casino_core 0.0.6 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/casino_core.gemspec +20 -3
- data/config/cas.yml +3 -0
- data/db/migrate/20121224113737_create_proxy_tickets.rb +15 -0
- data/db/migrate/20121225153637_add_pgt_url_to_proxy_granting_tickets.rb +11 -0
- data/db/migrate/20121225231301_proxy_granting_ticket_can_be_granted_by_proxy_ticket.rb +6 -0
- data/db/migrate/20121225231713_no_default_granter_type.rb +5 -0
- data/db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb +6 -0
- data/db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb +5 -0
- data/db/schema.rb +22 -8
- data/lib/casino_core/builder.rb +7 -0
- data/lib/casino_core/builder/ticket_validation_response.rb +76 -0
- data/lib/casino_core/helper.rb +1 -0
- data/lib/casino_core/helper/proxy_granting_tickets.rb +29 -22
- data/lib/casino_core/helper/proxy_tickets.rb +61 -0
- data/lib/casino_core/helper/service_tickets.rb +1 -34
- data/lib/casino_core/model.rb +1 -0
- data/lib/casino_core/model/proxy_granting_ticket.rb +3 -2
- data/lib/casino_core/model/proxy_ticket.rb +27 -0
- data/lib/casino_core/model/service_ticket.rb +17 -4
- data/lib/casino_core/model/service_ticket/single_sign_out_notifier.rb +6 -2
- data/lib/casino_core/model/ticket_granting_ticket.rb +21 -0
- data/lib/casino_core/processor.rb +2 -0
- data/lib/casino_core/processor/legacy_validator.rb +1 -1
- data/lib/casino_core/processor/proxy_ticket_provider.rb +44 -0
- data/lib/casino_core/processor/proxy_ticket_validator.rb +27 -0
- data/lib/casino_core/processor/service_ticket_validator.rb +25 -43
- data/lib/casino_core/processor/session_destroyer.rb +3 -0
- data/lib/casino_core/settings.rb +1 -1
- data/lib/casino_core/tasks/cleanup.rake +12 -2
- data/lib/casino_core/tasks/database.rake +3 -2
- data/spec/authenticator/base_spec.rb +13 -0
- data/spec/model/proxy_ticket_spec.rb +32 -0
- data/spec/model/service_ticket_spec.rb +24 -7
- data/spec/model/ticket_granting_ticket_spec.rb +35 -0
- data/spec/processor/proxy_ticket_provider_spec.rb +75 -0
- data/spec/processor/proxy_ticket_validator_spec.rb +66 -0
- data/spec/processor/session_destroyer_spec.rb +24 -2
- data/spec/processor/ticket_validator_spec.rb +125 -0
- metadata +21 -4
- data/spec/processor/service_ticket_validator_spec.rb +0 -123
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0
|
1
|
+
1.0.0
|
data/casino_core.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "casino_core"
|
8
|
-
s.version = "0.0
|
8
|
+
s.version = "1.0.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Nils Caspar"]
|
12
|
-
s.date = "2012-12-
|
12
|
+
s.date = "2012-12-26"
|
13
13
|
s.description = "A CAS server core library."
|
14
14
|
s.email = "ncaspar@me.com"
|
15
15
|
s.extra_rdoc_files = [
|
@@ -42,21 +42,31 @@ Gem::Specification.new do |s|
|
|
42
42
|
"db/migrate/20121125185415_create_proxy_granting_tickets.rb",
|
43
43
|
"db/migrate/20121125190013_tickets_should_be_unique.rb",
|
44
44
|
"db/migrate/20121223135227_proxy_granting_tickets_belongs_to_service_ticket.rb",
|
45
|
+
"db/migrate/20121224113737_create_proxy_tickets.rb",
|
46
|
+
"db/migrate/20121225153637_add_pgt_url_to_proxy_granting_tickets.rb",
|
47
|
+
"db/migrate/20121225231301_proxy_granting_ticket_can_be_granted_by_proxy_ticket.rb",
|
48
|
+
"db/migrate/20121225231713_no_default_granter_type.rb",
|
49
|
+
"db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb",
|
50
|
+
"db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb",
|
45
51
|
"db/schema.rb",
|
46
52
|
"lib/casino_core.rb",
|
47
53
|
"lib/casino_core/authenticator.rb",
|
48
54
|
"lib/casino_core/authenticator/static.rb",
|
55
|
+
"lib/casino_core/builder.rb",
|
56
|
+
"lib/casino_core/builder/ticket_validation_response.rb",
|
49
57
|
"lib/casino_core/helper.rb",
|
50
58
|
"lib/casino_core/helper/browser.rb",
|
51
59
|
"lib/casino_core/helper/logger.rb",
|
52
60
|
"lib/casino_core/helper/login_tickets.rb",
|
53
61
|
"lib/casino_core/helper/proxy_granting_tickets.rb",
|
62
|
+
"lib/casino_core/helper/proxy_tickets.rb",
|
54
63
|
"lib/casino_core/helper/service_tickets.rb",
|
55
64
|
"lib/casino_core/helper/ticket_granting_tickets.rb",
|
56
65
|
"lib/casino_core/helper/tickets.rb",
|
57
66
|
"lib/casino_core/model.rb",
|
58
67
|
"lib/casino_core/model/login_ticket.rb",
|
59
68
|
"lib/casino_core/model/proxy_granting_ticket.rb",
|
69
|
+
"lib/casino_core/model/proxy_ticket.rb",
|
60
70
|
"lib/casino_core/model/service_ticket.rb",
|
61
71
|
"lib/casino_core/model/service_ticket/single_sign_out_notifier.rb",
|
62
72
|
"lib/casino_core/model/ticket_granting_ticket.rb",
|
@@ -65,6 +75,8 @@ Gem::Specification.new do |s|
|
|
65
75
|
"lib/casino_core/processor/login_credential_acceptor.rb",
|
66
76
|
"lib/casino_core/processor/login_credential_requestor.rb",
|
67
77
|
"lib/casino_core/processor/logout.rb",
|
78
|
+
"lib/casino_core/processor/proxy_ticket_provider.rb",
|
79
|
+
"lib/casino_core/processor/proxy_ticket_validator.rb",
|
68
80
|
"lib/casino_core/processor/service_ticket_validator.rb",
|
69
81
|
"lib/casino_core/processor/session_destroyer.rb",
|
70
82
|
"lib/casino_core/processor/session_overview.rb",
|
@@ -73,16 +85,21 @@ Gem::Specification.new do |s|
|
|
73
85
|
"lib/casino_core/settings.rb",
|
74
86
|
"lib/casino_core/tasks/cleanup.rake",
|
75
87
|
"lib/casino_core/tasks/database.rake",
|
88
|
+
"spec/authenticator/base_spec.rb",
|
76
89
|
"spec/authenticator/static_spec.rb",
|
77
90
|
"spec/model/login_ticket_spec.rb",
|
91
|
+
"spec/model/proxy_ticket_spec.rb",
|
78
92
|
"spec/model/service_ticket_spec.rb",
|
93
|
+
"spec/model/ticket_granting_ticket_spec.rb",
|
79
94
|
"spec/processor/legacy_validator_spec.rb",
|
80
95
|
"spec/processor/login_credential_acceptor_spec.rb",
|
81
96
|
"spec/processor/login_credential_requestor_spec.rb",
|
82
97
|
"spec/processor/logout_spec.rb",
|
83
|
-
"spec/processor/
|
98
|
+
"spec/processor/proxy_ticket_provider_spec.rb",
|
99
|
+
"spec/processor/proxy_ticket_validator_spec.rb",
|
84
100
|
"spec/processor/session_destroyer_spec.rb",
|
85
101
|
"spec/processor/session_overview_spec.rb",
|
102
|
+
"spec/processor/ticket_validator_spec.rb",
|
86
103
|
"spec/spec_helper.rb"
|
87
104
|
]
|
88
105
|
s.homepage = "http://github.com/pencil/CASinoCore"
|
data/config/cas.yml
CHANGED
@@ -0,0 +1,15 @@
|
|
1
|
+
class CreateProxyTickets < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :proxy_tickets do |t|
|
4
|
+
t.string :ticket, null: false
|
5
|
+
t.string :service, null: false
|
6
|
+
t.boolean :consumed, null: false, default: false
|
7
|
+
t.integer :proxy_granting_ticket_id, null: false
|
8
|
+
|
9
|
+
t.timestamps
|
10
|
+
end
|
11
|
+
|
12
|
+
add_index :proxy_tickets, :ticket, unique: true
|
13
|
+
add_index :proxy_tickets, :proxy_granting_ticket_id
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class AddPgtUrlToProxyGrantingTickets < ActiveRecord::Migration
|
2
|
+
def up
|
3
|
+
add_column :proxy_granting_tickets, :pgt_url, :string, null: true
|
4
|
+
CASinoCore::Model::ProxyGrantingTicket.delete_all
|
5
|
+
change_column :proxy_granting_tickets, :pgt_url, :string, null: false
|
6
|
+
end
|
7
|
+
|
8
|
+
def down
|
9
|
+
remove_column :proxy_granting_tickets, :pgt_url
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
class ProxyGrantingTicketCanBeGrantedByProxyTicket < ActiveRecord::Migration
|
2
|
+
def up
|
3
|
+
add_column :proxy_granting_tickets, :granter_type, :string, null: false, default: 'ServiceTicket'
|
4
|
+
rename_column :proxy_granting_tickets, :service_ticket_id, :granter_id
|
5
|
+
end
|
6
|
+
end
|
data/db/schema.rb
CHANGED
@@ -11,7 +11,7 @@
|
|
11
11
|
#
|
12
12
|
# It's strongly recommended to check this file into your version control system.
|
13
13
|
|
14
|
-
ActiveRecord::Schema.define(:version =>
|
14
|
+
ActiveRecord::Schema.define(:version => 20121226211511) do
|
15
15
|
|
16
16
|
create_table "login_tickets", :force => true do |t|
|
17
17
|
t.string "ticket", :null => false
|
@@ -22,21 +22,35 @@ ActiveRecord::Schema.define(:version => 20121223135227) do
|
|
22
22
|
add_index "login_tickets", ["ticket"], :name => "index_login_tickets_on_ticket", :unique => true
|
23
23
|
|
24
24
|
create_table "proxy_granting_tickets", :force => true do |t|
|
25
|
-
t.string "ticket",
|
26
|
-
t.string "iou",
|
27
|
-
t.datetime "created_at",
|
28
|
-
t.datetime "updated_at",
|
29
|
-
t.integer "
|
25
|
+
t.string "ticket", :null => false
|
26
|
+
t.string "iou", :null => false
|
27
|
+
t.datetime "created_at", :null => false
|
28
|
+
t.datetime "updated_at", :null => false
|
29
|
+
t.integer "granter_id", :null => false
|
30
|
+
t.string "pgt_url", :null => false
|
31
|
+
t.string "granter_type", :null => false
|
30
32
|
end
|
31
33
|
|
34
|
+
add_index "proxy_granting_tickets", ["granter_type", "granter_id"], :name => "index_proxy_granting_tickets_on_granter_type_and_granter_id", :unique => true
|
32
35
|
add_index "proxy_granting_tickets", ["iou"], :name => "index_proxy_granting_tickets_on_iou", :unique => true
|
33
|
-
add_index "proxy_granting_tickets", ["service_ticket_id"], :name => "index_proxy_granting_tickets_on_service_ticket_id"
|
34
36
|
add_index "proxy_granting_tickets", ["ticket"], :name => "index_proxy_granting_tickets_on_ticket", :unique => true
|
35
37
|
|
38
|
+
create_table "proxy_tickets", :force => true do |t|
|
39
|
+
t.string "ticket", :null => false
|
40
|
+
t.string "service", :null => false
|
41
|
+
t.boolean "consumed", :default => false, :null => false
|
42
|
+
t.integer "proxy_granting_ticket_id", :null => false
|
43
|
+
t.datetime "created_at", :null => false
|
44
|
+
t.datetime "updated_at", :null => false
|
45
|
+
end
|
46
|
+
|
47
|
+
add_index "proxy_tickets", ["proxy_granting_ticket_id"], :name => "index_proxy_tickets_on_proxy_granting_ticket_id"
|
48
|
+
add_index "proxy_tickets", ["ticket"], :name => "index_proxy_tickets_on_ticket", :unique => true
|
49
|
+
|
36
50
|
create_table "service_tickets", :force => true do |t|
|
37
51
|
t.string "ticket", :null => false
|
38
52
|
t.string "service", :null => false
|
39
|
-
t.integer "ticket_granting_ticket_id"
|
53
|
+
t.integer "ticket_granting_ticket_id"
|
40
54
|
t.datetime "created_at", :null => false
|
41
55
|
t.datetime "updated_at", :null => false
|
42
56
|
t.boolean "consumed", :default => false, :null => false
|
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'builder'
|
2
|
+
require 'casino_core/builder'
|
3
|
+
|
4
|
+
class CASinoCore::Builder::TicketValidationResponse < CASinoCore::Builder
|
5
|
+
def initialize(success, options)
|
6
|
+
@success = success
|
7
|
+
@options = options
|
8
|
+
end
|
9
|
+
|
10
|
+
def build
|
11
|
+
xml = Builder::XmlMarkup.new(indent: 2)
|
12
|
+
xml.cas :serviceResponse, 'xmlns:cas' => 'http://www.yale.edu/tp/cas' do |service_response|
|
13
|
+
if @success
|
14
|
+
ticket = @options[:ticket]
|
15
|
+
if ticket.is_a?(CASinoCore::Model::ProxyTicket)
|
16
|
+
proxies = []
|
17
|
+
_ticket = ticket
|
18
|
+
while _ticket.is_a?(CASinoCore::Model::ProxyTicket)
|
19
|
+
proxy_granting_ticket = ticket.proxy_granting_ticket
|
20
|
+
proxies << proxy_granting_ticket.pgt_url
|
21
|
+
_ticket = proxy_granting_ticket.granter
|
22
|
+
end
|
23
|
+
ticket_granting_ticket = _ticket.ticket_granting_ticket
|
24
|
+
else
|
25
|
+
ticket_granting_ticket = ticket.ticket_granting_ticket
|
26
|
+
end
|
27
|
+
|
28
|
+
build_success_xml(service_response, ticket, ticket_granting_ticket, proxies)
|
29
|
+
else
|
30
|
+
build_failure_xml(service_response)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
xml.target!
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
def serialize_extra_attribute(builder, key, value)
|
38
|
+
if value.kind_of?(String) || value.kind_of?(Numeric) || value.kind_of?(Symbol)
|
39
|
+
builder.cas key, "#{value}"
|
40
|
+
elsif value.kind_of?(Numeric)
|
41
|
+
builder.cas key, value.to_s
|
42
|
+
else
|
43
|
+
builder.cas key do |container|
|
44
|
+
container.cdata! value.to_yaml
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def build_success_xml(service_response, ticket, ticket_granting_ticket, proxies)
|
50
|
+
service_response.cas :authenticationSuccess do |authentication_success|
|
51
|
+
authentication_success.cas :user, ticket_granting_ticket.username
|
52
|
+
unless ticket_granting_ticket.extra_attributes.blank?
|
53
|
+
authentication_success.cas :attributes do |attributes|
|
54
|
+
ticket_granting_ticket.extra_attributes.each do |key, value|
|
55
|
+
serialize_extra_attribute(attributes, key, value)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
if @options[:proxy_granting_ticket]
|
60
|
+
proxy_granting_ticket = @options[:proxy_granting_ticket]
|
61
|
+
authentication_success.cas :proxyGrantingTicket, proxy_granting_ticket.iou
|
62
|
+
end
|
63
|
+
if ticket.is_a?(CASinoCore::Model::ProxyTicket)
|
64
|
+
authentication_success.cas :proxies do |proxies_container|
|
65
|
+
proxies.each do |proxy|
|
66
|
+
proxies_container.cas :proxy, proxy
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def build_failure_xml(service_response)
|
74
|
+
service_response.cas :authenticationFailure, @options[:error_message], code: @options[:error_code]
|
75
|
+
end
|
76
|
+
end
|
data/lib/casino_core/helper.rb
CHANGED
@@ -7,6 +7,7 @@ module CASinoCore
|
|
7
7
|
autoload :Logger, 'casino_core/helper/logger.rb'
|
8
8
|
autoload :LoginTickets, 'casino_core/helper/login_tickets.rb'
|
9
9
|
autoload :ProxyGrantingTickets, 'casino_core/helper/proxy_granting_tickets.rb'
|
10
|
+
autoload :ProxyTickets, 'casino_core/helper/proxy_tickets.rb'
|
10
11
|
autoload :ServiceTickets, 'casino_core/helper/service_tickets.rb'
|
11
12
|
autoload :Tickets, 'casino_core/helper/tickets.rb'
|
12
13
|
autoload :TicketGrantingTickets, 'casino_core/helper/ticket_granting_tickets.rb'
|
@@ -12,33 +12,40 @@ module CASinoCore
|
|
12
12
|
|
13
13
|
def acquire_proxy_granting_ticket(pgt_url, service_ticket)
|
14
14
|
begin
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
return contact_callback_server(pgt_url, service_ticket)
|
16
|
+
rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError
|
17
|
+
logger.warn "Exception while communicating with proxy-granting ticket callback server: #{e.message}"
|
18
|
+
end
|
19
|
+
nil
|
20
|
+
end
|
18
21
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
22
|
+
private
|
23
|
+
def contact_callback_server(pgt_url, service_ticket)
|
24
|
+
callback_uri = Addressable::URI.parse(pgt_url)
|
25
|
+
https = Net::HTTP.new(callback_uri.host, callback_uri.port || 443)
|
26
|
+
https.use_ssl = true
|
24
27
|
|
25
|
-
|
28
|
+
https.start do |conn|
|
29
|
+
pgt = service_ticket.proxy_granting_tickets.new({
|
30
|
+
ticket: random_ticket_string('PGT'),
|
31
|
+
iou: random_ticket_string('PGTIOU'),
|
32
|
+
pgt_url: pgt_url
|
33
|
+
})
|
26
34
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
35
|
+
callback_uri.query_values = (callback_uri.query_values || {}).merge(pgtId: pgt.ticket, pgtIou: pgt.iou)
|
36
|
+
|
37
|
+
response = conn.request_get(callback_uri.request_uri)
|
38
|
+
# TODO: follow redirects... 2.5.4 says that redirects MAY be followed
|
39
|
+
if "#{response.code}" == "200"
|
40
|
+
# 3.4 (proxy-granting ticket IOU)
|
41
|
+
pgt.save!
|
42
|
+
logger.debug "Proxy-granting ticket generated for service '#{service_ticket.service}': #{pgt.inspect}"
|
43
|
+
pgt
|
44
|
+
else
|
45
|
+
logger.warn "Proxy-granting ticket callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
|
46
|
+
nil
|
37
47
|
end
|
38
|
-
rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError
|
39
|
-
logger.warn "Exception while communication with proxy-granting ticket callback server: #{e.message}"
|
40
48
|
end
|
41
|
-
nil
|
42
49
|
end
|
43
50
|
end
|
44
51
|
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
module CASinoCore
|
2
|
+
module Helper
|
3
|
+
module ProxyTickets
|
4
|
+
|
5
|
+
class ValidationResult < Struct.new(:error_code, :error_message, :error_severity)
|
6
|
+
def success?
|
7
|
+
self.error_code.nil?
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
include CASinoCore::Helper::Logger
|
12
|
+
include CASinoCore::Helper::Tickets
|
13
|
+
|
14
|
+
def acquire_proxy_ticket(proxy_granting_ticket, service)
|
15
|
+
proxy_granting_ticket.proxy_tickets.create!({
|
16
|
+
ticket: random_ticket_string('ST'),
|
17
|
+
service: service,
|
18
|
+
})
|
19
|
+
end
|
20
|
+
|
21
|
+
def validate_ticket_for_service(ticket, service, renew = false)
|
22
|
+
if ticket.nil?
|
23
|
+
result = ValidationResult.new 'INVALID_TICKET', 'Invalid validate request: Ticket does not exist', :warn
|
24
|
+
else
|
25
|
+
result = validate_existing_ticket_for_service(ticket, service, renew)
|
26
|
+
ticket.consumed = true
|
27
|
+
ticket.save!
|
28
|
+
logger.debug "Consumed ticket '#{ticket.ticket}'"
|
29
|
+
end
|
30
|
+
if result.success?
|
31
|
+
logger.info "Ticket '#{ticket.ticket}' for service '#{service}' successfully validated"
|
32
|
+
else
|
33
|
+
logger.send(result.error_severity, result.error_message)
|
34
|
+
end
|
35
|
+
result
|
36
|
+
end
|
37
|
+
|
38
|
+
def ticket_valid_for_service?(ticket, service, renew = false)
|
39
|
+
validate_ticket_for_service(ticket, service, renew).success?
|
40
|
+
end
|
41
|
+
|
42
|
+
private
|
43
|
+
def validate_existing_ticket_for_service(ticket, service, renew = false)
|
44
|
+
if ticket.is_a?(CASinoCore::Model::ServiceTicket)
|
45
|
+
service = clean_service_url(service)
|
46
|
+
end
|
47
|
+
if ticket.consumed?
|
48
|
+
ValidationResult.new 'INVALID_TICKET', "Ticket '#{ticket.ticket}' already consumed", :warn
|
49
|
+
elsif ticket.expired?
|
50
|
+
ValidationResult.new 'INVALID_TICKET', "Ticket '#{ticket.ticket}' has expired", :warn
|
51
|
+
elsif service != ticket.service
|
52
|
+
ValidationResult.new 'INVALID_SERVICE', "Ticket '#{ticket.ticket}' is not valid for service '#{service}'", :warn
|
53
|
+
elsif renew && !ticket.issued_from_credentials?
|
54
|
+
ValidationResult.new 'INVALID_TICKET', "Ticket '#{ticket.ticket}' was not issued from credentials but service '#{service}' will only accept a renewed ticket", :info
|
55
|
+
else
|
56
|
+
ValidationResult.new
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -5,6 +5,7 @@ module CASinoCore
|
|
5
5
|
module ServiceTickets
|
6
6
|
include CASinoCore::Helper::Logger
|
7
7
|
include CASinoCore::Helper::Tickets
|
8
|
+
include CASinoCore::Helper::ProxyTickets
|
8
9
|
|
9
10
|
def acquire_service_ticket(ticket_granting_ticket, service, credentials_supplied = nil)
|
10
11
|
ticket_granting_ticket.service_tickets.create!({
|
@@ -26,40 +27,6 @@ module CASinoCore
|
|
26
27
|
|
27
28
|
clean_service
|
28
29
|
end
|
29
|
-
|
30
|
-
def validate_service_ticket_for_service(ticket, service, renew = false)
|
31
|
-
result = if service.nil? or ticket.nil?
|
32
|
-
logger.warn 'Invalid validate request: no valid ticket or no valid service given'
|
33
|
-
'INVALID_REQUEST'
|
34
|
-
else
|
35
|
-
if ticket.consumed?
|
36
|
-
logger.warn "Service ticket '#{ticket.ticket}' already consumed"
|
37
|
-
'INVALID_TICKET'
|
38
|
-
elsif Time.now - ticket.created_at > CASinoCore::Settings.service_ticket[:lifetime_unconsumed]
|
39
|
-
logger.warn "Service ticket '#{ticket.ticket}' has expired"
|
40
|
-
'INVALID_TICKET'
|
41
|
-
elsif clean_service_url(service) != ticket.service
|
42
|
-
logger.warn "Service ticket '#{ticket.ticket}' is not valid for service '#{service}'"
|
43
|
-
'INVALID_SERVICE'
|
44
|
-
elsif renew && !ticket.issued_from_credentials?
|
45
|
-
logger.info "Service ticket '#{ticket.ticket}' was not issued from credentials but service '#{service}' will only accept a renewed ticket"
|
46
|
-
'INVALID_TICKET'
|
47
|
-
else
|
48
|
-
logger.info "Service ticket '#{ticket.ticket}' for service '#{service}' successfully validated"
|
49
|
-
true
|
50
|
-
end
|
51
|
-
end
|
52
|
-
unless ticket.nil?
|
53
|
-
logger.debug "Consumed ticket '#{ticket.ticket}'"
|
54
|
-
ticket.consumed = true
|
55
|
-
ticket.save!
|
56
|
-
end
|
57
|
-
result
|
58
|
-
end
|
59
|
-
|
60
|
-
def service_ticket_valid_for_service?(ticket, service, renew = false)
|
61
|
-
validate_service_ticket_for_service(ticket, service, renew) == true
|
62
|
-
end
|
63
30
|
end
|
64
31
|
end
|
65
32
|
end
|