RubyGems - casino - Versions diffs - 3.0.4 → 4.0.0.pre.1 - Mend

casino 3.0.4 → 4.0.0.pre.1

Files changed (149) hide show

data/spec/processor/proxy_ticket_provider_spec.rb DELETED

@@ -1,66 +0,0 @@
-require 'spec_helper'
-describe CASino::ProxyTicketProviderProcessor do
-  describe '#process' do
-    let(:listener) { Object.new }
-    let(:processor) { described_class.new(listener) }
-    let(:params) { { targetService: 'this_does_not_have_to_be_a_url' } }
-    before(:each) do
-      listener.stub(:request_failed)
-      listener.stub(:request_succeeded)
-    end
-    context 'without proxy-granting ticket' do
-      it 'calls the #request_failed method on the listener' do
-        listener.should_receive(:request_failed)
-        processor.process(params)
-      end
-      it 'does not create a proxy ticket' do
-        lambda do
-          processor.process(params)
-        end.should_not change(CASino::ProxyTicket, :count)
-      end
-    end
-    context 'with a not-existing proxy-granting ticket' do
-      let(:params_with_deleted_pgt) { params.merge(pgt: 'PGT-123453789') }
-      it 'calls the #request_failed method on the listener' do
-        listener.should_receive(:request_failed)
-        processor.process(params_with_deleted_pgt)
-      end
-      it 'does not create a proxy ticket' do
-        lambda do
-          processor.process(params_with_deleted_pgt)
-        end.should_not change(CASino::ProxyTicket, :count)
-      end
-    end
-    context 'with a proxy-granting ticket' do
-      let(:proxy_granting_ticket) { FactoryGirl.create :proxy_granting_ticket }
-      let(:params_with_valid_pgt) { params.merge(pgt: proxy_granting_ticket.ticket) }
-      it 'calls the #request_succeeded method on the listener' do
-        listener.should_receive(:request_succeeded)
-        processor.process(params_with_valid_pgt)
-      end
-      it 'does not create a proxy ticket' do
-        lambda do
-          processor.process(params_with_valid_pgt)
-        end.should change(proxy_granting_ticket.proxy_tickets, :count).by(1)
-      end
-      it 'includes the proxy ticket in the response' do
-        listener.should_receive(:request_succeeded) do |response|
-          proxy_ticket = CASino::ProxyTicket.last
-          response.should =~ /<cas:proxyTicket>#{proxy_ticket.ticket}<\/cas:proxyTicket>/
-        end
-        processor.process(params_with_valid_pgt)
-      end
-    end
-  end
-end

data/spec/processor/proxy_ticket_validator_spec.rb DELETED

@@ -1,65 +0,0 @@
-require 'spec_helper'
-describe CASino::ProxyTicketValidatorProcessor do
-  let(:listener) { Object.new }
-  let(:processor) { described_class.new(listener) }
-  describe '#process' do
-    let(:regex_success) { /\A<cas:serviceResponse.*\n.*authenticationSuccess/ }
-    context 'with a login ticket' do
-      let(:login_ticket) { FactoryGirl.create :login_ticket }
-      let(:parameters) { { ticket: login_ticket.ticket, service: 'http://www.example.org/' } }
-      it 'calls the #validation_failed method on the listener' do
-        listener.should_receive(:validation_failed)
-        processor.process(parameters)
-      end
-    end
-    context 'with an unconsumed proxy ticket' do
-      let(:proxy_ticket) { FactoryGirl.create :proxy_ticket }
-      let(:parameters) { { ticket: proxy_ticket.ticket, service: proxy_ticket.service } }
-      let(:regex_proxy) { /<cas:proxies>\s*<cas:proxy>#{proxy_ticket.proxy_granting_ticket.pgt_url}<\/cas:proxy>\s*<\/cas:proxies>/ }
-      it 'calls the #validation_succeeded method on the listener' do
-        listener.should_receive(:validation_succeeded).with(regex_success)
-        processor.process(parameters)
-      end
-      it 'includes the proxy in the response' do
-        listener.should_receive(:validation_succeeded).with(regex_proxy)
-        processor.process(parameters)
-      end
-      context 'with an expired proxy ticket' do
-        before(:each) do
-          CASino::ProxyTicket.any_instance.stub(:expired?).and_return(true)
-        end
-        it 'calls the #validation_failed method on the listener' do
-          listener.should_receive(:validation_failed)
-          processor.process(parameters)
-        end
-      end
-      context 'with an other service' do
-        let(:parameters_with_other_service) { parameters.merge(service: 'this_is_another_service') }
-        it 'calls the #validation_failed method on the listener' do
-          listener.should_receive(:validation_failed)
-          processor.process(parameters_with_other_service)
-        end
-      end
-      context 'without an existing ticket' do
-        let(:parameters_without_existing_ticket) { { ticket: 'PT-1234', service: 'https://www.example.com/' } }
-        it 'calls the #validation_failed method on the listener' do
-          listener.should_receive(:validation_failed)
-          processor.process(parameters_without_existing_ticket)
-        end
-      end
-    end
-  end
-end

data/spec/processor/second_factor_authenticaton_acceptor_spec.rb DELETED

@@ -1,94 +0,0 @@
-require 'spec_helper'
-describe CASino::SecondFactorAuthenticationAcceptorProcessor do
-  describe '#process' do
-    let(:listener) { Object.new }
-    let(:processor) { described_class.new(listener) }
-    before(:each) do
-      listener.stub(:user_not_logged_in)
-      listener.stub(:invalid_one_time_password)
-      listener.stub(:user_logged_in)
-    end
-    context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, :awaiting_two_factor_authentication }
-      let(:user) { ticket_granting_ticket.user }
-      let(:tgt) { ticket_granting_ticket.ticket }
-      let(:user_agent) { ticket_granting_ticket.user_agent }
-      let(:otp) { '123456' }
-      let(:service) { 'http://www.example.com/testing' }
-      let(:params) { { tgt: tgt, otp: otp, service: service }}
-      context 'with an active authenticator' do
-        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
-        context 'with a valid OTP' do
-          before(:each) do
-            ROTP::TOTP.any_instance.should_receive(:verify_with_drift).with(otp, 30).and_return(true)
-          end
-          it 'calls the `#user_logged_in` method an the listener' do
-            listener.should_receive(:user_logged_in).with(/^#{service}\?ticket=ST\-/, /^TGC\-/)
-            processor.process(params, user_agent)
-          end
-          it 'does activate the ticket-granting ticket' do
-            processor.process(params, user_agent)
-            ticket_granting_ticket.reload
-            ticket_granting_ticket.should_not be_awaiting_two_factor_authentication
-          end
-          context 'with a long-term ticket-granting ticket' do
-            before(:each) do
-              ticket_granting_ticket.update_attributes! long_term: true
-            end
-            it 'calls the #user_logged_in method on the listener with an expiration date set' do
-              listener.should_receive(:user_logged_in).with(/^#{service}\?ticket=ST\-/, /^TGC\-/, kind_of(Time))
-              processor.process(params, user_agent)
-            end
-          end
-          context 'with a not allowed service' do
-            before(:each) do
-              FactoryGirl.create :service_rule, :regex, url: '^https://.*'
-            end
-            let(:service) { 'http://www.example.org/' }
-            it 'calls the #service_not_allowed method on the listener' do
-              listener.should_receive(:service_not_allowed).with(service)
-              processor.process(params.merge(service: service), user_agent)
-            end
-          end
-        end
-        context 'with an invalid OTP' do
-          before(:each) do
-            ROTP::TOTP.any_instance.should_receive(:verify_with_drift).with(otp, 30).and_return(false)
-          end
-          it 'calls the `#invalid_one_time_password` method an the listener' do
-            listener.should_receive(:invalid_one_time_password).with(no_args)
-            processor.process(params, user_agent)
-          end
-          it 'does not activate the ticket-granting ticket' do
-            processor.process(params, user_agent)
-            ticket_granting_ticket.reload
-            ticket_granting_ticket.should be_awaiting_two_factor_authentication
-          end
-        end
-      end
-    end
-    context 'with an invalid ticket-granting ticket' do
-      let(:tgt) { 'TGT-lalala' }
-      let(:user_agent) { 'TestBrowser 1.0' }
-      it 'calls the #user_not_logged_in method on the listener' do
-        listener.should_receive(:user_not_logged_in).with(no_args)
-        processor.process({tgt: tgt}, user_agent)
-      end
-    end
-  end
-end

data/spec/processor/session_destroyer_spec.rb DELETED

@@ -1,75 +0,0 @@
-require 'spec_helper'
-describe CASino::SessionDestroyerProcessor do
-  describe '#process' do
-    let(:listener) { Object.new }
-    let(:processor) { described_class.new(listener) }
-    let(:owner_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
-    let(:user) { owner_ticket_granting_ticket.user }
-    let(:user_agent) { owner_ticket_granting_ticket.user_agent }
-    let(:cookies) { { tgt: owner_ticket_granting_ticket.ticket } }
-    before(:each) do
-      listener.stub(:ticket_deleted)
-      listener.stub(:ticket_not_found)
-    end
-    context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, user: user }
-      let(:service_ticket) { FactoryGirl.create :service_ticket, ticket_granting_ticket: ticket_granting_ticket }
-      let(:consumed_service_ticket) { FactoryGirl.create :service_ticket, :consumed, ticket_granting_ticket: ticket_granting_ticket }
-      let(:params) { { id: ticket_granting_ticket.id } }
-      it 'deletes exactly one ticket-granting ticket' do
-        ticket_granting_ticket
-        owner_ticket_granting_ticket
-        lambda do
-          processor.process(params, cookies, user_agent)
-        end.should change(CASino::TicketGrantingTicket, :count).by(-1)
-      end
-      it 'deletes the ticket-granting ticket' do
-        processor.process(params, cookies, user_agent)
-        CASino::TicketGrantingTicket.where(id: params[:id]).length.should == 0
-      end
-      it 'calls the #ticket_deleted method on the listener' do
-        listener.should_receive(:ticket_deleted).with(no_args)
-        processor.process(params, cookies, user_agent)
-      end
-    end
-    context 'with an invalid ticket-granting ticket' do
-      let(:params) { { id: 99999 } }
-      it 'does not delete a ticket-granting ticket' do
-        owner_ticket_granting_ticket
-        lambda do
-          processor.process(params, cookies, user_agent)
-        end.should_not change(CASino::TicketGrantingTicket, :count)
-      end
-      it 'calls the #ticket_not_found method on the listener' do
-        listener.should_receive(:ticket_not_found).with(no_args)
-        processor.process(params, cookies, user_agent)
-      end
-    end
-    context 'when trying to delete ticket-granting ticket of another user' do
-      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
-      let(:params) { { id: ticket_granting_ticket.id } }
-      it 'does not delete a ticket-granting ticket' do
-        owner_ticket_granting_ticket
-        ticket_granting_ticket
-        lambda do
-          processor.process(params, cookies, user_agent)
-        end.should change(CASino::TicketGrantingTicket, :count).by(0)
-      end
-      it 'calls the #ticket_not_found method on the listener' do
-        listener.should_receive(:ticket_not_found).with(no_args)
-        processor.process(params, cookies, user_agent)
-      end
-    end
-  end
-end

data/spec/processor/session_overview_spec.rb DELETED

@@ -1,49 +0,0 @@
-require 'spec_helper'
-describe CASino::SessionOverviewProcessor do
-  describe '#process' do
-    let(:listener) { Object.new }
-    let(:processor) { described_class.new(listener) }
-    let(:other_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
-    let(:user) { other_ticket_granting_ticket.user }
-    let(:user_agent) { other_ticket_granting_ticket.user_agent }
-    let(:cookies) { { tgt: tgt } }
-    before(:each) do
-      listener.stub(:user_not_logged_in)
-      listener.stub(:ticket_granting_tickets_found)
-      other_ticket_granting_ticket
-    end
-    context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, user: user }
-      let(:tgt) { ticket_granting_ticket.ticket }
-      it 'calls the #ticket_granting_tickets_found method on the listener' do
-        listener.should_receive(:ticket_granting_tickets_found) do |tickets|
-          tickets.length.should == 2
-        end
-        processor.process(cookies, user_agent)
-      end
-    end
-    context 'with a ticket-granting ticket with same username but different authenticator' do
-      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
-      let(:tgt) { ticket_granting_ticket.ticket }
-      it 'calls the #ticket_granting_tickets_found method on the listener' do
-        listener.should_receive(:ticket_granting_tickets_found) do |tickets|
-          tickets.length.should == 1
-        end
-        processor.process(cookies, user_agent)
-      end
-    end
-    context 'with an invalid ticket-granting ticket' do
-      let(:tgt) { 'TGT-lalala' }
-      it 'calls the #user_not_logged_in method on the listener' do
-        listener.should_receive(:user_not_logged_in).with(no_args)
-        processor.process(cookies, user_agent)
-      end
-    end
-  end
-end

data/spec/processor/ticket_validator_spec.rb DELETED

@@ -1,214 +0,0 @@
-require 'spec_helper'
-[CASino::ServiceTicketValidatorProcessor, CASino::ProxyTicketValidatorProcessor].each do |class_under_test|
-  describe class_under_test do
-    describe '#process' do
-      let(:listener) { Object.new }
-      let(:processor) { described_class.new(listener) }
-      let(:service_ticket) { FactoryGirl.create :service_ticket }
-      let(:parameters) { { service: service_ticket.service, ticket: service_ticket.ticket }}
-      let(:regex_failure) { /\A\<cas\:serviceResponse.*\n.*authenticationFailure/ }
-      let(:regex_success) { /\A\<cas\:serviceResponse.*\n.*authenticationSuccess/ }
-      before(:each) do
-        listener.stub(:validation_failed)
-        listener.stub(:validation_succeeded)
-      end
-      context 'without all required parameters' do
-        [:ticket, :service].each do |missing_parameter|
-          let(:invalid_parameters) { parameters.except(missing_parameter) }
-          context "without '#{missing_parameter}'" do
-            it 'calls the #validation_failed method on the listener' do
-              listener.should_receive(:validation_failed).with(regex_failure)
-              processor.process(invalid_parameters)
-            end
-          end
-        end
-      end
-      context 'with an unconsumed service ticket' do
-        context 'with extra attributes using strings as keys' do
-          before(:each) do
-            CASino::User.any_instance.stub(:extra_attributes).and_return({ "id" => 1234 })
-          end
-          after(:each) do
-            CASino::User.any_instance.unstub(:extra_attributes)
-          end
-          it 'includes the extra attributes' do
-            listener.should_receive(:validation_succeeded).with(/<cas\:id>1234<\/cas\:id\>/)
-            processor.process(parameters)
-          end
-        end
-        context 'issued from a long_term ticket-granting ticket' do
-          before(:each) do
-            tgt = service_ticket.ticket_granting_ticket
-            tgt.long_term = true
-            tgt.save!
-          end
-          it 'calls the #validation_succeeded method on the listener' do
-            listener.should_receive(:validation_succeeded).with(
-              /<cas\:longTermAuthenticationRequestTokenUsed>true<\/cas\:longTermAuthenticationRequestTokenUsed>/
-            )
-            processor.process(parameters)
-          end
-        end
-        context 'without renew flag' do
-          it 'consumes the service ticket' do
-            processor.process(parameters)
-            service_ticket.reload
-            service_ticket.consumed.should == true
-          end
-          it 'calls the #validation_succeeded method on the listener' do
-            listener.should_receive(:validation_succeeded).with(regex_success)
-            processor.process(parameters)
-          end
-        end
-        context 'with empty query values' do
-          it 'calls the #validation_succeeded method on the listener' do
-            listener.should_receive(:validation_succeeded).with(regex_success)
-            processor.process(parameters.merge(service: "#{service_ticket.service}/?"))
-          end
-        end
-        context 'with renew flag' do
-          let(:parameters_with_renew) { parameters.merge renew: 'true' }
-          context 'with a service ticket without issued_from_credentials flag' do
-            it 'consumes the service ticket' do
-              processor.process(parameters_with_renew)
-              service_ticket.reload
-              service_ticket.consumed.should == true
-            end
-            it 'calls the #validation_failed method on the listener' do
-              listener.should_receive(:validation_failed).with(regex_failure)
-              processor.process(parameters_with_renew)
-            end
-          end
-          context 'with a service ticket with issued_from_credentials flag' do
-            before(:each) do
-              service_ticket.issued_from_credentials = true
-              service_ticket.save!
-            end
-            it 'consumes the service ticket' do
-              processor.process(parameters_with_renew)
-              service_ticket.reload
-              service_ticket.consumed.should == true
-            end
-            it 'calls the #validation_succeeded method on the listener' do
-              listener.should_receive(:validation_succeeded).with(regex_success)
-              processor.process(parameters_with_renew)
-            end
-          end
-        end
-        context 'with proxy-granting ticket callback server' do
-          let(:pgt_url) { 'https://www.example.org' }
-          let(:parameters_with_pgt_url) { parameters.merge pgtUrl: pgt_url }
-          before(:each) do
-            stub_request(:get, /#{pgt_url}\/\?pgtId=[^&]+&pgtIou=[^&]+/)
-          end
-          context 'not using https' do
-            let(:pgt_url) { 'http://www.example.org' }
-            it 'calls the #validation_succeeded method on the listener' do
-              listener.should_receive(:validation_succeeded).with(regex_success)
-              processor.process(parameters_with_pgt_url)
-            end
-            it 'does not create a proxy-granting ticket' do
-              lambda do
-                processor.process(parameters_with_pgt_url)
-              end.should_not change(service_ticket.proxy_granting_tickets, :count)
-            end
-          end
-          it 'calls the #validation_succeeded method on the listener' do
-            listener.should_receive(:validation_succeeded).with(regex_success)
-            processor.process(parameters_with_pgt_url)
-          end
-          it 'includes the PGTIOU in the response' do
-            listener.should_receive(:validation_succeeded).with(/\<cas\:proxyGrantingTicket\>\n?\s*PGTIOU-.+/)
-            processor.process(parameters_with_pgt_url)
-          end
-          it 'creates a proxy-granting ticket' do
-            lambda do
-              processor.process(parameters_with_pgt_url)
-            end.should change(service_ticket.proxy_granting_tickets, :count).by(1)
-          end
-          it 'contacts the callback server' do
-            processor.process(parameters_with_pgt_url)
-            proxy_granting_ticket = CASino::ProxyGrantingTicket.last
-            WebMock.should have_requested(:get, 'https://www.example.org').with(query: {
-              pgtId: proxy_granting_ticket.ticket,
-              pgtIou: proxy_granting_ticket.iou
-            })
-          end
-          context 'when callback server gives an error' do
-            before(:each) do
-              stub_request(:get, /#{pgt_url}.*/).to_return status: 404
-            end
-            it 'calls the #validation_succeeded method on the listener' do
-              listener.should_receive(:validation_succeeded).with(regex_success)
-              processor.process(parameters_with_pgt_url)
-            end
-            it 'does not create a proxy-granting ticket' do
-              lambda do
-                processor.process(parameters_with_pgt_url)
-              end.should_not change(service_ticket.proxy_granting_tickets, :count)
-            end
-          end
-          context 'when callback server is unreachable' do
-            before(:each) do
-              stub_request(:get, /#{pgt_url}.*/).to_raise(Timeout::Error)
-            end
-            it 'calls the #validation_succeeded method on the listener' do
-              listener.should_receive(:validation_succeeded).with(regex_success)
-              processor.process(parameters_with_pgt_url)
-            end
-            it 'does not create a proxy-granting ticket' do
-              lambda do
-                processor.process(parameters_with_pgt_url)
-              end.should_not change(service_ticket.proxy_granting_tickets, :count)
-            end
-          end
-        end
-      end
-      context 'with a consumed service ticket' do
-        before(:each) do
-          service_ticket.consumed = true
-          service_ticket.save!
-        end
-        it 'calls the #validation_failed method on the listener' do
-          listener.should_receive(:validation_failed).with(regex_failure)
-          processor.process(parameters)
-        end
-      end
-    end
-  end
-end