Skip to content
This repository was archived by the owner on Feb 6, 2024. It is now read-only.

Support for ActiveRecord-based Auth Token Signers#127

Open
djmassad wants to merge 6 commits intorbCAS:masterfrom
FronteraConsulting:master
Open

Support for ActiveRecord-based Auth Token Signers#127
djmassad wants to merge 6 commits intorbCAS:masterfrom
FronteraConsulting:master

Conversation

@djmassad
Copy link

@djmassad djmassad commented Aug 28, 2015

Hi,

I have implemented a feature to store the public keys of the Auth Token Signers in a table so that we do not have to include them in source control (or when deploying to Heroku).

Also, I have included some rake tasks to facilitate with this:

rake casino:auth_token_signer:add:env[name,env_key]                    # Add Auth Token Signer from environment variable
rake casino:auth_token_signer:add:file[name,public_key_pem_file_path]  # Add Auth Token Signer from PEM file
rake casino:auth_token_signer:add:stdin[name]                          # Add Auth Token Signer from STDIN
rake casino:auth_token_signer:disable[id]                              # Disable Auth Token Signer
rake casino:auth_token_signer:enable[id]                               # Enable Auth Token Signer
rake casino:auth_token_signer:list                                     # List Auth Token Signers
rake casino:auth_token_signer:remove[id]                               # Remove Auth Token Signer

Thanks,

David Massad

@pencil
Copy link
Member

pencil commented Sep 18, 2015

LGTM! Do you think it would make sense to remove support for file-based Auth Token Signers?

@djmassad
Copy link
Author

djmassad commented Sep 18, 2015

That makes sense. I implemented this feature because I wanted to have separate Auth Token Signers for my production and sandbox environments, in addition to keeping the public keys out of source control.

I figured storing the keys in a single table is easy to manage. They can easily be maintained either by using the rake tasks or by creating/updating/deleting rows from the casino_auth_token_signers table directly.

@djmassad
Copy link
Author

djmassad commented Oct 7, 2015

I squashed a really nasty bug having to do with proxy tickets. The while loop in the CASino::TicketValidationResponseBuilder.build method was not traversing up to the service ticket, resulting in a locked-up server utilizing 100% CPU. This pull request includes the fix.

@pencil
Copy link
Member

pencil commented Nov 4, 2015

Thanks. Could you please merge master, looks like there is some conflict.

Merge commit '8d702a1350cbe7e453871fbb340974db0b8ad440'
66893fc 
Conflicts:
	spec/dummy/db/schema.rb
@djmassad
Copy link
Author

djmassad commented Dec 7, 2015

I'm not sure if you saw that I had merged master with this branch per your request.

Also, is the Auth Token Login implementation part of the CAS specification, or is it specific to CASino?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@djmassad @pencil