fix handling of xml on successful validation with CAS server and update cadet.exs.example to include example CAS strategy

chownces · chownces · commit 9eef5f25c586 · 2022-10-30T13:37:49.000+08:00
diff --git a/config/cadet.exs.example b/config/cadet.exs.example
@@ -56,6 +56,11 @@ config :cadet,
     #      # You may need to write your own claim extractor for other providers
     #      claim_extractor: Cadet.Auth.Providers.CognitoClaimExtractor
     #    }},
+    # # To use authentication with CAS
+    # "cas" =>
+    #   {Cadet.Auth.Providers.CAS,
+    #    %{service_validate_endpoint: "https://{CAS_SERVER_ENDPOINT}/serviceValidate"}},
+
     "test" =>
       {Cadet.Auth.Providers.Config,
        [
diff --git a/lib/cadet/auth/providers/cas.ex b/lib/cadet/auth/providers/cas.ex
@@ -4,6 +4,8 @@ defmodule Cadet.Auth.Providers.CAS do
   https://apereo.github.io/cas/6.5.x/protocol/CAS-Protocol.html
   """
 
+  import SweetXml
+
   alias Cadet.Auth.Provider
 
   @behaviour Provider
@@ -20,24 +22,37 @@ defmodule Cadet.Auth.Providers.CAS do
     }
 
     with {:validate, {:ok, %{body: body, status_code: 200}}} <-
-           {:validate, HTTPoison.get(config.service_validate_endpoint, [], params: params)} do
-        #  {:validation_response, data} <- {:validation_response, Jason.decode!(body)},
-        #  {:extract_username, %{"name" => username}} <- {:extract_username, data} do
-          IO.inspect(body)
-      {:ok, %{token: body, username: "placeholder"}}
+           {:validate, HTTPoison.get(config.service_validate_endpoint, [], params: params)},
+         {:authentication_success, success_xml} when not is_nil(success_xml) <-
+           {:authentication_success, authentication_success(body)},
+         {:extract_username, username} <- {:extract_username, get_username(success_xml)} do
+      {:ok, %{token: success_xml, username: username}}
     else
       {:validate, {:ok, %{body: body, status_code: status}}} ->
         {:error, :upstream, "Status code #{status} from CAS: #{body}"}
+
+      {:authentication_success, nil} ->
+        {:error, :upstream, "Authentication failure from CAS"}
     end
   end
 
   @spec get_name(config(), Provider.token()) ::
           {:ok, String.t()} | {:error, Provider.error(), String.t()}
   def get_name(_config, token) do
-    %{"name" => name} = token
+    name = get_username(token)
     {:ok, name}
   rescue
     _ ->
       {:error, :invalid_credentials, "Failed to retrieve user's name"}
   end
+
+  defp authentication_success(xml) do
+    xml
+    |> xpath(~x"//cas:serviceResponse/cas:authenticationSuccess"e)
+  end
+
+  defp get_username(xml) do
+    xml
+    |> xpath(~x"//cas:user/text()"s)
+  end
 end
