uchouhan-rubycas-server 1.0.a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. data/CHANGELOG +289 -0
  2. data/LICENSE +26 -0
  3. data/README.md +19 -0
  4. data/Rakefile +1 -0
  5. data/bin/rubycas-server +16 -0
  6. data/bin/rubycas-server-ctl +9 -0
  7. data/lib/casserver.rb +13 -0
  8. data/lib/casserver/authenticators/active_directory_ldap.rb +19 -0
  9. data/lib/casserver/authenticators/authlogic_crypto_providers/aes256.rb +43 -0
  10. data/lib/casserver/authenticators/authlogic_crypto_providers/bcrypt.rb +92 -0
  11. data/lib/casserver/authenticators/authlogic_crypto_providers/md5.rb +34 -0
  12. data/lib/casserver/authenticators/authlogic_crypto_providers/sha1.rb +59 -0
  13. data/lib/casserver/authenticators/authlogic_crypto_providers/sha512.rb +50 -0
  14. data/lib/casserver/authenticators/base.rb +67 -0
  15. data/lib/casserver/authenticators/client_certificate.rb +47 -0
  16. data/lib/casserver/authenticators/google.rb +58 -0
  17. data/lib/casserver/authenticators/ldap.rb +147 -0
  18. data/lib/casserver/authenticators/ntlm.rb +88 -0
  19. data/lib/casserver/authenticators/open_id.rb +22 -0
  20. data/lib/casserver/authenticators/sql.rb +133 -0
  21. data/lib/casserver/authenticators/sql_authlogic.rb +93 -0
  22. data/lib/casserver/authenticators/sql_encrypted.rb +77 -0
  23. data/lib/casserver/authenticators/sql_md5.rb +19 -0
  24. data/lib/casserver/authenticators/sql_rest_auth.rb +85 -0
  25. data/lib/casserver/authenticators/tacc.rb +67 -0
  26. data/lib/casserver/authenticators/test.rb +21 -0
  27. data/lib/casserver/cas.rb +327 -0
  28. data/lib/casserver/localization.rb +91 -0
  29. data/lib/casserver/model.rb +269 -0
  30. data/lib/casserver/server.rb +623 -0
  31. data/lib/casserver/utils.rb +32 -0
  32. data/lib/casserver/views/_login_form.erb +41 -0
  33. data/lib/casserver/views/layout.erb +17 -0
  34. data/lib/casserver/views/login.erb +29 -0
  35. data/lib/casserver/views/proxy.builder +11 -0
  36. data/lib/casserver/views/proxy_validate.builder +26 -0
  37. data/lib/casserver/views/service_validate.builder +19 -0
  38. data/lib/casserver/views/validate.erb +1 -0
  39. data/po/de_DE/rubycas-server.po +127 -0
  40. data/po/es_ES/rubycas-server.po +123 -0
  41. data/po/fr_FR/rubycas-server.po +128 -0
  42. data/po/ja_JP/rubycas-server.po +126 -0
  43. data/po/pl_PL/rubycas-server.po +123 -0
  44. data/po/pt_BR/rubycas-server.po +123 -0
  45. data/po/ru_RU/rubycas-server.po +118 -0
  46. data/po/rubycas-server.pot +112 -0
  47. data/po/zh_CN/rubycas-server.po +113 -0
  48. data/po/zh_TW/rubycas-server.po +113 -0
  49. data/public/themes/cas.css +121 -0
  50. data/public/themes/notice.png +0 -0
  51. data/public/themes/ok.png +0 -0
  52. data/public/themes/simple/bg.png +0 -0
  53. data/public/themes/simple/favicon.png +0 -0
  54. data/public/themes/simple/login_box_bg.png +0 -0
  55. data/public/themes/simple/logo.png +0 -0
  56. data/public/themes/simple/theme.css +28 -0
  57. data/public/themes/tadnet/bg.png +0 -0
  58. data/public/themes/tadnet/button.png +0 -0
  59. data/public/themes/tadnet/favicon.png +0 -0
  60. data/public/themes/tadnet/login_box_bg.png +0 -0
  61. data/public/themes/tadnet/logo.png +0 -0
  62. data/public/themes/tadnet/theme.css +55 -0
  63. data/public/themes/urbacon/bg.png +0 -0
  64. data/public/themes/urbacon/login_box_bg.png +0 -0
  65. data/public/themes/urbacon/logo.png +0 -0
  66. data/public/themes/urbacon/theme.css +33 -0
  67. data/public/themes/warning.png +0 -0
  68. data/resources/config.example.yml +574 -0
  69. data/resources/config.ru +42 -0
  70. data/resources/custom_views.example.rb +11 -0
  71. data/resources/init.d.sh +58 -0
  72. data/rubycas-server.gemspec +40 -0
  73. data/setup.rb +1585 -0
  74. data/spec/alt_config.yml +46 -0
  75. data/spec/casserver_spec.rb +114 -0
  76. data/spec/default_config.yml +46 -0
  77. data/spec/spec.opts +4 -0
  78. data/spec/spec_helper.rb +89 -0
  79. data/tasks/bundler.rake +4 -0
  80. data/tasks/db/migrate.rake +12 -0
  81. data/tasks/localization.rake +13 -0
  82. data/tasks/spec.rake +10 -0
  83. metadata +172 -0
@@ -0,0 +1,67 @@
1
+ require 'casserver/authenticators/base'
2
+ require 'activeresource'
3
+
4
+ require 'openssl'
5
+ require 'digest/sha2'
6
+ require 'base64'
7
+
8
+ module TaccEncryption
9
+
10
+ KEY = Digest::SHA256.hexdigest('T4CcUs3R-C3|\|TR41A|_|Th')
11
+
12
+ def self.encrypt(text)
13
+ Base64.encode64(aes(:encrypt, KEY, text))
14
+ end
15
+
16
+ def self.decrypt(crypted_text)
17
+ aes(:decrypt, KEY, Base64.decode64(crypted_text))
18
+ end
19
+
20
+ private
21
+
22
+ def self.aes(m,k,t)
23
+ (aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc').send(m)).key = Digest::SHA256.digest(k)
24
+ aes.update(t) << aes.final
25
+ end
26
+
27
+ end
28
+
29
+ class TaccUser < ActiveResource::Base
30
+ self.collection_name = 'users'
31
+ self.timeout = 5
32
+
33
+ def self.find_by_email(email)
34
+ if u = self.find(:all, :params => { :email => email }).first
35
+ return self.find(u.id)
36
+ else
37
+ return nil
38
+ end
39
+ end
40
+
41
+ def authenticate(password)
42
+ begin
43
+ return true if self.put(:authenticate, :password => TaccEncryption.encrypt(password))
44
+ rescue
45
+ return false
46
+ end
47
+ end
48
+
49
+ end
50
+
51
+ class CASServer::Authenticators::Tacc < CASServer::Authenticators::Base
52
+
53
+ def validate(credentials)
54
+ raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't been configured" unless @options
55
+
56
+ TaccUser.site = @options[:site]
57
+
58
+ read_standard_credentials(credentials) # Sets @username and @password
59
+
60
+ @user = TaccUser.find_by_email(@username)
61
+ raise CASServer::AuthenticatorError, "User not found" if @user.nil?
62
+
63
+ return @user.authenticate(@password)
64
+
65
+ end
66
+ end
67
+
@@ -0,0 +1,21 @@
1
+ require 'casserver/authenticators/base'
2
+
3
+ # Dummy authenticator used for testing.
4
+ # Accepts any username as valid as long as the password is "testpassword"; otherwise authentication fails.
5
+ # Raises an AuthenticationError when username is "do_error" (this is useful to test the Exception
6
+ # handling functionality).
7
+ class CASServer::Authenticators::Test < CASServer::Authenticators::Base
8
+ def validate(credentials)
9
+ read_standard_credentials(credentials)
10
+
11
+ raise CASServer::AuthenticatorError, "Username is 'do_error'!" if @username == 'do_error'
12
+
13
+ @extra_attributes[:test_string] = "testing!"
14
+ @extra_attributes[:test_numeric] = 123.45
15
+ @extra_attributes[:test_serialized] = {:foo => 'bar', :alpha => [1,2,3]}
16
+
17
+ valid_password = options[:password] || "testpassword"
18
+
19
+ return @password == valid_password
20
+ end
21
+ end
@@ -0,0 +1,327 @@
1
+ require 'uri'
2
+ require 'net/https'
3
+
4
+ require 'casserver/model'
5
+
6
+ # Encapsulates CAS functionality. This module is meant to be included in
7
+ # the CASServer::Controllers module.
8
+ module CASServer::CAS
9
+
10
+ include CASServer::Model
11
+
12
+ def generate_login_ticket
13
+ # 3.5 (login ticket)
14
+ lt = LoginTicket.new
15
+ lt.ticket = "LT-" + CASServer::Utils.random_string
16
+
17
+ lt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
18
+ lt.save!
19
+ $LOG.debug("Generated login ticket '#{lt.ticket}' for client" +
20
+ " at '#{lt.client_hostname}'")
21
+ lt
22
+ end
23
+
24
+ # Creates a TicketGrantingTicket for the given username. This is done when the user logs in
25
+ # for the first time to establish their SSO session (after their credentials have been validated).
26
+ #
27
+ # The optional 'extra_attributes' parameter takes a hash of additional attributes
28
+ # that will be sent along with the username in the CAS response to subsequent
29
+ # validation requests from clients.
30
+ def generate_ticket_granting_ticket(username, extra_attributes = {})
31
+ # 3.6 (ticket granting cookie/ticket)
32
+ tgt = TicketGrantingTicket.new
33
+ tgt.ticket = "TGC-" + CASServer::Utils.random_string
34
+ tgt.username = username
35
+ tgt.extra_attributes = extra_attributes
36
+ tgt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
37
+ tgt.save!
38
+ $LOG.debug("Generated ticket granting ticket '#{tgt.ticket}' for user" +
39
+ " '#{tgt.username}' at '#{tgt.client_hostname}'" +
40
+ (extra_attributes.blank? ? "" : " with extra attributes #{extra_attributes.inspect}"))
41
+ tgt
42
+ end
43
+
44
+ def generate_service_ticket(service, username, tgt)
45
+ # 3.1 (service ticket)
46
+ st = ServiceTicket.new
47
+ st.ticket = "ST-" + CASServer::Utils.random_string
48
+ st.service = service
49
+ st.username = username
50
+ st.granted_by_tgt_id = tgt.id
51
+ st.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
52
+ st.save!
53
+ $LOG.debug("Generated service ticket '#{st.ticket}' for service '#{st.service}'" +
54
+ " for user '#{st.username}' at '#{st.client_hostname}'")
55
+ st
56
+ end
57
+
58
+ def generate_proxy_ticket(target_service, pgt)
59
+ # 3.2 (proxy ticket)
60
+ pt = ProxyTicket.new
61
+ pt.ticket = "PT-" + CASServer::Utils.random_string
62
+ pt.service = target_service
63
+ pt.username = pgt.service_ticket.username
64
+ pt.granted_by_pgt_id = pgt.id
65
+ pt.granted_by_tgt_id = pgt.service_ticket.granted_by_tgt.id
66
+ pt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
67
+ pt.save!
68
+ $LOG.debug("Generated proxy ticket '#{pt.ticket}' for target service '#{pt.service}'" +
69
+ " for user '#{pt.username}' at '#{pt.client_hostname}' using proxy-granting" +
70
+ " ticket '#{pgt.ticket}'")
71
+ pt
72
+ end
73
+
74
+ def generate_proxy_granting_ticket(pgt_url, st)
75
+ uri = URI.parse(pgt_url)
76
+ https = Net::HTTP.new(uri.host,uri.port)
77
+ https.use_ssl = true
78
+
79
+ # Here's what's going on here:
80
+ #
81
+ # 1. We generate a ProxyGrantingTicket (but don't store it in the database just yet)
82
+ # 2. Deposit the PGT and it's associated IOU at the proxy callback URL.
83
+ # 3. If the proxy callback URL responds with HTTP code 200, store the PGT and return it;
84
+ # otherwise don't save it and return nothing.
85
+ #
86
+ https.start do |conn|
87
+ path = uri.path.empty? ? '/' : uri.path
88
+ path += '?' + uri.query unless (uri.query.nil? || uri.query.empty?)
89
+
90
+ pgt = ProxyGrantingTicket.new
91
+ pgt.ticket = "PGT-" + CASServer::Utils.random_string(60)
92
+ pgt.iou = "PGTIOU-" + CASServer::Utils.random_string(57)
93
+ pgt.service_ticket_id = st.id
94
+ pgt.client_hostname = @env['HTTP_X_FORWARDED_FOR'] || @env['REMOTE_HOST'] || @env['REMOTE_ADDR']
95
+
96
+ # FIXME: The CAS protocol spec says to use 'pgt' as the parameter, but in practice
97
+ # the JA-SIG and Yale server implementations use pgtId. We'll go with the
98
+ # in-practice standard.
99
+ path += (uri.query.nil? || uri.query.empty? ? '?' : '&') + "pgtId=#{pgt.ticket}&pgtIou=#{pgt.iou}"
100
+
101
+ response = conn.request_get(path)
102
+ # TODO: follow redirects... 2.5.4 says that redirects MAY be followed
103
+ # NOTE: The following response codes are valid according to the JA-SIG implementation even without following redirects
104
+
105
+ if %w(200 202 301 302 304).include?(response.code)
106
+ # 3.4 (proxy-granting ticket IOU)
107
+ pgt.save!
108
+ $LOG.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}"
109
+ pgt
110
+ else
111
+ $LOG.warn "PGT callback server responded with a bad result code '#{response.code}'. PGT will not be stored."
112
+ nil
113
+ end
114
+ end
115
+ end
116
+
117
+ def validate_login_ticket(ticket)
118
+ $LOG.debug("Validating login ticket '#{ticket}'")
119
+
120
+ success = false
121
+ if ticket.nil?
122
+ error = _("Your login request did not include a login ticket. There may be a problem with the authentication system.")
123
+ $LOG.warn "Missing login ticket."
124
+ elsif lt = LoginTicket.find_by_ticket(ticket)
125
+ if lt.consumed?
126
+ error = _("The login ticket you provided has already been used up. Please try logging in again.")
127
+ $LOG.warn "Login ticket '#{ticket}' previously used up"
128
+ elsif Time.now - lt.created_on < settings.config[:maximum_unused_login_ticket_lifetime]
129
+ $LOG.info "Login ticket '#{ticket}' successfully validated"
130
+ else
131
+ error = _("You took too long to enter your credentials. Please try again.")
132
+ $LOG.warn "Expired login ticket '#{ticket}'"
133
+ end
134
+ else
135
+ error = _("The login ticket you provided is invalid. There may be a problem with the authentication system.")
136
+ $LOG.warn "Invalid login ticket '#{ticket}'"
137
+ end
138
+
139
+ lt.consume! if lt
140
+
141
+ error
142
+ end
143
+
144
+ def validate_ticket_granting_ticket(ticket)
145
+ $LOG.debug("Validating ticket granting ticket '#{ticket}'")
146
+
147
+ if ticket.nil?
148
+ error = "No ticket granting ticket given."
149
+ $LOG.debug error
150
+ elsif tgt = TicketGrantingTicket.find_by_ticket(ticket)
151
+ if settings.config[:expire_sessions] && Time.now - tgt.created_on > settings.config[:ticket_granting_ticket_expiry]
152
+ error = "Your session has expired. Please log in again."
153
+ $LOG.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' expired."
154
+ else
155
+ $LOG.info "Ticket granting ticket '#{ticket}' for user '#{tgt.username}' successfully validated."
156
+ end
157
+ else
158
+ error = "Invalid ticket granting ticket '#{ticket}' (no matching ticket found in the database)."
159
+ $LOG.warn(error)
160
+ end
161
+
162
+ [tgt, error]
163
+ end
164
+
165
+ def validate_service_ticket(service, ticket, allow_proxy_tickets = false)
166
+ $LOG.debug "Validating service/proxy ticket '#{ticket}' for service '#{service}'"
167
+
168
+ if service.nil? or ticket.nil?
169
+ error = Error.new(:INVALID_REQUEST, "Ticket or service parameter was missing in the request.")
170
+ $LOG.warn "#{error.code} - #{error.message}"
171
+ elsif st = ServiceTicket.find_by_ticket(ticket)
172
+ if st.consumed?
173
+ error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has already been used up.")
174
+ $LOG.warn "#{error.code} - #{error.message}"
175
+ elsif st.kind_of?(CASServer::Model::ProxyTicket) && !allow_proxy_tickets
176
+ error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' is a proxy ticket, but only service tickets are allowed here.")
177
+ $LOG.warn "#{error.code} - #{error.message}"
178
+ elsif Time.now - st.created_on > settings.config[:maximum_unused_service_ticket_lifetime]
179
+ error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' has expired.")
180
+ $LOG.warn "Ticket '#{ticket}' has expired."
181
+ elsif !st.matches_service? service
182
+ error = Error.new(:INVALID_SERVICE, "The ticket '#{ticket}' belonging to user '#{st.username}' is valid,"+
183
+ " but the requested service '#{service}' does not match the service '#{st.service}' associated with this ticket.")
184
+ $LOG.warn "#{error.code} - #{error.message}"
185
+ else
186
+ $LOG.info("Ticket '#{ticket}' for service '#{service}' for user '#{st.username}' successfully validated.")
187
+ end
188
+ else
189
+ error = Error.new(:INVALID_TICKET, "Ticket '#{ticket}' not recognized.")
190
+ $LOG.warn("#{error.code} - #{error.message}")
191
+ end
192
+
193
+ if st
194
+ st.consume!
195
+ end
196
+
197
+
198
+ [st, error]
199
+ end
200
+
201
+ def validate_proxy_ticket(service, ticket)
202
+ pt, error = validate_service_ticket(service, ticket, true)
203
+
204
+ if pt.kind_of?(CASServer::Model::ProxyTicket) && !error
205
+ if not pt.granted_by_pgt
206
+ error = Error.new(:INTERNAL_ERROR, "Proxy ticket '#{pt}' belonging to user '#{pt.username}' is not associated with a proxy granting ticket.")
207
+ elsif not pt.granted_by_pgt.service_ticket
208
+ error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{pt.granted_by_pgt}'"+
209
+ " (associated with proxy ticket '#{pt}' and belonging to user '#{pt.username}' is not associated with a service ticket.")
210
+ end
211
+ end
212
+
213
+ [pt, error]
214
+ end
215
+
216
+ def validate_proxy_granting_ticket(ticket)
217
+ if ticket.nil?
218
+ error = Error.new(:INVALID_REQUEST, "pgt parameter was missing in the request.")
219
+ $LOG.warn("#{error.code} - #{error.message}")
220
+ elsif pgt = ProxyGrantingTicket.find_by_ticket(ticket)
221
+ if pgt.service_ticket
222
+ $LOG.info("Proxy granting ticket '#{ticket}' belonging to user '#{pgt.service_ticket.username}' successfully validated.")
223
+ else
224
+ error = Error.new(:INTERNAL_ERROR, "Proxy granting ticket '#{ticket}' is not associated with a service ticket.")
225
+ $LOG.error("#{error.code} - #{error.message}")
226
+ end
227
+ else
228
+ error = Error.new(:BAD_PGT, "Invalid proxy granting ticket '#{ticket}' (no matching ticket found in the database).")
229
+ $LOG.warn("#{error.code} - #{error.message}")
230
+ end
231
+
232
+ [pgt, error]
233
+ end
234
+
235
+ # Takes an existing ServiceTicket object (presumably pulled from the database)
236
+ # and sends a POST with logout information to the service that the ticket
237
+ # was generated for.
238
+ #
239
+ # This makes possible the "single sign-out" functionality added in CAS 3.1.
240
+ # See http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out
241
+ def send_logout_notification_for_service_ticket(st)
242
+ uri = URI.parse(st.service)
243
+ http = Net::HTTP.new(uri.host, uri.port)
244
+ #http.use_ssl = true if uri.scheme = 'https'
245
+
246
+ time = Time.now
247
+ rand = CASServer::Utils.random_string
248
+
249
+ path = uri.path
250
+ path = '/' if path.empty?
251
+
252
+ req = Net::HTTP::Post.new(path)
253
+ req.set_form_data(
254
+ 'logoutRequest' => %{<samlp:LogoutRequest ID="#{rand}" Version="2.0" IssueInstant="#{time.rfc2822}">
255
+ <saml:NameID></saml:NameID>
256
+ <samlp:SessionIndex>#{st.ticket}</samlp:SessionIndex>
257
+ </samlp:LogoutRequest>}
258
+ )
259
+
260
+ begin
261
+ http.start do |conn|
262
+ response = conn.request(req)
263
+
264
+ if response.kind_of? Net::HTTPSuccess
265
+ $LOG.info "Logout notification successfully posted to #{st.service.inspect}."
266
+ return true
267
+ else
268
+ $LOG.error "Service #{st.service.inspect} responed to logout notification with code '#{response.code}'!"
269
+ return false
270
+ end
271
+ end
272
+ rescue Exception => e
273
+ $LOG.error "Failed to send logout notification to service #{st.service.inspect} due to #{e}"
274
+ return false
275
+ end
276
+ end
277
+
278
+ def service_uri_with_ticket(service, st)
279
+ raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? CASServer::Model::ServiceTicket
280
+
281
+ # This will choke with a URI::InvalidURIError if service URI is not properly URI-escaped...
282
+ # This exception is handled further upstream (i.e. in the controller).
283
+ service_uri = URI.parse(service)
284
+
285
+ if service.include? "?"
286
+ if service_uri.query.empty?
287
+ query_separator = ""
288
+ else
289
+ query_separator = "&"
290
+ end
291
+ else
292
+ query_separator = "?"
293
+ end
294
+
295
+ service_with_ticket = service + query_separator + "ticket=" + st.ticket
296
+ service_with_ticket
297
+ end
298
+
299
+ # Strips CAS-related parameters from a service URL and normalizes it,
300
+ # removing trailing / and ?. Also converts any spaces to +.
301
+ #
302
+ # For example, "http://google.com?ticket=12345" will be returned as
303
+ # "http://google.com". Also, "http://google.com/" would be returned as
304
+ # "http://google.com".
305
+ #
306
+ # Note that only the first occurance of each CAS-related parameter is
307
+ # removed, so that "http://google.com?ticket=12345&ticket=abcd" would be
308
+ # returned as "http://google.com?ticket=abcd".
309
+ def clean_service_url(dirty_service)
310
+ return dirty_service if dirty_service.blank?
311
+ clean_service = dirty_service.dup
312
+ ['service', 'ticket', 'gateway', 'renew'].each do |p|
313
+ clean_service.sub!(Regexp.new("&?#{p}=[^&]*"), '')
314
+ end
315
+
316
+ clean_service.gsub!(/[\/\?&]$/, '') # remove trailing ?, /, or &
317
+ clean_service.gsub!('?&', '?')
318
+ clean_service.gsub!(' ', '+')
319
+
320
+ $LOG.debug("Cleaned dirty service URL #{dirty_service.inspect} to #{clean_service.inspect}") if
321
+ dirty_service != clean_service
322
+
323
+ return clean_service
324
+ end
325
+ module_function :clean_service_url
326
+
327
+ end
@@ -0,0 +1,91 @@
1
+ require "gettext"
2
+ require "gettext/cgi"
3
+ require 'active_support'
4
+
5
+ module CASServer
6
+ module Localization
7
+ def self.included(mod)
8
+ mod.module_eval do
9
+ include GetText
10
+ end
11
+ end
12
+
13
+ include GetText
14
+ bindtextdomain("rubycas-server", :path => File.join(File.dirname(File.expand_path(__FILE__)), "../../locale"))
15
+
16
+ def determine_locale(request)
17
+ source = nil
18
+ lang = case
19
+ when !request.params['lang'].blank?
20
+ source = "'lang' request variable"
21
+ request.cookies['lang'] = request.params['lang']
22
+ request.params['lang']
23
+ when !request.cookies['lang'].blank?
24
+ source = "'lang' cookie"
25
+ request.cookies['lang']
26
+ when !request.env['HTTP_ACCEPT_LANGUAGE'].blank?
27
+ source = "'HTTP_ACCEPT_LANGUAGE' header"
28
+ lang = request.env['HTTP_ACCEPT_LANGUAGE']
29
+ when !request.env['HTTP_USER_AGENT'].blank? && request.env['HTTP_USER_AGENT'] =~ /[^a-z]([a-z]{2}(-[a-z]{2})?)[^a-z]/i
30
+ source = "'HTTP_USER_AGENT' header"
31
+ $~[1]
32
+ # when !$CONF['default_locale'].blank?
33
+ # source = "'default_locale' config option"
34
+ # $CONF[:default_locale]
35
+ else
36
+ source = "default"
37
+ "en"
38
+ end
39
+
40
+ $LOG.debug "Detected locale is #{lang.inspect} (from #{source})"
41
+
42
+ lang.gsub!('_','-')
43
+
44
+ # TODO: Need to confirm that this method of splitting the accepted
45
+ # language string is correct.
46
+ if lang =~ /[,;\|]/
47
+ langs = lang.split(/[,;\|]/)
48
+ else
49
+ langs = [lang]
50
+ end
51
+
52
+ # TODO: This method of selecting the desired language might not be
53
+ # standards-compliant. For example, http://www.w3.org/TR/ltli/
54
+ # suggests that de-de and de-*-DE might be acceptable identifiers
55
+ # for selecting various wildcards. The algorithm below does not
56
+ # currently support anything like this.
57
+
58
+ available = available_locales
59
+
60
+ if available.length == 1
61
+ $LOG.warn "Only the #{available.first.inspect} localization is available. You should run `rake localization:mo` to compile support for additional languages!"
62
+ elsif available.length == 0 # this should never actually happen
63
+ $LOG.error "No localizations available! Run `rake localization:mo` to compile support for additional languages."
64
+ end
65
+
66
+ # Try to pick a locale exactly matching the desired identifier, otherwise
67
+ # fall back to locale without region (i.e. given "en-US; de-DE", we would
68
+ # first look for "en-US", then "en", then "de-DE", then "de").
69
+
70
+ chosen_lang = nil
71
+ langs.each do |l|
72
+ a = available.find{ |a| a =~ Regexp.new("\\A#{l}\\Z", 'i') ||
73
+ a =~ Regexp.new("#{l}-\w*", 'i') }
74
+ if a
75
+ chosen_lang = a
76
+ break
77
+ end
78
+ end
79
+
80
+ chosen_lang = "en" if chosen_lang.blank?
81
+
82
+ $LOG.debug "Chosen locale is #{chosen_lang.inspect}"
83
+
84
+ return chosen_lang
85
+ end
86
+
87
+ def available_locales
88
+ (Dir.glob(File.join(File.dirname(File.expand_path(__FILE__)), "../../locale/[a-z]*")).map{|path| File.basename(path)} << "en").uniq.collect{|l| l.gsub('_','-')}
89
+ end
90
+ end
91
+ end