This repository has been archived by the owner on Feb 6, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
144 changed files
with
2,601 additions
and
3,854 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,14 @@ | ||
language: ruby | ||
rvm: | ||
- 1.9.3 | ||
- 2.0.0 | ||
- 2.1.0 | ||
- 1.9.3 | ||
- 2.0.0 | ||
- 2.1.0 | ||
notifications: | ||
hipchat: | ||
rooms: | ||
secure: kXPfZwOtdwJM0NIOj2td/NoPOhzxWVlUfHQuke2N4fuoKDQ+nhz5ZV4btW5J+O5C5aC6qyBBFdm+FzA/8m1WiLMGX0DIE1X67zZts/udMwtIDRNoHV594hd2co4oA72QMUT5kdre7IvTpSnnJwkp/d3V0kB7DOHuEbDJsjipx8I= | ||
template: | ||
- '%{repository} <a href="%{build_url}">#%{build_number}</a> (%{branch} - <a href="%{compare_url}">%{commit}</a> : %{author}): %{message}' | ||
format: html | ||
on_failure: always | ||
on_success: change |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
require 'grape' | ||
|
||
class CASino::API < Grape::API | ||
format :json | ||
|
||
mount CASino::API::Resource::AuthTokenTickets | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
require 'grape-entity' | ||
|
||
class CASino::API::Entity::AuthTokenTicket < Grape::Entity | ||
expose :ticket | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
require 'grape' | ||
|
||
class CASino::API::Resource::AuthTokenTickets < Grape::API | ||
resource :auth_token_tickets do | ||
desc 'Create an auth token ticket' | ||
post do | ||
@ticket = CASino::AuthTokenTicket.create | ||
Rails.logger.debug "Created auth token ticket '#{@ticket.ticket}'" | ||
present @ticket, with: CASino::API::Entity::AuthTokenTicket | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
require 'builder' | ||
|
||
class CASino::ProxyResponseBuilder | ||
attr_reader :success, :options | ||
|
||
def initialize(success, options) | ||
@success = success | ||
@options = options | ||
end | ||
|
||
def build | ||
xml = Builder::XmlMarkup.new(indent: 2) | ||
xml.cas :serviceResponse, 'xmlns:cas' => 'http://www.yale.edu/tp/cas' do |service_response| | ||
if success | ||
service_response.cas :proxySuccess do |proxy_success| | ||
proxy_success.cas :proxyTicket, options[:proxy_ticket].ticket | ||
end | ||
else | ||
service_response.cas :proxyFailure, options[:error_message], code: options[:error_code] | ||
end | ||
end | ||
xml.target! | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
class CASino::AuthTokensController < CASino::ApplicationController | ||
include CASino::SessionsHelper | ||
|
||
def login | ||
validation_result = validation_service.validation_result | ||
return redirect_to_login unless validation_result | ||
sign_in(validation_result) | ||
end | ||
|
||
private | ||
def validation_service | ||
@validation_service ||= CASino::AuthTokenValidationService.new(auth_token, auth_token_signature) | ||
end | ||
|
||
def redirect_to_login | ||
redirect_to login_path(service: params[:service]) | ||
end | ||
|
||
def auth_token_signature | ||
@auth_token_signature ||= base64_decode(params[:ats]) | ||
end | ||
|
||
def auth_token | ||
@auth_token ||= base64_decode(params[:at]) | ||
end | ||
|
||
def base64_decode(data) | ||
begin | ||
Base64.strict_decode64(data) | ||
rescue | ||
'' | ||
end | ||
end | ||
end |
30 changes: 30 additions & 0 deletions
30
app/controllers/casino/controller_concern/ticket_validator.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
module CASino::ControllerConcern::TicketValidator | ||
extend ActiveSupport::Concern | ||
include CASino::ServiceTicketProcessor | ||
include CASino::ProxyGrantingTicketProcessor | ||
|
||
def validate_ticket(ticket) | ||
validation_result = validate_ticket_for_service(ticket, params[:service], renew: params[:renew]) | ||
if validation_result.success? | ||
options = { ticket: ticket } | ||
options[:proxy_granting_ticket] = acquire_proxy_granting_ticket(params[:pgtUrl], ticket) unless params[:pgtUrl].nil? | ||
build_ticket_validation_response(true, options) | ||
else | ||
build_ticket_validation_response(false, | ||
error_code: validation_result.error_code, | ||
error_message: validation_result.error_message) | ||
end | ||
end | ||
|
||
def build_ticket_validation_response(success, options = {}) | ||
render xml: CASino::TicketValidationResponseBuilder.new(success, options).build | ||
end | ||
|
||
def ensure_service_ticket_parameters_present | ||
if params[:ticket].nil? || params[:service].nil? | ||
build_ticket_validation_response(false, | ||
error_code: 'INVALID_REQUEST', | ||
error_message: '"ticket" and "service" parameters are both required') | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,49 @@ | ||
class CASino::ProxyTicketsController < CASino::ApplicationController | ||
include CASino::ControllerConcern::TicketValidator | ||
|
||
before_action :load_ticket, only: [:proxy_validate] | ||
before_action :ensure_service_ticket_parameters_present, only: [:proxy_validate] | ||
|
||
before_action :load_proxy_granting_ticket, only: [:create] | ||
before_action :ensure_proxy_parameters_present, only: [:create] | ||
|
||
def proxy_validate | ||
processor(:ProxyTicketValidator, :TicketValidator).process(params) | ||
validate_ticket(@ticket) | ||
end | ||
|
||
def create | ||
processor(:ProxyTicketProvider).process(params) | ||
proxy_ticket = @proxy_granting_ticket.proxy_tickets.create!(service: params[:targetService]) | ||
build_proxy_response(true, proxy_ticket: proxy_ticket) | ||
end | ||
|
||
private | ||
def load_ticket | ||
@ticket = case params[:ticket] | ||
when /\APT-/ | ||
CASino::ProxyTicket.where(ticket: params[:ticket]).first | ||
when /\AST-/ | ||
CASino::ServiceTicket.where(ticket: params[:ticket]).first | ||
end | ||
end | ||
|
||
def build_proxy_response(success, options = {}) | ||
render xml: CASino::ProxyResponseBuilder.new(success, options).build | ||
end | ||
|
||
def ensure_proxy_parameters_present | ||
if params[:pgt].nil? || params[:targetService].nil? | ||
build_proxy_response(false, | ||
error_code: 'INVALID_REQUEST', | ||
error_message: '"pgt" and "targetService" parameters are both required') | ||
end | ||
end | ||
|
||
def load_proxy_granting_ticket | ||
@proxy_granting_ticket = CASino::ProxyGrantingTicket.where(ticket: params[:pgt]).first if params[:pgt].present? | ||
if @proxy_granting_ticket.nil? | ||
build_proxy_response(false, | ||
error_code: 'BAD_PGT', | ||
error_message: 'PGT not found') | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,22 @@ | ||
class CASino::ServiceTicketsController < CASino::ApplicationController | ||
include CASino::ControllerConcern::TicketValidator | ||
|
||
before_action :load_service_ticket | ||
before_action :ensure_service_ticket_parameters_present, only: [:service_validate] | ||
|
||
def validate | ||
processor(:LegacyValidator).process(params) | ||
if ticket_valid_for_service?(@service_ticket, params[:service], renew: params[:renew]) | ||
@username = @service_ticket.ticket_granting_ticket.user.username | ||
end | ||
render :validate, formats: [:text] | ||
end | ||
|
||
def service_validate | ||
processor(:ServiceTicketValidator, :TicketValidator).process(params) | ||
validate_ticket(@service_ticket) | ||
end | ||
|
||
private | ||
def load_service_ticket | ||
@service_ticket = CASino::ServiceTicket.where(ticket: params[:ticket]).first if params[:service].present? | ||
end | ||
end |
Oops, something went wrong.