Class: OmniAuth::Strategies::CAS

Inherits:

Object

• Object
• OmniAuth::Strategies::CAS

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/cas.rb,
lib/omniauth/strategies/cas/logout_request.rb,
lib/omniauth/strategies/cas/service_ticket_validator.rb

Defined Under Namespace

Classes: InvalidCASTicket, LogoutRequest, MissingCASTicket, ServiceTicketValidator

Constant Summary

AuthHashSchemaKeys =

As required by github.com/intridea/omniauth/wiki/Auth-Hash-Schema

%w{name email nickname first_name last_name location image phone}

Instance Attribute Summary

• #raw_info ⇒ Object (also: #user_info)

  Returns the value of attribute raw_info.

Instance Method Summary

• #append_params(base, params) ⇒ String

  Adds URL-escaped parameters to base.

• #callback_phase ⇒ Object
• #cas_url ⇒ Object

  Build a CAS host with protocol and port.

• #extract_url ⇒ Object
• #login_url(service) ⇒ String

  Build a CAS login URL from service.

• #on_sso_path? ⇒ Boolean
• #request_phase ⇒ Object
• #service_validate_url(service_url, ticket) ⇒ String

  Build a service-validation URL from service and ticket.

• #single_sign_out_phase ⇒ Object
• #validate_cas_setup ⇒ Object
• #validate_service_ticket(ticket) ⇒ Object

  Validate the Service Ticket.

Instance Attribute Details

#raw_info ⇒ Object Also known as: user_info

Returns the value of attribute raw_info.

# File 'lib/omniauth/strategies/cas.rb', line 16

def raw_info
  @raw_info
end

Instance Method Details

#append_params(base, params) ⇒ String

Adds URL-escaped parameters to base.

Parameters:

• base (String) —

  the base URL

• params (String) —

  the parameters to append to the URL

Returns:

• (String) —

  the new joined URL.

# File 'lib/omniauth/strategies/cas.rb', line 182

def append_params(base, params)
  params = params.each { |k,v| v = Rack::Utils.escape(v) }
  Addressable::URI.parse(base).tap do |base_uri|
    base_uri.query_values = (base_uri.query_values || {}).merge(params)
  end.to_s
end

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/cas.rb', line 80

def callback_phase
  if on_sso_path?
    single_sign_out_phase
  else
    @ticket = request.params['casticket']
    return fail!(:no_ticket, MissingCASTicket.new('No CAS Ticket')) unless @ticket
    fetch_raw_info(@ticket)
    return fail!(:invalid_ticket, InvalidCASTicket.new('Invalid CAS Ticket')) if raw_info.nil? or raw_info.empty?
    super
  end
end

#cas_url ⇒ Object

Build a CAS host with protocol and port

# File 'lib/omniauth/strategies/cas.rb', line 116

def cas_url
  extract_url if options['url']
  validate_cas_setup
  @cas_url ||= begin
    uri = Addressable::URI.new
    uri.host = options.host
    uri.scheme = options.ssl ? 'https' : 'http'
    uri.port = options.port
    uri.path = options.path
    uri.to_s
  end
end

#extract_url ⇒ Object

# File 'lib/omniauth/strategies/cas.rb', line 129

def extract_url
  url = Addressable::URI.parse(options.delete('url'))
  options.merge!(
    'host' => url.host,
    'port' => url.port,
    'path' => url.path,
    'ssl' => url.scheme == 'https'
  )
end

#login_url(service) ⇒ String

Build a CAS login URL from service.

Parameters:

• service (String) —

  the service (a.k.a. return-to) URL

Returns:

• (String) —

  a URL like ‘cas.mycompany.com/login?service=…`

# File 'lib/omniauth/strategies/cas.rb', line 172

def login_url(service)
  cas_url + append_params(options.login_url, { casurl: service, cassvc: options.cassvc })
end

#on_sso_path? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/cas.rb', line 105

def on_sso_path?
  request.post? && request.params.has_key?('logoutRequest')
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/cas.rb', line 92

def request_phase
  service_url = append_params(callback_url, return_url)

  [
    302,
    {
      'Location' => login_url(service_url),
      'Content-Type' => 'text/plain'
    },
    ["You are being redirected to CAS for sign-in."]
  ]
end

#service_validate_url(service_url, ticket) ⇒ String

Build a service-validation URL from service and ticket. If service has a ticket param, first remove it. URL-encode service and add it and the ticket as paraemters to the CAS serviceValidate URL.

Parameters:

• service (String) —

  the service (a.k.a. return-to) URL

• ticket (String) —

  the ticket to validate

Returns:

• (String) —

  a URL like ‘cas.mycompany.com/serviceValidate?casurl=…&casticket=…`

# File 'lib/omniauth/strategies/cas.rb', line 154

def service_validate_url(service_url, ticket)
  service_url = Addressable::URI.parse(service_url)
  service_url.query_values = service_url.query_values.tap { |qs|
    qs.delete('casticket')
    qs.delete('cassvc')
  }
  cas_url + append_params(options.service_validate_url, {
    casurl: service_url.to_s,
    casticket: ticket,
    cassvc: options.cassvc
  })
end

#single_sign_out_phase ⇒ Object

# File 'lib/omniauth/strategies/cas.rb', line 109

def single_sign_out_phase
  logout_request_service.new(self, request).call(options)
end

#validate_cas_setup ⇒ Object

# File 'lib/omniauth/strategies/cas.rb', line 139

def validate_cas_setup
  if options.host.nil? || options.login_url.nil?
    raise ArgumentError.new(":host and :login_url MUST be provided")
  end
end

#validate_service_ticket(ticket) ⇒ Object

Validate the Service Ticket

Returns:

• (Object) —

  the validated Service Ticket

# File 'lib/omniauth/strategies/cas.rb', line 191

def validate_service_ticket(ticket)
  ServiceTicketValidator.new(self, options, callback_url, ticket).call
end