Class | CASServer::Authenticators::SQLEncrypted |
In: |
lib/casserver/authenticators/sql_encrypted.rb
|
Parent: | CASServer::Authenticators::SQL |
This is a more secure version of the SQL authenticator. Passwords are encrypted rather than being stored in plain text.
Based on code contributed by Ben Mabey.
Using this authenticator requires some configuration on the client side. Please see code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
# File lib/casserver/authenticators/sql_encrypted.rb, line 41 41: def self.setup(options) 42: super(options) 43: user_model.__send__(:include, EncryptedPassword) 44: end
# File lib/casserver/authenticators/sql_encrypted.rb, line 46 46: def validate(credentials) 47: read_standard_credentials(credentials) 48: raise_if_not_configured 49: 50: user_model = self.class.user_model 51: 52: username_column = @options[:username_column] || "username" 53: encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")' 54: 55: $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}" 56: results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username]) 57: user_model.connection_pool.checkin(user_model.connection) 58: 59: if results.size > 0 60: $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1 61: user = results.first 62: unless @options[:extra_attributes].blank? 63: if results.size > 1 64: $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}") 65: else 66: extract_extra(user) 67: log_extra 68: end 69: end 70: return eval(encrypt_function) 71: else 72: return false 73: end 74: end