aker 3.0.0.pre

Sign up to get free protection for your applications and to get access to all the features.
Files changed (118) hide show
  1. data/CHANGELOG.md +210 -0
  2. data/README.md +282 -0
  3. data/assets/aker/form/login.css +73 -0
  4. data/assets/aker/form/login.html.erb +44 -0
  5. data/lib/aker/authorities/automatic_access.rb +36 -0
  6. data/lib/aker/authorities/composite.rb +301 -0
  7. data/lib/aker/authorities/static.rb +283 -0
  8. data/lib/aker/authorities/support/find_sole_user.rb +24 -0
  9. data/lib/aker/authorities/support.rb +9 -0
  10. data/lib/aker/authorities.rb +46 -0
  11. data/lib/aker/cas/authority.rb +79 -0
  12. data/lib/aker/cas/configuration_helper.rb +85 -0
  13. data/lib/aker/cas/middleware/logout_responder.rb +49 -0
  14. data/lib/aker/cas/middleware/ticket_remover.rb +35 -0
  15. data/lib/aker/cas/middleware.rb +6 -0
  16. data/lib/aker/cas/proxy_mode.rb +108 -0
  17. data/lib/aker/cas/rack_proxy_callback.rb +188 -0
  18. data/lib/aker/cas/service_mode.rb +88 -0
  19. data/lib/aker/cas/service_url.rb +62 -0
  20. data/lib/aker/cas/user_ext.rb +64 -0
  21. data/lib/aker/cas.rb +31 -0
  22. data/lib/aker/central_parameters.rb +101 -0
  23. data/lib/aker/configuration.rb +534 -0
  24. data/lib/aker/deprecation.rb +105 -0
  25. data/lib/aker/form/custom_views_mode.rb +80 -0
  26. data/lib/aker/form/login_form_asset_provider.rb +56 -0
  27. data/lib/aker/form/middleware/custom_view_login_responder.rb +19 -0
  28. data/lib/aker/form/middleware/login_renderer.rb +72 -0
  29. data/lib/aker/form/middleware/login_responder.rb +71 -0
  30. data/lib/aker/form/middleware/logout_responder.rb +26 -0
  31. data/lib/aker/form/middleware.rb +10 -0
  32. data/lib/aker/form/mode.rb +118 -0
  33. data/lib/aker/form.rb +26 -0
  34. data/lib/aker/group.rb +67 -0
  35. data/lib/aker/group_membership.rb +162 -0
  36. data/lib/aker/ldap/authority.rb +392 -0
  37. data/lib/aker/ldap/user_ext.rb +19 -0
  38. data/lib/aker/ldap.rb +22 -0
  39. data/lib/aker/modes/base.rb +85 -0
  40. data/lib/aker/modes/http_basic.rb +100 -0
  41. data/lib/aker/modes/support/attempted_path.rb +22 -0
  42. data/lib/aker/modes/support/rfc_2617.rb +32 -0
  43. data/lib/aker/modes/support.rb +12 -0
  44. data/lib/aker/modes.rb +48 -0
  45. data/lib/aker/rack/authenticate.rb +37 -0
  46. data/lib/aker/rack/configuration_helper.rb +18 -0
  47. data/lib/aker/rack/default_logout_responder.rb +36 -0
  48. data/lib/aker/rack/environment_helper.rb +34 -0
  49. data/lib/aker/rack/facade.rb +102 -0
  50. data/lib/aker/rack/failure.rb +69 -0
  51. data/lib/aker/rack/logout.rb +63 -0
  52. data/lib/aker/rack/request_ext.rb +19 -0
  53. data/lib/aker/rack/session_timer.rb +95 -0
  54. data/lib/aker/rack/setup.rb +77 -0
  55. data/lib/aker/rack.rb +107 -0
  56. data/lib/aker/test/helpers.rb +22 -0
  57. data/lib/aker/test.rb +8 -0
  58. data/lib/aker/user.rb +231 -0
  59. data/lib/aker/version.rb +3 -0
  60. data/lib/aker.rb +51 -0
  61. data/spec/aker/aker-sample.yml +11 -0
  62. data/spec/aker/authorities/automatic_access_spec.rb +52 -0
  63. data/spec/aker/authorities/composite_spec.rb +488 -0
  64. data/spec/aker/authorities/nu-schema.jar +0 -0
  65. data/spec/aker/authorities/static_spec.rb +455 -0
  66. data/spec/aker/authorities/support/find_sole_user_spec.rb +33 -0
  67. data/spec/aker/authorities_spec.rb +16 -0
  68. data/spec/aker/cas/authority_spec.rb +106 -0
  69. data/spec/aker/cas/configuration_helper_spec.rb +92 -0
  70. data/spec/aker/cas/middleware/logout_responder_spec.rb +47 -0
  71. data/spec/aker/cas/middleware/ticket_remover_spec.rb +49 -0
  72. data/spec/aker/cas/proxy_mode_spec.rb +185 -0
  73. data/spec/aker/cas/rack_proxy_callback_spec.rb +190 -0
  74. data/spec/aker/cas/service_mode_spec.rb +122 -0
  75. data/spec/aker/cas/service_url_spec.rb +114 -0
  76. data/spec/aker/cas/user_ext_spec.rb +27 -0
  77. data/spec/aker/cas_spec.rb +19 -0
  78. data/spec/aker/central_parameters_spec.rb +44 -0
  79. data/spec/aker/configuration_spec.rb +465 -0
  80. data/spec/aker/deprecation_spec.rb +115 -0
  81. data/spec/aker/form/a_form_mode.rb +129 -0
  82. data/spec/aker/form/custom_views_mode_spec.rb +34 -0
  83. data/spec/aker/form/login_form_asset_provider_spec.rb +80 -0
  84. data/spec/aker/form/middleware/a_form_login_responder.rb +89 -0
  85. data/spec/aker/form/middleware/custom_view_login_responder_spec.rb +47 -0
  86. data/spec/aker/form/middleware/login_renderer_spec.rb +56 -0
  87. data/spec/aker/form/middleware/login_responder_spec.rb +34 -0
  88. data/spec/aker/form/middleware/logout_responder_spec.rb +55 -0
  89. data/spec/aker/form/mode_spec.rb +15 -0
  90. data/spec/aker/form_spec.rb +11 -0
  91. data/spec/aker/group_membership_spec.rb +208 -0
  92. data/spec/aker/group_spec.rb +66 -0
  93. data/spec/aker/ldap/authority_spec.rb +414 -0
  94. data/spec/aker/ldap/ldap-users.ldif +197 -0
  95. data/spec/aker/ldap_spec.rb +11 -0
  96. data/spec/aker/modes/a_aker_mode.rb +41 -0
  97. data/spec/aker/modes/http_basic_spec.rb +127 -0
  98. data/spec/aker/modes/support/attempted_path_spec.rb +32 -0
  99. data/spec/aker/modes_spec.rb +11 -0
  100. data/spec/aker/rack/authenticate_spec.rb +78 -0
  101. data/spec/aker/rack/default_logout_responder_spec.rb +67 -0
  102. data/spec/aker/rack/facade_spec.rb +154 -0
  103. data/spec/aker/rack/failure_spec.rb +151 -0
  104. data/spec/aker/rack/logout_spec.rb +63 -0
  105. data/spec/aker/rack/request_ext_spec.rb +29 -0
  106. data/spec/aker/rack/session_timer_spec.rb +134 -0
  107. data/spec/aker/rack/setup_spec.rb +87 -0
  108. data/spec/aker/rack_spec.rb +216 -0
  109. data/spec/aker/test/helpers_spec.rb +44 -0
  110. data/spec/aker/user_spec.rb +362 -0
  111. data/spec/aker_spec.rb +80 -0
  112. data/spec/deprecation_helper.rb +58 -0
  113. data/spec/java_helper.rb +5 -0
  114. data/spec/logger_helper.rb +17 -0
  115. data/spec/matchers.rb +31 -0
  116. data/spec/mock_builder.rb +25 -0
  117. data/spec/spec_helper.rb +52 -0
  118. metadata +265 -0
data/lib/aker/cas/user_ext.rb ADDED
@@ -0,0 +1,64 @@
1
+ require 'aker/cas'
2
+
3
+ require 'castanet'
4
+
5
+ module Aker::Cas
6
+ ##
7
+ # Extensions for {Aker::User} instances that come from CAS
8
+ # credentials.
9
+ module UserExt
10
+ include Castanet::Client
11
+
12
+ ##
13
+ # The base URL of the CAS server.
14
+ #
15
+ # This is typically set by {Authority#valid_credentials?}.
16
+ #
17
+ # @see Aker::Cas::ConfigurationHelper#cas_url
18
+ # @return [String]
19
+ attr_accessor :cas_url
20
+
21
+ ##
22
+ # The proxy callback URL used by the CAS server.
23
+ #
24
+ # This is typically set by {Authority#valid_credentials?}.
25
+ #
26
+ # @see Aker::Cas::ConfigurationHelper#proxy_callback_url
27
+ # @return [String, nil]
28
+ attr_accessor :proxy_callback_url
29
+
30
+ ##
31
+ # The proxy retrieval URL from which Aker will retrieve PGTs.
32
+ #
33
+ # This is typically set by {Authority#valid_credentials?}.
34
+ #
35
+ # @see Aker::Cas::ConfigurationHelper#proxy_retrieval_url
36
+ # @return [String, nil]
37
+ attr_accessor :proxy_retrieval_url
38
+
39
+ ##
40
+ # The proxy granting ticket associated with the {Aker::User}, or nil if no
41
+ # PGT exists.
42
+ #
43
+ # @return [String, nil]
44
+ attr_accessor :pgt
45
+
46
+ ##
47
+ # Returns a proxy ticket so that an application may authenticate
48
+ # to another CAS-using service on behalf of this user. Each
49
+ # invocation will request and return a fresh ticket.
50
+ #
51
+ # @param [String] service_base_url the URL by which CAS knows the
52
+ # service that this proxy will be used for. For aker-protected
53
+ # applications, this will always be the base URL for the whole
54
+ # application — i.e., the URL for the server plus the mount
55
+ # point for the application, if any.
56
+ #
57
+ # @see ProxyMode#service_url
58
+ #
59
+ # @return [String] a new ticket
60
+ def cas_proxy_ticket(service_base_url)
61
+ issue_proxy_ticket(pgt, service_base_url).ticket
62
+ end
63
+ end
64
+ end
data/lib/aker/cas.rb ADDED
@@ -0,0 +1,31 @@
1
+ require 'aker'
2
+
3
+ module Aker
4
+ ##
5
+ # Common code for dealing with CAS servers.
6
+ module Cas
7
+ autoload :Authority, 'aker/cas/authority'
8
+ autoload :ConfigurationHelper, 'aker/cas/configuration_helper'
9
+ autoload :Middleware, 'aker/cas/middleware'
10
+ autoload :ProxyMode, 'aker/cas/proxy_mode'
11
+ autoload :RackProxyCallback, 'aker/cas/rack_proxy_callback'
12
+ autoload :ServiceMode, 'aker/cas/service_mode'
13
+ autoload :ServiceUrl, 'aker/cas/service_url'
14
+ autoload :UserExt, 'aker/cas/user_ext'
15
+
16
+ ##
17
+ # @private
18
+ class Slice < Aker::Configuration::Slice
19
+ def initialize
20
+ super do
21
+ alias_authority :cas, Authority
22
+
23
+ register_mode ProxyMode
24
+ register_mode ServiceMode
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+
31
+ Aker::Configuration.add_default_slice(Aker::Cas::Slice.new)
data/lib/aker/central_parameters.rb ADDED
@@ -0,0 +1,101 @@
1
+ require 'aker'
2
+ require 'yaml'
3
+
4
+ module Aker
5
+ ##
6
+ # Provides consistent access to server-based defaults for
7
+ # configuration parameters. These defaults are stored in a YAML file
8
+ # on the server and updated separately from application
9
+ # deployments. E.g., you might have the following in
10
+ # /etc/nubic/aker-prod.yml:
11
+ #
12
+ # ldap:
13
+ # server: ldap.example.org
14
+ # user: cn=foo
15
+ # password: 13635;nefvqerg35245gk
16
+ # policy:
17
+ # session_timeout_seconds: 1500
18
+ #
19
+ # The top level keys in this file correspond to parameter groups in
20
+ # a {Aker::Configuration}. If this file were loaded like so,
21
+ #
22
+ # Aker.configure {
23
+ # central '/etc/nubic/aker-prod.yml'
24
+ # }
25
+ #
26
+ # it would be equivalent to the following:
27
+ #
28
+ # Aker.configure {
29
+ # ldap_parameters :server => 'ldap.example.org',
30
+ # :user => 'cn=foo',
31
+ # :password => '13635;nefvqerg35245gk'
32
+ # policy_parameters :session_timeout_seconds => 1500
33
+ # }
34
+ #
35
+ # The `central` approach has several benefits:
36
+ #
37
+ # * It is simultaneously updateable for all applications on a
38
+ # server.
39
+ # * It separates system administration tasks from application
40
+ # developer concerns.
41
+ # * It provides an easy alternative to checking sensitive
42
+ # information (in this example, the LDAP password) into the VCS.
43
+ # * No flexibility is lost &mdash; individual applications may still
44
+ # override parameter values if necessary.
45
+ #
46
+ # @see https://github.com/NUBIC/bcdatabase
47
+ # Bcdatabase: a tool which provides similar capabilities for
48
+ # database and service configurations.
49
+ class CentralParameters < Hash
50
+ ##
51
+ # Creates a new instance with the given overrides.
52
+ #
53
+ # @param [String, Hash] values if a hash, it is used as a set of
54
+ # overrides directly. Otherwise it is interpreted as the filename
55
+ # for the system central parameters YAML file.
56
+ def initialize(values = {})
57
+ super
58
+
59
+ unless values.is_a? Hash
60
+ values = YAML::load( File.open(values) )
61
+ end
62
+
63
+ values = nested_symbolize_keys!(deep_clone(values))
64
+ update(values)
65
+ end
66
+
67
+ ##
68
+ # Returns the value or (more likely) hash of values corresponding
69
+ # to the given top-level configuration section.
70
+ #
71
+ # Note that, no matter the structure of the values hash provided
72
+ # on construction, all keys in any hashes returned by this method
73
+ # will be symbols.
74
+ #
75
+ # @param [Symbol] key the configuration section to access
76
+ def [](key)
77
+ super
78
+ end
79
+
80
+ #######
81
+ private
82
+
83
+ def deep_clone(src)
84
+ clone = { }
85
+ src.each_pair do |k, v|
86
+ clone[k] = v.is_a?(Hash) ? deep_clone(v) : v
87
+ end
88
+ clone
89
+ end
90
+
91
+ def nested_symbolize_keys!(target)
92
+ target.keys.each do |k|
93
+ v = target[k]
94
+ nested_symbolize_keys!(v) if v.respond_to?(:keys)
95
+ target.delete(k)
96
+ target[k.to_sym] = v
97
+ end
98
+ target
99
+ end
100
+ end
101
+ end