RubyGems - casino - Versions diffs - 1.3.2 → 2.0.0 - Mend

casino 1.3.2 → 2.0.0

Files changed (166) hide show

data/spec/controllers/two_factor_authenticators_controller_spec.rb CHANGED Viewed

@@ -3,17 +3,17 @@ require 'spec_helper'
 describe CASino::TwoFactorAuthenticatorsController do
   describe 'GET "new"' do
     it 'calls the process method of the TwoFactorAuthenticatorRegistrator' do
-      CASinoCore::Processor::TwoFactorAuthenticatorRegistrator.any_instance.should_receive(:process)
-      get :new
+      CASino::TwoFactorAuthenticatorRegistratorProcessor.any_instance.should_receive(:process)
+      get :new, use_route: :casino
     end
   end
   describe 'POST "create"' do
     it 'calls the process method of the TwoFactorAuthenticatorActivator' do
-      CASinoCore::Processor::TwoFactorAuthenticatorActivator.any_instance.should_receive(:process) do
+      CASino::TwoFactorAuthenticatorActivatorProcessor.any_instance.should_receive(:process) do
         @controller.render nothing: true
       end
-      post :create
+      post :create, use_route: :casino
     end
   end
@@ -22,13 +22,13 @@ describe CASino::TwoFactorAuthenticatorsController do
     let(:tgt) { 'TGT-foobar' }
     it 'calls the process method of the TwoFactorAuthenticatorDestroyer processor' do
       request.cookies[:tgt] = tgt
-      CASinoCore::Processor::TwoFactorAuthenticatorDestroyer.any_instance.should_receive(:process) do |params, cookies, user_agent|
+      CASino::TwoFactorAuthenticatorDestroyerProcessor.any_instance.should_receive(:process) do |params, cookies, user_agent|
         params[:id].should == id
         cookies[:tgt].should == tgt
         user_agent.should == request.user_agent
         @controller.render nothing: true
       end
-      delete :destroy, id: id
+      delete :destroy, id:id, use_route: :casino
     end
   end
 end

data/spec/dummy/app/assets/stylesheets/casino_and_overrides.scss ADDED Viewed

@@ -0,0 +1,13 @@
+// Default CASino settings
+// $buttonColor: #0074ad;
+// $buttonSecondaryColor: #c2c2c2;
+// $linkColor: #0074ad;
+// $logo: "logo.png";
+// $logoRetina: "logo@2x.png";
+// $logoWidth: 146px;
+// $logoHeight: 34px;
+@import 'casino';

data/spec/dummy/config/cas.yml CHANGED Viewed

@@ -7,23 +7,23 @@ defaults: &defaults
   proxy_ticket:
     lifetime_unconsumed: 300
     lifetime_consumed: 86400
-development:
-  <<: *defaults
+  frontend:
+    sso_name: "CASino"
+    footer_text: "Powered by <a href=\"http://rbcas.com/\">CASino</a>"
   authenticators:
     static:
-      class: "CASinoCore::Authenticator::Static"
+      class: "CASino::StaticAuthenticator"
       options:
         users:
           testuser:
             password: "foobar123"
+            name: "Test User"
+development:
+  <<: *defaults
 test:
   <<: *defaults
-  authenticators:
-    static:
-      class: "CASinoCore::Authenticator::Static"
-      options:
-        users:
-          testuser:
-            password: "foobar123"
+production:
+  <<: *defaults

data/spec/dummy/config/routes.rb CHANGED Viewed

@@ -1,4 +1,3 @@
 Dummy::Application.routes.draw do
-  mount CASino::Engine => '/', :as => 'CASino'
+  mount CASino::Engine => '/', :as => 'casino'
 end

data/spec/dummy/db/migrate/20130910094259_create_base_models.casino.rb ADDED Viewed

@@ -0,0 +1,95 @@
+# This migration comes from casino (originally 20130809135401)
+class CreateBaseModels < ActiveRecord::Migration
+  def change
+    # Login Tickets
+    create_table :casino_login_tickets do |t|
+      t.string :ticket, :null => false
+      t.timestamps
+    end
+    add_index :casino_login_tickets, :ticket, :unique => true
+    # Proxy Granting Tickets
+    create_table :casino_proxy_granting_tickets do |t|
+      t.string  :ticket,       :null => false
+      t.string  :iou,          :null => false
+      t.integer :granter_id,   :null => false
+      t.string  :pgt_url,      :null => false
+      t.string  :granter_type, :null => false
+      t.timestamps
+    end
+    add_index :casino_proxy_granting_tickets, :ticket, :unique => true
+    add_index :casino_proxy_granting_tickets, :iou, :unique => true
+    add_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    # Proxy Tickets
+    create_table :casino_proxy_tickets do |t|
+      t.string  :ticket,                                      :null => false
+      t.string  :service,                                     :null => false
+      t.boolean :consumed,                 :default => false, :null => false
+      t.integer :proxy_granting_ticket_id,                    :null => false
+      t.timestamps
+    end
+    add_index :casino_proxy_tickets, :ticket, :unique => true
+    add_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    # Service Rules
+    create_table :casino_service_rules do |t|
+      t.boolean :enabled, :default => true,  :null => false
+      t.integer :order,   :default => 10,    :null => false
+      t.string  :name,                       :null => false
+      t.string  :url,                        :null => false
+      t.boolean :regex,   :default => false, :null => false
+      t.timestamps
+    end
+    add_index :casino_service_rules, :url, :unique => true
+    # Service Tickets
+    create_table :casino_service_tickets do |t|
+      t.string  :ticket,                                      :null => false
+      t.string  :service,                                     :null => false
+      t.integer :ticket_granting_ticket_id
+      t.boolean :consumed,                 :default => false, :null => false
+      t.boolean :issued_from_credentials,  :default => false, :null => false
+      t.timestamps
+    end
+    add_index :casino_service_tickets, :ticket, :unique => true
+    add_index :casino_service_tickets, :ticket_granting_ticket_id
+    # Ticket Granting Tickets
+    create_table :casino_ticket_granting_tickets do |t|
+      t.string  :ticket,                                                :null => false
+      t.string  :user_agent
+      t.integer :user_id,                                               :null => false
+      t.boolean :awaiting_two_factor_authentication, :default => false, :null => false
+      t.boolean :long_term,                          :default => false, :null => false
+      t.timestamps
+    end
+    add_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    # Two Factor Authenticators
+    create_table :casino_two_factor_authenticators do |t|
+      t.integer :user_id,                    :null => false
+      t.string  :secret,                     :null => false
+      t.boolean :active,  :default => false, :null => false
+      t.timestamps
+    end
+    add_index :casino_two_factor_authenticators, :user_id
+    # Users
+    create_table :casino_users do |t|
+      t.string  :authenticator,   :null => false
+      t.string  :username,        :null => false
+      t.text    :extra_attributes
+      t.timestamps
+    end
+    add_index :casino_users, [:authenticator, :username], :unique => true
+  end
+end

data/spec/dummy/db/schema.rb ADDED Viewed

@@ -0,0 +1,107 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+ActiveRecord::Schema.define(:version => 20130910094259) do
+  create_table "casino_login_tickets", :force => true do |t|
+    t.string   "ticket",     :null => false
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+  add_index "casino_login_tickets", ["ticket"], :name => "index_casino_login_tickets_on_ticket", :unique => true
+  create_table "casino_proxy_granting_tickets", :force => true do |t|
+    t.string   "ticket",       :null => false
+    t.string   "iou",          :null => false
+    t.integer  "granter_id",   :null => false
+    t.string   "pgt_url",      :null => false
+    t.string   "granter_type", :null => false
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+  add_index "casino_proxy_granting_tickets", ["granter_type", "granter_id"], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+  add_index "casino_proxy_granting_tickets", ["iou"], :name => "index_casino_proxy_granting_tickets_on_iou", :unique => true
+  add_index "casino_proxy_granting_tickets", ["ticket"], :name => "index_casino_proxy_granting_tickets_on_ticket", :unique => true
+  create_table "casino_proxy_tickets", :force => true do |t|
+    t.string   "ticket",                                      :null => false
+    t.string   "service",                                     :null => false
+    t.boolean  "consumed",                 :default => false, :null => false
+    t.integer  "proxy_granting_ticket_id",                    :null => false
+    t.datetime "created_at",                                  :null => false
+    t.datetime "updated_at",                                  :null => false
+  end
+  add_index "casino_proxy_tickets", ["proxy_granting_ticket_id"], :name => "index_casino_proxy_tickets_on_proxy_granting_ticket_id"
+  add_index "casino_proxy_tickets", ["ticket"], :name => "index_casino_proxy_tickets_on_ticket", :unique => true
+  create_table "casino_service_rules", :force => true do |t|
+    t.boolean  "enabled",    :default => true,  :null => false
+    t.integer  "order",      :default => 10,    :null => false
+    t.string   "name",                          :null => false
+    t.string   "url",                           :null => false
+    t.boolean  "regex",      :default => false, :null => false
+    t.datetime "created_at",                    :null => false
+    t.datetime "updated_at",                    :null => false
+  end
+  add_index "casino_service_rules", ["url"], :name => "index_casino_service_rules_on_url", :unique => true
+  create_table "casino_service_tickets", :force => true do |t|
+    t.string   "ticket",                                       :null => false
+    t.string   "service",                                      :null => false
+    t.integer  "ticket_granting_ticket_id"
+    t.boolean  "consumed",                  :default => false, :null => false
+    t.boolean  "issued_from_credentials",   :default => false, :null => false
+    t.datetime "created_at",                                   :null => false
+    t.datetime "updated_at",                                   :null => false
+  end
+  add_index "casino_service_tickets", ["ticket"], :name => "index_casino_service_tickets_on_ticket", :unique => true
+  add_index "casino_service_tickets", ["ticket_granting_ticket_id"], :name => "index_casino_service_tickets_on_ticket_granting_ticket_id"
+  create_table "casino_ticket_granting_tickets", :force => true do |t|
+    t.string   "ticket",                                                :null => false
+    t.string   "user_agent"
+    t.integer  "user_id",                                               :null => false
+    t.boolean  "awaiting_two_factor_authentication", :default => false, :null => false
+    t.boolean  "long_term",                          :default => false, :null => false
+    t.datetime "created_at",                                            :null => false
+    t.datetime "updated_at",                                            :null => false
+  end
+  add_index "casino_ticket_granting_tickets", ["ticket"], :name => "index_casino_ticket_granting_tickets_on_ticket", :unique => true
+  create_table "casino_two_factor_authenticators", :force => true do |t|
+    t.integer  "user_id",                       :null => false
+    t.string   "secret",                        :null => false
+    t.boolean  "active",     :default => false, :null => false
+    t.datetime "created_at",                    :null => false
+    t.datetime "updated_at",                    :null => false
+  end
+  add_index "casino_two_factor_authenticators", ["user_id"], :name => "index_casino_two_factor_authenticators_on_user_id"
+  create_table "casino_users", :force => true do |t|
+    t.string   "authenticator",    :null => false
+    t.string   "username",         :null => false
+    t.text     "extra_attributes"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+  add_index "casino_users", ["authenticator", "username"], :name => "index_casino_users_on_authenticator_and_username", :unique => true
+end

data/spec/model/login_ticket_spec.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe CASino::LoginTicket do
+  describe '.cleanup' do
+    it 'deletes expired login tickets' do
+      ticket = described_class.new ticket: 'LT-12345'
+      ticket.save!
+      ticket.created_at = 10.hours.ago
+      ticket.save!
+      lambda do
+        described_class.cleanup
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('LT-12345').should be_false
+    end
+  end
+  describe '#to_s' do
+    it 'returns the ticket identifier' do
+      ticket = described_class.new ticket: 'LT-12345'
+      "#{ticket}".should == ticket.ticket
+    end
+  end
+end

data/spec/model/proxy_ticket_spec.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require 'spec_helper'
+describe CASino::ProxyTicket do
+  let(:unconsumed_ticket) {
+    ticket = described_class.new ticket: 'PT-12345', service: 'any_string_is_valid'
+    ticket.proxy_granting_ticket_id = 1
+    ticket
+  }
+  let(:consumed_ticket) {
+    ticket = described_class.new ticket: 'PT-54321', service: 'any_string_is_valid'
+    ticket.proxy_granting_ticket_id = 1
+    ticket.consumed = true
+    ticket.save!
+    ticket
+  }
+  describe '#expired?' do
+    [:unconsumed, :consumed].each do |state|
+      context "with an #{state} ticket" do
+        let(:ticket) { send("#{state}_ticket") }
+        context 'with an expired ticket' do
+          before(:each) do
+            ticket.created_at = (CASino.config.service_ticket[:"lifetime_#{state}"].seconds + 1).ago
+            ticket.save!
+          end
+          it 'returns true' do
+            ticket.expired?.should == true
+          end
+        end
+        context 'with an unexpired ticket' do
+          it 'returns false' do
+            ticket.expired?.should == false
+          end
+        end
+      end
+    end
+  end
+  describe '.cleanup_unconsumed' do
+    it 'deletes expired unconsumed service tickets' do
+      unconsumed_ticket.created_at = 10.hours.ago
+      unconsumed_ticket.save!
+      lambda do
+        described_class.cleanup_unconsumed
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('PT-12345').should be_false
+    end
+  end
+  describe '.cleanup_consumed' do
+    it 'deletes expired consumed service tickets' do
+      consumed_ticket.created_at = 10.days.ago
+      consumed_ticket.save!
+      lambda do
+        described_class.cleanup_consumed
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('PT-12345').should be_false
+    end
+  end
+end

data/spec/model/service_rule_spec.rb ADDED Viewed

@@ -0,0 +1,65 @@
+require 'spec_helper'
+describe CASino::ServiceRule do
+  describe '.allowed?' do
+    context 'with an empty table' do
+      ['https://www.example.org/', 'http://www.google.com/'].each do |service_url|
+        it "allows access to #{service_url}" do
+          described_class.allowed?(service_url).should == true
+        end
+      end
+    end
+    context 'with a regex rule' do
+      before(:each) do
+        FactoryGirl.create :service_rule, :regex, url: '^https://.*'
+      end
+      ['https://www.example.org/', 'https://www.google.com/'].each do |service_url|
+        it "allows access to #{service_url}" do
+          described_class.allowed?(service_url).should == true
+        end
+      end
+      ['http://www.example.org/', 'http://www.google.com/'].each do |service_url|
+        it "does not allow access to #{service_url}" do
+          described_class.allowed?(service_url).should == false
+        end
+      end
+    end
+    context 'with many regex rules' do
+      before(:each) do
+        100.times do |counter|
+          FactoryGirl.create :service_rule, :regex, url: "^https://www#{counter}.example.com"
+        end
+      end
+      let(:service_url) { 'https://www111.example.com/bla' }
+      it 'does not take too long to check a denied service' do
+        start = Time.now
+        described_class.allowed?(service_url).should == false
+        (Time.now - start).should < 0.1
+      end
+    end
+    context 'with a non-regex rule' do
+      before(:each) do
+        FactoryGirl.create :service_rule, url: 'https://www.google.com/foo'
+      end
+      ['https://www.google.com/foo'].each do |service_url|
+        it "allows access to #{service_url}" do
+          described_class.allowed?(service_url).should == true
+        end
+      end
+      ['https://www.example.org/', 'http://www.example.org/', 'https://www.google.com/test'].each do |service_url|
+        it "does not allow access to #{service_url}" do
+          described_class.allowed?(service_url).should == false
+        end
+      end
+    end
+  end
+end