make cas work

app/controllers/application_controller.rb

@@ -29,6 +29,9 @@ class ApplicationController < ActionController::Base
   layout proc{ |controller| controller.mobile? ? "mobile" : "standard" }
   exempt_from_layout /\.js\.erb$/
 
+  if ( SITE_CONFIG['authentication_schemes'].include? 'cas')
+    before_filter CASClient::Frameworks::Rails::Filter
+  end
   before_filter :set_session_expiration
   before_filter :set_time_zone
   before_filter :set_zindex_counter
@@ -217,6 +220,14 @@ class ApplicationController < ActionController::Base
     self.class.openid_enabled?
   end
 
+  def self.cas_enabled?
+    Tracks::Config.cas_enabled?
+  end
+
+  def cas_enabled?
+    self.class.cas_enabled?
+  end
+
   private
         
   def parse_date_per_user_prefs( s )

app/controllers/login_controller.rb

@@ -10,6 +10,8 @@ class LoginController < ApplicationController
   def login
     if openid_enabled? && using_open_id?
       login_openid
+    elsif cas_enabled?
+      login_cas
     else
       @page_title = "TRACKS::Login"
       case request.method
@@ -49,6 +51,9 @@ class LoginController < ApplicationController
     @user.forget_me if logged_in?
     cookies.delete :auth_token
     session['user_id'] = nil
+    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')
+      CASClient::Frameworks::Rails::Filter.logout(self)
+    end
     reset_session
     notify :notice, "You have been logged out of Tracks."
     redirect_to_login
@@ -114,4 +119,27 @@ class LoginController < ApplicationController
       end
     end
   end
+
+  def login_cas
+    # If checkbox on login page checked, we don't expire the session after 1 hour
+    # of inactivity and we remember this user for future browser sessions
+    session['noexpiry'] ||= params['user_noexpiry']
+    if session[:cas_user]
+      if @user = User.find_by_login(session[:cas_user])
+        session['user_id'] = @user.id
+        msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
+        notify :notice, "Login successful: session #{msg}"
+        cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
+        unless should_expire_sessions?
+          @user.remember_me
+          cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
+        end
+        redirect_back_or_home
+      else
+        notify :warning, "Sorry, no user by that identity URL exists (#{identity_url})"
+      end
+    else
+      notify :warning, result.message
+    end
+  end
 end

config/environment.rb

@@ -98,6 +98,11 @@ if ( SITE_CONFIG['authentication_schemes'].include? 'open_id')
   OpenID::Util.logger = RAILS_DEFAULT_LOGGER
 end
 
+if ( SITE_CONFIG['authentication_schemes'].include? 'open_id')
+  #requires ruby-openid gem to be installed
+  OpenID::Util.logger = RAILS_DEFAULT_LOGGER
+end
+
 tracks_version='1.8devel'
 # comment out next two lines if you do not want (or can not) the date of the
 # last git commit in the footer

config/site.yml.tmpl

@@ -9,6 +9,13 @@ authentication_schemes:
   - "database"
   # - "ldap"
   # - "open_id"
+  # - "cas"
+
+
+# Uncomment if using cas
+#cas_server: "https://cas.evergreen.edu/cas"
+#cas_server_logout: "https://cas.evergreen.edu/cas/logout"
+
 
 
 # You''ll probably want to change this to the time zone of the computer where Tracks is running

lib/tracks/config.rb

@@ -11,5 +11,9 @@ module Tracks
     def self.openid_enabled?
       auth_schemes.include?('open_id')
     end
+
+    def self.cas_enabled?
+      auth_schemes.include?('cas')
+    end
   end
 end