Class: CASServer::Authenticators::SQLEncrypted

Inherits:

Base

• Object
• Base
• CASServer::Authenticators::SQLEncrypted

Defined in:

lib/casserver/authenticators/sql_encrypted.rb

Overview

This is a more secure version of the SQL authenticator. Passwords are encrypted rather than being stored in plain text.

Based on code contributed by Ben Mabey.

Using this authenticator requires some configuration on the client side. Please see code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator

Direct Known Subclasses

SQLRestAuth

Defined Under Namespace

Modules: EncryptedPassword

Instance Attribute Summary

Attributes inherited from Base

#options, #username

Instance Method Summary

• #validate(credentials) ⇒ Object

Methods inherited from Base

#configure, #extra_attributes

Instance Method Details

#validate(credentials) ⇒ Object

Raises:

• (CASServer::AuthenticatorError)

# File 'lib/casserver/authenticators/sql_encrypted.rb', line 25

def validate(credentials)
  read_standard_credentials(credentials)

  raise CASServer::AuthenticatorError, "Cannot validate credentials because the authenticator hasn't yet been configured" unless @options

  user_model = establish_database_connection_if_necessary

  username_column = @options[:username_column] || "username"
  encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")'

  results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username])

  if results.size > 0
    $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1
    user = results.first
    return eval(encrypt_function)
  else
    return false
  end
end