casino 1.3.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +0 -0
- data/.gitignore +3 -0
- data/.travis.yml +1 -1
- data/README.md +1 -8
- data/Rakefile +0 -2
- data/app/assets/javascripts/casino/application.js +1 -0
- data/app/assets/javascripts/casino/index.js +0 -2
- data/app/assets/javascripts/casino/sessions.js +32 -0
- data/app/authenticators/casino/static_authenticator.rb +23 -0
- data/app/builders/casino/ticket_validation_response_builder.rb +84 -0
- data/app/controllers/casino/api/v1/tickets_controller.rb +7 -4
- data/app/controllers/casino/application_controller.rb +2 -3
- data/{lib/casino/listener/legacy_validator.rb → app/listeners/casino/legacy_validator_listener.rb} +2 -2
- data/app/listeners/casino/listener.rb +16 -0
- data/{lib/casino/listener/login_credential_acceptor.rb → app/listeners/casino/login_credential_acceptor_listener.rb} +2 -2
- data/{lib/casino/listener/login_credential_requestor.rb → app/listeners/casino/login_credential_requestor_listener.rb} +2 -2
- data/{lib/casino/listener/logout.rb → app/listeners/casino/logout_listener.rb} +2 -2
- data/{lib/casino/listener/other_sessions_destroyer.rb → app/listeners/casino/other_sessions_destroyer_listener.rb} +2 -2
- data/{lib/casino/listener/proxy_ticket_provider.rb → app/listeners/casino/proxy_ticket_provider_listener.rb} +2 -2
- data/{lib/casino/listener/second_factor_authentication_acceptor.rb → app/listeners/casino/second_factor_authentication_acceptor_listener.rb} +2 -2
- data/{lib/casino/listener/session_destroyer.rb → app/listeners/casino/session_destroyer_listener.rb} +2 -2
- data/{lib/casino/listener/session_overview.rb → app/listeners/casino/session_overview_listener.rb} +2 -2
- data/{lib/casino/listener/ticket_validator.rb → app/listeners/casino/ticket_validator_listener.rb} +2 -2
- data/{lib/casino/listener/two_factor_authenticator_activator.rb → app/listeners/casino/two_factor_authenticator_activator_listener.rb} +2 -2
- data/{lib/casino/listener/two_factor_authenticator_destroyer.rb → app/listeners/casino/two_factor_authenticator_destroyer_listener.rb} +2 -2
- data/{lib/casino/listener/two_factor_authenticator_overview.rb → app/listeners/casino/two_factor_authenticator_overview_listener.rb} +2 -2
- data/{lib/casino/listener/two_factor_authenticator_registrator.rb → app/listeners/casino/two_factor_authenticator_registrator_listener.rb} +2 -2
- data/app/models/casino/login_ticket.rb +12 -0
- data/app/models/casino/proxy_granting_ticket.rb +8 -0
- data/app/models/casino/proxy_ticket.rb +25 -0
- data/app/models/casino/service_rule.rb +27 -0
- data/app/models/casino/service_ticket.rb +43 -0
- data/app/models/casino/service_ticket/single_sign_out_notifier.rb +44 -0
- data/app/models/casino/ticket_granting_ticket.rb +57 -0
- data/app/models/casino/two_factor_authenticator.rb +18 -0
- data/app/models/casino/user.rb +12 -0
- data/app/models/casino/validation_result.rb +5 -0
- data/app/processors/casino/api/login_credential_acceptor_processor.rb +46 -0
- data/app/processors/casino/api/logout_processor.rb +17 -0
- data/app/processors/casino/api/service_ticket_provider_processor.rb +69 -0
- data/app/processors/casino/legacy_validator_processor.rb +19 -0
- data/app/processors/casino/login_credential_acceptor_processor.rb +63 -0
- data/app/processors/casino/login_credential_requestor_processor.rb +66 -0
- data/app/processors/casino/logout_processor.rb +23 -0
- data/app/processors/casino/other_sessions_destroyer_processor.rb +26 -0
- data/app/processors/casino/processor.rb +5 -0
- data/app/processors/casino/processor_concern/authentication.rb +87 -0
- data/app/processors/casino/processor_concern/browser.rb +14 -0
- data/app/processors/casino/processor_concern/login_tickets.rb +28 -0
- data/app/processors/casino/processor_concern/proxy_granting_tickets.rb +43 -0
- data/app/processors/casino/processor_concern/proxy_tickets.rb +56 -0
- data/app/processors/casino/processor_concern/service_tickets.rb +50 -0
- data/app/processors/casino/processor_concern/ticket_granting_tickets.rb +65 -0
- data/app/processors/casino/processor_concern/tickets.rb +17 -0
- data/app/processors/casino/processor_concern/two_factor_authenticators.rb +22 -0
- data/app/processors/casino/proxy_ticket_provider_processor.rb +41 -0
- data/app/processors/casino/proxy_ticket_validator_processor.rb +22 -0
- data/app/processors/casino/second_factor_authentication_acceptor_processor.rb +45 -0
- data/app/processors/casino/service_ticket_validator_processor.rb +46 -0
- data/app/processors/casino/session_destroyer_processor.rb +25 -0
- data/app/processors/casino/session_overview_processor.rb +21 -0
- data/app/processors/casino/two_factor_authenticator_activator_processor.rb +41 -0
- data/app/processors/casino/two_factor_authenticator_destroyer_processor.rb +33 -0
- data/app/processors/casino/two_factor_authenticator_overview_processor.rb +20 -0
- data/app/processors/casino/two_factor_authenticator_registrator_processor.rb +24 -0
- data/app/views/casino/application/_footer.html.erb +1 -1
- data/app/views/casino/sessions/new.html.erb +2 -1
- data/app/views/casino/sessions/validate_otp.html.erb +1 -1
- data/app/views/casino/two_factor_authenticators/new.html.erb +2 -2
- data/app/views/layouts/application.html.erb +1 -1
- data/casino.gemspec +9 -4
- data/db/migrate/20130809135400_create_core_schema.rb +117 -0
- data/db/migrate/20130809135401_rename_base_models.rb +101 -0
- data/db/migrate/20131022110146_cleanup_indexes.rb +27 -0
- data/db/migrate/20131022110246_fix_long_index_names.rb +12 -0
- data/db/migrate/20131022110346_change_service_to_text.rb +6 -0
- data/lib/casino.rb +47 -3
- data/lib/casino/authenticator.rb +9 -0
- data/lib/casino/engine.rb +26 -0
- data/lib/casino/inflections.rb +7 -0
- data/lib/casino/tasks.rb +1 -0
- data/lib/casino/tasks/cleanup.rake +59 -0
- data/lib/casino/tasks/service_rule.rake +49 -0
- data/lib/casino/version.rb +1 -1
- data/lib/generators/casino/install/USAGE +13 -0
- data/lib/generators/casino/install/install_generator.rb +47 -0
- data/lib/generators/casino/{templates → install/templates}/README +3 -4
- data/lib/generators/casino/{templates → install/templates}/cas.yml +2 -2
- data/lib/generators/casino/{templates → install/templates}/casino_and_overrides.scss +0 -0
- data/lib/generators/casino/templates/casino_core.rb +1 -1
- data/spec/authenticator/base_spec.rb +13 -0
- data/spec/authenticator/static_spec.rb +42 -0
- data/spec/controllers/api/v1/tickets_controller_spec.rb +15 -15
- data/spec/controllers/listener/legacy_validator_spec.rb +1 -1
- data/spec/controllers/listener/login_credential_acceptor_spec.rb +1 -1
- data/spec/controllers/listener/login_credential_requestor_spec.rb +1 -1
- data/spec/controllers/listener/logout_spec.rb +1 -1
- data/spec/controllers/listener/other_sessions_destroyer_spec.rb +1 -1
- data/spec/controllers/listener/proxy_ticket_provider_spec.rb +1 -1
- data/spec/controllers/listener/second_factor_authentication_acceptor_spec.rb +1 -1
- data/spec/controllers/listener/session_destroyer_spec.rb +1 -1
- data/spec/controllers/listener/session_overview_spec.rb +1 -1
- data/spec/controllers/listener/ticket_validator_spec.rb +1 -1
- data/spec/controllers/listener/two_factor_authenticator_activator_spec.rb +1 -1
- data/spec/controllers/listener/two_factor_authenticator_destroyer_spec.rb +1 -1
- data/spec/controllers/listener/two_factor_authenticator_overview_spec.rb +1 -1
- data/spec/controllers/listener/two_factor_authenticator_registrator_spec.rb +1 -1
- data/spec/controllers/proxy_tickets_controller_spec.rb +4 -4
- data/spec/controllers/service_tickets_controller_spec.rb +4 -4
- data/spec/controllers/sessions_controller_spec.rb +15 -15
- data/spec/controllers/two_factor_authenticators_controller_spec.rb +6 -6
- data/spec/dummy/app/assets/stylesheets/casino_and_overrides.scss +13 -0
- data/spec/dummy/config/cas.yml +11 -11
- data/spec/dummy/config/routes.rb +1 -2
- data/spec/dummy/db/migrate/20130910094259_create_base_models.casino.rb +95 -0
- data/spec/dummy/db/schema.rb +107 -0
- data/spec/model/login_ticket_spec.rb +23 -0
- data/spec/model/proxy_ticket_spec.rb +63 -0
- data/spec/model/service_rule_spec.rb +65 -0
- data/spec/model/service_ticket/single_sign_out_notifier_spec.rb +61 -0
- data/spec/model/service_ticket_spec.rb +124 -0
- data/spec/model/ticket_granting_ticket_spec.rb +204 -0
- data/spec/model/two_factor_authenticator_spec.rb +31 -0
- data/spec/processor/api/login_credential_acceptor_spec.rb +52 -0
- data/spec/processor/api/logout_spec.rb +34 -0
- data/spec/processor/api/service_ticket_provider_spec.rb +61 -0
- data/spec/processor/legacy_validator_spec.rb +78 -0
- data/spec/processor/login_credential_acceptor_spec.rb +164 -0
- data/spec/processor/login_credential_requestor_spec.rb +135 -0
- data/spec/processor/logout_other_sessions_spec.rb +53 -0
- data/spec/processor/logout_spec.rb +72 -0
- data/spec/processor/processor_concern/service_tickets_spec.rb +49 -0
- data/spec/processor/proxy_ticket_provider_spec.rb +66 -0
- data/spec/processor/proxy_ticket_validator_spec.rb +65 -0
- data/spec/processor/second_factor_authenticaton_acceptor_spec.rb +94 -0
- data/spec/processor/session_destroyer_spec.rb +75 -0
- data/spec/processor/session_overview_spec.rb +49 -0
- data/spec/processor/ticket_validator_spec.rb +199 -0
- data/spec/processor/two_factor_authenticator_activator_spec.rb +122 -0
- data/spec/processor/two_factor_authenticator_destroyer_spec.rb +71 -0
- data/spec/processor/two_factor_authenticator_overview_spec.rb +56 -0
- data/spec/processor/two_factor_authenticator_registrator_spec.rb +48 -0
- data/spec/spec_helper.rb +8 -19
- data/spec/support/casino.rb +12 -0
- data/spec/support/factories/login_ticket_factory.rb +16 -0
- data/spec/support/factories/proxy_granting_ticket_factory.rb +16 -0
- data/spec/support/factories/proxy_ticket_factory.rb +17 -0
- data/spec/support/factories/service_rule_factory.rb +16 -0
- data/spec/support/factories/service_ticket_factory.rb +17 -0
- data/spec/support/factories/ticket_granting_ticket_factory.rb +15 -0
- data/spec/support/factories/two_factor_authenticator_factory.rb +16 -0
- data/spec/support/factories/user_factory.rb +11 -0
- data/spec/support/rspec.rb +8 -0
- data/spec/support/sqlite3.rb +4 -0
- metadata +284 -48
- metadata.gz.sig +2 -0
- data/.powrc +0 -4
- data/Gemfile.lock +0 -149
- data/app/assets/javascripts/casino/application.js.coffee +0 -5
- data/app/assets/javascripts/casino/sessions.js.coffee +0 -15
- data/config/initializers/frontend_config.rb +0 -9
- data/config/initializers/inflections.rb +0 -19
- data/config/initializers/yaml.rb +0 -1
- data/lib/casino/listener.rb +0 -31
- data/lib/generators/casino/install_generator.rb +0 -35
- data/spec/dummy/config/initializers/casino_core.rb +0 -1
data.tar.gz.sig
ADDED
|
Binary file
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -1,16 +1,9 @@
|
|
|
1
|
-
# CASino [](https://travis-ci.org/rbCAS/CASino)
|
|
1
|
+
# CASino [](https://travis-ci.org/rbCAS/CASino) [](https://coveralls.io/r/rbCAS/CASino?branch=master)
|
|
2
2
|
|
|
3
3
|
CASino Rails Engine (used in CASinoApp).
|
|
4
4
|
|
|
5
5
|
It currently supports [CAS 1.0 and CAS 2.0](http://www.jasig.org/cas/protocol) as well as [CAS 3.1 Single Sign Out](https://wiki.jasig.org/display/CASUM/Single+Sign+Out) and [CAS RESTful API](https://wiki.jasig.org/display/CASUM/RESTful+API).
|
|
6
6
|
|
|
7
|
-
CASino is separated into a web app and core components:
|
|
8
|
-
|
|
9
|
-
* CASino is the web application (using the Rails framework)
|
|
10
|
-
* CASinoCore contains all the CAS server logic
|
|
11
|
-
|
|
12
|
-
This simplifies the creation of a CAS server implementation for other developers.
|
|
13
|
-
|
|
14
7
|
## Setup
|
|
15
8
|
|
|
16
9
|
Please check our [documentation](http://casino.rbcas.com/) for setup and configuration instructions.
|
data/Rakefile
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
// Place all the behaviors and hooks related to the matching controller here.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
(function(win, doc) {
|
|
2
|
+
var url = '/login',
|
|
3
|
+
cookie_regex = /(^|;)\s*tgt=/,
|
|
4
|
+
ready_bound = false;
|
|
5
|
+
|
|
6
|
+
function checkCookieExists() {
|
|
7
|
+
var serviceEl = doc.getElementById('service'),
|
|
8
|
+
service = serviceEl ? serviceEl.getAttribute('value') : null;
|
|
9
|
+
|
|
10
|
+
if(cookie_regex.test(document.cookie)) {
|
|
11
|
+
url = '/login';
|
|
12
|
+
if(service) {
|
|
13
|
+
url += '?service=' + encodeURIComponent(service);
|
|
14
|
+
}
|
|
15
|
+
window.location = url;
|
|
16
|
+
} else {
|
|
17
|
+
setTimeout(checkCookieExists, 1000);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
// Auto-login when logged-in in other browser window (9887c4e)
|
|
22
|
+
document.addEventListener('DOMContentLoaded', function() {
|
|
23
|
+
if(ready_bound) {
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
26
|
+
ready_bound = true;
|
|
27
|
+
if(doc.getElementById('login-form')) {
|
|
28
|
+
checkCookieExists();
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
})(this, document);
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
require 'casino/authenticator'
|
|
2
|
+
|
|
3
|
+
# The static authenticator is just a simple example.
|
|
4
|
+
# Never ever us this authenticator in a productive environment!
|
|
5
|
+
class CASino::StaticAuthenticator < CASino::Authenticator
|
|
6
|
+
|
|
7
|
+
# @param [Hash] options
|
|
8
|
+
def initialize(options)
|
|
9
|
+
@users = options[:users] || {}
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def validate(username, password)
|
|
13
|
+
username = :"#{username}"
|
|
14
|
+
if @users.include?(username) && @users[username][:password] == password
|
|
15
|
+
{
|
|
16
|
+
username: "#{username}",
|
|
17
|
+
extra_attributes: @users[username].except(:password)
|
|
18
|
+
}
|
|
19
|
+
else
|
|
20
|
+
false
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
require 'builder'
|
|
2
|
+
|
|
3
|
+
class CASino::TicketValidationResponseBuilder
|
|
4
|
+
def initialize(success, options)
|
|
5
|
+
@success = success
|
|
6
|
+
@options = options
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def build
|
|
10
|
+
xml = Builder::XmlMarkup.new(indent: 2)
|
|
11
|
+
xml.cas :serviceResponse, 'xmlns:cas' => 'http://www.yale.edu/tp/cas' do |service_response|
|
|
12
|
+
if @success
|
|
13
|
+
ticket = @options[:ticket]
|
|
14
|
+
if ticket.is_a?(CASino::ProxyTicket)
|
|
15
|
+
proxies = []
|
|
16
|
+
service_ticket = ticket
|
|
17
|
+
while service_ticket.is_a?(CASino::ProxyTicket)
|
|
18
|
+
proxy_granting_ticket = ticket.proxy_granting_ticket
|
|
19
|
+
proxies << proxy_granting_ticket.pgt_url
|
|
20
|
+
service_ticket = proxy_granting_ticket.granter
|
|
21
|
+
end
|
|
22
|
+
ticket_granting_ticket = service_ticket.ticket_granting_ticket
|
|
23
|
+
else
|
|
24
|
+
service_ticket = ticket
|
|
25
|
+
ticket_granting_ticket = ticket.ticket_granting_ticket
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
build_success_xml(service_response, ticket, service_ticket, ticket_granting_ticket, proxies)
|
|
29
|
+
else
|
|
30
|
+
build_failure_xml(service_response)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
xml.target!
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
private
|
|
37
|
+
def serialize_extra_attribute(builder, key, value)
|
|
38
|
+
if value.kind_of?(String) || value.kind_of?(Numeric) || value.kind_of?(Symbol)
|
|
39
|
+
builder.cas key, "#{value}"
|
|
40
|
+
else
|
|
41
|
+
builder.cas key do |container|
|
|
42
|
+
container.cdata! value.to_yaml
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def build_success_xml(service_response, ticket, service_ticket, ticket_granting_ticket, proxies)
|
|
48
|
+
user = ticket_granting_ticket.user
|
|
49
|
+
service_response.cas :authenticationSuccess do |authentication_success|
|
|
50
|
+
authentication_success.cas :user, user.username
|
|
51
|
+
unless user.extra_attributes.blank?
|
|
52
|
+
authentication_success.cas :attributes do |attributes|
|
|
53
|
+
attributes.cas :authenticationDate, ticket_granting_ticket.created_at.iso8601
|
|
54
|
+
attributes.cas :longTermAuthenticationRequestTokenUsed, ticket_granting_ticket.long_term?
|
|
55
|
+
attributes.cas :isFromNewLogin, service_ticket.issued_from_credentials?
|
|
56
|
+
# This would probably be the correct way, but current clients do not support this:
|
|
57
|
+
# attributes.cas :userAttributes do |user_attributes|
|
|
58
|
+
# user.extra_attributes.each do |key, value|
|
|
59
|
+
# serialize_extra_attribute(user_attributes, key, value)
|
|
60
|
+
# end
|
|
61
|
+
# end
|
|
62
|
+
user.extra_attributes.each do |key, value|
|
|
63
|
+
serialize_extra_attribute(attributes, key, value)
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
if @options[:proxy_granting_ticket]
|
|
68
|
+
proxy_granting_ticket = @options[:proxy_granting_ticket]
|
|
69
|
+
authentication_success.cas :proxyGrantingTicket, proxy_granting_ticket.iou
|
|
70
|
+
end
|
|
71
|
+
if ticket.is_a?(CASino::ProxyTicket)
|
|
72
|
+
authentication_success.cas :proxies do |proxies_container|
|
|
73
|
+
proxies.each do |proxy|
|
|
74
|
+
proxies_container.cas :proxy, proxy
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def build_failure_xml(service_response)
|
|
82
|
+
service_response.cas :authenticationFailure, @options[:error_message], code: @options[:error_code]
|
|
83
|
+
end
|
|
84
|
+
end
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
class CASino::
|
|
1
|
+
class CASino::Api::V1::TicketsController < CASino::ApplicationController
|
|
2
2
|
|
|
3
3
|
# POST /cas/v1/tickets
|
|
4
4
|
def create
|
|
5
|
-
|
|
5
|
+
CASino::API::LoginCredentialAcceptorProcessor.new(self).process(params, request.user_agent)
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
# POST /cas/v1/tickets/{TGT id}
|
|
9
9
|
def update
|
|
10
|
-
|
|
10
|
+
CASino::API::ServiceTicketProviderProcessor.new(self).process(params[:id], params, request.user_agent)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
# DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie
|
|
14
14
|
def destroy
|
|
15
|
-
|
|
15
|
+
CASino::API::LogoutProcessor.new(self).process(params[:id], request.user_agent)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
# callbacks
|
|
@@ -50,3 +50,6 @@ class CASino::API::V1::TicketsController < CASino::ApplicationController
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
end
|
|
53
|
+
|
|
54
|
+
# Inflector alias
|
|
55
|
+
CASino::API = CASino::Api
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
require 'casino'
|
|
2
|
-
require 'casino_core'
|
|
3
2
|
require 'http_accept_language'
|
|
4
3
|
|
|
5
4
|
class CASino::ApplicationController < ::ApplicationController
|
|
@@ -15,8 +14,8 @@ class CASino::ApplicationController < ::ApplicationController
|
|
|
15
14
|
protected
|
|
16
15
|
def processor(processor_name, listener_name = nil)
|
|
17
16
|
listener_name ||= processor_name
|
|
18
|
-
listener = CASino
|
|
19
|
-
@processor =
|
|
17
|
+
listener = CASino.const_get(:"#{listener_name}Listener").new(self)
|
|
18
|
+
@processor = CASino.const_get(:"#{processor_name}Processor").new(listener)
|
|
20
19
|
end
|
|
21
20
|
|
|
22
21
|
def set_locale
|
data/{lib/casino/listener/legacy_validator.rb → app/listeners/casino/legacy_validator_listener.rb}
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::LegacyValidatorListener < CASino::Listener
|
|
4
4
|
def validation_failed(text)
|
|
5
5
|
@controller.render text: text, content_type: 'text/plain'
|
|
6
6
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
module CASino
|
|
2
|
+
class Listener
|
|
3
|
+
|
|
4
|
+
# include helpers to have the route path methods (like sessions_path)
|
|
5
|
+
include CASino::Engine.routes.url_helpers
|
|
6
|
+
|
|
7
|
+
def initialize(controller)
|
|
8
|
+
@controller = controller
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
protected
|
|
12
|
+
def assign(name, value)
|
|
13
|
+
@controller.instance_variable_set("@#{name}", value)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::LoginCredentialAcceptorListener < CASino::Listener
|
|
4
4
|
def user_logged_in(url, ticket_granting_ticket, cookie_expiry_time = nil)
|
|
5
5
|
@controller.cookies[:tgt] = { value: ticket_granting_ticket, expires: cookie_expiry_time }
|
|
6
6
|
if url.nil?
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::LoginCredentialRequestorListener < CASino::Listener
|
|
4
4
|
def user_not_logged_in(login_ticket)
|
|
5
5
|
assign(:login_ticket, login_ticket)
|
|
6
6
|
@controller.cookies.delete :tgt
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::LogoutListener < CASino::Listener
|
|
4
4
|
def user_logged_out(url, redirect_immediately = false)
|
|
5
5
|
if redirect_immediately
|
|
6
6
|
@controller.redirect_to url, status: :see_other
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::OtherSessionsDestroyerListener < CASino::Listener
|
|
4
4
|
def other_sessions_destroyed(url)
|
|
5
5
|
@controller.redirect_to(url || sessions_path)
|
|
6
6
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::SecondFactorAuthenticationAcceptorListener < CASino::Listener
|
|
4
4
|
|
|
5
5
|
def user_not_logged_in
|
|
6
6
|
@controller.redirect_to login_path
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::TwoFactorAuthenticatorActivatorListener < CASino::Listener
|
|
4
4
|
def user_not_logged_in
|
|
5
5
|
@controller.redirect_to login_path
|
|
6
6
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::TwoFactorAuthenticatorDestroyerListener < CASino::Listener
|
|
4
4
|
def user_not_logged_in
|
|
5
5
|
@controller.redirect_to login_path
|
|
6
6
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative 'listener'
|
|
2
2
|
|
|
3
|
-
class CASino::
|
|
3
|
+
class CASino::TwoFactorAuthenticatorRegistratorListener < CASino::Listener
|
|
4
4
|
def user_not_logged_in
|
|
5
5
|
@controller.redirect_to login_path
|
|
6
6
|
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
class CASino::LoginTicket < ActiveRecord::Base
|
|
2
|
+
attr_accessible :ticket
|
|
3
|
+
validates :ticket, uniqueness: true
|
|
4
|
+
|
|
5
|
+
def self.cleanup
|
|
6
|
+
self.delete_all(['created_at < ?', CASino.config.login_ticket[:lifetime].seconds.ago])
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def to_s
|
|
10
|
+
self.ticket
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'addressable/uri'
|
|
2
|
+
|
|
3
|
+
class CASino::ProxyTicket < ActiveRecord::Base
|
|
4
|
+
attr_accessible :ticket, :service
|
|
5
|
+
validates :ticket, uniqueness: true
|
|
6
|
+
belongs_to :proxy_granting_ticket
|
|
7
|
+
has_many :proxy_granting_tickets, as: :granter, dependent: :destroy
|
|
8
|
+
|
|
9
|
+
def self.cleanup_unconsumed
|
|
10
|
+
self.destroy_all(['created_at < ? AND consumed = ?', CASino.config.proxy_ticket[:lifetime_unconsumed].seconds.ago, false])
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.cleanup_consumed
|
|
14
|
+
self.destroy_all(['created_at < ? AND consumed = ?', CASino.config.proxy_ticket[:lifetime_consumed].seconds.ago, true])
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def expired?
|
|
18
|
+
lifetime = if consumed?
|
|
19
|
+
CASino.config.proxy_ticket[:lifetime_consumed]
|
|
20
|
+
else
|
|
21
|
+
CASino.config.proxy_ticket[:lifetime_unconsumed]
|
|
22
|
+
end
|
|
23
|
+
(Time.now - (self.created_at || Time.now)) > lifetime
|
|
24
|
+
end
|
|
25
|
+
end
|