Class: CASClient::Client

Inherits:

Object

• Object
• CASClient::Client

Defined in:

lib/casclient/client.rb

Overview

The client brokers all HTTP transactions with the CAS server.

Direct Known Subclasses

RestClient

Instance Attribute Summary

• #cas_base_url ⇒ Object readonly

  Returns the value of attribute cas_base_url.

• #extra_attributes_session_key ⇒ Object readonly

  Returns the value of attribute extra_attributes_session_key.

• #log ⇒ Object readonly

  Returns the value of attribute log.

• #login_url ⇒ Object
• #logout_url(l_service_url = nil, back_url = nil) ⇒ Object

  Returns the CAS server’s logout url.

• #proxy_callback_url ⇒ Object

  Returns the value of attribute proxy_callback_url.

• #proxy_retrieval_url ⇒ Object

  Returns the value of attribute proxy_retrieval_url.

• #proxy_url ⇒ Object
• #service_url ⇒ Object

  Returns the value of attribute service_url.

• #ssl_ca_file_path ⇒ Object readonly

  Returns the value of attribute ssl_ca_file_path.

• #ssl_cert_path ⇒ Object readonly

  Returns the value of attribute ssl_cert_path.

• #ssl_key_path ⇒ Object readonly

  Returns the value of attribute ssl_key_path.

• #username_session_key ⇒ Object readonly

  Returns the value of attribute username_session_key.

• #validate_url ⇒ Object
• #verify_ssl_certificate ⇒ Object readonly

  Returns the value of attribute verify_ssl_certificate.

Instance Method Summary

• #add_service_to_login_url(service_url) ⇒ Object
• #configure(conf) ⇒ Object
• #http_connection(uri) ⇒ Object
• #initialize(conf = nil) ⇒ Client constructor

  A new instance of Client.

• #load_ticket_url(ticket_id, l_service_url = nil, back_url = nil) ⇒ Object

  calls the loadTicket service of cas server to load a TGT (retrived by Rest for example) into the browser cookie.

• #login_to_service(credentials, service) ⇒ Object

  Requests a login using the given credentials for the given service; returns a LoginResponse object.

• #request_login_ticket ⇒ Object

  Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.

• #request_proxy_ticket(pgt, target_service) ⇒ Object

  Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.

• #retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object
• #validate_service_ticket(st) ⇒ Object (also: #validate_proxy_ticket)

Constructor Details

#initialize(conf = nil) ⇒ Client

# File 'lib/casclient/client.rb', line 9

def initialize(conf = nil)
  configure(conf) if conf
end

Instance Attribute Details

#cas_base_url ⇒ Object (readonly)

Returns the value of attribute cas_base_url.

# File 'lib/casclient/client.rb', line 4

def cas_base_url
  @cas_base_url
end

#extra_attributes_session_key ⇒ Object (readonly)

Returns the value of attribute extra_attributes_session_key.

# File 'lib/casclient/client.rb', line 4

def extra_attributes_session_key
  @extra_attributes_session_key
end

#log ⇒ Object (readonly)

Returns the value of attribute log.

# File 'lib/casclient/client.rb', line 4

def log
  @log
end

#login_url ⇒ Object

# File 'lib/casclient/client.rb', line 36

def login_url
  @login_url || (cas_base_url + "/login")
end

#logout_url(l_service_url = nil, back_url = nil) ⇒ Object

Returns the CAS server’s logout url.

If a logout_url has not been explicitly configured, the default is cas_base_url + “/logout”.

service_url

Set this if you want the user to be able to immediately log back in. Generally you’ll want to use something like request.referer. Note that this only works with RubyCAS-Server.

back_url

This satisfies section 2.3.1 of the CAS protocol spec. See www.ja-sig.org/products/cas/overview/protocol

# File 'lib/casclient/client.rb', line 76

def logout_url(l_service_url = nil, back_url = nil)
  url = @logout_url || (cas_base_url + "/logout")
  l_service_url ||= self.service_url
  if l_service_url || back_url
    uri = URI.parse(url)
    h = uri.query ? query_to_hash(uri.query) : {}
    h['service'] = l_service_url if l_service_url
    h['url'] = back_url if back_url
    uri.query = hash_to_query(h)
    uri.to_s
  else
    url
  end
end

#proxy_callback_url ⇒ Object

Returns the value of attribute proxy_callback_url.

# File 'lib/casclient/client.rb', line 7

def proxy_callback_url
  @proxy_callback_url
end

#proxy_retrieval_url ⇒ Object

Returns the value of attribute proxy_retrieval_url.

# File 'lib/casclient/client.rb', line 7

def proxy_retrieval_url
  @proxy_retrieval_url
end

#proxy_url ⇒ Object

# File 'lib/casclient/client.rb', line 91

def proxy_url
  @proxy_url || (cas_base_url + "/proxy")
end

#service_url ⇒ Object

Returns the value of attribute service_url.

# File 'lib/casclient/client.rb', line 4

def service_url
  @service_url
end

#ssl_ca_file_path ⇒ Object (readonly)

Returns the value of attribute ssl_ca_file_path.

# File 'lib/casclient/client.rb', line 5

def ssl_ca_file_path
  @ssl_ca_file_path
end

#ssl_cert_path ⇒ Object (readonly)

Returns the value of attribute ssl_cert_path.

# File 'lib/casclient/client.rb', line 5

def ssl_cert_path
  @ssl_cert_path
end

#ssl_key_path ⇒ Object (readonly)

Returns the value of attribute ssl_key_path.

# File 'lib/casclient/client.rb', line 5

def ssl_key_path
  @ssl_key_path
end

#username_session_key ⇒ Object (readonly)

Returns the value of attribute username_session_key.

# File 'lib/casclient/client.rb', line 4

def username_session_key
  @username_session_key
end

#validate_url ⇒ Object

# File 'lib/casclient/client.rb', line 40

def validate_url
  @validate_url || (cas_base_url + "/proxyValidate")
end

#verify_ssl_certificate ⇒ Object (readonly)

Returns the value of attribute verify_ssl_certificate.

# File 'lib/casclient/client.rb', line 5

def verify_ssl_certificate
  @verify_ssl_certificate
end

Instance Method Details

#add_service_to_login_url(service_url) ⇒ Object

# File 'lib/casclient/client.rb', line 210

def add_service_to_login_url(service_url)
  uri = URI.parse(login_url)
  uri.query = (uri.query ? uri.query + "&" : "") + "service=#{CGI.escape(service_url)}"
  uri.to_s
end

#configure(conf) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/casclient/client.rb', line 13

def configure(conf)
  raise ArgumentError, "Missing :cas_base_url parameter!" unless conf[:cas_base_url]
  
  @cas_base_url      = conf[:cas_base_url].gsub(/\/$/, '')       
  
  @login_url    = conf[:login_url]
  @logout_url   = conf[:logout_url]
  @validate_url = conf[:validate_url]
  @proxy_url    = conf[:proxy_url]
  @service_url  = conf[:service_url]
  @proxy_callback_url  = conf[:proxy_callback_url]
  @proxy_retrieval_url = conf[:proxy_retrieval_url]
  @load_ticket_url = conf[:load_ticket_url]
  @verify_ssl_certificate = conf[:verify_ssl_certificate].nil? ? true : conf[:verify_ssl_certificate]
  @username_session_key         = conf[:username_session_key] || :cas_user
  @extra_attributes_session_key = conf[:extra_attributes_session_key] || :cas_extra_attributes
  @ssl_cert_path = conf[:ssl_cert_path]
  @ssl_key_path = conf[:ssl_key_path]
  @ssl_ca_file_path = conf[:ssl_ca_file_path]
  @log = CASClient::LoggerWrapper.new
  @log.set_real_logger(conf[:logger]) if conf[:logger]
end

#http_connection(uri) ⇒ Object

# File 'lib/casclient/client.rb', line 124

def http_connection(uri)
  https = Net::HTTP.new(uri.host, uri.port)
  https.use_ssl = (uri.scheme == 'https')
  https.enable_post_connection_check = true if defined?(http.enable_post_connection_check)
  store = OpenSSL::X509::Store.new
  store.set_default_paths
  https.cert_store = store
  
  # if your setup doesn't have the cacerts in the default place, you can pass a path to cacert.pem, which you can get at http://curl.haxx.se/ca/cacert.pem
  https.ca_file = ssl_ca_file_path unless ssl_ca_file_path.blank?
  unless ssl_cert_path.blank?
    https.cert = OpenSSL::X509::Certificate.new(File.read(ssl_cert_path))
  end
  unless ssl_key_path.blank?
    begin
      https.key = OpenSSL::PKey::DSA.new(File.read(ssl_key_path))
    rescue OpenSSL::PKey::DSAError
      https.key = OpenSSL::PKey::RSA.new(File.read(ssl_key_path))
    end
  end
  
  if verify_ssl_certificate
    log.debug "casclient will verify_ssl_certificate"
    https.verify_mode = OpenSSL::SSL::VERIFY_PEER
  else
    log.debug "casclient will NOT verify_ssl_certificate"
    https.verify_mode = OpenSSL::SSL::VERIFY_NONE
  end
  https
end

#load_ticket_url(ticket_id, l_service_url = nil, back_url = nil) ⇒ Object

calls the loadTicket service of cas server to load a TGT (retrived by Rest for example) into the browser cookie. This allows an implementation of autologin on signup:

1. create user
2. cas_client.get_ticket_granting_ticket_resource(...credentials...)
3. redirect to redirect_to load_ticket_url, passing service if you don't
    have one set globally, and passing the ticket from get_ticket_granting_ticket_resource

# File 'lib/casclient/client.rb', line 52

def load_ticket_url(ticket_id, l_service_url = nil, back_url = nil)
  url = @load_ticket_url || (cas_base_url + "/loadTicket")
  l_service_url ||= self.service_url
  uri = URI.parse(url)
  h = uri.query ? query_to_hash(uri.query) : {}
  h['tgt'] = ticket_id.to_s
  h['service'] = l_service_url.to_s if l_service_url
  h['url'] = back_url.to_s if back_url
  uri.query = hash_to_query(h)
  uri.to_s
end

#login_to_service(credentials, service) ⇒ Object

Requests a login using the given credentials for the given service; returns a LoginResponse object.

# File 'lib/casclient/client.rb', line 112

def login_to_service(credentials, service)
  lt = request_login_ticket
  
  data = credentials.merge(
    :lt => lt,
    :service => service 
  )
  
  res = submit_data_to_cas(login_url, data)
  CASClient::LoginResponse.new(res)
end

#request_login_ticket ⇒ Object

Requests a login ticket from the CAS server for use in a login request; returns a LoginTicket object.

This only works with RubyCAS-Server, since obtaining login tickets in this manner is not part of the official CAS spec.

Raises:

• (CASException)

# File 'lib/casclient/client.rb', line 160

def request_login_ticket
  uri = URI.parse(login_url+'Ticket')
  https = http_connection(uri)
  res = https.post(uri.path, ';')
  
  raise CASException, res.body unless res.kind_of? Net::HTTPSuccess
  
  res.body.strip
end

#request_proxy_ticket(pgt, target_service) ⇒ Object

Requests a proxy ticket from the CAS server for the given service using the given pgt (proxy granting ticket); returns a ProxyTicket object.

The pgt required to request a proxy ticket is obtained as part of a ValidationResponse.

# File 'lib/casclient/client.rb', line 176

def request_proxy_ticket(pgt, target_service)
  uri = URI.parse(proxy_url)
  h = uri.query ? query_to_hash(uri.query) : {}
  h['pgt'] = pgt.ticket
  h['targetService'] = target_service
  uri.query = hash_to_query(h)
  
  pr = request_cas_response(uri, ProxyResponse)
  
  pt = ProxyTicket.new(pr.proxy_ticket, target_service)
  pt.response = pr
  
  return pt
end

#retrieve_proxy_granting_ticket(pgt_iou) ⇒ Object

Raises:

• (CASException)

# File 'lib/casclient/client.rb', line 191

def retrieve_proxy_granting_ticket(pgt_iou)
  uri = URI.parse(proxy_retrieval_url)
  uri.query = (uri.query ? uri.query + "&" : "") + "pgtIou=#{CGI.escape(pgt_iou)}"
  retrieve_url = uri.to_s
  
  log.debug "Retrieving PGT for PGT IOU #{pgt_iou.inspect} from #{retrieve_url.inspect}"
  
  uri = URI.parse(uri) unless uri.kind_of? URI
  https = http_connection(uri)
  res = https.start do |conn|
    conn.get("#{uri.path}?#{uri.query}")
  end
  
  
  raise CASException, res.body unless res.kind_of? Net::HTTPSuccess
  
  ProxyGrantingTicket.new(res.body.strip, pgt_iou)
end

#validate_service_ticket(st) ⇒ Object Also known as: validate_proxy_ticket

# File 'lib/casclient/client.rb', line 95

def validate_service_ticket(st)
  uri = URI.parse(validate_url)
  h = uri.query ? query_to_hash(uri.query) : {}
  h['service'] = st.service
  h['ticket'] = st.ticket
  h['renew'] = 1 if st.renew
  h['pgtUrl'] = proxy_callback_url if proxy_callback_url
  uri.query = hash_to_query(h)
  
  st.response = request_cas_response(uri, ValidationResponse)
  
  return st
end