RubyGems - casino - Versions diffs - 1.0.0 → 1.1.0 - Mend

casino 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

data/app/controllers/casino/two_factor_authenticators_controller.rb ADDED

@@ -0,0 +1,15 @@
+class CASino::TwoFactorAuthenticatorsController < CASino::ApplicationController
+  include CASino::SessionsHelper
+  def new
+    processor(:TwoFactorAuthenticatorRegistrator).process(cookies, request.user_agent)
+  end
+  def create
+    processor(:TwoFactorAuthenticatorActivator).process(params, cookies, request.user_agent)
+  end
+  def destroy
+    processor(:TwoFactorAuthenticatorDestroyer).process(params, cookies, request.user_agent)
+  end
+end

data/app/views/casino/{sessions → application}/_footer.html.erb RENAMED

File without changes

data/app/views/casino/application/_messages.html.erb ADDED

@@ -0,0 +1,5 @@
+<% flash.each do |name, msg| %>
+  <% if msg.is_a?(String) %>
+    <%= content_tag :div, msg, :id => "flash_#{name}" %>
+  <% end %>
+<% end %>

data/app/views/casino/sessions/index.html.erb CHANGED

@@ -1,6 +1,6 @@
 <div class="container">
   <div class="sessions box">
+    <%= render 'messages' %>
     <div class="info">
       <h1><%= t('sessions.title') %></h1>
       <p>
@@ -8,6 +8,18 @@
       </p>
       <%= link_to t('sessions.label_logout_button'), logout_path, :class => 'button' %>
+    </div>
+    <div class="logo">
+      <%= image_tag "logo.png" %>
+    </div>
+      <h3><%= t('two_factor_authenticators.title') %></h3>
+      <% if @two_factor_authenticators.blank? %>
+        <%= t('two_factor_authenticators.disabled') %> - <%= link_to t('two_factor_authenticators.enable'), new_two_factor_authenticator_path %>
+      <% else %>
+        <%= t('two_factor_authenticators.enabled') %> - <%= link_to t('two_factor_authenticators.disable'), two_factor_authenticator_path(@two_factor_authenticators[0].id), method: :delete %>
+      <% end %>
       <h3><%= t('sessions.your_active_sessions') %></h3>
       <table width="100%" class="tickets">
@@ -44,7 +56,6 @@
           <% end %>
         </tbody>
       </table>
-    </div>
   </div>
   <%= render 'footer' %>
 </div>

data/app/views/casino/sessions/logout.html.erb CHANGED

@@ -11,6 +11,9 @@
         <% end %>
       </p>
     </div>
+    <div class="logo">
+      <%= image_tag "logo.png" %>
+    </div>
   </div>
   <%= render 'footer' %>
 </div>

data/app/views/casino/sessions/new.html.erb CHANGED

@@ -1,10 +1,6 @@
 <div class="container">
   <div class="login box">
-    <% flash.each do |name, msg| %>
-      <% if msg.is_a?(String) %>
-        <%= content_tag :div, msg, :id => "flash_#{name}" %>
-      <% end %>
-    <% end %>
+    <%= render 'messages' %>
     <div class="logo">
        <%= image_tag "logo.png" %>
     </div>

data/app/views/casino/sessions/validate_otp.html.erb ADDED

@@ -0,0 +1,17 @@
+<div class="container">
+  <div class="second_factor box">
+    <%= render 'messages' %>
+    <h1><%= t('validate_otp.title') %></h1>
+    <div class="form">
+      <%= form_tag(validate_otp_path, method: :post, id: 'validate_otp-form') do %>
+        <%= hidden_field_tag :tgt, @ticket_granting_ticket || params[:tgt] %>
+        <%= hidden_field_tag :service, params[:service] %>
+        <%= label_tag :code, t('validate_otp.code') %>
+        <%= text_field_tag :otp, nil, maxlength: 6 %>
+        <%= submit_tag t('validate_otp.submit') %>
+      <% end %>
+    </div>
+  </div>
+  <%= render 'footer' %>
+</div>

data/app/views/casino/two_factor_authenticators/new.html.erb ADDED

@@ -0,0 +1,32 @@
+<div class="container">
+  <div class="twofactor box">
+    <%= render 'messages' %>
+    <div class="info">
+      <h1><%= t('two_factor_authenticators.setup') %></h1>
+      <p>
+        <%= t('two_factor_authenticators.description').html_safe %>
+      </p>
+      <p>
+        <%= t('two_factor_authenticators.instructions') %>
+      </p>
+      <div id="qr-code">
+        <img src="http://chart.apis.google.com/chart?cht=qr&chs=250x250&chl=<%= u "otpauth://totp/CASino?secret=#{@two_factor_authenticator.secret}" %>" height="250" width="250"><br />
+      </div>
+      <p>
+        <%= t('two_factor_authenticators.secret') %>: <%= @two_factor_authenticator.secret %>
+      </p>
+    </div>
+    <div class="form">
+      <%= form_tag(two_factor_authenticators_path, method: :post, id: 'two_factor_authenticators-form') do %>
+        <%= hidden_field_tag :id, @two_factor_authenticator.id %>
+        <%= label_tag :code, t('two_factor_authenticators.code') %>
+        <%= text_field_tag :otp, nil, maxlength: 6 %>
+        <%= link_to t('two_factor_authenticators.cancel'), sessions_path, :class => 'secondary button' %>
+        <%= submit_tag t('two_factor_authenticators.submit') %>
+      <% end %>
+    </div>
+  </div>
+  <%= render 'footer' %>
+</div>

data/app/views/layouts/application.html.erb CHANGED

@@ -2,6 +2,7 @@
 <html>
 <head>
   <title>CASino</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
   <%= csrf_meta_tags %>

data/casino.gemspec CHANGED

@@ -17,6 +17,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ['lib']
+  s.signing_key   = File.expand_path '~/.gem/casino-private_key.pem'
+  s.cert_chain    = ['casino-public_cert.pem']
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'rspec', '~> 2.12'
   s.add_development_dependency 'rspec-rails', '~> 2.0'
@@ -25,5 +28,5 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'rails', '~> 3.2.9'
   s.add_runtime_dependency 'jquery-rails', '~> 2.1'
-  s.add_runtime_dependency 'casino_core', '~> 1.2.0'
+  s.add_runtime_dependency 'casino_core', '~> 1.3.0'
 end

data/config/locales/en.yml CHANGED

@@ -9,6 +9,12 @@ en:
     label_username: "Username"
     label_password: "Password"
     label_button: "Login"
+  validate_otp:
+    title: "Two-factor authentication"
+    description: "Please enter a valid one-time password."
+    code: "Code"
+    submit: "Continue"
+    invalid_otp: "The one-time password you entered is not correct."
   logout:
     title: "Bye."
     logged_out_without_url: "You have successfully logged out."
@@ -24,3 +30,20 @@ en:
       column_activity: "Most recent activity"
     current_session: "Current session"
     end_session: "End session"
+  two_factor_authenticators:
+    title: "Two-factor authentication"
+    setup: "Set up two-factor authentication"
+    description: "Tow-factor authentication requires you to enter an additional one-time password (OTP) each time you try to login to your account. An OTP can be created with an application such as the <a href='http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447'>Google Authenticator</a> with your mobile phone."
+    instructions: "If you are using Google Authenticator, scan the QR code below with the application. Enter the verification code in the text field below."
+    disabled: "Currently disabled"
+    enable: "Enable"
+    enabled: "Currently enabled"
+    disable: "Disable"
+    cancel: "Cancel"
+    secret: "Secret"
+    code: "Confirmation code"
+    submit: "Verify and enable"
+    invalid_one_time_password: "The one-time password was not correct."
+    invalid_two_factor_authenticator: "The two-factor authenticator expired. Please follow the instructions below."
+    successfully_activated: "The two-factor authenticator is now linked to this account."
+    successfully_deleted: "The two-factor authenticator was successfully deleted."

data/config/routes.rb CHANGED

@@ -1,8 +1,11 @@
 CASino::Engine.routes.draw do
   resources :sessions, only: [:index, :destroy]
+  resources :two_factor_authenticators, only: [:new, :create, :destroy]
   get 'login' => 'sessions#new'
   post 'login' => 'sessions#create'
   get 'logout' => 'sessions#logout'
+  post 'validate_otp' => 'sessions#validate_otp'
   get 'validate' => 'service_tickets#validate'
   get 'serviceValidate' => 'service_tickets#service_validate'

data/lib/casino/listener.rb CHANGED

@@ -9,9 +9,14 @@ module CASino
     autoload :LoginCredentialRequestor, 'casino/listener/login_credential_requestor.rb'
     autoload :Logout, 'casino/listener/logout.rb'
     autoload :ProxyTicketProvider, 'casino/listener/proxy_ticket_provider.rb'
+    autoload :SecondFactorAuthenticationAcceptor, 'casino/listener/second_factor_authentication_acceptor.rb'
     autoload :SessionDestroyer, 'casino/listener/session_destroyer.rb'
     autoload :SessionOverview, 'casino/listener/session_overview.rb'
     autoload :TicketValidator, 'casino/listener/ticket_validator.rb'
+    autoload :TwoFactorAuthenticatorActivator, 'casino/listener/two_factor_authenticator_activator.rb'
+    autoload :TwoFactorAuthenticatorDestroyer, 'casino/listener/two_factor_authenticator_destroyer.rb'
+    autoload :TwoFactorAuthenticatorOverview, 'casino/listener/two_factor_authenticator_overview.rb'
+    autoload :TwoFactorAuthenticatorRegistrator, 'casino/listener/two_factor_authenticator_registrator.rb'
     def initialize(controller)
       @controller = controller

data/lib/casino/listener/login_credential_acceptor.rb CHANGED

@@ -10,6 +10,11 @@ class CASino::Listener::LoginCredentialAcceptor < CASino::Listener
     end
   end
+  def two_factor_authentication_pending(ticket_granting_ticket)
+    assign(:ticket_granting_ticket, ticket_granting_ticket)
+    @controller.render 'validate_otp'
+  end
   def invalid_login_credentials(login_ticket)
     @controller.flash.now[:error] = I18n.t('login_credential_acceptor.invalid_login_credentials')
     rerender_login_page(login_ticket)

data/lib/casino/listener/second_factor_authentication_acceptor.rb ADDED

@@ -0,0 +1,26 @@
+require 'casino/listener'
+class CASino::Listener::SecondFactorAuthenticationAcceptor < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def user_logged_in(url, ticket_granting_ticket)
+    @controller.cookies[:tgt] = ticket_granting_ticket
+    if url.nil?
+      @controller.redirect_to sessions_path, status: :see_other
+    else
+      @controller.redirect_to url, status: :see_other
+    end
+  end
+  def invalid_one_time_password
+    @controller.flash.now[:error] = I18n.t('validate_otp.invalid_otp')
+  end
+  def service_not_allowed(service)
+    assign(:service, service)
+    @controller.render 'service_not_allowed', status: 403
+  end
+end

data/lib/casino/listener/two_factor_authenticator_activator.rb ADDED

@@ -0,0 +1,23 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorActivator < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_activated
+    @controller.flash[:notice] = I18n.t('two_factor_authenticators.successfully_activated')
+    @controller.redirect_to sessions_path
+  end
+  def invalid_one_time_password(two_factor_authenticator)
+    @controller.flash.now[:error] = I18n.t('two_factor_authenticators.invalid_one_time_password')
+    assign(:two_factor_authenticator, two_factor_authenticator)
+    @controller.render 'new'
+  end
+  def invalid_two_factor_authenticator
+    @controller.flash[:error] = I18n.t('two_factor_authenticators.invalid_two_factor_authenticator')
+    @controller.redirect_to new_two_factor_authenticator_path
+  end
+end

data/lib/casino/listener/two_factor_authenticator_destroyer.rb ADDED

@@ -0,0 +1,16 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorDestroyer < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_destroyed
+    @controller.flash[:notice] = I18n.t('two_factor_authenticators.successfully_deleted')
+    @controller.redirect_to sessions_path
+  end
+  def invalid_two_factor_authenticator
+    @controller.redirect_to sessions_path
+  end
+end

data/lib/casino/listener/two_factor_authenticator_overview.rb ADDED

@@ -0,0 +1,11 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorOverview < CASino::Listener
+  def user_not_logged_in
+    # nothing to do here
+  end
+  def two_factor_authenticators_found(two_factor_authenticators)
+    assign(:two_factor_authenticators, two_factor_authenticators)
+  end
+end

data/lib/casino/listener/two_factor_authenticator_registrator.rb ADDED

@@ -0,0 +1,11 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorRegistrator < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_registered(two_factor_authenticator)
+    assign(:two_factor_authenticator, two_factor_authenticator)
+  end
+end

data/lib/casino/version.rb CHANGED

@@ -1,3 +1,3 @@
 module CASino
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

data/lib/generators/casino/install_generator.rb CHANGED

@@ -11,15 +11,13 @@ module Casino # CASino would lead to c_a_sino...
     def copy_config_files
       copy_file 'cas.yml', 'config/cas.yml'
       copy_file 'database.yml', 'config/database.yml'
+      copy_file 'casino_and_overrides.scss', 'app/assets/stylesheets/casino_and_overrides.scss'
     end
     def insert_assets_loader
       insert_into_file 'app/assets/javascripts/application.js', :after => %r{//= require +['"]?jquery_ujs['"]?} do
         "\n//= require casino"
       end
-      insert_into_file "app/assets/stylesheets/application.css", :after => %r{\*= require_self} do
-        "\n *= require casino"
-      end
     end
     def insert_engine_routes

data/lib/generators/casino/templates/casino_and_overrides.scss ADDED

@@ -0,0 +1,12 @@
+// Default CASino settings
+// $buttonColor: #0074ad;
+// $buttonSecondaryColor: #c2c2c2;
+// $logo: "logo.png";
+// $logoRetina: "logo@2x.png";
+// $logoWidth: 146px;
+// $logoHeight: 34px;
+@import 'casino';

data/spec/controllers/listener/login_credential_acceptor_spec.rb CHANGED

@@ -77,4 +77,22 @@ describe CASino::Listener::LoginCredentialAcceptor do
       controller.instance_variable_get(:@service).should == service
     end
   end
+  context '#two_factor_authentication_pending' do
+    let(:ticket_granting_ticket) { 'TGT-123' }
+    before(:each) do
+      controller.stub(:render)
+    end
+    it 'tells the controller to render the service_not_allowed template' do
+      controller.should_receive(:render).with('validate_otp')
+      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
+    end
+    it 'assigns the not allowed service' do
+      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
+      controller.instance_variable_get(:@ticket_granting_ticket).should == ticket_granting_ticket
+    end
+  end
 end

data/spec/controllers/listener/second_factor_authentication_acceptor_spec.rb ADDED

@@ -0,0 +1,74 @@
+require 'spec_helper'
+describe CASino::Listener::SecondFactorAuthenticationAcceptor do
+  include CASino::Engine.routes.url_helpers
+  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
+  let(:listener) { described_class.new(controller) }
+  before(:each) do
+    controller.stub(:redirect_to)
+  end
+  describe '#user_not_logged_in' do
+    it 'redirects to the login page' do
+      controller.should_receive(:redirect_to).with(login_path)
+      listener.user_not_logged_in
+    end
+  end
+  describe '#user_logged_in' do
+    let(:ticket_granting_ticket) { 'TGT-123' }
+    context 'with a service url' do
+      let(:url) { 'http://www.example.com/?ticket=ST-123' }
+      it 'tells the controller to redirect the client' do
+        controller.should_receive(:redirect_to).with(url, status: :see_other)
+        listener.user_logged_in(url, ticket_granting_ticket)
+      end
+    end
+    context 'without a service url' do
+      let(:url) { nil }
+      it 'tells the controller to redirect to the session overview' do
+        controller.should_receive(:redirect_to).with(sessions_path, status: :see_other)
+        listener.user_logged_in(url, ticket_granting_ticket)
+      end
+      it 'creates the tgt cookie' do
+        listener.user_logged_in(url, ticket_granting_ticket)
+        controller.cookies[:tgt].should == ticket_granting_ticket
+      end
+    end
+  end
+  context "#invalid_one_time_password" do
+    let(:flash) { ActionDispatch::Flash::FlashHash.new }
+    before(:each) do
+      controller.stub(:render)
+      controller.stub(:flash).and_return(flash)
+    end
+    it 'should add an error message' do
+      listener.invalid_one_time_password
+      flash[:error].should == I18n.t('validate_otp.invalid_otp')
+    end
+  end
+  context '#service_not_allowed' do
+    let(:service) { 'http://www.example.com/foo' }
+    before(:each) do
+      controller.stub(:render)
+    end
+    it 'tells the controller to render the service_not_allowed template' do
+      controller.should_receive(:render).with('service_not_allowed', status: 403)
+      listener.send(:service_not_allowed, service)
+    end
+    it 'assigns the not allowed service' do
+      listener.send(:service_not_allowed, service)
+      controller.instance_variable_get(:@service).should == service
+    end
+  end
+end