RubyGems - casino - Versions diffs - 3.0.4 → 4.0.0.pre.1 - Mend

casino 3.0.4 → 4.0.0.pre.1

Files changed (149) hide show

data/spec/controllers/two_factor_authenticators_controller_spec.rb CHANGED

@@ -1,34 +1,233 @@
 require 'spec_helper'
 describe CASino::TwoFactorAuthenticatorsController do
+  include CASino::Engine.routes.url_helpers
+  let(:params) { { } }
+  let(:request_options) { params.merge(use_route: :casino) }
   describe 'GET "new"' do
-    it 'calls the process method of the TwoFactorAuthenticatorRegistrator' do
-      CASino::TwoFactorAuthenticatorRegistratorProcessor.any_instance.should_receive(:process)
-      get :new, use_route: :casino
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+      before(:each) do
+        sign_in(ticket_granting_ticket)
+      end
+      it 'creates exactly one authenticator' do
+        lambda do
+          get :new, request_options
+        end.should change(CASino::TwoFactorAuthenticator, :count).by(1)
+      end
+      it 'assigns the two_factor_authenticator' do
+        get :new, request_options
+        assigns(:two_factor_authenticator).should be_kind_of(CASino::TwoFactorAuthenticator)
+      end
+      it 'creates an inactive two-factor authenticator' do
+        get :new, request_options
+        CASino::TwoFactorAuthenticator.last.should_not be_active
+      end
+      it 'renders the new template' do
+        get :new, request_options
+        response.should render_template(:new)
+      end
+    end
+    context 'without a ticket-granting ticket' do
+      it 'redirects to the login page' do
+        get :new, request_options
+        response.should redirect_to(login_path)
+      end
     end
   end
   describe 'POST "create"' do
-    it 'calls the process method of the TwoFactorAuthenticatorActivator' do
-      CASino::TwoFactorAuthenticatorActivatorProcessor.any_instance.should_receive(:process) do
-        @controller.render nothing: true
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:id) { two_factor_authenticator.id }
+      let(:otp) { '123456' }
+      let(:params) { { otp: otp, id: id } }
+      before(:each) do
+        sign_in(ticket_granting_ticket)
+      end
+      context 'with an invalid authenticator' do
+        context 'with an expired authenticator' do
+          let(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, :inactive, user: user }
+          before(:each) do
+            two_factor_authenticator.created_at = 10.hours.ago
+            two_factor_authenticator.save!
+          end
+          it 'redirects to the two-factor authenticator new page' do
+            post :create, request_options
+            response.should redirect_to(new_two_factor_authenticator_path)
+          end
+          it 'adds a error message' do
+            post :create, request_options
+            flash[:error].should == I18n.t('two_factor_authenticators.invalid_two_factor_authenticator')
+          end
+        end
+        context 'with a authenticator of another user' do
+          let(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, :inactive }
+          before(:each) do
+            two_factor_authenticator.created_at = 10.hours.ago
+            two_factor_authenticator.save!
+          end
+          it 'redirects to the two-factor authenticator new page' do
+            post :create, request_options
+            response.should redirect_to(new_two_factor_authenticator_path)
+          end
+        end
+      end
+      context 'with a valid authenticator' do
+        let(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, :inactive, user: user }
+        context 'with a valid OTP' do
+          before(:each) do
+            ROTP::TOTP.any_instance.should_receive(:verify_with_drift).with(otp, 30).and_return(true)
+          end
+          it 'redirects to the session overview' do
+            post :create, request_options
+            response.should redirect_to(sessions_path)
+          end
+          it 'adds a notice' do
+            post :create, request_options
+            flash[:notice].should == I18n.t('two_factor_authenticators.successfully_activated')
+          end
+          it 'does activate the authenticator' do
+            post :create, request_options
+            two_factor_authenticator.reload.should be_active
+          end
+          context 'when another two-factor authenticator was active' do
+            let!(:other_two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
+            it 'does activate the authenticator' do
+              post :create, request_options
+              two_factor_authenticator.reload.should be_active
+            end
+            it 'does delete the other authenticator' do
+              post :create, request_options
+              lambda do
+                other_two_factor_authenticator.reload
+              end.should raise_error(ActiveRecord::RecordNotFound)
+            end
+          end
+        end
+        context 'with an invalid OTP' do
+          before(:each) do
+            ROTP::TOTP.any_instance.should_receive(:verify_with_drift).with(otp, 30).and_return(false)
+          end
+          it 'rerenders the new page' do
+            post :create, request_options
+            response.should render_template(:new)
+          end
+          it 'adds a error message' do
+            post :create, request_options
+            flash[:error].should == I18n.t('two_factor_authenticators.invalid_one_time_password')
+          end
+          it 'assigns the two-factor authenticator' do
+            post :create, request_options
+            assigns(:two_factor_authenticator).should be_kind_of(CASino::TwoFactorAuthenticator)
+          end
+          it 'does not activate the authenticator' do
+            post :create, request_options
+            two_factor_authenticator.reload.should_not be_active
+          end
+        end
+      end
+    end
+    context 'without a ticket-granting ticket' do
+      it 'redirects to the login page' do
+        post :create, request_options
+        response.should redirect_to(login_path)
       end
-      post :create, use_route: :casino
     end
   end
   describe 'DELETE "destroy"' do
-    let(:id) { '123' }
-    let(:tgt) { 'TGT-foobar' }
-    it 'calls the process method of the TwoFactorAuthenticatorDestroyer processor' do
-      request.cookies[:tgt] = tgt
-      CASino::TwoFactorAuthenticatorDestroyerProcessor.any_instance.should_receive(:process) do |params, cookies, user_agent|
-        params[:id].should == id
-        cookies[:tgt].should == tgt
-        user_agent.should == request.user_agent
-        @controller.render nothing: true
-      end
-      delete :destroy, id:id, use_route: :casino
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:params) { { id: two_factor_authenticator.id } }
+      before(:each) do
+        sign_in(ticket_granting_ticket)
+      end
+      context 'with a valid two-factor authenticator' do
+        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
+        let!(:other_two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator }
+        it 'redirects to the session overview' do
+          delete :destroy, request_options
+          response.should redirect_to(sessions_path)
+        end
+        it 'adds a notice' do
+          delete :destroy, request_options
+          flash[:notice].should == I18n.t('two_factor_authenticators.successfully_deleted')
+        end
+        it 'deletes the two-factor authenticator' do
+          delete :destroy, request_options
+          lambda do
+            two_factor_authenticator.reload
+          end.should raise_error(ActiveRecord::RecordNotFound)
+        end
+        it 'does not delete other two-factor authenticators' do
+          lambda do
+            delete :destroy, request_options
+          end.should change(CASino::TwoFactorAuthenticator, :count).by(-1)
+        end
+      end
+      context 'with a two-factor authenticator of another user' do
+        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator }
+        it 'redirects to the session overview' do
+          delete :destroy, request_options
+          response.should redirect_to(sessions_path)
+        end
+        it 'does not delete two-factor authenticators' do
+          lambda do
+            delete :destroy, request_options
+          end.should_not change(CASino::TwoFactorAuthenticator, :count)
+        end
+      end
+    end
+    context 'without a ticket-granting ticket' do
+      it 'redirects to the login page' do
+        delete :destroy, request_options
+        response.should redirect_to(login_path)
+      end
     end
   end
 end

data/spec/dummy/config/cas.yml CHANGED

@@ -18,6 +18,9 @@ defaults: &defaults
           testuser:
             password: "foobar123"
             name: "Test User"
+            game:
+              - "StarCraft 2"
+              - "Doto"
 development:
   <<: *defaults

data/spec/dummy/config/environments/development.rb CHANGED

@@ -22,10 +22,6 @@ Dummy::Application.configure do
   # Only use best-standards-support built into browsers
   config.action_dispatch.best_standards_support = :builtin
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  config.active_record.auto_explain_threshold_in_seconds = 0.5
   # Do not compress assets
   config.assets.compress = false

data/spec/dummy/db/migrate/{20130910094259_create_base_models.casino.rb → 20140831214845_create_core_schema.casino.rb} RENAMED

@@ -1,16 +1,33 @@
-# This migration comes from casino (originally 20130809135401)
-class CreateBaseModels < ActiveRecord::Migration
-  def change
-    # Login Tickets
-    create_table :casino_login_tickets do |t|
+# This migration comes from casino (originally 20130809135400)
+# In order to support pre-2.0 installations of CASino that included CASinoCore,
+# we must rebuild the un-namespaced CASinoCore schema so that we can upgrade
+class CreateCoreSchema < ActiveRecord::Migration
+  CoreTables = %w{login_tickets proxy_granting_tickets proxy_tickets service_rules service_tickets ticket_granting_tickets two_factor_authenticators users}
+  def up
+    CoreTables.each do |table_name|
+      if !ActiveRecord::Base.connection.table_exists? table_name
+        send "create_#{table_name}"
+      end
+    end
+  end
+  def down
+    # No-op
+    # Handled by 20130809135401_rename_base_models.rb
+  end
+  def create_login_tickets
+    create_table :login_tickets do |t|
       t.string :ticket, :null => false
       t.timestamps
     end
-    add_index :casino_login_tickets, :ticket, :unique => true
+    add_index :login_tickets, :ticket, :unique => true
+  end
-    # Proxy Granting Tickets
-    create_table :casino_proxy_granting_tickets do |t|
+  def create_proxy_granting_tickets
+    create_table :proxy_granting_tickets do |t|
       t.string  :ticket,       :null => false
       t.string  :iou,          :null => false
       t.integer :granter_id,   :null => false
@@ -19,12 +36,13 @@ class CreateBaseModels < ActiveRecord::Migration
       t.timestamps
     end
-    add_index :casino_proxy_granting_tickets, :ticket, :unique => true
-    add_index :casino_proxy_granting_tickets, :iou, :unique => true
-    add_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    add_index :proxy_granting_tickets, :ticket, :unique => true
+    add_index :proxy_granting_tickets, :iou, :unique => true
+    add_index :proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_proxy_granting_tickets_on_granter", :unique => true
+  end
-    # Proxy Tickets
-    create_table :casino_proxy_tickets do |t|
+  def create_proxy_tickets
+    create_table :proxy_tickets do |t|
       t.string  :ticket,                                      :null => false
       t.string  :service,                                     :null => false
       t.boolean :consumed,                 :default => false, :null => false
@@ -32,11 +50,12 @@ class CreateBaseModels < ActiveRecord::Migration
       t.timestamps
     end
-    add_index :casino_proxy_tickets, :ticket, :unique => true
-    add_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    add_index :proxy_tickets, :ticket, :unique => true
+    add_index :proxy_tickets, :proxy_granting_ticket_id
+  end
-    # Service Rules
-    create_table :casino_service_rules do |t|
+  def create_service_rules
+    create_table :service_rules do |t|
       t.boolean :enabled, :default => true,  :null => false
       t.integer :order,   :default => 10,    :null => false
       t.string  :name,                       :null => false
@@ -45,10 +64,11 @@ class CreateBaseModels < ActiveRecord::Migration
       t.timestamps
     end
-    add_index :casino_service_rules, :url, :unique => true
+    add_index :service_rules, :url, :unique => true
+  end
-    # Service Tickets
-    create_table :casino_service_tickets do |t|
+  def create_service_tickets
+    create_table :service_tickets do |t|
       t.string  :ticket,                                      :null => false
       t.string  :service,                                     :null => false
       t.integer :ticket_granting_ticket_id
@@ -57,11 +77,12 @@ class CreateBaseModels < ActiveRecord::Migration
       t.timestamps
     end
-    add_index :casino_service_tickets, :ticket, :unique => true
-    add_index :casino_service_tickets, :ticket_granting_ticket_id
+    add_index :service_tickets, :ticket, :unique => true
+    add_index :service_tickets, :ticket_granting_ticket_id
+  end
-    # Ticket Granting Tickets
-    create_table :casino_ticket_granting_tickets do |t|
+  def create_ticket_granting_tickets
+    create_table :ticket_granting_tickets do |t|
       t.string  :ticket,                                                :null => false
       t.string  :user_agent
       t.integer :user_id,                                               :null => false
@@ -70,26 +91,28 @@ class CreateBaseModels < ActiveRecord::Migration
       t.timestamps
     end
-    add_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    add_index :ticket_granting_tickets, :ticket, :unique => true
+  end
-    # Two Factor Authenticators
-    create_table :casino_two_factor_authenticators do |t|
+  def create_two_factor_authenticators
+    create_table :two_factor_authenticators do |t|
       t.integer :user_id,                    :null => false
       t.string  :secret,                     :null => false
       t.boolean :active,  :default => false, :null => false
       t.timestamps
     end
-    add_index :casino_two_factor_authenticators, :user_id
+    add_index :two_factor_authenticators, :user_id
+  end
-    # Users
-    create_table :casino_users do |t|
+  def create_users
+    create_table :users do |t|
       t.string  :authenticator,   :null => false
       t.string  :username,        :null => false
       t.text    :extra_attributes
       t.timestamps
     end
-    add_index :casino_users, [:authenticator, :username], :unique => true
+    add_index :users, [:authenticator, :username], :unique => true
   end
-end
+end

data/spec/dummy/db/migrate/20140831214846_rename_base_models.casino.rb ADDED

@@ -0,0 +1,102 @@
+# This migration comes from casino (originally 20130809135401)
+class RenameBaseModels < ActiveRecord::Migration
+  def up
+    # Login Tickets
+    rename_table :login_tickets, :casino_login_tickets
+    unless index_exists?(:casino_login_tickets, :ticket)
+      add_index :casino_login_tickets, :ticket, :unique => true
+    end
+    # Proxy Granting Tickets
+    rename_table :proxy_granting_tickets, :casino_proxy_granting_tickets
+    unless index_exists?(:casino_proxy_granting_tickets, :ticket)
+      add_index :casino_proxy_granting_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_proxy_granting_tickets, :iou)
+      add_index :casino_proxy_granting_tickets, :iou, :unique => true
+    end
+    unless index_exists?(:casino_proxy_granting_tickets, :name => "index_casino_proxy_granting_tickets_on_granter")
+      # Uses a custom index name because the generated one exceeds the size limit
+      add_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    end
+    # Proxy Tickets
+    rename_table :proxy_tickets, :casino_proxy_tickets
+    unless index_exists?(:casino_proxy_tickets, :ticket)
+      add_index :casino_proxy_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_proxy_tickets, :proxy_granting_ticket_id)
+      add_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    end
+    # Service Rules
+    rename_table :service_rules, :casino_service_rules
+    unless index_exists?(:casino_service_rules, :url)
+      add_index :casino_service_rules, :url, :unique => true
+    end
+    # Service Tickets
+    rename_table :service_tickets, :casino_service_tickets
+    unless index_exists?(:casino_service_tickets, :ticket)
+      add_index :casino_service_tickets, :ticket, :unique => true
+    end
+    unless index_exists?(:casino_service_tickets, :ticket_granting_ticket_id)
+      add_index :casino_service_tickets, :ticket_granting_ticket_id
+    end
+    # Ticket Granting Tickets
+    rename_table :ticket_granting_tickets, :casino_ticket_granting_tickets
+    unless index_exists?(:casino_ticket_granting_tickets, :ticket)
+      add_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    end
+    # Two-Factor Authenticators
+    rename_table :two_factor_authenticators, :casino_two_factor_authenticators
+    unless index_exists?(:casino_two_factor_authenticators, :user_id)
+      add_index :casino_two_factor_authenticators, :user_id
+    end
+    # Users
+    rename_table :users, :casino_users
+    unless index_exists?(:casino_users, [:authenticator, :username])
+      add_index :casino_users, [:authenticator, :username], :unique => true
+    end
+  end
+  def down
+    remove_index :casino_login_tickets, :ticket
+    drop_table :casino_login_tickets
+    # Proxy Granting Tickets
+    remove_index :casino_proxy_granting_tickets, :ticket, :unique => true
+    remove_index :casino_proxy_granting_tickets, :iou, :unique => true
+    remove_index :casino_proxy_granting_tickets, [:granter_type, :granter_id], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
+    drop_table :casino_proxy_granting_tickets
+    # Proxy Tickets
+    remove_index :casino_proxy_tickets, :ticket, :unique => true
+    remove_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    drop_table :casino_proxy_tickets
+    # Service Rules
+    remove_index :casino_service_rules, :url, :unique => true
+    drop_table :casino_service_rules
+    # Service Tickets
+    remove_index :casino_service_tickets, :ticket, :unique => true
+    remove_index :casino_service_tickets, :ticket_granting_ticket_id
+    drop_table :casino_service_tickets
+    # Ticket Granting Tickets
+    remove_index :casino_ticket_granting_tickets, :ticket, :unique => true
+    drop_table :casino_ticket_granting_tickets
+    # Two-Factor Authenticators
+    remove_index :casino_two_factor_authenticators, :user_id
+    drop_table :casino_two_factor_authenticators
+    # Users
+    remove_index :casino_users, [:authenticator, :username], :unique => true
+    drop_table :casino_users
+  end
+end