rubycas-server 0.2.0 → 0.3.0

data/CHANGELOG.txt

@@ -1,13 +1,56 @@
-=== 0.2.0 :: 
+=== 0.3.0 :: 2007-03-29
+
+* Fixed glaring security problem with LDAP/AD Authenticator where under some
+  circumstances blank passwords were accepted as valid.
+* Autocomplete has been turned off on the password field for better security.
+  In the future we may allow autocomplete to be re-enabled using a
+  configuration setting.
+* When the user visits the login page and is already authenticated (i.e. they
+  have a valid ticket granting cookie), a message is shown at the top 
+  indicating that they are already logged in.
+* sqlite3-ruby is no longer required by the gem as a dependency.  The user 
+  must now install it manually prior to installing rubycas-server. The
+  building of sqlite3 native extensions appears to be somewhat flakey
+  and probably defeats the original purpose of using it (which was
+  to have a CAS server up and running with no additional DB configuration).
+  We will use MySQL as the default database adapter instead, since it does
+  not require additional libraries and many users will have a MySQL server
+  already available.
+* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
+  any user logged out. Only the PGTs for the user that is logging out are now
+  being deleted.
+* Trailing slashes in service URLs are now ignored when validating service
+  and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
+  are now considered to be the same service URL).
+* Authenticators now raise AuthenticatorError exceptions when encountering
+  a problem/error. This makes it easier to send feedback to the user.
+  However, other exceptions should still be raised when errors ought
+  not be recoverable (i.e. programming errors).
+* Fixed serious vulnerability in LDAP authenticator where under some
+  cirumstances the user could just enter '*' as their username to match 
+  any username. The LDAP authenticator will now refuse to process logins 
+  with usernames that contain the characters * ( ) \ / and the NULL 
+  character \0.
+* Views are no longer xhtml-validated. Markaby's auto-validation was turned
+  off to allow for use of the autocomplete property on inputs, since this is
+  the only viable way of turning off password storage in IE and Firefox at
+  the page level.
+* You can now limit the maximum length of a login session by setting the
+  expire_sessions config setting to true.
+* Fixed some minor bugs in the login view.
+
+
+=== 0.2.0 :: 2007-03-20
 
 * ruby-casserver now behaves more like a real command-line app, accepting
   various command line arguments including -h (help), -v (version), -c (use
-  an alternate config.yml), and -d (daemonize, when using webrick or mongrel mode)
-* special characters in CAS XML responses are now properly encoded into XML
+  an alternate config.yml), and -d (daemonize, when using webrick or mongrel 
+  mode).
+* Special characters in CAS XML responses are now properly encoded into XML
   entities
 * CAS XML responses are no longer auto-indented... Markaby's indentation
-  seemed to be causing problems with the PHP CAS client
-* Misc minor bug fixes/cleanup
+  seemed to be causing problems with the PHP CAS client.
+* Misc minor bug fixes/cleanup.
 
 === 0.1.0 :: 2007-03-01
 

data/Manifest.txt

@@ -20,6 +20,7 @@ lib/casserver/utils.rb
 lib/casserver/version.rb
 lib/casserver/views.rb
 lib/themes/cas.css
+lib/themes/notice.png
 lib/themes/ok.png
 lib/themes/simple/bg.png
 lib/themes/simple/login_box_bg.png

data/Rakefile

@@ -20,8 +20,9 @@ HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
 
 DEPS = [
   ['camping', '>= 1.5'],
-  ['sqlite3-ruby', '>= 1.2.0'],
-  ['activesupport', '>= 1.4.0']
+#  ['sqlite3-ruby', '>= 1.2.0'],
+  ['activesupport', '>= 1.4.0'],
+  ['activerecord', '>=1.15.3']
 ]
 
 

data/config.example.yml

@@ -47,22 +47,28 @@ ssl_cert: /path/to/your/ssl.pem
 
 # Set up the database connection. Make sure that this database is secure!
 # 
-# By default, we use sqlite3 since it works without any extra configuration.
-# You can also use MySQL, PostgreSQL, MSSQL, or anything else supported by ActiveRecord.
+# By default, we use MySQL, since it is widely used and does not require any additional
+# ruby libraries besides ActiveRecord.
+# 
+# Instead of MySQL you can use SQLite3, PostgreSQL, MSSQL, or anything else supported 
+# by ActiveRecord.
 #
 # For example, with MySQL, your config wold be something like:
-#
-#database:
-#  adapter: mysql
-#  database: casserver
-#  user: root
-#  password: 
-#  server: localhost
-#
 
 database:
-  adapter: sqlite3
-  dbfile: /var/lib/casserver.db
+  adapter: mysql
+  database: casserver
+  username: root
+  password: 
+  server: localhost
+
+# If you prefer to use SQLite3 (which does not require a separate database server),
+# your configuration would look something like the following (don't forget to install
+# the sqlite3-ruby gem beforehand!):
+#
+#database:
+#  adapter: sqlite3
+#  dbfile: /var/lib/casserver.db
   
 
 ##### AUTHENTICATION #################################################################
@@ -163,7 +169,7 @@ database:
 #
 # Custom themes are not well supported yet, but will be in the near future. In the
 # meantime, if you want to create a custom theme, you can create a subdirectory
-# under the CASServer's themes dir (for example '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
+# under the CASServer's themes dir (for example, '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
 # if you installed CASServer on Linux as a gem). A theme is basically just a theme.css
 # file that overrides the themes/cas.css styles along with a collection of image files
 # like logo.png and bg.png.
@@ -194,4 +200,28 @@ log:
 # Every SQL query will be logged here. This is useful for debugging database problems.
 #
 #db_log:
-#  file: /var/log/casserver_db.log
+#  file: /var/log/casserver_db.log
+
+
+##### OTHER ###########################################################################
+
+# You can set various ticket expiry times (specify the value in seconds).
+
+# Expired login and service tickets are no longer usable this many seconds after they 
+# are created. (Defaults to 5 minutes)
+
+#login_ticket_expiry: 300
+#service_ticket_expiry: 300
+
+# Proxy- and ticket-granting tickets do not expire -- normally they are made invalid only 
+# when the user logs out. But the server must periodically delete them to prevent buildup of
+# stale data. PGTs and TGTs will be deleted during server startup if they are this many
+# seconds old. (Defaults to 48 hours)
+
+#proxy_granting_ticket_expiry: 172800
+#ticket_granting_ticket_expiry: 172800
+
+# If you would prefer that ticket-granting ticket expiry be enforced (in effect limiting
+# the maximum length of a session), you can set expire_sessions to true.
+
+# expire_sessions: false

data/lib/casserver/authenticators/base.rb

@@ -19,4 +19,7 @@ module CASServer
       end
     end
   end
+  
+  class AuthenticatorError < Exception
+  end
 end

data/lib/casserver/authenticators/ldap.rb

@@ -12,16 +12,20 @@ class CASServer::Authenticators::LDAP < CASServer::Authenticators::Base
   def validate(credentials)
     read_standard_credentials(credentials)
     
-    raise "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
-    raise "Invalid authenticator configuration!" unless @options[:ldap]
-    raise "You must specify an ldap server in the configuration!" unless @options[:ldap][:server]
+    return false if @password.blank?
+    
+    raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
+    raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:ldap]
+    raise CASServer::AuthenticatorError, "You must specify an ldap server in the configuration!" unless @options[:ldap][:server]
+    
+    raise CASServer::AuthenticatorError, "The username '#{@username}' contains invalid characters." if (@username =~ /[*\(\)\\\0\/]/)
     
     ldap = Net::LDAP.new
     ldap.host = @options[:ldap][:server]
     ldap.port = @options[:ldap][:port] if   @options[:ldap][:port]
     
     if @options[:ldap][:auth_user]
-      raise "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
+      raise CASServer::AuthenticatorError, "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
       ldap.authenticate(@options[:ldap][:auth_user], @options[:ldap][:auth_password])
     end
     

data/lib/casserver/authenticators/sql.rb

@@ -12,8 +12,8 @@ class CASServer::Authenticators::SQL < CASServer::Authenticators::Base
   def validate(credentials)
     read_standard_credentials(credentials)
     
-    raise "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
-    raise "Invalid authenticator configuration!" unless @options[:database]
+    raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
+    raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:database]
     
     CASUser.establish_connection @options[:database]
     CASUser.set_table_name @options[:user_table] || "users"

data/lib/casserver/authenticators/test.rb

@@ -3,6 +3,9 @@ require 'casserver/authenticators/base'
 class CASServer::Authenticators::Test < CASServer::Authenticators::Base
   def validate(credentials)
     read_standard_credentials(credentials)
+    
+    raise CASServer::AuthenticatorError, "Username is 'do_error'!" if @username == 'do_error'
+    
     return @username == "testuser" && @password == "testpassword"
   end
 end

data/lib/casserver/cas.rb

@@ -90,7 +90,7 @@ module CASServer::CAS
       if response.code.to_i == 200
         # 3.4 (proxy-granting ticket IOU)
         pgt.save!
-        $LOG.debug "PGT generated for pgt_url '#{pgt_url}'. PGT is: '#{pgt.ticket}', PGT-IOU is: '#{pgt.iou}'"
+        $LOG.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}"
         pgt
       else
         $LOG.warn "PGT callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
@@ -112,7 +112,7 @@ module CASServer::CAS
       elsif Time.now - lt.created_on < CASServer::Conf.login_ticket_expiry
         $LOG.info("Login ticket '#{ticket}' successfully validated")
       else
-        error = "Your login ticket  has expired."
+        error = "Your login ticket has expired."
         $LOG.warn("Expired login ticket '#{ticket}'")
       end
     else
@@ -132,7 +132,12 @@ module CASServer::CAS
       error = "No ticket granting ticket given."
       $LOG.debug(error)
     elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
-      $LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated.")
+      if CASServer::Conf.expire_sessions && Time.now - tgt.created_on > CASServer::Conf.ticket_granting_ticket_expiry
+        error = "Your session has expired. Please log in again."
+        $LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired.")
+      else
+        $LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated.")
+      end
     else
       error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
       $LOG.warn(error)
@@ -157,7 +162,7 @@ module CASServer::CAS
       elsif Time.now - st.created_on > CASServer::Conf.service_ticket_expiry
         error = Error.new("INVALID_TICKET", "Ticket '#{ticket}' has expired.")
         $LOG.warn("Ticket '#{ticket}' has expired.")
-      elsif st.service == service
+      elsif st.matches_service? service
         $LOG.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
       else
         error = Error.new("INVALID_SERVICE", "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
@@ -215,10 +220,19 @@ module CASServer::CAS
     raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? CASServer::Models::ServiceTicket
     
     service_uri = URI.parse(service)
-    query_separator = service_uri.query ? "&" : "?"
+    
+    if service.include? "?"
+      if service_uri.query.empty?
+        query_separator = ""
+      else
+        query_separator = "&"
+      end
+    else
+      query_separator = "?"
+    end
     
     service_with_ticket = service + query_separator + "ticket=" + st.ticket
     service_with_ticket
   end
   
-end
+end

data/lib/casserver/conf.rb

@@ -62,6 +62,7 @@ end
 module CASServer
   module Conf
     DEFAULTS = {
+      :expire_sessions => false,
       :login_ticket_expiry => 5.minutes,
       :service_ticket_expiry => 5.minutes, # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
       :proxy_granting_ticket_expiry => 48.hours,
@@ -79,4 +80,4 @@ module CASServer
       self[method]
     end
   end
-end
+end

data/lib/casserver/controllers.rb

@@ -19,14 +19,19 @@ module CASServer::Controllers
       @renew = @input['renew']
       @gateway = @input['gateway']
       
-      if @service && !@renew && tgc = @cookies[:tgt]
-        tgt, error = validate_ticket_granting_ticket(tgc)
-        if tgt && !error
-          st = generate_service_ticket(@service, tgt.username)
-          service_with_ticket = service_uri_with_ticket(@service, st)
-          $LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
-          return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
-        end
+      if tgc = @cookies[:tgt]
+        tgt, tgt_error = validate_ticket_granting_ticket(tgc)
+      end
+      
+      if tgt and !tgt_error
+        @message = {:type => 'notice', :message => %{You are currently logged in as "#{tgt.username}". If you are not you, please log in below.}}
+      end
+      
+      if @service && !@renew && tgt && !tgt_error
+        st = generate_service_ticket(@service, tgt.username)
+        service_with_ticket = service_uri_with_ticket(@service, st)
+        $LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
+        return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
       end
       
       lt = generate_login_ticket
@@ -51,6 +56,8 @@ module CASServer::Controllers
       
       if error = validate_login_ticket(@lt)
         @message = {:type => 'mistake', :message => error}
+        # generate another login ticket to allow for re-submitting the form
+        @lt = generate_login_ticket.ticket
         return render(:login)
       end
       
@@ -61,13 +68,32 @@ module CASServer::Controllers
       
       $LOG.debug("Logging in with username: #{@username}, lt: #{@lt}, service: #{@service}, auth: #{$AUTH}")
       
-      if $AUTH.validate(:username => @username, :password => @password)
+      begin
+        credentials_are_valid = $AUTH.validate(:username => @username, :password => @password)
+      rescue AuthenticatorError => e
+        $LOG.error(e)
+        @message = {:type => 'mistake', :message => e.to_s}
+        render :login and return
+      end
+      
+      if credentials_are_valid
         $LOG.info("Credentials for username '#{@username}' successfully validated")
         
         # 3.6 (ticket-granting cookie)
         tgt = generate_ticket_granting_ticket(@username)
+        
+        if CASServer::Conf.expire_sessions
+          expires = CASServer::Conf.ticket_granting_ticket_expiry.to_i.from_now
+          expiry_info = " It will expire on #{expires}."
+        else
+          expiry_info = " It will not expire."
+        end
+        
+        # TODO: Set expiry time for the cookie when expire_sessions is true. Unfortunately there doesn't
+        #        seem to be an easy way to set cookie expire times in Camping :(
         @cookies[:tgt] = tgt.to_s
-        $LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'")
+        
+        $LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'. #{expiry_info}")
                 
         if @service.blank?
           $LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
@@ -106,13 +132,16 @@ module CASServer::Controllers
       @cookies.delete :tgt
       
       if tgt
-        pgts = CASServer::Models::ProxyGrantingTicket.find(:all, ["username = ?", tgt.username])
+        pgts = CASServer::Models::ProxyGrantingTicket.find(:all, 
+          :conditions => ["username = ?", tgt.username],
+          :include => :service_ticket)
         pgts.each do |pgt|
+          $LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{pgt.service_ticket.username}'")
           pgt.destroy
-          $LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{tgt.username}'")
         end
         
         $LOG.debug("Deleting Ticket-Granting Ticket '#{tgt}' for user '#{tgt.username}'")
+        tgt.destroy
         
         $LOG.info("User '#{tgt.username}' logged out.")
       else

data/lib/casserver/models.rb

@@ -36,6 +36,13 @@ module CASServer::Models
   
   class ServiceTicket < Ticket
     include Consumable
+    
+    def matches_service?(service)
+      # We ignore the trailing slash in URLs, since 
+      # "http://www.google.com/" and "http://www.google.com" are almost
+      # certainly the same service.
+      self.service.gsub(/\/$/, '') == service.gsub(/\/$/, '')
+    end
   end
   
   class ProxyTicket < ServiceTicket

data/lib/casserver/postambles.rb

@@ -110,4 +110,4 @@ module CASServer
     end
   
   end
-end
+end

data/lib/casserver/version.rb

@@ -1,7 +1,7 @@
 module CASServer
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 2
+    MINOR = 3
     TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')

data/lib/casserver/views.rb

@@ -1,14 +1,16 @@
 # The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
 # under http://www.ja-sig.org/products/cas/overview/protocol/index.html
 
-module CASServer::Views
+# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
+Markaby::Builder.set(:auto_validation, false)
+Markaby::Builder.set(:indent, 2)
 
-  # need to turn off autovalidation to render CAS xml responses
-  #
+module CASServer::Views
 
   def layout
+    
     # wrap as XHTML only when auto_validation is on, otherwise pass right through
-    if @auto_validation
+    if @use_layout
       xhtml_strict do
         head do 
           title { "#{organization} Central Login" }
@@ -27,12 +29,14 @@ module CASServer::Views
 
   # 2.1.3
   def login
+    @use_layout = true
+  
     table(:id => "login-box") do
       tr do
         td(:colspan => 2) do
           div(:id => "headline-container") do
             strong organization
-            text "Central Login"
+            text " Central Login"
           end
         end
       end
@@ -56,7 +60,8 @@ module CASServer::Views
                   label(:id => "username-label", :for => "username") { "Username" }
                 end
                 td(:id => "username-container") do
-                  input(:type => "text", :id => "username", :name => "username", :size => "32", :tabindex => "1", :accesskey => "n")
+                  input(:type => "text", :id => "username", :name => "username",
+                    :size => "32", :tabindex => "1", :accesskey => "u")
                 end
               end
               tr do
@@ -64,7 +69,8 @@ module CASServer::Views
                   label(:id => "password-label", :for => "password") { "Password" }
                 end
                 td(:id => "password-container") do
-                  input(:type => "password", :id => "password", :name => "password", :size => "32", :tabindex => "2", :accesskey => "p")
+                  input(:type => "password", :id => "password", :name => "password", 
+                    :size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
                 end
               end
               tr do
@@ -88,7 +94,6 @@ module CASServer::Views
   
   # 2.4.2
   def validate
-    @auto_validation = false
     if @success
       text "yes\n#{@username}\n"
     else
@@ -98,7 +103,6 @@ module CASServer::Views
   
   # 2.5.2
   def service_validate
-    @auto_validation = false
     if @success
       tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
         tag!("cas:authenticationSuccess") do
@@ -117,7 +121,6 @@ module CASServer::Views
   
   # 2.6.2
   def proxy_validate
-    @auto_validation = false
     if @success
       tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
         tag!("cas:authenticationSuccess") do
@@ -143,7 +146,6 @@ module CASServer::Views
   
   # 2.7.2
   def proxy
-    @auto_validation = false
     if @success
       tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
         tag!("cas:proxySuccess") do

data/lib/themes/cas.css

@@ -109,4 +109,12 @@ div.confirmation {
 	background-repeat: no-repeat;
 	background-position: 10px 5px;
 	font-weight: bold;
+}
+
+div.notice {
+	color: #04c;
+	background-image: url(notice.png);
+	background-repeat: no-repeat;
+	background-position: 10px 5px;
+	font-weight: bold;
 }

data/test/test_cas.rb

@@ -0,0 +1,33 @@
+require 'rubygems'
+require 'mosquito'
+
+$CONF = {:authenticator => {:class => "CASServer::Authenticators::Test"}, 
+          :log => {:file => "/tmp/test.log", :level => "INFO"}}
+
+require File.dirname(__FILE__) + "/../lib/casserver"
+
+CASServer.create
+
+class TestCASServer < Camping::UnitTest
+
+  include CASServer::CAS
+
+  def test_generate_proxy_granting_ticket
+    pgt_url = "https://portal.urbacon.net:6543/cas_proxy_callback/receive_pgt"
+    st = generate_service_ticket("http://test.foo", "tester")
+    
+    pgt = nil
+    
+    assert_difference(ProxyGrantingTicket, :count, 1) do
+      pgt = generate_proxy_granting_ticket(pgt_url, st)
+    end
+    
+    puts pgt.inspect
+  end
+  
+  protected
+  def env
+    return {'REMOTE_ADDR' => "TEST"}
+  end
+
+end

data/test/test_casserver.rb

@@ -123,28 +123,3 @@ class TestCASServer < Camping::FunctionalTest
   end
 
 end
-
-#class TestPost < Camping::UnitTest
-#
-#  fixtures :blog_posts, :blog_users, :blog_comments
-#      
-#  def test_create
-#    post = create
-#    assert post.valid?
-#  end
-#
-#  def test_assoc
-#    post = Post.find :first
-#    assert_kind_of User, post.user
-#    assert_equal 1, post.user.id
-#  end
-#
-#  private
-#  
-#  def create(options={})
-#    Post.create({ :user_id => 1, 
-#                  :title => "Title", 
-#                  :body => "Body"}.merge(options))
-#  end
-#    
-#end

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
 specification_version: 1
 name: rubycas-server
 version: !ruby/object:Gem::Version 
-  version: 0.2.0
-date: 2007-03-20 00:00:00 -04:00
+  version: 0.3.0
+date: 2007-03-29 00:00:00 -04:00
 summary: Provides single sign on for web applications using the CAS protocol.
 require_paths: 
 - lib
@@ -51,6 +51,7 @@ files:
 - lib/casserver/version.rb
 - lib/casserver/views.rb
 - lib/themes/cas.css
+- lib/themes/notice.png
 - lib/themes/ok.png
 - lib/themes/simple/bg.png
 - lib/themes/simple/login_box_bg.png
@@ -64,6 +65,7 @@ files:
 - setup.rb
 - test/test_casserver.rb
 test_files: 
+- test/test_cas.rb
 - test/test_casserver.rb
 rdoc_options: []
 
@@ -86,20 +88,20 @@ dependencies:
         version: "1.5"
     version: 
 - !ruby/object:Gem::Dependency 
-  name: sqlite3-ruby
+  name: activesupport
   version_requirement: 
   version_requirements: !ruby/object:Gem::Version::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.2.0
+        version: 1.4.0
     version: 
 - !ruby/object:Gem::Dependency 
-  name: activesupport
+  name: activerecord
   version_requirement: 
   version_requirements: !ruby/object:Gem::Version::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.4.0
+        version: 1.15.3
     version: