synapse-rubycas-server 1.1.3alpha
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/CHANGELOG +353 -0
- data/Gemfile +12 -0
- data/LICENSE +26 -0
- data/README.md +38 -0
- data/Rakefile +3 -0
- data/bin/rubycas-server +30 -0
- data/config/config.example.yml +552 -0
- data/config/unicorn.rb +88 -0
- data/config.ru +11 -0
- data/db/migrate/001_create_initial_structure.rb +47 -0
- data/db/migrate/002_add_indexes_for_performance.rb +15 -0
- data/lib/casserver/authenticators/active_directory_ldap.rb +17 -0
- data/lib/casserver/authenticators/active_resource.rb +113 -0
- data/lib/casserver/authenticators/authlogic_crypto_providers/aes256.rb +43 -0
- data/lib/casserver/authenticators/authlogic_crypto_providers/bcrypt.rb +92 -0
- data/lib/casserver/authenticators/authlogic_crypto_providers/md5.rb +34 -0
- data/lib/casserver/authenticators/authlogic_crypto_providers/sha1.rb +59 -0
- data/lib/casserver/authenticators/authlogic_crypto_providers/sha512.rb +50 -0
- data/lib/casserver/authenticators/base.rb +70 -0
- data/lib/casserver/authenticators/client_certificate.rb +47 -0
- data/lib/casserver/authenticators/google.rb +62 -0
- data/lib/casserver/authenticators/ldap.rb +131 -0
- data/lib/casserver/authenticators/ntlm.rb +88 -0
- data/lib/casserver/authenticators/open_id.rb +19 -0
- data/lib/casserver/authenticators/sql.rb +158 -0
- data/lib/casserver/authenticators/sql_authlogic.rb +93 -0
- data/lib/casserver/authenticators/sql_bcrypt.rb +17 -0
- data/lib/casserver/authenticators/sql_encrypted.rb +75 -0
- data/lib/casserver/authenticators/sql_md5.rb +19 -0
- data/lib/casserver/authenticators/sql_rest_auth.rb +82 -0
- data/lib/casserver/authenticators/test.rb +21 -0
- data/lib/casserver/base.rb +13 -0
- data/lib/casserver/cas.rb +324 -0
- data/lib/casserver/core_ext/directory_user.rb +81 -0
- data/lib/casserver/core_ext/securerandom.rb +17 -0
- data/lib/casserver/core_ext/string.rb +22 -0
- data/lib/casserver/core_ext.rb +12 -0
- data/lib/casserver/model/consumable.rb +31 -0
- data/lib/casserver/model/ticket.rb +19 -0
- data/lib/casserver/model.rb +248 -0
- data/lib/casserver/server.rb +796 -0
- data/lib/casserver/utils.rb +20 -0
- data/lib/casserver/views/_login_form.erb +42 -0
- data/lib/casserver/views/layout.erb +18 -0
- data/lib/casserver/views/login.erb +30 -0
- data/lib/casserver/views/proxy.builder +13 -0
- data/lib/casserver/views/proxy_validate.builder +31 -0
- data/lib/casserver/views/service_validate.builder +24 -0
- data/lib/casserver/views/validate.erb +2 -0
- data/lib/casserver.rb +19 -0
- data/locales/de.yml +27 -0
- data/locales/en.yml +26 -0
- data/locales/es.yml +26 -0
- data/locales/es_ar.yml +26 -0
- data/locales/fr.yml +26 -0
- data/locales/it.yml +26 -0
- data/locales/jp.yml +26 -0
- data/locales/pl.yml +26 -0
- data/locales/pt.yml +26 -0
- data/locales/ru.yml +26 -0
- data/locales/zh.yml +26 -0
- data/locales/zh_tw.yml +26 -0
- data/public/themes/cas.css +126 -0
- data/public/themes/notice.png +0 -0
- data/public/themes/ok.png +0 -0
- data/public/themes/simple/bg.png +0 -0
- data/public/themes/simple/favicon.png +0 -0
- data/public/themes/simple/login_box_bg.png +0 -0
- data/public/themes/simple/logo.png +0 -0
- data/public/themes/simple/theme.css +28 -0
- data/public/themes/warning.png +0 -0
- data/resources/init.d.sh +58 -0
- data/spec/casserver/authenticators/active_resource_spec.rb +116 -0
- data/spec/casserver/authenticators/ldap_spec.rb +57 -0
- data/spec/casserver/cas_spec.rb +148 -0
- data/spec/casserver/model_spec.rb +42 -0
- data/spec/casserver/utils_spec.rb +24 -0
- data/spec/casserver_spec.rb +221 -0
- data/spec/config/alt_config.yml +50 -0
- data/spec/config/default_config.yml +56 -0
- data/spec/core_ext/string_spec.rb +28 -0
- data/spec/spec.opts +4 -0
- data/spec/spec_helper.rb +126 -0
- data/tasks/bundler.rake +4 -0
- data/tasks/db/migrate.rake +12 -0
- data/tasks/spec.rake +10 -0
- metadata +405 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
NTU5OWZjYTgxYjZhZTU0YTc4NzU3YTIwNGNhOTA0MDQ5NjQxMjVlZg==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
N2Y4MmJlMWExYzRkODU5ZjU4ZDY1YWZhNjNiNWQzNGNlNDFhNDcwZg==
|
7
|
+
!binary "U0hBNTEy":
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
NWQyY2EwY2YxNTYyZTVkOTlmM2M5NmRiZWYxYjQyNTc0YzMzYzE0Mjg4MzE4
|
10
|
+
MzFmNWFhZDVmODAxOWU3YTU2NjUzMjQ5YjZiY2NlMjViNzhjZjc2OGNjMmJl
|
11
|
+
NmU1MTRiYjBhZThlMzlkZjY5NmZmMjdhMzhkY2RhM2Y3ODE5M2U=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
ZDM3YzY4NjE1MTg2Zjk3NDEzNTU3NmNlNDFkZDQ5ZDI4NTk2NGJiMzJjOGZm
|
14
|
+
ZjAzN2VmZGZhOTUyYmFkNDEyMDA5ZjlhMDQ4YzExZTgzZTdlNjcyZDY3Nzk5
|
15
|
+
ODhiM2YzZDU4OWQ0OThjODY3MzFhYTA2ZmE0YzAxMGFmMjNhNTc=
|
data/CHANGELOG
ADDED
@@ -0,0 +1,353 @@
|
|
1
|
+
=== 1.1.3 :: In progress...
|
2
|
+
|
3
|
+
* CHANGED:
|
4
|
+
* XML responses now start with a correct XML declaration specifying UTF-8 encoding
|
5
|
+
(<?xml version="1.0" encoding="UTF-8" ?>).
|
6
|
+
|
7
|
+
* FIXED:
|
8
|
+
* Extra attributes with UTF-8 characters should be correctly encoded under ruby 1.8.7.
|
9
|
+
* Improved compatibility with various versions of ActiveRecord, ActiveSupport and
|
10
|
+
other dependencies.
|
11
|
+
* Minor code reorganization and cleanup.
|
12
|
+
|
13
|
+
=== 1.1.2 :: 2012-09-19
|
14
|
+
|
15
|
+
* FIXED:
|
16
|
+
* Upgraded sinatra-r18n dependency to 1.1.0. This should fix localization issues
|
17
|
+
for some users.
|
18
|
+
|
19
|
+
=== 1.1.1 :: 2012-06-08
|
20
|
+
|
21
|
+
* NEW:
|
22
|
+
* Google authenticator now has a "restricted_domain" option to allow logins only
|
23
|
+
from Google accounts (email addressed) under a specific domain name.
|
24
|
+
|
25
|
+
* FIXED:
|
26
|
+
* When installed as a gem, localization should now work correctly thanks to fixed
|
27
|
+
translations path.
|
28
|
+
|
29
|
+
=== 1.1.0 :: 2012-04-19
|
30
|
+
|
31
|
+
* NEW:
|
32
|
+
* Localization is now done using R18n instead of Gettext.
|
33
|
+
* Restored compatibility with Sinatra 1.2
|
34
|
+
* Now compatibile with Ruby 1.9.3
|
35
|
+
* Can now run without Bundler if all required dependencies are already installed.
|
36
|
+
* es_AR translations.
|
37
|
+
|
38
|
+
* CHANGED:
|
39
|
+
* It is no longer possible to select the locale by adding a 'lang=xx' attribute to the
|
40
|
+
request URL. The locale is selected using the 'Accept-Lanuage' header sent in the
|
41
|
+
request. However the old 'lang' functionality may be restored in a future version.
|
42
|
+
* Certain localized string keys have changed. If you are using your own custom views
|
43
|
+
you may need to modify them accordingly.
|
44
|
+
|
45
|
+
* FIXED:
|
46
|
+
* Removed unnecessary bcrypt requirement for encrypted sql authenticators.
|
47
|
+
* Single Sign Out requests should now work with SSL-enabled services.
|
48
|
+
|
49
|
+
=== 1.0.1 :: 2011-11-22
|
50
|
+
|
51
|
+
* NEW:
|
52
|
+
* On startup the server now checks for a config.yml file in its own root directory,
|
53
|
+
then in /etc/rubycas-server.
|
54
|
+
|
55
|
+
* FIXED:
|
56
|
+
* Compatibilty with Sinatra 1.3 (:public changed to :public_folder).
|
57
|
+
* Database migration files should now be correctly bundled with the gem distribution.
|
58
|
+
* Should work with both ActiveRecord >= 2.3.12 and < 3.1. Previously the dependency
|
59
|
+
was erronously set to accept only the 2.3.12 series.
|
60
|
+
* Specs now pass under ActiveRecord 2.3.12 in both Ruby 1.8 and 1.9
|
61
|
+
|
62
|
+
=== 1.0.0 :: 2011-08-03
|
63
|
+
|
64
|
+
* NEW:
|
65
|
+
* Rewrite to replace Camping/Picnic with Sinatra
|
66
|
+
* Support for Ruby 1.9.2
|
67
|
+
* Support for Active Record 3
|
68
|
+
|
69
|
+
* CHANGED:
|
70
|
+
* Google authenticator proxy configuration has been changed (see config.example.yml)
|
71
|
+
|
72
|
+
=== 0.8.0
|
73
|
+
|
74
|
+
* NEW:
|
75
|
+
* Support for localization via Ruby-GetText.
|
76
|
+
See http://code.google.com/p/rubycas-server/wiki/Localization
|
77
|
+
for details. [antono]
|
78
|
+
* Switched to Picnic 0.8.x, so RubyCAS-Server is now based on Rack
|
79
|
+
and Camping 2.0 and is now compatible with Passenger Phusion
|
80
|
+
* Change to authenticator API: every authenticator now has a class 'setup'
|
81
|
+
method that gets called at server startup. This is where class-level
|
82
|
+
configuration should be done (e.g. establishing a database connection).
|
83
|
+
This is different from the 'configure' method which gets called on a per-
|
84
|
+
instance basis for each authenticator. [godfat]
|
85
|
+
* Database connections are now automatically released back to the connection
|
86
|
+
pool at the end of each request. This should allow the server to handle
|
87
|
+
many more concurrent requests, since database connections are no longer left
|
88
|
+
checked out of the pool.
|
89
|
+
* Added new SQL authenticator (sql_rest_auth) compatible with the
|
90
|
+
restful_authentication Rails plugin. [antono]
|
91
|
+
* Re-licensed under the MIT License.
|
92
|
+
|
93
|
+
* FIXED:
|
94
|
+
* Fixed weird problems with loading controllers when using older versions of
|
95
|
+
activesupport and/or rubygems.
|
96
|
+
* Failure to connect to a service during a single sign out request is now
|
97
|
+
handled gracefully.
|
98
|
+
* Required gem dependencies have been re-enabled in the gemspec.
|
99
|
+
* Authlogic authenticator files added to gemspec. [rajiv]
|
100
|
+
* Authenticators are now instantiated on a per-request basis (rather than
|
101
|
+
once at startup) to ensure thread safety.
|
102
|
+
|
103
|
+
=== 0.7.1 :: 2008-11-10
|
104
|
+
|
105
|
+
* Fixed dependency loading problems introduced by upstream changes in RubyGems
|
106
|
+
1.3.1.
|
107
|
+
|
108
|
+
=== 0.7.0 :: 2008-11-04
|
109
|
+
|
110
|
+
* NEW:
|
111
|
+
* Implemented single-sign-out functionality as specified in CAS 3.3. See
|
112
|
+
http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out.
|
113
|
+
* It is now possible to configure Authenticators to return extra attributes
|
114
|
+
to CAS clients alongside the username. For an example of how to do this see
|
115
|
+
the included SQL authenticator. Also have a look at:
|
116
|
+
http://groups.google.com/group/rubycas-server/browse_thread/thread/5eade3793cb590e9
|
117
|
+
Note that extra attributes of type other than String or Numeric are serialized
|
118
|
+
into YAML format before being sent along to the client.
|
119
|
+
* Added an MD5-password version of the SQL authenticator for Drupal and any other
|
120
|
+
database that stores its passwords in hashed form (thanks malcolmm).
|
121
|
+
* Added new Google authenticator for authenticating against Google/GMail
|
122
|
+
accounts.
|
123
|
+
|
124
|
+
* CHANGED:
|
125
|
+
* Service URIs are now automatically normalized. For example, if the service
|
126
|
+
URI given to the server has a 'ticket' parameter, the ticket will now be
|
127
|
+
automatically stripped. This is to avert any possible issues raised by
|
128
|
+
misbehaving CAS clients (the CAS ticket should never be part of the service
|
129
|
+
URI). Same goes for other CAS-related parameters like 'service', 'renew',
|
130
|
+
and 'gateway'. Additionally, the trailing '/' and '?' characters are
|
131
|
+
automatically stripped from URLs, since, for example, "http://google.com/"
|
132
|
+
is almost certainly equivalent to "http://google.com".
|
133
|
+
* The expire_sessions config variable is now respected -- ticket granting
|
134
|
+
ticket cookies are set with an expiry datetime, so that the SSO session
|
135
|
+
is effectively terminated once the ticket_granting_ticket_expiry period
|
136
|
+
is reached.
|
137
|
+
* If present, the HTTP_X_FORWARDED_FOR header is used for recording the
|
138
|
+
client's address. This is useful when the server is running behind a reverse
|
139
|
+
proxy, but it should not be considered authoritative since it can be
|
140
|
+
easily spoofed.
|
141
|
+
* The 'service' field in the 'casserver_st' table has been changed from
|
142
|
+
VARCHAR(255) to TEXT in order to accomodate service URIs longer than 255
|
143
|
+
characters (fixes issue #46).
|
144
|
+
* The CAS XML responses are no longer whitespace-formatted (i.e. Markaby's
|
145
|
+
auto-indentation has been turned off). Apparently the whitespace was
|
146
|
+
causing problems with mod_auth_cas. See:
|
147
|
+
http://groups.google.com/group/rubycas-server/browse_thread/thread/e482fe09999b73d3
|
148
|
+
* When used without pre-authentication, the LDAP authenticator now tries to
|
149
|
+
bind by searching for the given username in the LDAP directory based on the
|
150
|
+
configured username_attribute. Prior to this change the authenticator
|
151
|
+
attempted to bind with the LDAP server by assuming that the username credential
|
152
|
+
matches the user's CN. This is no longer the case.
|
153
|
+
* CAS responses to invalid requests (for example where required parameters
|
154
|
+
are missing or incorrect) will now have HTTP status code 422. Internal server
|
155
|
+
errors (where the server rather than the client is at fault) have error 500.
|
156
|
+
Previously most responses had error code 200, regardless of their contents.
|
157
|
+
|
158
|
+
* FIXED:
|
159
|
+
* Fixed logout action to work properly with ActiveRecord 2.1 (eager loading behaviour
|
160
|
+
was changed upstream forcing a change to the way we look for ProxyGrantingTickets
|
161
|
+
to delete on logout).
|
162
|
+
* When running under Mongrel, the USR2 signal should now restart the server as
|
163
|
+
expected -- however currently this only works when the server is running
|
164
|
+
in the foregaround. When daemonized, USR2 will shut down the server without
|
165
|
+
restarting (see issue #58).
|
166
|
+
* Fixed activerecord/activesupport gem load problems, hopefully once and for all
|
167
|
+
(however picnic-0.7.0 is now required).
|
168
|
+
|
169
|
+
=== 0.6.0 :: 2008-03-28
|
170
|
+
|
171
|
+
* Much of the supporting functionality that makes RubyCAS-Server
|
172
|
+
act as a well-behaved Linux service has been abstracted out
|
173
|
+
into its own library. This new library is called Picnic and is
|
174
|
+
now a gem dependency for RubyCAS-Server. You can find out more about
|
175
|
+
it at http://code.google.com/p/camping-picnic/.
|
176
|
+
* The logout action will now accept a 'destination' parameter in lieu of
|
177
|
+
'service'. This means that if a 'destination' parameter is given with
|
178
|
+
some URL, the logout action will show the login form, allowing the user
|
179
|
+
to immedietly log back in to the service specified by 'destination'.
|
180
|
+
* The logout action will now accept a 'url' parameter. If given, the logout
|
181
|
+
page will show a message indicating that the CAS session has been terminated
|
182
|
+
and instructing the user to click on a link to follow the given URL. If the
|
183
|
+
'url' parameter is given, the login form will NOT be shown on the logout
|
184
|
+
page (see above).
|
185
|
+
* When an authentication failure occurs (because the user submitted
|
186
|
+
invalid credentials or the login ticket is missing), the server
|
187
|
+
now returns a 401 (Unauthorized) response instead of 200.
|
188
|
+
* An encryption-enabled version of the SQL authenticator is now
|
189
|
+
available. For more info have a look at:
|
190
|
+
http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
|
191
|
+
* Better compatibility with Oracle databases. The database migration
|
192
|
+
no longer tries to create tables with long names when long
|
193
|
+
table names are not supported by the underlying database connector
|
194
|
+
(issue #15).
|
195
|
+
* The server now automatically removes leading and trailing whitespace from
|
196
|
+
the username entered by users. Passwords however are left intact, with no
|
197
|
+
whitespace removed.
|
198
|
+
* The server can now be configured to automatically downcase the
|
199
|
+
username entered by users (dowcase_username option). So if a user
|
200
|
+
enters "JSmith", the system will convert it to "jsmith" if the
|
201
|
+
downcase_username option is set to true.
|
202
|
+
* The server can now be made to bind to a specific address. See the
|
203
|
+
:bind_address option in the config.example.yml file.
|
204
|
+
* Fixed bug with ActiveRecord 2.0.2 where service tickets were not
|
205
|
+
being given a type (issue #37).
|
206
|
+
|
207
|
+
=== 0.5.1 :: 2007-12-20
|
208
|
+
|
209
|
+
* Tickets generated by the server should now be a lot more secure.
|
210
|
+
The random string generator used for generating tickets now uses
|
211
|
+
Crypt::ISAAC. Tickets have also been extended in length; STs, PTs
|
212
|
+
and LTs can now extend up to 32 characters, and PGTs and PGT-IOUs
|
213
|
+
up to 64.
|
214
|
+
|
215
|
+
=== 0.5.0 :: 2007-09-20
|
216
|
+
|
217
|
+
* Gateway requests should now be handled correctly. When the request to the
|
218
|
+
login page is made with gateway=true as one of the parameters, the CAS
|
219
|
+
server will immediately redirect back to the target service along with
|
220
|
+
a service ticket if an SSO session exists for the user (or without a
|
221
|
+
service ticket if there is no pre-existing SSO session).
|
222
|
+
Note that if you are using RubyCAS-Client and want gatewaying, you will
|
223
|
+
need to upgrade it to 1.1.0 as gatewaying was broken in prior versions.
|
224
|
+
* If gateway=true is specified as part of the logout URI, the server will
|
225
|
+
log the user out and immediately redirect them back to the specified
|
226
|
+
service. In other words, you can now do "gatewayed logouts" as well
|
227
|
+
as logins.
|
228
|
+
* A login ticket can now be remotely requested from the server by placing
|
229
|
+
a POST request to '/loginTicket'.
|
230
|
+
* The login view can now be made to return only the login form. This is
|
231
|
+
done by adding the 'onlyLoginForm' parameter to the '/login' request.
|
232
|
+
Optionally, a 'submitToURI' parameter can be supplied to force the login
|
233
|
+
form to submit to the given URI (otherwise the server will try to figure
|
234
|
+
out the full URI to its own login controller). This functionality may be
|
235
|
+
useful when you want to embed the login form in some external page, as
|
236
|
+
an IFRAME otherwise.
|
237
|
+
* Custom views can now be used to override the default Markaby templates
|
238
|
+
by specifying a 'custom_views_file' option in the configuration. See
|
239
|
+
custom_views.example.rb. [jzylks]
|
240
|
+
* Table names have been shortened to work with Oracle. A migration has
|
241
|
+
been added that should do the shortening for you the first time you run
|
242
|
+
this new RubyCAS-Server version.
|
243
|
+
* Multiple authenticators can now be specified. During authentication,
|
244
|
+
credentials are presented to the first authenticator, then the second,
|
245
|
+
and so on, until the user is validated by any one authenticator or fails
|
246
|
+
validation for all of them. [jzylks]
|
247
|
+
* When using webrick, you can now run with SSL disabled by omitting the
|
248
|
+
ssl_cert and ssl_key parameters.
|
249
|
+
* Changed incorrect MySQL example database configuration -- option should
|
250
|
+
be 'host:' not 'server:' (issue #22).
|
251
|
+
|
252
|
+
=== 0.4.2 :: 2007-07-26
|
253
|
+
|
254
|
+
* The LDAP/AD authenticator has been largely re-written. The code is a bit
|
255
|
+
cleaner now, and should work better with non-Active Directory LDAP servers
|
256
|
+
(although this has yet to be tested since I don't have access to a non-AD
|
257
|
+
LDAP server).
|
258
|
+
* The validate() method in your authenticators now receives a :service element
|
259
|
+
(in addition to :username, and :password). This is simply the service
|
260
|
+
url (if any) specified in the user's CAS request. If you call
|
261
|
+
read_standard_credentials(credentials) at the top of your validator, the value
|
262
|
+
will also be available as @service along with @username and @password.
|
263
|
+
* By request, a :username_prefix option has been added to the ldap
|
264
|
+
configuration. If entered, this string will be automatically prefixed to
|
265
|
+
the username entered by the user.
|
266
|
+
* A bug having to do with handling authenticator errors has been fixed.
|
267
|
+
Any authenticator error messages should now be correctly shown on the
|
268
|
+
login page.
|
269
|
+
* Minor improvements to error messages having to do with login tickets.
|
270
|
+
They're a bit more prescriptive now, explaining to the user what steps
|
271
|
+
they should take to correct the error.
|
272
|
+
|
273
|
+
=== 0.4.1 :: 2007-06-07
|
274
|
+
|
275
|
+
* This release restores compatiblity with older versions of rubygems
|
276
|
+
(pre-0.9.0). To achieve this, we alias the 'gem' method to the old
|
277
|
+
'require_gem' if 'gem' is not already defined.
|
278
|
+
* rubycas-server-ctl will now quiety delete an orphaned .pid file
|
279
|
+
instead complaining loudly and refusing to start up.
|
280
|
+
* Fixed minor bug in rubycas-server-ctl that sometimes incorrectly reported
|
281
|
+
startup problems when in fact the server had started just fine.
|
282
|
+
|
283
|
+
|
284
|
+
=== 0.4.0 :: 2007-06-05
|
285
|
+
|
286
|
+
* Added rubycas-server-ctl script for controlling daemonized server.
|
287
|
+
* rubygems-0.9.0 or later is now required.
|
288
|
+
* Added system startup script to be used in /etc/init.d on Linux systems.
|
289
|
+
* Authenticator can now be loaded from an external file using the 'source'
|
290
|
+
configuration option.
|
291
|
+
* Better preemptive detection of startup problems with mongrel.
|
292
|
+
* User now sees an error message if the service URI is not a valid URI (i.e.
|
293
|
+
if it's not URI-encoded or otherwise malformed).
|
294
|
+
|
295
|
+
|
296
|
+
=== 0.3.0 :: 2007-03-29
|
297
|
+
|
298
|
+
* Fixed glaring security problem with LDAP/AD Authenticator where under some
|
299
|
+
circumstances blank passwords were accepted as valid.
|
300
|
+
* Autocomplete has been turned off on the password field for better security.
|
301
|
+
In the future we may allow autocomplete to be re-enabled using a
|
302
|
+
configuration setting.
|
303
|
+
* When the user visits the login page and is already authenticated (i.e. they
|
304
|
+
have a valid ticket granting cookie), a message is shown at the top
|
305
|
+
indicating that they are already logged in.
|
306
|
+
* sqlite3-ruby is no longer required by the gem as a dependency. The user
|
307
|
+
must now install it manually prior to installing rubycas-server. The
|
308
|
+
building of sqlite3 native extensions appears to be somewhat flakey
|
309
|
+
and probably defeats the original purpose of using it (which was
|
310
|
+
to have a CAS server up and running with no additional DB configuration).
|
311
|
+
We will use MySQL as the default database adapter instead, since it does
|
312
|
+
not require additional libraries and many users will have a MySQL server
|
313
|
+
already available.
|
314
|
+
* Fixed bug that was causing all proxy-granting tickets to be deleted whenever
|
315
|
+
any user logged out. Only the PGTs for the user that is logging out are now
|
316
|
+
being deleted.
|
317
|
+
* Trailing slashes in service URLs are now ignored when validating service
|
318
|
+
and proxy tickets (e.g. "http://www.google.com" and "http://www.google.com/"
|
319
|
+
are now considered to be the same service URL).
|
320
|
+
* Authenticators now raise AuthenticatorError exceptions when encountering
|
321
|
+
a problem/error. This makes it easier to send feedback to the user.
|
322
|
+
However, other exceptions should still be raised when errors ought
|
323
|
+
not be recoverable (i.e. programming errors).
|
324
|
+
* Fixed serious vulnerability in LDAP authenticator where under some
|
325
|
+
cirumstances the user could just enter '*' as their username to match
|
326
|
+
any username. The LDAP authenticator will now refuse to process logins
|
327
|
+
with usernames that contain the characters * ( ) \ / and the NULL
|
328
|
+
character \0.
|
329
|
+
* Views are no longer xhtml-validated. Markaby's auto-validation was turned
|
330
|
+
off to allow for use of the autocomplete property on inputs, since this is
|
331
|
+
the only viable way of turning off password storage in IE and Firefox at
|
332
|
+
the page level.
|
333
|
+
* You can now limit the maximum length of a login session by setting the
|
334
|
+
expire_sessions config setting to true.
|
335
|
+
* Fixed some minor bugs in the login view.
|
336
|
+
|
337
|
+
|
338
|
+
=== 0.2.0 :: 2007-03-20
|
339
|
+
|
340
|
+
* ruby-casserver now behaves more like a real command-line app, accepting
|
341
|
+
various command line arguments including -h (help), -v (version), -c (use
|
342
|
+
an alternate config.yml), and -d (daemonize, when using webrick or mongrel
|
343
|
+
mode).
|
344
|
+
* Special characters in CAS XML responses are now properly encoded into XML
|
345
|
+
entities
|
346
|
+
* CAS XML responses are no longer auto-indented... Markaby's indentation
|
347
|
+
seemed to be causing problems with the PHP CAS client.
|
348
|
+
* Misc minor bug fixes/cleanup.
|
349
|
+
|
350
|
+
|
351
|
+
=== 0.1.0 :: 2007-03-01
|
352
|
+
|
353
|
+
* First public release.
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
Portions of RubyCAS-Server contributed by Matt Zukowski are copyright (c) 2011 Urbacon Ltd.
|
2
|
+
Other portions are copyright of their respective authors.
|
3
|
+
|
4
|
+
The MIT License
|
5
|
+
|
6
|
+
Permission is hereby granted, free of charge, to any person
|
7
|
+
obtaining a copy of this software and associated documentation
|
8
|
+
files (the "Software"), to deal in the Software without
|
9
|
+
restriction, including without limitation the rights to use,
|
10
|
+
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
11
|
+
copies of the Software, and to permit persons to whom the
|
12
|
+
Software is furnished to do so, subject to the following
|
13
|
+
conditions:
|
14
|
+
|
15
|
+
The above copyright notice and this permission notice shall be
|
16
|
+
included in all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
19
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
20
|
+
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
21
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
22
|
+
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
23
|
+
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
24
|
+
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
25
|
+
OTHER DEALINGS IN THE SOFTWARE.
|
26
|
+
|
data/README.md
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# RubyCAS-Server
|
2
|
+
|
3
|
+
## Copyright
|
4
|
+
|
5
|
+
Portions contributed by Matt Zukowski are copyright (c) 2011 Urbacon Ltd.
|
6
|
+
Other portions are copyright of their respective authors.
|
7
|
+
|
8
|
+
## Authors
|
9
|
+
|
10
|
+
See https://github.com/rubycas/rubycas-server/commits
|
11
|
+
|
12
|
+
## Installation
|
13
|
+
|
14
|
+
Example with mysql database:
|
15
|
+
|
16
|
+
1. `git clone git://github.com/rubycas/rubycas-server.git`
|
17
|
+
2. `cd rubycas-server`
|
18
|
+
3. `cp config/config.example.yml config.yml`
|
19
|
+
4. Customize your server by modifying the `config.yml` file. It is well commented but make sure that you take care of the following:
|
20
|
+
1. Change the database driver to `mysql2`
|
21
|
+
2. Configure at least one authenticator
|
22
|
+
3. You might want to change `log.file` to something local, so that you don't need root. For example just `casserver.log`
|
23
|
+
4. You might also want to disable SSL for now by commenting out the `ssl_cert` line and changing the port to something like `8888`
|
24
|
+
5. Create the database (i.e. `mysqladmin -u root create casserver` or whatever you have in `config.yml`)
|
25
|
+
6. Modify the existing Gemfile by adding drivers for your database server. For example, if you configured `mysql2` in config.yml, add this to the Gemfile: `gem "mysql2"`
|
26
|
+
7. Run `bundle install`
|
27
|
+
8. `bundle exec rubycas-server -c config.yml`
|
28
|
+
|
29
|
+
Your RubyCAS-Server should now be running. Once you've confirmed that everything looks good, try switching to a [Passenger](http://www.modrails.com/) deployment. You should be able to point Apache (or whatever) to the `rubycas-server/public` directory, and everything should just work.
|
30
|
+
|
31
|
+
Some more info is available at the [RubyCAS-Server Wiki](https://github.com/rubycas/rubycas-server/wiki).
|
32
|
+
|
33
|
+
If you have questions, try the [RubyCAS Google Group](https://groups.google.com/forum/?fromgroups#!forum/rubycas-server) or #rubycas on [freenode](http://freenode.net).
|
34
|
+
|
35
|
+
## License
|
36
|
+
|
37
|
+
RubyCAS-Server is licensed for use under the terms of the MIT License.
|
38
|
+
See the LICENSE file bundled with the official RubyCAS-Server distribution for details.
|
data/Rakefile
ADDED
data/bin/rubycas-server
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# Enables UTF-8 compatibility in ruby 1.8.
|
4
|
+
$KCODE = 'u' if RUBY_VERSION < '1.9'
|
5
|
+
|
6
|
+
require 'rubygems'
|
7
|
+
|
8
|
+
$:.unshift File.dirname(__FILE__) + "/../lib"
|
9
|
+
|
10
|
+
if ARGV.join.match('--debugger')
|
11
|
+
require 'ruby-debug'
|
12
|
+
puts
|
13
|
+
puts "=> Debugger Enabled"
|
14
|
+
end
|
15
|
+
|
16
|
+
if ARGV.join.match('-c')
|
17
|
+
c = ARGV.join.match(/-c\s*([^\s]+)/)
|
18
|
+
if (c && c[1])
|
19
|
+
ENV['CONFIG_FILE'] = c[1]
|
20
|
+
puts
|
21
|
+
puts "=> Using custom config file #{ENV['CONFIG_FILE'].inspect}"
|
22
|
+
else
|
23
|
+
$stderr.puts("To specify a custom config file use `rubycas-server -c path/to/config_file_name.yml`.")
|
24
|
+
exit
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
require 'casserver'
|
29
|
+
|
30
|
+
CASServer::Server.run!
|