search

google-code-export / rubycas-client

Automatically exported from code.google.com/p/rubycas-client
1 stars 1 forks source link

ruby-cas client + mongrel --prefix breaks ajax #19

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. set up a site using ruby-cas client 2.0 
2. use ajax stuff like observer_field or any of ActiveScaffold
3. deploy with mongrel and the --prefix option to allow multiple sites one dns 
name

What is the expected output? What do you see instead?
all ajax actions return:
uncaught exception: Security Error: Content at 
http://pink.XXXX.XXX/site_tracker/stock_notes 
may not load data from https://cas.XXXX.XXX/cas/login?
service=http%3A%2F%2Fpink.XXXX.XXX%2Fsite_tracker%2Fstock_notes%2Fnew%3F_method%
3Dge
t%26adapter%3D_list_inline_adapter.

in the web developer plugin and in the production log:

  Parameters: {"authenticity_token"=>"9286245cd6ccdd1520e5f69fd12b7cfff1801990", 
"action"=>"search_for_programs", "controller"=>"sites", "keywords"=>"food"}
Redirected to https://cas.eXXXX.XXX/cas/login?
service=http%3A%2F%2Fpink.XXXX.XXX%2Fsite_tracker%2Fsites%2Fsearch_for_programs%
3Fauthe
nticity_token%3D9286245cd6ccdd1520e5f69fd12b7cfff1801990%26keywords%3Dfood
Filter chain halted as 
[#<ActionController::Filters::ClassMethods::ClassFilter:0x9c13b40 
@filter=CASClient::Frameworks::Rails::Filter>] rendered_or_redirected.
Completed in 0.01132 (88 reqs/sec) | DB: 0.00000 (0%) | 302 Found 
[http://pink.XXXX.XXX/site_tracker/sites/search_for_programs]

What version of the product are you using? On what operating system?
Rails 2.0.2  on ruby 1.8.6 (2007-09-24 patchlevel 111) [i386-freebsd6]

Please provide any additional information below.

 turning off ruby-cas via commenting out #before_filter CASClient::Frameworks::Rails::Filter
allows things to work.

Original issue reported on code.google.com by erikord...@gmail.com on 27 Feb 2008 at 5:59

GoogleCodeExporter commented 9 years ago 
Sounds like upon hitting the AJAX action, the CAS filter thinks the user needs 
to be
authenticated and redirects them to the CAS server. This doesn't really work 
for AJAX
requests though, since the response can't come from a remote server (in this 
case the
CAS server).

The easiest solution might be to disable the CAS filter for your AJAX actions;
something like:

---
before_filter CASClient::Frameworks::Rails::Filter, :except => [:ajax_action,
:another_ajax_action]
---

But this might not be desirable if your AJAX actions return data that should 
require
authentication.

I suspect that maybe you configured your Rails filter in such a way that it gets
executed on every request. This is almost certainly not what you want.

Instead, try doing something like this:

---
before_filter :authenticate_with_cas

protected
def authenticate_with_cas(controller)
  if controller.session[:cas_user]
    return true
  else
    return CASClient::Frameworks::Rails::Filter.filter
  end
end
---

I'm thinking that maybe the above should be the filter's default behaviour, 
since
this problem seems to come up a lot for end-users like yourself.

Original comment by matt.zuk...@gmail.com on 27 Feb 2008 at 7:56

GoogleCodeExporter commented 9 years ago 
FYI this has been fixed and will be released in 2.0.1. If you're using the Rails
plugin and have it installed via Subversion, you can just do an update now and 
the
behaviour you're looking for will be restored.

Original comment by matt.zuk...@gmail.com on 27 Feb 2008 at 11:18