Class: Aker::Cas::Middleware::TicketRemover

Inherits:
Object
  • Object
show all
Defined in:
lib/aker/cas/middleware/ticket_remover.rb

Overview

Middleware which issues a redirect immediately after CAS authentication succeeds so that users never see a URL with the ticket in it. This prevents them from, e.g., bookmarking a URL with a ticket in it, keeping things cleaner and preventing requests to the CAS server for tickets which are definitely expired.

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ TicketRemover

Returns a new instance of TicketRemover


12
13
14
# File 'lib/aker/cas/middleware/ticket_remover.rb', line 12

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object


16
17
18
19
20
21
22
23
24
25
26
# File 'lib/aker/cas/middleware/ticket_remover.rb', line 16

def call(env)
  if authenticated?(env) && ticket_present?(env)
    request = Rack::Request.new(env)
    url = Aker::Cas::ServiceUrl.service_url(request)
    body = request.get? ? [%Q{<a href="#{url}">Click here to continue</a>}] : []

    [301, { 'Location' => url, 'Content-Type' => 'text/html' }, body]
  else
    @app.call(env)
  end
end