Class: CASServer::Authenticators::SQL

Inherits:
Base
  • Object
show all
Defined in:
lib/casserver/authenticators/sql.rb

Overview

Authenticates against a plain SQL table.

This assumes that all of your users are stored in a table that has a ‘username’ column and a ‘password’ column. When the user logs in, CAS conects to the database and looks for a matching username/password in the users table. If a matching username and password is found, authentication is successful.

Any database backend supported by ActiveRecord can be used.

Config example:

authenticator:
  class: CASServer::Authenticators::SQL
  database:
    adapter: mysql
    database: some_database_with_users_table
    username: root
    password:
    server: localhost
  user_table: users
  username_column: username
  password_column: password

When replying to a CAS client’s validation request, the server will normally provide the client with the authenticated user’s username. However it is now possible for the server to provide the client with additional attributes. You can configure the SQL authenticator to provide data from additional columns in the users table by listing the names of the columns under the ‘extra_attributes’ option. Note though that this functionality is experimental. It should work with RubyCAS-Client, but may or may not work with other CAS clients.

For example, with this configuration, the ‘full_name’ and ‘access_level’ columns will be provided to your CAS clients along with the username:

authenticator:
  class: CASServer::Authenticators::SQL
  database:
    adapter: mysql
    database: some_database_with_users_table
  user_table: users
  username_column: username
  password_column: password
  ignore_type_column: true # indicates if you want to ignore Single Table Inheritance 'type' field
  extra_attributes: full_name, access_level

Direct Known Subclasses

SQLAuthlogic, SQLEncrypted, SQLMd5

Instance Attribute Summary

Attributes inherited from Base

#options, #username

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#configure, #extra_attributes

Class Method Details

.setup(options) ⇒ Object



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/casserver/authenticators/sql.rb', line 57

def self.setup(options)
  raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless options[:database]

  user_model_name = "CASUser_#{options[:auth_index]}"
  $LOG.debug "CREATING USER MODEL #{user_model_name}"

  class_eval %{
    class #{user_model_name} < ActiveRecord::Base
    end
  }

  @user_model = const_get(user_model_name)
  @user_model.establish_connection(options[:database])
  @user_model.set_table_name(options[:user_table] || 'users')
  @user_model.inheritance_column = 'no_inheritance_column' if options[:ignore_type_column]
end

.user_modelObject



74
75
76
# File 'lib/casserver/authenticators/sql.rb', line 74

def self.user_model
  @user_model
end

Instance Method Details

#validate(credentials) ⇒ Object



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# File 'lib/casserver/authenticators/sql.rb', line 78

def validate(credentials)
  read_standard_credentials(credentials)
  raise_if_not_configured

  user_model = self.class.user_model

  username_column = @options[:username_column] || 'username'
  password_column = @options[:password_column] || 'password'
  
  $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}"
  results = user_model.find(:all, :conditions => ["#{username_column} = ? AND #{password_column} = ?", @username, @password])
  user_model.connection_pool.checkin(user_model.connection)
     
  if results.size > 0
    $LOG.warn("#{self.class}: Multiple matches found for user #{@username.inspect}") if results.size > 1
    
    unless @options[:extra_attributes].blank?
      if results.size > 1
        $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}")
      else
        user = results.first

        extract_extra(user)
        log_extra
      end
    end

    return true
  else
    return false
  end
end