UNPKG

cas-server-mock

Version:

Simple mock for Apereo CAS server

github.com/veo-labs/cas-server-mock

veo-labs/cas-server-mock

104 lines (93 loc) 3.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
'use strict'; /** * Provides default route action to deal with CAS protocol. * * @class controller * @static */ const databaseProvider = process.require('lib/databaseProvider.js'); const {URL} = require('url'); /** * Authenticates user. * * This is a mock, no verification is performed. The generated ticket is just the user login. * * @method authenticateAction * @static * @async * @param {Request} request ExpressJS HTTP Request * @param {Object} request.query Request query string * @param {String} request.query.service The service to redirect to when authenticated * @param {String} request.query.login The user login to authenticate * @param {Response} response ExpressJS HTTP Response * @param {Function} next Function to defer execution to the next registered middleware */ module.exports.authenticateAction = (request, response, next) => { let redirectUrl = new URL(request.query.service); redirectUrl.searchParams.append('ticket', request.query.login); response.statusCode = 302; response.setHeader('Location', redirectUrl.href); response.setHeader('Content-Length', '0'); response.end(); }; /** * Validates ticket. * * This is a mock, no verification is performed. The generated ticket is just the user login. * User is retrieved from the database file and all its attributes are sent. * No verification is performed, it always sends an authentication success. * * @method validateTicketAction * @static * @async * @param {Request} request ExpressJS HTTP Request * @param {Object} request.query Request query string * @param {String} request.query.ticket The ticket (user login) * @param {Response} response ExpressJS HTTP Response * @param {Function} next Function to defer execution to the next registered middleware */ module.exports.validateTicketAction = (request, response, next) => { const user = databaseProvider.getUser(request.query.ticket); let result = ` <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>${user.name}</cas:user> <cas:attributes> `; for (let attributeName in user.attributes) { const attributeValue = user.attributes[attributeName]; if (Object.prototype.toString.call(attributeValue) === '[object String]') { result += `<cas:${attributeName}>${attributeValue}</cas:${attributeName}>`; } else if (Object.prototype.toString.call(attributeValue) === '[object Array]') { attributeValue.forEach((value) => { result += `<cas:${attributeName}>${value}</cas:${attributeName}>`; }); } } result += ` </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> `; response.send(result); }; /** * Logouts user. * * This is a mock, no verification is performed, nothing is done. User is just redirected to the given URL. * * @method logoutAction * @static * @async * @param {Request} request ExpressJS HTTP Request * @param {Object} request.query Request query string * @param {String} request.query.url The URL to redirect to * @param {Response} response ExpressJS HTTP Response * @param {Function} next Function to defer execution to the next registered middleware */ module.exports.logoutAction = (request, response, next) => { response.statusCode = 302; response.setHeader('Location', request.query.url); response.setHeader('Content-Length', '0'); response.end(); };