Class: CASServer::Authenticators::SQLEncrypted
- Defined in:
- lib/casserver/authenticators/sql_encrypted.rb
Overview
This is a more secure version of the SQL authenticator. Passwords are encrypted rather than being stored in plain text.
Based on code contributed by Ben Mabey.
Using this authenticator requires some configuration on the client side. Please see code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
Direct Known Subclasses
Defined Under Namespace
Modules: EncryptedPassword
Instance Attribute Summary
Attributes inherited from Base
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from SQL
Methods inherited from Base
Class Method Details
.setup(options) ⇒ Object
41 42 43 44 |
# File 'lib/casserver/authenticators/sql_encrypted.rb', line 41 def self.setup() super() user_model.__send__(:include, EncryptedPassword) end |
Instance Method Details
#validate(credentials) ⇒ Object
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/casserver/authenticators/sql_encrypted.rb', line 46 def validate(credentials) read_standard_credentials(credentials) raise_if_not_configured user_model = self.class.user_model username_column = @options[:username_column] || "username" encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")' $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}" results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username]) user_model.connection_pool.checkin(user_model.connection) if results.size > 0 $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1 user = results.first unless @options[:extra_attributes].blank? if results.size > 1 $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}") else extract_extra(user) log_extra end end return eval(encrypt_function) else return false end end |