kch-rubycas-server 0.8.0.20090715

data/lib/casserver/load_picnic.rb

@@ -0,0 +1,19 @@
+if File.exists?(picnic = File.expand_path(File.dirname(File.expand_path(__FILE__))+'/../../vendor/picnic/lib'))
+  puts "Loading picnic from #{picnic.inspect}..."
+  $: << picnic
+elsif File.exists?(picnic = File.expand_path(File.dirname(File.expand_path(__FILE__))+'/../../../picnic/lib'))
+  puts "Loading picnic from #{picnic.inspect}..."
+  $: << picnic
+else
+  puts "Loading picnic from rubygems..."
+  require 'rubygems'
+  
+  begin
+    # Try to load dev version of picnic if available (for example 'zuk-picnic' from Github)
+    gem /^.*?-picnic$/
+  rescue Gem::LoadError
+    gem 'picnic'
+  end
+end
+
+

data/lib/casserver/localization.rb

@@ -0,0 +1,82 @@
+require "gettext"
+require "gettext/cgi"
+
+module CASServer
+  include GetText
+  bindtextdomain("rubycas-server", :path => File.join(File.dirname(File.expand_path(__FILE__)), "../../locale"))
+  
+  def service(*a)
+    GetText.locale = determine_locale
+    #puts GetText.locale.inspect
+    super(*a)
+  end
+  
+  def determine_locale
+
+    source = nil
+    lang = case
+    when !input['lang'].blank?
+      source = "'lang' request variable"
+      cookies['lang'] = input['lang']
+      input['lang']
+    when !cookies['lang'].blank?
+      source = "'lang' cookie"
+      cookies['lang']
+    when !@env['HTTP_ACCEPT_LANGUAGE'].blank?
+      source = "'HTTP_ACCEPT_LANGUAGE' header"
+      lang = @env['HTTP_ACCEPT_LANGUAGE']
+    when !@env['HTTP_USER_AGENT'].blank? && @env['HTTP_USER_AGENT'] =~ /[^a-z]([a-z]{2}(-[a-z]{2})?)[^a-z]/i
+      source = "'HTTP_USER_AGENT' header"
+      $~[1]
+    when !$CONF['default_locale'].blank?
+      source = "'default_locale' config option"
+      $CONF[:default_locale]
+    else
+      source = "default"
+      "en"
+    end
+
+    $LOG.debug "Detected locale is #{lang.inspect} (from #{source})"
+
+    lang.gsub!('_','-')
+    
+    # TODO: Need to confirm that this method of splitting the accepted
+    #       language string is correct.
+    if lang =~ /[,;\|]/
+      langs = lang.split(/[,;\|]/)
+    else
+      langs = [lang]
+    end
+    
+    # TODO: This method of selecting the desired language might not be
+    #       standards-compliant. For example, http://www.w3.org/TR/ltli/
+    #       suggests that de-de and de-*-DE might be acceptable identifiers
+    #       for selecting various wildcards. The algorithm below does not
+    #       currently support anything like this.
+    
+    available = available_locales
+    
+    # Try to pick a locale exactly matching the desired identifier, otherwise
+    # fall back to locale without region (i.e. given "en-US; de-DE", we would
+    # first look for "en-US", then "en", then "de-DE", then "de").
+    
+    chosen_lang = nil
+    langs.each do |l| 
+      a = available.find{|a| a == l || a =~ Regexp.new("#{l}-\w*")}
+      if a
+        chosen_lang = a
+        break
+      end
+    end
+    
+    chosen_lang = "en" if chosen_lang.blank?
+
+    $LOG.debug "Chosen locale is #{chosen_lang.inspect}"
+    
+    return chosen_lang
+  end
+  
+  def available_locales
+    (Dir.glob(File.join(File.dirname(File.expand_path(__FILE__)), "../../locale/[a-z]*")).map{|path| File.basename(path)} << "en").uniq.collect{|l| l.gsub('_','-')}
+  end
+end

data/lib/casserver/models.rb

@@ -0,0 +1,265 @@
+require 'camping/ar'
+
+module CASServer::Models
+  
+  module Consumable
+    def consume!
+      self.consumed = Time.now
+      self.save!
+    end
+
+    def self.included(mod)
+      mod.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def cleanup(max_lifetime, max_unconsumed_lifetime)
+        transaction do
+          conditions = ["created_on < ? OR (consumed IS NULL AND created_on < ?)", 
+                          Time.now - max_lifetime,
+                          Time.now - max_unconsumed_lifetime]
+          expired_tickets_count = count(:conditions => conditions)
+
+          $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.demodulize}"+
+            "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
+
+          destroy_all(conditions)
+        end
+      end
+    end
+  end
+  
+  class Ticket < Base
+    def to_s
+      ticket
+    end
+    
+    def self.cleanup(max_lifetime)
+      transaction do
+        conditions = ["created_on < ?", Time.now - max_lifetime]
+        expired_tickets_count = count(:conditions => conditions)
+          
+        $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.demodulize}"+
+          "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
+      
+        destroy_all(conditions)
+      end
+    end
+  end
+  
+  class LoginTicket < Ticket
+    set_table_name 'casserver_lt'
+    include Consumable
+  end
+  
+  class ServiceTicket < Ticket
+    set_table_name 'casserver_st'
+    include Consumable
+    
+    belongs_to :granted_by_tgt, 
+      :class_name => 'CASServer::Models::TicketGrantingTicket',
+      :foreign_key => :granted_by_tgt_id
+    has_one :proxy_granting_ticket,
+      :foreign_key => :created_by_st_id
+    
+    def matches_service?(service)
+      CASServer::CAS.clean_service_url(self.service) == 
+        CASServer::CAS.clean_service_url(service)
+    end
+  end
+  
+  class ProxyTicket < ServiceTicket
+    belongs_to :granted_by_pgt,
+      :class_name => 'CASServer::Models::ProxyGrantingTicket',
+      :foreign_key => :granted_by_pgt_id
+  end
+  
+  class TicketGrantingTicket < Ticket
+    set_table_name 'casserver_tgt'
+    
+    serialize :extra_attributes
+    
+    has_many :granted_service_tickets, 
+      :class_name => 'CASServer::Models::ServiceTicket',
+      :foreign_key => :granted_by_tgt_id
+  end
+  
+  class ProxyGrantingTicket < Ticket
+    set_table_name 'casserver_pgt'
+    belongs_to :service_ticket
+    has_many :granted_proxy_tickets, 
+      :class_name => 'CASServer::Models::ProxyTicket',
+      :foreign_key => :granted_by_pgt_id
+  end
+  
+  class Error
+    attr_reader :code, :message
+    
+    def initialize(code, message)
+      @code = code
+      @message = message
+    end
+    
+    def to_s
+      message
+    end
+  end
+
+  class CreateCASServer < V 0.1
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Creating database with long table names...")
+        
+        create_table :casserver_login_tickets, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_service_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_ticket_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_proxy_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        drop_table :casserver_proxy_granting_tickets
+        drop_table :casserver_ticket_granting_tickets
+        drop_table :casserver_service_tickets
+        drop_table :casserver_login_tickets
+      end
+    end
+  end
+  
+  # Oracle table names cannot exceed 30 chars... 
+  # See http://code.google.com/p/rubycas-server/issues/detail?id=15
+  class ShortenTableNames < V 0.5
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Shortening table names")
+        rename_table :casserver_login_tickets, :casserver_lt
+        rename_table :casserver_service_tickets, :casserver_st
+        rename_table :casserver_ticket_granting_tickets, :casserver_tgt
+        rename_table :casserver_proxy_granting_tickets, :casserver_pgt
+      else
+        create_table :casserver_lt, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_st, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_tgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_pgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        rename_table :casserver_lt, :cassserver_login_tickets
+        rename_table :casserver_st, :casserver_service_tickets
+        rename_table :casserver_tgt, :casserver_ticket_granting_tickets
+        rename_table :casserver_pgt, :casserver_proxy_granting_tickets
+      else
+        drop_table :casserver_pgt
+        drop_table :casserver_tgt
+        drop_table :casserver_st
+        drop_table :casserver_lt
+      end
+    end
+  end
+  
+  class AddTgtToSt < V 0.7
+    def self.up
+      add_column :casserver_st, :tgt_id, :integer, :null => true
+    end
+    
+    def self.down
+      remove_column :casserver_st, :tgt_id, :integer
+    end
+  end
+  
+  class ChangeServiceToText < V 0.71
+    def self.up
+      # using change_column to change the column type from :string to :text
+      # doesn't seem to work, at least under MySQL, so we drop and re-create
+      # the column instead
+      remove_column :casserver_st, :service
+      say "WARNING: All existing service tickets are being deleted."
+      add_column :casserver_st, :service, :text
+    end
+    
+    def self.down
+      change_column :casserver_st, :service, :string
+    end
+  end
+  
+  class AddExtraAttributes < V 0.72
+    def self.up
+      add_column :casserver_tgt, :extra_attributes, :text
+    end
+    
+    def self.down
+      remove_column :casserver_tgt, :extra_attributes
+    end
+  end
+
+  class RenamePgtForeignKeys < V 0.80
+    def self.up
+      rename_column :casserver_st,  :proxy_granting_ticket_id,  :granted_by_pgt_id
+      rename_column :casserver_st,  :tgt_id,                    :granted_by_tgt_id
+    end
+
+    def self.down
+      rename_column :casserver_st,  :granted_by_pgt_id,         :proxy_granting_ticket_id
+      rename_column :casserver_st,  :granted_by_tgt_id,         :tgt_id
+    end
+  end
+end

data/lib/casserver/postambles.rb

@@ -0,0 +1,174 @@
+module CASServer
+  module Postambles
+    
+    def webrick
+      require 'webrick/httpserver'
+      require 'webrick/https'
+      require 'camping/webrick'
+      
+      # TODO: verify the certificate's validity
+      # example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
+      
+      cert_path = $CONF.ssl_cert
+      key_path = $CONF.ssl_key || $CONF.ssl_cert
+        # look for the key in the ssl_cert if no ssl_key is specified
+      
+      webrick_options = {:BindAddress => "0.0.0.0", :Port => $CONF.port}
+      
+      unless cert_path.nil? && key_path.nil?
+        raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
+          " setting must be a path to a valid ssl certificate file." unless
+            File.exists? cert_path
+        
+        raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
+          " setting must be a path to a valid ssl private key file." unless
+            File.exists? key_path
+        
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        key = OpenSSL::PKey::RSA.new(File.read(key_path))
+        
+        webrick_options[:SSLEnable] = true
+        webrick_options[:SSLVerifyClient] = ::OpenSSL::SSL::VERIFY_NONE
+        webrick_options[:SSLCertificate] = cert
+        webrick_options[:SSLPrivateKey] = key
+      end
+      
+      begin
+        s = WEBrick::HTTPServer.new(webrick_options)
+      rescue Errno::EACCES
+        puts "\nThe server could not launch. Are you running on a privileged port? (e.g. port 443) If so, you must run the server as root."
+        exit 2
+      end
+      
+      CASServer.create
+      s.mount "#{$CONF.uri_path}", WEBrick::CampingHandler, CASServer
+      
+      puts "\n** CASServer is running at http#{webrick_options[:SSLEnable] ? 's' : ''}://#{Socket.gethostname}:#{$CONF.port}#{$CONF.uri_path} and logging to '#{$CONF.log[:file]}'\n\n"
+    
+      # This lets Ctrl+C shut down your server
+      trap(:INT) do
+        s.shutdown
+      end
+      trap(:TERM) do
+        s.shutdown
+      end
+    
+      if $DAEMONIZE
+        WEBrick::Daemon.start do
+          write_pid_file if $PID_FILE
+          s.start
+          clear_pid_file
+        end
+      else
+        s.start
+      end
+    end
+    
+    
+    
+    def mongrel
+      require 'rubygems'
+      require 'mongrel/camping'
+      
+      if $DAEMONIZE
+        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
+        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
+        check_pid_writable if $PID_FILE
+        check_log_writable
+      end
+      
+      CASServer.create
+      
+      puts "\n** CASServer is starting. Look in '#{$CONF.log[:file]}' for further notices."
+      
+      settings = {:host => "0.0.0.0", :log_file => $CONF.log[:file], :cwd => $CASSERVER_HOME}
+      
+      # need to close all IOs before daemonizing
+      $LOG.close if $DAEMONIZE
+      
+      begin
+        config = Mongrel::Configurator.new settings  do
+          daemonize :log_file => $CONF.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
+          
+          listener :port => $CONF.port do
+            uri $CONF.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
+            setup_signals
+          end
+        end
+      rescue Errno::EADDRINUSE
+        exit 1
+      end
+      
+      config.run
+      
+      CASServer.init_logger
+      CASServer.init_db_logger
+      
+      if $DAEMONIZE && $PID_FILE
+        write_pid_file
+        unless File.exists? $PID_FILE
+          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
+          exit 1
+        end
+      end
+      
+      puts "\n** CASServer is running at http://localhost:#{$CONF.port}#{$CONF.uri_path} and logging to '#{$CONF.log[:file]}'"
+      config.join
+
+      clear_pid_file
+
+      puts "\n** CASServer is stopped (#{Time.now})"
+    end
+    
+    
+    def fastcgi
+      require 'camping/fastcgi'
+      Dir.chdir('/srv/www/camping/casserver/')
+      
+      CASServer.create
+      Camping::FastCGI.start(CASServer)
+    end
+    
+    
+    def cgi
+      CASServer.create
+      puts CASServer.run
+    end
+    
+    private
+    def check_log_writable
+      log_file = $CONF.log['file']
+      begin
+        f = open(log_file, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def check_pid_writable
+      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
+      begin        
+        f = open($PID_FILE, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def write_pid_file
+      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
+      open($PID_FILE, "w") { |file| file.write(Process.pid) }
+    end
+    
+    def clear_pid_file
+      if $PID_FILE && File.exists?($PID_FILE)
+        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
+        File.unlink $PID_FILE
+      end
+    end
+  
+  end
+end