casino 1.3.2 → 2.0.0

data/spec/processor/api/logout_spec.rb

@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+describe CASino::API::LogoutProcessor do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create(:ticket_granting_ticket) }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+
+      it 'deletes the ticket-granting ticket' do
+        listener.should_receive(:user_logged_out_via_api)
+        processor.process(ticket_granting_ticket.ticket, user_agent)
+        CASino::TicketGrantingTicket.where(id: ticket_granting_ticket.id).first.should == nil
+      end
+
+      it 'calls the #user_logged_out_via_api method on the listener' do
+        listener.should_receive(:user_logged_out_via_api)
+        processor.process(ticket_granting_ticket, user_agent)
+      end
+
+    end
+
+    context 'with an invalid ticket-granting ticket' do
+      let(:tgt) { 'TGT-lalala' }
+
+      it 'calls the #user_logged_out method on the listener' do
+        listener.should_receive(:user_logged_out_via_api)
+        processor.process(tgt)
+      end
+    end
+  end
+end

data/spec/processor/api/service_ticket_provider_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe CASino::API::ServiceTicketProviderProcessor do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+
+    let(:service) { 'http://example.org/' }
+    let(:parameters) { { service: service } }
+
+    context 'with an invalid ticket-granting ticket' do
+      let(:ticket_granting_ticket) { 'TGT-INVALID' }
+
+      it 'calls the #invalid_tgt_via_api method on the listener' do
+        listener.should_receive(:invalid_ticket_granting_ticket_via_api)
+        processor.process(ticket_granting_ticket, parameters).should be_false
+      end
+    end
+
+    context 'with a valid ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create(:ticket_granting_ticket) }
+      let(:ticket) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+
+      context 'with a not allowed service' do
+        before(:each) do
+          FactoryGirl.create :service_rule, :regex, url: '^https://.*'
+        end
+        let(:service) { 'http://www.example.org/' }
+
+        it 'calls the #service_not_allowed method on the listener' do
+          listener.should_receive(:service_not_allowed_via_api).with(service)
+          processor.process(ticket, parameters, user_agent)
+        end
+      end
+
+      it 'calls the #granted_service_ticket_via_api method on the listener' do
+        listener.should_receive(:granted_service_ticket_via_api).with(/^ST\-/)
+        processor.process(ticket, parameters, user_agent)
+      end
+
+      it 'generates a ticket-granting ticket' do
+        listener.should_receive(:granted_service_ticket_via_api).with(/^ST\-/)
+        expect {
+          processor.process(ticket, parameters, user_agent)
+        }.to change(CASino::ServiceTicket, :count).by(1)
+      end
+
+      context 'without a service' do
+        let(:parameters) { { } }
+
+        it 'calls the #no_service_provided_via_api method on the listener' do
+          listener.should_receive(:no_service_provided_via_api)
+          processor.process(ticket, parameters, user_agent)
+        end
+      end
+
+    end
+  end
+end
+

data/spec/processor/legacy_validator_spec.rb

@@ -0,0 +1,78 @@
+require 'spec_helper'
+
+describe CASino::LegacyValidatorProcessor do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:service_ticket) { FactoryGirl.create :service_ticket }
+    let(:parameters) { { service: service_ticket.service, ticket: service_ticket.ticket }}
+    let(:username) { service_ticket.ticket_granting_ticket.user.username }
+
+    before(:each) do
+      listener.stub(:validation_failed)
+      listener.stub(:validation_succeeded)
+    end
+
+    context 'with an unconsumed service ticket' do
+      context 'without renew flag' do
+        it 'consumes the service ticket' do
+          processor.process(parameters)
+          service_ticket.reload
+          service_ticket.consumed.should == true
+        end
+
+        it 'calls the #validation_succeeded method on the listener' do
+          listener.should_receive(:validation_succeeded).with("yes\n#{username}\n")
+          processor.process(parameters)
+        end
+      end
+
+      context 'with renew flag' do
+        let(:parameters_with_renew) { parameters.merge renew: 'true' }
+
+        context 'with a service ticket without issued_from_credentials flag' do
+          it 'consumes the service ticket' do
+            processor.process(parameters_with_renew)
+            service_ticket.reload
+            service_ticket.consumed.should == true
+          end
+
+          it 'calls the #validation_failed method on the listener' do
+            listener.should_receive(:validation_failed).with("no\n\n")
+            processor.process(parameters_with_renew)
+          end
+        end
+
+        context 'with a service ticket with issued_from_credentials flag' do
+          before(:each) do
+            service_ticket.issued_from_credentials = true
+            service_ticket.save!
+          end
+
+          it 'consumes the service ticket' do
+            processor.process(parameters_with_renew)
+            service_ticket.reload
+            service_ticket.consumed.should == true
+          end
+
+          it 'calls the #validation_succeeded method on the listener' do
+            listener.should_receive(:validation_succeeded).with("yes\n#{username}\n")
+            processor.process(parameters_with_renew)
+          end
+        end
+      end
+    end
+
+    context 'with a consumed service ticket' do
+      before(:each) do
+        service_ticket.consumed = true
+        service_ticket.save!
+      end
+
+      it 'calls the #validation_failed method on the listener' do
+        listener.should_receive(:validation_failed).with("no\n\n")
+        processor.process(parameters)
+      end
+    end
+  end
+end

data/spec/processor/login_credential_acceptor_spec.rb

@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+describe CASino::LoginCredentialAcceptorProcessor do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+
+    context 'without a valid login ticket' do
+      it 'calls the #invalid_login_ticket method on the listener' do
+        listener.should_receive(:invalid_login_ticket).with(kind_of(CASino::LoginTicket))
+        processor.process
+      end
+    end
+
+    context 'with an expired login ticket' do
+      let(:expired_login_ticket) { FactoryGirl.create :login_ticket, :expired }
+
+      it 'calls the #invalid_login_ticket method on the listener' do
+        listener.should_receive(:invalid_login_ticket).with(kind_of(CASino::LoginTicket))
+        processor.process(lt: expired_login_ticket.ticket)
+      end
+    end
+
+    context 'with a valid login ticket' do
+      let(:login_ticket) { FactoryGirl.create :login_ticket }
+
+      context 'with invalid credentials' do
+        it 'calls the #invalid_login_credentials method on the listener' do
+          listener.should_receive(:invalid_login_credentials).with(kind_of(CASino::LoginTicket))
+          processor.process(lt: login_ticket.ticket)
+        end
+      end
+
+      context 'with valid credentials' do
+        let(:service) { 'https://www.example.org' }
+        let(:username) { 'testuser' }
+        let(:authenticator) { 'static' }
+        let(:login_data) { { lt: login_ticket.ticket, username: username, password: 'foobar123', service: service } }
+
+        before(:each) do
+          listener.stub(:user_logged_in)
+        end
+
+        context 'with rememberMe set' do
+          let(:login_data_with_remember_me) { login_data.merge(rememberMe: true) }
+
+          it 'calls the #user_logged_in method on the listener with an expiration date set' do
+            listener.should_receive(:user_logged_in).with(/^#{service}\/\?ticket=ST\-/, /^TGC\-/, kind_of(Time))
+            processor.process(login_data_with_remember_me)
+          end
+
+          it 'creates a long-term ticket-granting ticket' do
+            processor.process(login_data_with_remember_me)
+            tgt = CASino::TicketGrantingTicket.last
+            tgt.long_term.should == true
+          end
+        end
+
+        context 'with two-factor authentication enabled' do
+          let!(:user) { CASino::User.create! username: username, authenticator: authenticator }
+          let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
+
+          it 'calls the `#two_factor_authentication_pending` method on the listener' do
+            listener.should_receive(:two_factor_authentication_pending).with(/^TGC\-/)
+            processor.process(login_data)
+          end
+        end
+
+        context 'with a not allowed service' do
+          before(:each) do
+            FactoryGirl.create :service_rule, :regex, url: '^https://.*'
+          end
+          let(:service) { 'http://www.example.org/' }
+
+          it 'calls the #service_not_allowed method on the listener' do
+            listener.should_receive(:service_not_allowed).with(service)
+            processor.process(login_data)
+          end
+        end
+
+        context 'when all authenticators raise an error' do
+          before(:each) do
+            CASino::StaticAuthenticator.any_instance.stub(:validate) do
+              raise CASino::Authenticator::AuthenticatorError, 'error123'
+            end
+          end
+
+          it 'calls the #invalid_login_credentials method on the listener' do
+            listener.should_receive(:invalid_login_credentials).with(kind_of(CASino::LoginTicket))
+            processor.process(login_data)
+          end
+        end
+
+        context 'without a service' do
+          let(:service) { nil }
+
+          it 'calls the #user_logged_in method on the listener' do
+            listener.should_receive(:user_logged_in).with(nil, /^TGC\-/)
+            processor.process(login_data)
+          end
+
+          it 'generates a ticket-granting ticket' do
+            lambda do
+              processor.process(login_data)
+            end.should change(CASino::TicketGrantingTicket, :count).by(1)
+          end
+
+          context 'when the user does not exist yet' do
+            it 'generates exactly one user' do
+              lambda do
+                processor.process(login_data)
+              end.should change(CASino::User, :count).by(1)
+            end
+
+            it 'sets the users attributes' do
+              processor.process(login_data)
+              user = CASino::User.last
+              user.username.should == username
+              user.authenticator.should == authenticator
+            end
+          end
+
+          context 'when the user already exists' do
+            it 'does not regenerate the user' do
+              CASino::User.create! username: username, authenticator: authenticator
+              lambda do
+                processor.process(login_data)
+              end.should_not change(CASino::User, :count)
+            end
+
+            it 'updates the extra attributes' do
+              user = CASino::User.create! username: username, authenticator: authenticator
+              lambda do
+                processor.process(login_data)
+                user.reload
+              end.should change(user, :extra_attributes)
+            end
+          end
+        end
+
+        context 'with a service' do
+          let(:service) { 'https://www.example.com' }
+
+          it 'calls the #user_logged_in method on the listener' do
+            listener.should_receive(:user_logged_in).with(/^#{service}\/\?ticket=ST\-/, /^TGC\-/)
+            processor.process(login_data)
+          end
+
+          it 'generates a service ticket' do
+            lambda do
+              processor.process(login_data)
+            end.should change(CASino::ServiceTicket, :count).by(1)
+          end
+
+          it 'generates a ticket-granting ticket' do
+            lambda do
+              processor.process(login_data)
+            end.should change(CASino::TicketGrantingTicket, :count).by(1)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/processor/login_credential_requestor_spec.rb

@@ -0,0 +1,135 @@
+require 'spec_helper'
+
+describe CASino::LoginCredentialRequestorProcessor do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+
+    context 'with a not allowed service' do
+      before(:each) do
+        FactoryGirl.create :service_rule, :regex, url: '^https://.*'
+      end
+      let(:service) { 'http://www.example.org/' }
+      let(:params) { { service: service } }
+
+      it 'calls the #service_not_allowed method on the listener' do
+        listener.should_receive(:service_not_allowed).with(service)
+        processor.process(params)
+      end
+    end
+
+    context 'when logged out' do
+      it 'calls the #user_not_logged_in method on the listener' do
+        listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+        processor.process
+      end
+
+      context 'with gateway parameter' do
+        context 'with a service' do
+          let(:service) { 'http://example.com/' }
+          let(:params) { { service: service, gateway: 'true' } }
+
+          it 'calls the #user_logged_in method on the listener' do
+            listener.should_receive(:user_logged_in).with(service)
+            processor.process(params)
+          end
+        end
+
+        context 'without a service' do
+          let(:params) { { gateway: 'true' } }
+
+          it 'calls the #user_not_logged_in method on the listener' do
+            listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+            processor.process
+          end
+        end
+      end
+    end
+
+    context 'when logged in' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+      let(:cookies) { { tgt: ticket_granting_ticket.ticket } }
+
+      before(:each) do
+        listener.stub(:user_logged_in)
+      end
+
+      context 'when two-factor authentication is pending' do
+        let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, :awaiting_two_factor_authentication }
+
+        it 'calls the #user_not_logged_in method on the listener' do
+          listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+          processor.process(nil, cookies, user_agent)
+        end
+      end
+
+      context 'when ticket-granting ticket expired' do
+        before(:each) do
+          ticket_granting_ticket.created_at = 25.hours.ago
+          ticket_granting_ticket.save!
+        end
+
+        it 'calls the #user_not_logged_in method on the listener' do
+          listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+          processor.process(nil, cookies, user_agent)
+        end
+      end
+
+      context 'with a service' do
+        let(:service) { 'http://example.com/' }
+        let(:params) { { service: service } }
+
+        it 'calls the #user_logged_in method on the listener' do
+          listener.should_receive(:user_logged_in).with(/^#{service}\?ticket=ST\-/)
+          processor.process(params, cookies, user_agent)
+        end
+
+        it 'generates a service ticket' do
+          lambda do
+            processor.process(params, cookies, user_agent)
+          end.should change(CASino::ServiceTicket, :count).by(1)
+        end
+
+        context 'with renew parameter' do
+          it 'calls the #user_not_logged_in method on the listener' do
+            listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+            processor.process(params.merge({ renew: 'true' }), cookies)
+          end
+        end
+      end
+
+      context 'with a service with nested attributes' do
+        let(:service) { 'http://example.com/?a%5B%5D=test&a%5B%5D=example' }
+        let(:params) { { service: service } }
+
+        it 'does not remove the attributes' do
+          listener.should_receive(:user_logged_in).with(/\?a%5B%5D=test&a%5B%5D=example&ticket=ST\-[^&]+$/)
+          processor.process(params, cookies, user_agent)
+        end
+      end
+
+      context 'without a service' do
+        it 'calls the #user_logged_in method on the listener' do
+          listener.should_receive(:user_logged_in).with(nil)
+          processor.process(nil, cookies, user_agent)
+        end
+
+        it 'does not generate a service ticket' do
+          lambda do
+            processor.process(nil, cookies, user_agent)
+          end.should change(CASino::ServiceTicket, :count).by(0)
+        end
+
+        context 'with a changed browser' do
+          let(:user_agent) { 'FooBar 1.0' }
+
+          it 'calls the #user_not_logged_in method on the listener' do
+            listener.should_receive(:user_not_logged_in).with(kind_of(CASino::LoginTicket))
+            processor.process(nil, cookies, user_agent)
+          end
+        end
+      end
+    end
+  end
+end