rubycas-server 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.txt +1 -186
- data/History.txt +247 -0
- data/Manifest.txt +27 -2
- data/PostInstall.txt +3 -0
- data/Rakefile +4 -60
- data/bin/rubycas-server +2 -2
- data/bin/rubycas-server-ctl +0 -0
- data/casserver.db +0 -0
- data/casserver.log +792 -0
- data/casserver_db.log +88 -0
- data/config/hoe.rb +76 -0
- data/config/requirements.rb +15 -0
- data/config.example.yml +130 -6
- data/lib/casserver/authenticators/base.rb +20 -0
- data/lib/casserver/authenticators/client_certificate.rb +46 -0
- data/lib/casserver/authenticators/google.rb +54 -0
- data/lib/casserver/authenticators/ldap.rb +70 -40
- data/lib/casserver/authenticators/ntlm.rb +88 -0
- data/lib/casserver/authenticators/open_id.rb +22 -0
- data/lib/casserver/authenticators/sql.rb +66 -1
- data/lib/casserver/authenticators/sql_md5.rb +19 -0
- data/lib/casserver/authenticators/test.rb +5 -1
- data/lib/casserver/cas.rb +97 -22
- data/lib/casserver/controllers.rb +95 -34
- data/lib/casserver/environment.rb +16 -9
- data/lib/casserver/models.rb +38 -10
- data/lib/casserver/version.rb +1 -1
- data/lib/casserver/views.rb +38 -22
- data/lib/casserver.rb +13 -9
- data/lib/rubycas-server/version.rb +1 -0
- data/lib/rubycas-server.rb +1 -1
- data/lib/themes/notice.png +0 -0
- data/lib/themes/simple/logo.png +0 -0
- data/misc/basic_cas_single_signon_mechanism_diagram.png +0 -0
- data/misc/basic_cas_single_signon_mechanism_diagram.svg +652 -0
- data/script/console +10 -0
- data/script/destroy +14 -0
- data/script/generate +14 -0
- data/script/txt2html +82 -0
- data/tasks/deployment.rake +34 -0
- data/tasks/environment.rake +7 -0
- data/tasks/website.rake +17 -0
- data/website/index.html +40 -0
- data/website/index.txt +3 -0
- data/website/javascripts/rounded_corners_lite.inc.js +285 -0
- data/website/stylesheets/screen.css +138 -0
- data/website/template.html.erb +40 -0
- metadata +45 -33
- data/test/test_cas.rb +0 -33
- data/test/test_casserver.rb +0 -125
@@ -17,7 +17,7 @@ module CASServer::Controllers
|
|
17
17
|
headers['Expires'] = (Time.now - 1.year).rfc2822
|
18
18
|
|
19
19
|
# optional params
|
20
|
-
@service = @input['service']
|
20
|
+
@service = clean_service_url(@input['service'])
|
21
21
|
@renew = @input['renew']
|
22
22
|
@gateway = @input['gateway'] == 'true' || @input['gateway'] == '1'
|
23
23
|
|
@@ -26,13 +26,19 @@ module CASServer::Controllers
|
|
26
26
|
end
|
27
27
|
|
28
28
|
if tgt and !tgt_error
|
29
|
-
@message = {:type => 'notice',
|
29
|
+
@message = {:type => 'notice',
|
30
|
+
:message => %{You are currently logged in as "#{tgt.username}". If this is not you, please log in below.}}
|
31
|
+
end
|
32
|
+
|
33
|
+
if @input['redirection_loop_intercepted']
|
34
|
+
@message = {:type => 'mistake',
|
35
|
+
:message => %{The client and server are unable to negotiate authentication. Please try logging in again later.}}
|
30
36
|
end
|
31
37
|
|
32
38
|
begin
|
33
39
|
if @service
|
34
40
|
if !@renew && tgt && !tgt_error
|
35
|
-
st = generate_service_ticket(@service, tgt.username)
|
41
|
+
st = generate_service_ticket(@service, tgt.username, tgt)
|
36
42
|
service_with_ticket = service_uri_with_ticket(@service, st)
|
37
43
|
$LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
|
38
44
|
return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
|
@@ -42,11 +48,13 @@ module CASServer::Controllers
|
|
42
48
|
end
|
43
49
|
elsif @gateway
|
44
50
|
$LOG.error("This is a gateway request but no service parameter was given!")
|
45
|
-
@message = {:type => 'mistake',
|
51
|
+
@message = {:type => 'mistake',
|
52
|
+
:message => "The server cannot fulfill this gateway request because no service parameter was given."}
|
46
53
|
end
|
47
|
-
rescue
|
54
|
+
rescue URI::InvalidURIError
|
48
55
|
$LOG.error("The service '#{@service}' is not a valid URI!")
|
49
|
-
@message = {:type => 'mistake',
|
56
|
+
@message = {:type => 'mistake',
|
57
|
+
:message => "The target service your browser supplied appears to be invalid. Please contact your system administrator for help."}
|
50
58
|
end
|
51
59
|
|
52
60
|
lt = generate_login_ticket
|
@@ -75,7 +83,7 @@ module CASServer::Controllers
|
|
75
83
|
render :login_form
|
76
84
|
else
|
77
85
|
@status = 500
|
78
|
-
"Could not guess the CAS login URI. Please supply a
|
86
|
+
"Could not guess the CAS login URI. Please supply a submitToURI parameter with your request."
|
79
87
|
end
|
80
88
|
else
|
81
89
|
render :login
|
@@ -87,8 +95,7 @@ module CASServer::Controllers
|
|
87
95
|
CASServer::Utils::log_controller_action(self.class, @input)
|
88
96
|
|
89
97
|
# 2.2.1 (optional)
|
90
|
-
@service = @input['service']
|
91
|
-
@warn = @input['warn']
|
98
|
+
@service = clean_service_url(@input['service'])
|
92
99
|
|
93
100
|
# 2.2.2 (required)
|
94
101
|
@username = @input['username']
|
@@ -123,10 +130,21 @@ module CASServer::Controllers
|
|
123
130
|
$LOG.debug("Logging in with username: #{@username}, lt: #{@lt}, service: #{@service}, auth: #{$AUTH}")
|
124
131
|
|
125
132
|
credentials_are_valid = false
|
133
|
+
extra_attributes = {}
|
134
|
+
successful_authenticator = nil
|
126
135
|
begin
|
127
136
|
$AUTH.each do |auth|
|
128
|
-
credentials_are_valid = auth.validate(
|
129
|
-
|
137
|
+
credentials_are_valid = auth.validate(
|
138
|
+
:username => @username,
|
139
|
+
:password => @password,
|
140
|
+
:service => @service,
|
141
|
+
:request => env
|
142
|
+
)
|
143
|
+
if credentials_are_valid
|
144
|
+
extra_attributes.merge!(auth.extra_attributes) unless auth.extra_attributes.blank?
|
145
|
+
successful_authenticator = auth
|
146
|
+
break
|
147
|
+
end
|
130
148
|
end
|
131
149
|
rescue CASServer::AuthenticatorError => e
|
132
150
|
$LOG.error(e)
|
@@ -135,10 +153,11 @@ module CASServer::Controllers
|
|
135
153
|
end
|
136
154
|
|
137
155
|
if credentials_are_valid
|
138
|
-
$LOG.info("Credentials for username '#{@username}' successfully validated")
|
156
|
+
$LOG.info("Credentials for username '#{@username}' successfully validated using #{successful_authenticator.class.name}.")
|
157
|
+
$LOG.debug("Authenticator provided additional user attributes: #{extra_attributes.inspect}") unless extra_attributes.blank?
|
139
158
|
|
140
159
|
# 3.6 (ticket-granting cookie)
|
141
|
-
tgt = generate_ticket_granting_ticket(@username)
|
160
|
+
tgt = generate_ticket_granting_ticket(@username, extra_attributes)
|
142
161
|
|
143
162
|
if CASServer::Conf.expire_sessions
|
144
163
|
expires = CASServer::Conf.ticket_granting_ticket_expiry.to_i.from_now
|
@@ -147,17 +166,22 @@ module CASServer::Controllers
|
|
147
166
|
expiry_info = " It will not expire."
|
148
167
|
end
|
149
168
|
|
150
|
-
|
151
|
-
|
152
|
-
|
169
|
+
if CASServer::Conf.expire_sessions
|
170
|
+
@cookies[:tgt] = {
|
171
|
+
:value => tgt.to_s,
|
172
|
+
:expires => Time.now + CASServer::Conf.ticket_granting_ticket_expiry
|
173
|
+
}
|
174
|
+
else
|
175
|
+
@cookies[:tgt] = tgt.to_s
|
176
|
+
end
|
153
177
|
|
154
|
-
$LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'. #{expiry_info}")
|
178
|
+
$LOG.debug("Ticket granting cookie '#{@cookies[:tgt].inspect}' granted to '#{@username.inspect}'. #{expiry_info}")
|
155
179
|
|
156
180
|
if @service.blank?
|
157
181
|
$LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
|
158
182
|
@message = {:type => 'confirmation', :message => "You have successfully logged in."}
|
159
183
|
else
|
160
|
-
@st = generate_service_ticket(@service, @username)
|
184
|
+
@st = generate_service_ticket(@service, @username, tgt)
|
161
185
|
begin
|
162
186
|
service_with_ticket = service_uri_with_ticket(@service, @st)
|
163
187
|
|
@@ -190,7 +214,7 @@ module CASServer::Controllers
|
|
190
214
|
# "logout" page, we take the user back to the login page with a "you have been logged out"
|
191
215
|
# message, allowing for an opportunity to immediately log back in. This makes it
|
192
216
|
# easier for the user to log out and log in as someone else.
|
193
|
-
@service = @input['service'] || @input['destination']
|
217
|
+
@service = clean_service_url(@input['service'] || @input['destination'])
|
194
218
|
@continue_url = @input['url']
|
195
219
|
|
196
220
|
@gateway = @input['gateway'] == 'true' || @input['gateway'] == '1'
|
@@ -200,16 +224,29 @@ module CASServer::Controllers
|
|
200
224
|
@cookies.delete :tgt
|
201
225
|
|
202
226
|
if tgt
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
227
|
+
CASServer::Models::TicketGrantingTicket.transaction do
|
228
|
+
pgts = CASServer::Models::ProxyGrantingTicket.find(:all,
|
229
|
+
:conditions => [CASServer::Models::Base.connection.quote_table_name(CASServer::Models::ServiceTicket.table_name)+".username = ?", tgt.username],
|
230
|
+
:include => :service_ticket)
|
231
|
+
pgts.each do |pgt|
|
232
|
+
$LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{pgt.service_ticket.username}'")
|
233
|
+
pgt.destroy
|
234
|
+
end
|
235
|
+
|
236
|
+
if CASServer::Conf.enable_single_sign_out
|
237
|
+
$LOG.debug("Deleting Service/Proxy Tickets for '#{tgt}' for user '#{tgt.username}'")
|
238
|
+
tgt.service_tickets.each do |st|
|
239
|
+
send_logout_notification_for_service_ticket(st)
|
240
|
+
# TODO: Maybe we should do some special handling if send_logout_notification_for_service_ticket fails?
|
241
|
+
# (the above method returns false if the POST results in a non-200 HTTP response).
|
242
|
+
$LOG.debug "Deleting #{st.class.name.demodulize} #{st.ticket.inspect}."
|
243
|
+
st.destroy
|
244
|
+
end
|
245
|
+
end
|
246
|
+
|
247
|
+
$LOG.debug("Deleting #{tgt.class.name.demodulize} '#{tgt}' for user '#{tgt.username}'")
|
248
|
+
tgt.destroy
|
249
|
+
end
|
213
250
|
|
214
251
|
$LOG.info("User '#{tgt.username}' logged out.")
|
215
252
|
else
|
@@ -242,7 +279,7 @@ module CASServer::Controllers
|
|
242
279
|
CASServer::Utils::log_controller_action(self.class, @input)
|
243
280
|
|
244
281
|
# required
|
245
|
-
@service = @input['service']
|
282
|
+
@service = clean_service_url(@input['service'])
|
246
283
|
@ticket = @input['ticket']
|
247
284
|
# optional
|
248
285
|
@renew = @input['renew']
|
@@ -252,6 +289,8 @@ module CASServer::Controllers
|
|
252
289
|
|
253
290
|
@username = st.username if @success
|
254
291
|
|
292
|
+
@status = response_status_from_error(@error) if @error
|
293
|
+
|
255
294
|
render :validate
|
256
295
|
end
|
257
296
|
end
|
@@ -265,7 +304,7 @@ module CASServer::Controllers
|
|
265
304
|
CASServer::Utils::log_controller_action(self.class, @input)
|
266
305
|
|
267
306
|
# required
|
268
|
-
@service = @input['service']
|
307
|
+
@service = clean_service_url(@input['service'])
|
269
308
|
@ticket = @input['ticket']
|
270
309
|
# optional
|
271
310
|
@pgt_url = @input['pgtUrl']
|
@@ -280,8 +319,11 @@ module CASServer::Controllers
|
|
280
319
|
pgt = generate_proxy_granting_ticket(@pgt_url, st)
|
281
320
|
@pgtiou = pgt.iou if pgt
|
282
321
|
end
|
322
|
+
@extra_attributes = st.ticket_granting_ticket.extra_attributes || {}
|
283
323
|
end
|
284
324
|
|
325
|
+
@status = response_status_from_error(@error) if @error
|
326
|
+
|
285
327
|
render :service_validate
|
286
328
|
end
|
287
329
|
end
|
@@ -295,7 +337,7 @@ module CASServer::Controllers
|
|
295
337
|
CASServer::Utils::log_controller_action(self.class, @input)
|
296
338
|
|
297
339
|
# required
|
298
|
-
@service = @input['service']
|
340
|
+
@service = clean_service_url(@input['service'])
|
299
341
|
@ticket = @input['ticket']
|
300
342
|
# optional
|
301
343
|
@pgt_url = @input['pgtUrl']
|
@@ -306,6 +348,7 @@ module CASServer::Controllers
|
|
306
348
|
t, @error = validate_proxy_ticket(@service, @ticket)
|
307
349
|
@success = t && !@error
|
308
350
|
|
351
|
+
@extra_attributes = {}
|
309
352
|
if @success
|
310
353
|
@username = t.username
|
311
354
|
|
@@ -317,7 +360,11 @@ module CASServer::Controllers
|
|
317
360
|
pgt = generate_proxy_granting_ticket(@pgt_url, t)
|
318
361
|
@pgtiou = pgt.iou if pgt
|
319
362
|
end
|
363
|
+
|
364
|
+
@extra_attributes = t.ticket_granting_ticket.extra_attributes || {}
|
320
365
|
end
|
366
|
+
|
367
|
+
@status = response_status_from_error(@error) if @error
|
321
368
|
|
322
369
|
render :proxy_validate
|
323
370
|
end
|
@@ -341,6 +388,8 @@ module CASServer::Controllers
|
|
341
388
|
@pt = generate_proxy_ticket(@target_service, pgt)
|
342
389
|
end
|
343
390
|
|
391
|
+
@status = response_status_from_error(@error) if @error
|
392
|
+
|
344
393
|
render :proxy
|
345
394
|
end
|
346
395
|
end
|
@@ -356,7 +405,7 @@ module CASServer::Controllers
|
|
356
405
|
def get
|
357
406
|
CASServer::Utils::log_controller_action(self.class, @input)
|
358
407
|
$LOG.error("Tried to use login ticket dispenser with get method!")
|
359
|
-
@status =
|
408
|
+
@status = 422
|
360
409
|
"To generate a login ticket, you must make a POST request."
|
361
410
|
end
|
362
411
|
|
@@ -366,7 +415,7 @@ module CASServer::Controllers
|
|
366
415
|
CASServer::Utils::log_controller_action(self.class, @input)
|
367
416
|
lt = generate_login_ticket
|
368
417
|
|
369
|
-
$LOG.debug("Dispensing login ticket #{lt} to host #{(env['REMOTE_HOST'] || env['REMOTE_ADDR']).inspect}")
|
418
|
+
$LOG.debug("Dispensing login ticket #{lt} to host #{(env['HTTP_X_FORWARDED_FOR'] || env['REMOTE_HOST'] || env['REMOTE_ADDR']).inspect}")
|
370
419
|
|
371
420
|
@lt = lt.ticket
|
372
421
|
|
@@ -388,4 +437,16 @@ module CASServer::Controllers
|
|
388
437
|
end
|
389
438
|
end
|
390
439
|
end
|
440
|
+
|
441
|
+
def response_status_from_error(error)
|
442
|
+
case error.code.to_s
|
443
|
+
when /^INVALID_/, 'BAD_PGT'
|
444
|
+
422
|
445
|
+
when 'INTERNAL_ERROR'
|
446
|
+
500
|
447
|
+
else
|
448
|
+
500
|
449
|
+
end
|
450
|
+
end
|
451
|
+
module_function :response_status_from_error
|
391
452
|
end
|
@@ -1,15 +1,21 @@
|
|
1
1
|
$: << File.dirname(File.expand_path(__FILE__))
|
2
2
|
|
3
3
|
# Try to load local version of Picnic if possible (for development purposes)
|
4
|
-
|
5
|
-
|
4
|
+
alt_picic_paths = []
|
5
|
+
alt_picic_paths << File.dirname(File.expand_path(__FILE__))+"/../../../picnic/lib"
|
6
|
+
alt_picic_paths << File.dirname(File.expand_path(__FILE__))+"/../../vendor/picnic/lib"
|
6
7
|
|
7
8
|
begin
|
9
|
+
require 'active_record'
|
10
|
+
rescue LoadError
|
11
|
+
require 'rubygems'
|
12
|
+
require 'active_record'
|
13
|
+
end
|
14
|
+
|
15
|
+
if alt_picic_paths.any?{|path| File.exists? "#{path}/picnic.rb" }
|
16
|
+
alt_picic_paths.each{|path| $: << path}
|
8
17
|
require 'picnic'
|
9
|
-
|
10
|
-
# make sure that the LoadError was about picnic and not something else
|
11
|
-
raise e unless e.to_s =~ /picnic/
|
12
|
-
|
18
|
+
else
|
13
19
|
require 'rubygems'
|
14
20
|
|
15
21
|
# make things backwards-compatible for rubygems < 0.9.0
|
@@ -17,7 +23,8 @@ rescue LoadError => e
|
|
17
23
|
alias gem require_gem
|
18
24
|
end
|
19
25
|
|
20
|
-
gem 'picnic'
|
21
|
-
|
22
26
|
require 'picnic'
|
23
|
-
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# used for serializing user extra_attributes (see #service_validate in views.rb)
|
30
|
+
require 'yaml'
|
data/lib/casserver/models.rb
CHANGED
@@ -36,17 +36,11 @@ module CASServer::Models
|
|
36
36
|
set_table_name 'casserver_st'
|
37
37
|
include Consumable
|
38
38
|
|
39
|
+
belongs_to :ticket_granting_ticket, :foreign_key => :tgt_id
|
40
|
+
|
39
41
|
def matches_service?(service)
|
40
|
-
|
41
|
-
|
42
|
-
['service', 'ticket', 'gateway', 'renew'].each do |p|
|
43
|
-
service.gsub!(Regexp.new("#{p}=[^&]*"), '')
|
44
|
-
end
|
45
|
-
|
46
|
-
# We ignore the trailing slash and ? in URLs, since
|
47
|
-
# "http://www.google.com/" and "http://www.google.com" are almost
|
48
|
-
# certainly the same service.
|
49
|
-
self.service.gsub(/[\/\?]$/, '') == service.gsub(/[\/\?]$/, '')
|
42
|
+
CASServer::CAS.clean_service_url(self.service) ==
|
43
|
+
CASServer::CAS.clean_service_url(service)
|
50
44
|
end
|
51
45
|
end
|
52
46
|
|
@@ -56,6 +50,10 @@ module CASServer::Models
|
|
56
50
|
|
57
51
|
class TicketGrantingTicket < Ticket
|
58
52
|
set_table_name 'casserver_tgt'
|
53
|
+
|
54
|
+
serialize :extra_attributes
|
55
|
+
|
56
|
+
has_many :service_tickets, :foreign_key => :tgt_id
|
59
57
|
end
|
60
58
|
|
61
59
|
class ProxyGrantingTicket < Ticket
|
@@ -187,4 +185,34 @@ module CASServer::Models
|
|
187
185
|
end
|
188
186
|
end
|
189
187
|
end
|
188
|
+
|
189
|
+
class AddTgtToSt < V 0.7
|
190
|
+
def self.up
|
191
|
+
add_column :casserver_st, :tgt_id, :integer, :null => true
|
192
|
+
end
|
193
|
+
|
194
|
+
def self.down
|
195
|
+
remove_column :casserver_st, :tgt_id, :integer
|
196
|
+
end
|
197
|
+
end
|
198
|
+
|
199
|
+
class ChangeServiceToText < V 0.71
|
200
|
+
def self.up
|
201
|
+
change_column :casserver_st, :service, :text
|
202
|
+
end
|
203
|
+
|
204
|
+
def self.down
|
205
|
+
change_column :casserver_st, :service, :string
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
class AddExtraAttributes < V 0.72
|
210
|
+
def self.up
|
211
|
+
add_column :casserver_tgt, :extra_attributes, :text
|
212
|
+
end
|
213
|
+
|
214
|
+
def self.down
|
215
|
+
remove_column :casserver_tgt, :extra_attributes
|
216
|
+
end
|
217
|
+
end
|
190
218
|
end
|
data/lib/casserver/version.rb
CHANGED
data/lib/casserver/views.rb
CHANGED
@@ -3,7 +3,9 @@
|
|
3
3
|
|
4
4
|
# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
|
5
5
|
Markaby::Builder.set(:auto_validation, false)
|
6
|
-
|
6
|
+
|
7
|
+
# disabled XML indentation because it was causing problems with mod_auth_cas
|
8
|
+
#Markaby::Builder.set(:indent, 2)
|
7
9
|
|
8
10
|
module CASServer::Views
|
9
11
|
|
@@ -62,7 +64,7 @@ module CASServer::Views
|
|
62
64
|
# Just the login form.
|
63
65
|
def login_form
|
64
66
|
form(:method => "post", :action => @form_action || '/login', :id => "login-form",
|
65
|
-
:onsubmit => "
|
67
|
+
:onsubmit => "submitbutton = document.getElementById('login-submit'); submitbutton.value='Please wait...'; submitbutton.disabled=true; return true;") do
|
66
68
|
table(:id => "form-layout") do
|
67
69
|
tr do
|
68
70
|
td(:id => "username-label-container") do
|
@@ -87,7 +89,6 @@ module CASServer::Views
|
|
87
89
|
td(:id => "submit-container") do
|
88
90
|
input(:type => "hidden", :id => "lt", :name => "lt", :value => @lt)
|
89
91
|
input(:type => "hidden", :id => "service", :name => "service", :value => @service)
|
90
|
-
input(:type => "hidden", :id => "warn", :name => "warn", :value => @warn)
|
91
92
|
input(:type => "submit", :class => "button", :accesskey => "l", :value => "LOGIN", :tabindex => "4", :id => "login-submit")
|
92
93
|
end
|
93
94
|
end
|
@@ -143,6 +144,9 @@ module CASServer::Views
|
|
143
144
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
144
145
|
tag!("cas:authenticationSuccess") do
|
145
146
|
tag!("cas:user") {@username.to_s.to_xs}
|
147
|
+
@extra_attributes.each do |key, value|
|
148
|
+
tag!(key) {serialize_extra_attribute(value)}
|
149
|
+
end
|
146
150
|
if @pgtiou
|
147
151
|
tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
|
148
152
|
end
|
@@ -162,6 +166,9 @@ module CASServer::Views
|
|
162
166
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
163
167
|
tag!("cas:authenticationSuccess") do
|
164
168
|
tag!("cas:user") {@username.to_s.to_xs}
|
169
|
+
@extra_attributes.each do |key, value|
|
170
|
+
tag!(key) {serialize_extra_attribute(value)}
|
171
|
+
end
|
165
172
|
if @pgtiou
|
166
173
|
tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
|
167
174
|
end
|
@@ -201,25 +208,34 @@ module CASServer::Views
|
|
201
208
|
end
|
202
209
|
|
203
210
|
protected
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
211
|
+
def themes_dir
|
212
|
+
File.dirname(File.expand_path(__FILE__))+'../themes'
|
213
|
+
end
|
214
|
+
module_function :themes_dir
|
215
|
+
|
216
|
+
def current_theme
|
217
|
+
CASServer::Conf.theme || "simple"
|
218
|
+
end
|
219
|
+
module_function :current_theme
|
220
|
+
|
221
|
+
def organization
|
222
|
+
CASServer::Conf.organization || ""
|
223
|
+
end
|
224
|
+
module_function :organization
|
225
|
+
|
226
|
+
def infoline
|
227
|
+
CASServer::Conf.infoline || ""
|
228
|
+
end
|
229
|
+
module_function :infoline
|
230
|
+
|
231
|
+
def serialize_extra_attribute(value)
|
232
|
+
if value.kind_of?(String) || value.kind_of?(Numeric)
|
233
|
+
value
|
234
|
+
else
|
235
|
+
"<![CDATA[#{value.to_yaml}]]>"
|
236
|
+
end
|
237
|
+
end
|
238
|
+
module_function :serialize_extra_attribute
|
223
239
|
end
|
224
240
|
|
225
241
|
if CASServer::Conf.custom_views_file
|
data/lib/casserver.rb
CHANGED
@@ -1,14 +1,17 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
unless $APP_PATH
|
2
|
+
$APP_PATH = File.dirname(File.expand_path(__FILE__))
|
3
|
+
$: << $APP_PATH
|
4
|
+
end
|
3
5
|
|
4
|
-
$APP_PATH
|
6
|
+
load "#{$APP_PATH}/lib/casserver/environment.rb"
|
5
7
|
|
6
8
|
# change to current directory when invoked on its own
|
7
9
|
Dir.chdir($APP_PATH) if __FILE__ == $0
|
8
10
|
|
9
|
-
$: << $APP_PATH + "
|
11
|
+
$: << $APP_PATH + "/vendor/isaac_0.9.1"
|
10
12
|
require 'crypt/ISAAC'
|
11
13
|
|
14
|
+
|
12
15
|
require 'active_support'
|
13
16
|
require 'yaml'
|
14
17
|
|
@@ -43,11 +46,11 @@ unless $CONF[:authenticator]
|
|
43
46
|
exit 1
|
44
47
|
end
|
45
48
|
|
46
|
-
require
|
47
|
-
require
|
48
|
-
require
|
49
|
-
require
|
50
|
-
require
|
49
|
+
require "casserver/utils.rb"
|
50
|
+
require "casserver/models.rb"
|
51
|
+
require "casserver/cas.rb"
|
52
|
+
require "casserver/views.rb"
|
53
|
+
require "casserver/controllers.rb"
|
51
54
|
|
52
55
|
if $CONF[:authenticator].instance_of? Array
|
53
56
|
$CONF[:authenticator].each_index do |auth_index|
|
@@ -72,6 +75,7 @@ rescue NameError
|
|
72
75
|
else
|
73
76
|
# the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
|
74
77
|
auth_rb = authenticator[:class].underscore.gsub('cas_server/', '')
|
78
|
+
|
75
79
|
require 'casserver/'+auth_rb
|
76
80
|
end
|
77
81
|
$AUTH << authenticator[:class].constantize.new
|
@@ -0,0 +1 @@
|
|
1
|
+
require File.dirname(__FILE__)+'/../casserver/version.rb'
|
data/lib/rubycas-server.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require '
|
1
|
+
require 'casserver'
|
data/lib/themes/notice.png
CHANGED
File without changes
|
data/lib/themes/simple/logo.png
CHANGED
File without changes
|
Binary file
|