Class: CASServer::Authenticators::SQLEncrypted

Inherits:
SQL
  • Object
show all
Defined in:
lib/casserver/authenticators/sql_encrypted.rb

Overview

This is a more secure version of the SQL authenticator. Passwords are encrypted rather than being stored in plain text.

Based on code contributed by Ben Mabey.

Using this authenticator requires some configuration on the client side. Please see code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator

Direct Known Subclasses

SQLRestAuth

Defined Under Namespace

Modules: EncryptedPassword

Instance Attribute Summary

Attributes inherited from Base

#options, #username

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from SQL

user_model

Methods inherited from Base

#configure, #extra_attributes

Class Method Details

.setup(options) ⇒ Object



41
42
43
44
# File 'lib/casserver/authenticators/sql_encrypted.rb', line 41

def self.setup(options)
  super(options)
  user_model.__send__(:include, EncryptedPassword)
end

Instance Method Details

#validate(credentials) ⇒ Object



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/casserver/authenticators/sql_encrypted.rb', line 46

def validate(credentials)
  read_standard_credentials(credentials)
  raise_if_not_configured

  user_model = self.class.user_model

  username_column = @options[:username_column] || "username"
  encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")'

  $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}"
  results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username])
  user_model.connection_pool.checkin(user_model.connection)
  
  if results.size > 0
    $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1
    user = results.first
    unless @options[:extra_attributes].blank?
      if results.size > 1
        $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}")
      else
        extract_extra(user)
            log_extra
      end
    end
    return eval(encrypt_function)
  else
    return false
  end
end