Class: Aker::Cas::ProxyMode

Inherits:
Modes::Base
  • Object
show all
Includes:
Modes::Support::Rfc2617
Defined in:
lib/aker/cas/proxy_mode.rb

Overview

A non-interactive mode that provides CAS proxy authentication conformant to CAS 2.

This mode does not handle interactive CAS authentication; see Aker::Cas for that.

See Also:

Author:

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from Modes::Support::Rfc2617

#challenge, #realm

Methods inherited from Modes::Base

#authenticate!, #authority, #configuration, #interactive?, #store?

Methods included from Rack::EnvironmentHelper

#authority, #configuration, #interactive?

Class Method Details

+ (Symbol) key

A key that refers to this mode; used for configuration convenience.

Returns:

  • (Symbol)


23
24
25
# File 'lib/aker/cas/proxy_mode.rb', line 23

def self.key
  :cas_proxy
end

Instance Method Details

- (Array<String>) credentials

The supplied proxy ticket and the service URL.

The proxy ticket is received in the HTTP Authorization header, per RFC2616. The scheme must be CasProxy. Example:

Authorization: CasProxy PT-1272928074r13CBB9ACA794867F3E

Returns:

  • (Array<String>)

    the proxy ticket or an empty array

See Also:



45
46
47
48
49
50
51
52
53
54
# File 'lib/aker/cas/proxy_mode.rb', line 45

def credentials
  key = 'HTTP_AUTHORIZATION'
  matches = env[key].match(/CasProxy\s+([SP]T-[0-9A-Za-z\-]+)/) if env.has_key?(key)

  if matches && matches[1]
    [matches[1], service_url]
  else
    []
  end
end

- (Symbol) kind

The type of credentials supplied by this mode.

Returns:

  • (Symbol)


31
32
33
# File 'lib/aker/cas/proxy_mode.rb', line 31

def kind
  self.class.key
end

- (String) scheme

Used to build a WWW-Authenticate header that will be returned to a client failing non-interactive authentication.

Returns:

  • (String)


67
68
69
# File 'lib/aker/cas/proxy_mode.rb', line 67

def scheme
  "CasProxy"
end

- (String) service_url

Builds the service URL for this application.

Colloquially, the service URL is the web server URL plus the application mount point. It does not include anything about the specific resource being requested. For instance, if you had the resource

https://notis.nubic.northwestern.edu/lsdb/patients/105661

which was part of the /lsdb application, the service URL would be

https://notis.nubic.northwestern.edu/lsdb

A little more formally, the URL is url scheme + hostname + script name. The port is also included if it is not the default for the URL scheme.

The service URL never ends with a /, even if the application is mounted at the root.

Returns:

  • (String)

    the service URL derived from the request environment



95
96
97
98
99
100
101
102
103
104
105
# File 'lib/aker/cas/proxy_mode.rb', line 95

def service_url
  url = "#{env['rack.url_scheme']}://"
  if env['HTTP_HOST']
    url << env['HTTP_HOST'] # includes the port
  else
    url << env['SERVER_NAME']
    default_port = { "http" => "80", "https" => "443" }[env['rack.url_scheme']]
    url << ":#{env["SERVER_PORT"]}" unless env["SERVER_PORT"].to_s == default_port
  end
  url << env["SCRIPT_NAME"]
end

- (Boolean) valid?

Returns true if a proxy ticket is present, false otherwise.

Returns:

  • (Boolean)


58
59
60
# File 'lib/aker/cas/proxy_mode.rb', line 58

def valid?
  !credentials.empty?
end