Merge branch 'cas'

app/controllers/application_controller.rb

@@ -28,6 +28,7 @@ class ApplicationController < ActionController::Base
 
   layout proc{ |controller| controller.mobile? ? "mobile" : "standard" }
   exempt_from_layout /\.js\.erb$/
+
   
   before_filter :set_session_expiration
   before_filter :set_time_zone
@@ -217,6 +218,22 @@ class ApplicationController < ActionController::Base
     self.class.openid_enabled?
   end
 
+  def self.cas_enabled?
+    Tracks::Config.cas_enabled?
+  end
+
+  def cas_enabled?
+    self.class.cas_enabled?
+  end
+
+  def self.prefered_auth?
+    Tracks::Config.prefered_auth?
+  end
+
+  def prefered_auth?
+    self.class.prefered_auth?
+  end
+
   private
         
   def parse_date_per_user_prefs( s )
@@ -259,6 +276,8 @@ class ApplicationController < ActionController::Base
   
   def set_time_zone
     Time.zone = current_user.prefs.time_zone if logged_in?
+    locale = params[:locale] || 'en-US'
+    I18n.locale = locale
   end
 
   def set_zindex_counter

app/controllers/login_controller.rb

@@ -6,12 +6,32 @@ class LoginController < ApplicationController
   skip_before_filter :login_required
   before_filter :login_optional
   before_filter :get_current_user
-  
+  if ( SITE_CONFIG['authentication_schemes'].include? 'cas')
+    # This will allow the user to view the index page without authentication
+    # but will process CAS authentication data if the user already
+    # has an SSO session open.
+    if defined? CASClient
+      # Only require sub-library if gem is installed and loaded
+      require 'casclient/frameworks/rails/filter'
+      before_filter CASClient::Frameworks::Rails::GatewayFilter, :only => :login_cas
+
+      # This requires the user to be authenticated for viewing all other pages.
+      before_filter CASClient::Frameworks::Rails::Filter, :only => [:login_cas ]
+    end
+  end
+
   def login
+    if cas_enabled?
+      @username = session[:cas_user]
+      @login_url = CASClient::Frameworks::Rails::Filter.login_url(self)
+    end
     if openid_enabled? && using_open_id?
       login_openid
+    elsif cas_enabled? && session[:cas_user]
+      login_cas
     else
       @page_title = "TRACKS::Login"
+      cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth]
       case request.method
         when :post
           if @user = User.authenticate(params['user_login'], params['user_password'])
@@ -49,9 +69,13 @@ class LoginController < ApplicationController
     @user.forget_me if logged_in?
     cookies.delete :auth_token
     session['user_id'] = nil
-    reset_session
-    notify :notice, "You have been logged out of Tracks."
-    redirect_to_login
+    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
+      CASClient::Frameworks::Rails::Filter.logout(self)
+    else
+      reset_session
+      notify :notice, "You have been logged out of Tracks."
+      redirect_to_login
+    end
   end
   
   def check_expiry
@@ -73,6 +97,33 @@ class LoginController < ApplicationController
     respond_to do |format|
       format.js
     end
+  end
+
+    def login_cas
+    # If checkbox on login page checked, we don't expire the session after 1 hour
+    # of inactivity and we remember this user for future browser sessions
+
+    session['noexpiry'] ||= params['user_noexpiry']
+    if session[:cas_user]
+      if @user = User.find_by_login(session[:cas_user])
+        session['user_id'] = @user.id
+        msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
+        notify :notice, "Login successful: session #{msg}"
+        cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
+        unless should_expire_sessions?
+          @user.remember_me
+          cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
+        end
+        #redirect_back_or_home
+      else
+        notify :warning, "Sorry, no user by that CAS username exists (#{session[:cas_user]})"
+        redirect_to signup_url ; return
+      end
+    else
+      notify :warning, result.message
+    end
+    redirect_back_or_home 
+
   end
   
   private
@@ -114,4 +165,6 @@ class LoginController < ApplicationController
       end
     end
   end
+
+
 end

app/controllers/users_controller.rb

@@ -27,6 +27,13 @@ class UsersController < ApplicationController
 
   # GET /users/new
   def new
+    @auth_types = []
+    unless session[:cas_user]
+      Tracks::Config.auth_schemes.each {|auth| @auth_types << [auth,auth]}
+    else
+      @auth_types << ['cas','cas']
+    end
+
     if User.no_users_yet?
       @page_title = "TRACKS::Sign up as the admin user"
       @heading = "Welcome to TRACKS. To get started, please create an admin account:"
@@ -66,6 +73,13 @@ class UsersController < ApplicationController
         end
         
         user = User.new(params['user'])
+
+        if Tracks::Config.auth_schemes.include?('cas')
+          if user.auth_type.eql? "cas"
+             user.crypted_password = "cas"
+          end
+        end
+
         unless user.valid?
           session['new_user'] = user
           redirect_to :action => 'new'
@@ -94,6 +108,9 @@ class UsersController < ApplicationController
           return
         end
         user = User.new(params[:request])
+        if Tracks::Config.auth_schemes.include?('cas')   && session[:cas_user]
+          user.auth_type = "cas" #if they area  cas user
+        end
         user.password_confirmation = params[:request][:password]
         if user.save
           render :text => "User created.", :status => 200
@@ -203,4 +220,4 @@ class UsersController < ApplicationController
     return true
   end
   
-end
+end