Class: Aker::Cas::Middleware::TicketRemover

Inherits:

Object

Object
Aker::Cas::Middleware::TicketRemover

show all

Defined in:: lib/aker/cas/middleware/ticket_remover.rb

Overview

Middleware which issues a redirect immediately after CAS authentication succeeds so that users never see a URL with the ticket in it. This prevents them from, e.g., bookmarking a URL with a ticket in it, keeping things cleaner and preventing requests to the CAS server for tickets which are definitely expired.

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ TicketRemover constructor

A new instance of TicketRemover.

Constructor Details

#initialize(app) ⇒ `TicketRemover`

Returns a new instance of TicketRemover.



12
13
14

# File 'lib/aker/cas/middleware/ticket_remover.rb', line 12

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/aker/cas/middleware/ticket_remover.rb', line 16

def call(env)
  if authenticated?(env) && ticket_present?(env)
    url = Aker::Cas::ServiceUrl.service_url(Rack::Request.new(env))
    [301, { 'Location' => url }, ["Removing authenticated CAS ticket"] ]
  else
    @app.call(env)
  end
end