Closed bnmagat closed 7 years ago
oslivan
commented
7 years ago I looked at your config, not found any problems, May be casuse by crypted_password, Beacurse “casino-activerecord_authenticator‘’ just check BCrypt,Phpass, if not matched, it'll use UnixCrypt as checking.
bnmagat
commented
7 years ago I also think it's because of the 'crypted_password'. How should I fix this?
oslivan
commented
7 years ago You can save user's password with above encrypt method , or fork “casino-activerecord_authenticator‘’, add your encrypt validating.
bnmagat
commented
7 years ago Here's my new password_column: "casino-activerecord_authenticator". Am I doing what you said? It still doesn't work.
oslivan
commented
7 years ago I'm sorry, my english is not very well, I mean that fork "https://github.com/rbCAS/casino-activerecord_authenticator", and meet your needs.
oslivan
commented
7 years ago https://github.com/rbCAS/casino-activerecord_authenticator/blob/master/lib/casino/activerecord_authenticator.rb, and add your password validate checking in valid_password.
bnmagat
commented
7 years ago Do I still need to fork "https://github.com/rbCAS/casino-activerecord_authenticator" even if gem 'casino-activerecord_authenticator', '~> 4.0', '>= 4.0.1' is already in my gemfile?
bnmagat
commented
7 years ago Before, my applications used SHA1 hashing for password. Now I've changed it to SHA512 and created new user, but still can't login.
oslivan
commented
7 years ago I give you a test account. column login is set 'test', and column crypted_password is set "$2a$10$jugvo33mQzBcaEc.AQcHlejiGUmhmdpyfBhgJT5zrRmrqgfNfBWz6", then you input 'test' and 'password' at login page. if successful, it proved to be issue of crypted_password.
bnmagat
commented
7 years ago Do I need to input something in salt? 'test' and 'password' still gives me "Incorrect username or password." error
bnmagat
commented
7 years ago This is my new database table:
mysql> select * from m_logins;
+----+-------------+--------------------------------------------------------------+--------------------------------------------------------------+---------------+------------+---------------------+------------+---------------------+
| id | login | crypted_password | salt | m_employee_id | created_by | created_at | deleted_by | deleted_at |
+----+-------------+--------------------------------------------------------------+--------------------------------------------------------------+---------------+------------+---------------------+------------+---------------------+
| 1 | admin | 980d54de4892bd53a439ed57384503bb80cb3ab7 | 6ffb4c90bd797d45ebe9b5babc15cf084c006a19 | 0 | NULL | 2016-02-22 15:52:52 | NULL | NULL |
| 2 | ninay | 27e4896f2b0adf40344601d73d044d23558c7b4c | ae9960da00bd29d8fa10987bb52bee67c258c27b | 2 | 1 | 2016-03-03 02:01:34 | NULL | NULL |
| 3 | dang | 3747cff132a9d6b0895813a24420d00fae903eb4 | 254a00821304acafa69dea4fa4fbeb038fd16878 | 5 | 1 | 2016-03-04 00:44:34 | NULL | NULL |
| 4 | czar | 80229ce80858e6bdf99eb794e51697c5359eb501 | 369e81901e3e0382ccaf2eaef13a0ef41c2ded0e | 10 | 2 | 2016-03-14 03:12:01 | NULL | NULL |
| 5 | juji | 091ac96dab49453e223922d95d4b08ae06608ba9 | 03f7bebc7f1658cd75c6283f2400e0257ab9c828 | 6 | 3 | 2016-03-14 03:24:02 | NULL | NULL |
| 6 | shine | bdc9a13e0ae3fb408656a318357a3d1b7e60d67e | 2b86e298b80495a82194d73273ac5bfe0e11c17d | 4 | 2 | 2016-03-14 04:05:19 | NULL | NULL |
| 7 | test1 | 65ae2d0ad7733267f539700cfbb8070bcfe08283 | 72e85d0516bf7a71679e0b9f8a631e6c1efd595c | 16 | 1 | 2016-03-22 01:40:42 | 3 | 2016-12-08 01:54:51 |
| 8 | dodo | b98ef8745918aa5363d96d2664fb151726ad4ef2 | 4106c8d689254daec9f6b47de6ec1896cbf96f57 | 139 | 1 | 2016-03-30 04:12:55 | NULL | NULL |
| 9 | lala | 7fcecb668510d7a5ede5916fcf6f0deb0e718c3e | fb227751f9ce55ac498bf1477100ba53aca10beb | 15 | 2 | 2016-03-31 08:00:38 | NULL | NULL |
| 10 | rex | 560118d348dae585356e57e8212f445bf347d7e7 | bf98eddae3749f530da4c16f3bd63c96d23a2f92 | 7 | 3 | 2016-04-05 01:01:08 | NULL | NULL |
| 11 | rea | f11a2728825908ad10ebe662100e3eff69f06efe | 212e0e0ba8f5b33a4ba9ea8c42d9340371ede533 | 161 | 10 | 2016-04-11 06:47:25 | NULL | NULL |
| 12 | ava | d5a3aedef22bc432af58c2b5ba1ac482ff0c151c | 04a5886e46eee3bdcf7f10f1ffcaa1d016390582 | 162 | 10 | 2016-04-11 06:50:39 | NULL | NULL |
| 13 | ken | 99a6d87b9fbc7d958518235fbd430bd22c693e4c | ef34d4828825eb3465018c8b866457bfa66691f3 | 163 | 10 | 2016-04-11 07:14:53 | NULL | NULL |
| 14 | 02010 | df7cfbb2a2a3e57f87aab7a3652460b56d9bf715 | 7386cd796354926ca8b482232e420465d5793a02 | 147 | 2 | 2016-04-18 01:10:14 | NULL | NULL |
| 15 | leave | 623b392e3cd47c4dd4cddbe338bd3654daa573d3 | ddac75c111a9435e710bfbb45e438009fcf86e1e | 165 | 2 | 2016-04-25 01:26:01 | 2 | 2016-08-11 01:29:23 |
| 16 | keny | 285b4eed80c1b62cd7f8ed7405c85edf26600956 | e98f5faf0f2ec1263586650c1864e86bf49a14ed | 166 | 10 | 2016-04-26 03:08:09 | NULL | NULL |
| 17 | restworking | e011732d77140c39437cb875d224f313f6ce47d3 | 3c2e6e6781d30786c66fd7bf39dd9485c0af7152 | 159 | 3 | 2016-04-28 07:01:25 | NULL | NULL |
| 18 | kana | 9fad96a35bfb6bc615811cd479cb88d052c19cf5 | 6d03c6d96ec5e593b516ecdd07569c9bc9ba0315 | 150 | 3 | 2016-05-02 01:06:36 | NULL | NULL |
| 19 | test4 | 49db501a9877dcfb06ae6539c757d7c1662585eb | 470dbfe5b31bcaee4b75ba0d12e6ca1e963c0a5a | 164 | 1 | 2016-05-05 07:09:52 | 2 | 2016-08-11 01:28:44 |
| 20 | shiela | fa4357ace2763398eba8411a7cd7d1dbf4e2ccd1 | 5ca8b562af1d2fdba12d361a056503fb7470d56d | 154 | 1 | 2016-08-08 03:57:11 | NULL | NULL |
| 21 | john | 8d0c6559081c7b508f4947eb335a247edcf4dcae | d2b6807f6661d66e0fd8ff15d09d97cf2de1c425 | 3 | 1 | 2016-08-17 02:38:27 | NULL | NULL |
| 22 | jen | 62d99eed57e44882a277c2c9b866c1593af2eeba | c4f63b65181bdc89ca598d97a6e942dbabfafb64 | 170 | 2 | 2016-08-31 05:18:09 | NULL | NULL |
| 23 | edd | dc54992aca4361824f5b97341918ebf56a9510ba | 8713ee6e99b3bcf8e9b859df9eef7dcc9bf6bdd4 | 171 | 2 | 2016-08-31 05:18:39 | NULL | NULL |
| 24 | mark | 44c398879d0e092420274544dbee4d3c459f9c2f | b767f9caf734b960358f06fef3b75c1012b0fcff | 173 | 2 | 2016-09-06 02:35:36 | NULL | NULL |
| 25 | sophie | 48163af71841313d0243204ff9b3c7ca6eb470b9 | dbb7f4dd72bafe02b7f8b8733c5e7cf066efbb44 | 174 | 1 | 2016-10-19 05:27:13 | NULL | NULL |
| 26 | crown | 71df3d2dc1cf199bb22f8994516905e94b79cfcb | b4eb83fdf51882784f5a5a9b950ea98a2f0bd0fd | 176 | 3 | 2016-11-17 02:40:53 | NULL | NULL |
| 27 | new1 | 2a42d39b29c103efcaf08a8e4c0f5b66980621c7 | 6d4cf331946d6931016414a6bf7a96fe04b95f63 | 182 | 3 | 2016-11-18 05:37:15 | NULL | NULL |
| 29 | test | $2a$10$jugvo33mQzBcaEc.AQcHlejiGUmhmdpyfBhgJT5zrRmrqgfNfBWz6 | $2a$10$jugvo33mQzBcaEc.AQcHlejiGUmhmdpyfBhgJT5zrRmrqgfNfBWz6 | 186 | 8 | 2017-03-01 01:23:14 | NULL | NULL |
+----+-------------+--------------------------------------------------------------+--------------------------------------------------------------+---------------+------------+---------------------+------------+---------------------+
28 rows in set (0.00 sec)don't need salt,do you create class MLogin ?
bnmagat
commented
7 years ago Yes. That's in the model of my applications to check for username and password, and also password hashing.
oslivan
commented
7 years ago I found issue, look below providing by casinoapp
########################################
# SQL (ActiveRecord authenticator)
########################################
# my_company_sql_database:
# authenticator: "ActiveRecord"
# options:
# connection:
# adapter: "mysql2"
# host: "localhost"
# username: "casino"
# password: "secret"
# database: "users"
# table: "users"
# username_column: "username"
# password_column: "password"
# extra_attributes:
# email: "email_database_column"
# fullname: "displayname_database_column"you lost authenticate name, that is 'my_company_sql_database' above.
bnmagat
commented
7 years ago I changed my cas.yml to this:
development:
<<: *defaults
authenticators:
my_company_sql_database:
authenticator: "ActiveRecord"
options:
connection:
adapter: "mysql2"
host: "localhost"
username: "root"
password: "Inhouse2012"
database: "wiz_common_master"
table: "m_logins"
username_column: "login"
password_column: "crypted_password"But still can't login. Whenever I try to click the back button, it gives me "Your login request did not include a valid login ticket." this error.
oslivan
commented
7 years ago This is beacuse cas.yml set login_ticket: lifetime: 600, solved it by flushing page.
oslivan
commented
7 years ago refresh page.
bnmagat
commented
7 years ago I see. But that didn't resolve the issue :( I still use 'test' and 'password' when logging in
bnmagat
commented
7 years ago Now I can login with 'test' and 'password'. I cloned the CASinoApp from https://github.com/rbCAS/CASinoApp and added development to cas.yml. Here's my new cas.yml:
development:
authenticators:
my_company_sql_database:
authenticator: "ActiveRecord"
options:
connection:
adapter: "mysql2"
host: "localhost"
username: "root"
password: "Inhouse2012"
database: "wiz_common_master"
table: "m_logins"
username_column: "login"
password_column: "crypted_password"
extra_attributes:
name: "login"
employee_id: "m_employee_id"
production:
frontend:
sso_name: 'CASino'
footer_text: 'Powered by <a href="http://rbcas.com/">CASino</a>'
authenticators:
my_company_sql_database:
authenticator: "ActiveRecord"
options:
connection:
adapter: "mysql2"
host: "localhost"
username: "root"
password: "Inhouse2012"
database: "wiz_common_master"
table: "m_logins"
username_column: "login"
password_column: "crypted_password"
extra_attributes:
name: "login"
employee_id: "m_employee_id"You said the crypted_password might be giving me the login error. How should I fix this with active record? Thank you so much!
oslivan
commented
7 years ago you can replace your password hashing as BCrypt at model MLogin, just looking https://github.com/codahale/bcrypt-ruby.
bnmagat
commented
7 years ago I was using SHA1. Would it be possible if I use SHA512 instead of BCrypt? Because it would be much easier to replace this
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
endwith this
def self.encrypt(password, salt)
Digest::SHA512.hexdigest("--#{salt}--#{password}--")
endBCrypt encryption is very different from SHA1 and may cause some problems esp. with the number of parameters. SHA1 stores salt while BCrypt does not (as I've understood? please correct me with understanding of BCrypt and salt)
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
endBy the way here's my code for authenticating users using SHA1
def self.authenticate(login, password)
u = self.where(login: login).where("deleted_at IS NULL").includes(:m_employee).first # need to get the salt
u && u.authenticated?(password, u.salt) ? u : nil
endEncrypts some data (ex: password) with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
endEncrypts the password with the user salt
def encrypt(password, salt)
self.class.encrypt(password, salt)
endChecks if the user entered the correct password
def authenticated?(password, salt)
crypted_password == encrypt(password, salt)
enddef encrypt_password
return if password.blank?
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
self.crypted_password = encrypt(password, self.salt)
endAs I said above, you need custom gem 'casino-activerecord_authenticator ', and then add your customed gem to Gemfile. Or you can archieve a Authenticator like CASinoApp's StaticAuthenticator, the latter is much better for you.
bnmagat
commented
7 years ago I already have gem 'casino-activerecord_authenticator ' in my CASinoApp. Also, is there any way to check if my hash/salt passwords stored in 'wiz_common_master' database is equivalent to my "password"? Like it will return true if the hash matches the "password" and false if not. It would be a great help to debug which causes the error. Thank you very much!
oslivan
commented
7 years ago class CASino::ShaAuthenticator < CASino::ActiveRecordAuthenticator
def valid_password?(password, password_from_database)
return false if password_from_database.blank?
password_from_database == encrypt(password, @model.send(:salt)) ? true : false
end
def encrypt(password, salt)
Digest::SHA512.hexdigest("--#{salt}--#{password}--")
end
endAbove is Authenticator class, you can put in 'authenticators/casino/',and then update config/cas.yml below:
authenticator: "ActiveRecord" => authenticator: "ShaAuthenticator"It's not validated,you can debug by youself.
bnmagat
commented
7 years ago I'm sorry for my ignorance! I've overlooked my code
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
endwhich means it also hashes the "--" in between salt and password, thus making the password different. I've already changed it to:
def self.encrypt(password)
UnixCrypt::SHA512.build("#{password}")
endAnd that fixes it! Thanks for your patience, Mr. Oslivan!
Hi! I'm new to rails and I've found this CASino very useful with my applications. However, I'm having a problem logging in to CASino. I have an existing database "wiz_common_master" which is connected to my applications for the login.
I think I have migrated CASino successfully in this database since there were these casino** tables. But I don't know how CASino gets the login username and password from my database.
Here is my database.yml
And my cas.yml
Here are my database's tables:
And my m_logins table: