Class: CASServer::Authenticators::SQLAuthlogic

Inherits:
SQL
  • Object
show all
Defined in:
lib/casserver/authenticators/sql_authlogic.rb

Overview

authenticator:

class: CASServer::Authenticators::SQLAuthlogic
database:
  adapter: mysql
  database: some_database_with_users_table
  user: root
  password:
  server: localhost
user_table: user
username_column: login
password_column: crypted_password
salt_column: password_salt
encryptor: BCrypt

Instance Attribute Summary

Attributes inherited from Base

#options, #username

Instance Method Summary collapse

Methods inherited from Base

#configure, #extra_attributes

Instance Method Details

#validate(credentials) ⇒ Object

Raises:



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/casserver/authenticators/sql_authlogic.rb', line 45

def validate(credentials)
  read_standard_credentials(credentials)

  raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options

  user_model = establish_database_connection_if_necessary

  username_column = @options[:username_column] || "login"
  password_column = @options[:password_column] || "crypted_password"
  salt_column = @options[:salt_column]
  results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username])

  begin
    encryptor = eval("Authlogic::CryptoProviders::" + @options[:encryptor] || "Sha512")
  rescue
    encryptor = Authlogic::CryptoProviders::Sha512
  end

  if results.size > 0
    $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1
    user = results.first
    tokens = [@password, (not salt_column.nil?) && user.send(salt_column) || nil].compact
    crypted = user.send(password_column)

    unless @options[:extra_attributes].blank?
      if results.size > 1
        $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}")
      else

        @extra_attributes = {}
        extra_attributes_to_extract.each do |col|
          @extra_attributes[col] = user.send(col)
        end

        if @extra_attributes.empty?
          $LOG.warn("#{self.class}: Did not read any extra_attributes for user #{@username.inspect} even though an :extra_attributes option was provided.")
        else
          $LOG.debug("#{self.class}: Read the following extra_attributes for user #{@username.inspect}: #{@extra_attributes.inspect}")
        end
      end
    end

    return encryptor.matches?(crypted, tokens)
  else
    return false
  end
end