Rack::Casual

A very simple Rack authentication plugin using CAS or a token. It kicks in whenever a 401 response is returned from the server.

The plugin has only been tested using ActiveRecord and Rails 3.

Installation

Sinatra

$ gem install 'rack-casual'

See examples/sinatra_app.rb for a sample app.

Rails 3

Add this to your Gemfile:

$ gem 'rack-casual'

Run bundle install, and add a configuration file:

$ rails generate rack_casual

This creates a config/initializers/rack-casual.rb file. Make sure base_url points to your CAS server. If your user model is called something other than "User", you can change this here.

Next you must configure your application to use the plugin. For Rails3, you can add this to your config/application.rb config.middleware.use "Rack::Casual::Authentication"

Finally, to authenticate your users, add a before_filter to your controller:

class ApplicationController < ActionController::Base
  before_filter :authenticate!
end

Usage

Rack::Casual adds some helper methods to ActionController::Base

  • logged_in? Returns true if session contains user-id

  • current_user Returns the currently logged in user.

  • authenticate! This is the method you want to use in a before_filter

Authentication token

CAS is nice and all that, but it's not so nice for webservices. Therefore Rack::Casual can authenticate requests using a token. Make sure your User model has a auth_token attribute. You can call it whatever you want, but it defaults to auth_token.

From your client you can now authenticate using this token:

http://your-app.com/my-protected-webservice?auth_token=secret

If there are no users with that token, the client just receives the 401 error. It does not fallback to CAS or create a user automatically (doh).

Authorization

Rack::Casual calls active? on your user model if that method exists to determine whether the user can log in or not. So just add this to control whether authenticated users can log in or not.

# app/models/user.rb
class User < ActiveRecord::Base
  def active?
    # i'm sure you can figure something out...
  end
end

Extra attributes

When creating users automatically, Rack::Casual can also add extra attributes if your CAS server provides this. For this to work your User model must have a cas_extra_attributes= instance method. Here's an example:

class User < ActiveRecord::Base
  def cas_extra_attributes=(extra_attributes)
    extra_attributes.each do |name, value|
      case name.to_sym
        when :name   then self.name   = value
        when :email  then self.email  = value
        when :phone  then self.phone  = value
      end
    end
  end
end

Tracking

If you have enabled tracking, Rack::Casual can update the logged in user with information about last login time and IP. These variables will be updated if they are present in your User model:

  • last_login_at (datetime)
  • last_login_ip (string)
  • login_count (integer)

TODO

More tests dammit.

Copyright (c) 2010 Gudleik Rasch [email protected], released under the MIT license