rubycas-server 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.txt +48 -5
- data/Manifest.txt +1 -0
- data/Rakefile +3 -2
- data/config.example.yml +44 -14
- data/lib/casserver/authenticators/base.rb +3 -0
- data/lib/casserver/authenticators/ldap.rb +8 -4
- data/lib/casserver/authenticators/sql.rb +2 -2
- data/lib/casserver/authenticators/test.rb +3 -0
- data/lib/casserver/cas.rb +20 -6
- data/lib/casserver/conf.rb +2 -1
- data/lib/casserver/controllers.rb +41 -12
- data/lib/casserver/models.rb +7 -0
- data/lib/casserver/postambles.rb +1 -1
- data/lib/casserver/version.rb +1 -1
- data/lib/casserver/views.rb +13 -11
- data/lib/themes/cas.css +8 -0
- data/lib/themes/notice.png +0 -0
- data/test/test_cas.rb +33 -0
- data/test/test_casserver.rb +0 -25
- metadata +8 -6
data/CHANGELOG.txt
CHANGED
@@ -1,13 +1,56 @@
|
|
1
|
-
=== 0.
|
1
|
+
=== 0.3.0 :: 2007-03-29
|
2
|
+
|
3
|
+
* Fixed glaring security problem with LDAP/AD Authenticator where under some
|
4
|
+
circumstances blank passwords were accepted as valid.
|
5
|
+
* Autocomplete has been turned off on the password field for better security.
|
6
|
+
In the future we may allow autocomplete to be re-enabled using a
|
7
|
+
configuration setting.
|
8
|
+
* When the user visits the login page and is already authenticated (i.e. they
|
9
|
+
have a valid ticket granting cookie), a message is shown at the top
|
10
|
+
indicating that they are already logged in.
|
11
|
+
* sqlite3-ruby is no longer required by the gem as a dependency. The user
|
12
|
+
must now install it manually prior to installing rubycas-server. The
|
13
|
+
building of sqlite3 native extensions appears to be somewhat flakey
|
14
|
+
and probably defeats the original purpose of using it (which was
|
15
|
+
to have a CAS server up and running with no additional DB configuration).
|
16
|
+
We will use MySQL as the default database adapter instead, since it does
|
17
|
+
not require additional libraries and many users will have a MySQL server
|
18
|
+
already available.
|
19
|
+
* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
|
20
|
+
any user logged out. Only the PGTs for the user that is logging out are now
|
21
|
+
being deleted.
|
22
|
+
* Trailing slashes in service URLs are now ignored when validating service
|
23
|
+
and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
|
24
|
+
are now considered to be the same service URL).
|
25
|
+
* Authenticators now raise AuthenticatorError exceptions when encountering
|
26
|
+
a problem/error. This makes it easier to send feedback to the user.
|
27
|
+
However, other exceptions should still be raised when errors ought
|
28
|
+
not be recoverable (i.e. programming errors).
|
29
|
+
* Fixed serious vulnerability in LDAP authenticator where under some
|
30
|
+
cirumstances the user could just enter '*' as their username to match
|
31
|
+
any username. The LDAP authenticator will now refuse to process logins
|
32
|
+
with usernames that contain the characters * ( ) \ / and the NULL
|
33
|
+
character \0.
|
34
|
+
* Views are no longer xhtml-validated. Markaby's auto-validation was turned
|
35
|
+
off to allow for use of the autocomplete property on inputs, since this is
|
36
|
+
the only viable way of turning off password storage in IE and Firefox at
|
37
|
+
the page level.
|
38
|
+
* You can now limit the maximum length of a login session by setting the
|
39
|
+
expire_sessions config setting to true.
|
40
|
+
* Fixed some minor bugs in the login view.
|
41
|
+
|
42
|
+
|
43
|
+
=== 0.2.0 :: 2007-03-20
|
2
44
|
|
3
45
|
* ruby-casserver now behaves more like a real command-line app, accepting
|
4
46
|
various command line arguments including -h (help), -v (version), -c (use
|
5
|
-
an alternate config.yml), and -d (daemonize, when using webrick or mongrel
|
6
|
-
|
47
|
+
an alternate config.yml), and -d (daemonize, when using webrick or mongrel
|
48
|
+
mode).
|
49
|
+
* Special characters in CAS XML responses are now properly encoded into XML
|
7
50
|
entities
|
8
51
|
* CAS XML responses are no longer auto-indented... Markaby's indentation
|
9
|
-
seemed to be causing problems with the PHP CAS client
|
10
|
-
* Misc minor bug fixes/cleanup
|
52
|
+
seemed to be causing problems with the PHP CAS client.
|
53
|
+
* Misc minor bug fixes/cleanup.
|
11
54
|
|
12
55
|
=== 0.1.0 :: 2007-03-01
|
13
56
|
|
data/Manifest.txt
CHANGED
data/Rakefile
CHANGED
@@ -20,8 +20,9 @@ HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
|
|
20
20
|
|
21
21
|
DEPS = [
|
22
22
|
['camping', '>= 1.5'],
|
23
|
-
['sqlite3-ruby', '>= 1.2.0'],
|
24
|
-
['activesupport', '>= 1.4.0']
|
23
|
+
# ['sqlite3-ruby', '>= 1.2.0'],
|
24
|
+
['activesupport', '>= 1.4.0'],
|
25
|
+
['activerecord', '>=1.15.3']
|
25
26
|
]
|
26
27
|
|
27
28
|
|
data/config.example.yml
CHANGED
@@ -47,22 +47,28 @@ ssl_cert: /path/to/your/ssl.pem
|
|
47
47
|
|
48
48
|
# Set up the database connection. Make sure that this database is secure!
|
49
49
|
#
|
50
|
-
# By default, we use
|
51
|
-
#
|
50
|
+
# By default, we use MySQL, since it is widely used and does not require any additional
|
51
|
+
# ruby libraries besides ActiveRecord.
|
52
|
+
#
|
53
|
+
# Instead of MySQL you can use SQLite3, PostgreSQL, MSSQL, or anything else supported
|
54
|
+
# by ActiveRecord.
|
52
55
|
#
|
53
56
|
# For example, with MySQL, your config wold be something like:
|
54
|
-
#
|
55
|
-
#database:
|
56
|
-
# adapter: mysql
|
57
|
-
# database: casserver
|
58
|
-
# user: root
|
59
|
-
# password:
|
60
|
-
# server: localhost
|
61
|
-
#
|
62
57
|
|
63
58
|
database:
|
64
|
-
adapter:
|
65
|
-
|
59
|
+
adapter: mysql
|
60
|
+
database: casserver
|
61
|
+
username: root
|
62
|
+
password:
|
63
|
+
server: localhost
|
64
|
+
|
65
|
+
# If you prefer to use SQLite3 (which does not require a separate database server),
|
66
|
+
# your configuration would look something like the following (don't forget to install
|
67
|
+
# the sqlite3-ruby gem beforehand!):
|
68
|
+
#
|
69
|
+
#database:
|
70
|
+
# adapter: sqlite3
|
71
|
+
# dbfile: /var/lib/casserver.db
|
66
72
|
|
67
73
|
|
68
74
|
##### AUTHENTICATION #################################################################
|
@@ -163,7 +169,7 @@ database:
|
|
163
169
|
#
|
164
170
|
# Custom themes are not well supported yet, but will be in the near future. In the
|
165
171
|
# meantime, if you want to create a custom theme, you can create a subdirectory
|
166
|
-
# under the CASServer's themes dir (for example '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
|
172
|
+
# under the CASServer's themes dir (for example, '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
|
167
173
|
# if you installed CASServer on Linux as a gem). A theme is basically just a theme.css
|
168
174
|
# file that overrides the themes/cas.css styles along with a collection of image files
|
169
175
|
# like logo.png and bg.png.
|
@@ -194,4 +200,28 @@ log:
|
|
194
200
|
# Every SQL query will be logged here. This is useful for debugging database problems.
|
195
201
|
#
|
196
202
|
#db_log:
|
197
|
-
# file: /var/log/casserver_db.log
|
203
|
+
# file: /var/log/casserver_db.log
|
204
|
+
|
205
|
+
|
206
|
+
##### OTHER ###########################################################################
|
207
|
+
|
208
|
+
# You can set various ticket expiry times (specify the value in seconds).
|
209
|
+
|
210
|
+
# Expired login and service tickets are no longer usable this many seconds after they
|
211
|
+
# are created. (Defaults to 5 minutes)
|
212
|
+
|
213
|
+
#login_ticket_expiry: 300
|
214
|
+
#service_ticket_expiry: 300
|
215
|
+
|
216
|
+
# Proxy- and ticket-granting tickets do not expire -- normally they are made invalid only
|
217
|
+
# when the user logs out. But the server must periodically delete them to prevent buildup of
|
218
|
+
# stale data. PGTs and TGTs will be deleted during server startup if they are this many
|
219
|
+
# seconds old. (Defaults to 48 hours)
|
220
|
+
|
221
|
+
#proxy_granting_ticket_expiry: 172800
|
222
|
+
#ticket_granting_ticket_expiry: 172800
|
223
|
+
|
224
|
+
# If you would prefer that ticket-granting ticket expiry be enforced (in effect limiting
|
225
|
+
# the maximum length of a session), you can set expire_sessions to true.
|
226
|
+
|
227
|
+
# expire_sessions: false
|
@@ -12,16 +12,20 @@ class CASServer::Authenticators::LDAP < CASServer::Authenticators::Base
|
|
12
12
|
def validate(credentials)
|
13
13
|
read_standard_credentials(credentials)
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
raise "
|
15
|
+
return false if @password.blank?
|
16
|
+
|
17
|
+
raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
18
|
+
raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:ldap]
|
19
|
+
raise CASServer::AuthenticatorError, "You must specify an ldap server in the configuration!" unless @options[:ldap][:server]
|
20
|
+
|
21
|
+
raise CASServer::AuthenticatorError, "The username '#{@username}' contains invalid characters." if (@username =~ /[*\(\)\\\0\/]/)
|
18
22
|
|
19
23
|
ldap = Net::LDAP.new
|
20
24
|
ldap.host = @options[:ldap][:server]
|
21
25
|
ldap.port = @options[:ldap][:port] if @options[:ldap][:port]
|
22
26
|
|
23
27
|
if @options[:ldap][:auth_user]
|
24
|
-
raise "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
|
28
|
+
raise CASServer::AuthenticatorError, "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
|
25
29
|
ldap.authenticate(@options[:ldap][:auth_user], @options[:ldap][:auth_password])
|
26
30
|
end
|
27
31
|
|
@@ -12,8 +12,8 @@ class CASServer::Authenticators::SQL < CASServer::Authenticators::Base
|
|
12
12
|
def validate(credentials)
|
13
13
|
read_standard_credentials(credentials)
|
14
14
|
|
15
|
-
raise "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
16
|
-
raise "Invalid authenticator configuration!" unless @options[:database]
|
15
|
+
raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
16
|
+
raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:database]
|
17
17
|
|
18
18
|
CASUser.establish_connection @options[:database]
|
19
19
|
CASUser.set_table_name @options[:user_table] || "users"
|
@@ -3,6 +3,9 @@ require 'casserver/authenticators/base'
|
|
3
3
|
class CASServer::Authenticators::Test < CASServer::Authenticators::Base
|
4
4
|
def validate(credentials)
|
5
5
|
read_standard_credentials(credentials)
|
6
|
+
|
7
|
+
raise CASServer::AuthenticatorError, "Username is 'do_error'!" if @username == 'do_error'
|
8
|
+
|
6
9
|
return @username == "testuser" && @password == "testpassword"
|
7
10
|
end
|
8
11
|
end
|
data/lib/casserver/cas.rb
CHANGED
@@ -90,7 +90,7 @@ module CASServer::CAS
|
|
90
90
|
if response.code.to_i == 200
|
91
91
|
# 3.4 (proxy-granting ticket IOU)
|
92
92
|
pgt.save!
|
93
|
-
$LOG.debug "PGT generated for pgt_url '#{pgt_url}'
|
93
|
+
$LOG.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}"
|
94
94
|
pgt
|
95
95
|
else
|
96
96
|
$LOG.warn "PGT callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
|
@@ -112,7 +112,7 @@ module CASServer::CAS
|
|
112
112
|
elsif Time.now - lt.created_on < CASServer::Conf.login_ticket_expiry
|
113
113
|
$LOG.info("Login ticket '#{ticket}' successfully validated")
|
114
114
|
else
|
115
|
-
error = "Your login ticket
|
115
|
+
error = "Your login ticket has expired."
|
116
116
|
$LOG.warn("Expired login ticket '#{ticket}'")
|
117
117
|
end
|
118
118
|
else
|
@@ -132,7 +132,12 @@ module CASServer::CAS
|
|
132
132
|
error = "No ticket granting ticket given."
|
133
133
|
$LOG.debug(error)
|
134
134
|
elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
|
135
|
-
|
135
|
+
if CASServer::Conf.expire_sessions && Time.now - tgt.created_on > CASServer::Conf.ticket_granting_ticket_expiry
|
136
|
+
error = "Your session has expired. Please log in again."
|
137
|
+
$LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired.")
|
138
|
+
else
|
139
|
+
$LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated.")
|
140
|
+
end
|
136
141
|
else
|
137
142
|
error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
|
138
143
|
$LOG.warn(error)
|
@@ -157,7 +162,7 @@ module CASServer::CAS
|
|
157
162
|
elsif Time.now - st.created_on > CASServer::Conf.service_ticket_expiry
|
158
163
|
error = Error.new("INVALID_TICKET", "Ticket '#{ticket}' has expired.")
|
159
164
|
$LOG.warn("Ticket '#{ticket}' has expired.")
|
160
|
-
elsif st.
|
165
|
+
elsif st.matches_service? service
|
161
166
|
$LOG.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
|
162
167
|
else
|
163
168
|
error = Error.new("INVALID_SERVICE", "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
|
@@ -215,10 +220,19 @@ module CASServer::CAS
|
|
215
220
|
raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? CASServer::Models::ServiceTicket
|
216
221
|
|
217
222
|
service_uri = URI.parse(service)
|
218
|
-
|
223
|
+
|
224
|
+
if service.include? "?"
|
225
|
+
if service_uri.query.empty?
|
226
|
+
query_separator = ""
|
227
|
+
else
|
228
|
+
query_separator = "&"
|
229
|
+
end
|
230
|
+
else
|
231
|
+
query_separator = "?"
|
232
|
+
end
|
219
233
|
|
220
234
|
service_with_ticket = service + query_separator + "ticket=" + st.ticket
|
221
235
|
service_with_ticket
|
222
236
|
end
|
223
237
|
|
224
|
-
end
|
238
|
+
end
|
data/lib/casserver/conf.rb
CHANGED
@@ -62,6 +62,7 @@ end
|
|
62
62
|
module CASServer
|
63
63
|
module Conf
|
64
64
|
DEFAULTS = {
|
65
|
+
:expire_sessions => false,
|
65
66
|
:login_ticket_expiry => 5.minutes,
|
66
67
|
:service_ticket_expiry => 5.minutes, # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
|
67
68
|
:proxy_granting_ticket_expiry => 48.hours,
|
@@ -79,4 +80,4 @@ module CASServer
|
|
79
80
|
self[method]
|
80
81
|
end
|
81
82
|
end
|
82
|
-
end
|
83
|
+
end
|
@@ -19,14 +19,19 @@ module CASServer::Controllers
|
|
19
19
|
@renew = @input['renew']
|
20
20
|
@gateway = @input['gateway']
|
21
21
|
|
22
|
-
if
|
23
|
-
tgt,
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
22
|
+
if tgc = @cookies[:tgt]
|
23
|
+
tgt, tgt_error = validate_ticket_granting_ticket(tgc)
|
24
|
+
end
|
25
|
+
|
26
|
+
if tgt and !tgt_error
|
27
|
+
@message = {:type => 'notice', :message => %{You are currently logged in as "#{tgt.username}". If you are not you, please log in below.}}
|
28
|
+
end
|
29
|
+
|
30
|
+
if @service && !@renew && tgt && !tgt_error
|
31
|
+
st = generate_service_ticket(@service, tgt.username)
|
32
|
+
service_with_ticket = service_uri_with_ticket(@service, st)
|
33
|
+
$LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
|
34
|
+
return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
|
30
35
|
end
|
31
36
|
|
32
37
|
lt = generate_login_ticket
|
@@ -51,6 +56,8 @@ module CASServer::Controllers
|
|
51
56
|
|
52
57
|
if error = validate_login_ticket(@lt)
|
53
58
|
@message = {:type => 'mistake', :message => error}
|
59
|
+
# generate another login ticket to allow for re-submitting the form
|
60
|
+
@lt = generate_login_ticket.ticket
|
54
61
|
return render(:login)
|
55
62
|
end
|
56
63
|
|
@@ -61,13 +68,32 @@ module CASServer::Controllers
|
|
61
68
|
|
62
69
|
$LOG.debug("Logging in with username: #{@username}, lt: #{@lt}, service: #{@service}, auth: #{$AUTH}")
|
63
70
|
|
64
|
-
|
71
|
+
begin
|
72
|
+
credentials_are_valid = $AUTH.validate(:username => @username, :password => @password)
|
73
|
+
rescue AuthenticatorError => e
|
74
|
+
$LOG.error(e)
|
75
|
+
@message = {:type => 'mistake', :message => e.to_s}
|
76
|
+
render :login and return
|
77
|
+
end
|
78
|
+
|
79
|
+
if credentials_are_valid
|
65
80
|
$LOG.info("Credentials for username '#{@username}' successfully validated")
|
66
81
|
|
67
82
|
# 3.6 (ticket-granting cookie)
|
68
83
|
tgt = generate_ticket_granting_ticket(@username)
|
84
|
+
|
85
|
+
if CASServer::Conf.expire_sessions
|
86
|
+
expires = CASServer::Conf.ticket_granting_ticket_expiry.to_i.from_now
|
87
|
+
expiry_info = " It will expire on #{expires}."
|
88
|
+
else
|
89
|
+
expiry_info = " It will not expire."
|
90
|
+
end
|
91
|
+
|
92
|
+
# TODO: Set expiry time for the cookie when expire_sessions is true. Unfortunately there doesn't
|
93
|
+
# seem to be an easy way to set cookie expire times in Camping :(
|
69
94
|
@cookies[:tgt] = tgt.to_s
|
70
|
-
|
95
|
+
|
96
|
+
$LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'. #{expiry_info}")
|
71
97
|
|
72
98
|
if @service.blank?
|
73
99
|
$LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
|
@@ -106,13 +132,16 @@ module CASServer::Controllers
|
|
106
132
|
@cookies.delete :tgt
|
107
133
|
|
108
134
|
if tgt
|
109
|
-
pgts = CASServer::Models::ProxyGrantingTicket.find(:all,
|
135
|
+
pgts = CASServer::Models::ProxyGrantingTicket.find(:all,
|
136
|
+
:conditions => ["username = ?", tgt.username],
|
137
|
+
:include => :service_ticket)
|
110
138
|
pgts.each do |pgt|
|
139
|
+
$LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{pgt.service_ticket.username}'")
|
111
140
|
pgt.destroy
|
112
|
-
$LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{tgt.username}'")
|
113
141
|
end
|
114
142
|
|
115
143
|
$LOG.debug("Deleting Ticket-Granting Ticket '#{tgt}' for user '#{tgt.username}'")
|
144
|
+
tgt.destroy
|
116
145
|
|
117
146
|
$LOG.info("User '#{tgt.username}' logged out.")
|
118
147
|
else
|
data/lib/casserver/models.rb
CHANGED
@@ -36,6 +36,13 @@ module CASServer::Models
|
|
36
36
|
|
37
37
|
class ServiceTicket < Ticket
|
38
38
|
include Consumable
|
39
|
+
|
40
|
+
def matches_service?(service)
|
41
|
+
# We ignore the trailing slash in URLs, since
|
42
|
+
# "http://www.google.com/" and "http://www.google.com" are almost
|
43
|
+
# certainly the same service.
|
44
|
+
self.service.gsub(/\/$/, '') == service.gsub(/\/$/, '')
|
45
|
+
end
|
39
46
|
end
|
40
47
|
|
41
48
|
class ProxyTicket < ServiceTicket
|
data/lib/casserver/postambles.rb
CHANGED
data/lib/casserver/version.rb
CHANGED
data/lib/casserver/views.rb
CHANGED
@@ -1,14 +1,16 @@
|
|
1
1
|
# The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
|
2
2
|
# under http://www.ja-sig.org/products/cas/overview/protocol/index.html
|
3
3
|
|
4
|
-
|
4
|
+
# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
|
5
|
+
Markaby::Builder.set(:auto_validation, false)
|
6
|
+
Markaby::Builder.set(:indent, 2)
|
5
7
|
|
6
|
-
|
7
|
-
#
|
8
|
+
module CASServer::Views
|
8
9
|
|
9
10
|
def layout
|
11
|
+
|
10
12
|
# wrap as XHTML only when auto_validation is on, otherwise pass right through
|
11
|
-
if @
|
13
|
+
if @use_layout
|
12
14
|
xhtml_strict do
|
13
15
|
head do
|
14
16
|
title { "#{organization} Central Login" }
|
@@ -27,12 +29,14 @@ module CASServer::Views
|
|
27
29
|
|
28
30
|
# 2.1.3
|
29
31
|
def login
|
32
|
+
@use_layout = true
|
33
|
+
|
30
34
|
table(:id => "login-box") do
|
31
35
|
tr do
|
32
36
|
td(:colspan => 2) do
|
33
37
|
div(:id => "headline-container") do
|
34
38
|
strong organization
|
35
|
-
text "Central Login"
|
39
|
+
text " Central Login"
|
36
40
|
end
|
37
41
|
end
|
38
42
|
end
|
@@ -56,7 +60,8 @@ module CASServer::Views
|
|
56
60
|
label(:id => "username-label", :for => "username") { "Username" }
|
57
61
|
end
|
58
62
|
td(:id => "username-container") do
|
59
|
-
input(:type => "text", :id => "username", :name => "username",
|
63
|
+
input(:type => "text", :id => "username", :name => "username",
|
64
|
+
:size => "32", :tabindex => "1", :accesskey => "u")
|
60
65
|
end
|
61
66
|
end
|
62
67
|
tr do
|
@@ -64,7 +69,8 @@ module CASServer::Views
|
|
64
69
|
label(:id => "password-label", :for => "password") { "Password" }
|
65
70
|
end
|
66
71
|
td(:id => "password-container") do
|
67
|
-
input(:type => "password", :id => "password", :name => "password",
|
72
|
+
input(:type => "password", :id => "password", :name => "password",
|
73
|
+
:size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
|
68
74
|
end
|
69
75
|
end
|
70
76
|
tr do
|
@@ -88,7 +94,6 @@ module CASServer::Views
|
|
88
94
|
|
89
95
|
# 2.4.2
|
90
96
|
def validate
|
91
|
-
@auto_validation = false
|
92
97
|
if @success
|
93
98
|
text "yes\n#{@username}\n"
|
94
99
|
else
|
@@ -98,7 +103,6 @@ module CASServer::Views
|
|
98
103
|
|
99
104
|
# 2.5.2
|
100
105
|
def service_validate
|
101
|
-
@auto_validation = false
|
102
106
|
if @success
|
103
107
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
104
108
|
tag!("cas:authenticationSuccess") do
|
@@ -117,7 +121,6 @@ module CASServer::Views
|
|
117
121
|
|
118
122
|
# 2.6.2
|
119
123
|
def proxy_validate
|
120
|
-
@auto_validation = false
|
121
124
|
if @success
|
122
125
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
123
126
|
tag!("cas:authenticationSuccess") do
|
@@ -143,7 +146,6 @@ module CASServer::Views
|
|
143
146
|
|
144
147
|
# 2.7.2
|
145
148
|
def proxy
|
146
|
-
@auto_validation = false
|
147
149
|
if @success
|
148
150
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
149
151
|
tag!("cas:proxySuccess") do
|
data/lib/themes/cas.css
CHANGED
@@ -109,4 +109,12 @@ div.confirmation {
|
|
109
109
|
background-repeat: no-repeat;
|
110
110
|
background-position: 10px 5px;
|
111
111
|
font-weight: bold;
|
112
|
+
}
|
113
|
+
|
114
|
+
div.notice {
|
115
|
+
color: #04c;
|
116
|
+
background-image: url(notice.png);
|
117
|
+
background-repeat: no-repeat;
|
118
|
+
background-position: 10px 5px;
|
119
|
+
font-weight: bold;
|
112
120
|
}
|
Binary file
|
data/test/test_cas.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'mosquito'
|
3
|
+
|
4
|
+
$CONF = {:authenticator => {:class => "CASServer::Authenticators::Test"},
|
5
|
+
:log => {:file => "/tmp/test.log", :level => "INFO"}}
|
6
|
+
|
7
|
+
require File.dirname(__FILE__) + "/../lib/casserver"
|
8
|
+
|
9
|
+
CASServer.create
|
10
|
+
|
11
|
+
class TestCASServer < Camping::UnitTest
|
12
|
+
|
13
|
+
include CASServer::CAS
|
14
|
+
|
15
|
+
def test_generate_proxy_granting_ticket
|
16
|
+
pgt_url = "https://portal.urbacon.net:6543/cas_proxy_callback/receive_pgt"
|
17
|
+
st = generate_service_ticket("http://test.foo", "tester")
|
18
|
+
|
19
|
+
pgt = nil
|
20
|
+
|
21
|
+
assert_difference(ProxyGrantingTicket, :count, 1) do
|
22
|
+
pgt = generate_proxy_granting_ticket(pgt_url, st)
|
23
|
+
end
|
24
|
+
|
25
|
+
puts pgt.inspect
|
26
|
+
end
|
27
|
+
|
28
|
+
protected
|
29
|
+
def env
|
30
|
+
return {'REMOTE_ADDR' => "TEST"}
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
data/test/test_casserver.rb
CHANGED
@@ -123,28 +123,3 @@ class TestCASServer < Camping::FunctionalTest
|
|
123
123
|
end
|
124
124
|
|
125
125
|
end
|
126
|
-
|
127
|
-
#class TestPost < Camping::UnitTest
|
128
|
-
#
|
129
|
-
# fixtures :blog_posts, :blog_users, :blog_comments
|
130
|
-
#
|
131
|
-
# def test_create
|
132
|
-
# post = create
|
133
|
-
# assert post.valid?
|
134
|
-
# end
|
135
|
-
#
|
136
|
-
# def test_assoc
|
137
|
-
# post = Post.find :first
|
138
|
-
# assert_kind_of User, post.user
|
139
|
-
# assert_equal 1, post.user.id
|
140
|
-
# end
|
141
|
-
#
|
142
|
-
# private
|
143
|
-
#
|
144
|
-
# def create(options={})
|
145
|
-
# Post.create({ :user_id => 1,
|
146
|
-
# :title => "Title",
|
147
|
-
# :body => "Body"}.merge(options))
|
148
|
-
# end
|
149
|
-
#
|
150
|
-
#end
|
metadata
CHANGED
@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
|
|
3
3
|
specification_version: 1
|
4
4
|
name: rubycas-server
|
5
5
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 0.
|
7
|
-
date: 2007-03-
|
6
|
+
version: 0.3.0
|
7
|
+
date: 2007-03-29 00:00:00 -04:00
|
8
8
|
summary: Provides single sign on for web applications using the CAS protocol.
|
9
9
|
require_paths:
|
10
10
|
- lib
|
@@ -51,6 +51,7 @@ files:
|
|
51
51
|
- lib/casserver/version.rb
|
52
52
|
- lib/casserver/views.rb
|
53
53
|
- lib/themes/cas.css
|
54
|
+
- lib/themes/notice.png
|
54
55
|
- lib/themes/ok.png
|
55
56
|
- lib/themes/simple/bg.png
|
56
57
|
- lib/themes/simple/login_box_bg.png
|
@@ -64,6 +65,7 @@ files:
|
|
64
65
|
- setup.rb
|
65
66
|
- test/test_casserver.rb
|
66
67
|
test_files:
|
68
|
+
- test/test_cas.rb
|
67
69
|
- test/test_casserver.rb
|
68
70
|
rdoc_options: []
|
69
71
|
|
@@ -86,20 +88,20 @@ dependencies:
|
|
86
88
|
version: "1.5"
|
87
89
|
version:
|
88
90
|
- !ruby/object:Gem::Dependency
|
89
|
-
name:
|
91
|
+
name: activesupport
|
90
92
|
version_requirement:
|
91
93
|
version_requirements: !ruby/object:Gem::Version::Requirement
|
92
94
|
requirements:
|
93
95
|
- - ">="
|
94
96
|
- !ruby/object:Gem::Version
|
95
|
-
version: 1.
|
97
|
+
version: 1.4.0
|
96
98
|
version:
|
97
99
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
100
|
+
name: activerecord
|
99
101
|
version_requirement:
|
100
102
|
version_requirements: !ruby/object:Gem::Version::Requirement
|
101
103
|
requirements:
|
102
104
|
- - ">="
|
103
105
|
- !ruby/object:Gem::Version
|
104
|
-
version: 1.
|
106
|
+
version: 1.15.3
|
105
107
|
version:
|