wmernagh-rubycas-server 0.6.99.336

data/lib/casserver/postambles.rb

@@ -0,0 +1,174 @@
+module CASServer
+  module Postambles
+    
+    def webrick
+      require 'webrick/httpserver'
+      require 'webrick/https'
+      require 'camping/webrick'
+      
+      # TODO: verify the certificate's validity
+      # example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
+      
+      cert_path = CASServer::Conf.ssl_cert
+      key_path = CASServer::Conf.ssl_key || CASServer::Conf.ssl_cert
+        # look for the key in the ssl_cert if no ssl_key is specified
+      
+      webrick_options = {:BindAddress => "0.0.0.0", :Port => CASServer::Conf.port}
+      
+      unless cert_path.nil? && key_path.nil?
+        raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
+          " setting must be a path to a valid ssl certificate file." unless
+            File.exists? cert_path
+        
+        raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
+          " setting must be a path to a valid ssl private key file." unless
+            File.exists? key_path
+        
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        key = OpenSSL::PKey::RSA.new(File.read(key_path))
+        
+        webrick_options[:SSLEnable] = true
+        webrick_options[:SSLVerifyClient] = ::OpenSSL::SSL::VERIFY_NONE
+        webrick_options[:SSLCertificate] = cert
+        webrick_options[:SSLPrivateKey] = key
+      end
+      
+      begin
+        s = WEBrick::HTTPServer.new(webrick_options)
+      rescue Errno::EACCES
+        puts "\nThe server could not launch. Are you running on a privileged port? (e.g. port 443) If so, you must run the server as root."
+        exit 2
+      end
+      
+      CASServer.create
+      s.mount "#{CASServer::Conf.uri_path}", WEBrick::CampingHandler, CASServer
+      
+      puts "\n** CASServer is running at http#{webrick_options[:SSLEnable] ? 's' : ''}://#{Socket.gethostname}:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'\n\n"
+    
+      # This lets Ctrl+C shut down your server
+      trap(:INT) do
+        s.shutdown
+      end
+      trap(:TERM) do
+        s.shutdown
+      end
+    
+      if $DAEMONIZE
+        WEBrick::Daemon.start do
+          write_pid_file if $PID_FILE
+          s.start
+          clear_pid_file
+        end
+      else
+        s.start
+      end
+    end
+    
+    
+    
+    def mongrel
+      require 'rubygems'
+      require 'mongrel/camping'
+      
+      if $DAEMONIZE
+        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
+        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
+        check_pid_writable if $PID_FILE
+        check_log_writable
+      end
+      
+      CASServer.create
+      
+      puts "\n** CASServer is starting. Look in '#{CASServer::Conf.log[:file]}' for further notices."
+      
+      settings = {:host => "0.0.0.0", :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME}
+      
+      # need to close all IOs before daemonizing
+      $LOG.close if $DAEMONIZE
+      
+      begin
+        config = Mongrel::Configurator.new settings  do
+          daemonize :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
+          
+          listener :port => CASServer::Conf.port do
+            uri CASServer::Conf.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
+            setup_signals
+          end
+        end
+      rescue Errno::EADDRINUSE
+        exit 1
+      end
+      
+      config.run
+      
+      CASServer.init_logger
+      CASServer.init_db_logger
+      
+      if $DAEMONIZE && $PID_FILE
+        write_pid_file
+        unless File.exists? $PID_FILE
+          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
+          exit 1
+        end
+      end
+      
+      puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
+      config.join
+
+      clear_pid_file
+
+      puts "\n** CASServer is stopped (#{Time.now})"
+    end
+    
+    
+    def fastcgi
+      require 'camping/fastcgi'
+      Dir.chdir('/srv/www/camping/casserver/')
+      
+      CASServer.create
+      Camping::FastCGI.start(CASServer)
+    end
+    
+    
+    def cgi
+      CASServer.create
+      puts CASServer.run
+    end
+    
+    private
+    def check_log_writable
+      log_file = CASServer::Conf.log['file']
+      begin
+        f = open(log_file, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def check_pid_writable
+      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
+      begin        
+        f = open($PID_FILE, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def write_pid_file
+      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
+      open($PID_FILE, "w") { |file| file.write(Process.pid) }
+    end
+    
+    def clear_pid_file
+      if $PID_FILE && File.exists?($PID_FILE)
+        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
+        File.unlink $PID_FILE
+      end
+    end
+  
+  end
+end

data/lib/casserver/utils.rb

@@ -0,0 +1,30 @@
+# Misc utility function used throughout by the RubyCAS-server.
+module CASServer
+  module Utils
+    def random_string(max_length = 29)
+      rg =  Crypt::ISAAC.new
+      max = 4294619050
+      r = "#{Time.now.to_i}r%X%X%X%X%X%X%X%X" % 
+        [rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max), 
+         rg.rand(max), rg.rand(max), rg.rand(max), rg.rand(max)]
+      r[0..max_length-1]
+    end
+    module_function :random_string
+      
+    def log_controller_action(controller, params)
+      $LOG << "\n"
+      
+      /`(.*)'/.match(caller[1])
+      method = $~[1]
+      
+      if params.respond_to? :dup
+        params2 = params.dup
+        params2['password'] = '******' if params2['password']
+      else
+        params2 = params
+      end
+      $LOG.debug("Processing #{controller}::#{method} #{params2.inspect}")
+    end
+    module_function :log_controller_action
+  end
+end

data/lib/casserver/version.rb

@@ -0,0 +1,9 @@
+module CASServer
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 6
+    TINY  = 99
+
+    STRING = [MAJOR, MINOR, TINY].join('.')
+  end
+end

data/lib/casserver/views.rb

@@ -0,0 +1,243 @@
+# The #.#.# comments (e.g. "2.1.3") refer to section numbers in the CAS protocol spec
+# under http://www.ja-sig.org/products/cas/overview/protocol/index.html
+
+# need auto_validation off to render CAS responses and to use the autocomplete='off' property on password field
+Markaby::Builder.set(:auto_validation, false)
+
+# disabled XML indentation because it was causing problems with mod_auth_cas
+#Markaby::Builder.set(:indent, 2) 
+
+module CASServer::Views
+
+  def layout
+    # wrap as XHTML only when auto_validation is on, otherwise pass right through
+    if @use_layout
+      xhtml_strict do
+        head do 
+          title { "#{organization} Central Login" }
+          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/cas.css")
+          link(:rel => "stylesheet", :type => "text/css", :href => "/themes/#{current_theme}/theme.css")
+        end
+        body(:onload => "if (document.getElementById('username')) document.getElementById('username').focus()") do
+          self << yield 
+        end
+      end
+    else
+      self << yield
+    end
+  end
+
+
+  # 2.1.3
+  # The full login page.
+  def login
+    @use_layout = true
+    
+    table(:id => "login-box") do
+      tr do
+        td(:colspan => 2) do
+          div(:id => "headline-container") do
+            strong organization
+            text " Central Login"
+          end
+        end
+      end
+      if @message
+        tr do
+          td(:colspan => 2, :id => "messagebox-container") do
+            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
+          end
+        end
+      end
+      tr do
+        td(:id => "logo-container") do
+          img(:id => "logo", :src => "/themes/#{current_theme}/logo.png")
+        end
+        td(:id => "login-form-container") do
+          @include_infoline = true
+          login_form
+        end
+      end
+    end
+  end
+  
+  # Just the login form.
+  def login_form
+    form(:method => "post", :action => @form_action || '/login', :id => "login-form",
+        :onsubmit => "submitbutton = document.getElementById('login-submit'); submitbutton.value='Please wait...'; submitbutton.disabled=true; return true;") do
+      table(:id => "form-layout") do
+        tr do
+          td(:id => "username-label-container") do
+            label(:id => "username-label", :for => "username") { "Username" }
+          end
+          td(:id => "username-container") do
+            input(:type => "text", :id => "username", :name => "username",
+              :size => "32", :tabindex => "1", :accesskey => "u")
+          end
+        end
+        tr do
+          td(:id => "password-label-container") do
+            label(:id => "password-label", :for => "password") { "Password" }
+          end
+          td(:id => "password-container") do
+            input(:type => "password", :id => "password", :name => "password", 
+              :size => "32", :tabindex => "2", :accesskey => "p", :autocomplete => "off")
+          end
+        end
+        tr do
+          td{}
+          td(:id => "submit-container") do
+            input(:type => "hidden", :id => "lt", :name => "lt", :value => @lt)
+            input(:type => "hidden", :id => "service", :name => "service", :value => @service)
+            input(:type => "submit", :class => "button", :accesskey => "l", :value => "LOGIN", :tabindex => "4", :id => "login-submit")
+          end
+        end
+        tr do
+          td(:colspan => 2, :id => "infoline") { infoline }
+        end if @include_infoline
+      end
+    end
+  end
+  
+  # 2.3.2
+  def logout
+    @use_layout = true
+    
+    table(:id => "login-box") do
+      tr do
+        td(:colspan => 2) do
+          div(:id => "headline-container") do
+            strong organization
+            text " Central Login"
+          end
+        end
+      end
+      if @message
+        tr do
+          td(:colspan => 2, :id => "messagebox-container") do
+            div(:class => "messagebox #{@message[:type]}") { @message[:message] }
+            if @continue_url
+              p do
+                a(:href => @continue_url) { @continue_url }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+  
+  # 2.4.2
+  # CAS 1.0 validate response.
+  def validate
+    if @success
+      text "yes\n#{@username}\n"
+    else
+      text "no\n\n"
+    end
+  end
+  
+  # 2.5.2
+  # CAS 2.0 service validate response.
+  def service_validate
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationSuccess") do
+          tag!("cas:user") {@username.to_s.to_xs}
+          @extra_attributes.each do |key, value|
+            tag!(key) {serialize_extra_attribute(value)}
+          end
+          if @pgtiou
+            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
+          end
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  # 2.6.2
+  # CAS 2.0 proxy validate response.
+  def proxy_validate
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationSuccess") do
+          tag!("cas:user") {@username.to_s.to_xs}
+          @extra_attributes.each do |key, value|
+            tag!(key) {serialize_extra_attribute(value)}
+          end
+          if @pgtiou
+            tag!("cas:proxyGrantingTicket") {@pgtiou.to_s.to_xs}
+          end
+          if @proxies && !@proxies.empty?
+            tag!("cas:proxies") do
+              @proxies.each do |proxy_url|
+                tag!("cas:proxy") {proxy_url.to_s.to_xs}
+              end
+            end
+          end
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:authenticationFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  # 2.7.2
+  # CAS 2.0 proxy request response.
+  def proxy
+    if @success
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:proxySuccess") do
+          tag!("cas:proxyTicket") {@pt.to_s.to_xs}
+        end
+      end
+    else
+      tag!("cas:serviceResponse", 'xmlns:cas' => "http://www.yale.edu/tp/cas") do
+        tag!("cas:proxyFailure", :code => @error.code) {@error.to_s.to_xs}
+      end
+    end
+  end
+  
+  def configure
+  end
+  
+  protected
+    def themes_dir
+      File.dirname(File.expand_path(__FILE__))+'../themes'
+    end
+    module_function :themes_dir
+    
+    def current_theme
+      CASServer::Conf.theme || "simple"
+    end
+    module_function :current_theme
+    
+    def organization
+      CASServer::Conf.organization || ""
+    end
+    module_function :organization
+    
+    def infoline
+      CASServer::Conf.infoline || ""
+    end
+    module_function :infoline
+    
+    def serialize_extra_attribute(value)
+      if value.kind_of?(String) || value.kind_of?(Numeric)
+        value
+      else
+        "<![CDATA[#{value.to_yaml}]]>"
+      end
+    end
+    module_function :serialize_extra_attribute
+end
+
+if CASServer::Conf.custom_views_file
+  require CASServer::Conf.custom_views_file
+end

data/lib/casserver.rb

@@ -0,0 +1,111 @@
+$: << File.dirname(File.expand_path(__FILE__))
+require 'casserver/environment'
+
+$APP_PATH ||= File.dirname(File.expand_path(__FILE__))
+
+# change to current directory when invoked on its own
+Dir.chdir($APP_PATH) if __FILE__ == $0
+
+$: << $APP_PATH + "/../vendor/isaac_0.9.1"
+require 'crypt/ISAAC'
+
+
+require 'active_support'
+require 'yaml'
+
+
+# Camping.goes must be called after the authenticator class is loaded, otherwise weird things happen
+Camping.goes :CASServer
+
+$CONFIG_FILE ||= '/etc/rubycas-server/config.yml'
+
+# for some reason this makes JRuby happy
+class CASServer::Models::Base
+end
+
+CASServer.picnic!
+
+$CONF[:expire_sessions] ||= false
+$CONF[:login_ticket_expiry] ||= 5.minutes
+$CONF[:service_ticket_expiry] ||= 5.minutes # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
+$CONF[:proxy_granting_ticket_expiry] ||= 48.hours
+$CONF[:ticket_granting_ticket_expiry] ||= 48.hours
+$CONF[:log] ||= {:file => 'casserver.log', :level => 'DEBUG'}
+$CONF[:uri_path] ||= "/"
+
+unless $CONF[:authenticator]
+  $stderr.puts
+  $stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+  $stderr.puts
+  $stderr.puts "You have not yet defined an authenticator for your CAS server!"
+  $stderr.puts "Please consult your config file at #{$CONFIG_FILE.inspect} for details."
+  $stderr.puts
+  $stderr.puts "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+  exit 1
+end
+
+require 'casserver/utils'
+require 'casserver/models'
+require 'casserver/cas'
+require 'casserver/views'
+require 'casserver/controllers'
+
+if $CONF[:authenticator].instance_of? Array
+  $CONF[:authenticator].each_index do |auth_index| 
+    $CONF[:authenticator][auth_index] = HashWithIndifferentAccess.new($CONF[:authenticator][auth_index])
+  end
+end
+
+$AUTH = []
+begin
+  # attempt to instantiate the authenticator
+  if $CONF[:authenticator].instance_of? Array
+    $CONF[:authenticator].each { |authenticator| $AUTH << authenticator[:class].constantize.new}
+  else
+    $AUTH << $CONF[:authenticator][:class].constantize.new
+  end
+rescue NameError
+  if $CONF[:authenticator].instance_of? Array
+    $CONF[:authenticator].each do |authenticator|
+      if !authenticator[:source].nil?
+        # config.yml explicitly names source file
+        require authenticator[:source]
+      else
+        # the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
+        auth_rb = authenticator[:class].underscore.gsub('cas_server/', '')
+        require 'casserver/'+auth_rb
+      end
+      $AUTH << authenticator[:class].constantize.new
+    end
+  else
+    if !$CONF[:authenticator][:source].nil?
+      # config.yml explicitly names source file
+      require $CONF[:authenticator][:source]
+    else
+      # the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
+      auth_rb = $CONF[:authenticator][:class].underscore.gsub('cas_server/', '')
+      require 'casserver/'+auth_rb
+    end
+
+    $AUTH << $CONF[:authenticator][:class].constantize.new
+  end
+end
+
+$CONF[:public_dir] = {
+  :path => "/themes",
+  :dir  => File.expand_path(File.dirname(__FILE__))+"/themes"
+}
+
+def CASServer.create
+  $LOG.info "Creating RubyCAS-Server..."
+  CASServer::Models::Base.establish_connection(CASServer::Conf.database)
+  CASServer::Models.create_schema
+  
+  CASServer::Models::ServiceTicket.cleanup_expired(CASServer::Conf.service_ticket_expiry)
+  CASServer::Models::LoginTicket.cleanup_expired(CASServer::Conf.login_ticket_expiry)
+  CASServer::Models::ProxyGrantingTicket.cleanup_expired(CASServer::Conf.proxy_granting_ticket_expiry)
+  CASServer::Models::TicketGrantingTicket.cleanup_expired(CASServer::Conf.ticket_granting_ticket_expiry)
+end
+
+
+CASServer.start_picnic

data/lib/rubycas-server/version.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__)+'/../casserver/version.rb'

data/lib/rubycas-server.rb

@@ -0,0 +1 @@
+require 'lib/casserver'

data/lib/themes/cas.css

@@ -0,0 +1,121 @@
+* {
+	font-family: Verdana, sans-serif;
+}
+
+body {
+    text-align: center; /* hack for IE */
+}
+
+label {
+	font-weight: bold;
+	font-size: 9px;
+}
+
+input {
+	font-weight: normal;
+	font-size: 12px;
+}
+
+input.button {
+	/*font-weight: bold;*/
+	font-size: 10px;
+}
+
+#login-box {
+	margin: 0 auto;
+	width: 350px;
+	top: 130px;
+	position: relative;
+}
+
+#headline-container {
+	text-align: right;
+	border-bottom: 1px solid #899989;
+	font-family: Tahoma, Verdana, sans-serif;
+	font-size: 22px;
+	margin-right: 0px;
+	padding-right: 7px;
+	margin-left: 10px;
+	letter-spacing: -0.25px;
+}
+
+#logo-container {
+	vertical-align: top;
+}
+
+#logo {
+}
+
+#login-form-container {
+	vertical-align: top;
+}
+
+
+#username,
+#password {
+	width: 10em;
+}
+
+#login-form {
+	padding: 20px;
+}
+
+
+#form-layout {
+	position: relative;
+	top: 6px;
+	width: 100%;
+}
+
+#form-layout td {
+	text-align: center;
+	padding-bottom: 8px;
+}
+
+#form-layout td#submit-container {
+	text-align: right;
+	padding-right: 10px;
+}
+
+#infoline {
+	font-size: 9px;
+}
+
+#messagebox-container {
+	padding-left: 11px;
+	padding-right: 16px;
+}
+
+div.messagebox {
+	font-size: 12px;
+	padding: 5px;
+	padding-left: 55px;
+	text-align: center;
+	width: 70%;
+	min-height: 34px;
+	vertical-align: middle;
+}
+
+div.mistake {
+	color: #d00;
+	background-image: url(warning.png);
+	background-repeat: no-repeat;
+	background-position: 10px 5px;
+	font-weight: bold;
+}
+
+div.confirmation {
+	color: #280;
+	background-image: url(ok.png);
+	background-repeat: no-repeat;
+	background-position: 10px 5px;
+	font-weight: bold;
+}
+
+div.notice {
+	color: #04c;
+	background-image: url(notice.png);
+	background-repeat: no-repeat;
+	background-position: 10px 5px;
+	font-weight: bold;
+}