rubycas-server 0.5.1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.txt +38 -0
- data/Manifest.txt +4 -11
- data/README.txt +1 -1
- data/Rakefile +2 -2
- data/bin/rubycas-server +16 -47
- data/bin/rubycas-server-ctl +13 -154
- data/config.example.yml +113 -64
- data/lib/casserver.rb +78 -80
- data/lib/casserver/authenticators/active_directory_ldap.rb +3 -0
- data/lib/casserver/authenticators/ldap.rb +14 -1
- data/lib/casserver/authenticators/sql_encrypted.rb +75 -0
- data/lib/casserver/controllers.rb +19 -8
- data/lib/casserver/environment.rb +23 -0
- data/lib/casserver/models.rb +104 -53
- data/lib/casserver/utils.rb +0 -24
- data/lib/casserver/version.rb +2 -2
- data/lib/casserver/views.rb +28 -0
- data/lib/rubycas-server.rb +1 -0
- metadata +77 -68
- data/vendor/camping-1.5.180/CHANGELOG +0 -99
- data/vendor/camping-1.5.180/COPYING +0 -18
- data/vendor/camping-1.5.180/README +0 -119
- data/vendor/camping-1.5.180/Rakefile +0 -117
- data/vendor/camping-1.5.180/lib/camping-unabridged.rb +0 -762
- data/vendor/camping-1.5.180/lib/camping.rb +0 -55
- data/vendor/camping-1.5.180/lib/camping/db.rb +0 -78
- data/vendor/camping-1.5.180/lib/camping/fastcgi.rb +0 -244
- data/vendor/camping-1.5.180/lib/camping/reloader.rb +0 -163
- data/vendor/camping-1.5.180/lib/camping/session.rb +0 -123
- data/vendor/camping-1.5.180/lib/camping/webrick.rb +0 -68
data/lib/casserver.rb
CHANGED
@@ -1,77 +1,105 @@
|
|
1
|
-
|
1
|
+
$: << File.dirname(File.expand_path(__FILE__))
|
2
|
+
require 'casserver/environment'
|
2
3
|
|
3
|
-
|
4
|
-
Dir.chdir(File.dirname(File.expand_path(__FILE__))) if __FILE__ == $0
|
5
|
-
|
6
|
-
# add current directory to load path
|
7
|
-
$CASSERVER_HOME = File.dirname(File.expand_path(__FILE__))
|
8
|
-
$: << $CASSERVER_HOME
|
9
|
-
|
10
|
-
require 'rubygems'
|
11
|
-
|
12
|
-
# make things backwards-compatible for rubygems < 0.9.0
|
13
|
-
unless Object.method_defined? :gem
|
14
|
-
alias gem require_gem
|
15
|
-
end
|
4
|
+
$APP_PATH ||= File.dirname(File.expand_path(__FILE__))
|
16
5
|
|
6
|
+
# change to current directory when invoked on its own
|
7
|
+
Dir.chdir($APP_PATH) if __FILE__ == $0
|
17
8
|
|
18
|
-
|
19
|
-
$: << $CASSERVER_HOME + "/../vendor/camping-1.5.180/lib"
|
20
|
-
require 'camping'
|
21
|
-
|
22
|
-
$: << $CASSERVER_HOME + "/../vendor/isaac_0.9.1"
|
9
|
+
$: << $APP_PATH + "/../vendor/isaac_0.9.1"
|
23
10
|
require 'crypt/ISAAC'
|
24
11
|
|
25
12
|
require 'active_support'
|
26
13
|
require 'yaml'
|
27
14
|
|
28
|
-
# enable xhtml source code indentation for debugging views
|
29
|
-
#Markaby::Builder.set(:indent, 2)
|
30
|
-
|
31
15
|
|
32
16
|
# Camping.goes must be called after the authenticator class is loaded, otherwise weird things happen
|
33
17
|
Camping.goes :CASServer
|
34
18
|
|
35
|
-
|
36
|
-
def init_logger
|
37
|
-
$LOG = CASServer::Utils::Logger.new(CASServer::Conf.log[:file])
|
38
|
-
$LOG.level = "CASServer::Utils::Logger::#{CASServer::Conf.log[:level]}".constantize
|
39
|
-
end
|
40
|
-
module_function :init_logger
|
41
|
-
|
42
|
-
def init_db_logger
|
43
|
-
begin
|
44
|
-
if CASServer::Conf.db_log
|
45
|
-
log_file = CASServer::Conf.db_log[:file] || 'casserver_db.log'
|
46
|
-
CASServer::Models::Base.logger = Logger.new(log_file)
|
47
|
-
CASServer::Models::Base.logger.level = "CASServer::Utils::Logger::#{CASServer::Conf.db_log[:level] || 'DEBUG'}".constantize
|
48
|
-
end
|
49
|
-
rescue Errno::EACCES => e
|
50
|
-
$LOG.warn "Can't write to database log file at '#{log_file}': #{e}"
|
51
|
-
end
|
52
|
-
end
|
53
|
-
module_function :init_db_logger
|
19
|
+
$CONFIG_FILE ||= '/etc/rubycas-server/config.yml'
|
54
20
|
|
21
|
+
# for some reason this makes JRuby happy
|
22
|
+
class CASServer::Models::Base
|
23
|
+
end
|
24
|
+
|
25
|
+
CASServer.picnic!
|
26
|
+
|
27
|
+
$CONF[:expire_sessions] ||= false
|
28
|
+
$CONF[:login_ticket_expiry] ||= 5.minutes
|
29
|
+
$CONF[:service_ticket_expiry] ||= 5.minutes # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
|
30
|
+
$CONF[:proxy_granting_ticket_expiry] ||= 48.hours
|
31
|
+
$CONF[:ticket_granting_ticket_expiry] ||= 48.hours
|
32
|
+
$CONF[:log] ||= {:file => 'casserver.log', :level => 'DEBUG'}
|
33
|
+
$CONF[:uri_path] ||= "/"
|
34
|
+
|
35
|
+
unless $CONF[:authenticator]
|
36
|
+
$stderr.puts
|
37
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
38
|
+
$stderr.puts
|
39
|
+
$stderr.puts "You have not yet defined an authenticator for your CAS server!"
|
40
|
+
$stderr.puts "Please consult your config file at #{$CONFIG_FILE.inspect} for details."
|
41
|
+
$stderr.puts
|
42
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
43
|
+
exit 1
|
55
44
|
end
|
56
45
|
|
57
46
|
require 'casserver/utils'
|
58
47
|
require 'casserver/models'
|
59
48
|
require 'casserver/cas'
|
60
|
-
require 'casserver/conf'
|
61
49
|
require 'casserver/views'
|
62
50
|
require 'casserver/controllers'
|
63
51
|
|
64
|
-
|
52
|
+
if $CONF[:authenticator].instance_of? Array
|
53
|
+
$CONF[:authenticator].each_index do |auth_index|
|
54
|
+
$CONF[:authenticator][auth_index] = HashWithIndifferentAccess.new($CONF[:authenticator][auth_index])
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
$AUTH = []
|
59
|
+
begin
|
60
|
+
# attempt to instantiate the authenticator
|
61
|
+
if $CONF[:authenticator].instance_of? Array
|
62
|
+
$CONF[:authenticator].each { |authenticator| $AUTH << authenticator[:class].constantize.new}
|
63
|
+
else
|
64
|
+
$AUTH << $CONF[:authenticator][:class].constantize.new
|
65
|
+
end
|
66
|
+
rescue NameError
|
67
|
+
if $CONF[:authenticator].instance_of? Array
|
68
|
+
$CONF[:authenticator].each do |authenticator|
|
69
|
+
if !authenticator[:source].nil?
|
70
|
+
# config.yml explicitly names source file
|
71
|
+
require authenticator[:source]
|
72
|
+
else
|
73
|
+
# the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
|
74
|
+
auth_rb = authenticator[:class].underscore.gsub('cas_server/', '')
|
75
|
+
require 'casserver/'+auth_rb
|
76
|
+
end
|
77
|
+
$AUTH << authenticator[:class].constantize.new
|
78
|
+
end
|
79
|
+
else
|
80
|
+
if !$CONF[:authenticator][:source].nil?
|
81
|
+
# config.yml explicitly names source file
|
82
|
+
require $CONF[:authenticator][:source]
|
83
|
+
else
|
84
|
+
# the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
|
85
|
+
auth_rb = $CONF[:authenticator][:class].underscore.gsub('cas_server/', '')
|
86
|
+
require 'casserver/'+auth_rb
|
87
|
+
end
|
88
|
+
|
89
|
+
$AUTH << $CONF[:authenticator][:class].constantize.new
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
$CONF[:public_dir] = {
|
94
|
+
:path => "/themes",
|
95
|
+
:dir => File.expand_path(File.dirname(__FILE__))+"/themes"
|
96
|
+
}
|
65
97
|
|
66
|
-
# do initialization stuff
|
67
98
|
def CASServer.create
|
99
|
+
$LOG.info "Creating RubyCAS-Server..."
|
100
|
+
CASServer::Models::Base.establish_connection(CASServer::Conf.database)
|
68
101
|
CASServer::Models.create_schema
|
69
102
|
|
70
|
-
$LOG.info("RubyCAS-Server #{CASServer::VERSION::STRING} initialized.")
|
71
|
-
|
72
|
-
$LOG.debug("Configuration is:\n#{$CONF.to_yaml}")
|
73
|
-
$LOG.debug("Authenticator is: #{$AUTH}")
|
74
|
-
|
75
103
|
CASServer::Models::ServiceTicket.cleanup_expired(CASServer::Conf.service_ticket_expiry)
|
76
104
|
CASServer::Models::LoginTicket.cleanup_expired(CASServer::Conf.login_ticket_expiry)
|
77
105
|
CASServer::Models::ProxyGrantingTicket.cleanup_expired(CASServer::Conf.proxy_granting_ticket_expiry)
|
@@ -79,34 +107,4 @@ def CASServer.create
|
|
79
107
|
end
|
80
108
|
|
81
109
|
|
82
|
-
|
83
|
-
if __FILE__ == $0 || $RUN
|
84
|
-
CASServer::Models::Base.establish_connection(CASServer::Conf.database)
|
85
|
-
CASServer.init_db_logger unless CASServer::Conf.server.to_s == 'mongrel'
|
86
|
-
|
87
|
-
require 'casserver/postambles'
|
88
|
-
include CASServer::Postambles
|
89
|
-
|
90
|
-
if $PID_FILE && (CASServer::Conf.server.to_s != 'mongrel' || CASServer::Conf.server.to_s != 'webrick')
|
91
|
-
$LOG.warn("Unable to create a pid file. You must use mongrel or webrick for this feature.")
|
92
|
-
end
|
93
|
-
|
94
|
-
require 'casserver/version'
|
95
|
-
puts
|
96
|
-
puts "*** Starting RubyCAS-Server #{CASServer::VERSION::STRING} using codebase at #{$CASSERVER_HOME}"
|
97
|
-
|
98
|
-
|
99
|
-
begin
|
100
|
-
raise NoMethodError if CASServer::Conf.server.nil?
|
101
|
-
send(CASServer::Conf.server)
|
102
|
-
rescue NoMethodError
|
103
|
-
# FIXME: this rescue can sometime report the incorrect error messages due to other underlying problems
|
104
|
-
# raising a NoMethodError
|
105
|
-
if CASServer::Conf.server
|
106
|
-
raise "The server setting '#{CASServer::Conf.server}' in your config.yml file is invalid."
|
107
|
-
else
|
108
|
-
raise "You must have a 'server' setting in your config.yml file. Please see the RubyCAS-Server documentation."
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
end
|
110
|
+
CASServer.start_picnic
|
@@ -1,5 +1,8 @@
|
|
1
1
|
require 'casserver/authenticators/ldap'
|
2
2
|
|
3
|
+
# Slightly modified version of the LDAP authenticator for Microsoft's ActiveDirectory.
|
4
|
+
# The only difference is that the default_username_attribute for AD is 'sAMAccountName'
|
5
|
+
# rather than 'uid'.
|
3
6
|
class CASServer::Authenticators::ActiveDirectoryLDAP < CASServer::Authenticators::LDAP
|
4
7
|
protected
|
5
8
|
def default_username_attribute
|
@@ -4,10 +4,23 @@ begin
|
|
4
4
|
require 'net/ldap'
|
5
5
|
rescue LoadError
|
6
6
|
require 'rubygems'
|
7
|
-
|
7
|
+
begin
|
8
|
+
gem 'ruby-net-ldap', '~> 0.0.4'
|
9
|
+
rescue Gem::LoadError
|
10
|
+
$stderr.puts
|
11
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
12
|
+
$stderr.puts
|
13
|
+
$stderr.puts "To use the LDAP/AD authenticator, you must first install the 'ruby-net-ldap' gem."
|
14
|
+
$stderr.puts
|
15
|
+
$stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
16
|
+
exit 1
|
17
|
+
end
|
8
18
|
require 'net/ldap'
|
9
19
|
end
|
10
20
|
|
21
|
+
# Basic LDAP authenticator. Should be compatible with OpenLDAP and other similar LDAP servers,
|
22
|
+
# although it hasn't been officially tested. See example config file for details on how
|
23
|
+
# to configure it.
|
11
24
|
class CASServer::Authenticators::LDAP < CASServer::Authenticators::Base
|
12
25
|
def validate(credentials)
|
13
26
|
read_standard_credentials(credentials)
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'casserver/authenticators/base'
|
2
|
+
|
3
|
+
require 'digest/sha1'
|
4
|
+
require 'digest/sha2'
|
5
|
+
|
6
|
+
$: << File.dirname(File.expand_path(__FILE__)) + "/../../../vendor/isaac_0.9.1"
|
7
|
+
require 'crypt/ISAAC'
|
8
|
+
|
9
|
+
begin
|
10
|
+
require 'active_record'
|
11
|
+
rescue LoadError
|
12
|
+
require 'rubygems'
|
13
|
+
require 'active_record'
|
14
|
+
end
|
15
|
+
|
16
|
+
# This is a more secure version of the SQL authenticator. Passwords are encrypted
|
17
|
+
# rather than being stored in plain text.
|
18
|
+
#
|
19
|
+
# Based on code contributed by Ben Mabey.
|
20
|
+
#
|
21
|
+
# Using this authenticator requires some configuration on the client side. Please see
|
22
|
+
# http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
|
23
|
+
class CASServer::Authenticators::SQLEncrypted < CASServer::Authenticators::Base
|
24
|
+
|
25
|
+
def validate(credentials)
|
26
|
+
read_standard_credentials(credentials)
|
27
|
+
|
28
|
+
raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
29
|
+
raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:database]
|
30
|
+
|
31
|
+
CASUser.establish_connection @options[:database]
|
32
|
+
CASUser.set_table_name @options[:user_table] || "users"
|
33
|
+
|
34
|
+
username_column = @options[:username_column] || "username"
|
35
|
+
|
36
|
+
results = CASUser.find(:all, :conditions => ["#{username_column} = ?", @username])
|
37
|
+
|
38
|
+
if results.size > 0
|
39
|
+
$LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1
|
40
|
+
user = results.first
|
41
|
+
return user.encrypted_password == user.encrypt(@password)
|
42
|
+
else
|
43
|
+
return false
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# Include this module into your application's user model.
|
48
|
+
#
|
49
|
+
# Your model must have an 'encrypted_password' column where the password will be stored,
|
50
|
+
# and an 'encryption_salt' column that will be populated with a random string before
|
51
|
+
# the user record is first created.
|
52
|
+
module EncryptedPassword
|
53
|
+
def self.included(mod)
|
54
|
+
raise "#{self} should be inclued in an ActiveRecord class!" unless mod.respond_to?(:before_save)
|
55
|
+
mod.before_save :generate_encryption_salt
|
56
|
+
end
|
57
|
+
|
58
|
+
def encrypt(str)
|
59
|
+
Digest::SHA256.hexdigest("#{encryption_salt}::#{str}")
|
60
|
+
end
|
61
|
+
|
62
|
+
def password=(password)
|
63
|
+
self[:encrypted_password] = encrypt(password)
|
64
|
+
end
|
65
|
+
|
66
|
+
def generate_encryption_salt
|
67
|
+
self.encryption_salt = Digest::SHA1.hexdigest(Crypt::ISAAC.new.rand(2**31).to_s) unless
|
68
|
+
encryption_salt
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
class CASUser < ActiveRecord::Base
|
73
|
+
include EncryptedPassword
|
74
|
+
end
|
75
|
+
end
|
@@ -55,7 +55,7 @@ module CASServer::Controllers
|
|
55
55
|
|
56
56
|
@lt = lt.ticket
|
57
57
|
|
58
|
-
|
58
|
+
#$LOG.debug(env)
|
59
59
|
|
60
60
|
# If the 'onlyLoginForm' parameter is specified, we will only return the
|
61
61
|
# login form part of the page. This is useful for when you want to
|
@@ -95,10 +95,19 @@ module CASServer::Controllers
|
|
95
95
|
@password = @input['password']
|
96
96
|
@lt = @input['lt']
|
97
97
|
|
98
|
+
# Remove leading and trailing widespace from username.
|
99
|
+
@username.strip! if @username
|
100
|
+
|
101
|
+
if @username && $CONF[:downcase_username]
|
102
|
+
$LOG.debug("Converting username #{@username.inspect} to lowercase because 'downcase_username' option is enabled.")
|
103
|
+
@username.downcase!
|
104
|
+
end
|
105
|
+
|
98
106
|
if error = validate_login_ticket(@lt)
|
99
107
|
@message = {:type => 'mistake', :message => error}
|
100
108
|
# generate another login ticket to allow for re-submitting the form
|
101
109
|
@lt = generate_login_ticket.ticket
|
110
|
+
@status = 401
|
102
111
|
return render(:login)
|
103
112
|
end
|
104
113
|
|
@@ -162,6 +171,7 @@ module CASServer::Controllers
|
|
162
171
|
else
|
163
172
|
$LOG.warn("Invalid credentials given for user '#{@username}'")
|
164
173
|
@message = {:type => 'mistake', :message => "Incorrect username or password."}
|
174
|
+
@status = 401
|
165
175
|
end
|
166
176
|
|
167
177
|
render :login
|
@@ -180,8 +190,8 @@ module CASServer::Controllers
|
|
180
190
|
# "logout" page, we take the user back to the login page with a "you have been logged out"
|
181
191
|
# message, allowing for an opportunity to immediately log back in. This makes it
|
182
192
|
# easier for the user to log out and log in as someone else.
|
183
|
-
@service = @input['
|
184
|
-
|
193
|
+
@service = @input['service'] || @input['destination']
|
194
|
+
@continue_url = @input['url']
|
185
195
|
|
186
196
|
@gateway = @input['gateway'] == 'true' || @input['gateway'] == '1'
|
187
197
|
|
@@ -208,10 +218,15 @@ module CASServer::Controllers
|
|
208
218
|
|
209
219
|
@message = {:type => 'confirmation', :message => "You have successfully logged out."}
|
210
220
|
|
221
|
+
@message[:message] <<
|
222
|
+
" Please click on the following link to continue:" if @continue_url
|
223
|
+
|
211
224
|
@lt = generate_login_ticket
|
212
225
|
|
213
226
|
if @gateway && @service
|
214
227
|
redirect(@service, :status => 303)
|
228
|
+
elsif @continue_url
|
229
|
+
render :logout
|
215
230
|
else
|
216
231
|
render :login
|
217
232
|
end
|
@@ -291,10 +306,6 @@ module CASServer::Controllers
|
|
291
306
|
t, @error = validate_proxy_ticket(@service, @ticket)
|
292
307
|
@success = t && !@error
|
293
308
|
|
294
|
-
if @success
|
295
|
-
|
296
|
-
end
|
297
|
-
|
298
309
|
if @success
|
299
310
|
@username = t.username
|
300
311
|
|
@@ -355,7 +366,7 @@ module CASServer::Controllers
|
|
355
366
|
CASServer::Utils::log_controller_action(self.class, @input)
|
356
367
|
lt = generate_login_ticket
|
357
368
|
|
358
|
-
$LOG.debug("
|
369
|
+
$LOG.debug("Dispensing login ticket #{lt} to host #{(env['REMOTE_HOST'] || env['REMOTE_ADDR']).inspect}")
|
359
370
|
|
360
371
|
@lt = lt.ticket
|
361
372
|
|
@@ -0,0 +1,23 @@
|
|
1
|
+
$: << File.dirname(File.expand_path(__FILE__))
|
2
|
+
|
3
|
+
# Try to load local version of Picnic if possible (for development purposes)
|
4
|
+
$: << File.dirname(File.expand_path(__FILE__))+"/../../../picnic/lib"
|
5
|
+
$: << File.dirname(File.expand_path(__FILE__))+"/../../vendor/picnic/lib"
|
6
|
+
|
7
|
+
begin
|
8
|
+
require 'picnic'
|
9
|
+
rescue LoadError => e
|
10
|
+
# make sure that the LoadError was about picnic and not something else
|
11
|
+
raise e unless e.to_s =~ /picnic/
|
12
|
+
|
13
|
+
require 'rubygems'
|
14
|
+
|
15
|
+
# make things backwards-compatible for rubygems < 0.9.0
|
16
|
+
unless Object.method_defined? :gem
|
17
|
+
alias gem require_gem
|
18
|
+
end
|
19
|
+
|
20
|
+
gem 'picnic'
|
21
|
+
|
22
|
+
require 'picnic'
|
23
|
+
end
|
data/lib/casserver/models.rb
CHANGED
@@ -10,22 +10,19 @@ module CASServer::Models
|
|
10
10
|
end
|
11
11
|
|
12
12
|
class Ticket < Base
|
13
|
-
self.abstract_class = true
|
14
13
|
def to_s
|
15
14
|
ticket
|
16
15
|
end
|
17
16
|
|
18
17
|
def self.cleanup_expired(expiry_time)
|
19
18
|
transaction do
|
20
|
-
|
21
|
-
|
19
|
+
conditions = ["created_on < ?", Time.now - expiry_time]
|
20
|
+
expired_tickets_count = count(:conditions => conditions)
|
22
21
|
|
23
|
-
$LOG.debug("Destroying #{
|
24
|
-
"#{'s' if
|
22
|
+
$LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.split('::').last}"+
|
23
|
+
"#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
|
25
24
|
|
26
|
-
|
27
|
-
t.destroy
|
28
|
-
end
|
25
|
+
destroy_all(conditions)
|
29
26
|
end
|
30
27
|
end
|
31
28
|
end
|
@@ -40,10 +37,16 @@ module CASServer::Models
|
|
40
37
|
include Consumable
|
41
38
|
|
42
39
|
def matches_service?(service)
|
43
|
-
#
|
40
|
+
# Remove CAS-related parameters from the service URL, since they really shoudln't
|
41
|
+
# be there (some misbehaving clients include them in the service URL).
|
42
|
+
['service', 'ticket', 'gateway', 'renew'].each do |p|
|
43
|
+
service.gsub!(Regexp.new("#{p}=[^&]*"), '')
|
44
|
+
end
|
45
|
+
|
46
|
+
# We ignore the trailing slash and ? in URLs, since
|
44
47
|
# "http://www.google.com/" and "http://www.google.com" are almost
|
45
48
|
# certainly the same service.
|
46
|
-
self.service.gsub(
|
49
|
+
self.service.gsub(/[\/\?]$/, '') == service.gsub(/[\/\?]$/, '')
|
47
50
|
end
|
48
51
|
end
|
49
52
|
|
@@ -76,45 +79,51 @@ module CASServer::Models
|
|
76
79
|
|
77
80
|
class CreateCASServer < V 0.1
|
78
81
|
def self.up
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
create_table :casserver_service_tickets, :force => true do |t|
|
89
|
-
t.column :ticket, :string, :null => false
|
90
|
-
t.column :service, :string, :null => false
|
91
|
-
t.column :created_on, :timestamp, :null => false
|
92
|
-
t.column :consumed, :datetime, :null => true
|
93
|
-
t.column :client_hostname, :string, :null => false
|
94
|
-
t.column :username, :string, :null => false
|
95
|
-
t.column :type, :string, :null => false
|
96
|
-
t.column :proxy_granting_ticket_id, :integer, :null => true
|
97
|
-
end
|
98
|
-
|
99
|
-
create_table :casserver_ticket_granting_tickets, :force => true do |t|
|
100
|
-
t.column :ticket, :string, :null => false
|
101
|
-
t.column :created_on, :timestamp, :null => false
|
102
|
-
t.column :client_hostname, :string, :null => false
|
103
|
-
t.column :username, :string, :null => false
|
104
|
-
end
|
82
|
+
if ActiveRecord::Base.connection.table_alias_length > 30
|
83
|
+
$LOG.info("Creating database with long table names...")
|
84
|
+
|
85
|
+
create_table :casserver_login_tickets, :force => true do |t|
|
86
|
+
t.column :ticket, :string, :null => false
|
87
|
+
t.column :created_on, :timestamp, :null => false
|
88
|
+
t.column :consumed, :datetime, :null => true
|
89
|
+
t.column :client_hostname, :string, :null => false
|
90
|
+
end
|
105
91
|
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
92
|
+
create_table :casserver_service_tickets, :force => true do |t|
|
93
|
+
t.column :ticket, :string, :null => false
|
94
|
+
t.column :service, :string, :null => false
|
95
|
+
t.column :created_on, :timestamp, :null => false
|
96
|
+
t.column :consumed, :datetime, :null => true
|
97
|
+
t.column :client_hostname, :string, :null => false
|
98
|
+
t.column :username, :string, :null => false
|
99
|
+
t.column :type, :string, :null => false
|
100
|
+
t.column :proxy_granting_ticket_id, :integer, :null => true
|
101
|
+
end
|
102
|
+
|
103
|
+
create_table :casserver_ticket_granting_tickets, :force => true do |t|
|
104
|
+
t.column :ticket, :string, :null => false
|
105
|
+
t.column :created_on, :timestamp, :null => false
|
106
|
+
t.column :client_hostname, :string, :null => false
|
107
|
+
t.column :username, :string, :null => false
|
108
|
+
end
|
109
|
+
|
110
|
+
create_table :casserver_proxy_granting_tickets, :force => true do |t|
|
111
|
+
t.column :ticket, :string, :null => false
|
112
|
+
t.column :created_on, :timestamp, :null => false
|
113
|
+
t.column :client_hostname, :string, :null => false
|
114
|
+
t.column :iou, :string, :null => false
|
115
|
+
t.column :service_ticket_id, :integer, :null => false
|
116
|
+
end
|
112
117
|
end
|
113
118
|
end
|
114
119
|
|
115
120
|
def self.down
|
116
|
-
|
117
|
-
|
121
|
+
if ActiveRecord::Base.connection.table_alias_length > 30
|
122
|
+
drop_table :casserver_proxy_granting_tickets
|
123
|
+
drop_table :casserver_ticket_granting_tickets
|
124
|
+
drop_table :casserver_service_tickets
|
125
|
+
drop_table :casserver_login_tickets
|
126
|
+
end
|
118
127
|
end
|
119
128
|
end
|
120
129
|
|
@@ -122,18 +131,60 @@ module CASServer::Models
|
|
122
131
|
# See http://code.google.com/p/rubycas-server/issues/detail?id=15
|
123
132
|
class ShortenTableNames < V 0.5
|
124
133
|
def self.up
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
134
|
+
if ActiveRecord::Base.connection.table_alias_length > 30
|
135
|
+
$LOG.info("Shortening table names")
|
136
|
+
rename_table :casserver_login_tickets, :casserver_lt
|
137
|
+
rename_table :casserver_service_tickets, :casserver_st
|
138
|
+
rename_table :casserver_ticket_granting_tickets, :casserver_tgt
|
139
|
+
rename_table :casserver_proxy_granting_tickets, :casserver_pgt
|
140
|
+
else
|
141
|
+
create_table :casserver_lt, :force => true do |t|
|
142
|
+
t.column :ticket, :string, :null => false
|
143
|
+
t.column :created_on, :timestamp, :null => false
|
144
|
+
t.column :consumed, :datetime, :null => true
|
145
|
+
t.column :client_hostname, :string, :null => false
|
146
|
+
end
|
147
|
+
|
148
|
+
create_table :casserver_st, :force => true do |t|
|
149
|
+
t.column :ticket, :string, :null => false
|
150
|
+
t.column :service, :string, :null => false
|
151
|
+
t.column :created_on, :timestamp, :null => false
|
152
|
+
t.column :consumed, :datetime, :null => true
|
153
|
+
t.column :client_hostname, :string, :null => false
|
154
|
+
t.column :username, :string, :null => false
|
155
|
+
t.column :type, :string, :null => false
|
156
|
+
t.column :proxy_granting_ticket_id, :integer, :null => true
|
157
|
+
end
|
158
|
+
|
159
|
+
create_table :casserver_tgt, :force => true do |t|
|
160
|
+
t.column :ticket, :string, :null => false
|
161
|
+
t.column :created_on, :timestamp, :null => false
|
162
|
+
t.column :client_hostname, :string, :null => false
|
163
|
+
t.column :username, :string, :null => false
|
164
|
+
end
|
165
|
+
|
166
|
+
create_table :casserver_pgt, :force => true do |t|
|
167
|
+
t.column :ticket, :string, :null => false
|
168
|
+
t.column :created_on, :timestamp, :null => false
|
169
|
+
t.column :client_hostname, :string, :null => false
|
170
|
+
t.column :iou, :string, :null => false
|
171
|
+
t.column :service_ticket_id, :integer, :null => false
|
172
|
+
end
|
173
|
+
end
|
130
174
|
end
|
131
175
|
|
132
176
|
def self.down
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
177
|
+
if ActiveRecord::Base.connection.table_alias_length > 30
|
178
|
+
rename_table :casserver_lt, :cassserver_login_tickets
|
179
|
+
rename_table :casserver_st, :casserver_service_tickets
|
180
|
+
rename_table :casserver_tgt, :casserver_ticket_granting_tickets
|
181
|
+
rename_table :casserver_pgt, :casserver_proxy_granting_tickets
|
182
|
+
else
|
183
|
+
drop_table :casserver_pgt
|
184
|
+
drop_table :casserver_tgt
|
185
|
+
drop_table :casserver_st
|
186
|
+
drop_table :casserver_lt
|
187
|
+
end
|
137
188
|
end
|
138
189
|
end
|
139
190
|
end
|