[Jifty-commit] r4538 - in jifty/trunk: .
lib/Jifty/Plugin/Authentication lib/Jifty/Plugin/Authentication/CAS
lib/Jifty/Plugin/Authentication/CAS/Action
lib/Jifty/Plugin/Authentication/CAS/Mixin/Model
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Mon Nov 26 11:41:34 EST 2007
Author: yves
Date: Mon Nov 26 11:41:32 2007
New Revision: 4538
Added:
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogin.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogout.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Mixin/
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Mixin/Model/
jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Mixin/Model/User.pm
Modified:
jifty/trunk/Makefile.PL
Log:
add Jasig CAS plugin with mixin model user
Modified: jifty/trunk/Makefile.PL
==============================================================================
--- jifty/trunk/Makefile.PL (original)
+++ jifty/trunk/Makefile.PL Mon Nov 26 11:41:32 2007
@@ -180,6 +180,10 @@
'Ldap Plugin' => [
-default => 0,
recommends('Net::LDAP')
+ ],
+ 'CAS Plugin' => [
+ -default => 0,
+ recommends('Authen::CAS::Client')
]
);
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/CAS.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/CAS.pm Mon Nov 26 11:41:32 2007
@@ -0,0 +1,82 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::CAS;
+use base qw/Jifty::Plugin/;
+use Authen::CAS::Client;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::CAS
+
+=head1 DESCRIPTION
+
+This may be combined with the L<Jifty::Plugin::User> plugin to provide user authentication using JA-SIG CAS protocol to your application.
+
+https is managed with Crypt::SSLeay
+
+=head1 CONFIG
+
+ in etc/config.yml
+
+ Plugins:
+ - Authentication::CAS:
+ CASUrl: https://auth.univ-metz.fr/cas
+ CASDomain: univ-metz.fr # optional: create email if login at domain is valid
+
+
+=head1 METHODS
+
+=head2 prereq_plugins
+
+This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+
+=cut
+
+
+sub prereq_plugins {
+ return ('User');
+}
+
+
+my ($CAS,$domain);
+
+=head2 init
+
+load config
+
+=cut
+
+sub init {
+ my $self = shift;
+ my %args = @_;
+
+ $CAS = Authen::CAS::Client->new ( $args{'CASUrl'} );
+ $domain = $args{'CASDomain'} || "" ;
+};
+
+
+sub CAS {
+ return $CAS;
+};
+
+sub domain {
+ return $domain;
+};
+
+=head1 TODO
+
+add a ldap config to get more attributes
+
+=head1 SEE ALSO
+
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Authen::CAS::Client>
+
+=head1 LICENSE
+
+Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is distributed under the same terms as Perl itself.
+
+=cut
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogin.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogin.pm Mon Nov 26 11:41:32 2007
@@ -0,0 +1,145 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::CAS::Action::CASLogin
+
+=cut
+
+package Jifty::Plugin::Authentication::CAS::Action::CASLogin;
+use base qw/Jifty::Action/;
+
+
+=head2 arguments
+
+Return the ticket form field
+
+=cut
+
+sub arguments {
+ return (
+ {
+ ticket => {
+ label => 'cas ticket',
+ ajax_validates => 1,
+ },
+
+ }
+ );
+
+}
+
+=head2 validate_ticket ST
+
+for ajax_validates
+Makes sure that the ticket submitted is legal.
+
+
+=cut
+
+sub validate_ticket {
+ my $self = shift;
+ my $ticket = shift;
+
+ if ( $ticket && $ticket !~ /^[A-Za-z0-9-]+$/ ) {
+ return $self->validation_error(
+ ticket => _("That doesn't look like a valid ticket.") );
+ }
+
+
+ return $self->validation_ok('ticket');
+}
+
+
+=head2 take_action
+
+Actually check the user's password. If it's right, log them in.
+Otherwise, throw an error.
+
+
+=cut
+
+sub take_action {
+ my $self = shift;
+ my $ticket = $self->argument_value('ticket');
+
+ my ($plugin) = Jifty->find_plugin('Jifty::Plugin::Authentication::CAS');
+
+# my $service_url = ($ENV{SERVER_PORT} == 443)?'https://':'http://'.
+# $ENV{HTTP_HOST}.'/caslogin';
+
+ my $service_url = Jifty->web->url.'/caslogin';
+
+ if (! $ticket) {
+ my $login_url = $plugin->CAS->login_url( $service_url );
+ Jifty->web->_redirect($login_url);
+ return 1;
+ }
+
+ my $r = $plugin->CAS->service_validate($service_url,$ticket);
+ my $username;
+ if ($r->is_success) {
+ $username = $r->user();
+ }
+ else {
+ Jifty->log->info("CAS error: $ticket $username");
+ return;
+ };
+
+ # Load up the user
+ my $current_user = Jifty->app_class('CurrentUser');
+ my $user = $current_user->new( cas_id => $username );
+
+ # Autocreate the user if necessary
+ if ( not $user->id ) {
+ my $action = Jifty->web->new_action(
+ class => 'CreateUser',
+ current_user => $current_user->superuser,
+ arguments => {
+ cas_id => $username
+ }
+ );
+ $action->run;
+
+ if ( not $action->result->success ) {
+ # Should this be less "friendly"?
+ $self->result->error(_("Sorry, something weird happened (we couldn't create a user for you). Try again later."));
+ return;
+ }
+
+ $user = $current_user->new( cas_id => $username );
+ }
+
+ my $u = $user->user_object;
+
+ my ($name,$email);
+ #TODO add a ldap conf to find name and email
+ $email = $username.'@'.$plugin->domain() if ($plugin->domain());
+ $u->__set( column => 'name', value => $username ) if (!$u->name);
+
+ # Update, just in case
+ $u->__set( column => 'name', value => $name ) if ($name);
+ $u->__set( column => 'email', value => $email ) if ($email);
+
+ # Actually do the signin thing.
+ Jifty->web->current_user( $user );
+ Jifty->web->session->set_cookie;
+
+ # Success!
+ $self->report_success;
+
+ return 1;
+};
+
+=head2 report_success
+
+=cut
+
+sub report_success {
+ my $self = shift;
+ $self->result->message(_("Hi %1!", Jifty->web->current_user->user_object->name ));
+};
+
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogout.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Action/CASLogout.pm Mon Nov 26 11:41:32 2007
@@ -0,0 +1,35 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::CAS::Action::CASLogout
+
+=cut
+
+package Jifty::Plugin::Authentication::CAS::Action::CASLogout;
+use base qw/Jifty::Action/;
+
+=head2 arguments
+
+Return the email and password form fields
+
+=cut
+
+sub arguments {
+ return ( {} );
+}
+
+=head2 take_action
+
+Nuke the current user object
+
+=cut
+
+sub take_action {
+ my $self = shift;
+ Jifty->web->current_user(undef);
+ return 1;
+}
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Dispatcher.pm Mon Nov 26 11:41:32 2007
@@ -0,0 +1,56 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::CAS::Dispatcher;
+use Jifty::Dispatcher -base;
+
+# Put any plugin-specific dispatcher rules here.
+
+before '/caslogin' => run {
+ if (get('ticket')) {
+ # verify ticket
+ set 'action' =>
+ Jifty->web->new_action(
+ class => 'CASLogin',
+ moniker => 'casloginbox',
+ arguments => { ticket => get('ticket') },
+ );
+
+
+ };
+
+ set 'next' => Jifty->web->request->continuation
+ || Jifty::Continuation->new(
+ request => Jifty::Request->new( path => "/" ) );
+
+};
+
+
+on '/caslogin' => run {
+
+ Jifty->web->new_action(
+ moniker => 'casloginbox',
+ class => 'CASLogin',
+ arguments => { ticket => get('ticket') }
+ )->run;
+
+ if(Jifty->web->request->continuation) {
+ Jifty->web->request->continuation->call;
+ } else {
+ redirect '/';
+ }
+};
+
+# Log out
+before '/caslogout' => run {
+ Jifty->web->request->add_action(
+ class => 'CASLogout',
+ moniker => 'caslogout',
+ );
+};
+
+on '/caslogout' => run {
+ redirect '/';
+};
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Mixin/Model/User.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/CAS/Mixin/Model/User.pm Mon Nov 26 11:41:32 2007
@@ -0,0 +1,35 @@
+package Jifty::Plugin::Authentication::CAS::Mixin::Model::User;
+use strict;
+use warnings;
+use Jifty::DBI::Schema;
+use base 'Jifty::DBI::Record::Plugin';
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::CAS::Mixin::Model::User;
+
+=head1 DESCRIPTION
+
+L<Jifty::Plugin::Authentication::CAS> mixin for the User model. Provides an 'cas_id' column.
+
+=cut
+
+our @EXPORT = qw(has_alternative_auth);
+
+use Jifty::Plugin::Authentication::CAS::Record schema {
+
+column cas_id =>
+ type is 'text',
+ label is 'CAS ID',
+ is distinct,
+ is immutable;
+
+};
+
+=head2 has_alternative_auth
+
+=cut
+
+sub has_alternative_auth { 1 }
+
+1;
More information about the Jifty-commit
mailing list