Feature #2356 » redmine-add-cas-support.patch
| app/controllers/account_controller.rb | ||
|---|---|---|
| 19 | 19 |
helper :custom_fields |
| 20 | 20 |
include CustomFieldsHelper |
| 21 | 21 |
|
| 22 |
@cas_initialized = false |
|
| 23 |
class << self; attr_accessor :cas_initialized; end |
|
| 24 | ||
| 22 | 25 |
# prevents login action to be filtered by check_if_login_required application scope filter |
| 23 | 26 |
skip_before_filter :check_if_login_required |
| 24 | 27 | |
| 25 | 28 |
# Login request and validation |
| 26 | 29 |
def login |
| 30 |
# If we are forcing CAS authentication, bypass everything else and go to it. |
|
| 31 |
if Setting.cas? && Setting.cas_force != '0' |
|
| 32 |
cas_authenticate |
|
| 33 |
end |
|
| 34 | ||
| 27 | 35 |
if request.get? |
| 28 | 36 |
# Logout user |
| 29 | 37 |
self.logged_user = nil |
| ... | ... | |
| 133 | 141 |
redirect_to :action => 'login' |
| 134 | 142 |
end |
| 135 | 143 |
|
| 144 |
def cas_authenticate |
|
| 145 |
unless self.class.cas_initialized |
|
| 146 |
CASClient::Frameworks::Rails::Filter.configure( |
|
| 147 |
:cas_base_url => Setting.cas_base_url |
|
| 148 |
) |
|
| 149 |
self.class.cas_initialized = true |
|
| 150 |
end |
|
| 151 | ||
| 152 |
CASClient::Frameworks::Rails::Filter.filter(self) unless session[:cas_user] |
|
| 153 |
if session[:cas_user] |
|
| 154 |
user = User.find_or_initialize_by_login(session[:cas_user]) |
|
| 155 |
if user.new_record? |
|
| 156 |
# Self-registration off |
|
| 157 |
redirect_to(home_url) && return unless Setting.self_registration? |
|
| 158 | ||
| 159 |
# Create on the fly |
|
| 160 |
user.login = session[:cas_user] |
|
| 161 |
user.mail = session[:cas_user] + Setting.cas_email_suffix |
|
| 162 |
user.firstname = session[:cas_user] |
|
| 163 |
user.lastname = session[:cas_user] |
|
| 164 |
user.random_password |
|
| 165 |
user.status = User::STATUS_REGISTERED |
|
| 166 | ||
| 167 |
case Setting.self_registration |
|
| 168 |
when '1' |
|
| 169 |
register_by_email_activation(user) do |
|
| 170 |
onthefly_creation_failed(user) |
|
| 171 |
end |
|
| 172 |
when '3' |
|
| 173 |
register_automatically(user) do |
|
| 174 |
onthefly_creation_failed(user) |
|
| 175 |
end |
|
| 176 |
else |
|
| 177 |
register_manually_by_administrator(user) do |
|
| 178 |
onthefly_creation_failed(user) |
|
| 179 |
end |
|
| 180 |
end |
|
| 181 |
else |
|
| 182 |
# Existing record |
|
| 183 |
if user.active? |
|
| 184 |
successful_authentication(user) |
|
| 185 |
else |
|
| 186 |
account_pending |
|
| 187 |
end |
|
| 188 |
end |
|
| 189 |
end |
|
| 190 |
end |
|
| 191 | ||
| 136 | 192 |
private |
| 137 | 193 | |
| 138 | 194 |
def password_authentication |
| ... | ... | |
| 189 | 245 |
end |
| 190 | 246 |
end |
| 191 | 247 |
end |
| 192 |
|
|
| 248 | ||
| 193 | 249 |
def successful_authentication(user) |
| 194 | 250 |
# Valid user |
| 195 | 251 |
self.logged_user = user |
| app/models/setting.rb | ||
|---|---|---|
| 143 | 143 |
def self.openid? |
| 144 | 144 |
Object.const_defined?(:OpenID) && self[:openid].to_i > 0 |
| 145 | 145 |
end |
| 146 | ||
| 147 |
def self.cas? |
|
| 148 |
Object.const_defined?(:CAS) && self[:cas].to_i > 0 |
|
| 149 |
end |
|
| 146 | 150 |
|
| 147 | 151 |
# Checks if settings have changed since the values were read |
| 148 | 152 |
# and clears the cache hash if it's the case |
| app/views/account/login.rhtml | ||
|---|---|---|
| 25 | 25 |
</td> |
| 26 | 26 |
</tr> |
| 27 | 27 |
<tr> |
| 28 |
<% if Setting.cas? %> |
|
| 29 |
<tr> |
|
| 30 |
<td align="left"> |
|
| 31 |
<%= link_to l(:label_cas_login), :controller => 'account', :action => 'cas_authenticate' %> |
|
| 32 |
</td> |
|
| 33 |
</tr> |
|
| 34 |
<% end %> |
|
| 28 | 35 |
<td align="left"> |
| 29 | 36 |
<% if Setting.lost_password? %> |
| 30 | 37 |
<%= link_to l(:label_password_lost), :controller => 'account', :action => 'lost_password' %> |
| app/views/settings/_authentication.rhtml | ||
|---|---|---|
| 16 | 16 | |
| 17 | 17 |
<p><%= setting_check_box :openid, :disabled => !Object.const_defined?(:OpenID) %></p> |
| 18 | 18 | |
| 19 |
<p><%= setting_check_box :cas, :disabled => !Object.const_defined?(:CAS) %></p> |
|
| 20 | ||
| 21 |
<p><%= setting_text_field :cas_base_url, :disabled => !Object.const_defined?(:CAS), :size => 50 %></p> |
|
| 22 | ||
| 23 |
<p><%= setting_text_field :cas_email_suffix, :disabled => !Object.const_defined?(:CAS), :size => 50 %></p> |
|
| 24 | ||
| 25 |
<p><%= setting_check_box :cas_force, :disabled => !Object.const_defined?(:CAS) %></p> |
|
| 26 | ||
| 19 | 27 |
<p><%= setting_check_box :rest_api_enabled %></p> |
| 20 | 28 |
</div> |
| 21 | 29 | |
| config/locales/en.yml | ||
|---|---|---|
| 321 | 321 |
setting_file_max_size_displayed: Max size of text files displayed inline |
| 322 | 322 |
setting_repository_log_display_limit: Maximum number of revisions displayed on file log |
| 323 | 323 |
setting_openid: Allow OpenID login and registration |
| 324 |
setting_cas: Use CAS login and registration |
|
| 325 |
setting_cas_base_url: CAS server base URL |
|
| 326 |
setting_cas_email_suffix: Default email suffix for CAS users |
|
| 327 |
setting_cas_force: ONLY allow login using CAS (this disables normal login) |
|
| 324 | 328 |
setting_password_min_length: Minimum password length |
| 325 | 329 |
setting_new_project_user_role_id: Role given to a non-admin user who creates a project |
| 326 | 330 |
setting_default_projects_modules: Default enabled modules for new projects |
| ... | ... | |
| 447 | 451 |
label_register: Register |
| 448 | 452 |
label_login_with_open_id_option: or login with OpenID |
| 449 | 453 |
label_password_lost: Lost password |
| 454 |
label_cas_login: Login using CAS |
|
| 450 | 455 |
label_home: Home |
| 451 | 456 |
label_my_page: My page |
| 452 | 457 |
label_my_account: My account |
| config/settings.yml | ||
|---|---|---|
| 180 | 180 |
default: '' |
| 181 | 181 |
rest_api_enabled: |
| 182 | 182 |
default: 0 |
| 183 |
cas: |
|
| 184 |
default: 0 |
|
| 185 |
cas_base_url: |
|
| 186 |
default: '' |
|
| 187 |
cas_email_suffix: |
|
| 188 |
default: '' |
|
| 189 |
cas_force: |
|
| 190 |
default: 0 |
|