authpds 0.2.0 → 0.2.1

data/lib/authpds/session/authentication.rb

@@ -0,0 +1,24 @@
+module Authpds
+  module Session
+    module Authentication
+      def authenticated?
+        authenticate
+      end
+      protected :authenticated?
+
+      def authenticate
+        # Don't authenticate if the system is inaccessible.
+        # If the application session id is nil, skip this check.
+        return false if controller.cookies["#{calling_system}_inaccessible".to_sym] == session_id unless session_id.nil?
+        # If PDS session already established, authenticate
+        return true unless pds_user.nil?
+        # Establish a PDS session if the user logged in via an alternative SSO mechanism and this isn't being called after login
+        controller.redirect_to sso_url({
+          :return_url => controller.request.url }) if valid_sso_session? unless controller.params["action"] =="validate" or controller.performed?
+        # Otherwise, do not authenticate
+        return false
+      end
+      protected :authenticate
+    end
+  end
+end

data/lib/authpds/session/authlogic_callbacks.rb

@@ -0,0 +1,12 @@
+module Authpds
+  module Session
+    module AuthlogicCallbacks
+      # Callback method from Authlogic.
+      # Called while trying to persist the session.
+      def persist_session
+        destroy unless (authenticated? and authorized?) or anonymous?
+      end
+      protected :persist_session
+    end
+  end
+end

data/lib/authpds/session/authorization.rb

@@ -0,0 +1,16 @@
+module Authpds
+  module Session
+    module Authorization
+      def authorized?
+        # Set all the information that is needed to make an authorization decision
+        set_record and return authorize
+      end
+      protected :authorized?
+
+      def authorize
+        # If PDS user is not nil (PDS session already established), authorize
+        !pds_user.nil? && additional_authorization
+      end
+    end
+  end
+end

data/lib/authpds/session/callbacks.rb

@@ -0,0 +1,30 @@
+module Authpds
+  module Session
+    module Callbacks
+      # Hook for more complicated logic to determine PDS user record identifier
+      def pds_record_identifier
+        @pds_record_identifier ||= self.class.pds_record_identifier
+      end
+
+      # Hook to determine if we should set up an SSO session
+      def valid_sso_session?
+        return false
+      end
+
+      # Hook to provide additional authorization requirements
+      def additional_authorization
+        return true
+      end
+
+      # Hook to add additional user attributes.
+      def additional_attributes
+        {}
+      end
+
+      # Hook to update expiration date if necessary
+      def expiration_date
+        1.week.ago
+      end
+    end
+  end
+end

data/lib/authpds/session/config.rb

@@ -0,0 +1,60 @@
+module Authpds
+  module Session
+    module Config
+      # Base pds url
+      def pds_url(value = nil)
+        rw_config(:pds_url, value)
+      end
+      alias_method :pds_url=, :pds_url
+
+      # Name of the system
+      def calling_system(value = nil)
+        rw_config(:calling_system, value, "authpds")
+      end
+      alias_method :calling_system=, :calling_system
+
+      # Does the system allow anonymous access?
+      def anonymous(value = nil)
+        rw_config(:anonymous, value, true)
+      end
+      alias_method :anonymous=, :anonymous
+
+      # Mapping of PDS attributes
+      def pds_attributes(value = nil)
+        value.each_value { |pds_attr| pds_attr.gsub!("-", "_") } unless value.nil?
+        rw_config(:pds_attributes, value, {:email => "email", :firstname => "name", :lastname => "name", :primary_institution => "institute" })
+      end
+      alias_method :pds_attributes=, :pds_attributes
+
+      # Custom redirect logout url
+      def redirect_logout_url(value = nil)
+        rw_config(:redirect_logout_url, value, "")
+      end
+      alias_method :redirect_logout_url=, :redirect_logout_url
+
+      # Custom url to redirect to in case of system outage
+      def login_inaccessible_url(value = nil)
+        rw_config(:login_inaccessible_url, value, "")
+      end
+      alias_method :redirect_logout_url=, :redirect_logout_url
+
+      # PDS user method to call to identify record
+      def pds_record_identifier(value = nil)
+        rw_config(:pds_record_identifier, value, :id)
+      end
+      alias_method :pds_record_identifier=, :pds_record_identifier
+
+      # Querystring parameter key for the institution value
+      def institution_param_key(value = nil)
+        rw_config(:institution_param_key, value, "institute")
+      end
+      alias_method :institution_param_key=, :institution_param_key
+
+      # URL name for validation action
+      def validate_url_name(value = nil)
+        rw_config(:validate_url_name, value, "validate_url")
+      end
+      alias_method :validate_url_name=, :validate_url_name
+    end
+  end
+end

data/lib/authpds/session/core_attributes.rb

@@ -0,0 +1,45 @@
+module Authpds
+  module Session
+    module CoreAttributes
+      def anonymous
+        @anonymous ||=self.class.anonymous
+      end
+      alias anonymous? anonymous
+
+      def calling_system
+        @calling_system ||= self.class.calling_system
+      end
+      
+      def login_inaccessible_url
+        @login_inaccessible_url ||= self.class.login_inaccessible_url
+      end
+
+      def pds_attributes
+        @pds_attributes ||= self.class.pds_attributes
+      end
+
+      def pds_url
+        @pds_url ||= self.class.pds_url
+      end
+
+      def redirect_logout_url
+        @redirect_logout_url ||= self.class.redirect_logout_url
+      end
+
+      def validate_url_name
+        @validate_url_name ||= self.class.validate_url_name
+      end
+
+      def pds_handle
+        @pds_handle ||= (controller.cookies[:PDS_HANDLE] || controller.params[:pds_handle])
+      end
+
+      def session_id
+        @session_id ||=
+          (controller.session.respond_to?(:session_id)) ?
+            (controller.session.session_id) ?
+              controller.session.session_id : controller.session[:session_id] : controller.session[:session_id]
+      end
+    end
+  end
+end

data/lib/authpds/session/exception_handling.rb

@@ -0,0 +1,22 @@
+module Authpds
+  module Session
+    module ExceptionHandling
+      def handle_login_exception(error)
+        # Set a cookie saying that we've got some invalid stuff going on
+        # in this session.  Either PDS is screwy, OpenSSO is screwy, or both.
+        # Either way, we want to skip logging in since it's problematic (if anonymous).
+        controller.cookies["#{calling_system}_inaccessible".to_sym] = {
+          :value => session_id,
+          :path => "/" } if anonymous?
+        # If anonymous access isn't allowed, we can't rightfully set the cookie.
+        # We probably should send to a system down page.
+        controller.redirect_to(login_inaccessible_url)
+        alert_the_authorities error
+      end
+
+      def alert_the_authorities(error)
+        controller.logger.error("Error in #{self.class}. Something is amiss with PDS authentication.\n#{error}\n#{error.backtrace.inspect}}")
+      end
+    end
+  end
+end

data/lib/authpds/session/institution_attributes.rb

@@ -0,0 +1,15 @@
+module Authpds
+  module Session
+    module InstitutionAttributes
+      def institution_attributes
+        @institution_attributes ||=
+          (controller.current_primary_institution.nil? or controller.current_primary_institution.auth.nil?) ?
+            {} : controller.current_primary_institution.auth
+      end
+
+      def insitution_code
+        @institution_code ||= institution_attributes["code"]
+      end
+    end
+  end
+end

data/lib/authpds/session/pds_user.rb

@@ -0,0 +1,17 @@
+module Authpds
+  module Session
+    module PdsUser
+      def pds_user
+        begin
+          @pds_user ||= Authpds::Exlibris::Pds::BorInfo.new(pds_url, calling_system, pds_handle) unless pds_handle.nil?
+          return @pds_user unless @pds_user.nil? or @pds_user.error
+        rescue Exception => e
+          # Delete the PDS_HANDLE, since this isn't working.
+          # controller.cookies.delete(:PDS_HANDLE) unless pds_handle.nil?
+          handle_login_exception e
+          return nil
+        end
+      end
+    end
+  end
+end

data/lib/authpds/session/record.rb

@@ -0,0 +1,32 @@
+module Authpds
+  module Session
+    module Record
+      # Get the record associated with this PDS user.
+      def get_record(login)
+        record = (klass.find_by_smart_case_login_field(login) || klass.new(login_field => login))
+      end
+
+      # Set the record information associated with this PDS user.
+      def set_record
+        self.attempted_record = get_record(pds_user.send(pds_record_identifier))
+        self.attempted_record.expiration_date = expiration_date
+        # Do this part only if user data has expired.
+        reset_record attempted_record if self.attempted_record.expired?
+        self.attempted_record.user_attributes= additional_attributes
+      end
+
+      # Reset expired data
+      def reset_record(attempted_record)
+        pds_attributes.each do |record_attr, pds_attr|
+          attempted_record.send("#{record_attr}=".to_sym,
+            pds_user.send(pds_attr.to_sym)) if self.attempted_record.respond_to?("#{record_attr}=".to_sym)
+        end
+        pds_user.class.public_instance_methods(false).each do |pds_attr_reader|
+          attempted_record.user_attributes = {
+            pds_attr_reader.to_sym => pds_user.send(pds_attr_reader.to_sym) }
+        end
+      end
+      private :reset_record
+    end
+  end
+end

data/lib/authpds/session/url_handling.rb

@@ -0,0 +1,55 @@
+module Authpds
+  module Session
+    module UrlHandling
+      require "cgi"
+
+      # URL to redirect to for login.
+      # Preceded by :before_login
+      def login_url(params={})
+        auth_pds_login_url "load-login", params
+      end
+
+      # URL to redirect to in the case of establishing a SSO session.
+      def sso_url(params={})
+        auth_pds_login_url "sso", params
+      end
+
+      # URL to redirect to after logout.
+      def logout_url(params={})
+        auth_pds_url "logout", user_session_redirect_url(redirect_logout_url), params
+      end
+
+      def auth_pds_login_url(func, params)
+        auth_pds_url func, validate_url(params), :institute => insitution_code, :calling_system => calling_system
+      end
+      protected :auth_pds_login_url
+
+      def auth_pds_url(func, url, params)
+        auth_pds_url = "#{pds_url}/pds?func=#{func}"
+        params.each_pair do |key, value|
+          auth_pds_url << "&#{key}=#{CGI::escape(value)}" unless key.nil? or value.nil?
+        end
+        auth_pds_url << "&url=#{CGI::escape(url)}"
+      end
+      private :auth_pds_url
+
+      def user_session_redirect_url(url)
+        controller.user_session_redirect_url(url)
+      end
+      private :user_session_redirect_url
+
+      # Returns the URL for validating a UserSession on return from a remote login system.
+      def validate_url(params={})
+        url = controller.send(validate_url_name, :return_url => user_session_redirect_url(params[:return_url]))
+        return url if params.nil? or params.empty?
+        url << "?" if url.match('\?').nil?
+        params.each do |key, value|
+          next if [:controller, :action, :return_url].include?(key)
+          url << "&#{calling_system}_#{key}=#{CGI::escape(value)}" unless key.nil? or value.nil?
+        end
+        url
+      end
+      private :validate_url
+    end
+  end
+end

data/lib/authpds/version.rb

@@ -1,3 +1,3 @@
 module Authpds
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

data/test/{unit/authpds_controller_test.rb → authpds_controller_test.rb}

@@ -16,8 +16,10 @@ class ApplicationControllerTest < ActiveSupport::TestCase
   test "current_user_session" do
     assert_nil(controller.current_user_session)
     controller.cookies[:PDS_HANDLE] = { :value => VALID_PDS_HANDLE_FOR_NYU }
-    user_session = controller.current_user_session
-    assert_not_nil(user_session)
+    VCR.use_cassette('nyu') do
+      user_session = controller.current_user_session
+      assert_not_nil(user_session)
+    end
   end
 
   test "current_user_nil" do
@@ -27,9 +29,11 @@ class ApplicationControllerTest < ActiveSupport::TestCase
   test "current_user" do
     assert_nil(controller.current_user)
     controller.cookies[:PDS_HANDLE] = { :value => VALID_PDS_HANDLE_FOR_NYU }
-    user = controller.current_user
-    assert_not_nil(user)
-    assert_equal("N12162279", user.username)
+    VCR.use_cassette('nyu') do
+      user = controller.current_user
+      assert_not_nil(user)
+      assert_equal("N12162279", user.username)
+    end
   end
 
   test "current_primary_institution_nil" do
@@ -44,11 +48,15 @@ class ApplicationControllerTest < ActiveSupport::TestCase
   end
 
   test "current_primary_institution_user" do
-    assert_nil(controller.current_primary_institution)
-    Institutions.loadpaths<< "#{File.dirname(__FILE__)}/../support/config"
-    controller.cookies[:PDS_HANDLE] = { :value => VALID_PDS_HANDLE_FOR_NYU }
-    assert_equal("N12162279", controller.current_user.username)
-    assert_equal(Institutions.institutions[:NYU], controller.current_user.primary_institution)
-    assert_equal(Institutions.institutions[:NYU], controller.current_primary_institution)
+    assert_nothing_raised{
+      assert_nil(controller.current_primary_institution)
+      Institutions.loadpaths<< "#{File.dirname(__FILE__)}/../support/config"
+      controller.cookies[:PDS_HANDLE] = { :value => VALID_PDS_HANDLE_FOR_NYU }
+      VCR.use_cassette('nyu') do
+        assert_equal("N12162279", controller.current_user.username)
+        assert_equal(Institutions.institutions[:NYU], controller.current_user.primary_institution)
+        assert_equal(Institutions.institutions[:NYU], controller.current_primary_institution)
+      end
+    }
   end
 end

data/test/{unit/authpds_user_sessions_controller_test.rb → authpds_user_sessions_controller_test.rb}

@@ -8,6 +8,8 @@ class UserSessionsControllerTest < ActiveSupport::TestCase
   end
 
   test "current_user_session" do
-    user_session = controller.current_user_session
+    VCR.use_cassette('nyu') do
+      user_session = controller.current_user_session
+    end
   end
 end

data/test/fixtures/users.yml

@@ -17,7 +17,7 @@ ba36:
     :nyuidn => "N18158418", 
     :verification => "6EAF453D8B01E5AC27D9",
     :bor_status => "51",
-		:aleph_permissions => {} }.to_yaml.inspect  %>
+    :aleph_permissions => {} }.to_yaml.inspect  %>
 # std5:
 #   password_salt: <%#= salt = Authlogic::Random.hex_token %>
 #   crypted_password: <%#= Authlogic::CryptoProviders::Sha512.encrypt("std5" + salt) %>
@@ -45,5 +45,5 @@ st75:
     :nyuidn => "N10450419", 
     :verification => "A64C45148D130E78D8AA",
     :bor_status => "50",
-		:aleph_permissions => {} }.to_yaml.inspect  %>
+    :aleph_permissions => {} }.to_yaml.inspect  %>
 

data/test/pds_test.rb

@@ -0,0 +1,83 @@
+require 'test_helper'
+
+class PdsTest < ActiveSupport::TestCase
+
+  def setup
+    @pds_url = "https://logindev.library.nyu.edu"
+    @calling_system = "authpds"
+    @valid_pds_handle_for_nyu = VALID_PDS_HANDLE_FOR_NYU
+    @valid_pds_handle_for_newschool = VALID_PDS_HANDLE_FOR_NEWSCHOOL
+    @invalid_pds_handle = INVALID_PDS_HANDLE
+    @attribute = "bor_info"
+  end
+
+  test "get_attribute_valid" do
+    assert_nothing_raised {
+      VCR.use_cassette('get_attribute_bor_info') do
+        get_attribute = Authpds::Exlibris::Pds::GetAttribute.new(@pds_url, @calling_system, @valid_pds_handle_for_nyu, "bor_info")
+        assert_equal("N12162279", get_attribute.response.at("//id").inner_text)
+      end
+      VCR.use_cassette('get_attribute_bor_verification') do
+        get_attribute = Authpds::Exlibris::Pds::GetAttribute.new(@pds_url, @calling_system, @valid_pds_handle_for_nyu, "bor_verification")
+        assert_equal("N12162279", get_attribute.response.at("//id").inner_text)
+      end
+      VCR.use_cassette('get_attribute_bor_id') do
+        get_attribute = Authpds::Exlibris::Pds::GetAttribute.new(@pds_url, @calling_system, @valid_pds_handle_for_nyu, "bor_id")
+        assert_equal("N12162279", get_attribute.response.at("//id").inner_text)
+      end
+      VCR.use_cassette('get_attribute_authenticate') do
+        get_attribute = Authpds::Exlibris::Pds::GetAttribute.new(@pds_url, @calling_system, @valid_pds_handle_for_nyu, "authenticate")
+        assert_equal("N12162279", get_attribute.response.at("//id").inner_text)
+      end
+    }
+  end
+
+  test "get_attribute_invalid" do
+    VCR.use_cassette('get_attribute_invalid_bor_info') do
+      get_attribute = Authpds::Exlibris::Pds::GetAttribute.new(@pds_url, @calling_system, @invalid_pds_handle, "bor_info")
+      assert_equal("Error User does not exist", get_attribute.error)
+    end
+  end
+
+  test "bor_info_valid_nyu" do
+    VCR.use_cassette('bor_info_valid_nyu') do
+      nyu = Authpds::Exlibris::Pds::BorInfo.new(@pds_url, @calling_system, @valid_pds_handle_for_nyu)
+      assert_nothing_raised {
+        assert_equal("N12162279", nyu.id)
+        assert_equal("N12162279", nyu.nyuidn)
+        assert_equal("51", nyu.bor_status)
+        assert_equal("CB", nyu.bor_type)
+        assert_equal("SCOT THOMAS", nyu.name)
+        assert_equal("SCOT THOMAS", nyu.givenname)
+        assert_equal("DALTON", nyu.sn)
+        assert_equal("Y", nyu.ill_permission)
+        assert_equal("GA", nyu.college_code)
+        assert_equal("CSCI", nyu.dept_code)
+        assert_equal("Information Systems", nyu.major)
+      }
+    end
+  end
+
+  test "bor_info_valid_newschool" do
+    VCR.use_cassette('bor_info_valid_newschool') do
+      newschool = Authpds::Exlibris::Pds::BorInfo.new(@pds_url, @calling_system, @valid_pds_handle_for_newschool)
+      assert_nothing_raised {
+        assert_equal("N00206454", newschool.id)
+        assert_equal("N00206454", newschool.nyuidn)
+        assert_equal("31", newschool.bor_status)
+        assert_equal("0", newschool.bor_type)
+        assert_equal("Allen", newschool.name)
+        assert_equal("Allen", newschool.givenname)
+        assert_equal("Jones", newschool.sn)
+        assert_equal("Y", newschool.ill_permission)
+      }
+    end
+  end
+
+  test "bor_info_invalid" do
+    VCR.use_cassette('invalid_bor_info') do
+      get_attribute = Authpds::Exlibris::Pds::BorInfo.new(@pds_url, @calling_system, @invalid_pds_handle)
+      assert_equal("Error User does not exist", get_attribute.error)
+    end
+  end
+end