_param_name] = destination_url if destination_url h['url'] = follow_url if follow_url uri.query = hash_to_query(h) uri.to_s else url end end |
#proxy_callback_url ⇒ Object
Returns the value of attribute proxy_callback_url.
8 9 10 |
# File 'lib/casclient/client.rb', line 8 def proxy_callback_url @proxy_callback_url end |
#proxy_retrieval_url ⇒ Object
Returns the value of attribute proxy_retrieval_url.
8 9 10 |
# File 'lib/casclient/client.rb', line 8 def proxy_retrieval_url @proxy_retrieval_url end |
#proxy_url ⇒ Object
104 105 106 |
# File 'lib/casclient/client.rb', line 104 def proxy_url @proxy_url || (cas_base_url + "/proxy") end |
#service_url=(value) ⇒ Object (writeonly)
Sets the attribute service_url
7 8 9 |
# File 'lib/casclient/client.rb', line 7 def service_url=(value) @service_url = value end |
#ticket_store ⇒ Object (readonly)
Returns the value of attribute ticket_store.
6 7 8 |
# File 'lib/casclient/client.rb', line 6 def ticket_store @ticket_store end |
#username_session_key ⇒ Object (readonly)
Returns the value of attribute username_session_key.
5 6 7 |
# File 'lib/casclient/client.rb', line 5 def username_session_key @username_session_key end |
#validate_url ⇒ Object
63 64 65 |
# File 'lib/casclient/client.rb', line 63 def validate_url @validate_url || (cas_base_url + "/proxyValidate") end |
Instance Method Details
#add_service_to_login_url(service_url) ⇒ Object
222 223 224 225 226 |
# File 'lib/casclient/client.rb', line 222 def add_service_to_login_url(service_url) uri = URI.parse(login_url) uri.query = (uri.query ? uri.query + "&" : "") + "service=#{CGI.escape(service_url)}" uri.to_s end |
#cas_server_is_up? ⇒ Boolean
Returns true if the configured CAS server is up and responding; false otherwise.
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
# File 'lib/casclient/client.rb', line 131 def cas_server_is_up? uri = URI.parse(login_url) log.debug "Checking if CAS server at URI '#{uri}' is up..." https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE) begin raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end rescue Errno::ECONNREFUSED => e log.warn "CAS server did not respond! (#{e.inspect})" return false end log.debug "CAS server responded with #{raw_res.inspect}:\n#{raw_res.body}" return raw_res.kind_of?(Net::HTTPSuccess) end |
#configure(conf) ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/casclient/client.rb', line 14 def configure(conf) #TODO: raise error if conf contains unrecognized cas options (this would help detect user typos in the config) raise ArgumentError, "Missing :cas_base_url parameter!" unless conf[:cas_base_url] if conf.has_key?("encode_extra_attributes_as") unless (conf[:encode_extra_attributes_as] == :json || conf[:encode_extra_attributes_as] == :yaml) raise ArgumentError, "Unkown Value for :encode_extra_attributes_as parameter! Allowed options are json or yaml - #{conf[:encode_extra_attributes_as]}" end end @cas_base_url = conf[:cas_base_url].gsub(/\/$/, '') @cas_destination_logout_param_name = conf[:cas_destination_logout_param_name] @login_url = conf[:login_url] @logout_url = conf[:logout_url] @validate_url = conf[:validate_url] @proxy_url = conf[:proxy_url] @service_url = conf[:service_url] @force_ssl_verification = conf[:force_ssl_verification] @proxy_callback_url = conf[:proxy_callback_url] @username_session_key = conf[:username_session_key] || :cas_user @extra_attributes_session_key = conf[:extra_attributes_session_key] || :cas_extra_attributes @ticket_store_class = case conf[:ticket_store] when :local_dir_ticket_store, nil CASClient::Tickets::Storage::LocalDirTicketStore when :active_record_ticket_store ::ACTIVE_RECORD_TICKET_STORE else conf[:ticket_store] end @ticket_store = @ticket_store_class.new conf[:ticket_store_config] raise CASException, "The Ticket Store is not a subclass of AbstractTicketStore, it is a #{@ticket_store_class}" unless @ticket_store.kind_of? CASClient::Tickets::Storage::AbstractTicketStore @log = CASClient::LoggerWrapper.new @log.set_real_logger(conf[:logger]) if conf[:logger] @ticket_store.log = @log @conf_options = conf end |
#login_to_service(credentials, service) ⇒ Object
Requests a login using the given credentials for the given service; returns a LoginResponse object.
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# File 'lib/casclient/client.rb', line 156 def login_to_service(credentials, service) lt = request_login_ticket data = credentials.merge( :lt => lt, :service => service ) res = submit_data_to_cas(login_url, data) response = CASClient::LoginResponse.new(res) if response.is_success? log.info("Login was successful for ticket: #{response.ticket.inspect}.") end return response end |
#request_login_ticket ⇒ Object
Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.
This only works with RubyCAS-Server, since obtaining login tickets in this manner is not part of the official CAS spec.
179 180 181 182 183 184 185 186 187 188 189 |
# File 'lib/casclient/client.rb', line 179 def request_login_ticket uri = URI.parse(login_url+'Ticket') https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE) res = https.post(uri.path, ';') raise CASException, res.body unless res.kind_of? Net::HTTPSuccess res.body.strip end |
#request_proxy_ticket(pgt, target_service) ⇒ Object
Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.
The pgt required to request a proxy ticket is obtained as part of a ValidationResponse.
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/casclient/client.rb', line 197 def request_proxy_ticket(pgt, target_service) uri = URI.parse(proxy_url) h = uri.query ? query_to_hash(uri.query) : {} h['pgt'] = pgt.ticket h['targetService'] = target_service uri.query = hash_to_query(h) response = request_cas_response(uri, ProxyResponse) pt = ProxyTicket.new(response.proxy_ticket, target_service) pt.success = response.is_success? pt.failure_code = response.failure_code pt. = response. return pt end |
#retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object
214 215 216 217 218 219 220 |
# File 'lib/casclient/client.rb', line 214 def retrieve_proxy_granting_ticket(pgt_iou) pgt = @ticket_store.retrieve_pgt(pgt_iou) raise CASException, "Couldn't find pgt for pgt_iou #{pgt_iou}" unless pgt ProxyGrantingTicket.new(pgt, pgt_iou) end |
#validate_service_ticket(st) ⇒ Object Also known as: validate_proxy_ticket
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/casclient/client.rb', line 108 def validate_service_ticket(st) uri = URI.parse(validate_url) h = uri.query ? query_to_hash(uri.query) : {} h['service'] = st.service h['ticket'] = st.ticket h['renew'] = "1" if st.renew h['pgtUrl'] = proxy_callback_url if proxy_callback_url uri.query = hash_to_query(h) response = request_cas_response(uri, ValidationResponse) st.user = response.user st.extra_attributes = response.extra_attributes st.pgt_iou = response.pgt_iou st.success = response.is_success? st.failure_code = response.failure_code st. = response. return st end |