arpitjain11-rubycas-server 0.8.0.20090612

Sign up to get free protection for your applications and to get access to all the features.
Files changed (78) hide show
  1. data/CHANGELOG.txt +1 -0
  2. data/History.txt +272 -0
  3. data/LICENSE.txt +504 -0
  4. data/Manifest.txt +85 -0
  5. data/PostInstall.txt +3 -0
  6. data/README.rdoc +26 -0
  7. data/Rakefile +4 -0
  8. data/bin/rubycas-server +13 -0
  9. data/bin/rubycas-server-ctl +9 -0
  10. data/config/hoe.rb +78 -0
  11. data/config/requirements.rb +15 -0
  12. data/config.example.yml +544 -0
  13. data/config.ru +38 -0
  14. data/custom_views.example.rb +11 -0
  15. data/lib/casserver/authenticators/active_directory_ldap.rb +11 -0
  16. data/lib/casserver/authenticators/base.rb +48 -0
  17. data/lib/casserver/authenticators/client_certificate.rb +46 -0
  18. data/lib/casserver/authenticators/google.rb +54 -0
  19. data/lib/casserver/authenticators/ldap.rb +147 -0
  20. data/lib/casserver/authenticators/ntlm.rb +88 -0
  21. data/lib/casserver/authenticators/open_id.rb +22 -0
  22. data/lib/casserver/authenticators/sql.rb +102 -0
  23. data/lib/casserver/authenticators/sql_encrypted.rb +76 -0
  24. data/lib/casserver/authenticators/sql_md5.rb +19 -0
  25. data/lib/casserver/authenticators/sql_rest_auth.rb +77 -0
  26. data/lib/casserver/authenticators/test.rb +19 -0
  27. data/lib/casserver/cas.rb +322 -0
  28. data/lib/casserver/conf.rb +75 -0
  29. data/lib/casserver/controllers.rb +457 -0
  30. data/lib/casserver/load_picnic.rb +19 -0
  31. data/lib/casserver/localization.rb +82 -0
  32. data/lib/casserver/models.rb +265 -0
  33. data/lib/casserver/postambles.rb +174 -0
  34. data/lib/casserver/utils.rb +30 -0
  35. data/lib/casserver/version.rb +9 -0
  36. data/lib/casserver/views.rb +245 -0
  37. data/lib/casserver.rb +58 -0
  38. data/lib/rubycas-server/version.rb +1 -0
  39. data/lib/rubycas-server.rb +1 -0
  40. data/po/de_DE/rubycas-server.po +119 -0
  41. data/po/es_ES/rubycas-server.po +115 -0
  42. data/po/fr_FR/rubycas-server.po +116 -0
  43. data/po/ja_JP/rubycas-server.po +118 -0
  44. data/po/pl_PL/rubycas-server.po +115 -0
  45. data/po/pt_BR/rubycas-server.po +115 -0
  46. data/po/ru_RU/rubycas-server.po +110 -0
  47. data/po/rubycas-server.pot +104 -0
  48. data/public/themes/cas.css +121 -0
  49. data/public/themes/notice.png +0 -0
  50. data/public/themes/ok.png +0 -0
  51. data/public/themes/simple/bg.png +0 -0
  52. data/public/themes/simple/login_box_bg.png +0 -0
  53. data/public/themes/simple/logo.png +0 -0
  54. data/public/themes/simple/theme.css +28 -0
  55. data/public/themes/urbacon/bg.png +0 -0
  56. data/public/themes/urbacon/login_box_bg.png +0 -0
  57. data/public/themes/urbacon/logo.png +0 -0
  58. data/public/themes/urbacon/theme.css +33 -0
  59. data/public/themes/warning.png +0 -0
  60. data/resources/init.d.sh +58 -0
  61. data/script/console +10 -0
  62. data/script/destroy +14 -0
  63. data/script/generate +14 -0
  64. data/script/txt2html +82 -0
  65. data/setup.rb +1585 -0
  66. data/tasks/deployment.rake +34 -0
  67. data/tasks/environment.rake +7 -0
  68. data/tasks/localization.rake +11 -0
  69. data/tasks/website.rake +17 -0
  70. data/vendor/isaac_0.9.1/LICENSE +26 -0
  71. data/vendor/isaac_0.9.1/README +78 -0
  72. data/vendor/isaac_0.9.1/TODO +3 -0
  73. data/vendor/isaac_0.9.1/VERSIONS +3 -0
  74. data/vendor/isaac_0.9.1/crypt/ISAAC.rb +171 -0
  75. data/vendor/isaac_0.9.1/isaac.gemspec +39 -0
  76. data/vendor/isaac_0.9.1/setup.rb +596 -0
  77. data/vendor/isaac_0.9.1/test/TC_ISAAC.rb +76 -0
  78. metadata +193 -0
data/CHANGELOG.txt ADDED
@@ -0,0 +1 @@
1
+ See History.txt
data/History.txt ADDED
@@ -0,0 +1,272 @@
1
+ * Creating Gem with Authlogic Authenticators
2
+
3
+ === 0.8.0 :: In Progress...
4
+
5
+ * NEW:
6
+ * Support for localization via Ruby-GetText.
7
+ See http://code.google.com/p/rubycas-server/wiki/Localization
8
+ for details. [antono]
9
+ * Switched to Picnic 0.8.x, so RubyCAS-Server is now based on Rack
10
+ and Camping 2.0 and is now compatible with Passenger Phusion
11
+ * Added new SQL authenticator (sql_rest_auth) compatible with the
12
+ restful_authentication Rails plugin. [antono]
13
+
14
+ * FIXED:
15
+ * Fixed weird problems with loading controllers when using older versions of
16
+ activesupport and/or rubygems.
17
+ * Failure to connect to a service during a single sign out request is now
18
+ handled gracefully.
19
+ * Required gem dependencies have been re-enabled in the gemspec.
20
+
21
+ === 0.7.1 :: 2008-11-10
22
+
23
+ * Fixed dependency loading problems introduced by upstream changes in RubyGems
24
+ 1.3.1.
25
+
26
+ === 0.7.0 :: 2008-11-04
27
+
28
+ * NEW:
29
+ * Implemented single-sign-out functionality as specified in CAS 3.3. See
30
+ http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out.
31
+ * It is now possible to configure Authenticators to return extra attributes
32
+ to CAS clients alongside the username. For an example of how to do this see
33
+ the included SQL authenticator. Also have a look at:
34
+ http://groups.google.com/group/rubycas-server/browse_thread/thread/5eade3793cb590e9
35
+ Note that extra attributes of type other than String or Numeric are serialized
36
+ into YAML format before being sent along to the client.
37
+ * Added an MD5-password version of the SQL authenticator for Drupal and any other
38
+ database that stores its passwords in hashed form (thanks malcolmm).
39
+ * Added new Google authenticator for authenticating against Google/GMail
40
+ accounts.
41
+
42
+ * CHANGED:
43
+ * Service URIs are now automatically normalized. For example, if the service
44
+ URI given to the server has a 'ticket' parameter, the ticket will now be
45
+ automatically stripped. This is to avert any possible issues raised by
46
+ misbehaving CAS clients (the CAS ticket should never be part of the service
47
+ URI). Same goes for other CAS-related parameters like 'service', 'renew',
48
+ and 'gateway'. Additionally, the trailing '/' and '?' characters are
49
+ automatically stripped from URLs, since, for example, "http://google.com/"
50
+ is almost certainly equivalent to "http://google.com".
51
+ * The expire_sessions config variable is now respected -- ticket granting
52
+ ticket cookies are set with an expiry datetime, so that the SSO session
53
+ is effectively terminated once the ticket_granting_ticket_expiry period
54
+ is reached.
55
+ * If present, the HTTP_X_FORWARDED_FOR header is used for recording the
56
+ client's address. This is useful when the server is running behind a reverse
57
+ proxy, but it should not be considered authoritative since it can be
58
+ easily spoofed.
59
+ * The 'service' field in the 'casserver_st' table has been changed from
60
+ VARCHAR(255) to TEXT in order to accomodate service URIs longer than 255
61
+ characters (fixes issue #46).
62
+ * The CAS XML responses are no longer whitespace-formatted (i.e. Markaby's
63
+ auto-indentation has been turned off). Apparently the whitespace was
64
+ causing problems with mod_auth_cas. See:
65
+ http://groups.google.com/group/rubycas-server/browse_thread/thread/e482fe09999b73d3
66
+ * When used without pre-authentication, the LDAP authenticator now tries to
67
+ bind by searching for the given username in the LDAP directory based on the
68
+ configured username_attribute. Prior to this change the authenticator
69
+ attempted to bind with the LDAP server by assuming that the username credential
70
+ matches the user's CN. This is no longer the case.
71
+ * CAS responses to invalid requests (for example where required parameters
72
+ are missing or incorrect) will now have HTTP status code 422. Internal server
73
+ errors (where the server rather than the client is at fault) have error 500.
74
+ Previously most responses had error code 200, regardless of their contents.
75
+
76
+ * FIXED:
77
+ * Fixed logout action to work properly with ActiveRecord 2.1 (eager loading behaviour
78
+ was changed upstream forcing a change to the way we look for ProxyGrantingTickets
79
+ to delete on logout).
80
+ * When running under Mongrel, the USR2 signal should now restart the server as
81
+ expected -- however currently this only works when the server is running
82
+ in the foregaround. When daemonized, USR2 will shut down the server without
83
+ restarting (see issue #58).
84
+ * Fixed activerecord/activesupport gem load problems, hopefully once and for all
85
+ (however picnic-0.7.0 is now required).
86
+
87
+ === 0.6.0 :: 2008-03-28
88
+
89
+ * Much of the supporting functionality that makes RubyCAS-Server
90
+ act as a well-behaved Linux service has been abstracted out
91
+ into its own library. This new library is called Picnic and is
92
+ now a gem dependency for RubyCAS-Server. You can find out more about
93
+ it at http://code.google.com/p/camping-picnic/.
94
+ * The logout action will now accept a 'destination' parameter in lieu of
95
+ 'service'. This means that if a 'destination' parameter is given with
96
+ some URL, the logout action will show the login form, allowing the user
97
+ to immedietly log back in to the service specified by 'destination'.
98
+ * The logout action will now accept a 'url' parameter. If given, the logout
99
+ page will show a message indicating that the CAS session has been terminated
100
+ and instructing the user to click on a link to follow the given URL. If the
101
+ 'url' parameter is given, the login form will NOT be shown on the logout
102
+ page (see above).
103
+ * When an authentication failure occurs (because the user submitted
104
+ invalid credentials or the login ticket is missing), the server
105
+ now returns a 401 (Unauthorized) response instead of 200.
106
+ * An encryption-enabled version of the SQL authenticator is now
107
+ available. For more info have a look at:
108
+ http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
109
+ * Better compatibility with Oracle databases. The database migration
110
+ no longer tries to create tables with long names when long
111
+ table names are not supported by the underlying database connector
112
+ (issue #15).
113
+ * The server now automatically removes leading and trailing whitespace from
114
+ the username entered by users. Passwords however are left intact, with no
115
+ whitespace removed.
116
+ * The server can now be configured to automatically downcase the
117
+ username entered by users (dowcase_username option). So if a user
118
+ enters "JSmith", the system will convert it to "jsmith" if the
119
+ downcase_username option is set to true.
120
+ * The server can now be made to bind to a specific address. See the
121
+ :bind_address option in the config.example.yml file.
122
+ * Fixed bug with ActiveRecord 2.0.2 where service tickets were not
123
+ being given a type (issue #37).
124
+
125
+ === 0.5.1 :: 2007-12-20
126
+
127
+ * Tickets generated by the server should now be a lot more secure.
128
+ The random string generator used for generating tickets now uses
129
+ Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
130
+ and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs
131
+ up to 64.
132
+
133
+ === 0.5.0 :: 2007-09-20
134
+
135
+ * Gateway requests should now be handled correctly. When the request to the
136
+ login page is made with gateway=true as one of the parameters, the CAS
137
+ server will immediately redirect back to the target service along with
138
+ a service ticket if an SSO session exists for the user (or without a
139
+ service ticket if there is no pre-existing SSO session).
140
+ Note that if you are using RubyCAS-Client and want gatewaying, you will
141
+ need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
142
+ * If gateway=true is specified as part of the logout URI, the server will
143
+ log the user out and immediately redirect them back to the specified
144
+ service. In other words, you can now do "gatewayed logouts" as well
145
+ as logins.
146
+ * A login ticket can now be remotely requested from the server by placing
147
+ a POST request to '/loginTicket'.
148
+ * The login view can now be made to return only the login form. This is
149
+ done by adding the 'onlyLoginForm' parameter to the '/login' request.
150
+ Optionally, a 'submitToURI' parameter can be supplied to force the login
151
+ form to submit to the given URI (otherwise the server will try to figure
152
+ out the full URI to its own login controller). This functionality may be
153
+ useful when you want to embed the login form in some external page, as
154
+ an IFRAME otherwise.
155
+ * Custom views can now be used to override the default Markaby templates
156
+ by specifying a 'custom_views_file' option in the configuration. See
157
+ custom_views.example.rb. [jzylks]
158
+ * Table names have been shortened to work with Oracle. A migration has
159
+ been added that should do the shortening for you the first time you run
160
+ this new RubyCAS-Server version.
161
+ * Multiple authenticators can now be specified. During authentication,
162
+ credentials are presented to the first authenticator, then the second,
163
+ and so on, until the user is validated by any one authenticator or fails
164
+ validation for all of them. [jzylks]
165
+ * When using webrick, you can now run with SSL disabled by omitting the
166
+ ssl_cert and ssl_key parameters.
167
+ * Changed incorrect MySQL example database configuration -- option should
168
+ be 'host:' not 'server:' (issue #22).
169
+
170
+ === 0.4.2 :: 2007-07-26
171
+
172
+ * The LDAP/AD authenticator has been largely re-written. The code is a bit
173
+ cleaner now, and should work better with non-Active Directory LDAP servers
174
+ (although this has yet to be tested since I don't have access to a non-AD
175
+ LDAP server).
176
+ * The validate() method in your authenticators now receives a :service element
177
+ (in addition to :username, and :password). This is simply the service
178
+ url (if any) specified in the user's CAS request. If you call
179
+ read_standard_credentials(credentials) at the top of your validator, the value
180
+ will also be available as @service along with @username and @password.
181
+ * By request, a :username_prefix option has been added to the ldap
182
+ configuration. If entered, this string will be automatically prefixed to
183
+ the username entered by the user.
184
+ * A bug having to do with handling authenticator errors has been fixed.
185
+ Any authenticator error messages should now be correctly shown on the
186
+ login page.
187
+ * Minor improvements to error messages having to do with login tickets.
188
+ They're a bit more prescriptive now, explaining to the user what steps
189
+ they should take to correct the error.
190
+
191
+ === 0.4.1 :: 2007-06-07
192
+
193
+ * This release restores compatiblity with older versions of rubygems
194
+ (pre-0.9.0). To achieve this, we alias the 'gem' method to the old
195
+ 'require_gem' if 'gem' is not already defined.
196
+ * rubycas-server-ctl will now quiety delete an orphaned .pid file
197
+ instead complaining loudly and refusing to start up.
198
+ * Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
199
+ startup problems when in fact the server had started just fine.
200
+
201
+
202
+ === 0.4.0 :: 2007-06-05
203
+
204
+ * Added rubycas-server-ctl script for controlling daemonized server.
205
+ * rubygems-0.9.0 or later is now required.
206
+ * Added system startup script to be used in /etc/init.d on Linux systems.
207
+ * Authenticator can now be loaded from an external file using the 'source'
208
+ configuration option.
209
+ * Better preemptive detection of startup problems with mongrel.
210
+ * User now sees an error message if the service URI is not a valid URI (i.e.
211
+ if it's not URI-encoded or otherwise malformed).
212
+
213
+
214
+ === 0.3.0 :: 2007-03-29
215
+
216
+ * Fixed glaring security problem with LDAP/AD Authenticator where under some
217
+ circumstances blank passwords were accepted as valid.
218
+ * Autocomplete has been turned off on the password field for better security.
219
+ In the future we may allow autocomplete to be re-enabled using a
220
+ configuration setting.
221
+ * When the user visits the login page and is already authenticated (i.e. they
222
+ have a valid ticket granting cookie), a message is shown at the top
223
+ indicating that they are already logged in.
224
+ * sqlite3-ruby is no longer required by the gem as a dependency. The user
225
+ must now install it manually prior to installing rubycas-server. The
226
+ building of sqlite3 native extensions appears to be somewhat flakey
227
+ and probably defeats the original purpose of using it (which was
228
+ to have a CAS server up and running with no additional DB configuration).
229
+ We will use MySQL as the default database adapter instead, since it does
230
+ not require additional libraries and many users will have a MySQL server
231
+ already available.
232
+ * Fixed bug that was causing all proxy-granting tickets to be deleted whenever
233
+ any user logged out. Only the PGTs for the user that is logging out are now
234
+ being deleted.
235
+ * Trailing slashes in service URLs are now ignored when validating service
236
+ and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
237
+ are now considered to be the same service URL).
238
+ * Authenticators now raise AuthenticatorError exceptions when encountering
239
+ a problem/error. This makes it easier to send feedback to the user.
240
+ However, other exceptions should still be raised when errors ought
241
+ not be recoverable (i.e. programming errors).
242
+ * Fixed serious vulnerability in LDAP authenticator where under some
243
+ cirumstances the user could just enter '*' as their username to match
244
+ any username. The LDAP authenticator will now refuse to process logins
245
+ with usernames that contain the characters * ( ) \ / and the NULL
246
+ character \0.
247
+ * Views are no longer xhtml-validated. Markaby's auto-validation was turned
248
+ off to allow for use of the autocomplete property on inputs, since this is
249
+ the only viable way of turning off password storage in IE and Firefox at
250
+ the page level.
251
+ * You can now limit the maximum length of a login session by setting the
252
+ expire_sessions config setting to true.
253
+ * Fixed some minor bugs in the login view.
254
+
255
+
256
+ === 0.2.0 :: 2007-03-20
257
+
258
+ * ruby-casserver now behaves more like a real command-line app, accepting
259
+ various command line arguments including -h (help), -v (version), -c (use
260
+ an alternate config.yml), and -d (daemonize, when using webrick or mongrel
261
+ mode).
262
+ * Special characters in CAS XML responses are now properly encoded into XML
263
+ entities
264
+ * CAS XML responses are no longer auto-indented... Markaby's indentation
265
+ seemed to be causing problems with the PHP CAS client.
266
+ * Misc minor bug fixes/cleanup.
267
+
268
+
269
+ === 0.1.0 :: 2007-03-01
270
+
271
+ * First public release.
272
+