arpitjain11-rubycas-server 0.8.0.20090612

data/lib/casserver/models.rb

@@ -0,0 +1,265 @@
+require 'camping/ar'
+
+module CASServer::Models
+  
+  module Consumable
+    def consume!
+      self.consumed = Time.now
+      self.save!
+    end
+
+    def self.included(mod)
+      mod.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def cleanup(max_lifetime, max_unconsumed_lifetime)
+        transaction do
+          conditions = ["created_on < ? OR (consumed IS NULL AND created_on < ?)", 
+                          Time.now - max_lifetime,
+                          Time.now - max_unconsumed_lifetime]
+          expired_tickets_count = count(:conditions => conditions)
+
+          $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.demodulize}"+
+            "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
+
+          destroy_all(conditions)
+        end
+      end
+    end
+  end
+  
+  class Ticket < Base
+    def to_s
+      ticket
+    end
+    
+    def self.cleanup(max_lifetime)
+      transaction do
+        conditions = ["created_on < ?", Time.now - max_lifetime]
+        expired_tickets_count = count(:conditions => conditions)
+          
+        $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.demodulize}"+
+          "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
+      
+        destroy_all(conditions)
+      end
+    end
+  end
+  
+  class LoginTicket < Ticket
+    set_table_name 'casserver_lt'
+    include Consumable
+  end
+  
+  class ServiceTicket < Ticket
+    set_table_name 'casserver_st'
+    include Consumable
+    
+    belongs_to :granted_by_tgt, 
+      :class_name => 'CASServer::Models::TicketGrantingTicket',
+      :foreign_key => :granted_by_tgt_id
+    has_one :proxy_granting_ticket,
+      :foreign_key => :created_by_st_id
+    
+    def matches_service?(service)
+      CASServer::CAS.clean_service_url(self.service) == 
+        CASServer::CAS.clean_service_url(service)
+    end
+  end
+  
+  class ProxyTicket < ServiceTicket
+    belongs_to :granted_by_pgt,
+      :class_name => 'CASServer::Models::ProxyGrantingTicket',
+      :foreign_key => :granted_by_pgt_id
+  end
+  
+  class TicketGrantingTicket < Ticket
+    set_table_name 'casserver_tgt'
+    
+    serialize :extra_attributes
+    
+    has_many :granted_service_tickets, 
+      :class_name => 'CASServer::Models::ServiceTicket',
+      :foreign_key => :granted_by_tgt_id
+  end
+  
+  class ProxyGrantingTicket < Ticket
+    set_table_name 'casserver_pgt'
+    belongs_to :service_ticket
+    has_many :granted_proxy_tickets, 
+      :class_name => 'CASServer::Models::ProxyTicket',
+      :foreign_key => :granted_by_pgt_id
+  end
+  
+  class Error
+    attr_reader :code, :message
+    
+    def initialize(code, message)
+      @code = code
+      @message = message
+    end
+    
+    def to_s
+      message
+    end
+  end
+
+  class CreateCASServer < V 0.1
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Creating database with long table names...")
+        
+        create_table :casserver_login_tickets, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_service_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_ticket_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_proxy_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        drop_table :casserver_proxy_granting_tickets
+        drop_table :casserver_ticket_granting_tickets
+        drop_table :casserver_service_tickets
+        drop_table :casserver_login_tickets
+      end
+    end
+  end
+  
+  # Oracle table names cannot exceed 30 chars... 
+  # See http://code.google.com/p/rubycas-server/issues/detail?id=15
+  class ShortenTableNames < V 0.5
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Shortening table names")
+        rename_table :casserver_login_tickets, :casserver_lt
+        rename_table :casserver_service_tickets, :casserver_st
+        rename_table :casserver_ticket_granting_tickets, :casserver_tgt
+        rename_table :casserver_proxy_granting_tickets, :casserver_pgt
+      else
+        create_table :casserver_lt, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_st, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_tgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_pgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        rename_table :casserver_lt, :cassserver_login_tickets
+        rename_table :casserver_st, :casserver_service_tickets
+        rename_table :casserver_tgt, :casserver_ticket_granting_tickets
+        rename_table :casserver_pgt, :casserver_proxy_granting_tickets
+      else
+        drop_table :casserver_pgt
+        drop_table :casserver_tgt
+        drop_table :casserver_st
+        drop_table :casserver_lt
+      end
+    end
+  end
+  
+  class AddTgtToSt < V 0.7
+    def self.up
+      add_column :casserver_st, :tgt_id, :integer, :null => true
+    end
+    
+    def self.down
+      remove_column :casserver_st, :tgt_id, :integer
+    end
+  end
+  
+  class ChangeServiceToText < V 0.71
+    def self.up
+      # using change_column to change the column type from :string to :text
+      # doesn't seem to work, at least under MySQL, so we drop and re-create
+      # the column instead
+      remove_column :casserver_st, :service
+      say "WARNING: All existing service tickets are being deleted."
+      add_column :casserver_st, :service, :text
+    end
+    
+    def self.down
+      change_column :casserver_st, :service, :string
+    end
+  end
+  
+  class AddExtraAttributes < V 0.72
+    def self.up
+      add_column :casserver_tgt, :extra_attributes, :text
+    end
+    
+    def self.down
+      remove_column :casserver_tgt, :extra_attributes
+    end
+  end
+
+  class RenamePgtForeignKeys < V 0.80
+    def self.up
+      rename_column :casserver_st,  :proxy_granting_ticket_id,  :granted_by_pgt_id
+      rename_column :casserver_st,  :tgt_id,                    :granted_by_tgt_id
+    end
+
+    def self.down
+      rename_column :casserver_st,  :granted_by_pgt_id,         :proxy_granting_ticket_id
+      rename_column :casserver_st,  :granted_by_tgt_id,         :tgt_id
+    end
+  end
+end

data/lib/casserver/postambles.rb

@@ -0,0 +1,174 @@
+module CASServer
+  module Postambles
+    
+    def webrick
+      require 'webrick/httpserver'
+      require 'webrick/https'
+      require 'camping/webrick'
+      
+      # TODO: verify the certificate's validity
+      # example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
+      
+      cert_path = $CONF.ssl_cert
+      key_path = $CONF.ssl_key || $CONF.ssl_cert
+        # look for the key in the ssl_cert if no ssl_key is specified
+      
+      webrick_options = {:BindAddress => "0.0.0.0", :Port => $CONF.port}
+      
+      unless cert_path.nil? && key_path.nil?
+        raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
+          " setting must be a path to a valid ssl certificate file." unless
+            File.exists? cert_path
+        
+        raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
+          " setting must be a path to a valid ssl private key file." unless
+            File.exists? key_path
+        
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        key = OpenSSL::PKey::RSA.new(File.read(key_path))
+        
+        webrick_options[:SSLEnable] = true
+        webrick_options[:SSLVerifyClient] = ::OpenSSL::SSL::VERIFY_NONE
+        webrick_options[:SSLCertificate] = cert
+        webrick_options[:SSLPrivateKey] = key
+      end
+      
+      begin
+        s = WEBrick::HTTPServer.new(webrick_options)
+      rescue Errno::EACCES
+        puts "\nThe server could not launch. Are you running on a privileged port? (e.g. port 443) If so, you must run the server as root."
+        exit 2
+      end
+      
+      CASServer.create
+      s.mount "#{$CONF.uri_path}", WEBrick::CampingHandler, CASServer
+      
+      puts "\n** CASServer is running at http#{webrick_options[:SSLEnable] ? 's' : ''}://#{Socket.gethostname}:#{$CONF.port}#{$CONF.uri_path} and logging to '#{$CONF.log[:file]}'\n\n"
+    
+      # This lets Ctrl+C shut down your server
+      trap(:INT) do
+        s.shutdown
+      end
+      trap(:TERM) do
+        s.shutdown
+      end
+    
+      if $DAEMONIZE
+        WEBrick::Daemon.start do
+          write_pid_file if $PID_FILE
+          s.start
+          clear_pid_file
+        end
+      else
+        s.start
+      end
+    end
+    
+    
+    
+    def mongrel
+      require 'rubygems'
+      require 'mongrel/camping'
+      
+      if $DAEMONIZE
+        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
+        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
+        check_pid_writable if $PID_FILE
+        check_log_writable
+      end
+      
+      CASServer.create
+      
+      puts "\n** CASServer is starting. Look in '#{$CONF.log[:file]}' for further notices."
+      
+      settings = {:host => "0.0.0.0", :log_file => $CONF.log[:file], :cwd => $CASSERVER_HOME}
+      
+      # need to close all IOs before daemonizing
+      $LOG.close if $DAEMONIZE
+      
+      begin
+        config = Mongrel::Configurator.new settings  do
+          daemonize :log_file => $CONF.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
+          
+          listener :port => $CONF.port do
+            uri $CONF.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
+            setup_signals
+          end
+        end
+      rescue Errno::EADDRINUSE
+        exit 1
+      end
+      
+      config.run
+      
+      CASServer.init_logger
+      CASServer.init_db_logger
+      
+      if $DAEMONIZE && $PID_FILE
+        write_pid_file
+        unless File.exists? $PID_FILE
+          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
+          exit 1
+        end
+      end
+      
+      puts "\n** CASServer is running at http://localhost:#{$CONF.port}#{$CONF.uri_path} and logging to '#{$CONF.log[:file]}'"
+      config.join
+
+      clear_pid_file
+
+      puts "\n** CASServer is stopped (#{Time.now})"
+    end
+    
+    
+    def fastcgi
+      require 'camping/fastcgi'
+      Dir.chdir('/srv/www/camping/casserver/')
+      
+      CASServer.create
+      Camping::FastCGI.start(CASServer)
+    end
+    
+    
+    def cgi
+      CASServer.create
+      puts CASServer.run
+    end
+    
+    private
+    def check_log_writable
+      log_file = $CONF.log['file']
+      begin
+        f = open(log_file, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def check_pid_writable
+      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
+      begin        
+        f = open($PID_FILE, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def write_pid_file
+      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
+      open($PID_FILE, "w") { |file| file.write(Process.pid) }
+    end
+    
+    def clear_pid_file
+      if $PID_FILE && File.exists?($PID_FILE)
+        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
+        File.unlink $PID_FILE
+      end
+    end
+  
+  end
+end

data/lib/casserver/utils.rb

@@ -0,0 +1,30 @@
+# Misc utility function used throughout by the RubyCAS-server.
+module CASServer
+  module Utils
+    def random_string(max_length = 29)
+      rg =  Crypt::ISAAC.new
+      max = 4294619050
+      r = "#{Time.now.to_i}r%X%X%X%X%X%X%X%X" % 
+        [rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max), 
+         rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max)]
+      r[0..max_length-1]
+    end
+    module_function :random_string
+      
+    def log_controller_action(controller, params)
+      $LOG << "\n"
+      
+      /`(.*)'/.match(caller[1])
+      method = $~[1]
+      
+      if params.respond_to? :dup
+        params2 = params.dup
+        params2['password'] = '******' if params2['password']
+      else
+        params2 = params
+      end
+      $LOG.debug("Processing #{controller}::#{method} #{params2.inspect}")
+    end
+    module_function :log_controller_action
+  end
+end

data/lib/casserver/version.rb

@@ -0,0 +1,9 @@
+module CASServer
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 7
+    TINY  = 99999
+
+    STRING = [MAJOR, MINOR, TINY].join('.')
+  end
+end