Project

omniauth-cul

0.0
The project is in a healthy, maintained state
omniauth-culcul/omniauth-culHomepageDocumentationSource CodeBug TrackerWiki
A devise omniauth adapter for Rails apps, using Columbia University authentication.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
487
Stars
0
Forks
0
Watchers
3
 Releases
Current version
0.2.0
Total releases
1
First release
2024-01-17
Latest release
2024-01-17
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2024-02-16
Reverse Dependencies
0

 Dependencies

Runtime

devise
>= 4.9
omniauth
>= 2.0
 Project Readme

Omniauth::Cul

Omniauth::Cul is a gem that facilitates using Rails, Devise and Omniauth with the CAS offering from Columbia University IT.

At this time, this gem only supports Columbia University's CAS3 authentication endpoint (which provides user affiliation information), but support for additional auth mechanisms may be added later if needed.

Installation and setup

The instructions below assume that your Rails application's user model will be called "User".

  1. Add gem devise (>= 4.9) to your Gemfile.
  2. Follow the standard Devise setup instructions (https://github.com/heartcombo/devise). Recap:
    1. rails generate devise:install
    2. rails generate devise User
    3. rails db:migrate
  3. Add gem omniauth (>= 2.1) to your Gemfile.
  4. Add this gem, 'omniauth-cul', to your Gemfile.
  5. Run bundle install.
  6. In /config/initializers/devise.rb, add this: 
    config.omniauth :cas, strategy_class: Omniauth::Cul::Strategies::Cas3Strategy
    (There may already be a config.omniauth section, and if so you can append this to the existing lines in that section.)
  7. Add a :uid column to the User model by running: rails generate migration AddUidToUsers uid:string:uniq:index
  8. In /app/models/user.rb, find the line where the devise method is called (usually with arguments like :database_authenticatable, :registerable, etc.).
    • Minimally, you need to add these additional arguments to the end of the method call: :omniauthable, omniauth_providers: [:cas]
    • In most cases though, you'll probably want to disable most of the modules and have only this: 
      devise :database_authenticatable, :validatable, :omniauthable, omniauth_providers: [:cas]
  9. In /config/routes.rb, find this line:
 devise_for :users

And replace it with these lines:

 devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
  1. Create a new file at app/controllers/users/omniauth_callbacks_controller.rb with the following content: 
    require 'omniauth/cul'

  class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
    # Adding the line below so that if the auth endpoint POSTs to our cas endpoint, it won't
    # be rejected by authenticity token verification.
    # See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
    skip_before_action :verify_authenticity_token, only: :cas

    def app_cas_callback_endpoint
      "#{request.base_url}/users/auth/cas/callback"
    end

    # GET /users/auth/cas (go here to be redirected to the CAS login form)
    def passthru
      redirect_to Omniauth::Cul::Cas3.passthru_redirect_url(app_cas_callback_endpoint), allow_other_host: true
    end

    # GET /users/auth/cas/callback
    def cas
      user_id, affils = Omniauth::Cul::Cas3.validation_callback(request.params['ticket'], app_cas_callback_endpoint)

      # Custom auth logic for your app goes here.
      # The code below is provided as an example.  If you want to use Omniauth::Cul::PermissionFileValidator,
      # to validate see the later "Omniauth::Cul::PermissionFileValidator" section of this README.
      #
      # if Omniauth::Cul::PermissionFileValidator.permitted?(user_id, affils)
      #   user = User.find_by(uid: user_id) || User.create!(
      #       uid: user_id,
      #       email: "#{user_id}@columbia.edu",
      #       password: Devise.friendly_token[0, 20] # Assign random string password, since the omniauth user doesn't need to know the unused local account password
      #   )
      #   sign_in_and_redirect user, event: :authentication # this will throw if @user is not activated
      # else
      #   flash[:error] = 'Login attempt failed'
      #   redirect_to root_path
      # end
    end
  end

Omniauth::Cul::PermissionFileValidator - Permission validation with a user id list or affiliation list

One of the modules in this gem is Omniauth::Cul::PermissionFileValidator, which can be used like this:

user_id = 'abc123'
affils = ['affil1']
if Omniauth::Cul::PermissionFileValidator.permitted?(user_id, affils)
  # This block will run if your Rails app has a file at /config/permissions.yml that
  # permits access for user 'abc123' OR any user with affiliation 'affil1'.
end

In your Rails app, your permission.yml file should be located at /config/permissions.yml. For each environment, you may define allowed_user_ids and/or allowed_user_affils.

# Permissions

all: &all
  allowed_user_ids:
    - abc123
    - def123
    - ghi123
  allowed_user_affils:
    - CUL_dpts-ldpd

development: *all
test: *all

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.