properly insert CAS as another auth method

2025-12-16 23:30:12 +01:00 · 2009-11-22 14:39:39 -08:00 · 2009-11-22 14:39:39 -08:00 · 1621a7bb7d
commit 1621a7bb7d
parent 31b173ae5b
3 changed files with 31 additions and 4 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -30,7 +30,13 @@ class ApplicationController < ActionController::Base
  exempt_from_layout /\.js\.erb$/

  if ( SITE_CONFIG['authentication_schemes'].include? 'cas')
-    before_filter CASClient::Frameworks::Rails::Filter
+    # This will allow the user to view the index page without authentication
+    # but will process CAS authentication data if the user already
+    # has an SSO session open.
+    before_filter CASClient::Frameworks::Rails::GatewayFilter, :only => :login
+
+    # This requires the user to be authenticated for viewing allother pages.
+    before_filter CASClient::Frameworks::Rails::Filter, :except => :login
  end
  before_filter :set_session_expiration
  before_filter :set_time_zone
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -8,9 +8,13 @@ class LoginController < ApplicationController
  before_filter :get_current_user

  def login
+    if cas_enabled?
+      @username = session[:cas_user]
+      @login_url = CASClient::Frameworks::Rails::Filter.login_url(self)
+    end
    if openid_enabled? && using_open_id?
      login_openid
-    elsif cas_enabled?
+    elsif cas_enabled? && session[:cas_user]
      login_cas
    else
      @page_title = "TRACKS::Login"
@ -136,7 +140,7 @@ class LoginController < ApplicationController
        end
        redirect_back_or_home
      else
-        notify :warning, "Sorry, no user by that identity URL exists (#{identity_url})"
+        notify :warning, "Sorry, no user by that CAS username exists (#{session[:cas_user]})"
      end
    else
      notify :warning, result.message
--- a/app/views/login/login.html.erb
+++ b/app/views/login/login.html.erb
@ -1,6 +1,7 @@
 <% auth_schemes = Tracks::Config.auth_schemes
   show_database_form = auth_schemes.include?('database')
   show_openid_form = auth_schemes.include?('open_id')
+   show_cas_form = auth_schemes.include?('cas')
 -%>

 <div title="Account login" id="loginform" class="form">
@ -55,6 +56,22 @@
  </div>
 <% end %>

+<% if show_cas_form %>
+  <div id="cas_auth_form" style="display:block">
+      <table>
+        <tr>
+          <td>
+			<% if @username %>
+			  <p>Hello, <%= @username %>! You are authenticated.</p>
+			<% else %>
+			  <p>You are not yet authenticated. <%= link_to("Login", @login_url) %>
+			<% end %>
+			</td>
+        </tr>
+      </table>
+  </div>
+ <% end %>
+ 
 </div>
 <% if show_openid_form %><p id="alternate_auth_openid" class="alternate_auth">or, <a href="#" onclick="Login.showOpenid();return false;">login with an OpenId</a></p><% end %>
 <% if show_database_form %><p id="alternate_auth_database" class="alternate_auth">or, <a href="#" onclick="Login.showDatabase();return false;">go back to the standard login</a></p><% end %>