RubyGems - aker - Versions diffs - 3.0.0.pre - Mend

aker 3.0.0.pre

Files changed (118) hide show

data/CHANGELOG.md +210 -0
data/README.md +282 -0
data/assets/aker/form/login.css +73 -0
data/assets/aker/form/login.html.erb +44 -0
data/lib/aker/authorities/automatic_access.rb +36 -0
data/lib/aker/authorities/composite.rb +301 -0
data/lib/aker/authorities/static.rb +283 -0
data/lib/aker/authorities/support/find_sole_user.rb +24 -0
data/lib/aker/authorities/support.rb +9 -0
data/lib/aker/authorities.rb +46 -0
data/lib/aker/cas/authority.rb +79 -0
data/lib/aker/cas/configuration_helper.rb +85 -0
data/lib/aker/cas/middleware/logout_responder.rb +49 -0
data/lib/aker/cas/middleware/ticket_remover.rb +35 -0
data/lib/aker/cas/middleware.rb +6 -0
data/lib/aker/cas/proxy_mode.rb +108 -0
data/lib/aker/cas/rack_proxy_callback.rb +188 -0
data/lib/aker/cas/service_mode.rb +88 -0
data/lib/aker/cas/service_url.rb +62 -0
data/lib/aker/cas/user_ext.rb +64 -0
data/lib/aker/cas.rb +31 -0
data/lib/aker/central_parameters.rb +101 -0
data/lib/aker/configuration.rb +534 -0
data/lib/aker/deprecation.rb +105 -0
data/lib/aker/form/custom_views_mode.rb +80 -0
data/lib/aker/form/login_form_asset_provider.rb +56 -0
data/lib/aker/form/middleware/custom_view_login_responder.rb +19 -0
data/lib/aker/form/middleware/login_renderer.rb +72 -0
data/lib/aker/form/middleware/login_responder.rb +71 -0
data/lib/aker/form/middleware/logout_responder.rb +26 -0
data/lib/aker/form/middleware.rb +10 -0
data/lib/aker/form/mode.rb +118 -0
data/lib/aker/form.rb +26 -0
data/lib/aker/group.rb +67 -0
data/lib/aker/group_membership.rb +162 -0
data/lib/aker/ldap/authority.rb +392 -0
data/lib/aker/ldap/user_ext.rb +19 -0
data/lib/aker/ldap.rb +22 -0
data/lib/aker/modes/base.rb +85 -0
data/lib/aker/modes/http_basic.rb +100 -0
data/lib/aker/modes/support/attempted_path.rb +22 -0
data/lib/aker/modes/support/rfc_2617.rb +32 -0
data/lib/aker/modes/support.rb +12 -0
data/lib/aker/modes.rb +48 -0
data/lib/aker/rack/authenticate.rb +37 -0
data/lib/aker/rack/configuration_helper.rb +18 -0
data/lib/aker/rack/default_logout_responder.rb +36 -0
data/lib/aker/rack/environment_helper.rb +34 -0
data/lib/aker/rack/facade.rb +102 -0
data/lib/aker/rack/failure.rb +69 -0
data/lib/aker/rack/logout.rb +63 -0
data/lib/aker/rack/request_ext.rb +19 -0
data/lib/aker/rack/session_timer.rb +95 -0
data/lib/aker/rack/setup.rb +77 -0
data/lib/aker/rack.rb +107 -0
data/lib/aker/test/helpers.rb +22 -0
data/lib/aker/test.rb +8 -0
data/lib/aker/user.rb +231 -0
data/lib/aker/version.rb +3 -0
data/lib/aker.rb +51 -0
data/spec/aker/aker-sample.yml +11 -0
data/spec/aker/authorities/automatic_access_spec.rb +52 -0
data/spec/aker/authorities/composite_spec.rb +488 -0
data/spec/aker/authorities/nu-schema.jar +0 -0
data/spec/aker/authorities/static_spec.rb +455 -0
data/spec/aker/authorities/support/find_sole_user_spec.rb +33 -0
data/spec/aker/authorities_spec.rb +16 -0
data/spec/aker/cas/authority_spec.rb +106 -0
data/spec/aker/cas/configuration_helper_spec.rb +92 -0
data/spec/aker/cas/middleware/logout_responder_spec.rb +47 -0
data/spec/aker/cas/middleware/ticket_remover_spec.rb +49 -0
data/spec/aker/cas/proxy_mode_spec.rb +185 -0
data/spec/aker/cas/rack_proxy_callback_spec.rb +190 -0
data/spec/aker/cas/service_mode_spec.rb +122 -0
data/spec/aker/cas/service_url_spec.rb +114 -0
data/spec/aker/cas/user_ext_spec.rb +27 -0
data/spec/aker/cas_spec.rb +19 -0
data/spec/aker/central_parameters_spec.rb +44 -0
data/spec/aker/configuration_spec.rb +465 -0
data/spec/aker/deprecation_spec.rb +115 -0
data/spec/aker/form/a_form_mode.rb +129 -0
data/spec/aker/form/custom_views_mode_spec.rb +34 -0
data/spec/aker/form/login_form_asset_provider_spec.rb +80 -0
data/spec/aker/form/middleware/a_form_login_responder.rb +89 -0
data/spec/aker/form/middleware/custom_view_login_responder_spec.rb +47 -0
data/spec/aker/form/middleware/login_renderer_spec.rb +56 -0
data/spec/aker/form/middleware/login_responder_spec.rb +34 -0
data/spec/aker/form/middleware/logout_responder_spec.rb +55 -0
data/spec/aker/form/mode_spec.rb +15 -0
data/spec/aker/form_spec.rb +11 -0
data/spec/aker/group_membership_spec.rb +208 -0
data/spec/aker/group_spec.rb +66 -0
data/spec/aker/ldap/authority_spec.rb +414 -0
data/spec/aker/ldap/ldap-users.ldif +197 -0
data/spec/aker/ldap_spec.rb +11 -0
data/spec/aker/modes/a_aker_mode.rb +41 -0
data/spec/aker/modes/http_basic_spec.rb +127 -0
data/spec/aker/modes/support/attempted_path_spec.rb +32 -0
data/spec/aker/modes_spec.rb +11 -0
data/spec/aker/rack/authenticate_spec.rb +78 -0
data/spec/aker/rack/default_logout_responder_spec.rb +67 -0
data/spec/aker/rack/facade_spec.rb +154 -0
data/spec/aker/rack/failure_spec.rb +151 -0
data/spec/aker/rack/logout_spec.rb +63 -0
data/spec/aker/rack/request_ext_spec.rb +29 -0
data/spec/aker/rack/session_timer_spec.rb +134 -0
data/spec/aker/rack/setup_spec.rb +87 -0
data/spec/aker/rack_spec.rb +216 -0
data/spec/aker/test/helpers_spec.rb +44 -0
data/spec/aker/user_spec.rb +362 -0
data/spec/aker_spec.rb +80 -0
data/spec/deprecation_helper.rb +58 -0
data/spec/java_helper.rb +5 -0
data/spec/logger_helper.rb +17 -0
data/spec/matchers.rb +31 -0
data/spec/mock_builder.rb +25 -0
data/spec/spec_helper.rb +52 -0
metadata +265 -0

data/spec/aker/rack_spec.rb ADDED Viewed

@@ -0,0 +1,216 @@
+require File.expand_path('../../spec_helper', __FILE__)
+module Aker
+  describe Rack do
+    after do
+      ::Warden::Strategies.clear!
+    end
+    describe ".use_in" do
+      let(:builder) { Aker::Spec::MockBuilder.new }
+      let(:configuration) { Aker::Configuration.new(:slices => []) }
+      before do
+        Aker.configuration = configuration
+        Aker::Rack.use_in(builder)
+      end
+      it "fails with a useful message if there's no configuration" do
+        builder.reset!
+        Aker.configuration = nil
+        lambda { Aker::Rack.use_in(builder) }.
+          should raise_error(/Please set one or the other before calling use_in./)
+      end
+      describe "setting up modes" do
+        before do
+          configuration.register_mode Aker::Modes::HttpBasic
+          builder.reset!
+          Aker::Rack.use_in(builder)
+        end
+        it 'installs the modes registered in the configuration' do
+          ::Warden::Strategies[:http_basic].should == Aker::Modes::HttpBasic
+        end
+        it 'does not install other modes just because they exist' do
+          ::Warden::Strategies[:cas].should be_nil
+        end
+      end
+      describe "configuring warden" do
+        it "uses a manager" do
+          builder.should be_using(Warden::Manager)
+        end
+        it "gives the manager the failure app" do
+          mock_manager = Class.new do
+            attr_accessor :failure_app
+          end.new
+          _, _, actual_block = builder.find_use_of(Warden::Manager)
+          actual_block.call(mock_manager)
+          mock_manager.failure_app.class.should == Aker::Rack::Failure
+        end
+      end
+      describe "modifying the Rack stack" do
+        let(:ui_mode) do
+          Class.new(Warden::Strategies::Base) do
+            def authenticate!; end
+            def self.prepend_middleware(builder); builder.use :ui_ware_before; end
+            def self.append_middleware(builder); builder.use :ui_ware_after; end
+          end
+        end
+        let(:api_mode_a) do
+          Class.new(Warden::Strategies::Base) do
+            def authenticate!; end
+            def self.prepend_middleware(builder); builder.use :api_ware_before; end
+            def self.append_middleware(builder); builder.use :api_ware_after; end
+          end
+        end
+        let(:api_mode_b) do
+          Class.new(Warden::Strategies::Base) do
+            def authenticate!; end
+          end
+        end
+        before do
+          rebuild!
+        end
+        let(:config) do
+          Aker::Configuration.new(:slices => [Rack::Slice.new]) do
+            ui_mode :ui_mode
+            api_modes :api_mode_a, :api_mode_b
+            before_authentication_middleware do |builder|
+              builder.use :global_before
+            end
+            after_authentication_middleware do |builder|
+              builder.use :global_after
+            end
+          end
+        end
+        def rebuild!
+          builder.reset!
+          Warden::Strategies.add(:ui_mode, ui_mode)
+          Warden::Strategies.add(:api_mode_a, api_mode_a)
+          Warden::Strategies.add(:api_mode_b, api_mode_b)
+          Aker::Rack.use_in(builder, config)
+          @indexes = builder.uses.each_with_index.map { |u, i| [u.first, i] }.
+            inject({}) { |h, (mw, i)| h[mw] = i; h }
+          @logout_index = @indexes[Aker::Rack::Logout]
+          @session_timer_index = @indexes[Aker::Rack::SessionTimer]
+        end
+        it "uses the Setup middleware first" do
+          builder.uses[0].first.should == Aker::Rack::Setup
+        end
+        it "prepends middleware for UI modes after the setup middleware" do
+          @indexes[:ui_ware_before].should == @indexes[Aker::Rack::Setup] + 1
+        end
+        it "prepends middleware for API modes after UI modes" do
+          @indexes[:api_ware_before].should == @indexes[:ui_ware_before] + 1
+        end
+        it 'attaches the global before middleware immediately before warden' do
+          @indexes[:global_before].should == @indexes[Warden::Manager] - 1
+        end
+        it "attaches the session timer middleware after the warden middleware" do
+          @indexes[Aker::Rack::SessionTimer].should > @indexes[Warden::Manager]
+        end
+        it "attaches the session timer middleware before the authentication middleware" do
+          @indexes[Aker::Rack::SessionTimer].should < @indexes[Aker::Rack::Authenticate]
+        end
+        it 'attaches the global after middleware immediately after Aker::Rack::Authenticate' do
+          @indexes[:global_after].should == @indexes[Aker::Rack::Authenticate] + 1
+        end
+        it "attaches the logout middleware after the global after middleware" do
+          @indexes[Aker::Rack::Logout].should == @indexes[:global_after] + 1
+        end
+        it "attaches the default logout responder at the end of the chain" do
+          builder.uses.map { |u| u.first }.last.should == Aker::Rack::DefaultLogoutResponder
+        end
+        it "appends middleware for UI modes directly after the logout middleware" do
+          @indexes[:ui_ware_after].should == @indexes[Aker::Rack::Logout] + 1
+        end
+        it "appends middleware for API modes after appended UI middleware" do
+          @indexes[:api_ware_after].should == @indexes[:ui_ware_after] + 1
+        end
+        it "uses middleware for the global configuration if no specific configuration is provided" do
+          Aker.configure {
+            ui_mode :ui_mode
+          }
+          builder = Aker::Spec::MockBuilder.new
+          Aker::Rack.use_in(builder)
+          builder.uses[0].first.should == Aker::Rack::Setup
+          builder.uses[1].first.should == :ui_ware_before
+          builder.uses[2].first.should_not == :api_ware_before
+        end
+      end
+      it "attaches the aker middleware" do
+        builder.should be_using(Aker::Rack::Setup, configuration)
+      end
+      it "passes on the configuration to the setup middleware if provided" do
+        b = Aker::Spec::MockBuilder.new
+        config = Aker::Configuration.new { portal :hello }
+        Aker::Rack.use_in(b, config)
+        b.should be_using(Aker::Rack::Setup, config)
+      end
+    end
+  end
+  describe Rack::Slice do
+    let(:configuration) { Configuration.new(:slices => [Rack::Slice.new]) }
+    describe 'parameter defaults' do
+      describe 'for :policy' do
+        subject { configuration.parameters_for(:policy) }
+        it 'has [:session-timeout-seconds]' do
+          subject[:'session-timeout-seconds'].should == 1800
+        end
+      end
+      describe 'for :rack' do
+        subject { configuration.parameters_for(:rack) }
+        it 'has [:login_path]' do
+          subject[:login_path].should == '/login'
+        end
+        it 'has [:logout_path]' do
+          subject[:logout_path].should == '/logout'
+        end
+      end
+    end
+  end
+end

data/spec/aker/test/helpers_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+require File.expand_path("../../../spec_helper", __FILE__)
+require "rack/test"
+module Aker::Test
+  describe Helpers do
+    describe "#login_env" do
+      before do
+        Aker.configure do
+          s = Aker::Authorities::Static.new
+          s.valid_credentials!(:user, "jo", "50-50")
+          authorities s
+        end
+        @test_case = Class.new do
+          include Aker::Test::Helpers
+        end.new
+      end
+      shared_examples_for "a login helper" do
+        it "generates a Rack environment containing an authenticated user" do
+          @env['aker.check'].user.should_not be_nil
+          @env['aker.check'].user.username.should == 'jo'
+        end
+      end
+      describe 'given a username' do
+        before do
+          @env = @test_case.login_env("jo")
+        end
+        it_should_behave_like "a login helper"
+      end
+      describe 'given a Aker::User object' do
+        before do
+          @env = @test_case.login_env(Aker::User.new("jo"))
+        end
+        it_should_behave_like "a login helper"
+      end
+    end
+  end
+end

data/spec/aker/user_spec.rb ADDED Viewed

@@ -0,0 +1,362 @@
+require File.expand_path('../../spec_helper', __FILE__)
+module Aker
+  describe User do
+    before do
+      @u = User.new("jo", :airport)
+      @u.first_name = "Jocelyn"
+      @u.last_name = "Jordan"
+    end
+    describe "#full_name" do
+      it "works with both names" do
+        @u.full_name.should == "Jocelyn Jordan"
+      end
+      it "uses the user name with no names" do
+        @u.first_name = nil
+        @u.last_name = nil
+        @u.full_name.should == "jo"
+      end
+      it "works with just the last name" do
+        @u.first_name = nil
+        @u.full_name.should == "Jordan"
+      end
+      it "works with just the first name" do
+        @u.last_name = nil
+        @u.full_name.should == "Jocelyn"
+      end
+    end
+    describe "#default_portal" do
+      it "is always a symbol" do
+        u = User.new('jo')
+        u.default_portal = 'foo'
+        u.default_portal.should == :foo
+      end
+    end
+    describe "#portals" do
+      it "is always an array" do
+        User.new('J').portals.should == []
+      end
+    end
+    describe "#may_access?" do
+      it "permits access to a known portal" do
+        @u.may_access?(:airport).should be_true
+      end
+      it "supports string-named portals" do
+        @u.may_access?("airport").should be_true
+      end
+      it "refuses access to an unknown portal" do
+        @u.may_access?(:seaport).should be_false
+      end
+      it "uses the default portal if available" do
+        @u.default_portal = :airport
+        @u.may_access?.should be_true
+      end
+      it "fails without a portal if there's no default" do
+        lambda { @u.may_access? }.should raise_error(/No default portal/)
+      end
+    end
+    describe "#group_memberships" do
+      it "is a Aker::GroupMemberships instance" do
+        User.new('jo').group_memberships(:ENU).class.should == GroupMemberships
+      end
+      it "defaults to the groups for the default portal" do
+        jo = User.new('jo')
+        jo.default_portal = :ENU
+        jo.group_memberships(:ENU) << GroupMembership.new(Group.new('Developer'))
+        jo.group_memberships(:NOTIS) << GroupMembership.new(Group.new('Admin'))
+        jo.group_memberships.include?('Developer').should be_true
+        jo.group_memberships.include?('Admin').should be_false
+      end
+      it "locates a portal given as a string" do
+        jo = User.new('jo')
+        jo.group_memberships(:ENU) << GroupMembership.new(Group.new('Developer'))
+        jo.group_memberships("ENU").size.should == 1
+      end
+      it "fails without the portal parameter if there's no default portal" do
+        lambda { User.new('jo').group_memberships }.should raise_error(/No default portal/)
+      end
+    end
+    describe "#permit?" do
+      before do
+        @user = User.new('jo')
+        @user.portals = [:ENU, :NOTIS]
+        @user.default_portal = :ENU
+        @user.group_memberships(:ENU) << GroupMembership.new(Group.new('Developer'))
+        @user.group_memberships(:NOTIS) << GroupMembership.new(Group.new('Admin'))
+      end
+      it "returns true if the user matches any of the groups in the default portal" do
+        @user.permit?(:Developer, :Admin).should be_true
+      end
+      it "returns false if the user does not match any of the groups in the default portal" do
+        @user.permit?(:Admin).should be_false
+      end
+      describe "with an explicit portal" do
+        it "returns true if the user is in any of the groups" do
+          @user.permit?(:Developer, :Admin, :portal => :NOTIS).should be_true
+        end
+        it "returns false if the user is not in any of the groups" do
+          @user.permit?(:Developer, :portal => :NOTIS).should be_false
+        end
+      end
+      describe "without any groups" do
+        describe "with the default portal" do
+          it "returns true if the user is in the portal" do
+            @user.permit?.should be_true
+          end
+          it "returns false if the user is not in the portal" do
+            @user.default_portal = :BSPORE
+            @user.permit?.should be_false
+          end
+        end
+        describe "with an explicit portal" do
+          it "returns true if the user is in the portal" do
+            @user.permit?(:portal => :NOTIS).should be_true
+          end
+          it "returns false if the user is not in the portal" do
+            @user.permit?(:portal => :BSPORE).should be_false
+          end
+        end
+      end
+      describe "with a block" do
+        it "yields to a passed block if the user matches the group" do
+          executed = nil
+          @user.permit? :Developer do
+            executed = true
+          end
+          executed.should be_true
+        end
+        it "does not yield if the user doesn't match the group" do
+          executed = nil
+          @user.permit? :Admin do
+            executed = true
+          end
+          executed.should be_nil
+        end
+        it "returns the block's return value if the user matches the group" do
+          @user.permit?(:Developer) { "block value" }.should == "block value"
+        end
+        it "returns nil if the user does not match the group" do
+          @user.permit?(:Admin) { "block value" }.should == nil
+        end
+      end
+    end
+    describe "#merge!" do
+      before do
+        @a = User.new("jo")
+        @b = User.new("jo")
+      end
+      it "modifies the target group in place" do
+        @b.last_name = "Miller"
+        @a.merge!(@b)
+        @a.last_name.should == "Miller"
+      end
+      it "returns self" do
+        @a.merge!(@b).object_id.should == @a.object_id
+      end
+      it "does not copy attributes which are already set" do
+        @a.first_name = "Josephine"
+        @b.first_name = "Jocelyn"
+        @a.merge!(@b).first_name.should == "Josephine"
+      end
+      it "does not fail if reading an attribute throws an exception" do
+        @b.should_receive(:first_name).and_throw("I don't know.  Leave me alone.")
+        lambda { @a.merge!(@b) }.should_not raise_error
+      end
+      describe "of the default portal" do
+        it "sets the target default portal if there isn't one already" do
+          @b.default_portal = :ENU
+          @a.merge!(@b)
+          @a.default_portal.should == :ENU
+        end
+        it "leaves the default portal alone if it is already set" do
+          @a.default_portal = :NOTIS
+          @b.default_portal = :ENU
+          @a.merge!(@b)
+          @a.default_portal.should == :NOTIS
+        end
+      end
+      describe "of portals" do
+        before do
+          @a.portals = [:ENU, :NOTIS]
+          @b.portals = [:SQLSubmit, :ENU]
+          @a.merge!(@b)
+        end
+        it "removes duplicates" do
+          @a.portals.size.should == 3
+        end
+        it "includes portals that are in the source and target lists" do
+          @a.may_access?(:ENU).should be_true
+        end
+        it "preserves portals that are only in the original list" do
+          @a.may_access?(:NOTIS).should be_true
+        end
+        it "adds portals that are only in the new list" do
+          @a.may_access?(:SQLSubmit).should be_true
+        end
+        it "works when the source portals are not set" do
+          @b.portals = nil
+          lambda { @a.merge!(@b) }.should_not raise_error
+        end
+        it "works when the target portals are not set" do
+          @a.portals = nil
+          lambda { @a.merge!(@b) }.should_not raise_error
+          @a.portals.size.should == 2
+        end
+      end
+      describe "of group memberships" do
+        before do
+          @a.group_memberships(:ENU) << GroupMembership.new(Group.new("User"))
+        end
+        it "adds memberships for a new portal" do
+          @b.group_memberships(:NOTIS) << GroupMembership.new(Group.new("Admin"))
+          @a.merge!(@b)
+          @a.group_memberships(:NOTIS).include?("Admin").should be_true
+        end
+        it "does not merge group memberships when some are already known" do
+          @b.group_memberships(:ENU) << GroupMembership.new(Group.new("Developer"))
+          @a.merge!(@b)
+          @a.group_memberships(:ENU).size.should == 1
+        end
+      end
+      describe 'of identifiers' do
+        before do
+          @a.identifiers[:ssn] = "123-45-6789"
+        end
+        it 'preserves an identifier that is already set' do
+          @b.identifiers[:ssn] = "321-54-9876"
+          @a.merge!(@b)
+          @a.identifiers[:ssn].should == "123-45-6789"
+        end
+        it 'copies an identifier that is new' do
+          @b.identifiers[:netid] = 'bob789'
+          @a.merge!(@b)
+          @a.identifiers[:netid].should == 'bob789'
+        end
+        it 'leaves alone an identifier that is not present in the argument' do
+          @b.identifiers[:netid] = 'bob789'
+          @a.merge!(@b)
+          @a.identifiers[:ssn].should == "123-45-6789"
+        end
+      end
+    end
+    describe 'nu_employee_id' do
+      describe 'setter' do
+        before do
+          @u.nu_employee_id = "1234"
+        end
+        it "is deprecated" do
+          deprecation_message.should =~ /nu_employee_id is deprecated\. Use identifiers\[:nu_employee_id\] instead..*3.0/
+        end
+        it 'sets the value in #identifers' do
+          @u.identifiers[:nu_employee_id].should == "1234"
+        end
+      end
+      describe 'getter' do
+        before do
+          @u.identifiers[:nu_employee_id] = "funfzehn"
+        end
+        let!(:subject) { @u.nu_employee_id }
+        it 'is deprecated' do
+          deprecation_message.should =~ /nu_employee_id is deprecated\. Use identifiers\[:nu_employee_id\] instead..*3.0/
+        end
+        it 'reads the value from #identifiers' do
+          subject.should == "funfzehn"
+        end
+      end
+    end
+    describe 'personnel_id' do
+      describe 'setter' do
+        before do
+          @u.personnel_id = "1234"
+        end
+        it "is deprecated" do
+          deprecation_message.should =~ /personnel_id is deprecated\. Use identifiers\[:personnel_id\] instead..*3.0/
+        end
+        it 'sets the value in #identifers' do
+          @u.identifiers[:personnel_id].should == "1234"
+        end
+      end
+      describe 'getter' do
+        before do
+          @u.identifiers[:personnel_id] = "funfzehn"
+        end
+        let!(:subject) { @u.personnel_id }
+        it 'is deprecated' do
+          deprecation_message.should =~ /personnel_id is deprecated\. Use identifiers\[:personnel_id\] instead..*3.0/
+        end
+        it 'reads the value from #identifiers' do
+          subject.should == "funfzehn"
+        end
+      end
+    end
+  end
+end

data/spec/aker_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require File.expand_path('../spec_helper', __FILE__)
+require 'aker'
+describe Aker do
+  before do
+    Aker.authority = nil
+    Aker.configuration = nil
+  end
+  after do
+    Aker.authority = nil
+    Aker.configuration = nil
+  end
+  describe "::VERSION" do
+    it "exists" do
+      lambda { Aker::VERSION }.should_not raise_error
+    end
+    it "has three or four dot-separated parts" do
+      Aker::VERSION.split('.').size.should be_between(3, 4)
+    end
+  end
+  describe "configuration" do
+    it "can be set directly" do
+      Aker.configuration = Aker::Configuration.new { portal :ENU }
+      Aker.configuration.portal.should == :ENU
+    end
+    it "does not accumulate direct set configurations" do
+      Aker.configuration = Aker::Configuration.new { api_mode :basic }
+      Aker.configuration = Aker::Configuration.new { portal :ENU }
+      Aker.configuration.api_modes.should == [] # the default
+    end
+    it "can be configured using #configure" do
+      Aker.configure { portal :ENU }
+      Aker.configuration.portal.should == :ENU
+    end
+    it "accumulates #configure configurations" do
+      Aker.configure { api_modes :basic, :cas_proxy }
+      Aker.configure { portal :LIMS }
+      Aker.configuration.api_modes.should == [:basic, :cas_proxy]
+      Aker.configuration.portal.should == :LIMS
+    end
+  end
+  describe "authority" do
+    before do
+      @auth = Aker::Authorities::Static.new
+      @auth.valid_credentials!(:cas, "jo", "ST-12345")
+    end
+    it "can be set directly" do
+      Aker.authority = @auth
+      Aker.authority.valid_credentials?(:cas, "ST-12345").should_not be_nil
+    end
+    it "uses the composite authority from the configuration by default" do
+      Aker.configuration = Aker::Configuration.new {
+        a = Aker::Authorities::Static.new
+        a.valid_credentials!(:magic, "jo", "man")
+        authority a
+      }
+      Aker.configuration.logger = spec_logger
+      Aker.authority.valid_credentials?(:magic, "man").username.should == "jo"
+    end
+    it "prefers a directly-set authority" do
+      Aker.configuration = Aker::Configuration.new { authority :static }
+      Aker.configuration.logger = spec_logger
+      Aker.authority.valid_credentials?(:cas,  "ST-12345").should be_nil
+      Aker.authority = @auth
+      Aker.authority.valid_credentials?(:cas,  "ST-12345").should_not be_nil
+    end
+  end
+end