RubyGems - aker - Versions diffs - 3.0.0.pre - Mend

aker 3.0.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

data/CHANGELOG.md +210 -0
data/README.md +282 -0
data/assets/aker/form/login.css +73 -0
data/assets/aker/form/login.html.erb +44 -0
data/lib/aker/authorities/automatic_access.rb +36 -0
data/lib/aker/authorities/composite.rb +301 -0
data/lib/aker/authorities/static.rb +283 -0
data/lib/aker/authorities/support/find_sole_user.rb +24 -0
data/lib/aker/authorities/support.rb +9 -0
data/lib/aker/authorities.rb +46 -0
data/lib/aker/cas/authority.rb +79 -0
data/lib/aker/cas/configuration_helper.rb +85 -0
data/lib/aker/cas/middleware/logout_responder.rb +49 -0
data/lib/aker/cas/middleware/ticket_remover.rb +35 -0
data/lib/aker/cas/middleware.rb +6 -0
data/lib/aker/cas/proxy_mode.rb +108 -0
data/lib/aker/cas/rack_proxy_callback.rb +188 -0
data/lib/aker/cas/service_mode.rb +88 -0
data/lib/aker/cas/service_url.rb +62 -0
data/lib/aker/cas/user_ext.rb +64 -0
data/lib/aker/cas.rb +31 -0
data/lib/aker/central_parameters.rb +101 -0
data/lib/aker/configuration.rb +534 -0
data/lib/aker/deprecation.rb +105 -0
data/lib/aker/form/custom_views_mode.rb +80 -0
data/lib/aker/form/login_form_asset_provider.rb +56 -0
data/lib/aker/form/middleware/custom_view_login_responder.rb +19 -0
data/lib/aker/form/middleware/login_renderer.rb +72 -0
data/lib/aker/form/middleware/login_responder.rb +71 -0
data/lib/aker/form/middleware/logout_responder.rb +26 -0
data/lib/aker/form/middleware.rb +10 -0
data/lib/aker/form/mode.rb +118 -0
data/lib/aker/form.rb +26 -0
data/lib/aker/group.rb +67 -0
data/lib/aker/group_membership.rb +162 -0
data/lib/aker/ldap/authority.rb +392 -0
data/lib/aker/ldap/user_ext.rb +19 -0
data/lib/aker/ldap.rb +22 -0
data/lib/aker/modes/base.rb +85 -0
data/lib/aker/modes/http_basic.rb +100 -0
data/lib/aker/modes/support/attempted_path.rb +22 -0
data/lib/aker/modes/support/rfc_2617.rb +32 -0
data/lib/aker/modes/support.rb +12 -0
data/lib/aker/modes.rb +48 -0
data/lib/aker/rack/authenticate.rb +37 -0
data/lib/aker/rack/configuration_helper.rb +18 -0
data/lib/aker/rack/default_logout_responder.rb +36 -0
data/lib/aker/rack/environment_helper.rb +34 -0
data/lib/aker/rack/facade.rb +102 -0
data/lib/aker/rack/failure.rb +69 -0
data/lib/aker/rack/logout.rb +63 -0
data/lib/aker/rack/request_ext.rb +19 -0
data/lib/aker/rack/session_timer.rb +95 -0
data/lib/aker/rack/setup.rb +77 -0
data/lib/aker/rack.rb +107 -0
data/lib/aker/test/helpers.rb +22 -0
data/lib/aker/test.rb +8 -0
data/lib/aker/user.rb +231 -0
data/lib/aker/version.rb +3 -0
data/lib/aker.rb +51 -0
data/spec/aker/aker-sample.yml +11 -0
data/spec/aker/authorities/automatic_access_spec.rb +52 -0
data/spec/aker/authorities/composite_spec.rb +488 -0
data/spec/aker/authorities/nu-schema.jar +0 -0
data/spec/aker/authorities/static_spec.rb +455 -0
data/spec/aker/authorities/support/find_sole_user_spec.rb +33 -0
data/spec/aker/authorities_spec.rb +16 -0
data/spec/aker/cas/authority_spec.rb +106 -0
data/spec/aker/cas/configuration_helper_spec.rb +92 -0
data/spec/aker/cas/middleware/logout_responder_spec.rb +47 -0
data/spec/aker/cas/middleware/ticket_remover_spec.rb +49 -0
data/spec/aker/cas/proxy_mode_spec.rb +185 -0
data/spec/aker/cas/rack_proxy_callback_spec.rb +190 -0
data/spec/aker/cas/service_mode_spec.rb +122 -0
data/spec/aker/cas/service_url_spec.rb +114 -0
data/spec/aker/cas/user_ext_spec.rb +27 -0
data/spec/aker/cas_spec.rb +19 -0
data/spec/aker/central_parameters_spec.rb +44 -0
data/spec/aker/configuration_spec.rb +465 -0
data/spec/aker/deprecation_spec.rb +115 -0
data/spec/aker/form/a_form_mode.rb +129 -0
data/spec/aker/form/custom_views_mode_spec.rb +34 -0
data/spec/aker/form/login_form_asset_provider_spec.rb +80 -0
data/spec/aker/form/middleware/a_form_login_responder.rb +89 -0
data/spec/aker/form/middleware/custom_view_login_responder_spec.rb +47 -0
data/spec/aker/form/middleware/login_renderer_spec.rb +56 -0
data/spec/aker/form/middleware/login_responder_spec.rb +34 -0
data/spec/aker/form/middleware/logout_responder_spec.rb +55 -0
data/spec/aker/form/mode_spec.rb +15 -0
data/spec/aker/form_spec.rb +11 -0
data/spec/aker/group_membership_spec.rb +208 -0
data/spec/aker/group_spec.rb +66 -0
data/spec/aker/ldap/authority_spec.rb +414 -0
data/spec/aker/ldap/ldap-users.ldif +197 -0
data/spec/aker/ldap_spec.rb +11 -0
data/spec/aker/modes/a_aker_mode.rb +41 -0
data/spec/aker/modes/http_basic_spec.rb +127 -0
data/spec/aker/modes/support/attempted_path_spec.rb +32 -0
data/spec/aker/modes_spec.rb +11 -0
data/spec/aker/rack/authenticate_spec.rb +78 -0
data/spec/aker/rack/default_logout_responder_spec.rb +67 -0
data/spec/aker/rack/facade_spec.rb +154 -0
data/spec/aker/rack/failure_spec.rb +151 -0
data/spec/aker/rack/logout_spec.rb +63 -0
data/spec/aker/rack/request_ext_spec.rb +29 -0
data/spec/aker/rack/session_timer_spec.rb +134 -0
data/spec/aker/rack/setup_spec.rb +87 -0
data/spec/aker/rack_spec.rb +216 -0
data/spec/aker/test/helpers_spec.rb +44 -0
data/spec/aker/user_spec.rb +362 -0
data/spec/aker_spec.rb +80 -0
data/spec/deprecation_helper.rb +58 -0
data/spec/java_helper.rb +5 -0
data/spec/logger_helper.rb +17 -0
data/spec/matchers.rb +31 -0
data/spec/mock_builder.rb +25 -0
data/spec/spec_helper.rb +52 -0
metadata +265 -0

data/lib/aker/cas/user_ext.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'aker/cas'
+require 'castanet'
+module Aker::Cas
+  ##
+  # Extensions for {Aker::User} instances that come from CAS
+  # credentials.
+  module UserExt
+    include Castanet::Client
+    ##
+    # The base URL of the CAS server.
+    #
+    # This is typically set by {Authority#valid_credentials?}.
+    #
+    # @see Aker::Cas::ConfigurationHelper#cas_url
+    # @return [String]
+    attr_accessor :cas_url
+    ##
+    # The proxy callback URL used by the CAS server.
+    #
+    # This is typically set by {Authority#valid_credentials?}.
+    #
+    # @see Aker::Cas::ConfigurationHelper#proxy_callback_url
+    # @return [String, nil]
+    attr_accessor :proxy_callback_url
+    ##
+    # The proxy retrieval URL from which Aker will retrieve PGTs.
+    #
+    # This is typically set by {Authority#valid_credentials?}.
+    #
+    # @see Aker::Cas::ConfigurationHelper#proxy_retrieval_url
+    # @return [String, nil]
+    attr_accessor :proxy_retrieval_url
+    ##
+    # The proxy granting ticket associated with the {Aker::User}, or nil if no
+    # PGT exists.
+    #
+    # @return [String, nil]
+    attr_accessor :pgt
+    ##
+    # Returns a proxy ticket so that an application may authenticate
+    # to another CAS-using service on behalf of this user.  Each
+    # invocation will request and return a fresh ticket.
+    #
+    # @param [String] service_base_url the URL by which CAS knows the
+    #   service that this proxy will be used for.  For aker-protected
+    #   applications, this will always be the base URL for the whole
+    #   application &mdash; i.e., the URL for the server plus the mount
+    #   point for the application, if any.
+    #
+    # @see ProxyMode#service_url
+    #
+    # @return [String] a new ticket
+    def cas_proxy_ticket(service_base_url)
+      issue_proxy_ticket(pgt, service_base_url).ticket
+    end
+  end
+end

data/lib/aker/cas.rb ADDED Viewed

@@ -0,0 +1,31 @@
+require 'aker'
+module Aker
+  ##
+  # Common code for dealing with CAS servers.
+  module Cas
+    autoload :Authority,           'aker/cas/authority'
+    autoload :ConfigurationHelper, 'aker/cas/configuration_helper'
+    autoload :Middleware,          'aker/cas/middleware'
+    autoload :ProxyMode,           'aker/cas/proxy_mode'
+    autoload :RackProxyCallback,   'aker/cas/rack_proxy_callback'
+    autoload :ServiceMode,         'aker/cas/service_mode'
+    autoload :ServiceUrl,          'aker/cas/service_url'
+    autoload :UserExt,             'aker/cas/user_ext'
+    ##
+    # @private
+    class Slice < Aker::Configuration::Slice
+      def initialize
+        super do
+          alias_authority :cas, Authority
+          register_mode ProxyMode
+          register_mode ServiceMode
+        end
+      end
+    end
+  end
+end
+Aker::Configuration.add_default_slice(Aker::Cas::Slice.new)

data/lib/aker/central_parameters.rb ADDED Viewed

@@ -0,0 +1,101 @@
+require 'aker'
+require 'yaml'
+module Aker
+  ##
+  # Provides consistent access to server-based defaults for
+  # configuration parameters. These defaults are stored in a YAML file
+  # on the server and updated separately from application
+  # deployments. E.g., you might have the following in
+  # /etc/nubic/aker-prod.yml:
+  #
+  #     ldap:
+  #       server: ldap.example.org
+  #       user: cn=foo
+  #       password: 13635;nefvqerg35245gk
+  #     policy:
+  #       session_timeout_seconds: 1500
+  #
+  # The top level keys in this file correspond to parameter groups in
+  # a {Aker::Configuration}. If this file were loaded like so,
+  #
+  #     Aker.configure {
+  #       central '/etc/nubic/aker-prod.yml'
+  #     }
+  #
+  # it would be equivalent to the following:
+  #
+  #     Aker.configure {
+  #       ldap_parameters :server => 'ldap.example.org',
+  #                       :user => 'cn=foo',
+  #                       :password => '13635;nefvqerg35245gk'
+  #       policy_parameters :session_timeout_seconds => 1500
+  #     }
+  #
+  # The `central` approach has several benefits:
+  #
+  # * It is simultaneously updateable for all applications on a
+  #   server.
+  # * It separates system administration tasks from application
+  #   developer concerns.
+  # * It provides an easy alternative to checking sensitive
+  #   information (in this example, the LDAP password) into the VCS.
+  # * No flexibility is lost &mdash; individual applications may still
+  #   override parameter values if necessary.
+  #
+  # @see https://github.com/NUBIC/bcdatabase
+  #      Bcdatabase: a tool which provides similar capabilities for
+  #      database and service configurations.
+  class CentralParameters < Hash
+    ##
+    # Creates a new instance with the given overrides.
+    #
+    # @param [String, Hash] values if a hash, it is used as a set of
+    #   overrides directly.  Otherwise it is interpreted as the filename
+    #   for the system central parameters YAML file.
+    def initialize(values = {})
+      super
+      unless values.is_a? Hash
+        values = YAML::load( File.open(values) )
+      end
+      values = nested_symbolize_keys!(deep_clone(values))
+      update(values)
+    end
+    ##
+    # Returns the value or (more likely) hash of values corresponding
+    # to the given top-level configuration section.
+    #
+    # Note that, no matter the structure of the values hash provided
+    # on construction, all keys in any hashes returned by this method
+    # will be symbols.
+    #
+    # @param [Symbol] key the configuration section to access
+    def [](key)
+      super
+    end
+    #######
+    private
+    def deep_clone(src)
+      clone = { }
+      src.each_pair do |k, v|
+        clone[k] = v.is_a?(Hash) ? deep_clone(v) : v
+      end
+      clone
+    end
+    def nested_symbolize_keys!(target)
+      target.keys.each do |k|
+        v = target[k]
+        nested_symbolize_keys!(v) if v.respond_to?(:keys)
+        target.delete(k)
+        target[k.to_sym] = v
+      end
+      target
+    end
+  end
+end