cassy 1.0.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,4 @@
+# Cassy
+
+This project is designed to be a Rails 3.0 engine that uses a large portion of the code from the [rubycas-server][https://github.com/gunark/rubycas-server] project. Certain portions of this code belong to the rubycas-server project owners.
+

data/Rakefile

@@ -0,0 +1,13 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+Bundler::GemHelper.install_tasks
+
+task :default => :spec

data/lib/cassy.rb

@@ -0,0 +1,35 @@
+module Cassy
+  extend ActiveSupport::Autoload
+  
+  autoload :CAS
+  autoload :Utils
+  autoload :Engine
+
+  def self.draw_routes
+    Rails.application.routes.draw do
+      scope(:path => "cas") do
+        get 'login', :to => "cassy/sessions#new"
+        post 'login', :to => "cassy/sessions#create"
+        
+        get 'logout', :to => "cassy/sessions#destroy"
+        
+        get 'serviceValidate', :to => "cassy/sessions#service_validate"
+      end
+    end
+  end
+  
+  def self.root
+    Pathname.new(File.dirname(__FILE__) + "../..")
+  end
+  
+  # Just an easier way to get to the configuration for the engine
+  def self.config
+    Cassy::Engine.config.configuration
+  end
+  
+  class AuthenticatorError < Exception
+  end
+end
+
+require 'cassy/authenticators'
+require 'cassy/engine'

data/lib/cassy/authenticators.rb

@@ -0,0 +1,9 @@
+module Cassy
+  module Authenticators
+    extend ActiveSupport::Autoload
+    
+    autoload :Base
+    autoload :Devise
+    autoload :Test
+  end
+end

data/lib/cassy/authenticators/base.rb

@@ -0,0 +1,69 @@
+module Cassy
+  module Authenticators
+    class Base
+      class << self 
+        attr_accessor :options
+        attr_reader :username # make this accessible so that we can pick up any
+                              # transformations done within the authenticator
+      end
+
+      # This is called at server startup.
+      # Any class-wide initializiation for the authenticator should be done here.
+      # (e.g. establish database connection).
+      # You can leave this empty if you don't need to set up anything.
+      def self.setup(options)
+      end
+
+      # This is called prior to #validate (i.e. each time the user tries to log in).
+      # Any per-instance initialization for the authenticator should be done here.
+      #
+      # By default this makes the authenticator options hash available for #validate
+      # under @options and initializes @extra_attributes to an empty hash.
+      def self.configure(options)
+        raise ArgumentError, "options must be a HashWithIndifferentAccess" unless options.kind_of? HashWithIndifferentAccess
+        @options = options.dup
+        @extra_attributes = {}
+      end
+
+      # Override this to implement your authentication credential validation.
+      # This is called each time the user tries to log in. The credentials hash
+      # holds the credentials as entered by the user (generally under :username
+      # and :password keys; :service and :request are also included by default)
+      #
+      # Note that the standard credentials can be read in to instance variables
+      # by calling #read_standard_credentials.
+      def validate(credentials)
+        raise NotImplementedError, "This method must be implemented by a class extending #{self.class}"
+      end
+
+      def extra_attributes
+        @extra_attributes
+      end
+
+      protected
+      def self.read_standard_credentials(credentials)
+        @username = credentials[:username]
+        @password = credentials[:password]
+        @service = credentials[:service]
+        @request = credentials[:request]
+      end
+
+      def extra_attributes_to_extract
+        if @options[:extra_attributes].kind_of? Array
+          attrs = @options[:extra_attributes]
+        elsif @options[:extra_attributes].kind_of? String
+          attrs = @options[:extra_attributes].split(',').collect{|col| col.strip}
+        else
+          $LOG.error("Can't figure out attribute list from #{@options[:extra_attributes].inspect}. This must be an Aarray of column names or a comma-separated list.")
+          attrs = []
+        end
+
+        $LOG.debug("#{self.class.name} will try to extract the following extra_attributes: #{attrs.inspect}")
+        return attrs
+      end
+    end
+  end
+
+  class AuthenticatorError < Exception
+  end
+end

data/lib/cassy/authenticators/devise.rb

@@ -0,0 +1,12 @@
+module Cassy
+  module Authenticators
+    class Devise < Base
+      def self.validate(credentials)
+        # Find the user with the given email
+        user = User.find_by_email(credentials[:username])
+        # Did we find a user, and is their password valid?
+        user && user.valid_password?(credentials[:password])
+      end
+    end
+  end
+end

data/lib/cassy/authenticators/test.rb

@@ -0,0 +1,22 @@
+# encoding: UTF-8
+require 'cassy/authenticators/base'
+
+# Dummy authenticator used for testing.
+# Accepts any username as valid as long as the password is "testpassword"; otherwise authentication fails.
+# Raises an AuthenticationError when username is "do_error" (this is useful to test the Exception
+# handling functionality).
+class Cassy::Authenticators::Test < Cassy::Authenticators::Base
+  def self.validate(credentials)
+    read_standard_credentials(credentials)
+
+    raise Cassy::AuthenticatorError, "Username is 'do_error'!" if @username == 'do_error'
+
+    # @extra_attributes[:test_utf_string] = "Ютф"
+    # @extra_attributes[:test_numeric] = 123.45
+    # @extra_attributes[:test_serialized] = {:foo => 'bar', :alpha => [1,2,3]}
+
+    valid_password = options[:password] || "testpassword"
+
+    return @password == valid_password
+  end
+end

data/lib/cassy/cas.rb

@@ -0,0 +1,315 @@
+require 'uri'
+require 'net/https'
+
+require 'cassy/models'
+require 'cassy/utils'
+
+# Encapsulates CAS functionality. This module is meant to be included in
+# the Cassy::Controllers module.
+module Cassy
+  module CAS
+    
+    def settings
+      Cassy.config
+    end
+
+    def generate_login_ticket
+      # 3.5 (login ticket)
+      lt = Cassy::LoginTicket.new
+      lt.ticket = "LT-" + Cassy::Utils.random_string
+
+      lt.client_hostname = env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']
+      lt.save!
+      logger.debug("Generated login ticket '#{lt.ticket}' for client at '#{lt.client_hostname}'")
+      lt
+    end
+
+    # Creates a TicketGrantingTicket for the given username. This is done when the user logs in
+    # for the first time to establish their SSO session (after their credentials have been validated).
+    #
+    # The optional 'extra_attributes' parameter takes a hash of additional attributes
+    # that will be sent along with the username in the CAS response to subsequent
+    # validation requests from clients.
+    def generate_ticket_granting_ticket(username)
+      # 3.6 (ticket granting cookie/ticket)
+      tgt = Cassy::TicketGrantingTicket.new
+      tgt.ticket = "TGC-" + Cassy::Utils.random_string
+      tgt.username = username
+      tgt.client_hostname = env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']
+      tgt.save!
+      tgt
+    end
+
+    def generate_service_ticket(service, username, tgt)
+      # 3.1 (service ticket)
+      st = ServiceTicket.new
+      st.ticket = "ST-" + Cassy::Utils.random_string
+      st.service = service
+      st.username = username
+      st.granted_by_tgt_id = tgt.id
+      st.client_hostname = env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']
+      st.save!
+      logger.debug("Generated service ticket '#{st.ticket}' for service '#{st.service}'" +
+        " for user '#{st.username}' at '#{st.client_hostname}'")
+      st
+    end
+
+    def generate_proxy_ticket(target_service, pgt)
+      # 3.2 (proxy ticket)
+      pt = ProxyTicket.new
+      pt.ticket = "PT-" + Cassy::Utils.random_string
+      pt.service = target_service
+      pt.username = pgt.service_ticket.username
+      pt.granted_by_pgt_id = pgt.id
+      pt.granted_by_tgt_id = pgt.service_ticket.granted_by_tgt.id
+      pt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
+      pt.save!
+      logger.debug("Generated proxy ticket '#{pt.ticket}' for target service '#{pt.service}'" +
+        " for user '#{pt.username}' at '#{pt.client_hostname}' using proxy-granting" +
+        " ticket '#{pgt.ticket}'")
+      pt
+    end
+
+    def generate_proxy_granting_ticket(pgt_url, st)
+      uri = URI.parse(pgt_url)
+      https = Net::HTTP.new(uri.host,uri.port)
+      https.use_ssl = true
+
+      # Here's what's going on here:
+      #
+      #   1. We generate a ProxyGrantingTicket (but don't store it in the database just yet)
+      #   2. Deposit the PGT and it's associated IOU at the proxy callback URL.
+      #   3. If the proxy callback URL responds with HTTP code 200, store the PGT and return it;
+      #      otherwise don't save it and return nothing.
+      #
+      https.start do |conn|
+        path = uri.path.empty? ? '/' : uri.path
+        path += '?' + uri.query unless (uri.query.nil? || uri.query.empty?)
+      
+        pgt = ProxyGrantingTicket.new
+        pgt.ticket = "PGT-" + Cassy::Utils.random_string(60)
+        pgt.iou = "PGTIOU-" + Cassy::Utils.random_string(57)
+        pgt.service_ticket_id = st.id
+        pgt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
+
+        # FIXME: The CAS protocol spec says to use 'pgt' as the parameter, but in practice
+        #         the JA-SIG and Yale server implementations use pgtId. We'll go with the
+        #         in-practice standard.
+        path += (uri.query.nil? || uri.query.empty? ? '?' : '&') + "pgtId=#{pgt.ticket}&pgtIou=#{pgt.iou}"
+
+        response = conn.request_get(path)
+        # TODO: follow redirects... 2.5.4 says that redirects MAY be followed
+        # NOTE: The following response codes are valid according to the JA-SIG implementation even without following redirects
+      
+        if %w(200 202 301 302 304).include?(response.code)
+          # 3.4 (proxy-granting ticket IOU)
+          pgt.save!
+          logger.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}"
+          pgt
+        else
+          logger.warn "PGT callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
+          nil
+        end
+      end
+    end
+
+    def validate_login_ticket(ticket)
+      logger.debug("Validating login ticket '#{ticket}'")
+      
+      success = false
+      if ticket.nil?
+        error = "Your login request did not include a login ticket. There may be a problem with the authentication system."
+        logger.warn "Missing login ticket."
+      elsif lt = LoginTicket.find_by_ticket(ticket)
+        if lt.consumed?
+          error = "The login ticket you provided has already been used up. Please try logging in again."
+          logger.warn "Login ticket '#{ticket}' previously used up"
+        elsif Time.now - lt.created_on < settings[:maximum_unused_login_ticket_lifetime]
+          logger.info "Login ticket '#{ticket}' successfully validated"
+        else
+          error = "You took too long to enter your credentials. Please try again."
+          logger.warn "Expired login ticket '#{ticket}'"
+        end
+      else
+        error = "The login ticket you provided is invalid. There may be a problem with the authentication system."
+        logger.warn "Invalid login ticket '#{ticket}'"
+      end
+
+      lt.consume! if lt
+
+      error
+    end
+
+    def validate_ticket_granting_ticket(ticket)
+      logger.debug("Validating ticket granting ticket '#{ticket}'")
+
+      if ticket.nil?
+        error = "No ticket granting ticket given."
+        logger.debug error
+      elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
+        if settings.config[:maximum_session_lifetime] && Time.now - tgt.created_on > settings.config[:maximum_session_lifetime]
+  	tgt.destroy
+          error = "Your session has expired. Please log in again."
+          logger.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired."
+        else
+          logger.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated."
+        end
+      else
+        error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
+        logger.warn(error)
+      end
+
+      [tgt, error]
+    end
+
+    def validate_service_ticket(service, ticket, allow_proxy_tickets = false)
+      logger.debug "Validating service/proxy ticket '#{ticket}' for service '#{service}'"
+
+      if service.nil? or ticket.nil?
+        error = Error.new(:INVALID_REQUEST, "Ticket or service parameter was missing in the request.")
+        logger.warn "#{error.code} - #{error.message}"
+      elsif st = ServiceTicket.find_by_ticket(ticket)
+        if st.consumed?
+          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has already been used up.")
+          logger.warn "#{error.code} - #{error.message}"
+        elsif st.kind_of?(Cassy::ProxyTicket) && !allow_proxy_tickets
+          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' is a proxy ticket, but only service tickets are allowed here.")
+          logger.warn "#{error.code} - #{error.message}"
+        elsif Time.now - st.created_on > settings[:maximum_unused_service_ticket_lifetime]
+          error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has expired.")
+          logger.warn "Ticket '#{ticket}' has expired."
+        elsif !st.matches_service? service
+          error = Error.new(:INVALID_SERVICE, "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
+            " but the requested service '#{service}' does not match the service '#{st.service}' associated with this ticket.")
+          logger.warn "#{error.code} - #{error.message}"
+        else
+          logger.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
+        end
+      else
+        error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' not recognized.")
+        logger.warn("#{error.code} - #{error.message}")
+      end
+
+      if st
+        st.consume!
+      end
+
+
+      [st, error]
+    end
+
+    def validate_proxy_ticket(service, ticket)
+      pt, error = validate_service_ticket(service, ticket, true)
+
+      if pt.kind_of?(Cassy::ProxyTicket) && !error
+        if not pt.granted_by_pgt
+          error = Error.new(:INTERNAL_ERROR, "Proxy ticket '#{pt}' belonging to user '#{pt.username}' is not associated with a proxy granting ticket.")
+        elsif not pt.granted_by_pgt.service_ticket
+          error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{pt.granted_by_pgt}'"+
+            " (associated with proxy ticket '#{pt}' and belonging to user '#{pt.username}' is not associated with a service ticket.")
+        end
+      end
+
+      [pt, error]
+    end
+
+    def validate_proxy_granting_ticket(ticket)
+      if ticket.nil?
+        error = Error.new(:INVALID_REQUEST, "pgt parameter was missing in the request.")
+        logger.warn("#{error.code} - #{error.message}")
+      elsif pgt = ProxyGrantingTicket.find_by_ticket(ticket)
+        if pgt.service_ticket
+          logger.info("Proxy granting ticket '#{ticket}' belonging to user '#{pgt.service_ticket.username}' successfully validated.")
+        else
+          error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{ticket}' is not associated with a service ticket.")
+          logger.error("#{error.code} - #{error.message}")
+        end
+      else
+        error = Error.new(:BAD_PGT, "Invalid proxy granting ticket '#{ticket}' (no matching ticket found in the database).")
+        logger.warn("#{error.code} - #{error.message}")
+      end
+
+      [pgt, error]
+    end
+
+    # Takes an existing ServiceTicket object (presumably pulled from the database)
+    # and sends a POST with logout information to the service that the ticket
+    # was generated for.
+    #
+    # This makes possible the "single sign-out" functionality added in CAS 3.1.
+    # See http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
+    def send_logout_notification_for_service_ticket(st)
+      uri = URI.parse(st.service)
+      uri.path = '/' if uri.path.empty?
+      time = Time.now
+      rand = Cassy::Utils.random_string
+
+      begin
+        response = Net::HTTP.post_form(uri, {'logoutRequest' => URI.escape(%{<samlp:LogoutRequest ID="#{rand}" Version="2.0" IssueInstant="#{time.rfc2822}">
+          <saml:NameID></saml:NameID>
+          <samlp:SessionIndex>#{st.ticket}</samlp:SessionIndex>
+          </samlp:LogoutRequest>})})
+        if response.kind_of? Net::HTTPSuccess
+          logger.info "Logout notification successfully posted to #{st.service.inspect}."
+          return true
+        else
+          logger.error "Service #{st.service.inspect} responed to logout notification with code '#{response.code}'!"
+          return false
+        end
+      rescue Exception => e
+        logger.error "Failed to send logout notification to service #{st.service.inspect} due to #{e}"
+        return false
+      end
+    end
+
+    def service_uri_with_ticket(service, st)
+      raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? Cassy::ServiceTicket
+
+      # This will choke with a URI::InvalidURIError if service URI is not properly URI-escaped...
+      # This exception is handled further upstream (i.e. in the controller).
+      service_uri = URI.parse(service)
+
+      if service.include? "?"
+        if service_uri.query.empty?
+          query_separator = ""
+        else
+          query_separator = "&"
+        end
+      else
+        query_separator = "?"
+      end
+
+      service_with_ticket = service + query_separator + "ticket=" + st.ticket
+      service_with_ticket
+    end
+
+    # Strips CAS-related parameters from a service URL and normalizes it,
+    # removing trailing / and ?. Also converts any spaces to +.
+    #
+    # For example, "http://google.com?ticket=12345" will be returned as
+    # "http://google.com". Also, "http://google.com/" would be returned as
+    # "http://google.com".
+    #
+    # Note that only the first occurance of each CAS-related parameter is
+    # removed, so that "http://google.com?ticket=12345&ticket=abcd" would be
+    # returned as "http://google.com?ticket=abcd".
+    def clean_service_url(dirty_service)
+      return dirty_service if dirty_service.blank?
+      clean_service = dirty_service.dup
+      ['service', 'ticket', 'gateway', 'renew'].each do |p|
+        clean_service.sub!(Regexp.new("&?#{p}=[^&]*"), '')
+      end
+
+      clean_service.gsub!(/[\/\?&]$/, '') # remove trailing ?, /, or &
+      clean_service.gsub!('?&', '?')
+      clean_service.gsub!(' ', '+')
+
+      logger.debug("Cleaned dirty service URL #{dirty_service.inspect} to #{clean_service.inspect}") if
+        dirty_service != clean_service
+
+      return clean_service
+    end
+    module_function :clean_service_url
+
+  end
+end

data/lib/cassy/engine.rb

@@ -0,0 +1,10 @@
+module Cassy
+  class Engine < Rails::Engine
+    
+    config.config_file = ENV["RUBYCAS_CONFIG_FILE"] || "/etc/rubycas-server/config.yml"
+    
+    config.after_initialize do 
+      config.configuration = HashWithIndifferentAccess.new(YAML.load_file(config.config_file))
+    end
+  end
+end

data/lib/cassy/models.rb

@@ -0,0 +1,5 @@
+require 'cassy'
+
+Dir[Cassy.root + "app/models/cassy/*.rb"].each do |file|
+  require f
+end

data/lib/cassy/utils.rb

@@ -0,0 +1,32 @@
+require 'crypt-isaac'
+
+# Misc utility function used throughout by the RubyCAS-Server.
+module Cassy
+  module Utils
+    def random_string(max_length = 29)
+      rg =  Crypt::ISAAC.new
+      max = 4294619050
+      r = "#{Time.now.to_i}r%X%X%X%X%X%X%X%X" %
+        [rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max),
+         rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max)]
+      r[0..max_length-1]
+    end
+    module_function :random_string
+
+    def log_controller_action(controller, params)
+      $LOG << "\n"
+
+      /`(.*)'/.match(caller[1])
+      method = $~[1]
+
+      if params.respond_to? :dup
+        params2 = params.dup
+        params2['password'] = '******' if params2['password']
+      else
+        params2 = params
+      end
+      $LOG.debug("Processing #{controller}::#{method} #{params2.inspect}")
+    end
+    module_function :log_controller_action
+  end
+end

data/lib/tasks/cassy_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :cassy do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification 
+name: cassy
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 1.0.0
+platform: ruby
+authors: 
+- ryan@rubyx.com
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-16 00:00:00 +10:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: crypt-isaac
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :runtime
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rails
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        version: 3.0.7
+  type: :runtime
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rspec-rails
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.6.0
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: capybara
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: database_cleaner
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: sqlite3
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: launchy
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: devise
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.3"
+  type: :development
+  prerelease: false
+  version_requirements: *id008
+description: An engine that provides a CAS server to the application it's included within.
+email: 
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/cassy/authenticators/base.rb
+- lib/cassy/authenticators/devise.rb
+- lib/cassy/authenticators/test.rb
+- lib/cassy/authenticators.rb
+- lib/cassy/cas.rb
+- lib/cassy/engine.rb
+- lib/cassy/models.rb
+- lib/cassy/utils.rb
+- lib/cassy.rb
+- lib/tasks/cassy_tasks.rake
+- MIT-LICENSE
+- Rakefile
+- README.markdown
+has_rdoc: true
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3009467735426729429
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3009467735426729429
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Insert Cassy summary.
+test_files: []
+