Class: CASClient::Client

Inherits:

Object

• Object
• CASClient::Client

Defined in:

lib/casclient/client.rb

Overview

The client brokers all HTTP transactions with the CAS server.

Instance Attribute Summary

• #cas_base_url ⇒ Object readonly

  Returns the value of attribute cas_base_url.

• #cas_destination_logout_param_name ⇒ Object readonly

  Returns the value of attribute cas_destination_logout_param_name.

• #extra_attributes_session_key ⇒ Object readonly

  Returns the value of attribute extra_attributes_session_key.

• #log ⇒ Object readonly

  Returns the value of attribute log.

• #login_url ⇒ Object
• #logout_url(destination_url = nil, follow_url = nil) ⇒ Object

  Returns the CAS server’s logout url.

• #proxy_callback_url ⇒ Object

  Returns the value of attribute proxy_callback_url.

• #proxy_retrieval_url ⇒ Object

  Returns the value of attribute proxy_retrieval_url.

• #proxy_url ⇒ Object
• #service_url ⇒ Object writeonly

  Sets the attribute service_url.

• #ticket_store ⇒ Object readonly

  Returns the value of attribute ticket_store.

• #username_session_key ⇒ Object readonly

  Returns the value of attribute username_session_key.

• #validate_url ⇒ Object

Instance Method Summary

• #add_service_to_login_url(service_url) ⇒ Object
• #cas_server_is_up? ⇒ Boolean

  Returns true if the configured CAS server is up and responding; false otherwise.

• #configure(conf) ⇒ Object
• #initialize(conf = nil) ⇒ Client constructor

  A new instance of Client.

• #login_to_service(credentials, service) ⇒ Object

  Requests a login using the given credentials for the given service; returns a LoginResponse object.

• #request_login_ticket ⇒ Object

  Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.

• #request_proxy_ticket(pgt, target_service) ⇒ Object

  Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.

• #retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object
• #validate_service_ticket(st) ⇒ Object (also: #validate_proxy_ticket)

Constructor Details

#initialize(conf = nil) ⇒ Client

Returns a new instance of Client.

# File 'lib/casclient/client.rb', line 10

def initialize(conf = nil)
  configure(conf) if conf
end

Instance Attribute Details

#cas_base_url ⇒ Object (readonly)

Returns the value of attribute cas_base_url.

# File 'lib/casclient/client.rb', line 4

def cas_base_url
  @cas_base_url
end

#cas_destination_logout_param_name ⇒ Object (readonly)

Returns the value of attribute cas_destination_logout_param_name.

# File 'lib/casclient/client.rb', line 4

def cas_destination_logout_param_name
  @cas_destination_logout_param_name
end

#extra_attributes_session_key ⇒ Object (readonly)

Returns the value of attribute extra_attributes_session_key.

# File 'lib/casclient/client.rb', line 5

def extra_attributes_session_key
  @extra_attributes_session_key
end

#log ⇒ Object (readonly)

Returns the value of attribute log.

# File 'lib/casclient/client.rb', line 5

def log
  @log
end

#login_url ⇒ Object

# File 'lib/casclient/client.rb', line 59

def login_url
  @login_url || (cas_base_url + "/login")
end

#logout_url(destination_url = nil, follow_url = nil) ⇒ Object

Returns the CAS server’s logout url.

If a logout_url has not been explicitly configured, the default is cas_base_url + “/logout”.

destination_url

Set this if you want the user to be able to immediately log back in. Generally you’ll want to use something like request.referer. Note that the above behaviour describes RubyCAS-Server – other CAS server implementations might use this parameter differently (or not at all).

follow_url

This satisfies section 2.3.1 of the CAS protocol spec. See www.ja-sig.org/products/cas/overview/protocol

# File 'lib/casclient/client.rb', line 80

def logout_url(destination_url = nil, follow_url = nil)
  url = @logout_url || (cas_base_url + "/logout")
  
  if destination_url
    # if present, remove the 'ticket' parameter from the destination_url
    duri = URI.parse(destination_url)
    h = duri.query ? query_to_hash(duri.query) : {}
    h.delete('ticket')
    duri.query = hash_to_query(h)
    destination_url = duri.to_s.gsub(/\?$/, '')
  end
  
  if destination_url || follow_url
    uri = URI.parse(url)
    h = uri.query ? query_to_hash(uri.query) : {}
    h[cas_destination_logout_param_name] = destination_url if destination_url
    h['url'] = follow_url if follow_url
    uri.query = hash_to_query(h)
    uri.to_s
  else
    url
  end
end

#proxy_callback_url ⇒ Object

Returns the value of attribute proxy_callback_url.

# File 'lib/casclient/client.rb', line 8

def proxy_callback_url
  @proxy_callback_url
end

#proxy_retrieval_url ⇒ Object

Returns the value of attribute proxy_retrieval_url.

# File 'lib/casclient/client.rb', line 8

def proxy_retrieval_url
  @proxy_retrieval_url
end

#proxy_url ⇒ Object

# File 'lib/casclient/client.rb', line 104

def proxy_url
  @proxy_url || (cas_base_url + "/proxy")
end

#service_url=(value) ⇒ Object (writeonly)

Sets the attribute service_url

Parameters:

• value —

  the value to set the attribute service_url to.

# File 'lib/casclient/client.rb', line 7

def service_url=(value)
  @service_url = value
end

#ticket_store ⇒ Object (readonly)

Returns the value of attribute ticket_store.

# File 'lib/casclient/client.rb', line 6

def ticket_store
  @ticket_store
end

#username_session_key ⇒ Object (readonly)

Returns the value of attribute username_session_key.

# File 'lib/casclient/client.rb', line 5

def username_session_key
  @username_session_key
end

#validate_url ⇒ Object

# File 'lib/casclient/client.rb', line 63

def validate_url
  @validate_url || (cas_base_url + "/proxyValidate")
end

Instance Method Details

#add_service_to_login_url(service_url) ⇒ Object

# File 'lib/casclient/client.rb', line 222

def add_service_to_login_url(service_url)
  uri = URI.parse(login_url)
  uri.query = (uri.query ? uri.query + "&" : "") + "service=#{CGI.escape(service_url)}"
  uri.to_s
end

#cas_server_is_up? ⇒ Boolean

Returns true if the configured CAS server is up and responding; false otherwise.

Returns:

• (Boolean)

# File 'lib/casclient/client.rb', line 131

def cas_server_is_up?
  uri = URI.parse(login_url)
  
  log.debug "Checking if CAS server at URI '#{uri}' is up..."
  
  https = Net::HTTP.new(uri.host, uri.port)
  https.use_ssl = (uri.scheme == 'https')
  https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
  
  begin
    raw_res = https.start do |conn|
      conn.get("#{uri.path}?#{uri.query}")
    end
  rescue Errno::ECONNREFUSED => e
    log.warn "CAS server did not respond! (#{e.inspect})"
    return false
  end
  
  log.debug "CAS server responded with #{raw_res.inspect}:\n#{raw_res.body}"
  
  return raw_res.kind_of?(Net::HTTPSuccess)
end

#configure(conf) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/casclient/client.rb', line 14

def configure(conf)
  #TODO: raise error if conf contains unrecognized cas options (this would help detect user typos in the config)

  raise ArgumentError, "Missing :cas_base_url parameter!" unless conf[:cas_base_url]
  
  if conf.has_key?("encode_extra_attributes_as")
    unless (conf[:encode_extra_attributes_as] == :json || conf[:encode_extra_attributes_as] == :yaml)
      raise ArgumentError, "Unkown Value for :encode_extra_attributes_as parameter! Allowed options are json or yaml - #{conf[:encode_extra_attributes_as]}"
    end
  end
   
  @cas_base_url      = conf[:cas_base_url].gsub(/\/$/, '')       
  @cas_destination_logout_param_name = conf[:cas_destination_logout_param_name]
  
  @login_url    = conf[:login_url]
  @logout_url   = conf[:logout_url]
  @validate_url = conf[:validate_url]
  @proxy_url    = conf[:proxy_url]
  @service_url  = conf[:service_url]
  @force_ssl_verification  = conf[:force_ssl_verification]
  @proxy_callback_url  = conf[:proxy_callback_url]
  
  @username_session_key         = conf[:username_session_key] || :cas_user
  @extra_attributes_session_key = conf[:extra_attributes_session_key] || :cas_extra_attributes
  @ticket_store_class = case conf[:ticket_store]
    when :local_dir_ticket_store, nil
      CASClient::Tickets::Storage::LocalDirTicketStore
    when :active_record_ticket_store
      ::ACTIVE_RECORD_TICKET_STORE
    else
      conf[:ticket_store]
  end
  @ticket_store = @ticket_store_class.new conf[:ticket_store_config]
  raise CASException, "The Ticket Store is not a subclass of AbstractTicketStore, it is a #{@ticket_store_class}" unless @ticket_store.kind_of? CASClient::Tickets::Storage::AbstractTicketStore
  
  @log = CASClient::LoggerWrapper.new
  @log.set_real_logger(conf[:logger]) if conf[:logger]
  @ticket_store.log = @log
  @conf_options = conf
end

#login_to_service(credentials, service) ⇒ Object

Requests a login using the given credentials for the given service; returns a LoginResponse object.

# File 'lib/casclient/client.rb', line 156

def login_to_service(credentials, service)
  lt = request_login_ticket
  
  data = credentials.merge(
    :lt => lt,
    :service => service 
  )
  
  res = submit_data_to_cas(login_url, data)
  response = CASClient::LoginResponse.new(res)

  if response.is_success?
    log.info("Login was successful for ticket: #{response.ticket.inspect}.")
  end

  return response
end

#request_login_ticket ⇒ Object

Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.

This only works with RubyCAS-Server, since obtaining login tickets in this manner is not part of the official CAS spec.

Raises:

• (CASException)

# File 'lib/casclient/client.rb', line 179

def request_login_ticket
  uri = URI.parse(login_url+'Ticket')
  https = Net::HTTP.new(uri.host, uri.port)
  https.use_ssl = (uri.scheme == 'https')
  https.verify_mode = (@force_ssl_verification ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE)
  res = https.post(uri.path, ';')
  
  raise CASException, res.body unless res.kind_of? Net::HTTPSuccess
  
  res.body.strip
end

#request_proxy_ticket(pgt, target_service) ⇒ Object

Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.

The pgt required to request a proxy ticket is obtained as part of a ValidationResponse.

# File 'lib/casclient/client.rb', line 197

def request_proxy_ticket(pgt, target_service)
  uri = URI.parse(proxy_url)
  h = uri.query ? query_to_hash(uri.query) : {}
  h['pgt'] = pgt.ticket
  h['targetService'] = target_service
  uri.query = hash_to_query(h)
  
  response = request_cas_response(uri, ProxyResponse)
  
  pt = ProxyTicket.new(response.proxy_ticket, target_service)
  pt.success = response.is_success?
  pt.failure_code = response.failure_code
  pt.failure_message = response.failure_message
  
  return pt
end

#retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object

Raises:

• (CASException)

# File 'lib/casclient/client.rb', line 214

def retrieve_proxy_granting_ticket(pgt_iou)
  pgt = @ticket_store.retrieve_pgt(pgt_iou)

  raise CASException, "Couldn't find pgt for pgt_iou #{pgt_iou}" unless pgt

  ProxyGrantingTicket.new(pgt, pgt_iou)
end

#validate_service_ticket(st) ⇒ Object Also known as: validate_proxy_ticket

# File 'lib/casclient/client.rb', line 108

def validate_service_ticket(st)
  uri = URI.parse(validate_url)
  h = uri.query ? query_to_hash(uri.query) : {}
  h['service'] = st.service
  h['ticket'] = st.ticket
  h['renew'] = "1" if st.renew
  h['pgtUrl'] = proxy_callback_url if proxy_callback_url
  uri.query = hash_to_query(h)
  
  response = request_cas_response(uri, ValidationResponse)
  st.user = response.user
  st.extra_attributes = response.extra_attributes
  st.pgt_iou = response.pgt_iou
  st.success = response.is_success?
  st.failure_code = response.failure_code
  st.failure_message = response.failure_message
  
  return st
end