Supporting unauthorized xml requests

Roberto Klein · zuk · commit 06148ff37a8d · 2010-04-14T01:02:26.000+08:00
diff --git a/lib/casclient/frameworks/rails/filter.rb b/lib/casclient/frameworks/rails/filter.rb
@@ -110,7 +110,7 @@ def filter(controller)
                 return true
               else
                 log.warn("Ticket #{st.ticket.inspect} failed validation -- #{vr.failure_code}: #{vr.failure_message}")
-                redirect_to_cas_for_authentication(controller)
+                unauthorized!(controller, vr)
                 return false
               end
             else # no service ticket was present in the request
@@ -128,7 +128,7 @@ def filter(controller)
                 end
               end
               
-              redirect_to_cas_for_authentication(controller)
+              unauthorized!(controller)
               return false
             end
           end
@@ -181,6 +181,18 @@ def logout(controller, service = nil)
             controller.send(:redirect_to, client.logout_url(referer))
           end
           
+          def unauthorized!(controller, vr = nil)
+            if controller.params[:format] == "xml"
+              if vr
+                controller.send(:render, :xml => "<errors><error>#{vr.failure_message}</error></errors>", :status => 401)
+              else
+                controller.send(:head, 401)
+              end
+            else
+              redirect_to_cas_for_authentication(controller)
+            end
+          end
+          
           def redirect_to_cas_for_authentication(controller)
             redirect_url = login_url(controller)
             
