ror-rubycas-server 1.0.a

Sign up to get free protection for your applications and to get access to all the features.
Files changed (79) hide show
  1. data/CHANGELOG +292 -0
  2. data/Gemfile +2 -0
  3. data/LICENSE +26 -0
  4. data/README.textile +129 -0
  5. data/Rakefile +1 -0
  6. data/bin/rubycas-server +16 -0
  7. data/lib/casserver.rb +11 -0
  8. data/lib/casserver/authenticators/active_directory_ldap.rb +19 -0
  9. data/lib/casserver/authenticators/authlogic_crypto_providers/aes256.rb +43 -0
  10. data/lib/casserver/authenticators/authlogic_crypto_providers/bcrypt.rb +92 -0
  11. data/lib/casserver/authenticators/authlogic_crypto_providers/md5.rb +34 -0
  12. data/lib/casserver/authenticators/authlogic_crypto_providers/sha1.rb +59 -0
  13. data/lib/casserver/authenticators/authlogic_crypto_providers/sha512.rb +50 -0
  14. data/lib/casserver/authenticators/base.rb +67 -0
  15. data/lib/casserver/authenticators/client_certificate.rb +47 -0
  16. data/lib/casserver/authenticators/google.rb +58 -0
  17. data/lib/casserver/authenticators/ldap.rb +147 -0
  18. data/lib/casserver/authenticators/ntlm.rb +88 -0
  19. data/lib/casserver/authenticators/open_id.rb +22 -0
  20. data/lib/casserver/authenticators/sql.rb +133 -0
  21. data/lib/casserver/authenticators/sql_authlogic.rb +93 -0
  22. data/lib/casserver/authenticators/sql_encrypted.rb +75 -0
  23. data/lib/casserver/authenticators/sql_md5.rb +19 -0
  24. data/lib/casserver/authenticators/sql_rest_auth.rb +85 -0
  25. data/lib/casserver/authenticators/test.rb +22 -0
  26. data/lib/casserver/cas.rb +315 -0
  27. data/lib/casserver/localization.rb +91 -0
  28. data/lib/casserver/model.rb +270 -0
  29. data/lib/casserver/options_hash.rb +44 -0
  30. data/lib/casserver/server.rb +706 -0
  31. data/lib/casserver/utils.rb +32 -0
  32. data/lib/casserver/views/_login_form.erb +42 -0
  33. data/lib/casserver/views/layout.erb +18 -0
  34. data/lib/casserver/views/login.erb +30 -0
  35. data/lib/casserver/views/proxy.builder +12 -0
  36. data/lib/casserver/views/proxy_validate.builder +25 -0
  37. data/lib/casserver/views/service_validate.builder +18 -0
  38. data/lib/casserver/views/validate.erb +2 -0
  39. data/po/de_DE/rubycas-server.po +127 -0
  40. data/po/es_ES/rubycas-server.po +123 -0
  41. data/po/fr_FR/rubycas-server.po +128 -0
  42. data/po/ja_JP/rubycas-server.po +126 -0
  43. data/po/pl_PL/rubycas-server.po +123 -0
  44. data/po/pt_BR/rubycas-server.po +123 -0
  45. data/po/ru_RU/rubycas-server.po +118 -0
  46. data/po/rubycas-server.pot +112 -0
  47. data/po/zh_CN/rubycas-server.po +113 -0
  48. data/po/zh_TW/rubycas-server.po +113 -0
  49. data/public/themes/cas.css +121 -0
  50. data/public/themes/notice.png +0 -0
  51. data/public/themes/ok.png +0 -0
  52. data/public/themes/simple/bg.png +0 -0
  53. data/public/themes/simple/favicon.png +0 -0
  54. data/public/themes/simple/login_box_bg.png +0 -0
  55. data/public/themes/simple/logo.png +0 -0
  56. data/public/themes/simple/theme.css +28 -0
  57. data/public/themes/urbacon/bg.png +0 -0
  58. data/public/themes/urbacon/login_box_bg.png +0 -0
  59. data/public/themes/urbacon/logo.png +0 -0
  60. data/public/themes/urbacon/theme.css +33 -0
  61. data/public/themes/warning.png +0 -0
  62. data/resources/init.d.sh +58 -0
  63. data/rubycas-server.gemspec +57 -0
  64. data/setup.rb +1585 -0
  65. data/spec/alt_config.yml +50 -0
  66. data/spec/authenticators/ldap_spec.rb +53 -0
  67. data/spec/casserver_spec.rb +141 -0
  68. data/spec/database.yml +5 -0
  69. data/spec/default_config.yml +73 -0
  70. data/spec/model_spec.rb +42 -0
  71. data/spec/options_hash_spec.rb +146 -0
  72. data/spec/spec.opts +4 -0
  73. data/spec/spec_helper.rb +90 -0
  74. data/spec/utils_spec.rb +53 -0
  75. data/tasks/bundler.rake +4 -0
  76. data/tasks/db/migrate.rake +12 -0
  77. data/tasks/localization.rake +13 -0
  78. data/tasks/spec.rake +10 -0
  79. metadata +356 -0
@@ -0,0 +1,292 @@
1
+ === 1.0.0 :: In Progress...
2
+
3
+ * NEW:
4
+ * Rewrite to replace Camping/Picnic with Sinatra
5
+ * Support for Ruby 1.9.2
6
+ * Support for Active Record 3
7
+
8
+ * CHANGED:
9
+ * Google authenticator proxy configuration has been changed (see config.example.yml)
10
+
11
+ === 0.8.0
12
+
13
+ * NEW:
14
+ * Support for localization via Ruby-GetText.
15
+ See http://code.google.com/p/rubycas-server/wiki/Localization
16
+ for details. [antono]
17
+ * Switched to Picnic 0.8.x, so RubyCAS-Server is now based on Rack
18
+ and Camping 2.0 and is now compatible with Passenger Phusion
19
+ * Change to authenticator API: every authenticator now has a class 'setup'
20
+ method that gets called at server startup. This is where class-level
21
+ configuration should be done (e.g. establishing a database connection).
22
+ This is different from the 'configure' method which gets called on a per-
23
+ instance basis for each authenticator. [godfat]
24
+ * Database connections are now automatically released back to the connection
25
+ pool at the end of each request. This should allow the server to handle
26
+ many more concurrent requests, since database connections are no longer left
27
+ checked out of the pool.
28
+ * Added new SQL authenticator (sql_rest_auth) compatible with the
29
+ restful_authentication Rails plugin. [antono]
30
+ * Re-licensed under the MIT License.
31
+
32
+ * FIXED:
33
+ * Fixed weird problems with loading controllers when using older versions of
34
+ activesupport and/or rubygems.
35
+ * Failure to connect to a service during a single sign out request is now
36
+ handled gracefully.
37
+ * Required gem dependencies have been re-enabled in the gemspec.
38
+ * Authlogic authenticator files added to gemspec. [rajiv]
39
+ * Authenticators are now instantiated on a per-request basis (rather than
40
+ once at startup) to ensure thread safety.
41
+
42
+ === 0.7.1 :: 2008-11-10
43
+
44
+ * Fixed dependency loading problems introduced by upstream changes in RubyGems
45
+ 1.3.1.
46
+
47
+ === 0.7.0 :: 2008-11-04
48
+
49
+ * NEW:
50
+ * Implemented single-sign-out functionality as specified in CAS 3.3. See
51
+ http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out.
52
+ * It is now possible to configure Authenticators to return extra attributes
53
+ to CAS clients alongside the username. For an example of how to do this see
54
+ the included SQL authenticator. Also have a look at:
55
+ http://groups.google.com/group/rubycas-server/browse_thread/thread/5eade3793cb590e9
56
+ Note that extra attributes of type other than String or Numeric are serialized
57
+ into YAML format before being sent along to the client.
58
+ * Added an MD5-password version of the SQL authenticator for Drupal and any other
59
+ database that stores its passwords in hashed form (thanks malcolmm).
60
+ * Added new Google authenticator for authenticating against Google/GMail
61
+ accounts.
62
+
63
+ * CHANGED:
64
+ * Service URIs are now automatically normalized. For example, if the service
65
+ URI given to the server has a 'ticket' parameter, the ticket will now be
66
+ automatically stripped. This is to avert any possible issues raised by
67
+ misbehaving CAS clients (the CAS ticket should never be part of the service
68
+ URI). Same goes for other CAS-related parameters like 'service', 'renew',
69
+ and 'gateway'. Additionally, the trailing '/' and '?' characters are
70
+ automatically stripped from URLs, since, for example, "http://google.com/"
71
+ is almost certainly equivalent to "http://google.com".
72
+ * The expire_sessions config variable is now respected -- ticket granting
73
+ ticket cookies are set with an expiry datetime, so that the SSO session
74
+ is effectively terminated once the ticket_granting_ticket_expiry period
75
+ is reached.
76
+ * If present, the HTTP_X_FORWARDED_FOR header is used for recording the
77
+ client's address. This is useful when the server is running behind a reverse
78
+ proxy, but it should not be considered authoritative since it can be
79
+ easily spoofed.
80
+ * The 'service' field in the 'casserver_st' table has been changed from
81
+ VARCHAR(255) to TEXT in order to accomodate service URIs longer than 255
82
+ characters (fixes issue #46).
83
+ * The CAS XML responses are no longer whitespace-formatted (i.e. Markaby's
84
+ auto-indentation has been turned off). Apparently the whitespace was
85
+ causing problems with mod_auth_cas. See:
86
+ http://groups.google.com/group/rubycas-server/browse_thread/thread/e482fe09999b73d3
87
+ * When used without pre-authentication, the LDAP authenticator now tries to
88
+ bind by searching for the given username in the LDAP directory based on the
89
+ configured username_attribute. Prior to this change the authenticator
90
+ attempted to bind with the LDAP server by assuming that the username credential
91
+ matches the user's CN. This is no longer the case.
92
+ * CAS responses to invalid requests (for example where required parameters
93
+ are missing or incorrect) will now have HTTP status code 422. Internal server
94
+ errors (where the server rather than the client is at fault) have error 500.
95
+ Previously most responses had error code 200, regardless of their contents.
96
+
97
+ * FIXED:
98
+ * Fixed logout action to work properly with ActiveRecord 2.1 (eager loading behaviour
99
+ was changed upstream forcing a change to the way we look for ProxyGrantingTickets
100
+ to delete on logout).
101
+ * When running under Mongrel, the USR2 signal should now restart the server as
102
+ expected -- however currently this only works when the server is running
103
+ in the foregaround. When daemonized, USR2 will shut down the server without
104
+ restarting (see issue #58).
105
+ * Fixed activerecord/activesupport gem load problems, hopefully once and for all
106
+ (however picnic-0.7.0 is now required).
107
+
108
+ === 0.6.0 :: 2008-03-28
109
+
110
+ * Much of the supporting functionality that makes RubyCAS-Server
111
+ act as a well-behaved Linux service has been abstracted out
112
+ into its own library. This new library is called Picnic and is
113
+ now a gem dependency for RubyCAS-Server. You can find out more about
114
+ it at http://code.google.com/p/camping-picnic/.
115
+ * The logout action will now accept a 'destination' parameter in lieu of
116
+ 'service'. This means that if a 'destination' parameter is given with
117
+ some URL, the logout action will show the login form, allowing the user
118
+ to immedietly log back in to the service specified by 'destination'.
119
+ * The logout action will now accept a 'url' parameter. If given, the logout
120
+ page will show a message indicating that the CAS session has been terminated
121
+ and instructing the user to click on a link to follow the given URL. If the
122
+ 'url' parameter is given, the login form will NOT be shown on the logout
123
+ page (see above).
124
+ * When an authentication failure occurs (because the user submitted
125
+ invalid credentials or the login ticket is missing), the server
126
+ now returns a 401 (Unauthorized) response instead of 200.
127
+ * An encryption-enabled version of the SQL authenticator is now
128
+ available. For more info have a look at:
129
+ http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
130
+ * Better compatibility with Oracle databases. The database migration
131
+ no longer tries to create tables with long names when long
132
+ table names are not supported by the underlying database connector
133
+ (issue #15).
134
+ * The server now automatically removes leading and trailing whitespace from
135
+ the username entered by users. Passwords however are left intact, with no
136
+ whitespace removed.
137
+ * The server can now be configured to automatically downcase the
138
+ username entered by users (dowcase_username option). So if a user
139
+ enters "JSmith", the system will convert it to "jsmith" if the
140
+ downcase_username option is set to true.
141
+ * The server can now be made to bind to a specific address. See the
142
+ :bind_address option in the config.example.yml file.
143
+ * Fixed bug with ActiveRecord 2.0.2 where service tickets were not
144
+ being given a type (issue #37).
145
+
146
+ === 0.5.1 :: 2007-12-20
147
+
148
+ * Tickets generated by the server should now be a lot more secure.
149
+ The random string generator used for generating tickets now uses
150
+ Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
151
+ and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs
152
+ up to 64.
153
+
154
+ === 0.5.0 :: 2007-09-20
155
+
156
+ * Gateway requests should now be handled correctly. When the request to the
157
+ login page is made with gateway=true as one of the parameters, the CAS
158
+ server will immediately redirect back to the target service along with
159
+ a service ticket if an SSO session exists for the user (or without a
160
+ service ticket if there is no pre-existing SSO session).
161
+ Note that if you are using RubyCAS-Client and want gatewaying, you will
162
+ need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
163
+ * If gateway=true is specified as part of the logout URI, the server will
164
+ log the user out and immediately redirect them back to the specified
165
+ service. In other words, you can now do "gatewayed logouts" as well
166
+ as logins.
167
+ * A login ticket can now be remotely requested from the server by placing
168
+ a POST request to '/loginTicket'.
169
+ * The login view can now be made to return only the login form. This is
170
+ done by adding the 'onlyLoginForm' parameter to the '/login' request.
171
+ Optionally, a 'submitToURI' parameter can be supplied to force the login
172
+ form to submit to the given URI (otherwise the server will try to figure
173
+ out the full URI to its own login controller). This functionality may be
174
+ useful when you want to embed the login form in some external page, as
175
+ an IFRAME otherwise.
176
+ * Custom views can now be used to override the default Markaby templates
177
+ by specifying a 'custom_views_file' option in the configuration. See
178
+ custom_views.example.rb. [jzylks]
179
+ * Table names have been shortened to work with Oracle. A migration has
180
+ been added that should do the shortening for you the first time you run
181
+ this new RubyCAS-Server version.
182
+ * Multiple authenticators can now be specified. During authentication,
183
+ credentials are presented to the first authenticator, then the second,
184
+ and so on, until the user is validated by any one authenticator or fails
185
+ validation for all of them. [jzylks]
186
+ * When using webrick, you can now run with SSL disabled by omitting the
187
+ ssl_cert and ssl_key parameters.
188
+ * Changed incorrect MySQL example database configuration -- option should
189
+ be 'host:' not 'server:' (issue #22).
190
+
191
+ === 0.4.2 :: 2007-07-26
192
+
193
+ * The LDAP/AD authenticator has been largely re-written. The code is a bit
194
+ cleaner now, and should work better with non-Active Directory LDAP servers
195
+ (although this has yet to be tested since I don't have access to a non-AD
196
+ LDAP server).
197
+ * The validate() method in your authenticators now receives a :service element
198
+ (in addition to :username, and :password). This is simply the service
199
+ url (if any) specified in the user's CAS request. If you call
200
+ read_standard_credentials(credentials) at the top of your validator, the value
201
+ will also be available as @service along with @username and @password.
202
+ * By request, a :username_prefix option has been added to the ldap
203
+ configuration. If entered, this string will be automatically prefixed to
204
+ the username entered by the user.
205
+ * A bug having to do with handling authenticator errors has been fixed.
206
+ Any authenticator error messages should now be correctly shown on the
207
+ login page.
208
+ * Minor improvements to error messages having to do with login tickets.
209
+ They're a bit more prescriptive now, explaining to the user what steps
210
+ they should take to correct the error.
211
+
212
+ === 0.4.1 :: 2007-06-07
213
+
214
+ * This release restores compatiblity with older versions of rubygems
215
+ (pre-0.9.0). To achieve this, we alias the 'gem' method to the old
216
+ 'require_gem' if 'gem' is not already defined.
217
+ * rubycas-server-ctl will now quiety delete an orphaned .pid file
218
+ instead complaining loudly and refusing to start up.
219
+ * Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
220
+ startup problems when in fact the server had started just fine.
221
+
222
+
223
+ === 0.4.0 :: 2007-06-05
224
+
225
+ * Added rubycas-server-ctl script for controlling daemonized server.
226
+ * rubygems-0.9.0 or later is now required.
227
+ * Added system startup script to be used in /etc/init.d on Linux systems.
228
+ * Authenticator can now be loaded from an external file using the 'source'
229
+ configuration option.
230
+ * Better preemptive detection of startup problems with mongrel.
231
+ * User now sees an error message if the service URI is not a valid URI (i.e.
232
+ if it's not URI-encoded or otherwise malformed).
233
+
234
+
235
+ === 0.3.0 :: 2007-03-29
236
+
237
+ * Fixed glaring security problem with LDAP/AD Authenticator where under some
238
+ circumstances blank passwords were accepted as valid.
239
+ * Autocomplete has been turned off on the password field for better security.
240
+ In the future we may allow autocomplete to be re-enabled using a
241
+ configuration setting.
242
+ * When the user visits the login page and is already authenticated (i.e. they
243
+ have a valid ticket granting cookie), a message is shown at the top
244
+ indicating that they are already logged in.
245
+ * sqlite3-ruby is no longer required by the gem as a dependency. The user
246
+ must now install it manually prior to installing rubycas-server. The
247
+ building of sqlite3 native extensions appears to be somewhat flakey
248
+ and probably defeats the original purpose of using it (which was
249
+ to have a CAS server up and running with no additional DB configuration).
250
+ We will use MySQL as the default database adapter instead, since it does
251
+ not require additional libraries and many users will have a MySQL server
252
+ already available.
253
+ * Fixed bug that was causing all proxy-granting tickets to be deleted whenever
254
+ any user logged out. Only the PGTs for the user that is logging out are now
255
+ being deleted.
256
+ * Trailing slashes in service URLs are now ignored when validating service
257
+ and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
258
+ are now considered to be the same service URL).
259
+ * Authenticators now raise AuthenticatorError exceptions when encountering
260
+ a problem/error. This makes it easier to send feedback to the user.
261
+ However, other exceptions should still be raised when errors ought
262
+ not be recoverable (i.e. programming errors).
263
+ * Fixed serious vulnerability in LDAP authenticator where under some
264
+ cirumstances the user could just enter '*' as their username to match
265
+ any username. The LDAP authenticator will now refuse to process logins
266
+ with usernames that contain the characters * ( ) \ / and the NULL
267
+ character \0.
268
+ * Views are no longer xhtml-validated. Markaby's auto-validation was turned
269
+ off to allow for use of the autocomplete property on inputs, since this is
270
+ the only viable way of turning off password storage in IE and Firefox at
271
+ the page level.
272
+ * You can now limit the maximum length of a login session by setting the
273
+ expire_sessions config setting to true.
274
+ * Fixed some minor bugs in the login view.
275
+
276
+
277
+ === 0.2.0 :: 2007-03-20
278
+
279
+ * ruby-casserver now behaves more like a real command-line app, accepting
280
+ various command line arguments including -h (help), -v (version), -c (use
281
+ an alternate config.yml), and -d (daemonize, when using webrick or mongrel
282
+ mode).
283
+ * Special characters in CAS XML responses are now properly encoded into XML
284
+ entities
285
+ * CAS XML responses are no longer auto-indented... Markaby's indentation
286
+ seemed to be causing problems with the PHP CAS client.
287
+ * Misc minor bug fixes/cleanup.
288
+
289
+
290
+ === 0.1.0 :: 2007-03-01
291
+
292
+ * First public release.
data/Gemfile ADDED
@@ -0,0 +1,2 @@
1
+ source "http://rubygems.org"
2
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,26 @@
1
+ Portions of RubyCAS-Server contributed by Matt Zukowski are copyright (c) 2009 Urbacon Ltd.
2
+ Other portions are copyright of their respective authors.
3
+
4
+ The MIT License
5
+
6
+ Permission is hereby granted, free of charge, to any person
7
+ obtaining a copy of this software and associated documentation
8
+ files (the "Software"), to deal in the Software without
9
+ restriction, including without limitation the rights to use,
10
+ copy, modify, merge, publish, distribute, sublicense, and/or sell
11
+ copies of the Software, and to permit persons to whom the
12
+ Software is furnished to do so, subject to the following
13
+ conditions:
14
+
15
+ The above copyright notice and this permission notice shall be
16
+ included in all copies or substantial portions of the Software.
17
+
18
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22
+ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23
+ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25
+ OTHER DEALINGS IN THE SOFTWARE.
26
+
@@ -0,0 +1,129 @@
1
+ h1. RORubyCAS-Server
2
+
3
+ This is the Read Only Ruby CAS Server gem (not Rails on Ruby or anything silly like that -- in fact, this application is a Sinatra app).
4
+
5
+ This gem picks up from the RubyCAS-Server gem in order to make that system more flexible, particularly with respect to setting up on *read-only filesystems* (particularly Heroku).
6
+
7
+ Towards this end, this gem has made itself more modular. It is no longer required to be in the actual directory of the sinatra application, as it used to be with earlier versions. Instead, it can be included as a gem in the Gemfile (just like any other gem for a Rails app (for example)).
8
+
9
+ For info the older non-read-only system (much of which is still pertinent) please see "http://code.google.com/p/rubycas-server":http://code.google.com/p/rubycas-server
10
+
11
+ h2. Installation
12
+
13
+
14
+ h3. Getting started
15
+
16
+ * Because of the decoupling introduced by this gem, You will need to create the application structure yourself, since this gem has lost a lot of the files that used to make it work.
17
+ ** In the future it would be nice for this gem to havea generator which stamps out a default application structure which can be modified to fit one's needs.
18
+ ** Before the above happens, it's likely that I will upload an example app whcih you can customize
19
+ ** In the mean time, you can start with one of the default application structures from the original gem (see link above) and make the modifications that follow
20
+
21
+ h3. Development environment
22
+
23
+ You have to require the development requirements of the rubycas gem while you are developing the application which uses it. I'm hoping someone can share with me a slick bundler shortcut for doing this sort of thing (requiring not just a gem's dependencies, but also a gem's development dependencies (and only while in development mode on the application)), but in the mean time, you can include the following in your Gemfile.
24
+
25
+ bc. gem "rubycas-server", :git => "https://github.com/metasoarous/read_only_rubycas_server.git", :ref => "6d7b8d2"
26
+ # gem "rubycas-server", :path => "/path/to/rubycas-server" # If you want to work off of a local version
27
+ gem "thin", "1.2.10"
28
+ group :development, :test do
29
+ # These are all development dependencies for the rubycas-server gem
30
+ gem "rack-test"
31
+ gem "capybara"
32
+ gem "rspec"
33
+ gem "rspec-core"
34
+ gem "sqlite3", "~> 1.3.1"
35
+ # for authenticator specs
36
+ gem "net-ldap", "~> 0.1.1"
37
+ end
38
+
39
+ Hopefully I will either soon have rubycas-server set up as a gem on gemcutter or this project will get folded into the main project. In the mean time, you can point to the github repo as shown above.
40
+
41
+ h3. Environment variables
42
+
43
+ You must add the following configuration variables in your config.ru directory
44
+
45
+ bc. ENV['CONFIG_FILE'] = "#{File.dirname(__FILE__)}/config/config.yml" #or wherever you want this to go to
46
+ ENV["APP_ROOT"] = File.expand_path(".")
47
+
48
+ This is so that the configurations work on a system that may not have root access (and lets config live in app directory, required for systems like heroku).
49
+
50
+ It also lets the gem point to the app direcotry root for db/migrations to run when the server is started. (At the moment, we still need to get the manual migrations working properly)-
51
+
52
+
53
+ h3. Configuration files
54
+
55
+ Wherever you decide to put your @config.yml@, you need to change the nesting a bit from how things work in the old version. Everything is now nested within environment keys. You can set something like this
56
+
57
+ bc. all: &all
58
+ server: thin
59
+ port: 4000
60
+ ssl_cert: /path/to/your/ssl.pem
61
+ theme: simple
62
+ # Make sure to put this in with no file setting -- this should turn off file logging
63
+ log:
64
+ level: DEBUG
65
+ authenticator:
66
+ class: CASServer::Authenticators::SQL
67
+ database: inherit
68
+ user_table: users
69
+ username_column: email
70
+ password_column: password
71
+ production:
72
+ <<: *all
73
+ development:
74
+ <<: *all
75
+ database:
76
+ adapter: sqlite3
77
+ database: /home/cts/code/dem_cas_server/db/development.sqlite3
78
+
79
+
80
+ Inheriting from the @all@ settings (or whatever you want to call them (@default@?)) will make it easier to stay DRY.
81
+
82
+ Notice that the value of @options[:authenticator][:database]@ has been set to inherit here. This lets the application know that the database which is storing CAS specific stuff is alsa the database where the user data is going to be stored. This is helpful with heroku since it lets you just set the user database to the same database as that which comes with the heroku account without having to muck around a bunch. If you need to specify this manually, just use the same syntax as for specifying the database in general.
83
+
84
+ On that note, Heroku gives you a config/database.yml file with all of the database configurations you need to run your app. So, this gem has been set up to check to se if that file exists, and if it does, it overwrites whatever was in the config.yml file. IF you want to specify database setting in that file for local development, you can use this nesting structure
85
+
86
+ bc. development:
87
+ adapter: sqlite3
88
+ database: /home/cts/code/dem_cas_server/db/development.sqlite3
89
+ test:
90
+ adapter: sqlite3
91
+ database: /home/cts/code/dem_cas_server/db/test.sqlite3
92
+
93
+ h3. Removing stuff in the way
94
+
95
+ If you copy things over from an old style server app direcotry, you will have to remove the lib directory so that all of the rubycas-server code will be loaded from the new gem and not from the outdated code.
96
+
97
+ h3. Other stuff?...
98
+
99
+ I very well may have missed stuff. If anything doesn't work the way it seems it should, let me know and I'll try to help you debug.
100
+
101
+
102
+ h2. TODO (Development)
103
+
104
+ I would love to see this version of the gem gain greater adoption and development from others, and perhaps even be folded back into the original project. There is certianly some work to do still in this direction.
105
+
106
+ * Get specs working again
107
+ ** These are going to have to be rewritten a bit due to the way that I've changed things around. In particular, I changed the default_config.yml file a bunch so that it would work for my options hash specs. Probably should copy that config file into some new config file and restore the old config files to how they were before, only using the new nesting structure.
108
+ ** (Note however that there are specs for the options loading, which is the bulk of what I changed)
109
+ ** Going to be some legwork involved in getting the tests set to run in such a fashion that the gem is not required live in the same place as the application. Don't have time for this just yet, and would love help with it.
110
+
111
+ Uhh.. I guess that's all I can think of for right now. But I'll keep this up to date.
112
+
113
+ h2. Boring...
114
+
115
+ h3. Copyright
116
+
117
+ Portions contributed by Christopher Small are copywrite (c) 2011 ThoughtNode Software.
118
+ Portions contributed by Matt Zukowski are copyright (c) 2010 Urbacon Ltd.
119
+ Other portions are copyright of their respective authors.
120
+
121
+ h3. Authors
122
+
123
+ See http://github.com/gunark/rubycas-server/commits/
124
+ Also Christopher Small (ThoughtNode Software)
125
+
126
+ h3. License
127
+
128
+ RubyCAS-Server is licensed for use under the terms of the MIT License.
129
+ See the LICENSE file bundled with the official RubyCAS-Server distribution for details.