module Devise module Models # Extends your User class with support for CAS ticket authentication. module CloudfujiAuthenticatable def self.included(base) base.extend ClassMethods if defined?(Mongoid) base.class_eval do field :ido_id # TODO check with someone who's using Mongoid end end end module ClassMethods # Authenticate a CAS ticket and return the resulting user object. Behavior is as follows: # # * Check ticket validity using RubyCAS::Client. Return nil if the ticket is invalid. # * Find a matching user by username (will use find_for_authentication if available). # * If the user does not exist, but Devise.cas_create_user is set, attempt to create the # user object in the database. If cas_extra_attributes= is defined, this will also # pass in the ticket's extra_attributes hash. # * Return the resulting user object. def authenticate_with_cas_ticket(ticket) ::Devise.cas_client.validate_service_ticket(ticket) unless ticket.has_been_validated? puts "ticket = #{ticket.inspect}" if ticket.is_valid? conditions = {::Devise.cas_username_column => ticket.respond_to?(:user) ? ticket.user : ticket.response.user} # We don't want to override Devise 1.1's find_for_authentication resource = if respond_to?(:find_for_authentication) find_for_authentication(conditions) else find(:first, :conditions => conditions) end resource = new(conditions) if (resource.nil? and ::Devise.cas_create_user?) puts "found #{resource.inspect}" return nil unless resource if resource.respond_to? :cloudfuji_extra_attributes extra_attributes = ticket.respond_to?(:extra_attributes) ? ticket.extra_attributes : ticket.response.extra_attributes resource.cloudfuji_extra_attributes(extra_attributes) end resource.save resource end end end end end end