This is at least one issue with this
to logout of CAS you need session information but the logout method blows this away so I do the cas log out before the session is killed so the session persistest in rails. Because I needed to move the CAS before filters into login_cas and out of the application to make it work side by side. The user will still be logined into tracks even though their CAS session is closed as the session will still be there.
def logout
@user.forget_me if logged_in?
cookies.delete :auth_token
session['user_id'] = nil
if ( SITE_CONFIG['authentication_schemes'].include? 'cas') && session[:cas_user]
CASClient::Frameworks::Rails::Filter.logout(self)
else
reset_session
notify :notice, "You have been logged out of Tracks."
redirect_to_login
end
end
The other issue I have with this is that:
I could not find a use case for having mixed auth when using CAS. The reason to move to CAS is that all your users use CAS all the time. Even for admin accounts. Moodle is a good example of this in that when you activate CAS the default is that you can now only access moodle via CAS. By allowing mixed auth and self signup you end up with a anyone (the public) being able to sign up for accounts.
Made corresponding change in view.
Added User.per_page method to provide number of users per page to User.paginate button. I can remove and just pass the param to the method in the controller if that is more desirable.
Added 2 controller tests for pagination. No view tests have been added.
Changes you will need to make:
* In your environment.rb, you will need to update references to a few files per environment.rb.tmpl
* In your environment.rb, you will need to specify the local time zone of the computer that is running your Tracks install.
Other notes on my changes:
* Modified our code to take advantage of Rails 2.1's slick time zone support.
* Upgraded will_paginate for compatibility
* Hacked the Selenium on Rails plugin, which has not been updated in some time and does not support Rails 2.1
* Verified that all tests pass on my machine, including Selenium tests -- I'd like confirmation from others, too.
Up to r881
* 'master' of /Users/jackie/Sites/tracks_svn: (22 commits)
Added .gitconfig
Added yaml_db plugin: http://opensource.heroku.com/
applied patch from Eric from #732fixes#730 restores ability to delete user from user management page
fixes#724 where editing todos truncates the project name of the todo when the project name contains quotes (")
Applied patch from Eric Pallen whcih automatically converts url's to links. Thanks Eric!
explain that yaml cannot yet be used for backup as importing is not implemented yet. from mailinglist.
hopefully fixes #727.Changes the check on running animation to finished animation
regenerate compressed js and cleanup whitespace
turns out that getElementsByClassName is removed from prototype and it therfore falls back to the function of the browser which has different semantics. Found here http://www.prototypejs.org/api/utility/getElementsByClassName
forgot to create a new compressed js from the previous js changes
in the stats page you can downdrill to see the active todos in a certain week from the running time charts. This patch adds the option to see all active todos from the selected week and older.
fix#727. Adds a check to prevent expand/collapse while a previous expand/collaps is still animating
fixed small problem where updating a todo from mobile resulted in an error becase source_view was nil
fixes#726. Thanks Eric Pallen for the fix. The mobile view showed active todos from completed projects while the home page does not.
merges changes from tracks1.6 to trunk
prepares trunk for 1.6 release
fixes#713. Adds behavior for edit/star/delete/check buttons of todo even if there is no todo to show. This makes sure that the behaviors are present when you add a new todo through AJAX.
fixes#718. The link included the number of actions which resulted from last commit
removed some more whitespace to reduce the download of the mobile view.
...
