rubycas-server 0.7.1.1 → 1.0

data/lib/casserver/environment.rb

@@ -1,30 +0,0 @@
-$: << File.dirname(File.expand_path(__FILE__))
-
-# Try to load local version of Picnic if possible (for development purposes)
-alt_picic_paths = []
-alt_picic_paths << File.dirname(File.expand_path(__FILE__))+"/../../../picnic/lib"
-alt_picic_paths << File.dirname(File.expand_path(__FILE__))+"/../../vendor/picnic/lib"
-
-begin
-  require 'active_record'
-rescue LoadError
-  require 'rubygems'
-  require 'active_record'
-end
-
-if alt_picic_paths.any?{|path| File.exists? "#{path}/picnic.rb" }
-  alt_picic_paths.each{|path| $: << path}
-  require 'picnic'
-else
-  require 'rubygems'
-  
-  # make things backwards-compatible for rubygems < 0.9.0
-  if Object.method_defined?(:require_gem)
-    alias gem require_gem
-  end
-  
-  require 'picnic'
-end
-
-# used for serializing user extra_attributes (see #service_validate in views.rb)
-require 'yaml'

data/lib/casserver/models.rb

@@ -1,218 +0,0 @@
-require 'camping/db'
-
-module CASServer::Models
-  
-  module Consumable
-    def consume!
-      self.consumed = Time.now
-      self.save!
-    end
-  end
-  
-  class Ticket < Base
-    def to_s
-      ticket
-    end
-    
-    def self.cleanup_expired(expiry_time)
-      transaction do
-        conditions = ["created_on < ?", Time.now - expiry_time]
-        expired_tickets_count = count(:conditions => conditions)
-          
-        $LOG.debug("Destroying #{expired_tickets_count} expired #{self.name.split('::').last}"+
-          "#{'s' if expired_tickets_count > 1}.") if expired_tickets_count > 0
-      
-        destroy_all(conditions)
-      end
-    end
-  end
-  
-  class LoginTicket < Ticket
-    set_table_name 'casserver_lt'
-    include Consumable
-  end
-  
-  class ServiceTicket < Ticket
-    set_table_name 'casserver_st'
-    include Consumable
-    
-    belongs_to :ticket_granting_ticket, :foreign_key => :tgt_id
-    
-    def matches_service?(service)
-      CASServer::CAS.clean_service_url(self.service) == 
-        CASServer::CAS.clean_service_url(service)
-    end
-  end
-  
-  class ProxyTicket < ServiceTicket
-    belongs_to :proxy_granting_ticket
-  end
-  
-  class TicketGrantingTicket < Ticket
-    set_table_name 'casserver_tgt'
-    
-    serialize :extra_attributes
-    
-    has_many :service_tickets, :foreign_key => :tgt_id
-  end
-  
-  class ProxyGrantingTicket < Ticket
-    set_table_name 'casserver_pgt'
-    belongs_to :service_ticket
-    has_many :proxy_tickets, :dependent => :destroy
-  end
-  
-  class Error
-    attr_reader :code, :message
-    
-    def initialize(code, message)
-      @code = code
-      @message = message
-    end
-    
-    def to_s
-      message
-    end
-  end
-
-  class CreateCASServer < V 0.1
-    def self.up
-      if ActiveRecord::Base.connection.table_alias_length > 30
-        $LOG.info("Creating database with long table names...")
-        
-        create_table :casserver_login_tickets, :force => true do |t|
-          t.column :ticket,     :string,   :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :consumed,   :datetime, :null => true
-          t.column :client_hostname, :string, :null => false
-        end
-      
-        create_table :casserver_service_tickets, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :service,    :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :consumed,   :datetime, :null => true
-          t.column :client_hostname, :string, :null => false
-          t.column :username,   :string,  :null => false
-          t.column :type,       :string,   :null => false
-          t.column :proxy_granting_ticket_id, :integer, :null => true
-        end
-        
-        create_table :casserver_ticket_granting_tickets, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :client_hostname, :string, :null => false
-          t.column :username,   :string,    :null => false
-        end
-        
-        create_table :casserver_proxy_granting_tickets, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :client_hostname, :string, :null => false
-          t.column :iou,        :string,    :null => false
-          t.column :service_ticket_id, :integer, :null => false
-        end
-      end
-    end
-    
-    def self.down
-      if ActiveRecord::Base.connection.table_alias_length > 30
-        drop_table :casserver_proxy_granting_tickets
-        drop_table :casserver_ticket_granting_tickets
-        drop_table :casserver_service_tickets
-        drop_table :casserver_login_tickets
-      end
-    end
-  end
-  
-  # Oracle table names cannot exceed 30 chars... 
-  # See http://code.google.com/p/rubycas-server/issues/detail?id=15
-  class ShortenTableNames < V 0.5
-    def self.up
-      if ActiveRecord::Base.connection.table_alias_length > 30
-        $LOG.info("Shortening table names")
-        rename_table :casserver_login_tickets, :casserver_lt
-        rename_table :casserver_service_tickets, :casserver_st
-        rename_table :casserver_ticket_granting_tickets, :casserver_tgt
-        rename_table :casserver_proxy_granting_tickets, :casserver_pgt
-      else
-        create_table :casserver_lt, :force => true do |t|
-          t.column :ticket,     :string,   :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :consumed,   :datetime, :null => true
-          t.column :client_hostname, :string, :null => false
-        end
-      
-        create_table :casserver_st, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :service,    :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :consumed,   :datetime, :null => true
-          t.column :client_hostname, :string, :null => false
-          t.column :username,   :string,  :null => false
-          t.column :type,       :string,   :null => false
-          t.column :proxy_granting_ticket_id, :integer, :null => true
-        end
-        
-        create_table :casserver_tgt, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :client_hostname, :string, :null => false
-          t.column :username,   :string,    :null => false
-        end
-        
-        create_table :casserver_pgt, :force => true do |t|
-          t.column :ticket,     :string,    :null => false
-          t.column :created_on, :timestamp, :null => false
-          t.column :client_hostname, :string, :null => false
-          t.column :iou,        :string,    :null => false
-          t.column :service_ticket_id, :integer, :null => false
-        end
-      end
-    end
-    
-    def self.down
-      if ActiveRecord::Base.connection.table_alias_length > 30
-        rename_table :casserver_lt, :cassserver_login_tickets
-        rename_table :casserver_st, :casserver_service_tickets
-        rename_table :casserver_tgt, :casserver_ticket_granting_tickets
-        rename_table :casserver_pgt, :casserver_proxy_granting_tickets
-      else
-        drop_table :casserver_pgt
-        drop_table :casserver_tgt
-        drop_table :casserver_st
-        drop_table :casserver_lt
-      end
-    end
-  end
-  
-  class AddTgtToSt < V 0.7
-    def self.up
-      add_column :casserver_st, :tgt_id, :integer, :null => true
-    end
-    
-    def self.down
-      remove_column :casserver_st, :tgt_id, :integer
-    end
-  end
-  
-  class ChangeServiceToText < V 0.71
-    def self.up
-      change_column :casserver_st, :service, :text
-    end
-    
-    def self.down
-      change_column :casserver_st, :service, :string
-    end
-  end
-  
-  class AddExtraAttributes < V 0.72
-    def self.up
-      add_column :casserver_tgt, :extra_attributes, :text
-    end
-    
-    def self.down
-      remove_column :casserver_tgt, :extra_attributes
-    end
-  end
-end

data/lib/casserver/postambles.rb

@@ -1,174 +0,0 @@
-module CASServer
-  module Postambles
-    
-    def webrick
-      require 'webrick/httpserver'
-      require 'webrick/https'
-      require 'camping/webrick'
-      
-      # TODO: verify the certificate's validity
-      # example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
-      
-      cert_path = CASServer::Conf.ssl_cert
-      key_path = CASServer::Conf.ssl_key || CASServer::Conf.ssl_cert
-        # look for the key in the ssl_cert if no ssl_key is specified
-      
-      webrick_options = {:BindAddress => "0.0.0.0", :Port => CASServer::Conf.port}
-      
-      unless cert_path.nil? && key_path.nil?
-        raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
-          " setting must be a path to a valid ssl certificate file." unless
-            File.exists? cert_path
-        
-        raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
-          " setting must be a path to a valid ssl private key file." unless
-            File.exists? key_path
-        
-        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
-        key = OpenSSL::PKey::RSA.new(File.read(key_path))
-        
-        webrick_options[:SSLEnable] = true
-        webrick_options[:SSLVerifyClient] = ::OpenSSL::SSL::VERIFY_NONE
-        webrick_options[:SSLCertificate] = cert
-        webrick_options[:SSLPrivateKey] = key
-      end
-      
-      begin
-        s = WEBrick::HTTPServer.new(webrick_options)
-      rescue Errno::EACCES
-        puts "\nThe server could not launch. Are you running on a privileged port? (e.g. port 443) If so, you must run the server as root."
-        exit 2
-      end
-      
-      CASServer.create
-      s.mount "#{CASServer::Conf.uri_path}", WEBrick::CampingHandler, CASServer
-      
-      puts "\n** CASServer is running at http#{webrick_options[:SSLEnable] ? 's' : ''}://#{Socket.gethostname}:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'\n\n"
-    
-      # This lets Ctrl+C shut down your server
-      trap(:INT) do
-        s.shutdown
-      end
-      trap(:TERM) do
-        s.shutdown
-      end
-    
-      if $DAEMONIZE
-        WEBrick::Daemon.start do
-          write_pid_file if $PID_FILE
-          s.start
-          clear_pid_file
-        end
-      else
-        s.start
-      end
-    end
-    
-    
-    
-    def mongrel
-      require 'rubygems'
-      require 'mongrel/camping'
-      
-      if $DAEMONIZE
-        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
-        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
-        check_pid_writable if $PID_FILE
-        check_log_writable
-      end
-      
-      CASServer.create
-      
-      puts "\n** CASServer is starting. Look in '#{CASServer::Conf.log[:file]}' for further notices."
-      
-      settings = {:host => "0.0.0.0", :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME}
-      
-      # need to close all IOs before daemonizing
-      $LOG.close if $DAEMONIZE
-      
-      begin
-        config = Mongrel::Configurator.new settings  do
-          daemonize :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
-          
-          listener :port => CASServer::Conf.port do
-            uri CASServer::Conf.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
-            setup_signals
-          end
-        end
-      rescue Errno::EADDRINUSE
-        exit 1
-      end
-      
-      config.run
-      
-      CASServer.init_logger
-      CASServer.init_db_logger
-      
-      if $DAEMONIZE && $PID_FILE
-        write_pid_file
-        unless File.exists? $PID_FILE
-          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
-          exit 1
-        end
-      end
-      
-      puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
-      config.join
-
-      clear_pid_file
-
-      puts "\n** CASServer is stopped (#{Time.now})"
-    end
-    
-    
-    def fastcgi
-      require 'camping/fastcgi'
-      Dir.chdir('/srv/www/camping/casserver/')
-      
-      CASServer.create
-      Camping::FastCGI.start(CASServer)
-    end
-    
-    
-    def cgi
-      CASServer.create
-      puts CASServer.run
-    end
-    
-    private
-    def check_log_writable
-      log_file = CASServer::Conf.log['file']
-      begin
-        f = open(log_file, 'w')
-      rescue
-        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
-        exit 1
-      end
-      f.close
-    end
-    
-    def check_pid_writable
-      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
-      begin        
-        f = open($PID_FILE, 'w')
-      rescue
-        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
-        exit 1
-      end
-      f.close
-    end
-    
-    def write_pid_file
-      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
-      open($PID_FILE, "w") { |file| file.write(Process.pid) }
-    end
-    
-    def clear_pid_file
-      if $PID_FILE && File.exists?($PID_FILE)
-        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
-        File.unlink $PID_FILE
-      end
-    end
-  
-  end
-end

data/lib/casserver/version.rb

@@ -1,9 +0,0 @@
-module CASServer
-  module VERSION #:nodoc:
-    MAJOR = 0
-    MINOR = 7
-    TINY  = '1.1'
-
-    STRING = [MAJOR, MINOR, TINY].join('.')
-  end
-end

data/lib/casserver/views.rb

@@ -1,243 +0,0 @@
-# The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
-# under http://www.ja-sig.org/products/cas/overview/protocol/index.html
-
-# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
-Markaby::Builder.set(:auto_validation, false)
-
-# disabled XML indentation because it was causing problems with mod_auth_cas
-#Markaby::Builder.set(:indent, 2) 
-
-module CASServer::Views
-
-  def layout
-    # wrap as XHTML only when auto_validation is on, otherwise pass right through
-    if @use_layout
-      xhtml_strict do
-        head do 
-          title { "#{organization} Central Login" }
-          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/cas.css")
-          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/#{current_theme}/theme.css")
-        end
-        body(:onload => "if (document.getElementById('username')) document.getElementById('username').focus()") do
-          self << yield 
-        end
-      end
-    else
-      self << yield
-    end
-  end
-
-
-  # 2.1.3
-  # The full login page.
-  def login
-    @use_layout = true
-    
-    table(:id => "login-box") do
-      tr do
-        td(:colspan => 2) do
-          div(:id => "headline-container") do
-            strong organization
-            text " Central Login"
-          end
-        end
-      end
-      if @message
-        tr do
-          td(:colspan => 2, :id => "messagebox-container") do
-            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
-          end
-        end
-      end
-      tr do
-        td(:id => "logo-container") do
-          img(:id => "logo", :src => "/themes/#{current_theme}/logo.png")
-        end
-        td(:id => "login-form-container") do
-          @include_infoline = true
-          login_form
-        end
-      end
-    end
-  end
-  
-  # Just the login form.
-  def login_form
-    form(:method => "post", :action => @form_action || '/login', :id => "login-form",
-        :onsubmit => "submitbutton = document.getElementById('login-submit'); submitbutton.value='Please wait...'; submitbutton.disabled=true; return true;") do
-      table(:id => "form-layout") do
-        tr do
-          td(:id => "username-label-container") do
-            label(:id => "username-label", :for => "username") { "Username" }
-          end
-          td(:id => "username-container") do
-            input(:type => "text", :id => "username", :name => "username",
-              :size => "32", :tabindex => "1", :accesskey => "u")
-          end
-        end
-        tr do
-          td(:id => "password-label-container") do
-            label(:id => "password-label", :for => "password") { "Password" }
-          end
-          td(:id => "password-container") do
-            input(:type => "password", :id => "password", :name => "password", 
-              :size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
-          end
-        end
-        tr do
-          td{}
-          td(:id => "submit-container") do
-            input(:type => "hidden", :id => "lt", :name => "lt", :value => @lt)
-            input(:type => "hidden", :id => "service", :name => "service", :value => @service)
-            input(:type => "submit", :class => "button", :accesskey => "l", :value => "LOGIN", :tabindex => "4", :id => "login-submit")
-          end
-        end
-        tr do
-          td(:colspan => 2, :id => "infoline") { infoline }
-        end if @include_infoline
-      end
-    end
-  end
-  
-  # 2.3.2
-  def logout
-    @use_layout = true
-    
-    table(:id => "login-box") do
-      tr do
-        td(:colspan => 2) do
-          div(:id => "headline-container") do
-            strong organization
-            text " Central Login"
-          end
-        end
-      end
-      if @message
-        tr do
-          td(:colspan => 2, :id => "messagebox-container") do
-            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
-            if @continue_url
-              p do
-                a(:href => @continue_url) { @continue_url }
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-  
-  # 2.4.2
-  # CAS 1.0 validate response.
-  def validate
-    if @success
-      text "yes\n#{@username}\n"
-    else
-      text "no\n\n"
-    end
-  end
-  
-  # 2.5.2
-  # CAS 2.0 service validate response.
-  def service_validate
-    if @success
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:authenticationSuccess") do
-          tag!("cas:user") {@username.to_s.to_xs}
-          @extra_attributes.each do |key, value|
-            tag!(key) {serialize_extra_attribute(value)}
-          end
-          if @pgtiou
-            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
-          end
-        end
-      end
-    else
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
-      end
-    end
-  end
-  
-  # 2.6.2
-  # CAS 2.0 proxy validate response.
-  def proxy_validate
-    if @success
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:authenticationSuccess") do
-          tag!("cas:user") {@username.to_s.to_xs}
-          @extra_attributes.each do |key, value|
-            tag!(key) {serialize_extra_attribute(value)}
-          end
-          if @pgtiou
-            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
-          end
-          if @proxies && !@proxies.empty?
-            tag!("cas:proxies") do
-              @proxies.each do |proxy_url|
-                tag!("cas:proxy") {proxy_url.to_s.to_xs}
-              end
-            end
-          end
-        end
-      end
-    else
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
-      end
-    end
-  end
-  
-  # 2.7.2
-  # CAS 2.0 proxy request response.
-  def proxy
-    if @success
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:proxySuccess") do
-          tag!("cas:proxyTicket") {@pt.to_s.to_xs}
-        end
-      end
-    else
-      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
-        tag!("cas:proxyFailure", :code => @error.code) {@error.to_s.to_xs}
-      end
-    end
-  end
-  
-  def configure
-  end
-  
-  protected
-    def themes_dir
-      File.dirname(File.expand_path(__FILE__))+'../themes'
-    end
-    module_function :themes_dir
-    
-    def current_theme
-      CASServer::Conf.theme || "simple"
-    end
-    module_function :current_theme
-    
-    def organization
-      CASServer::Conf.organization || ""
-    end
-    module_function :organization
-    
-    def infoline
-      CASServer::Conf.infoline || ""
-    end
-    module_function :infoline
-    
-    def serialize_extra_attribute(value)
-      if value.kind_of?(String) || value.kind_of?(Numeric)
-        value
-      else
-        "<![CDATA[#{value.to_yaml}]]>"
-      end
-    end
-    module_function :serialize_extra_attribute
-end
-
-if CASServer::Conf.custom_views_file
-  require CASServer::Conf.custom_views_file
-end