rubycas-server 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.txt +48 -5
- data/Manifest.txt +1 -0
- data/Rakefile +3 -2
- data/config.example.yml +44 -14
- data/lib/casserver/authenticators/base.rb +3 -0
- data/lib/casserver/authenticators/ldap.rb +8 -4
- data/lib/casserver/authenticators/sql.rb +2 -2
- data/lib/casserver/authenticators/test.rb +3 -0
- data/lib/casserver/cas.rb +20 -6
- data/lib/casserver/conf.rb +2 -1
- data/lib/casserver/controllers.rb +41 -12
- data/lib/casserver/models.rb +7 -0
- data/lib/casserver/postambles.rb +1 -1
- data/lib/casserver/version.rb +1 -1
- data/lib/casserver/views.rb +13 -11
- data/lib/themes/cas.css +8 -0
- data/lib/themes/notice.png +0 -0
- data/test/test_cas.rb +33 -0
- data/test/test_casserver.rb +0 -25
- metadata +8 -6
data/CHANGELOG.txt
CHANGED
@@ -1,13 +1,56 @@
|
|
1
|
-
=== 0.
|
1
|
+
=== 0.3.0 :: 2007-03-29
|
2
|
+
|
3
|
+
* Fixed glaring security problem with LDAP/AD Authenticator where under some
|
4
|
+
circumstances blank passwords were accepted as valid.
|
5
|
+
* Autocomplete has been turned off on the password field for better security.
|
6
|
+
In the future we may allow autocomplete to be re-enabled using a
|
7
|
+
configuration setting.
|
8
|
+
* When the user visits the login page and is already authenticated (i.e. they
|
9
|
+
have a valid ticket granting cookie), a message is shown at the top
|
10
|
+
indicating that they are already logged in.
|
11
|
+
* sqlite3-ruby is no longer required by the gem as a dependency. The user
|
12
|
+
must now install it manually prior to installing rubycas-server. The
|
13
|
+
building of sqlite3 native extensions appears to be somewhat flakey
|
14
|
+
and probably defeats the original purpose of using it (which was
|
15
|
+
to have a CAS server up and running with no additional DB configuration).
|
16
|
+
We will use MySQL as the default database adapter instead, since it does
|
17
|
+
not require additional libraries and many users will have a MySQL server
|
18
|
+
already available.
|
19
|
+
* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
|
20
|
+
any user logged out. Only the PGTs for the user that is logging out are now
|
21
|
+
being deleted.
|
22
|
+
* Trailing slashes in service URLs are now ignored when validating service
|
23
|
+
and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
|
24
|
+
are now considered to be the same service URL).
|
25
|
+
* Authenticators now raise AuthenticatorError exceptions when encountering
|
26
|
+
a problem/error. This makes it easier to send feedback to the user.
|
27
|
+
However, other exceptions should still be raised when errors ought
|
28
|
+
not be recoverable (i.e. programming errors).
|
29
|
+
* Fixed serious vulnerability in LDAP authenticator where under some
|
30
|
+
cirumstances the user could just enter '*' as their username to match
|
31
|
+
any username. The LDAP authenticator will now refuse to process logins
|
32
|
+
with usernames that contain the characters * ( ) \ / and the NULL
|
33
|
+
character \0.
|
34
|
+
* Views are no longer xhtml-validated. Markaby's auto-validation was turned
|
35
|
+
off to allow for use of the autocomplete property on inputs, since this is
|
36
|
+
the only viable way of turning off password storage in IE and Firefox at
|
37
|
+
the page level.
|
38
|
+
* You can now limit the maximum length of a login session by setting the
|
39
|
+
expire_sessions config setting to true.
|
40
|
+
* Fixed some minor bugs in the login view.
|
41
|
+
|
42
|
+
|
43
|
+
=== 0.2.0 :: 2007-03-20
|
2
44
|
|
3
45
|
* ruby-casserver now behaves more like a real command-line app, accepting
|
4
46
|
various command line arguments including -h (help), -v (version), -c (use
|
5
|
-
an alternate config.yml), and -d (daemonize, when using webrick or mongrel
|
6
|
-
|
47
|
+
an alternate config.yml), and -d (daemonize, when using webrick or mongrel
|
48
|
+
mode).
|
49
|
+
* Special characters in CAS XML responses are now properly encoded into XML
|
7
50
|
entities
|
8
51
|
* CAS XML responses are no longer auto-indented... Markaby's indentation
|
9
|
-
seemed to be causing problems with the PHP CAS client
|
10
|
-
* Misc minor bug fixes/cleanup
|
52
|
+
seemed to be causing problems with the PHP CAS client.
|
53
|
+
* Misc minor bug fixes/cleanup.
|
11
54
|
|
12
55
|
=== 0.1.0 :: 2007-03-01
|
13
56
|
|
data/Manifest.txt
CHANGED
data/Rakefile
CHANGED
@@ -20,8 +20,9 @@ HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
|
|
20
20
|
|
21
21
|
DEPS = [
|
22
22
|
['camping', '>= 1.5'],
|
23
|
-
['sqlite3-ruby', '>= 1.2.0'],
|
24
|
-
['activesupport', '>= 1.4.0']
|
23
|
+
# ['sqlite3-ruby', '>= 1.2.0'],
|
24
|
+
['activesupport', '>= 1.4.0'],
|
25
|
+
['activerecord', '>=1.15.3']
|
25
26
|
]
|
26
27
|
|
27
28
|
|
data/config.example.yml
CHANGED
@@ -47,22 +47,28 @@ ssl_cert: /path/to/your/ssl.pem
|
|
47
47
|
|
48
48
|
# Set up the database connection. Make sure that this database is secure!
|
49
49
|
#
|
50
|
-
# By default, we use
|
51
|
-
#
|
50
|
+
# By default, we use MySQL, since it is widely used and does not require any additional
|
51
|
+
# ruby libraries besides ActiveRecord.
|
52
|
+
#
|
53
|
+
# Instead of MySQL you can use SQLite3, PostgreSQL, MSSQL, or anything else supported
|
54
|
+
# by ActiveRecord.
|
52
55
|
#
|
53
56
|
# For example, with MySQL, your config wold be something like:
|
54
|
-
#
|
55
|
-
#database:
|
56
|
-
# adapter: mysql
|
57
|
-
# database: casserver
|
58
|
-
# user: root
|
59
|
-
# password:
|
60
|
-
# server: localhost
|
61
|
-
#
|
62
57
|
|
63
58
|
database:
|
64
|
-
adapter:
|
65
|
-
|
59
|
+
adapter: mysql
|
60
|
+
database: casserver
|
61
|
+
username: root
|
62
|
+
password:
|
63
|
+
server: localhost
|
64
|
+
|
65
|
+
# If you prefer to use SQLite3 (which does not require a separate database server),
|
66
|
+
# your configuration would look something like the following (don't forget to install
|
67
|
+
# the sqlite3-ruby gem beforehand!):
|
68
|
+
#
|
69
|
+
#database:
|
70
|
+
# adapter: sqlite3
|
71
|
+
# dbfile: /var/lib/casserver.db
|
66
72
|
|
67
73
|
|
68
74
|
##### AUTHENTICATION #################################################################
|
@@ -163,7 +169,7 @@ database:
|
|
163
169
|
#
|
164
170
|
# Custom themes are not well supported yet, but will be in the near future. In the
|
165
171
|
# meantime, if you want to create a custom theme, you can create a subdirectory
|
166
|
-
# under the CASServer's themes dir (for example '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
|
172
|
+
# under the CASServer's themes dir (for example, '/usr/lib/ruby/1.8/gems/casserver-xxx/lib/themes',
|
167
173
|
# if you installed CASServer on Linux as a gem). A theme is basically just a theme.css
|
168
174
|
# file that overrides the themes/cas.css styles along with a collection of image files
|
169
175
|
# like logo.png and bg.png.
|
@@ -194,4 +200,28 @@ log:
|
|
194
200
|
# Every SQL query will be logged here. This is useful for debugging database problems.
|
195
201
|
#
|
196
202
|
#db_log:
|
197
|
-
# file: /var/log/casserver_db.log
|
203
|
+
# file: /var/log/casserver_db.log
|
204
|
+
|
205
|
+
|
206
|
+
##### OTHER ###########################################################################
|
207
|
+
|
208
|
+
# You can set various ticket expiry times (specify the value in seconds).
|
209
|
+
|
210
|
+
# Expired login and service tickets are no longer usable this many seconds after they
|
211
|
+
# are created. (Defaults to 5 minutes)
|
212
|
+
|
213
|
+
#login_ticket_expiry: 300
|
214
|
+
#service_ticket_expiry: 300
|
215
|
+
|
216
|
+
# Proxy- and ticket-granting tickets do not expire -- normally they are made invalid only
|
217
|
+
# when the user logs out. But the server must periodically delete them to prevent buildup of
|
218
|
+
# stale data. PGTs and TGTs will be deleted during server startup if they are this many
|
219
|
+
# seconds old. (Defaults to 48 hours)
|
220
|
+
|
221
|
+
#proxy_granting_ticket_expiry: 172800
|
222
|
+
#ticket_granting_ticket_expiry: 172800
|
223
|
+
|
224
|
+
# If you would prefer that ticket-granting ticket expiry be enforced (in effect limiting
|
225
|
+
# the maximum length of a session), you can set expire_sessions to true.
|
226
|
+
|
227
|
+
# expire_sessions: false
|
@@ -12,16 +12,20 @@ class CASServer::Authenticators::LDAP < CASServer::Authenticators::Base
|
|
12
12
|
def validate(credentials)
|
13
13
|
read_standard_credentials(credentials)
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
raise "
|
15
|
+
return false if @password.blank?
|
16
|
+
|
17
|
+
raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
18
|
+
raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:ldap]
|
19
|
+
raise CASServer::AuthenticatorError, "You must specify an ldap server in the configuration!" unless @options[:ldap][:server]
|
20
|
+
|
21
|
+
raise CASServer::AuthenticatorError, "The username '#{@username}' contains invalid characters." if (@username =~ /[*\(\)\\\0\/]/)
|
18
22
|
|
19
23
|
ldap = Net::LDAP.new
|
20
24
|
ldap.host = @options[:ldap][:server]
|
21
25
|
ldap.port = @options[:ldap][:port] if @options[:ldap][:port]
|
22
26
|
|
23
27
|
if @options[:ldap][:auth_user]
|
24
|
-
raise "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
|
28
|
+
raise CASServer::AuthenticatorError, "A password must be specified in the configuration for the authenticator user!" unless @options[:ldap][:auth_password]
|
25
29
|
ldap.authenticate(@options[:ldap][:auth_user], @options[:ldap][:auth_password])
|
26
30
|
end
|
27
31
|
|
@@ -12,8 +12,8 @@ class CASServer::Authenticators::SQL < CASServer::Authenticators::Base
|
|
12
12
|
def validate(credentials)
|
13
13
|
read_standard_credentials(credentials)
|
14
14
|
|
15
|
-
raise "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
16
|
-
raise "Invalid authenticator configuration!" unless @options[:database]
|
15
|
+
raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options
|
16
|
+
raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless @options[:database]
|
17
17
|
|
18
18
|
CASUser.establish_connection @options[:database]
|
19
19
|
CASUser.set_table_name @options[:user_table] || "users"
|
@@ -3,6 +3,9 @@ require 'casserver/authenticators/base'
|
|
3
3
|
class CASServer::Authenticators::Test < CASServer::Authenticators::Base
|
4
4
|
def validate(credentials)
|
5
5
|
read_standard_credentials(credentials)
|
6
|
+
|
7
|
+
raise CASServer::AuthenticatorError, "Username is 'do_error'!" if @username == 'do_error'
|
8
|
+
|
6
9
|
return @username == "testuser" && @password == "testpassword"
|
7
10
|
end
|
8
11
|
end
|
data/lib/casserver/cas.rb
CHANGED
@@ -90,7 +90,7 @@ module CASServer::CAS
|
|
90
90
|
if response.code.to_i == 200
|
91
91
|
# 3.4 (proxy-granting ticket IOU)
|
92
92
|
pgt.save!
|
93
|
-
$LOG.debug "PGT generated for pgt_url '#{pgt_url}'
|
93
|
+
$LOG.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}"
|
94
94
|
pgt
|
95
95
|
else
|
96
96
|
$LOG.warn "PGT callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
|
@@ -112,7 +112,7 @@ module CASServer::CAS
|
|
112
112
|
elsif Time.now - lt.created_on < CASServer::Conf.login_ticket_expiry
|
113
113
|
$LOG.info("Login ticket '#{ticket}' successfully validated")
|
114
114
|
else
|
115
|
-
error = "Your login ticket
|
115
|
+
error = "Your login ticket has expired."
|
116
116
|
$LOG.warn("Expired login ticket '#{ticket}'")
|
117
117
|
end
|
118
118
|
else
|
@@ -132,7 +132,12 @@ module CASServer::CAS
|
|
132
132
|
error = "No ticket granting ticket given."
|
133
133
|
$LOG.debug(error)
|
134
134
|
elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
|
135
|
-
|
135
|
+
if CASServer::Conf.expire_sessions && Time.now - tgt.created_on > CASServer::Conf.ticket_granting_ticket_expiry
|
136
|
+
error = "Your session has expired. Please log in again."
|
137
|
+
$LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired.")
|
138
|
+
else
|
139
|
+
$LOG.info("Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated.")
|
140
|
+
end
|
136
141
|
else
|
137
142
|
error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
|
138
143
|
$LOG.warn(error)
|
@@ -157,7 +162,7 @@ module CASServer::CAS
|
|
157
162
|
elsif Time.now - st.created_on > CASServer::Conf.service_ticket_expiry
|
158
163
|
error = Error.new("INVALID_TICKET", "Ticket '#{ticket}' has expired.")
|
159
164
|
$LOG.warn("Ticket '#{ticket}' has expired.")
|
160
|
-
elsif st.
|
165
|
+
elsif st.matches_service? service
|
161
166
|
$LOG.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
|
162
167
|
else
|
163
168
|
error = Error.new("INVALID_SERVICE", "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
|
@@ -215,10 +220,19 @@ module CASServer::CAS
|
|
215
220
|
raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? CASServer::Models::ServiceTicket
|
216
221
|
|
217
222
|
service_uri = URI.parse(service)
|
218
|
-
|
223
|
+
|
224
|
+
if service.include? "?"
|
225
|
+
if service_uri.query.empty?
|
226
|
+
query_separator = ""
|
227
|
+
else
|
228
|
+
query_separator = "&"
|
229
|
+
end
|
230
|
+
else
|
231
|
+
query_separator = "?"
|
232
|
+
end
|
219
233
|
|
220
234
|
service_with_ticket = service + query_separator + "ticket=" + st.ticket
|
221
235
|
service_with_ticket
|
222
236
|
end
|
223
237
|
|
224
|
-
end
|
238
|
+
end
|
data/lib/casserver/conf.rb
CHANGED
@@ -62,6 +62,7 @@ end
|
|
62
62
|
module CASServer
|
63
63
|
module Conf
|
64
64
|
DEFAULTS = {
|
65
|
+
:expire_sessions => false,
|
65
66
|
:login_ticket_expiry => 5.minutes,
|
66
67
|
:service_ticket_expiry => 5.minutes, # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
|
67
68
|
:proxy_granting_ticket_expiry => 48.hours,
|
@@ -79,4 +80,4 @@ module CASServer
|
|
79
80
|
self[method]
|
80
81
|
end
|
81
82
|
end
|
82
|
-
end
|
83
|
+
end
|
@@ -19,14 +19,19 @@ module CASServer::Controllers
|
|
19
19
|
@renew = @input['renew']
|
20
20
|
@gateway = @input['gateway']
|
21
21
|
|
22
|
-
if
|
23
|
-
tgt,
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
22
|
+
if tgc = @cookies[:tgt]
|
23
|
+
tgt, tgt_error = validate_ticket_granting_ticket(tgc)
|
24
|
+
end
|
25
|
+
|
26
|
+
if tgt and !tgt_error
|
27
|
+
@message = {:type => 'notice', :message => %{You are currently logged in as "#{tgt.username}". If you are not you, please log in below.}}
|
28
|
+
end
|
29
|
+
|
30
|
+
if @service && !@renew && tgt && !tgt_error
|
31
|
+
st = generate_service_ticket(@service, tgt.username)
|
32
|
+
service_with_ticket = service_uri_with_ticket(@service, st)
|
33
|
+
$LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
|
34
|
+
return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
|
30
35
|
end
|
31
36
|
|
32
37
|
lt = generate_login_ticket
|
@@ -51,6 +56,8 @@ module CASServer::Controllers
|
|
51
56
|
|
52
57
|
if error = validate_login_ticket(@lt)
|
53
58
|
@message = {:type => 'mistake', :message => error}
|
59
|
+
# generate another login ticket to allow for re-submitting the form
|
60
|
+
@lt = generate_login_ticket.ticket
|
54
61
|
return render(:login)
|
55
62
|
end
|
56
63
|
|
@@ -61,13 +68,32 @@ module CASServer::Controllers
|
|
61
68
|
|
62
69
|
$LOG.debug("Logging in with username: #{@username}, lt: #{@lt}, service: #{@service}, auth: #{$AUTH}")
|
63
70
|
|
64
|
-
|
71
|
+
begin
|
72
|
+
credentials_are_valid = $AUTH.validate(:username => @username, :password => @password)
|
73
|
+
rescue AuthenticatorError => e
|
74
|
+
$LOG.error(e)
|
75
|
+
@message = {:type => 'mistake', :message => e.to_s}
|
76
|
+
render :login and return
|
77
|
+
end
|
78
|
+
|
79
|
+
if credentials_are_valid
|
65
80
|
$LOG.info("Credentials for username '#{@username}' successfully validated")
|
66
81
|
|
67
82
|
# 3.6 (ticket-granting cookie)
|
68
83
|
tgt = generate_ticket_granting_ticket(@username)
|
84
|
+
|
85
|
+
if CASServer::Conf.expire_sessions
|
86
|
+
expires = CASServer::Conf.ticket_granting_ticket_expiry.to_i.from_now
|
87
|
+
expiry_info = " It will expire on #{expires}."
|
88
|
+
else
|
89
|
+
expiry_info = " It will not expire."
|
90
|
+
end
|
91
|
+
|
92
|
+
# TODO: Set expiry time for the cookie when expire_sessions is true. Unfortunately there doesn't
|
93
|
+
# seem to be an easy way to set cookie expire times in Camping :(
|
69
94
|
@cookies[:tgt] = tgt.to_s
|
70
|
-
|
95
|
+
|
96
|
+
$LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'. #{expiry_info}")
|
71
97
|
|
72
98
|
if @service.blank?
|
73
99
|
$LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
|
@@ -106,13 +132,16 @@ module CASServer::Controllers
|
|
106
132
|
@cookies.delete :tgt
|
107
133
|
|
108
134
|
if tgt
|
109
|
-
pgts = CASServer::Models::ProxyGrantingTicket.find(:all,
|
135
|
+
pgts = CASServer::Models::ProxyGrantingTicket.find(:all,
|
136
|
+
:conditions => ["username = ?", tgt.username],
|
137
|
+
:include => :service_ticket)
|
110
138
|
pgts.each do |pgt|
|
139
|
+
$LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{pgt.service_ticket.username}'")
|
111
140
|
pgt.destroy
|
112
|
-
$LOG.debug("Deleting Proxy-Granting Ticket '#{pgt}' for user '#{tgt.username}'")
|
113
141
|
end
|
114
142
|
|
115
143
|
$LOG.debug("Deleting Ticket-Granting Ticket '#{tgt}' for user '#{tgt.username}'")
|
144
|
+
tgt.destroy
|
116
145
|
|
117
146
|
$LOG.info("User '#{tgt.username}' logged out.")
|
118
147
|
else
|
data/lib/casserver/models.rb
CHANGED
@@ -36,6 +36,13 @@ module CASServer::Models
|
|
36
36
|
|
37
37
|
class ServiceTicket < Ticket
|
38
38
|
include Consumable
|
39
|
+
|
40
|
+
def matches_service?(service)
|
41
|
+
# We ignore the trailing slash in URLs, since
|
42
|
+
# "http://www.google.com/" and "http://www.google.com" are almost
|
43
|
+
# certainly the same service.
|
44
|
+
self.service.gsub(/\/$/, '') == service.gsub(/\/$/, '')
|
45
|
+
end
|
39
46
|
end
|
40
47
|
|
41
48
|
class ProxyTicket < ServiceTicket
|
data/lib/casserver/postambles.rb
CHANGED
data/lib/casserver/version.rb
CHANGED
data/lib/casserver/views.rb
CHANGED
@@ -1,14 +1,16 @@
|
|
1
1
|
# The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
|
2
2
|
# under http://www.ja-sig.org/products/cas/overview/protocol/index.html
|
3
3
|
|
4
|
-
|
4
|
+
# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
|
5
|
+
Markaby::Builder.set(:auto_validation, false)
|
6
|
+
Markaby::Builder.set(:indent, 2)
|
5
7
|
|
6
|
-
|
7
|
-
#
|
8
|
+
module CASServer::Views
|
8
9
|
|
9
10
|
def layout
|
11
|
+
|
10
12
|
# wrap as XHTML only when auto_validation is on, otherwise pass right through
|
11
|
-
if @
|
13
|
+
if @use_layout
|
12
14
|
xhtml_strict do
|
13
15
|
head do
|
14
16
|
title { "#{organization} Central Login" }
|
@@ -27,12 +29,14 @@ module CASServer::Views
|
|
27
29
|
|
28
30
|
# 2.1.3
|
29
31
|
def login
|
32
|
+
@use_layout = true
|
33
|
+
|
30
34
|
table(:id => "login-box") do
|
31
35
|
tr do
|
32
36
|
td(:colspan => 2) do
|
33
37
|
div(:id => "headline-container") do
|
34
38
|
strong organization
|
35
|
-
text "Central Login"
|
39
|
+
text " Central Login"
|
36
40
|
end
|
37
41
|
end
|
38
42
|
end
|
@@ -56,7 +60,8 @@ module CASServer::Views
|
|
56
60
|
label(:id => "username-label", :for => "username") { "Username" }
|
57
61
|
end
|
58
62
|
td(:id => "username-container") do
|
59
|
-
input(:type => "text", :id => "username", :name => "username",
|
63
|
+
input(:type => "text", :id => "username", :name => "username",
|
64
|
+
:size => "32", :tabindex => "1", :accesskey => "u")
|
60
65
|
end
|
61
66
|
end
|
62
67
|
tr do
|
@@ -64,7 +69,8 @@ module CASServer::Views
|
|
64
69
|
label(:id => "password-label", :for => "password") { "Password" }
|
65
70
|
end
|
66
71
|
td(:id => "password-container") do
|
67
|
-
input(:type => "password", :id => "password", :name => "password",
|
72
|
+
input(:type => "password", :id => "password", :name => "password",
|
73
|
+
:size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
|
68
74
|
end
|
69
75
|
end
|
70
76
|
tr do
|
@@ -88,7 +94,6 @@ module CASServer::Views
|
|
88
94
|
|
89
95
|
# 2.4.2
|
90
96
|
def validate
|
91
|
-
@auto_validation = false
|
92
97
|
if @success
|
93
98
|
text "yes\n#{@username}\n"
|
94
99
|
else
|
@@ -98,7 +103,6 @@ module CASServer::Views
|
|
98
103
|
|
99
104
|
# 2.5.2
|
100
105
|
def service_validate
|
101
|
-
@auto_validation = false
|
102
106
|
if @success
|
103
107
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
104
108
|
tag!("cas:authenticationSuccess") do
|
@@ -117,7 +121,6 @@ module CASServer::Views
|
|
117
121
|
|
118
122
|
# 2.6.2
|
119
123
|
def proxy_validate
|
120
|
-
@auto_validation = false
|
121
124
|
if @success
|
122
125
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
123
126
|
tag!("cas:authenticationSuccess") do
|
@@ -143,7 +146,6 @@ module CASServer::Views
|
|
143
146
|
|
144
147
|
# 2.7.2
|
145
148
|
def proxy
|
146
|
-
@auto_validation = false
|
147
149
|
if @success
|
148
150
|
tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
|
149
151
|
tag!("cas:proxySuccess") do
|
data/lib/themes/cas.css
CHANGED
@@ -109,4 +109,12 @@ div.confirmation {
|
|
109
109
|
background-repeat: no-repeat;
|
110
110
|
background-position: 10px 5px;
|
111
111
|
font-weight: bold;
|
112
|
+
}
|
113
|
+
|
114
|
+
div.notice {
|
115
|
+
color: #04c;
|
116
|
+
background-image: url(notice.png);
|
117
|
+
background-repeat: no-repeat;
|
118
|
+
background-position: 10px 5px;
|
119
|
+
font-weight: bold;
|
112
120
|
}
|
Binary file
|
data/test/test_cas.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'mosquito'
|
3
|
+
|
4
|
+
$CONF = {:authenticator => {:class => "CASServer::Authenticators::Test"},
|
5
|
+
:log => {:file => "/tmp/test.log", :level => "INFO"}}
|
6
|
+
|
7
|
+
require File.dirname(__FILE__) + "/../lib/casserver"
|
8
|
+
|
9
|
+
CASServer.create
|
10
|
+
|
11
|
+
class TestCASServer < Camping::UnitTest
|
12
|
+
|
13
|
+
include CASServer::CAS
|
14
|
+
|
15
|
+
def test_generate_proxy_granting_ticket
|
16
|
+
pgt_url = "https://portal.urbacon.net:6543/cas_proxy_callback/receive_pgt"
|
17
|
+
st = generate_service_ticket("http://test.foo", "tester")
|
18
|
+
|
19
|
+
pgt = nil
|
20
|
+
|
21
|
+
assert_difference(ProxyGrantingTicket, :count, 1) do
|
22
|
+
pgt = generate_proxy_granting_ticket(pgt_url, st)
|
23
|
+
end
|
24
|
+
|
25
|
+
puts pgt.inspect
|
26
|
+
end
|
27
|
+
|
28
|
+
protected
|
29
|
+
def env
|
30
|
+
return {'REMOTE_ADDR' => "TEST"}
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
data/test/test_casserver.rb
CHANGED
@@ -123,28 +123,3 @@ class TestCASServer < Camping::FunctionalTest
|
|
123
123
|
end
|
124
124
|
|
125
125
|
end
|
126
|
-
|
127
|
-
#class TestPost < Camping::UnitTest
|
128
|
-
#
|
129
|
-
# fixtures :blog_posts, :blog_users, :blog_comments
|
130
|
-
#
|
131
|
-
# def test_create
|
132
|
-
# post = create
|
133
|
-
# assert post.valid?
|
134
|
-
# end
|
135
|
-
#
|
136
|
-
# def test_assoc
|
137
|
-
# post = Post.find :first
|
138
|
-
# assert_kind_of User, post.user
|
139
|
-
# assert_equal 1, post.user.id
|
140
|
-
# end
|
141
|
-
#
|
142
|
-
# private
|
143
|
-
#
|
144
|
-
# def create(options={})
|
145
|
-
# Post.create({ :user_id => 1,
|
146
|
-
# :title => "Title",
|
147
|
-
# :body => "Body"}.merge(options))
|
148
|
-
# end
|
149
|
-
#
|
150
|
-
#end
|
metadata
CHANGED
@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
|
|
3
3
|
specification_version: 1
|
4
4
|
name: rubycas-server
|
5
5
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 0.
|
7
|
-
date: 2007-03-
|
6
|
+
version: 0.3.0
|
7
|
+
date: 2007-03-29 00:00:00 -04:00
|
8
8
|
summary: Provides single sign on for web applications using the CAS protocol.
|
9
9
|
require_paths:
|
10
10
|
- lib
|
@@ -51,6 +51,7 @@ files:
|
|
51
51
|
- lib/casserver/version.rb
|
52
52
|
- lib/casserver/views.rb
|
53
53
|
- lib/themes/cas.css
|
54
|
+
- lib/themes/notice.png
|
54
55
|
- lib/themes/ok.png
|
55
56
|
- lib/themes/simple/bg.png
|
56
57
|
- lib/themes/simple/login_box_bg.png
|
@@ -64,6 +65,7 @@ files:
|
|
64
65
|
- setup.rb
|
65
66
|
- test/test_casserver.rb
|
66
67
|
test_files:
|
68
|
+
- test/test_cas.rb
|
67
69
|
- test/test_casserver.rb
|
68
70
|
rdoc_options: []
|
69
71
|
|
@@ -86,20 +88,20 @@ dependencies:
|
|
86
88
|
version: "1.5"
|
87
89
|
version:
|
88
90
|
- !ruby/object:Gem::Dependency
|
89
|
-
name:
|
91
|
+
name: activesupport
|
90
92
|
version_requirement:
|
91
93
|
version_requirements: !ruby/object:Gem::Version::Requirement
|
92
94
|
requirements:
|
93
95
|
- - ">="
|
94
96
|
- !ruby/object:Gem::Version
|
95
|
-
version: 1.
|
97
|
+
version: 1.4.0
|
96
98
|
version:
|
97
99
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
100
|
+
name: activerecord
|
99
101
|
version_requirement:
|
100
102
|
version_requirements: !ruby/object:Gem::Version::Requirement
|
101
103
|
requirements:
|
102
104
|
- - ">="
|
103
105
|
- !ruby/object:Gem::Version
|
104
|
-
version: 1.
|
106
|
+
version: 1.15.3
|
105
107
|
version:
|