From 27ca0acd68ccdc7c8dfe238b06732f1eda45bc1b Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Mon, 30 Apr 2012 09:19:39 -0700 Subject: [PATCH 1/9] Locales path is relative --- lib/casserver/localization.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/casserver/localization.rb b/lib/casserver/localization.rb index c55de84b..3f0fbc26 100644 --- a/lib/casserver/localization.rb +++ b/lib/casserver/localization.rb @@ -6,7 +6,7 @@ def self.included(mod) mod.module_eval do register Sinatra::R18n set :default_locale, 'en' - set :translations, './locales' + set :translations, File.dirname(__FILE__) + "/../../locales" end end end From 9f0bf65bf127cb7cfc41cc0fd93f767305be4545 Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Thu, 5 Jul 2012 08:17:55 -0700 Subject: [PATCH 2/9] Allow ssl validation to be turned off in dev --- lib/casserver/cas.rb | 4 ++-- lib/casserver/server.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/casserver/cas.rb b/lib/casserver/cas.rb index fdc4381a..cf558a2f 100644 --- a/lib/casserver/cas.rb +++ b/lib/casserver/cas.rb @@ -71,10 +71,10 @@ def generate_proxy_ticket(target_service, pgt) pt end - def generate_proxy_granting_ticket(pgt_url, st) + def generate_proxy_granting_ticket(pgt_url, st, validate_ssl = true) uri = URI.parse(pgt_url) https = Net::HTTP.new(uri.host,uri.port) - https.use_ssl = true + https.use_ssl = validate_ssl # Here's what's going on here: # diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb index 1a2495a2..a6b6c961 100644 --- a/lib/casserver/server.rb +++ b/lib/casserver/server.rb @@ -649,7 +649,7 @@ def self.init_database! if @success @username = st.username if @pgt_url - pgt = generate_proxy_granting_ticket(@pgt_url, st) + pgt = generate_proxy_granting_ticket(@pgt_url, st, config[:validate_ssl]) @pgtiou = pgt.iou if pgt end @extra_attributes = st.granted_by_tgt.extra_attributes || {} @@ -688,7 +688,7 @@ def self.init_database! end if @pgt_url - pgt = generate_proxy_granting_ticket(@pgt_url, t) + pgt = generate_proxy_granting_ticket(@pgt_url, t, config[:validate_ssl]) @pgtiou = pgt.iou if pgt end From 161dd5eac9ece9d7b7c4fe66a2e1133b8f238493 Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Thu, 5 Jul 2012 08:18:17 -0700 Subject: [PATCH 3/9] Brand this build of rubycas server as G2 so that we can tell it apart from main --- rubycas-server.gemspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rubycas-server.gemspec b/rubycas-server.gemspec index 0182f96e..2715286a 100644 --- a/rubycas-server.gemspec +++ b/rubycas-server.gemspec @@ -1,6 +1,6 @@ $gemspec = Gem::Specification.new do |s| - s.name = 'rubycas-server' - s.version = '1.1.1' + s.name = 'g2rubycas-server' + s.version = '1.1.1.1' s.authors = ["Matt Zukowski"] s.email = ["matt@zukowski.ca"] s.homepage = 'https://github.com/rubycas/rubycas-server' From 2af2616e624b84895de5dc1747adc763e1ca81de Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Thu, 5 Jul 2012 08:59:46 -0700 Subject: [PATCH 4/9] Allow ssl verification to be disabled --- lib/casserver/cas.rb | 2 ++ lib/casserver/server.rb | 3 +++ 2 files changed, 5 insertions(+) diff --git a/lib/casserver/cas.rb b/lib/casserver/cas.rb index cf558a2f..a09f81ec 100644 --- a/lib/casserver/cas.rb +++ b/lib/casserver/cas.rb @@ -75,6 +75,8 @@ def generate_proxy_granting_ticket(pgt_url, st, validate_ssl = true) uri = URI.parse(pgt_url) https = Net::HTTP.new(uri.host,uri.port) https.use_ssl = validate_ssl + + puts "we will validate ssl: #{validate_ssl}" # Here's what's going on here: # diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb index a6b6c961..9d508b03 100644 --- a/lib/casserver/server.rb +++ b/lib/casserver/server.rb @@ -138,6 +138,7 @@ def self.load_config_file(config_file) end config.merge! HashWithIndifferentAccess.new(YAML.load(config_file)) + config[:validate_ssl] = true if config[:validate_ssl].nil? set :server, config[:server] || 'webrick' end @@ -148,6 +149,8 @@ def self.reconfigure!(config) init_database! init_logger! init_authenticators! + + self.config[:validate_ssl] ||= true end def self.handler_options From 335c7ac5f588fa28353cb4dbd7d5613b68715aca Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Thu, 5 Jul 2012 08:59:54 -0700 Subject: [PATCH 5/9] Version bump --- rubycas-server.gemspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rubycas-server.gemspec b/rubycas-server.gemspec index 2715286a..9a01fc53 100644 --- a/rubycas-server.gemspec +++ b/rubycas-server.gemspec @@ -1,6 +1,6 @@ $gemspec = Gem::Specification.new do |s| s.name = 'g2rubycas-server' - s.version = '1.1.1.1' + s.version = '1.1.1.2' s.authors = ["Matt Zukowski"] s.email = ["matt@zukowski.ca"] s.homepage = 'https://github.com/rubycas/rubycas-server' @@ -32,7 +32,7 @@ For more information on RubyCAS-Server, see http://code.google.com/p/rubycas-ser s.add_dependency("activerecord", ">= 2.3.12", "< 3.1") s.add_dependency("activesupport", ">= 2.3.12", "< 3.1") s.add_dependency("sinatra", "~> 1.0") - s.add_dependency("sinatra-r18n") + s.add_dependency("sinatra-r18n", "~> 0.4") s.add_dependency("crypt-isaac", "~> 0.9.1") s.add_development_dependency("rack-test") From 6a00689743e0bfa19fd196c6ab95104c6b4243cc Mon Sep 17 00:00:00 2001 From: David Silveira Date: Tue, 19 Feb 2013 12:39:07 -0300 Subject: [PATCH 6/9] Fixes for issue PRA-710 --- locales/de.yml | 2 ++ locales/en.yml | 4 +++- locales/es.yml | 2 ++ locales/es_ar.yml | 2 ++ locales/fr.yml | 2 ++ locales/jp.yml | 2 ++ locales/pl.yml | 2 ++ locales/pt.yml | 2 ++ locales/ru.yml | 2 ++ locales/zh.yml | 2 ++ locales/zh_tw.yml | 2 ++ rubycas-server.gemspec | 2 +- 12 files changed, 24 insertions(+), 2 deletions(-) diff --git a/locales/de.yml b/locales/de.yml index 40422b08..a4024c86 100644 --- a/locales/de.yml +++ b/locales/de.yml @@ -24,4 +24,6 @@ label: button: login: "ANMELDEN" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/en.yml b/locales/en.yml index 99eb6094..d9b6813a 100644 --- a/locales/en.yml +++ b/locales/en.yml @@ -23,4 +23,6 @@ label: central_login_title: "Central Login" button: - login: "LOGIN" + login: "Log In" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" \ No newline at end of file diff --git a/locales/es.yml b/locales/es.yml index 5abf16f6..33efd93c 100644 --- a/locales/es.yml +++ b/locales/es.yml @@ -24,3 +24,5 @@ label: button: login: "INICIAR SESIÓN" + lost_password: "¿Perdio su contraseña?" + contact_g2: "Contacte al servicio de clientes G2" diff --git a/locales/es_ar.yml b/locales/es_ar.yml index d7684454..943629cb 100644 --- a/locales/es_ar.yml +++ b/locales/es_ar.yml @@ -24,3 +24,5 @@ label: button: login: "INICIAR SESIÓN" + lost_password: "¿Perdio su contraseña?" + contact_g2: "Contacte al servicio de clientes G2" diff --git a/locales/fr.yml b/locales/fr.yml index 99dc7c8d..9327f0eb 100644 --- a/locales/fr.yml +++ b/locales/fr.yml @@ -24,3 +24,5 @@ label: button: login: "SE CONNECTER" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/jp.yml b/locales/jp.yml index 8c65c682..b26b2a9d 100644 --- a/locales/jp.yml +++ b/locales/jp.yml @@ -24,3 +24,5 @@ label: button: login: "ログイン" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/pl.yml b/locales/pl.yml index d9501a92..6ee22b44 100644 --- a/locales/pl.yml +++ b/locales/pl.yml @@ -24,3 +24,5 @@ label: button: login: "Zaloguj" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/pt.yml b/locales/pt.yml index 0a72eefa..f6aa9503 100644 --- a/locales/pt.yml +++ b/locales/pt.yml @@ -24,3 +24,5 @@ label: button: login: "ENTRAR" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/ru.yml b/locales/ru.yml index edef9e37..98199f35 100644 --- a/locales/ru.yml +++ b/locales/ru.yml @@ -24,3 +24,5 @@ label: button: login: "Войти" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/zh.yml b/locales/zh.yml index 61a245c3..ebb460ae 100644 --- a/locales/zh.yml +++ b/locales/zh.yml @@ -24,3 +24,5 @@ label: button: login: "登录" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" diff --git a/locales/zh_tw.yml b/locales/zh_tw.yml index 96615c6a..314ede9f 100644 --- a/locales/zh_tw.yml +++ b/locales/zh_tw.yml @@ -24,3 +24,5 @@ label: button: login: "登入" + lost_password: "Lost password?" + contact_g2: "Contact G2 Client Services" \ No newline at end of file diff --git a/rubycas-server.gemspec b/rubycas-server.gemspec index 9a01fc53..e7474069 100644 --- a/rubycas-server.gemspec +++ b/rubycas-server.gemspec @@ -1,6 +1,6 @@ $gemspec = Gem::Specification.new do |s| s.name = 'g2rubycas-server' - s.version = '1.1.1.2' + s.version = '1.1.1.3' s.authors = ["Matt Zukowski"] s.email = ["matt@zukowski.ca"] s.homepage = 'https://github.com/rubycas/rubycas-server' From b6ab02d80cb398fd0cf6e10d7c1a80113231c667 Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Tue, 21 May 2013 15:52:14 -0700 Subject: [PATCH 7/9] PRA-830: Optionally validate the peer. Use SSL when SSL is being used in the scheme --- .gitignore | 1 + lib/casserver/cas.rb | 20 +++++++++++++++----- rubycas-server.gemspec | 2 +- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 5f56a11a..fe9894a4 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ custom/* resources/dev .rvmrc .bundle +*.gem diff --git a/lib/casserver/cas.rb b/lib/casserver/cas.rb index a09f81ec..32798b38 100644 --- a/lib/casserver/cas.rb +++ b/lib/casserver/cas.rb @@ -71,12 +71,17 @@ def generate_proxy_ticket(target_service, pgt) pt end - def generate_proxy_granting_ticket(pgt_url, st, validate_ssl = true) + def generate_proxy_granting_ticket(pgt_url, st, validate_ssl = true, limit = 10) + $LOG.debug "Attempting to generate a proxy granting ticket for #{st}" + if limit <= 0 + $LOG.warn "Generate proxy granting ticket limit has reached 0 and it will no longer be tried. This usually happens when there is an infinite redirect loop." + return nil + end + uri = URI.parse(pgt_url) https = Net::HTTP.new(uri.host,uri.port) - https.use_ssl = validate_ssl - - puts "we will validate ssl: #{validate_ssl}" + https.use_ssl = uri.scheme == "https" + https.verify_mode = OpenSSL::SSL::VERIFY_NONE unless validate_ssl # Here's what's going on here: # @@ -100,11 +105,16 @@ def generate_proxy_granting_ticket(pgt_url, st, validate_ssl = true) # in-practice standard. path += (uri.query.nil? || uri.query.empty? ? '?' : '&') + "pgtId=#{pgt.ticket}&pgtIou=#{pgt.iou}" + $LOG.debug "Making PGT callback to #{path}" response = conn.request_get(path) # TODO: follow redirects... 2.5.4 says that redirects MAY be followed # NOTE: The following response codes are valid according to the JA-SIG implementation even without following redirects - if %w(200 202 301 302 304).include?(response.code) + if %w(301 302).include?(response.code) && response["Location"] + location = response["Location"].gsub("pgtId=#{pgt.ticket}&pgtIou=#{pgt.iou}", "").gsub(/\?$/, "") + $LOG.debug "PGT callback wants to redirect to #{location}. Following..." + generate_proxy_granting_ticket(location, st, validate_ssl, limit - 1) + elsif %w(200 202 304).include?(response.code) # 3.4 (proxy-granting ticket IOU) pgt.save! $LOG.debug "PGT generated for pgt_url '#{pgt_url}': #{pgt.inspect}" diff --git a/rubycas-server.gemspec b/rubycas-server.gemspec index e7474069..dbba7a44 100644 --- a/rubycas-server.gemspec +++ b/rubycas-server.gemspec @@ -1,6 +1,6 @@ $gemspec = Gem::Specification.new do |s| s.name = 'g2rubycas-server' - s.version = '1.1.1.3' + s.version = '1.1.1.12' s.authors = ["Matt Zukowski"] s.email = ["matt@zukowski.ca"] s.homepage = 'https://github.com/rubycas/rubycas-server' From 34f6d4a8cf44b467d7ad88f3efa1012396bd93c1 Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Wed, 22 May 2013 07:47:00 -0700 Subject: [PATCH 8/9] Resolve conflicts --- lib/casserver/server.rb | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb index 493d28c9..e107380d 100644 --- a/lib/casserver/server.rb +++ b/lib/casserver/server.rb @@ -630,7 +630,6 @@ def self.init_database! # 2.5.1 get "#{uri_path}/serviceValidate" do -<<<<<<< HEAD CASServer::Utils::log_controller_action(self.class, params) # force xml content type @@ -650,29 +649,10 @@ def self.init_database! if @success @username = st.username if @pgt_url - pgt = generate_proxy_granting_ticket(@pgt_url, st) + pgt = generate_proxy_granting_ticket(@pgt_url, st, config[:validate_ssl]) @pgtiou = pgt.iou if pgt end @extra_attributes = st.granted_by_tgt.extra_attributes || {} -======= - CASServer::Utils::log_controller_action(self.class, params) - - # required - @service = clean_service_url(params['service']) - @ticket = params['ticket'] - # optional - @pgt_url = params['pgtUrl'] - @renew = params['renew'] - - st, @error = validate_service_ticket(@service, @ticket) - @success = st && !@error - - if @success - @username = st.username - if @pgt_url - pgt = generate_proxy_granting_ticket(@pgt_url, st, config[:validate_ssl]) - @pgtiou = pgt.iou if pgt ->>>>>>> g2/master end else @success = false From 733df68a2f3a903a461114ca2101a8283b59e67a Mon Sep 17 00:00:00 2001 From: Brad Seefeld Date: Wed, 22 May 2013 07:59:22 -0700 Subject: [PATCH 9/9] Revert internal changes --- locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/en.yml b/locales/en.yml index e872f257..99eb6094 100644 --- a/locales/en.yml +++ b/locales/en.yml @@ -23,4 +23,4 @@ label: central_login_title: "Central Login" button: - login: "Log In" + login: "LOGIN"