rbCAS / CASino

CASino is a Ruby-based Single Sign-On solution supporting the CAS standard
MIT License
331 stars 189 forks source link

Is there an option to update extra_attributes in casino_users table when some of those attributes changes? #128

Closed hasanen closed 9 years ago

hasanen commented 9 years ago

Hi

We have two Rails-apps, A and B. The app A is the CASino-server, and the B is CAS-client. In the app A, we have permission handling for users and one permission is for access to the app B.

If the user starts the session when she does not have access permission to the app B, she get redirected back to app A with a notice.

The problem comes when an admin gives that permission to the user, and the user is still using the same session, as the CAS-server returns expired extra_attributes from the database. Is there a way to keep those extra_attributes in casino_users table up to date?

pencil commented 9 years ago

A user's extra_attributes are only updated after a successful login. It should be pretty easy though to add a cronjob to periodically sync the extra_attributes as long as the Authenticator supports Auth Token Login (and therefore has a load_user_data(username) method that does not require a valid password).

hasanen commented 9 years ago

Ok, thanks for the information. We end up solving the problem with this code:

data = CASino::CustomAuthenticator.new(CASino.config[:authenticators][:authenticator][:options]).load_user_data username
CASino::User.find_by_username(username).update_attribute(:extra_attributes, data[:extra_attributes])

Not the prettiest one, but works.