aker 3.0.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. data/CHANGELOG.md +210 -0
  2. data/README.md +282 -0
  3. data/assets/aker/form/login.css +73 -0
  4. data/assets/aker/form/login.html.erb +44 -0
  5. data/lib/aker/authorities/automatic_access.rb +36 -0
  6. data/lib/aker/authorities/composite.rb +301 -0
  7. data/lib/aker/authorities/static.rb +283 -0
  8. data/lib/aker/authorities/support/find_sole_user.rb +24 -0
  9. data/lib/aker/authorities/support.rb +9 -0
  10. data/lib/aker/authorities.rb +46 -0
  11. data/lib/aker/cas/authority.rb +79 -0
  12. data/lib/aker/cas/configuration_helper.rb +85 -0
  13. data/lib/aker/cas/middleware/logout_responder.rb +49 -0
  14. data/lib/aker/cas/middleware/ticket_remover.rb +35 -0
  15. data/lib/aker/cas/middleware.rb +6 -0
  16. data/lib/aker/cas/proxy_mode.rb +108 -0
  17. data/lib/aker/cas/rack_proxy_callback.rb +188 -0
  18. data/lib/aker/cas/service_mode.rb +88 -0
  19. data/lib/aker/cas/service_url.rb +62 -0
  20. data/lib/aker/cas/user_ext.rb +64 -0
  21. data/lib/aker/cas.rb +31 -0
  22. data/lib/aker/central_parameters.rb +101 -0
  23. data/lib/aker/configuration.rb +534 -0
  24. data/lib/aker/deprecation.rb +105 -0
  25. data/lib/aker/form/custom_views_mode.rb +80 -0
  26. data/lib/aker/form/login_form_asset_provider.rb +56 -0
  27. data/lib/aker/form/middleware/custom_view_login_responder.rb +19 -0
  28. data/lib/aker/form/middleware/login_renderer.rb +72 -0
  29. data/lib/aker/form/middleware/login_responder.rb +71 -0
  30. data/lib/aker/form/middleware/logout_responder.rb +26 -0
  31. data/lib/aker/form/middleware.rb +10 -0
  32. data/lib/aker/form/mode.rb +118 -0
  33. data/lib/aker/form.rb +26 -0
  34. data/lib/aker/group.rb +67 -0
  35. data/lib/aker/group_membership.rb +162 -0
  36. data/lib/aker/ldap/authority.rb +392 -0
  37. data/lib/aker/ldap/user_ext.rb +19 -0
  38. data/lib/aker/ldap.rb +22 -0
  39. data/lib/aker/modes/base.rb +85 -0
  40. data/lib/aker/modes/http_basic.rb +100 -0
  41. data/lib/aker/modes/support/attempted_path.rb +22 -0
  42. data/lib/aker/modes/support/rfc_2617.rb +32 -0
  43. data/lib/aker/modes/support.rb +12 -0
  44. data/lib/aker/modes.rb +48 -0
  45. data/lib/aker/rack/authenticate.rb +37 -0
  46. data/lib/aker/rack/configuration_helper.rb +18 -0
  47. data/lib/aker/rack/default_logout_responder.rb +36 -0
  48. data/lib/aker/rack/environment_helper.rb +34 -0
  49. data/lib/aker/rack/facade.rb +102 -0
  50. data/lib/aker/rack/failure.rb +69 -0
  51. data/lib/aker/rack/logout.rb +63 -0
  52. data/lib/aker/rack/request_ext.rb +19 -0
  53. data/lib/aker/rack/session_timer.rb +95 -0
  54. data/lib/aker/rack/setup.rb +77 -0
  55. data/lib/aker/rack.rb +107 -0
  56. data/lib/aker/test/helpers.rb +22 -0
  57. data/lib/aker/test.rb +8 -0
  58. data/lib/aker/user.rb +231 -0
  59. data/lib/aker/version.rb +3 -0
  60. data/lib/aker.rb +51 -0
  61. data/spec/aker/aker-sample.yml +11 -0
  62. data/spec/aker/authorities/automatic_access_spec.rb +52 -0
  63. data/spec/aker/authorities/composite_spec.rb +488 -0
  64. data/spec/aker/authorities/nu-schema.jar +0 -0
  65. data/spec/aker/authorities/static_spec.rb +455 -0
  66. data/spec/aker/authorities/support/find_sole_user_spec.rb +33 -0
  67. data/spec/aker/authorities_spec.rb +16 -0
  68. data/spec/aker/cas/authority_spec.rb +106 -0
  69. data/spec/aker/cas/configuration_helper_spec.rb +92 -0
  70. data/spec/aker/cas/middleware/logout_responder_spec.rb +47 -0
  71. data/spec/aker/cas/middleware/ticket_remover_spec.rb +49 -0
  72. data/spec/aker/cas/proxy_mode_spec.rb +185 -0
  73. data/spec/aker/cas/rack_proxy_callback_spec.rb +190 -0
  74. data/spec/aker/cas/service_mode_spec.rb +122 -0
  75. data/spec/aker/cas/service_url_spec.rb +114 -0
  76. data/spec/aker/cas/user_ext_spec.rb +27 -0
  77. data/spec/aker/cas_spec.rb +19 -0
  78. data/spec/aker/central_parameters_spec.rb +44 -0
  79. data/spec/aker/configuration_spec.rb +465 -0
  80. data/spec/aker/deprecation_spec.rb +115 -0
  81. data/spec/aker/form/a_form_mode.rb +129 -0
  82. data/spec/aker/form/custom_views_mode_spec.rb +34 -0
  83. data/spec/aker/form/login_form_asset_provider_spec.rb +80 -0
  84. data/spec/aker/form/middleware/a_form_login_responder.rb +89 -0
  85. data/spec/aker/form/middleware/custom_view_login_responder_spec.rb +47 -0
  86. data/spec/aker/form/middleware/login_renderer_spec.rb +56 -0
  87. data/spec/aker/form/middleware/login_responder_spec.rb +34 -0
  88. data/spec/aker/form/middleware/logout_responder_spec.rb +55 -0
  89. data/spec/aker/form/mode_spec.rb +15 -0
  90. data/spec/aker/form_spec.rb +11 -0
  91. data/spec/aker/group_membership_spec.rb +208 -0
  92. data/spec/aker/group_spec.rb +66 -0
  93. data/spec/aker/ldap/authority_spec.rb +414 -0
  94. data/spec/aker/ldap/ldap-users.ldif +197 -0
  95. data/spec/aker/ldap_spec.rb +11 -0
  96. data/spec/aker/modes/a_aker_mode.rb +41 -0
  97. data/spec/aker/modes/http_basic_spec.rb +127 -0
  98. data/spec/aker/modes/support/attempted_path_spec.rb +32 -0
  99. data/spec/aker/modes_spec.rb +11 -0
  100. data/spec/aker/rack/authenticate_spec.rb +78 -0
  101. data/spec/aker/rack/default_logout_responder_spec.rb +67 -0
  102. data/spec/aker/rack/facade_spec.rb +154 -0
  103. data/spec/aker/rack/failure_spec.rb +151 -0
  104. data/spec/aker/rack/logout_spec.rb +63 -0
  105. data/spec/aker/rack/request_ext_spec.rb +29 -0
  106. data/spec/aker/rack/session_timer_spec.rb +134 -0
  107. data/spec/aker/rack/setup_spec.rb +87 -0
  108. data/spec/aker/rack_spec.rb +216 -0
  109. data/spec/aker/test/helpers_spec.rb +44 -0
  110. data/spec/aker/user_spec.rb +362 -0
  111. data/spec/aker_spec.rb +80 -0
  112. data/spec/deprecation_helper.rb +58 -0
  113. data/spec/java_helper.rb +5 -0
  114. data/spec/logger_helper.rb +17 -0
  115. data/spec/matchers.rb +31 -0
  116. data/spec/mock_builder.rb +25 -0
  117. data/spec/spec_helper.rb +52 -0
  118. metadata +265 -0
@@ -0,0 +1,64 @@
1
+ require 'aker/cas'
2
+
3
+ require 'castanet'
4
+
5
+ module Aker::Cas
6
+ ##
7
+ # Extensions for {Aker::User} instances that come from CAS
8
+ # credentials.
9
+ module UserExt
10
+ include Castanet::Client
11
+
12
+ ##
13
+ # The base URL of the CAS server.
14
+ #
15
+ # This is typically set by {Authority#valid_credentials?}.
16
+ #
17
+ # @see Aker::Cas::ConfigurationHelper#cas_url
18
+ # @return [String]
19
+ attr_accessor :cas_url
20
+
21
+ ##
22
+ # The proxy callback URL used by the CAS server.
23
+ #
24
+ # This is typically set by {Authority#valid_credentials?}.
25
+ #
26
+ # @see Aker::Cas::ConfigurationHelper#proxy_callback_url
27
+ # @return [String, nil]
28
+ attr_accessor :proxy_callback_url
29
+
30
+ ##
31
+ # The proxy retrieval URL from which Aker will retrieve PGTs.
32
+ #
33
+ # This is typically set by {Authority#valid_credentials?}.
34
+ #
35
+ # @see Aker::Cas::ConfigurationHelper#proxy_retrieval_url
36
+ # @return [String, nil]
37
+ attr_accessor :proxy_retrieval_url
38
+
39
+ ##
40
+ # The proxy granting ticket associated with the {Aker::User}, or nil if no
41
+ # PGT exists.
42
+ #
43
+ # @return [String, nil]
44
+ attr_accessor :pgt
45
+
46
+ ##
47
+ # Returns a proxy ticket so that an application may authenticate
48
+ # to another CAS-using service on behalf of this user. Each
49
+ # invocation will request and return a fresh ticket.
50
+ #
51
+ # @param [String] service_base_url the URL by which CAS knows the
52
+ # service that this proxy will be used for. For aker-protected
53
+ # applications, this will always be the base URL for the whole
54
+ # application — i.e., the URL for the server plus the mount
55
+ # point for the application, if any.
56
+ #
57
+ # @see ProxyMode#service_url
58
+ #
59
+ # @return [String] a new ticket
60
+ def cas_proxy_ticket(service_base_url)
61
+ issue_proxy_ticket(pgt, service_base_url).ticket
62
+ end
63
+ end
64
+ end
data/lib/aker/cas.rb ADDED
@@ -0,0 +1,31 @@
1
+ require 'aker'
2
+
3
+ module Aker
4
+ ##
5
+ # Common code for dealing with CAS servers.
6
+ module Cas
7
+ autoload :Authority, 'aker/cas/authority'
8
+ autoload :ConfigurationHelper, 'aker/cas/configuration_helper'
9
+ autoload :Middleware, 'aker/cas/middleware'
10
+ autoload :ProxyMode, 'aker/cas/proxy_mode'
11
+ autoload :RackProxyCallback, 'aker/cas/rack_proxy_callback'
12
+ autoload :ServiceMode, 'aker/cas/service_mode'
13
+ autoload :ServiceUrl, 'aker/cas/service_url'
14
+ autoload :UserExt, 'aker/cas/user_ext'
15
+
16
+ ##
17
+ # @private
18
+ class Slice < Aker::Configuration::Slice
19
+ def initialize
20
+ super do
21
+ alias_authority :cas, Authority
22
+
23
+ register_mode ProxyMode
24
+ register_mode ServiceMode
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+
31
+ Aker::Configuration.add_default_slice(Aker::Cas::Slice.new)
@@ -0,0 +1,101 @@
1
+ require 'aker'
2
+ require 'yaml'
3
+
4
+ module Aker
5
+ ##
6
+ # Provides consistent access to server-based defaults for
7
+ # configuration parameters. These defaults are stored in a YAML file
8
+ # on the server and updated separately from application
9
+ # deployments. E.g., you might have the following in
10
+ # /etc/nubic/aker-prod.yml:
11
+ #
12
+ # ldap:
13
+ # server: ldap.example.org
14
+ # user: cn=foo
15
+ # password: 13635;nefvqerg35245gk
16
+ # policy:
17
+ # session_timeout_seconds: 1500
18
+ #
19
+ # The top level keys in this file correspond to parameter groups in
20
+ # a {Aker::Configuration}. If this file were loaded like so,
21
+ #
22
+ # Aker.configure {
23
+ # central '/etc/nubic/aker-prod.yml'
24
+ # }
25
+ #
26
+ # it would be equivalent to the following:
27
+ #
28
+ # Aker.configure {
29
+ # ldap_parameters :server => 'ldap.example.org',
30
+ # :user => 'cn=foo',
31
+ # :password => '13635;nefvqerg35245gk'
32
+ # policy_parameters :session_timeout_seconds => 1500
33
+ # }
34
+ #
35
+ # The `central` approach has several benefits:
36
+ #
37
+ # * It is simultaneously updateable for all applications on a
38
+ # server.
39
+ # * It separates system administration tasks from application
40
+ # developer concerns.
41
+ # * It provides an easy alternative to checking sensitive
42
+ # information (in this example, the LDAP password) into the VCS.
43
+ # * No flexibility is lost &mdash; individual applications may still
44
+ # override parameter values if necessary.
45
+ #
46
+ # @see https://github.com/NUBIC/bcdatabase
47
+ # Bcdatabase: a tool which provides similar capabilities for
48
+ # database and service configurations.
49
+ class CentralParameters < Hash
50
+ ##
51
+ # Creates a new instance with the given overrides.
52
+ #
53
+ # @param [String, Hash] values if a hash, it is used as a set of
54
+ # overrides directly. Otherwise it is interpreted as the filename
55
+ # for the system central parameters YAML file.
56
+ def initialize(values = {})
57
+ super
58
+
59
+ unless values.is_a? Hash
60
+ values = YAML::load( File.open(values) )
61
+ end
62
+
63
+ values = nested_symbolize_keys!(deep_clone(values))
64
+ update(values)
65
+ end
66
+
67
+ ##
68
+ # Returns the value or (more likely) hash of values corresponding
69
+ # to the given top-level configuration section.
70
+ #
71
+ # Note that, no matter the structure of the values hash provided
72
+ # on construction, all keys in any hashes returned by this method
73
+ # will be symbols.
74
+ #
75
+ # @param [Symbol] key the configuration section to access
76
+ def [](key)
77
+ super
78
+ end
79
+
80
+ #######
81
+ private
82
+
83
+ def deep_clone(src)
84
+ clone = { }
85
+ src.each_pair do |k, v|
86
+ clone[k] = v.is_a?(Hash) ? deep_clone(v) : v
87
+ end
88
+ clone
89
+ end
90
+
91
+ def nested_symbolize_keys!(target)
92
+ target.keys.each do |k|
93
+ v = target[k]
94
+ nested_symbolize_keys!(v) if v.respond_to?(:keys)
95
+ target.delete(k)
96
+ target[k.to_sym] = v
97
+ end
98
+ target
99
+ end
100
+ end
101
+ end