casino 1.3.2 → 2.0.0

data/db/migrate/20130809135401_rename_base_models.rb

@@ -0,0 +1,101 @@
+class RenameBaseModels < ActiveRecord::Migration
+  def up
+    # Login Tickets
+    rename_table :login_tickets, :casino_login_tickets
+    unless index_exists?(:casino_login_tickets, :ticket)
+      add_index :casino_login_tickets, :ticket, :unique => true
+    end
+
+    # Proxy Granting Tickets
+    rename_table :proxy_granting_tickets, :casino_proxy_granting_tickets
+    unless index_exists?(:casino_proxy_granting_tickets, :ticket)
+      add_index :casino_proxy_granting_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_proxy_granting_tickets, :iou)
+      add_index :casino_proxy_granting_tickets, :iou, :unique => true
+    end
+    unless index_exists?(:casino_proxy_granting_tickets, :name => "index_casino_proxy_granting_tickets_on_granter")
+      # Uses a custom index name because the generated one exceeds the size limit
+      add_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    end
+
+    # Proxy Tickets
+    rename_table :proxy_tickets, :casino_proxy_tickets
+    unless index_exists?(:casino_proxy_tickets, :ticket)
+      add_index :casino_proxy_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_proxy_tickets, :proxy_granting_ticket_id)
+      add_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    end
+
+    # Service Rules
+    rename_table :service_rules, :casino_service_rules
+    unless index_exists?(:casino_service_rules, :url)
+      add_index :casino_service_rules, :url, :unique => true
+    end
+
+    # Service Tickets
+    rename_table :service_tickets, :casino_service_tickets
+    unless index_exists?(:casino_service_tickets, :ticket)
+      add_index :casino_service_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_service_tickets, :ticket_granting_ticket_id)
+      add_index :casino_service_tickets, :ticket_granting_ticket_id
+    end
+
+    # Ticket Granting Tickets
+    rename_table :ticket_granting_tickets, :casino_ticket_granting_tickets
+    unless index_exists?(:casino_ticket_granting_tickets, :ticket)
+      add_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    end
+
+    # Two-Factor Authenticators
+    rename_table :two_factor_authenticators, :casino_two_factor_authenticators
+    unless index_exists?(:casino_two_factor_authenticators, :user_id)
+      add_index :casino_two_factor_authenticators, :user_id
+    end
+
+    # Users
+    rename_table :users, :casino_users
+    unless index_exists?(:casino_users, [:authenticator, :username])
+      add_index :casino_users, [:authenticator, :username], :unique => true
+    end
+  end
+
+  def down
+    remove_index :casino_login_tickets, :ticket
+    drop_table :casino_login_tickets
+
+    # Proxy Granting Tickets
+    remove_index :casino_proxy_granting_tickets, :ticket, :unique => true
+    remove_index :casino_proxy_granting_tickets, :iou, :unique => true
+    remove_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    drop_table :casino_proxy_granting_tickets
+
+    # Proxy Tickets
+    remove_index :casino_proxy_tickets, :ticket, :unique => true
+    remove_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    drop_table :casino_proxy_tickets
+
+    # Service Rules
+    remove_index :casino_service_rules, :url, :unique => true
+    drop_table :casino_service_rules
+
+    # Service Tickets
+    remove_index :casino_service_tickets, :ticket, :unique => true
+    remove_index :casino_service_tickets, :ticket_granting_ticket_id
+    drop_table :casino_service_tickets
+
+    # Ticket Granting Tickets
+    remove_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    drop_table :casino_ticket_granting_tickets
+
+    # Two-Factor Authenticators
+    remove_index :casino_two_factor_authenticators, :user_id
+    drop_table :casino_two_factor_authenticators
+
+    # Users
+    remove_index :casino_users, [:authenticator, :username], :unique => true
+    drop_table :casino_users
+  end
+end

data/db/migrate/20131022110146_cleanup_indexes.rb

@@ -0,0 +1,27 @@
+class CleanupIndexes < ActiveRecord::Migration
+  def change
+    # delete some leftovers in migrated CASino 1.x installations
+    remove_deprecated_index_if_exists :login_tickets, [:ticket]
+    remove_deprecated_index_if_exists :proxy_granting_tickets, [:granter_type, :granter_id]
+    remove_deprecated_index_if_exists :proxy_granting_tickets, [:iou]
+    remove_deprecated_index_if_exists :proxy_tickets, [:proxy_granting_ticket_id]
+    remove_deprecated_index_if_exists :proxy_tickets, [:ticket]
+    remove_deprecated_index_if_exists :service_rules, [:url]
+    remove_deprecated_index_if_exists :service_tickets, [:ticket]
+    remove_deprecated_index_if_exists :service_tickets, [:ticket_granting_ticket_id]
+    remove_deprecated_index_if_exists :ticket_granting_tickets, [:ticket]
+    remove_deprecated_index_if_exists :two_factor_authenticators, [:user_id]
+    remove_deprecated_index_if_exists :users, [:authenticator, :username]
+  end
+
+  private
+  def remove_deprecated_index_if_exists(old_table_name, column_names)
+    table_name = :"casino_#{old_table_name}"
+    index_name = :"index_#{old_table_name}_on_#{column_names.join('_and_')}"
+    if index_name_exists?(table_name, index_name, false)
+      remove_index table_name, name: index_name
+    else
+      puts "index #{index_name} on #{table_name} not found"
+    end
+  end
+end

data/db/migrate/20131022110246_fix_long_index_names.rb

@@ -0,0 +1,12 @@
+class FixLongIndexNames < ActiveRecord::Migration
+  def change
+    # Long names prevent us from doing some migrations, because the resulting
+    # temporary index names would be longer than 64 characters:
+    # Index name 'temp_index_altered_casino_proxy_tickets_on_proxy_granting_ticket_id' on table
+    # 'altered_casino_proxy_tickets' is too long; the limit is 64 characters
+    remove_index :casino_service_tickets, :ticket_granting_ticket_id
+    remove_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    add_index :casino_service_tickets, :ticket_granting_ticket_id, name: 'casino_service_tickets_on_tgt_id'
+    add_index :casino_proxy_tickets, :proxy_granting_ticket_id, name: 'casino_proxy_tickets_on_pgt_id'
+  end
+end

data/db/migrate/20131022110346_change_service_to_text.rb

@@ -0,0 +1,6 @@
+class ChangeServiceToText < ActiveRecord::Migration
+  def change
+    change_column :casino_proxy_tickets, :service, :text
+    change_column :casino_service_tickets, :service, :text
+  end
+end

data/lib/casino.rb

@@ -1,6 +1,50 @@
-require 'casino_core'
+require 'active_support/configurable'
 require 'casino/engine'
 
 module CASino
-  autoload :Listener, 'casino/listener.rb'
-end
+  include ActiveSupport::Configurable
+
+  defaults = {
+    authenticators: HashWithIndifferentAccess.new,
+    logger: Rails.logger,
+    frontend: HashWithIndifferentAccess.new(
+      sso_name: 'CASino',
+      footer_text: 'Powered by <a href="http://rbcas.com/">CASino</a>'
+    ),
+    implementors: HashWithIndifferentAccess.new(
+      login_ticket: nil,
+      proxy_granting_ticket: nil,
+      proxy_ticket: nil,
+      service_rule: nil,
+      service_ticket: nil,
+      ticket_granting_ticket: nil,
+      two_factor_authenticator: nil,
+      user: nil
+    ),
+    login_ticket: {
+      lifetime: 600
+    },
+    ticket_granting_ticket: {
+      lifetime: 86400,
+      lifetime_long_term: 864000
+    },
+    service_ticket: {
+      lifetime_unconsumed: 300,
+      lifetime_consumed: 86400,
+      single_sign_out_notification: {
+        timeout: 5
+      }
+    },
+    proxy_ticket: {
+      lifetime_unconsumed: 300,
+      lifetime_consumed: 86400
+    },
+    two_factor_authenticator: {
+      timeout: 180,
+      lifetime_inactive: 300,
+      drift: 30
+    }
+  }
+
+  self.config.merge! defaults.deep_dup
+end

data/lib/casino/authenticator.rb

@@ -0,0 +1,9 @@
+module CASino
+  class Authenticator
+    class AuthenticatorError < StandardError; end
+
+    def validate(username, password)
+      raise NotImplementedError, "This method must be implemented by a class extending #{self.class}"
+    end
+  end
+end

data/lib/casino/engine.rb

@@ -1,7 +1,33 @@
 require 'casino'
+require 'casino/inflections'
 
 module CASino
   class Engine < Rails::Engine
     isolate_namespace CASino
+
+    rake_tasks { require 'casino/tasks' }
+
+    initializer :yaml_configuration do |app|
+      apply_yaml_config load_file('config/cas.yml')
+    end
+
+    private
+    def apply_yaml_config(yaml)
+      cfg = (YAML.load(ERB.new(yaml).result)||{}).fetch(Rails.env, {})
+      cfg.each do |k,v|
+        value = if v.is_a? Hash
+          CASino.config.fetch(k.to_sym,{}).merge(v.symbolize_keys)
+        else
+          v
+        end
+        CASino.config.send("#{k}=", value)
+      end
+    end
+
+    def load_file(filename)
+      fullpath = File.join(Rails.root, filename)
+      IO.read(fullpath) rescue ''
+    end
+
   end
 end

data/lib/casino/inflections.rb

@@ -0,0 +1,7 @@
+# This inflector acronym definition needs to happen as soon as possible because
+# the Railtie is going to declare a table_name_suffix based upon the name of the
+# Railtie. Without this definition, the Railtie would use 'ca_s_ino'
+ActiveSupport::Inflector.inflections do |inflect|
+  inflect.acronym 'CAS'
+  inflect.acronym 'CASino'
+end

data/lib/casino/tasks.rb

@@ -0,0 +1 @@
+Dir[File.join(File.dirname(__FILE__),'tasks/*.rake')].each { |f| load f }

data/lib/casino/tasks/cleanup.rake

@@ -0,0 +1,59 @@
+require 'yaml'
+require 'logger'
+require 'active_record'
+
+namespace :casino do
+  namespace :cleanup do
+    desc 'Remove expired service tickets.'
+    task service_tickets: :environment do
+      [:consumed, :unconsumed].each do |type|
+        rows_affected = CASino::ServiceTicket.send("cleanup_#{type}")
+        if rows_affected.respond_to? :length
+          rows_affected = rows_affected.length
+        end
+        puts "Deleted #{rows_affected} #{type} service tickets."
+      end
+      rows_affected = CASino::ServiceTicket.cleanup_consumed_hard
+      puts "Force deleted #{rows_affected} consumed service tickets."
+    end
+
+    desc 'Remove expired proxy tickets.'
+    task proxy_tickets: :environment do
+      [:consumed, :unconsumed].each do |type|
+        rows_affected = CASino::ProxyTicket.send("cleanup_#{type}").length
+        puts "Deleted #{rows_affected} #{type} proxy tickets."
+      end
+    end
+
+    desc 'Remove expired login tickets.'
+    task login_tickets: :environment do
+      rows_affected = CASino::LoginTicket.cleanup
+      puts "Deleted #{rows_affected} login tickets."
+    end
+
+    desc 'Remove expired inactive two-factor authenticators.'
+    task two_factor_authenticators: :environment do
+      rows_affected = CASino::TwoFactorAuthenticator.cleanup
+      puts "Deleted #{rows_affected} inactive two-factor authenticators."
+    end
+
+    desc 'Remove expired ticket-granting tickets.'
+    task ticket_granting_tickets: :environment do
+      rows_affected = CASino::TicketGrantingTicket.cleanup.length
+      puts "Deleted #{rows_affected} ticket-granting tickets."
+    end
+
+    task :acquire_lock do
+      $cleanup_lock = File.open('tmp/cleanup.lock', File::RDWR | File::CREAT, 0644)
+      lock_aquired = $cleanup_lock.flock(File::LOCK_NB | File::LOCK_EX)
+      if lock_aquired === false
+        $stderr.puts 'Could not acquire lock, other cleanup task already running?'
+        exit 1
+      end
+    end
+
+    desc 'Perform all cleanup tasks.'
+    task all: [:acquire_lock, :ticket_granting_tickets, :service_tickets, :proxy_tickets, :login_tickets, :two_factor_authenticators] do
+    end
+  end
+end

data/lib/casino/tasks/service_rule.rake

@@ -0,0 +1,49 @@
+require 'terminal-table'
+
+namespace :casino do
+  namespace :service_rule do
+
+    desc 'Add a service rule (prefix the url parameter with "regex:" to add a regular expression)'
+    task :add, [:name, :url] => :environment do |task, args|
+      service_rule = CASino::ServiceRule.new name: args[:name]
+      match = /^regex:(.*)/.match(args[:url])
+      if match.nil?
+        service_rule.url = clean_service_url(args[:url])
+      else
+        service_rule.url = match[1]
+        service_rule.regex = true
+      end
+      if !service_rule.save
+        fail service_rule.errors.full_messages.join("\n")
+      elsif service_rule.regex && service_rule.url[0] != '^'
+        puts 'Warning: Potentially unsafe regex! Use ^ to match the beginning of the URL. Example: ^https://'
+      end
+    end
+
+    desc 'Remove a servcice rule.'
+    task :delete, [:id] => :environment do |task, args|
+      CASino::ServiceRule.find(args[:id]).delete
+      puts "Successfully deleted service rule ##{args[:id]}."
+    end
+
+    desc 'Delete all servcice rules.'
+    task :flush => :environment do |task, args|
+      CASino::ServiceRule.delete_all
+      puts 'Successfully deleted all service rules.'
+    end
+
+    desc 'List all service rules.'
+    task list: :environment do
+      table = Terminal::Table.new :headings => ['Enabled', 'ID', 'Name', 'URL'] do |t|
+        CASino::ServiceRule.all.each do |service_rule|
+          url = service_rule.url
+          if service_rule.regex?
+            url += " (Regex)"
+          end
+          t.add_row [service_rule.enabled, service_rule.id, service_rule.name, url]
+        end
+      end
+      puts table
+    end
+  end
+end

data/lib/casino/version.rb

@@ -1,3 +1,3 @@
 module CASino
-  VERSION = '1.3.2'
+  VERSION = '2.0.0'
 end

data/lib/generators/casino/install/USAGE

@@ -0,0 +1,13 @@
+CASino installation generator
+
+Description:
+    The 'casino:install' command installs the CASino Rails Engine into your
+    Rails application.
+
+Example:
+    rails g casino:install
+
+    This generates a few files inside your application that are required for
+    CASino to work properly.
+
+    See http://casino.rbcas.com for more information.

data/lib/generators/casino/install/install_generator.rb

@@ -0,0 +1,47 @@
+module CASino
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path('../templates', __FILE__)
+
+    # Explicit namespace needed for proper inflection.
+    # Thor::Group does not use ActiveSupport's Inflector when programmatically
+    # generating the namespace, so this would be to "c_a_sino" otherwise.
+    namespace 'casino:install'
+
+    class_option :migration,
+        desc: 'Skip generating migrations',
+        type: :boolean,
+        default: true
+
+    class_option :config_files,
+        desc: 'Install default config files',
+        type: :boolean,
+        default: true
+
+    def install_migrations
+      return unless options['migration']
+
+      rake 'casino:install:migrations'
+    end
+
+    def copy_config_files
+      return unless options['config_files']
+
+      copy_file 'cas.yml', 'config/cas.yml'
+      copy_file 'casino_and_overrides.scss', 'app/assets/stylesheets/casino_and_overrides.scss'
+    end
+
+    def insert_assets_loader
+      insert_into_file 'app/assets/javascripts/application.js', :after => %r{//= require +['"]?jquery_ujs['"]?} do
+        "\n//= require casino"
+      end
+    end
+
+    def insert_engine_routes
+      route "mount CASino::Engine => '/', :as => 'casino'"
+    end
+
+    def show_readme
+      readme 'README'
+    end
+  end
+end