Class: Aker::Cas::ServiceMode

Inherits:

Modes::Base

• Object
• Warden::Strategies::Base
• Modes::Base
• Aker::Cas::ServiceMode

Includes:

ConfigurationHelper, ServiceUrl, Modes::Support::AttemptedPath, Rack::Utils

Defined in:

lib/aker/cas/service_mode.rb

Overview

An interactive mode that provides CAS authentication conformant to CAS 2.

This mode does not handle non-interactive CAS proxying. See ProxyMode for that.

See Also:

• CAS 2 protocol specification

Class Method Summary

• .append_middleware(builder) ⇒ Object

  Appends the logout responder and the ticket remover to the Rack middleware stack.

• .key ⇒ Symbol

  A key that refers to this mode; used for configuration convenience.

Instance Method Summary

• #credentials ⇒ Array<String>^?

  Extracts the service ticket from the request parameters.

• #kind ⇒ Symbol

  The type of credentials supplied by this mode.

• #on_ui_failure ⇒ Rack::Response

  Builds a Rack response that redirects to a CAS server’s login page.

• #valid? ⇒ Boolean

  Returns true if a service ticket is present in the query string, false otherwise.

Methods included from ServiceUrl

#service_url, service_url

Methods included from Modes::Support::AttemptedPath

#attempted_path

Methods included from ConfigurationHelper

#cas_login_url, #cas_logout_url, #cas_url, #proxy_callback_url, #proxy_retrieval_url

Methods inherited from Modes::Base

#authenticate!, #authority, #configuration, #interactive?, #store?

Methods included from Rack::EnvironmentHelper

#authority, #configuration, #interactive?

Class Method Details

.append_middleware(builder) ⇒ Object

Appends the logout responder and the ticket remover to the Rack middleware stack.

# File 'lib/aker/cas/service_mode.rb', line 34

def self.append_middleware(builder)
  builder.use(Middleware::LogoutResponder)
  builder.use(Middleware::TicketRemover)
end

.key ⇒ Symbol

A key that refers to this mode; used for configuration convenience.

Returns:

• (Symbol)

# File 'lib/aker/cas/service_mode.rb', line 26

def self.key
  :cas
end

Instance Method Details

#credentials ⇒ Array<String>^?

Extracts the service ticket from the request parameters.

The service ticket is assumed to be a parameter named ticket in either GET or POST data.

Returns:

• (Array<String>, nil) —

  a two-item array containing the service ticket and the service URL to which the ticket (it is asserted) applies

# File 'lib/aker/cas/service_mode.rb', line 56

def credentials
  if request['ticket']
    [request['ticket'], service_url]
  end
end

#kind ⇒ Symbol

The type of credentials supplied by this mode.

Returns:

• (Symbol)

# File 'lib/aker/cas/service_mode.rb', line 43

def kind
  self.class.key
end

#on_ui_failure ⇒ Rack::Response

Builds a Rack response that redirects to a CAS server’s login page.

The constructed response uses the URL of the resource for which authentication failed as the CAS service URL.

Returns:

• (Rack::Response)

See Also:

• Section 2.2.1 of the CAS 2 protocol

# File 'lib/aker/cas/service_mode.rb', line 79

def on_ui_failure
  ::Rack::Response.new do |resp|
    login_uri = URI.parse(cas_login_url)
    login_uri.query = "service=#{escape(service_url)}"
    resp.redirect(login_uri.to_s)
  end
end

#valid? ⇒ Boolean

Returns true if a service ticket is present in the query string, false otherwise.

Returns:

• (Boolean)

# File 'lib/aker/cas/service_mode.rb', line 65

def valid?
  credentials
end