Class CASServer::Authenticators::SQLEncrypted
In: lib/casserver/authenticators/sql_encrypted.rb
Parent: CASServer::Authenticators::SQL

This is a more secure version of the SQL authenticator. Passwords are encrypted rather than being stored in plain text.

Based on code contributed by Ben Mabey.

Using this authenticator requires some configuration on the client side. Please see code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator

Methods

setup   validate  

Classes and Modules

Module CASServer::Authenticators::SQLEncrypted::EncryptedPassword

Public Class methods

[Source]

    # File lib/casserver/authenticators/sql_encrypted.rb, line 41
41:   def self.setup(options)
42:     super(options)
43:     user_model.__send__(:include, EncryptedPassword)
44:   end

Public Instance methods

[Source]

    # File lib/casserver/authenticators/sql_encrypted.rb, line 46
46:   def validate(credentials)
47:     read_standard_credentials(credentials)
48:     raise_if_not_configured
49: 
50:     user_model = self.class.user_model
51: 
52:     username_column = @options[:username_column] || "username"
53:     encrypt_function = @options[:encrypt_function] || 'user.encrypted_password == Digest::SHA256.hexdigest("#{user.encryption_salt}::#{@password}")'
54: 
55:     $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}"
56:     results = user_model.find(:all, :conditions => ["#{username_column} = ?", @username])
57:     user_model.connection_pool.checkin(user_model.connection)
58:     
59:     if results.size > 0
60:       $LOG.warn("Multiple matches found for user '#{@username}'") if results.size > 1
61:       user = results.first
62:       unless @options[:extra_attributes].blank?
63:         if results.size > 1
64:           $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}")
65:         else
66:           extract_extra(user)
67:               log_extra
68:         end
69:       end
70:       return eval(encrypt_function)
71:     else
72:       return false
73:     end
74:   end

[Validate]