casino 3.0.4 → 4.0.0.pre.1

data/spec/dummy/db/migrate/20140831214847_cleanup_indexes.casino.rb

@@ -0,0 +1,28 @@
+# This migration comes from casino (originally 20131022110146)
+class CleanupIndexes < ActiveRecord::Migration
+  def change
+    # delete some leftovers in migrated CASino 1.x installations
+    remove_deprecated_index_if_exists :login_tickets, [:ticket]
+    remove_deprecated_index_if_exists :proxy_granting_tickets, [:granter_type, :granter_id]
+    remove_deprecated_index_if_exists :proxy_granting_tickets, [:iou]
+    remove_deprecated_index_if_exists :proxy_tickets, [:proxy_granting_ticket_id]
+    remove_deprecated_index_if_exists :proxy_tickets, [:ticket]
+    remove_deprecated_index_if_exists :service_rules, [:url]
+    remove_deprecated_index_if_exists :service_tickets, [:ticket]
+    remove_deprecated_index_if_exists :service_tickets, [:ticket_granting_ticket_id]
+    remove_deprecated_index_if_exists :ticket_granting_tickets, [:ticket]
+    remove_deprecated_index_if_exists :two_factor_authenticators, [:user_id]
+    remove_deprecated_index_if_exists :users, [:authenticator, :username]
+  end
+
+  private
+  def remove_deprecated_index_if_exists(old_table_name, column_names)
+    table_name = :"casino_#{old_table_name}"
+    index_name = :"index_#{old_table_name}_on_#{column_names.join('_and_')}"
+    if index_name_exists?(table_name, index_name, false)
+      remove_index table_name, name: index_name
+    else
+      puts "index #{index_name} on #{table_name} not found"
+    end
+  end
+end

data/spec/dummy/db/migrate/20140831214848_fix_long_index_names.casino.rb

@@ -0,0 +1,13 @@
+# This migration comes from casino (originally 20131022110246)
+class FixLongIndexNames < ActiveRecord::Migration
+  def change
+    # Long names prevent us from doing some migrations, because the resulting
+    # temporary index names would be longer than 64 characters:
+    # Index name 'temp_index_altered_casino_proxy_tickets_on_proxy_granting_ticket_id' on table
+    # 'altered_casino_proxy_tickets' is too long; the limit is 64 characters
+    remove_index :casino_service_tickets, :ticket_granting_ticket_id
+    remove_index :casino_proxy_tickets, :proxy_granting_ticket_id
+    add_index :casino_service_tickets, :ticket_granting_ticket_id, name: 'casino_service_tickets_on_tgt_id'
+    add_index :casino_proxy_tickets, :proxy_granting_ticket_id, name: 'casino_proxy_tickets_on_pgt_id'
+  end
+end

data/spec/dummy/db/migrate/20140831214849_change_service_to_text.casino.rb

@@ -0,0 +1,7 @@
+# This migration comes from casino (originally 20131022110346)
+class ChangeServiceToText < ActiveRecord::Migration
+  def change
+    change_column :casino_proxy_tickets, :service, :text
+    change_column :casino_service_tickets, :service, :text
+  end
+end

data/spec/dummy/db/migrate/20140831214850_change_user_agent_to_text.casino.rb

@@ -0,0 +1,6 @@
+# This migration comes from casino (originally 20140821142611)
+class ChangeUserAgentToText < ActiveRecord::Migration
+  def change
+    change_column :casino_ticket_granting_tickets, :user_agent, :text
+  end
+end

data/spec/dummy/db/migrate/20140831214851_fix_length_of_text_fields.casino.rb

@@ -0,0 +1,8 @@
+# This migration comes from casino (originally 20140827183611)
+class FixLengthOfTextFields < ActiveRecord::Migration
+  def change
+    change_column :casino_proxy_tickets, :service, :text, :limit => nil
+    change_column :casino_service_tickets, :service, :text, :limit => nil
+    change_column :casino_ticket_granting_tickets, :user_agent, :text, :limit => nil
+  end
+end

data/spec/dummy/db/migrate/20140831214852_create_auth_token_tickets.casino.rb

@@ -0,0 +1,11 @@
+# This migration comes from casino (originally 20140831205255)
+class CreateAuthTokenTickets < ActiveRecord::Migration
+  def change
+    create_table :casino_auth_token_tickets do |t|
+      t.string :ticket, :null => false
+
+      t.timestamps
+    end
+    add_index :casino_auth_token_tickets, :ticket, :unique => true
+  end
+end

data/spec/dummy/db/schema.rb

@@ -9,99 +9,108 @@
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
 # you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130910094259) do
+ActiveRecord::Schema.define(version: 20140831214852) do
 
-  create_table "casino_login_tickets", :force => true do |t|
-    t.string   "ticket",     :null => false
-    t.datetime "created_at", :null => false
-    t.datetime "updated_at", :null => false
+  create_table "casino_auth_token_tickets", force: true do |t|
+    t.string   "ticket",     null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_login_tickets", ["ticket"], :name => "index_casino_login_tickets_on_ticket", :unique => true
+  add_index "casino_auth_token_tickets", ["ticket"], name: "index_casino_auth_token_tickets_on_ticket", unique: true
 
-  create_table "casino_proxy_granting_tickets", :force => true do |t|
-    t.string   "ticket",       :null => false
-    t.string   "iou",          :null => false
-    t.integer  "granter_id",   :null => false
-    t.string   "pgt_url",      :null => false
-    t.string   "granter_type", :null => false
-    t.datetime "created_at",   :null => false
-    t.datetime "updated_at",   :null => false
+  create_table "casino_login_tickets", force: true do |t|
+    t.string   "ticket",     null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_proxy_granting_tickets", ["granter_type", "granter_id"], :name => "index_casino_proxy_granting_tickets_on_granter", :unique => true
-  add_index "casino_proxy_granting_tickets", ["iou"], :name => "index_casino_proxy_granting_tickets_on_iou", :unique => true
-  add_index "casino_proxy_granting_tickets", ["ticket"], :name => "index_casino_proxy_granting_tickets_on_ticket", :unique => true
-
-  create_table "casino_proxy_tickets", :force => true do |t|
-    t.string   "ticket",                                      :null => false
-    t.string   "service",                                     :null => false
-    t.boolean  "consumed",                 :default => false, :null => false
-    t.integer  "proxy_granting_ticket_id",                    :null => false
-    t.datetime "created_at",                                  :null => false
-    t.datetime "updated_at",                                  :null => false
+  add_index "casino_login_tickets", ["ticket"], name: "index_casino_login_tickets_on_ticket", unique: true
+
+  create_table "casino_proxy_granting_tickets", force: true do |t|
+    t.string   "ticket",       null: false
+    t.string   "iou",          null: false
+    t.integer  "granter_id",   null: false
+    t.string   "pgt_url",      null: false
+    t.string   "granter_type", null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "casino_proxy_granting_tickets", ["granter_type", "granter_id"], name: "index_casino_proxy_granting_tickets_on_granter", unique: true
+  add_index "casino_proxy_granting_tickets", ["granter_type", "granter_id"], name: "index_proxy_granting_tickets_on_granter", unique: true
+  add_index "casino_proxy_granting_tickets", ["iou"], name: "index_casino_proxy_granting_tickets_on_iou", unique: true
+  add_index "casino_proxy_granting_tickets", ["ticket"], name: "index_casino_proxy_granting_tickets_on_ticket", unique: true
+
+  create_table "casino_proxy_tickets", force: true do |t|
+    t.string   "ticket",                                   null: false
+    t.text     "service",                                  null: false
+    t.boolean  "consumed",                 default: false, null: false
+    t.integer  "proxy_granting_ticket_id",                 null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_proxy_tickets", ["proxy_granting_ticket_id"], :name => "index_casino_proxy_tickets_on_proxy_granting_ticket_id"
-  add_index "casino_proxy_tickets", ["ticket"], :name => "index_casino_proxy_tickets_on_ticket", :unique => true
-
-  create_table "casino_service_rules", :force => true do |t|
-    t.boolean  "enabled",    :default => true,  :null => false
-    t.integer  "order",      :default => 10,    :null => false
-    t.string   "name",                          :null => false
-    t.string   "url",                           :null => false
-    t.boolean  "regex",      :default => false, :null => false
-    t.datetime "created_at",                    :null => false
-    t.datetime "updated_at",                    :null => false
+  add_index "casino_proxy_tickets", ["proxy_granting_ticket_id"], name: "casino_proxy_tickets_on_pgt_id"
+  add_index "casino_proxy_tickets", ["ticket"], name: "index_casino_proxy_tickets_on_ticket", unique: true
+
+  create_table "casino_service_rules", force: true do |t|
+    t.boolean  "enabled",    default: true,  null: false
+    t.integer  "order",      default: 10,    null: false
+    t.string   "name",                       null: false
+    t.string   "url",                        null: false
+    t.boolean  "regex",      default: false, null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_service_rules", ["url"], :name => "index_casino_service_rules_on_url", :unique => true
+  add_index "casino_service_rules", ["url"], name: "index_casino_service_rules_on_url", unique: true
 
-  create_table "casino_service_tickets", :force => true do |t|
-    t.string   "ticket",                                       :null => false
-    t.string   "service",                                      :null => false
+  create_table "casino_service_tickets", force: true do |t|
+    t.string   "ticket",                                    null: false
+    t.text     "service",                                   null: false
     t.integer  "ticket_granting_ticket_id"
-    t.boolean  "consumed",                  :default => false, :null => false
-    t.boolean  "issued_from_credentials",   :default => false, :null => false
-    t.datetime "created_at",                                   :null => false
-    t.datetime "updated_at",                                   :null => false
+    t.boolean  "consumed",                  default: false, null: false
+    t.boolean  "issued_from_credentials",   default: false, null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_service_tickets", ["ticket"], :name => "index_casino_service_tickets_on_ticket", :unique => true
-  add_index "casino_service_tickets", ["ticket_granting_ticket_id"], :name => "index_casino_service_tickets_on_ticket_granting_ticket_id"
-
-  create_table "casino_ticket_granting_tickets", :force => true do |t|
-    t.string   "ticket",                                                :null => false
-    t.string   "user_agent"
-    t.integer  "user_id",                                               :null => false
-    t.boolean  "awaiting_two_factor_authentication", :default => false, :null => false
-    t.boolean  "long_term",                          :default => false, :null => false
-    t.datetime "created_at",                                            :null => false
-    t.datetime "updated_at",                                            :null => false
+  add_index "casino_service_tickets", ["ticket"], name: "index_casino_service_tickets_on_ticket", unique: true
+  add_index "casino_service_tickets", ["ticket_granting_ticket_id"], name: "casino_service_tickets_on_tgt_id"
+
+  create_table "casino_ticket_granting_tickets", force: true do |t|
+    t.string   "ticket",                                             null: false
+    t.text     "user_agent"
+    t.integer  "user_id",                                            null: false
+    t.boolean  "awaiting_two_factor_authentication", default: false, null: false
+    t.boolean  "long_term",                          default: false, null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_ticket_granting_tickets", ["ticket"], :name => "index_casino_ticket_granting_tickets_on_ticket", :unique => true
+  add_index "casino_ticket_granting_tickets", ["ticket"], name: "index_casino_ticket_granting_tickets_on_ticket", unique: true
 
-  create_table "casino_two_factor_authenticators", :force => true do |t|
-    t.integer  "user_id",                       :null => false
-    t.string   "secret",                        :null => false
-    t.boolean  "active",     :default => false, :null => false
-    t.datetime "created_at",                    :null => false
-    t.datetime "updated_at",                    :null => false
+  create_table "casino_two_factor_authenticators", force: true do |t|
+    t.integer  "user_id",                    null: false
+    t.string   "secret",                     null: false
+    t.boolean  "active",     default: false, null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_two_factor_authenticators", ["user_id"], :name => "index_casino_two_factor_authenticators_on_user_id"
+  add_index "casino_two_factor_authenticators", ["user_id"], name: "index_casino_two_factor_authenticators_on_user_id"
 
-  create_table "casino_users", :force => true do |t|
-    t.string   "authenticator",    :null => false
-    t.string   "username",         :null => false
+  create_table "casino_users", force: true do |t|
+    t.string   "authenticator",    null: false
+    t.string   "username",         null: false
     t.text     "extra_attributes"
-    t.datetime "created_at",       :null => false
-    t.datetime "updated_at",       :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "casino_users", ["authenticator", "username"], :name => "index_casino_users_on_authenticator_and_username", :unique => true
+  add_index "casino_users", ["authenticator", "username"], name: "index_casino_users_on_authenticator_and_username", unique: true
 
 end

data/spec/features/login_spec.rb

@@ -65,13 +65,4 @@ describe 'Login' do
     it { should have_button('Login') }
     it { should have_text('Incorrect username or password') }
   end
-
-  context 'with german locale' do
-    before do
-      page.driver.header 'Accept-Language', 'de'
-      visit login_path
-    end
-
-    it { should have_text('Benutzername') }
-  end
 end

data/spec/model/auth_token_ticket_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe CASino::AuthTokenTicket do
+  describe '.cleanup' do
+    it 'deletes expired auth token tickets' do
+      ticket = described_class.new ticket: 'ATT-12345'
+      ticket.save!
+      ticket.created_at = 10.minutes.ago
+      ticket.save!
+      lambda do
+        described_class.cleanup
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('ATT-12345').should be_falsey
+    end
+  end
+
+  describe '#to_s' do
+    it 'returns the ticket identifier' do
+      ticket = described_class.new ticket: 'ATT-12345'
+      "#{ticket}".should == ticket.ticket
+    end
+  end
+end

data/spec/services/auth_token_validation_service_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe CASino::AuthTokenValidationService do
+  let(:token) { 'le_token' }
+  let(:signature) { 'le_signature' }
+
+  subject { described_class.new(token, signature) }
+
+  context 'without any token signers' do
+    before(:each) do
+      Dir.stub(:glob).with(CASino::AuthTokenValidationService::AUTH_TOKEN_SIGNERS_GLOB).and_return(nil)
+    end
+
+    its(:user_data) { should == nil }
+    its(:validation_result) { should == nil }
+  end
+
+  context 'with token signers' do
+    let(:signer_path) { '/test.pem' }
+    let(:signer_path_content) { 'this_is_le_certificate' }
+    let(:digest) { 'le_digest' }
+    let(:rsa_stub) do
+      double(OpenSSL::PKey::RSA).tap do |mock|
+        mock.stub(:verify).with(digest, signature, token).and_return(signature_valid)
+      end
+    end
+
+    before(:each) do
+      Dir.stub(:glob).with(CASino::AuthTokenValidationService::AUTH_TOKEN_SIGNERS_GLOB) do |&block|
+        block.call(signer_path)
+      end
+      File.stub(:read).with(signer_path).and_return(signer_path_content)
+      OpenSSL::Digest::SHA256.stub(:new).and_return(digest)
+      OpenSSL::PKey::RSA.stub(:new).with(signer_path_content).and_return(rsa_stub)
+    end
+
+    context 'with an invalid signature' do
+      let(:signature_valid) { false }
+
+      its(:user_data) { should == nil }
+      its(:validation_result) { should == nil }
+    end
+
+    context 'with a valid signature' do
+      let(:signature_valid) { true }
+
+      before(:each) do
+        CASino::AuthTokenTicket.stub(:consume).and_return(ticket_valid)
+      end
+
+      context 'with an invalid ticket' do
+        let(:ticket_valid) { false }
+
+        its(:user_data) { should == nil }
+        its(:validation_result) { should == nil }
+      end
+
+      context 'with a valid ticket' do
+        let(:ticket_valid) { true }
+
+        before(:each) do
+          JSON.stub(:parse).and_return(token_data)
+        end
+
+        context 'with invalid user data' do
+          let(:token_data) { { authenticator: 'test', username: 'example' } }
+
+          its(:user_data) { should == nil }
+          its(:validation_result) { should == nil }
+        end
+
+        context 'with valid user data' do
+          let(:token_data) { { authenticator: 'static', username: 'testuser' } }
+          let(:user_data) { { username: 'testuser', extra_attributes: { "name" => "Test User", "game" => [ "StarCraft 2", "Doto" ] } } }
+          let(:validation_result) { { authenticator: 'static', user_data: user_data } }
+
+          its(:user_data) { should == user_data }
+          its(:validation_result) { should == validation_result }
+        end
+      end
+    end
+  end
+end

data/spec/support/sign_in.rb

@@ -0,0 +1,4 @@
+def sign_in(ticket_granting_ticket)
+  request.cookies[:tgt] = ticket_granting_ticket.ticket
+  request.user_agent = ticket_granting_ticket.user_agent
+end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino
 version: !ruby/object:Gem::Version
-  version: 3.0.4
-  prerelease: 
+  version: 4.0.0.pre.1
 platform: ruby
 authors:
 - Nils Caspar
@@ -11,280 +10,280 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-01 00:00:00.000000000 Z
+date: 2015-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: factory_girl
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.1'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.9'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.3.0
 - !ruby/object:Gem::Dependency
   name: sass-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.0.0
-- !ruby/object:Gem::Dependency
-  name: http_accept_language
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 2.0.0.pre
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 2.0.0.pre
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
 - !ruby/object:Gem::Dependency
   name: useragent
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: grape-entity
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rqrcode_png
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 description: CASino is a simple CAS (Central Authentication Service) server.
 email:
 - ncaspar@me.com
@@ -294,14 +293,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .ruby-gemset
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".ruby-gemset"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/api/casino/api.rb
+- app/api/casino/api/entity/auth_token_ticket.rb
+- app/api/casino/api/resource/auth_token_tickets.rb
 - app/assets/fonts/casino-icons.eot
 - app/assets/fonts/casino-icons.svg
 - app/assets/fonts/casino-icons.ttf
@@ -310,39 +312,29 @@ files:
 - app/assets/images/logo.png
 - app/assets/images/logo@2x.png
 - app/assets/images/rails.png
-- app/assets/javascripts/casino/application.js
+- app/assets/javascripts/casino/application.js.erb
 - app/assets/javascripts/casino/index.js
 - app/assets/javascripts/casino/sessions.js
 - app/assets/stylesheets/casino.scss
 - app/assets/stylesheets/casino/icons.scss
 - app/assets/stylesheets/casino/normalize.scss
 - app/authenticators/casino/static_authenticator.rb
+- app/builders/casino/proxy_response_builder.rb
 - app/builders/casino/ticket_validation_response_builder.rb
-- app/controllers/casino/api/v1/tickets_controller.rb
 - app/controllers/casino/application_controller.rb
+- app/controllers/casino/auth_tokens_controller.rb
+- app/controllers/casino/controller_concern/ticket_validator.rb
 - app/controllers/casino/proxy_tickets_controller.rb
 - app/controllers/casino/service_tickets_controller.rb
 - app/controllers/casino/sessions_controller.rb
 - app/controllers/casino/two_factor_authenticators_controller.rb
 - app/helpers/application_helper.rb
 - app/helpers/casino/sessions_helper.rb
-- app/helpers/service_tickets_helper.rb
-- app/listeners/casino/legacy_validator_listener.rb
-- app/listeners/casino/listener.rb
-- app/listeners/casino/login_credential_acceptor_listener.rb
-- app/listeners/casino/login_credential_requestor_listener.rb
-- app/listeners/casino/logout_listener.rb
-- app/listeners/casino/other_sessions_destroyer_listener.rb
-- app/listeners/casino/proxy_ticket_provider_listener.rb
-- app/listeners/casino/second_factor_authentication_acceptor_listener.rb
-- app/listeners/casino/session_destroyer_listener.rb
-- app/listeners/casino/session_overview_listener.rb
-- app/listeners/casino/ticket_validator_listener.rb
-- app/listeners/casino/two_factor_authenticator_activator_listener.rb
-- app/listeners/casino/two_factor_authenticator_destroyer_listener.rb
-- app/listeners/casino/two_factor_authenticator_overview_listener.rb
-- app/listeners/casino/two_factor_authenticator_registrator_listener.rb
+- app/helpers/casino/two_factor_authenticators_helper.rb
+- app/models/casino/auth_token_ticket.rb
 - app/models/casino/login_ticket.rb
+- app/models/casino/model_concern/consumable_ticket.rb
+- app/models/casino/model_concern/ticket.rb
 - app/models/casino/proxy_granting_ticket.rb
 - app/models/casino/proxy_ticket.rb
 - app/models/casino/service_rule.rb
@@ -352,34 +344,13 @@ files:
 - app/models/casino/two_factor_authenticator.rb
 - app/models/casino/user.rb
 - app/models/casino/validation_result.rb
-- app/processors/casino/api/login_credential_acceptor_processor.rb
-- app/processors/casino/api/logout_processor.rb
-- app/processors/casino/api/service_ticket_provider_processor.rb
-- app/processors/casino/legacy_validator_processor.rb
-- app/processors/casino/login_credential_acceptor_processor.rb
-- app/processors/casino/login_credential_requestor_processor.rb
-- app/processors/casino/logout_processor.rb
-- app/processors/casino/other_sessions_destroyer_processor.rb
-- app/processors/casino/processor.rb
-- app/processors/casino/processor_concern/authentication.rb
-- app/processors/casino/processor_concern/browser.rb
-- app/processors/casino/processor_concern/login_tickets.rb
-- app/processors/casino/processor_concern/proxy_granting_tickets.rb
-- app/processors/casino/processor_concern/proxy_tickets.rb
-- app/processors/casino/processor_concern/service_tickets.rb
-- app/processors/casino/processor_concern/ticket_granting_tickets.rb
-- app/processors/casino/processor_concern/tickets.rb
-- app/processors/casino/processor_concern/two_factor_authenticators.rb
-- app/processors/casino/proxy_ticket_provider_processor.rb
-- app/processors/casino/proxy_ticket_validator_processor.rb
-- app/processors/casino/second_factor_authentication_acceptor_processor.rb
-- app/processors/casino/service_ticket_validator_processor.rb
-- app/processors/casino/session_destroyer_processor.rb
-- app/processors/casino/session_overview_processor.rb
-- app/processors/casino/two_factor_authenticator_activator_processor.rb
-- app/processors/casino/two_factor_authenticator_destroyer_processor.rb
-- app/processors/casino/two_factor_authenticator_overview_processor.rb
-- app/processors/casino/two_factor_authenticator_registrator_processor.rb
+- app/processors/casino/authentication_processor.rb
+- app/processors/casino/browser_processor.rb
+- app/processors/casino/proxy_granting_ticket_processor.rb
+- app/processors/casino/service_ticket_processor.rb
+- app/processors/casino/ticket_granting_ticket_processor.rb
+- app/processors/casino/two_factor_authenticator_processor.rb
+- app/services/casino/auth_token_validation_service.rb
 - app/views/casino/application/_footer.html.erb
 - app/views/casino/application/_messages.html.erb
 - app/views/casino/service_tickets/validate.text.erb
@@ -399,6 +370,8 @@ files:
 - config/initializers/wrap_parameters.rb
 - config/locales/de.yml
 - config/locales/en.yml
+- config/locales/zh-CN.yml
+- config/locales/zh-TW.yml
 - config/routes.rb
 - db/migrate/20130809135400_create_core_schema.rb
 - db/migrate/20130809135401_rename_base_models.rb
@@ -407,6 +380,7 @@ files:
 - db/migrate/20131022110346_change_service_to_text.rb
 - db/migrate/20140821142611_change_user_agent_to_text.rb
 - db/migrate/20140827183611_fix_length_of_text_fields.rb
+- db/migrate/20140831205255_create_auth_token_tickets.rb
 - lib/assets/.gitkeep
 - lib/casino.rb
 - lib/casino/authenticator.rb
@@ -433,22 +407,9 @@ files:
 - script/rails
 - spec/authenticator/base_spec.rb
 - spec/authenticator/static_spec.rb
-- spec/controllers/api/v1/tickets_controller_spec.rb
-- spec/controllers/listener/legacy_validator_spec.rb
-- spec/controllers/listener/login_credential_acceptor_spec.rb
-- spec/controllers/listener/login_credential_requestor_spec.rb
-- spec/controllers/listener/logout_spec.rb
-- spec/controllers/listener/other_sessions_destroyer_spec.rb
-- spec/controllers/listener/proxy_ticket_provider_spec.rb
-- spec/controllers/listener/second_factor_authentication_acceptor_spec.rb
-- spec/controllers/listener/session_destroyer_spec.rb
-- spec/controllers/listener/session_overview_spec.rb
-- spec/controllers/listener/ticket_validator_spec.rb
-- spec/controllers/listener/two_factor_authenticator_activator_spec.rb
-- spec/controllers/listener/two_factor_authenticator_destroyer_spec.rb
-- spec/controllers/listener/two_factor_authenticator_overview_spec.rb
-- spec/controllers/listener/two_factor_authenticator_registrator_spec.rb
+- spec/controllers/auth_tokens_controller_spec.rb
 - spec/controllers/proxy_tickets_controller_spec.rb
+- spec/controllers/service_and_proxy_tickets_controller_spec.rb
 - spec/controllers/service_tickets_controller_spec.rb
 - spec/controllers/sessions_controller_spec.rb
 - spec/controllers/two_factor_authenticators_controller_spec.rb
@@ -479,7 +440,14 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/.gitkeep
-- spec/dummy/db/migrate/20130910094259_create_base_models.casino.rb
+- spec/dummy/db/migrate/20140831214845_create_core_schema.casino.rb
+- spec/dummy/db/migrate/20140831214846_rename_base_models.casino.rb
+- spec/dummy/db/migrate/20140831214847_cleanup_indexes.casino.rb
+- spec/dummy/db/migrate/20140831214848_fix_long_index_names.casino.rb
+- spec/dummy/db/migrate/20140831214849_change_service_to_text.casino.rb
+- spec/dummy/db/migrate/20140831214850_change_user_agent_to_text.casino.rb
+- spec/dummy/db/migrate/20140831214851_fix_length_of_text_fields.casino.rb
+- spec/dummy/db/migrate/20140831214852_create_auth_token_tickets.casino.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
@@ -492,6 +460,7 @@ files:
 - spec/features/logout_spec.rb
 - spec/features/session_overview_spec.rb
 - spec/features/two_factor_authenticator_spec.rb
+- spec/model/auth_token_ticket_spec.rb
 - spec/model/login_ticket_spec.rb
 - spec/model/proxy_ticket_spec.rb
 - spec/model/service_rule_spec.rb
@@ -499,25 +468,7 @@ files:
 - spec/model/service_ticket_spec.rb
 - spec/model/ticket_granting_ticket_spec.rb
 - spec/model/two_factor_authenticator_spec.rb
-- spec/processor/api/login_credential_acceptor_spec.rb
-- spec/processor/api/logout_spec.rb
-- spec/processor/api/service_ticket_provider_spec.rb
-- spec/processor/legacy_validator_spec.rb
-- spec/processor/login_credential_acceptor_spec.rb
-- spec/processor/login_credential_requestor_spec.rb
-- spec/processor/logout_other_sessions_spec.rb
-- spec/processor/logout_spec.rb
-- spec/processor/processor_concern/service_tickets_spec.rb
-- spec/processor/proxy_ticket_provider_spec.rb
-- spec/processor/proxy_ticket_validator_spec.rb
-- spec/processor/second_factor_authenticaton_acceptor_spec.rb
-- spec/processor/session_destroyer_spec.rb
-- spec/processor/session_overview_spec.rb
-- spec/processor/ticket_validator_spec.rb
-- spec/processor/two_factor_authenticator_activator_spec.rb
-- spec/processor/two_factor_authenticator_destroyer_spec.rb
-- spec/processor/two_factor_authenticator_overview_spec.rb
-- spec/processor/two_factor_authenticator_registrator_spec.rb
+- spec/services/auth_token_validation_service_spec.rb
 - spec/spec_helper.rb
 - spec/support/.gitkeep
 - spec/support/casino.rb
@@ -531,53 +482,40 @@ files:
 - spec/support/factories/user_factory.rb
 - spec/support/features_helper.rb
 - spec/support/rspec.rb
+- spec/support/sign_in.rb
 - spec/support/sqlite3.rb
 - vendor/assets/javascripts/.gitkeep
 - vendor/assets/stylesheets/.gitkeep
 homepage: http://rbcas.org/
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A simple CAS server written in Ruby using the Rails framework.
 test_files:
 - spec/authenticator/base_spec.rb
 - spec/authenticator/static_spec.rb
-- spec/controllers/api/v1/tickets_controller_spec.rb
-- spec/controllers/listener/legacy_validator_spec.rb
-- spec/controllers/listener/login_credential_acceptor_spec.rb
-- spec/controllers/listener/login_credential_requestor_spec.rb
-- spec/controllers/listener/logout_spec.rb
-- spec/controllers/listener/other_sessions_destroyer_spec.rb
-- spec/controllers/listener/proxy_ticket_provider_spec.rb
-- spec/controllers/listener/second_factor_authentication_acceptor_spec.rb
-- spec/controllers/listener/session_destroyer_spec.rb
-- spec/controllers/listener/session_overview_spec.rb
-- spec/controllers/listener/ticket_validator_spec.rb
-- spec/controllers/listener/two_factor_authenticator_activator_spec.rb
-- spec/controllers/listener/two_factor_authenticator_destroyer_spec.rb
-- spec/controllers/listener/two_factor_authenticator_overview_spec.rb
-- spec/controllers/listener/two_factor_authenticator_registrator_spec.rb
+- spec/controllers/auth_tokens_controller_spec.rb
 - spec/controllers/proxy_tickets_controller_spec.rb
+- spec/controllers/service_and_proxy_tickets_controller_spec.rb
 - spec/controllers/service_tickets_controller_spec.rb
 - spec/controllers/sessions_controller_spec.rb
 - spec/controllers/two_factor_authenticators_controller_spec.rb
@@ -608,7 +546,14 @@ test_files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/.gitkeep
-- spec/dummy/db/migrate/20130910094259_create_base_models.casino.rb
+- spec/dummy/db/migrate/20140831214845_create_core_schema.casino.rb
+- spec/dummy/db/migrate/20140831214846_rename_base_models.casino.rb
+- spec/dummy/db/migrate/20140831214847_cleanup_indexes.casino.rb
+- spec/dummy/db/migrate/20140831214848_fix_long_index_names.casino.rb
+- spec/dummy/db/migrate/20140831214849_change_service_to_text.casino.rb
+- spec/dummy/db/migrate/20140831214850_change_user_agent_to_text.casino.rb
+- spec/dummy/db/migrate/20140831214851_fix_length_of_text_fields.casino.rb
+- spec/dummy/db/migrate/20140831214852_create_auth_token_tickets.casino.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
@@ -621,6 +566,7 @@ test_files:
 - spec/features/logout_spec.rb
 - spec/features/session_overview_spec.rb
 - spec/features/two_factor_authenticator_spec.rb
+- spec/model/auth_token_ticket_spec.rb
 - spec/model/login_ticket_spec.rb
 - spec/model/proxy_ticket_spec.rb
 - spec/model/service_rule_spec.rb
@@ -628,25 +574,7 @@ test_files:
 - spec/model/service_ticket_spec.rb
 - spec/model/ticket_granting_ticket_spec.rb
 - spec/model/two_factor_authenticator_spec.rb
-- spec/processor/api/login_credential_acceptor_spec.rb
-- spec/processor/api/logout_spec.rb
-- spec/processor/api/service_ticket_provider_spec.rb
-- spec/processor/legacy_validator_spec.rb
-- spec/processor/login_credential_acceptor_spec.rb
-- spec/processor/login_credential_requestor_spec.rb
-- spec/processor/logout_other_sessions_spec.rb
-- spec/processor/logout_spec.rb
-- spec/processor/processor_concern/service_tickets_spec.rb
-- spec/processor/proxy_ticket_provider_spec.rb
-- spec/processor/proxy_ticket_validator_spec.rb
-- spec/processor/second_factor_authenticaton_acceptor_spec.rb
-- spec/processor/session_destroyer_spec.rb
-- spec/processor/session_overview_spec.rb
-- spec/processor/ticket_validator_spec.rb
-- spec/processor/two_factor_authenticator_activator_spec.rb
-- spec/processor/two_factor_authenticator_destroyer_spec.rb
-- spec/processor/two_factor_authenticator_overview_spec.rb
-- spec/processor/two_factor_authenticator_registrator_spec.rb
+- spec/services/auth_token_validation_service_spec.rb
 - spec/spec_helper.rb
 - spec/support/.gitkeep
 - spec/support/casino.rb
@@ -660,4 +588,5 @@ test_files:
 - spec/support/factories/user_factory.rb
 - spec/support/features_helper.rb
 - spec/support/rspec.rb
+- spec/support/sign_in.rb
 - spec/support/sqlite3.rb