-
Notifications
You must be signed in to change notification settings - Fork 57
Authentication
- We're using the
Devisegem for password authentication by default. - The
CAS_AUTHenvironment variable can be used to switch to CAS authentication (see here for more details). - You can switch between authentication methods, but you can only use CAS if all users in your database have a
cas_login.
By default, Reservations uses the Devise gem for password authentication with the DatabaseAuthenticatable, Recoverable, and Rememberable modules enabled. The users' e-mail addresses are used as their login credentials and are copied over to the username attribute in the database, if necessary, when Rails is started (see below for more details). Devise configuration is defined in config/initializers/00_devise.rb with the actual parameters set in config/secrets.yml, including defaults for the development and test environments and environment variables used for production (see here for more details).
If you'd like to modify how Devise is configured you should read the documentation and edit the initializer accordingly. Adding modules to app/models/user.rb is not recommended as it will likely require database migrations and make maintaining your instance much more difficult in the future.
CAS authentication can be enabled by setting the CAS_AUTH environment variable to value and setting the CAS_BASE_URL environment variable to the appropriate value (see here for more information). Reservations uses the devise_cas_authenticatable gem to integrate CAS authentication with Devise. Users are identified by their cas_login attribute, which is copied over to the username column in the database when Rails is initialized, if necessary (see below for more details).
Reservations does support switching between authentication methods, with a few caveats. The necessary setup is performed in config/initializers/authentication.rb, and basically copies either the email or cas_login column of the users table into the username column to match the configured authentication method.
It is always possible to use password authentication, even if users don't already have passwords, since they can simply use the Recoverable Devise module to reset their passwords. However, if you want to use CAS authentication (i.e. the CAS_AUTH environment variable is set) and there is at least one user in the database without a cas_login defined, the initializer will raise an exception and Rails will not start at all, preventing you from running a server as well as opening the console or running any rake commands. If you need to bypass the authentication initializer to perform tasks with the CAS_AUTH environment variable set, even if the database is not properly configured for CAS authentication, you may do so by setting the SKIP_AUTH_INIT environment variable to any value (e.g. rake db:reset SKIP_AUTH_INIT=true).