cafe-grader-web

Commit r396:4b88edeab117 public

parent | child
Description:
add authentication by CU-CAS from p' krerk
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r396:4b88edeab117 - - 1 file changed: 31 inserted, 6 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,141 +1,166
1 1 require 'digest/sha1'
2 2 require 'net/pop'
3 + require 'json'
3 4
4 5 class User < ActiveRecord::Base
5 6
6 7 has_and_belongs_to_many :roles
7 8
8 9 has_many :test_requests, :order => "submitted_at DESC"
9 10
10 11 has_many :messages,
11 12 :class_name => "Message",
12 13 :foreign_key => "sender_id",
13 14 :order => 'created_at DESC'
14 15
15 16 has_many :replied_messages,
16 17 :class_name => "Message",
17 18 :foreign_key => "receiver_id",
18 19 :order => 'created_at DESC'
19 20
20 21 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
21 22
22 23 belongs_to :site
23 24 belongs_to :country
24 25
25 26 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
26 27
27 28 scope :activated_users, :conditions => {:activated => true}
28 29
29 30 validates_presence_of :login
30 31 validates_uniqueness_of :login
31 32 validates_format_of :login, :with => /^[\_A-Za-z0-9]+$/
32 33 validates_length_of :login, :within => 3..30
33 34
34 35 validates_presence_of :full_name
35 36 validates_length_of :full_name, :minimum => 1
36 37
37 38 validates_presence_of :password, :if => :password_required?
38 39 validates_length_of :password, :within => 4..20, :if => :password_required?
39 40 validates_confirmation_of :password, :if => :password_required?
40 41
41 42 validates_format_of :email,
42 43 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
43 44 :if => :email_validation?
44 45 validate :uniqueness_of_email_from_activated_users,
45 46 :if => :email_validation?
46 47 validate :enough_time_interval_between_same_email_registrations,
47 48 :if => :email_validation?
48 49
49 50 # these are for ytopc
50 51 # disable for now
51 52 #validates_presence_of :province
52 53
53 54 attr_accessor :password
54 55
55 56 before_save :encrypt_new_password
56 57 before_save :assign_default_site
57 58 before_save :assign_default_contest
58 59
59 60 # this is for will_paginate
60 61 cattr_reader :per_page
61 62 @@per_page = 50
62 63
63 64 def self.authenticate(login, password)
64 65 user = find_by_login(login)
65 - return user if user && user.authenticated?(password)
66 - if user && user.authenticated_by_pop3?(password)
67 - user.password = password
68 - user.save
69 - return user
66 + if user
67 + return user if user.authenticated?(password)
68 + if user.authenticated_by_cucas?(password) or user.authenticated_by_pop3?(password)
69 + user.password = password
70 + user.save
71 + return user
72 + end
70 73 end
71 74 end
72 75
73 76 def authenticated?(password)
74 77 if self.activated
75 78 hashed_password == User.encrypt(password,self.salt)
76 79 else
77 80 false
78 81 end
79 82 end
80 83
81 84 def authenticated_by_pop3?(password)
82 85 Net::POP3.enable_ssl
83 86 pop = Net::POP3.new('pops.it.chula.ac.th')
84 87 authen = true
85 88 begin
86 - pop.start(login, password) # (1)
89 + pop.start(login, password)
87 90 pop.finish
88 91 return true
89 92 rescue
90 93 return false
91 94 end
92 95 end
93 96
97 + def authenticated_by_cucas?(password)
98 + url = URI.parse('https://www.cas.chula.ac.th/cas/api/?q=studentAuthenticate')
99 + appid = '41508763e340d5858c00f8c1a0f5a2bb'
100 + appsecret ='d9cbb5863091dbe186fded85722a1e31'
101 + post_args = {
102 + 'appid' => appid,
103 + 'appsecret' => appsecret,
104 + 'username' => login,
105 + 'password' => password
106 + }
107 +
108 + #simple call
109 + begin
110 + resp = Net::HTTP.post_form(url, post_args)
111 + result = JSON.parse resp.body
112 + return true if result["type"] == "beanStudent"
113 + rescue
114 + return false
115 + end
116 + return false
117 + end
118 +
94 119 def admin?
95 120 self.roles.detect {|r| r.name == 'admin' }
96 121 end
97 122
98 123 def email_for_editing
99 124 if self.email==nil
100 125 "(unknown)"
101 126 elsif self.email==''
102 127 "(blank)"
103 128 else
104 129 self.email
105 130 end
106 131 end
107 132
108 133 def email_for_editing=(e)
109 134 self.email=e
110 135 end
111 136
112 137 def alias_for_editing
113 138 if self.alias==nil
114 139 "(unknown)"
115 140 elsif self.alias==''
116 141 "(blank)"
117 142 else
118 143 self.alias
119 144 end
120 145 end
121 146
122 147 def alias_for_editing=(e)
123 148 self.alias=e
124 149 end
125 150
126 151 def activation_key
127 152 if self.hashed_password==nil
128 153 encrypt_new_password
129 154 end
130 155 Digest::SHA1.hexdigest(self.hashed_password)[0..7]
131 156 end
132 157
133 158 def verify_activation_key(key)
134 159 key == activation_key
135 160 end
136 161
137 162 def self.random_password(length=5)
138 163 chars = 'abcdefghjkmnopqrstuvwxyz'
139 164 password = ''
140 165 length.times { password << chars[rand(chars.length - 1)] }
141 166 password
You need to be logged in to leave comments. Login now