RubyGems - casino - Versions diffs - 1.0.0 → 1.1.0 - Mend

casino 1.0.0 → 1.1.0

Files changed (40) hide show

data/app/controllers/casino/two_factor_authenticators_controller.rb ADDED

@@ -0,0 +1,15 @@
+class CASino::TwoFactorAuthenticatorsController < CASino::ApplicationController
+  include CASino::SessionsHelper
+  def new
+    processor(:TwoFactorAuthenticatorRegistrator).process(cookies, request.user_agent)
+  end
+  def create
+    processor(:TwoFactorAuthenticatorActivator).process(params, cookies, request.user_agent)
+  end
+  def destroy
+    processor(:TwoFactorAuthenticatorDestroyer).process(params, cookies, request.user_agent)
+  end
+end

data/app/views/casino/{sessions → application}/_footer.html.erb RENAMED

File without changes

data/app/views/casino/application/_messages.html.erb ADDED

@@ -0,0 +1,5 @@
+<% flash.each do |name, msg| %>
+  <% if msg.is_a?(String) %>
+    <%= content_tag :div, msg, :id => "flash_#{name}" %>
+  <% end %>
+<% end %>

data/app/views/casino/sessions/index.html.erb CHANGED

@@ -1,6 +1,6 @@
 <div class="container">
   <div class="sessions box">
+    <%= render 'messages' %>
     <div class="info">
       <h1><%= t('sessions.title') %></h1>
       <p>
@@ -8,6 +8,18 @@
       </p>
       <%= link_to t('sessions.label_logout_button'), logout_path, :class => 'button' %>
+    </div>
+    <div class="logo">
+      <%= image_tag "logo.png" %>
+    </div>
+      <h3><%= t('two_factor_authenticators.title') %></h3>
+      <% if @two_factor_authenticators.blank? %>
+        <%= t('two_factor_authenticators.disabled') %> - <%= link_to t('two_factor_authenticators.enable'), new_two_factor_authenticator_path %>
+      <% else %>
+        <%= t('two_factor_authenticators.enabled') %> - <%= link_to t('two_factor_authenticators.disable'), two_factor_authenticator_path(@two_factor_authenticators[0].id), method: :delete %>
+      <% end %>
       <h3><%= t('sessions.your_active_sessions') %></h3>
       <table width="100%" class="tickets">
@@ -44,7 +56,6 @@
           <% end %>
         </tbody>
       </table>
-    </div>
   </div>
   <%= render 'footer' %>
 </div>

data/app/views/casino/sessions/logout.html.erb CHANGED

@@ -11,6 +11,9 @@
         <% end %>
       </p>
     </div>
+    <div class="logo">
+      <%= image_tag "logo.png" %>
+    </div>
   </div>
   <%= render 'footer' %>
 </div>

data/app/views/casino/sessions/new.html.erb CHANGED

@@ -1,10 +1,6 @@
 <div class="container">
   <div class="login box">
-    <% flash.each do |name, msg| %>
-      <% if msg.is_a?(String) %>
-        <%= content_tag :div, msg, :id => "flash_#{name}" %>
-      <% end %>
-    <% end %>
+    <%= render 'messages' %>
     <div class="logo">
        <%= image_tag "logo.png" %>
     </div>

data/app/views/casino/sessions/validate_otp.html.erb ADDED

@@ -0,0 +1,17 @@
+<div class="container">
+  <div class="second_factor box">
+    <%= render 'messages' %>
+    <h1><%= t('validate_otp.title') %></h1>
+    <div class="form">
+      <%= form_tag(validate_otp_path, method: :post, id: 'validate_otp-form') do %>
+        <%= hidden_field_tag :tgt, @ticket_granting_ticket || params[:tgt] %>
+        <%= hidden_field_tag :service, params[:service] %>
+        <%= label_tag :code, t('validate_otp.code') %>
+        <%= text_field_tag :otp, nil, maxlength: 6 %>
+        <%= submit_tag t('validate_otp.submit') %>
+      <% end %>
+    </div>
+  </div>
+  <%= render 'footer' %>
+</div>

data/app/views/casino/two_factor_authenticators/new.html.erb ADDED

@@ -0,0 +1,32 @@
+<div class="container">
+  <div class="twofactor box">
+    <%= render 'messages' %>
+    <div class="info">
+      <h1><%= t('two_factor_authenticators.setup') %></h1>
+      <p>
+        <%= t('two_factor_authenticators.description').html_safe %>
+      </p>
+      <p>
+        <%= t('two_factor_authenticators.instructions') %>
+      </p>
+      <div id="qr-code">
+        <img src="http://chart.apis.google.com/chart?cht=qr&chs=250x250&chl=<%= u "otpauth://totp/CASino?secret=#{@two_factor_authenticator.secret}" %>" height="250" width="250"><br />
+      </div>
+      <p>
+        <%= t('two_factor_authenticators.secret') %>: <%= @two_factor_authenticator.secret %>
+      </p>
+    </div>
+    <div class="form">
+      <%= form_tag(two_factor_authenticators_path, method: :post, id: 'two_factor_authenticators-form') do %>
+        <%= hidden_field_tag :id, @two_factor_authenticator.id %>
+        <%= label_tag :code, t('two_factor_authenticators.code') %>
+        <%= text_field_tag :otp, nil, maxlength: 6 %>
+        <%= link_to t('two_factor_authenticators.cancel'), sessions_path, :class => 'secondary button' %>
+        <%= submit_tag t('two_factor_authenticators.submit') %>
+      <% end %>
+    </div>
+  </div>
+  <%= render 'footer' %>
+</div>

data/app/views/layouts/application.html.erb CHANGED

@@ -2,6 +2,7 @@
 <html>
 <head>
   <title>CASino</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
   <%= csrf_meta_tags %>

data/casino.gemspec CHANGED

@@ -17,6 +17,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ['lib']
+  s.signing_key   = File.expand_path '~/.gem/casino-private_key.pem'
+  s.cert_chain    = ['casino-public_cert.pem']
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'rspec', '~> 2.12'
   s.add_development_dependency 'rspec-rails', '~> 2.0'
@@ -25,5 +28,5 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'rails', '~> 3.2.9'
   s.add_runtime_dependency 'jquery-rails', '~> 2.1'
-  s.add_runtime_dependency 'casino_core', '~> 1.2.0'
+  s.add_runtime_dependency 'casino_core', '~> 1.3.0'
 end

data/config/locales/en.yml CHANGED

@@ -9,6 +9,12 @@ en:
     label_username: "Username"
     label_password: "Password"
     label_button: "Login"
+  validate_otp:
+    title: "Two-factor authentication"
+    description: "Please enter a valid one-time password."
+    code: "Code"
+    submit: "Continue"
+    invalid_otp: "The one-time password you entered is not correct."
   logout:
     title: "Bye."
     logged_out_without_url: "You have successfully logged out."
@@ -24,3 +30,20 @@ en:
       column_activity: "Most recent activity"
     current_session: "Current session"
     end_session: "End session"
+  two_factor_authenticators:
+    title: "Two-factor authentication"
+    setup: "Set up two-factor authentication"
+    description: "Tow-factor authentication requires you to enter an additional one-time password (OTP) each time you try to login to your account. An OTP can be created with an application such as the <a href='http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447'>Google Authenticator</a> with your mobile phone."
+    instructions: "If you are using Google Authenticator, scan the QR code below with the application. Enter the verification code in the text field below."
+    disabled: "Currently disabled"
+    enable: "Enable"
+    enabled: "Currently enabled"
+    disable: "Disable"
+    cancel: "Cancel"
+    secret: "Secret"
+    code: "Confirmation code"
+    submit: "Verify and enable"
+    invalid_one_time_password: "The one-time password was not correct."
+    invalid_two_factor_authenticator: "The two-factor authenticator expired. Please follow the instructions below."
+    successfully_activated: "The two-factor authenticator is now linked to this account."
+    successfully_deleted: "The two-factor authenticator was successfully deleted."

data/config/routes.rb CHANGED

@@ -1,8 +1,11 @@
 CASino::Engine.routes.draw do
   resources :sessions, only: [:index, :destroy]
+  resources :two_factor_authenticators, only: [:new, :create, :destroy]
   get 'login' => 'sessions#new'
   post 'login' => 'sessions#create'
   get 'logout' => 'sessions#logout'
+  post 'validate_otp' => 'sessions#validate_otp'
   get 'validate' => 'service_tickets#validate'
   get 'serviceValidate' => 'service_tickets#service_validate'

data/lib/casino/listener.rb CHANGED

@@ -9,9 +9,14 @@ module CASino
     autoload :LoginCredentialRequestor, 'casino/listener/login_credential_requestor.rb'
     autoload :Logout, 'casino/listener/logout.rb'
     autoload :ProxyTicketProvider, 'casino/listener/proxy_ticket_provider.rb'
+    autoload :SecondFactorAuthenticationAcceptor, 'casino/listener/second_factor_authentication_acceptor.rb'
     autoload :SessionDestroyer, 'casino/listener/session_destroyer.rb'
     autoload :SessionOverview, 'casino/listener/session_overview.rb'
     autoload :TicketValidator, 'casino/listener/ticket_validator.rb'
+    autoload :TwoFactorAuthenticatorActivator, 'casino/listener/two_factor_authenticator_activator.rb'
+    autoload :TwoFactorAuthenticatorDestroyer, 'casino/listener/two_factor_authenticator_destroyer.rb'
+    autoload :TwoFactorAuthenticatorOverview, 'casino/listener/two_factor_authenticator_overview.rb'
+    autoload :TwoFactorAuthenticatorRegistrator, 'casino/listener/two_factor_authenticator_registrator.rb'
     def initialize(controller)
       @controller = controller

data/lib/casino/listener/login_credential_acceptor.rb CHANGED

@@ -10,6 +10,11 @@ class CASino::Listener::LoginCredentialAcceptor < CASino::Listener
     end
   end
+  def two_factor_authentication_pending(ticket_granting_ticket)
+    assign(:ticket_granting_ticket, ticket_granting_ticket)
+    @controller.render 'validate_otp'
+  end
   def invalid_login_credentials(login_ticket)
     @controller.flash.now[:error] = I18n.t('login_credential_acceptor.invalid_login_credentials')
     rerender_login_page(login_ticket)

data/lib/casino/listener/second_factor_authentication_acceptor.rb ADDED

@@ -0,0 +1,26 @@
+require 'casino/listener'
+class CASino::Listener::SecondFactorAuthenticationAcceptor < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def user_logged_in(url, ticket_granting_ticket)
+    @controller.cookies[:tgt] = ticket_granting_ticket
+    if url.nil?
+      @controller.redirect_to sessions_path, status: :see_other
+    else
+      @controller.redirect_to url, status: :see_other
+    end
+  end
+  def invalid_one_time_password
+    @controller.flash.now[:error] = I18n.t('validate_otp.invalid_otp')
+  end
+  def service_not_allowed(service)
+    assign(:service, service)
+    @controller.render 'service_not_allowed', status: 403
+  end
+end

data/lib/casino/listener/two_factor_authenticator_activator.rb ADDED

@@ -0,0 +1,23 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorActivator < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_activated
+    @controller.flash[:notice] = I18n.t('two_factor_authenticators.successfully_activated')
+    @controller.redirect_to sessions_path
+  end
+  def invalid_one_time_password(two_factor_authenticator)
+    @controller.flash.now[:error] = I18n.t('two_factor_authenticators.invalid_one_time_password')
+    assign(:two_factor_authenticator, two_factor_authenticator)
+    @controller.render 'new'
+  end
+  def invalid_two_factor_authenticator
+    @controller.flash[:error] = I18n.t('two_factor_authenticators.invalid_two_factor_authenticator')
+    @controller.redirect_to new_two_factor_authenticator_path
+  end
+end

data/lib/casino/listener/two_factor_authenticator_destroyer.rb ADDED

@@ -0,0 +1,16 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorDestroyer < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_destroyed
+    @controller.flash[:notice] = I18n.t('two_factor_authenticators.successfully_deleted')
+    @controller.redirect_to sessions_path
+  end
+  def invalid_two_factor_authenticator
+    @controller.redirect_to sessions_path
+  end
+end

data/lib/casino/listener/two_factor_authenticator_overview.rb ADDED

@@ -0,0 +1,11 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorOverview < CASino::Listener
+  def user_not_logged_in
+    # nothing to do here
+  end
+  def two_factor_authenticators_found(two_factor_authenticators)
+    assign(:two_factor_authenticators, two_factor_authenticators)
+  end
+end

data/lib/casino/listener/two_factor_authenticator_registrator.rb ADDED

@@ -0,0 +1,11 @@
+require 'casino/listener'
+class CASino::Listener::TwoFactorAuthenticatorRegistrator < CASino::Listener
+  def user_not_logged_in
+    @controller.redirect_to login_path
+  end
+  def two_factor_authenticator_registered(two_factor_authenticator)
+    assign(:two_factor_authenticator, two_factor_authenticator)
+  end
+end

data/lib/casino/version.rb CHANGED

@@ -1,3 +1,3 @@
 module CASino
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

data/lib/generators/casino/install_generator.rb CHANGED

@@ -11,15 +11,13 @@ module Casino # CASino would lead to c_a_sino...
     def copy_config_files
       copy_file 'cas.yml', 'config/cas.yml'
       copy_file 'database.yml', 'config/database.yml'
+      copy_file 'casino_and_overrides.scss', 'app/assets/stylesheets/casino_and_overrides.scss'
     end
     def insert_assets_loader
       insert_into_file 'app/assets/javascripts/application.js', :after => %r{//= require +['"]?jquery_ujs['"]?} do
         "\n//= require casino"
       end
-      insert_into_file "app/assets/stylesheets/application.css", :after => %r{\*= require_self} do
-        "\n *= require casino"
-      end
     end
     def insert_engine_routes

data/lib/generators/casino/templates/casino_and_overrides.scss ADDED

@@ -0,0 +1,12 @@
+// Default CASino settings
+// $buttonColor: #0074ad;
+// $buttonSecondaryColor: #c2c2c2;
+// $logo: "logo.png";
+// $logoRetina: "logo@2x.png";
+// $logoWidth: 146px;
+// $logoHeight: 34px;
+@import 'casino';

data/spec/controllers/listener/login_credential_acceptor_spec.rb CHANGED

@@ -77,4 +77,22 @@ describe CASino::Listener::LoginCredentialAcceptor do
       controller.instance_variable_get(:@service).should == service
     end
   end
+  context '#two_factor_authentication_pending' do
+    let(:ticket_granting_ticket) { 'TGT-123' }
+    before(:each) do
+      controller.stub(:render)
+    end
+    it 'tells the controller to render the service_not_allowed template' do
+      controller.should_receive(:render).with('validate_otp')
+      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
+    end
+    it 'assigns the not allowed service' do
+      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
+      controller.instance_variable_get(:@ticket_granting_ticket).should == ticket_granting_ticket
+    end
+  end
 end

data/spec/controllers/listener/second_factor_authentication_acceptor_spec.rb ADDED

@@ -0,0 +1,74 @@
+require 'spec_helper'
+describe CASino::Listener::SecondFactorAuthenticationAcceptor do
+  include CASino::Engine.routes.url_helpers
+  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
+  let(:listener) { described_class.new(controller) }
+  before(:each) do
+    controller.stub(:redirect_to)
+  end
+  describe '#user_not_logged_in' do
+    it 'redirects to the login page' do
+      controller.should_receive(:redirect_to).with(login_path)
+      listener.user_not_logged_in
+    end
+  end
+  describe '#user_logged_in' do
+    let(:ticket_granting_ticket) { 'TGT-123' }
+    context 'with a service url' do
+      let(:url) { 'http://www.example.com/?ticket=ST-123' }
+      it 'tells the controller to redirect the client' do
+        controller.should_receive(:redirect_to).with(url, status: :see_other)
+        listener.user_logged_in(url, ticket_granting_ticket)
+      end
+    end
+    context 'without a service url' do
+      let(:url) { nil }
+      it 'tells the controller to redirect to the session overview' do
+        controller.should_receive(:redirect_to).with(sessions_path, status: :see_other)
+        listener.user_logged_in(url, ticket_granting_ticket)
+      end
+      it 'creates the tgt cookie' do
+        listener.user_logged_in(url, ticket_granting_ticket)
+        controller.cookies[:tgt].should == ticket_granting_ticket
+      end
+    end
+  end
+  context "#invalid_one_time_password" do
+    let(:flash) { ActionDispatch::Flash::FlashHash.new }
+    before(:each) do
+      controller.stub(:render)
+      controller.stub(:flash).and_return(flash)
+    end
+    it 'should add an error message' do
+      listener.invalid_one_time_password
+      flash[:error].should == I18n.t('validate_otp.invalid_otp')
+    end
+  end
+  context '#service_not_allowed' do
+    let(:service) { 'http://www.example.com/foo' }
+    before(:each) do
+      controller.stub(:render)
+    end
+    it 'tells the controller to render the service_not_allowed template' do
+      controller.should_receive(:render).with('service_not_allowed', status: 403)
+      listener.send(:service_not_allowed, service)
+    end
+    it 'assigns the not allowed service' do
+      listener.send(:service_not_allowed, service)
+      controller.instance_variable_get(:@service).should == service
+    end
+  end
+end