search

rubycas / rubycas-server

Provides single sign-on authentication for web applications, implementing the server-end of Jasig's CAS protocol.
http://rubycas.github.com
Other
628 stars 270 forks source link

Multiple SQLEncrypted authenticators #185

Open dziamid opened 11 years ago

dziamid commented 11 years ago

I've set up a list of authenticators:

authenticator:
  -
    class: CASServer::Authenticators::SQLEncrypted
    database:
      adapter: mysql2
      database: beta_assistentby
      username: cas
      password: asdfasdf
      host: localhost
    user_table: user
    username_column: email
    password_column: password
    encrypt_function: 'user.password == Digest::MD5.hexdigest("#{@password}{easybooker_is_cool}")'

  -
    class: CASServer::Authenticators::SQLEncrypted
    database:
      adapter: mysql2
      database: assistentproru
      username: cas
      password: asdfasdf
      host: localhost
    user_table: user
    username_column: email
    password_column: password
    encrypt_function: 'user.password == Digest::MD5.hexdigest("#{@password}{easybooker_is_cool}")'

  -
    class: CASServer::Authenticators::SQLEncrypted
    database:
      adapter: mysql2
      database: assistentby
      username: cas
      password: asdfasdf
      host: localhost
    user_table: sf_guard_user
    username_column: email
    password_column: password
    encrypt_function: 'user.password == Digest::SHA1.hexdigest("#{user.salt}#{@password}")'

I expect the credentials to be authenticated agains every database in the list. This is what is happening in the logs:

#casserver.log

Processing CASServer::Server::call {"username"=>"one@dziamid.com", "password"=>"******", "lt"=>"LT-1375951647rjdlPcwt3ntfLG9bs4F", "service"=>"", "locale"=>"ru"}
Validating login ticket 'LT-1375951647rjdlPcwt3ntfLG9bs4F'
Login ticket 'LT-1375951647rjdlPcwt3ntfLG9bs4F' successfully validated
Generated login ticket 'LT-1375951659r8QkATG1w7tDmyhhQMt' for client at '82.209.222.52'
Logging in with username: one@dziamid.com, lt: LT-1375951659r8QkATG1w7tDmyhhQMt, service: , auth: [CASServer::Authenticators::SQLEncrypted, CASServer::Authenticators::SQLEncrypted, CASServer::Authenticato$
CASServer::Authenticators::SQLEncrypted: [CASServer::Authenticators::SQLEncrypted::CASUser_2] Connection pool size: 0/5
CASServer::Authenticators::SQLEncrypted: [CASServer::Authenticators::SQLEncrypted::CASUser_2] Connection pool size: 1/5
CASServer::Authenticators::SQLEncrypted: [CASServer::Authenticators::SQLEncrypted::CASUser_2] Connection pool size: 1/5
Invalid credentials given for user 'one@dziamid.com'

#cassserver_db.log

  ^[[1m^[[36mCASServer::Authenticators::SQLEncrypted::CASUser_2 Load (0.2ms)^[[0m  ^[[1mSELECT `sf_guard_user`.* FROM `sf_guard_user` WHERE (email = 'one@dziamid.com')^[[0m
  ^[[1m^[[35mCASServer::Authenticators::SQLEncrypted::CASUser_2 Load (0.2ms)^[[0m  SELECT `sf_guard_user`.* FROM `sf_guard_user` WHERE (email = 'one@dziamid.com')
  ^[[1m^[[36mCASServer::Authenticators::SQLEncrypted::CASUser_2 Load (0.1ms)^[[0m  ^[[1mSELECT `sf_guard_user`.* FROM `sf_guard_user` WHERE (email = 'one@dziamid.com')^[[0m

Seems like cas is querying the same databases (CASServer::Authenticators::SQLEncrypted::CASUser_2) 3 times.