Cas support (PR #892)

I went back and cleaned up some of the debug cruft that was left behind. I wrote a few tests based on the existing ones. I totally failed in doing this for users_controllers_spec.rb so I reverted my work there so that the tests would continue to run. A short discussion of why adding CAS is here

I broke the commit into two parts. The first is purely CAS and the second allows for deactivation of local logins as .edu’s in the US frequently need to limit access to current active students, staff and faculty due to privacy issues. I broke this out as it will probably get rejected and I understand that and wanted to make it easier.

The following is meant purely as a compliment. Because of the well structured code and use of OmniAuth it only took me an hour to do the initial work. I have added CAS to a number of internal and external apps and this was by fair the most pleasant do work on ever.


You’ve signed the CLA, eriko. Thank you! This pull request is ready for review.

This PR looks much better, it is slightly bothering to me that we are injecting yet another layer of middleware when its never really being used, omniauth is already injecting 15 frames into our call stack for every request.

Perhaps an approach like we have for rack-cache will work here, require: false and load it in production.rb or development.rb if a config is set?

I looked a bit at omniauth’s dynamic loading. It might be possible to move this and other strategies into separate plugins/gems. There would need to be some way to add the auth buttons on the login panel if both gem was enabled in the Gemfile and it was enabled in the SiteSettings. Also if the gem was enabled adding the settings to the SiteSettings to enable it.

I will take this in (once my minor comments are taken care of) Will leave the dynamic loading to a bit later, we can handle dynamic loading across the board then.

Ok when it comes time to do the dynamic loading we can add a fuller set of options. Right now this will support that base case for CAS set up in the default manner.

ok, pulling it in, do you mind posting a “howto cas?” post on meta?

Posted and thanks. I will keep an eye out for issues.

Is this setting ever used? There seems to be no occurrence of it in the source code.

There initially was a url setting but that one was removed in the final patch 4638975 of the commit. Is that what you are referring to?

No, I was referring to the cas_domainname setting.

Ouch. Thanks I have put in to fix that so it gets used as it was intended.