Skip to content
This repository has been archived by the owner on Feb 6, 2024. It is now read-only.

Support for ActiveRecord-based Auth Token Signers #127

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Support for ActiveRecord-based Auth Token Signers #127

wants to merge 6 commits into from

Conversation

djmassad
Copy link

Hi,

I have implemented a feature to store the public keys of the Auth Token Signers in a table so that we do not have to include them in source control (or when deploying to Heroku).

Also, I have included some rake tasks to facilitate with this:

rake casino:auth_token_signer:add:env[name,env_key]                    # Add Auth Token Signer from environment variable
rake casino:auth_token_signer:add:file[name,public_key_pem_file_path]  # Add Auth Token Signer from PEM file
rake casino:auth_token_signer:add:stdin[name]                          # Add Auth Token Signer from STDIN
rake casino:auth_token_signer:disable[id]                              # Disable Auth Token Signer
rake casino:auth_token_signer:enable[id]                               # Enable Auth Token Signer
rake casino:auth_token_signer:list                                     # List Auth Token Signers
rake casino:auth_token_signer:remove[id]                               # Remove Auth Token Signer

Thanks,

David Massad

@pencil
Copy link
Member

pencil commented Sep 18, 2015

LGTM! Do you think it would make sense to remove support for file-based Auth Token Signers?

@djmassad
Copy link
Author

That makes sense. I implemented this feature because I wanted to have separate Auth Token Signers for my production and sandbox environments, in addition to keeping the public keys out of source control.

I figured storing the keys in a single table is easy to manage. They can easily be maintained either by using the rake tasks or by creating/updating/deleting rows from the casino_auth_token_signers table directly.

@djmassad
Copy link
Author

djmassad commented Oct 7, 2015

I squashed a really nasty bug having to do with proxy tickets. The while loop in the CASino::TicketValidationResponseBuilder.build method was not traversing up to the service ticket, resulting in a locked-up server utilizing 100% CPU. This pull request includes the fix.

@pencil
Copy link
Member

pencil commented Nov 4, 2015

Thanks. Could you please merge master, looks like there is some conflict.

Merge commit '8d702a1350cbe7e453871fbb340974db0b8ad440'
66893fc 
Conflicts:
	spec/dummy/db/schema.rb
@djmassad
Copy link
Author

djmassad commented Dec 7, 2015

I'm not sure if you saw that I had merged master with this branch per your request.

Also, is the Auth Token Login implementation part of the CAS specification, or is it specific to CASino?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djmassad @pencil