Cul::Omniauth
NOTE: This gem is deprecated and has been replaced by: https://github.com/cul/omniauth-cul
Cul::Omniauth is a Rails engine to facilitate using Devise and Omniauth with the CAS offering from Columbia University IT.
Installing Devise
-
Add gem 'devise' to Gemfile
-
Run
bundle install
-
Run devise generator
rails generate devise:install
and follow devise specified instructions -
Add model, run
rails g model User
- Check Devise README for latest installation instructions
Install cul_omniauth
-
Add gem cul_omniauth to Gemfile
-
Run
bundle install
-
Change mixin in User model to
include Cul::Omniauth::Users
-
Create migration to remove encrypted_password field of user model
-
Create migration to add uid and provider fields to user model, both are strings
More CAS configuration information at OmniAuth CAS
Configuring from a file
CAS configurable with Devise from config/cas.yml by mixin:
module MyModule
class Application < Rails::Application
include Cul::Omniauth::FileConfigurable
end
end
...then configuring from within the Devise initializer:
Devise.setup do |config|
MyModule::Application.configure_devise_omniauth(config)
end
The config file is called cas.yml, and following the CUIT CAS documentation should be similar to:
cas: &CAS
host: cas.columbia.edu
login_url: /cas/login
logout_url: /cas/logout
service_validate_url: /cas/serviceValidate
disable_ssl_verification: true
provider: cas
saml: &SAML
<<: *CAS
provider: saml
service_validate_url: /cas/samlValidate
wind: &WIND
host: wind.columbia.edu
login_url: /login
logout_url: /logout
service_validate_url: /validate
service: 'your_service_key_here'
provider: wind
development: *CAS
test: *CAS
myapp_dev: *CAS
mypp_test: *CAS
myapp_prod: *CAS
... with the environment configurations for your Rails app including one of these configurations as appropriate. If your application uses affiliation attributes from CAS, it must use the :saml provider.
Controller Mixins
Using Devise and OmniAuth requires a Sessions controller and a Callbacks controller in the Users namespace.
Devise/OmniAuth Callbacks Controller
The Callbacks controller should subclass Devise::OmniauthCallbacksController and mixin Cul::Omniauth::Callbacks
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
include Cul::Omniauth::Callbacks
end
Devise Sessions Controller
The Sessions controller should subclass Devise::SessionsController and provide two methods:
class Users::SessionsController < Devise::SessionsController
def new_session_path(scope)
new_user_session_path # this accomodates Users namespace of the controller
end
def omniauth_provider_key
# there is support for :wind, :cas, and :saml in Cul::Omniauth
end
end
Routing
To ensure that devise uses the proper routes and controllers, change devise_for :users
to:
devise_for :users, controllers: {sessions: 'users/sessions', omniauth_callbacks: 'users/omniauth_callbacks'}
In order to add sign_in and sign_out methods:
devise_scope :user do
get 'sign_in', :to => 'users/sessions#new', :as => :new_user_session
get 'sign_out', :to => 'users/sessions#destroy', :as => :destroy_user_session
end
Authorizing Application Controllers
Once the authentication machinery is configured, users can be authenticated by including the appropriate Devise mixins:
class ApplicationController < ActionController::Base
include Devise::Controllers::Helpers
devise_group :user, contains: [:user]
before_filter before_filter :authenticate_user!, if: :devise_controller?
end
Authorization is handled by separate libraries, although Cul::Omniauth is currently developed with CanCan support in mind.
Model Requirements
This gem assumes use of the Devise sessions model, though your application must still provide a User model. This User model should mixin the Cul::Omniauth::Users module:
class User < ActiveRecord::Base
# Connects this user object to Blacklights Bookmarks and Folders.
include Blacklight::User
include Cul::Omniauth::Users
# additional application-local business
end
Troubleshooting
If your user model is not using database authenticatable and does not have a password column, you will need to add two dummy password methods (a getter and a setter). These methods are required by devise. You are having this problem if your user model can't find a password method. To solve this problem add the following methods to your model:
def password
Devise.friendly_token[0,20]
end
def password=(*val)
# NOOP
end
If your application is using CanCan for authorization, it will also need to provide an Ability model similar to:
class Ability
include CanCan::Ability
def initialize(user)
@user = user || User.new # default to guest user
end
end
More information about CanCan is available on the CanCan Github repository.