Class: Aker::Cas::Authority

Inherits:

Object

• Object
• Aker::Cas::Authority

Includes:

ConfigurationHelper, Castanet::Client

Defined in:

lib/aker/cas/authority.rb

Overview

An authority which verifies CAS tickets with an actual CAS server.

See Also:

• UserExt

Instance Attribute Summary

• #configuration ⇒ Object readonly

  Returns the value of attribute configuration.

Instance Method Summary

• #initialize(configuration) ⇒ Authority constructor

  Creates a new instance of this authority.

• #valid_credentials?(kind, *credentials) ⇒ Aker::User, ...

  Verifies the given credentials with the CAS server.

Methods included from ConfigurationHelper

#cas_login_url, #cas_logout_url, #cas_url, #proxy_callback_url, #proxy_retrieval_url

Constructor Details

#initialize(configuration) ⇒ Authority

Creates a new instance of this authority. It reads parameters from the ‘:cas` parameters section of the given configuration. See ConfigurationHelper for information about the meanings of these parameters.

# File 'lib/aker/cas/authority.rb', line 21

def initialize(configuration)
  @configuration = configuration

  unless cas_url
    raise ":base_url parameter is required for CAS"
  end
end

Instance Attribute Details

#configuration ⇒ Object (readonly)

Returns the value of attribute configuration.

# File 'lib/aker/cas/authority.rb', line 14

def configuration
  @configuration
end

Instance Method Details

#valid_credentials?(kind, *credentials) ⇒ Aker::User, ...

Verifies the given credentials with the CAS server. The ‘:cas` and `:cas_proxy` kinds are supported. Both kinds require two credentials in the following order:

• The ticket (either a service ticket or proxy ticket)

• The service URL associated with the ticket

The returned user will be extended with CasUser.

If CAS proxying is enabled, then this method also retrieves the proxy-granting ticket for the user.

Returns:

• (Aker::User, :unsupported, nil) —

  a user if the credentials are valid, ‘:unsupported` if the kind is anything but `:cas` or `:cas_proxy`, and nil otherwise

See Also:

• CAS 2 protocol specification, section 2.5.4

# File 'lib/aker/cas/authority.rb', line 47

def valid_credentials?(kind, *credentials)
  return :unsupported unless [:cas, :cas_proxy].include?(kind)

  ticket = ticket_for(kind, *credentials)
  ticket.present!

  return nil unless ticket.ok?

  Aker::User.new(ticket.username).tap do |u|
    u.extend Aker::Cas::UserExt

    u.cas_url = cas_url
    u.proxy_callback_url = proxy_callback_url
    u.proxy_retrieval_url = proxy_retrieval_url

    if ticket.pgt_iou
      ticket.retrieve_pgt!

      u.pgt = ticket.pgt
    end
  end
end