relevance-rubycas-server 0.6.99

data/lib/casserver/models.rb

@@ -0,0 +1,218 @@
+require 'camping/db'
+
+module CASServer::Models
+  
+  module Consumable
+    def consume!
+      self.consumed = Time.now
+      self.save!
+    end
+  end
+  
+  class Ticket < Base
+    def to_s
+      ticket
+    end
+    
+    def self.cleanup_expired(expiry_time)
+      transaction do
+        conditions = ["created_on < ?", Time.now - expiry_time]
+        expired_tickets_count = count(:conditions => conditions)
+          
+        $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.split('::').last}"+
+          "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
+      
+        destroy_all(conditions)
+      end
+    end
+  end
+  
+  class LoginTicket < Ticket
+    set_table_name 'casserver_lt'
+    include Consumable
+  end
+  
+  class ServiceTicket < Ticket
+    set_table_name 'casserver_st'
+    include Consumable
+    
+    belongs_to :ticket_granting_ticket, :foreign_key => :tgt_id
+    
+    def matches_service?(service)
+      CASServer::CAS.clean_service_url(self.service) == 
+        CASServer::CAS.clean_service_url(service)
+    end
+  end
+  
+  class ProxyTicket < ServiceTicket
+    belongs_to :proxy_granting_ticket
+  end
+  
+  class TicketGrantingTicket < Ticket
+    set_table_name 'casserver_tgt'
+    
+    serialize :extra_attributes
+    
+    has_many :service_tickets, :foreign_key => :tgt_id
+  end
+  
+  class ProxyGrantingTicket < Ticket
+    set_table_name 'casserver_pgt'
+    belongs_to :service_ticket
+    has_many :proxy_tickets, :dependent => :destroy
+  end
+  
+  class Error
+    attr_reader :code, :message
+    
+    def initialize(code, message)
+      @code = code
+      @message = message
+    end
+    
+    def to_s
+      message
+    end
+  end
+
+  class CreateCASServer < V 0.1
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Creating database with long table names...")
+        
+        create_table :casserver_login_tickets, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_service_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_ticket_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_proxy_granting_tickets, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        drop_table :casserver_proxy_granting_tickets
+        drop_table :casserver_ticket_granting_tickets
+        drop_table :casserver_service_tickets
+        drop_table :casserver_login_tickets
+      end
+    end
+  end
+  
+  # Oracle table names cannot exceed 30 chars... 
+  # See http://code.google.com/p/rubycas-server/issues/detail?id=15
+  class ShortenTableNames < V 0.5
+    def self.up
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        $LOG.info("Shortening table names")
+        rename_table :casserver_login_tickets, :casserver_lt
+        rename_table :casserver_service_tickets, :casserver_st
+        rename_table :casserver_ticket_granting_tickets, :casserver_tgt
+        rename_table :casserver_proxy_granting_tickets, :casserver_pgt
+      else
+        create_table :casserver_lt, :force => true do |t|
+          t.column :ticket,     :string,   :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+        end
+      
+        create_table :casserver_st, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :service,    :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :consumed,   :datetime, :null => true
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,  :null => false
+          t.column :type,       :string,   :null => false
+          t.column :proxy_granting_ticket_id, :integer, :null => true
+        end
+        
+        create_table :casserver_tgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :username,   :string,    :null => false
+        end
+        
+        create_table :casserver_pgt, :force => true do |t|
+          t.column :ticket,     :string,    :null => false
+          t.column :created_on, :timestamp, :null => false
+          t.column :client_hostname, :string, :null => false
+          t.column :iou,        :string,    :null => false
+          t.column :service_ticket_id, :integer, :null => false
+        end
+      end
+    end
+    
+    def self.down
+      if ActiveRecord::Base.connection.table_alias_length > 30
+        rename_table :casserver_lt, :cassserver_login_tickets
+        rename_table :casserver_st, :casserver_service_tickets
+        rename_table :casserver_tgt, :casserver_ticket_granting_tickets
+        rename_table :casserver_pgt, :casserver_proxy_granting_tickets
+      else
+        drop_table :casserver_pgt
+        drop_table :casserver_tgt
+        drop_table :casserver_st
+        drop_table :casserver_lt
+      end
+    end
+  end
+  
+  class AddTgtToSt < V 0.7
+    def self.up
+      add_column :casserver_st, :tgt_id, :integer, :null => true
+    end
+    
+    def self.down
+      remove_column :casserver_st, :tgt_id, :integer
+    end
+  end
+  
+  class ChangeServiceToText < V 0.71
+    def self.up
+      change_column :casserver_st, :service, :text
+    end
+    
+    def self.down
+      change_column :casserver_st, :service, :string
+    end
+  end
+  
+  class AddExtraAttributes < V 0.72
+    def self.up
+      add_column :casserver_tgt, :extra_attributes, :text
+    end
+    
+    def self.down
+      remove_column :casserver_tgt, :extra_attributes
+    end
+  end
+end

data/lib/casserver/postambles.rb

@@ -0,0 +1,174 @@
+module CASServer
+  module Postambles
+    
+    def webrick
+      require 'webrick/httpserver'
+      require 'webrick/https'
+      require 'camping/webrick'
+      
+      # TODO: verify the certificate's validity
+      # example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
+      
+      cert_path = CASServer::Conf.ssl_cert
+      key_path = CASServer::Conf.ssl_key || CASServer::Conf.ssl_cert
+        # look for the key in the ssl_cert if no ssl_key is specified
+      
+      webrick_options = {:BindAddress => "0.0.0.0", :Port => CASServer::Conf.port}
+      
+      unless cert_path.nil? && key_path.nil?
+        raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
+          " setting must be a path to a valid ssl certificate file." unless
+            File.exists? cert_path
+        
+        raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
+          " setting must be a path to a valid ssl private key file." unless
+            File.exists? key_path
+        
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        key = OpenSSL::PKey::RSA.new(File.read(key_path))
+        
+        webrick_options[:SSLEnable] = true
+        webrick_options[:SSLVerifyClient] = ::OpenSSL::SSL::VERIFY_NONE
+        webrick_options[:SSLCertificate] = cert
+        webrick_options[:SSLPrivateKey] = key
+      end
+      
+      begin
+        s = WEBrick::HTTPServer.new(webrick_options)
+      rescue Errno::EACCES
+        puts "\nThe server could not launch. Are you running on a privileged port? (e.g. port 443) If so, you must run the server as root."
+        exit 2
+      end
+      
+      CASServer.create
+      s.mount "#{CASServer::Conf.uri_path}", WEBrick::CampingHandler, CASServer
+      
+      puts "\n** CASServer is running at http#{webrick_options[:SSLEnable] ? 's' : ''}://#{Socket.gethostname}:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'\n\n"
+    
+      # This lets Ctrl+C shut down your server
+      trap(:INT) do
+        s.shutdown
+      end
+      trap(:TERM) do
+        s.shutdown
+      end
+    
+      if $DAEMONIZE
+        WEBrick::Daemon.start do
+          write_pid_file if $PID_FILE
+          s.start
+          clear_pid_file
+        end
+      else
+        s.start
+      end
+    end
+    
+    
+    
+    def mongrel
+      require 'rubygems'
+      require 'mongrel/camping'
+      
+      if $DAEMONIZE
+        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
+        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
+        check_pid_writable if $PID_FILE
+        check_log_writable
+      end
+      
+      CASServer.create
+      
+      puts "\n** CASServer is starting. Look in '#{CASServer::Conf.log[:file]}' for further notices."
+      
+      settings = {:host => "0.0.0.0", :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME}
+      
+      # need to close all IOs before daemonizing
+      $LOG.close if $DAEMONIZE
+      
+      begin
+        config = Mongrel::Configurator.new settings  do
+          daemonize :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
+          
+          listener :port => CASServer::Conf.port do
+            uri CASServer::Conf.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
+            setup_signals
+          end
+        end
+      rescue Errno::EADDRINUSE
+        exit 1
+      end
+      
+      config.run
+      
+      CASServer.init_logger
+      CASServer.init_db_logger
+      
+      if $DAEMONIZE && $PID_FILE
+        write_pid_file
+        unless File.exists? $PID_FILE
+          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
+          exit 1
+        end
+      end
+      
+      puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
+      config.join
+
+      clear_pid_file
+
+      puts "\n** CASServer is stopped (#{Time.now})"
+    end
+    
+    
+    def fastcgi
+      require 'camping/fastcgi'
+      Dir.chdir('/srv/www/camping/casserver/')
+      
+      CASServer.create
+      Camping::FastCGI.start(CASServer)
+    end
+    
+    
+    def cgi
+      CASServer.create
+      puts CASServer.run
+    end
+    
+    private
+    def check_log_writable
+      log_file = CASServer::Conf.log['file']
+      begin
+        f = open(log_file, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def check_pid_writable
+      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
+      begin        
+        f = open($PID_FILE, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def write_pid_file
+      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
+      open($PID_FILE, "w") { |file| file.write(Process.pid) }
+    end
+    
+    def clear_pid_file
+      if $PID_FILE && File.exists?($PID_FILE)
+        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
+        File.unlink $PID_FILE
+      end
+    end
+  
+  end
+end

data/lib/casserver/utils.rb

@@ -0,0 +1,30 @@
+# Misc utility function used throughout by the RubyCAS-server.
+module CASServer
+  module Utils
+    def random_string(max_length = 29)
+      rg =  Crypt::ISAAC.new
+      max = 4294619050
+      r = "#{Time.now.to_i}r%X%X%X%X%X%X%X%X" % 
+        [rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max), 
+         rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max)]
+      r[0..max_length-1]
+    end
+    module_function :random_string
+      
+    def log_controller_action(controller, params)
+      $LOG << "\n"
+      
+      /`(.*)'/.match(caller[1])
+      method = $~[1]
+      
+      if params.respond_to? :dup
+        params2 = params.dup
+        params2['password'] = '******' if params2['password']
+      else
+        params2 = params
+      end
+      $LOG.debug("Processing #{controller}::#{method} #{params2.inspect}")
+    end
+    module_function :log_controller_action
+  end
+end

data/lib/casserver/version.rb

@@ -0,0 +1,9 @@
+module CASServer
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 6
+    TINY  = 99
+
+    STRING = [MAJOR, MINOR, TINY].join('.')
+  end
+end

data/lib/casserver/views.rb

@@ -0,0 +1,235 @@
+# The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
+# under http://www.ja-sig.org/products/cas/overview/protocol/index.html
+
+# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
+Markaby::Builder.set(:auto_validation, false)
+
+# disabled XML indentation because it was causing problems with mod_auth_cas
+#Markaby::Builder.set(:indent, 2) 
+
+module CASServer::Views
+
+  def layout
+    # wrap as XHTML only when auto_validation is on, otherwise pass right through
+    if @use_layout
+      xhtml_strict do
+        head do 
+          title { "#{organization} Central Login" }
+          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/cas.css")
+          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/#{current_theme}/theme.css")
+        end
+        body(:onload => "if (document.getElementById('username')) document.getElementById('username').focus()") do
+          self << yield 
+        end
+      end
+    else
+      self << yield
+    end
+  end
+
+
+  # 2.1.3
+  # The full login page.
+  def login
+    @use_layout = true
+    
+    table(:id => "login-box") do
+      tr do
+        td(:colspan => 2) do
+          div(:id => "headline-container") do
+            strong organization
+            text " Central Login"
+          end
+        end
+      end
+      if @message
+        tr do
+          td(:colspan => 2, :id => "messagebox-container") do
+            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
+          end
+        end
+      end
+      tr do
+        td(:id => "logo-container") do
+          img(:id => "logo", :src => "/themes/#{current_theme}/logo.png")
+        end
+        td(:id => "login-form-container") do
+          @include_infoline = true
+          login_form
+        end
+      end
+    end
+  end
+  
+  # Just the login form.
+  def login_form
+    form(:method => "post", :action => @form_action || '/login', :id => "login-form",
+        :onsubmit => "submitbutton = document.getElementById('login-submit'); submitbutton.value='Please wait...'; submitbutton.disabled=true; return true;") do
+      table(:id => "form-layout") do
+        tr do
+          td(:id => "username-label-container") do
+            label(:id => "username-label", :for => "username") { "Username" }
+          end
+          td(:id => "username-container") do
+            input(:type => "text", :id => "username", :name => "username",
+              :size => "32", :tabindex => "1", :accesskey => "u")
+          end
+        end
+        tr do
+          td(:id => "password-label-container") do
+            label(:id => "password-label", :for => "password") { "Password" }
+          end
+          td(:id => "password-container") do
+            input(:type => "password", :id => "password", :name => "password", 
+              :size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
+          end
+        end
+        tr do
+          td{}
+          td(:id => "submit-container") do
+            input(:type => "hidden", :id => "lt", :name => "lt", :value => @lt)
+            input(:type => "hidden", :id => "service", :name => "service", :value => @service)
+            input(:type => "hidden", :id => "warn", :name => "warn", :value => @warn)
+            input(:type => "submit", :class => "button", :accesskey => "l", :value => "LOGIN", :tabindex => "4", :id => "login-submit")
+          end
+        end
+        tr do
+          td(:colspan => 2, :id => "infoline") { infoline }
+        end if @include_infoline
+      end
+    end
+  end
+  
+  # 2.3.2
+  def logout
+    @use_layout = true
+    
+    table(:id => "login-box") do
+      tr do
+        td(:colspan => 2) do
+          div(:id => "headline-container") do
+            strong organization
+            text " Central Login"
+          end
+        end
+      end
+      if @message
+        tr do
+          td(:colspan => 2, :id => "messagebox-container") do
+            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
+            if @continue_url
+              p do
+                a(:href => @continue_url) { @continue_url }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+  
+  # 2.4.2
+  # CAS 1.0 validate response.
+  def validate
+    if @success
+      text "yes\n#{@username}\n"
+    else
+      text "no\n\n"
+    end
+  end
+  
+  # 2.5.2
+  # CAS 2.0 service validate response.
+  def service_validate
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationSuccess") do
+          tag!("cas:user") {@username.to_s.to_xs}
+          @extra_attributes.each do |key, value|
+            tag!(key) {value}
+          end
+          if @pgtiou
+            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
+          end
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  # 2.6.2
+  # CAS 2.0 proxy validate response.
+  def proxy_validate
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationSuccess") do
+          tag!("cas:user") {@username.to_s.to_xs}
+          @extra_attributes.each do |key, value|
+            tag!(key) {value}
+          end
+          if @pgtiou
+            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
+          end
+          if @proxies && !@proxies.empty?
+            tag!("cas:proxies") do
+              @proxies.each do |proxy_url|
+                tag!("cas:proxy") {proxy_url.to_s.to_xs}
+              end
+            end
+          end
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  # 2.7.2
+  # CAS 2.0 proxy request response.
+  def proxy
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:proxySuccess") do
+          tag!("cas:proxyTicket") {@pt.to_s.to_xs}
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:proxyFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  def configure
+  end
+  
+  protected
+  def themes_dir
+    File.dirname(File.expand_path(__FILE__))+'../themes'
+  end
+  module_function :themes_dir
+  
+  def current_theme
+    CASServer::Conf.theme || "simple"
+  end
+  module_function :current_theme
+  
+  def organization
+    CASServer::Conf.organization || ""
+  end
+  module_function :organization
+  
+  def infoline
+    CASServer::Conf.infoline || ""
+  end
+  module_function :infoline
+end
+
+if CASServer::Conf.custom_views_file
+  require CASServer::Conf.custom_views_file
+end