casino 4.0.2 → 4.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 71ae1bec7a01169cd48d92273eeb55768520520d
-  data.tar.gz: ef47204b0f85ebb44aa7c5414aaa4795f60e0e64
+  metadata.gz: ae3e798e52bff45a98cc97f8c3ff311eedd8dd49
+  data.tar.gz: 1c4c65c4f35d51b3a39834ef57c3a73098e02c04
 SHA512:
-  metadata.gz: 85a8433da5b57b226a73e64a4da02fe3a2e709b7320c6f760c26c112f57b11938317754a872661d71fb455c6d46124ec1b8542de4543f601cf36b6cb1e51f231
-  data.tar.gz: 7d02c691330c9ebfd92cdd3fcc4daa22af1b199d52c7609decc7c396a23a2d1fcfc8cf0a20dc580d80bbdccac63fc89c5ac8f1a0c3be493fd6eba183f8946afc
+  metadata.gz: 1c9d475a473c98034e9e1855811816678a9675b0ea289f5e63dc8a3fb080719cacdd351e179e143e2726a4e7ca0d8562c0ff3402c3015be57bb86d608cdc1cea
+  data.tar.gz: 7201dfd17c106e0cd256ff043335885f5a6e3e4905a098ddba85fd1502c40e421b50953f54d56713093cbbc730d723a9ce0c3c05ffc7e4c226552086b5d62d43

data/.travis.yml

@@ -1,6 +1,5 @@
 language: ruby
 rvm:
-- 1.9.3
 - 2.0.0
 - 2.1.0
 - 2.2.2

data/README.md

@@ -2,7 +2,7 @@
 
 CASino Rails Engine (used in CASinoApp).
 
-It currently supports [CAS 1.0 and CAS 2.0](http://www.jasig.org/cas/protocol) as well as [CAS 3.1 Single Sign Out](https://wiki.jasig.org/display/CASUM/Single+Sign+Out).
+It currently supports [CAS 1.0 and CAS 2.0](http://jasig.github.io/cas) as well as [CAS 3.1 Single Sign Out](https://wiki.jasig.org/display/CASUM/Single+Sign+Out).
 
 ## Setup
 

data/app/controllers/casino/sessions_controller.rb

@@ -15,7 +15,7 @@ class CASino::SessionsController < CASino::ApplicationController
 
   def new
     tgt = current_ticket_granting_ticket
-    handle_signed_in(tgt) unless params[:renew] || tgt.nil?
+    return handle_signed_in(tgt) unless params[:renew] || tgt.nil?
     redirect_to(params[:service]) if params[:gateway] && params[:service].present?
   end
 

data/app/helpers/casino/sessions_helper.rb

@@ -32,7 +32,7 @@ module CASino::SessionsHelper
   end
 
   def sign_in(authentication_result, options = {})
-    tgt = acquire_ticket_granting_ticket(authentication_result, request.user_agent, options)
+    tgt = acquire_ticket_granting_ticket(authentication_result, request.user_agent, request.remote_ip, options)
     set_tgt_cookie(tgt)
     handle_signed_in(tgt, options)
   end

data/app/models/casino/service_rule.rb

@@ -5,7 +5,7 @@ class CASino::ServiceRule < ActiveRecord::Base
 
   def self.allowed?(service_url)
     rules = self.where(enabled: true)
-    if rules.empty?
+    if rules.empty? && !CASino.config.require_service_rules
       true
     else
       rules.any? { |rule| rule.allows?(service_url) }

data/app/processors/casino/service_ticket_processor.rb

@@ -1,3 +1,5 @@
+require 'addressable/uri'
+
 module CASino::ServiceTicketProcessor
   extend ActiveSupport::Concern
 

data/app/processors/casino/ticket_granting_ticket_processor.rb

@@ -25,13 +25,14 @@ module CASino::TicketGrantingTicketProcessor
     end
   end
 
-  def acquire_ticket_granting_ticket(authentication_result, user_agent, options = {})
+  def acquire_ticket_granting_ticket(authentication_result, user_agent, user_ip, options = {})
     user_data = authentication_result[:user_data]
     user = load_or_initialize_user(authentication_result[:authenticator], user_data[:username], user_data[:extra_attributes])
     cleanup_expired_ticket_granting_tickets(user)
     user.ticket_granting_tickets.create!({
       awaiting_two_factor_authentication: !user.active_two_factor_authenticator.nil?,
       user_agent: user_agent,
+      user_ip: user_ip,
       long_term: !!options[:long_term]
     })
   end

data/config/locales/ar.yml

@@ -0,0 +1,88 @@
+ar:
+  login_credential_acceptor:
+    invalid_login_ticket: "لم يتضمّن طلب تسجيل دخولك شهادة تسجيل صالحة."
+    invalid_login_credentials: "اسم المستخدم أو كلمة المرور غير صحيحة."
+  login:
+    label_username: "اسم المستخدم"
+    label_password: "كلمة المرور"
+    label_button: "تسجيل الدخول"
+    label_remember_me: "البقاء مُسجّلًا الدخول"
+    notice:
+  service_not_allowed:
+    title: "الخدمة غير متوفّرة"
+    message: "هذا الخادم SSO غير مُعدّ للسماح بالدخول إلى \"%{service}\". إن كنت تَشك بوجود مشكلة ما يُرجى مراجعة مُدير النظام."
+  validate_otp:
+    title: "التصديق الثنائي"
+    description: "يُرجى إدخال كلمة مرور صالحة لمرّة واحدة."
+    code: "الكود"
+    submit: "متابعة"
+    invalid_otp: "كلمة المرور المُدخلة لمرّة واحدة غير صحيحة."
+  logout:
+    title: "رافقتك السلامة."
+    logged_out_without_url: "سُجّل الخروج بنجاح."
+    logged_out_with_url: "زوّد التطبيق الذي قمت بتسجيل الخروج منه برابط من المستحسن متابعته:"
+  sessions:
+    title: "مرحبًا"
+    currently_logged_in_as: "أنت مُسجّل الدخول حاليًا كـ <strong>%{username}</strong>."
+    label_logout_button: "تسجيل الخروج"
+    your_active_sessions: "الجلسات النشطة"
+    table:
+      column_browser: "المتصفح"
+      column_services: "الخدمات"
+      column_activity: "آخر النشاطات الأخيرة"
+    current_session: "الجلسة الحالية"
+    end_session: "إنهاء الجلسة"
+  two_factor_authenticators:
+    title: "التصديق الثنائي"
+    setup: "إعداد التصديق الثنائي"
+    description: "يتطلّب التصديق الثنائي منك إدخال كلمة مرور لمرّة واحدة إضافيّة في كل مرّة تحاول فيها الدخول على حسابك. وتُنشئ كلمة المرور هذه عبر تطبيق مثل <a href='http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447'>تصديق Google</a> with your mobile phone مع هاتفك الجوّال."
+    instructions: "إن كنت تستخدم موثّق Google، امسح كود QR في الأسفل مع التطبيق. أدخل كود التحقق في الحقل النصي في الأسفل."
+    disabled: "معطل حاليًا"
+    enable: "مفعل"
+    enabled: "مفعل حاليًا"
+    disable: "معطل"
+    cancel: "إلغاء"
+    secret: "سري"
+    code: "كود التأكيد"
+    submit: "تأكيد وتفعيل"
+    invalid_one_time_password: "لم تكن كلمة مرور المرّة الواحدة صحيحة."
+    invalid_two_factor_authenticator: "انتهت صلاحية المُوثّق الثنائي. فضلًا اتبع التعليمات التالية."
+    successfully_activated: "أصبح المُوثّق الثنائي مرتبطًا مع هذا الحساب."
+    successfully_deleted: "حُذف المُوثّق الثنائي بنجاح."
+  datetime:
+    ago: "منذ %{datetime}"
+    distance_in_words:
+      about_x_hours:
+        one: "حوالي ساعة"
+        other: "حوالي %{count} ساعات"
+      about_x_months:
+        one: "حوالي شهر"
+        other: "حوالي %{count} أشهر"
+      about_x_years:
+        one: "حوالي سنة"
+        other: "حوالي %{count} أعوام"
+      almost_x_years:
+        one: "تقريبًا سنة واحدة"
+        other: "تقريبًا %{count} أعوام"
+      half_a_minute: "نصف دقيقة"
+      less_than_x_minutes:
+        one: "أقل من دقيقة واحدة"
+        other: "أقل من %{count} دقائق"
+      less_than_x_seconds:
+        one: "أقل من ثانية واحدة"
+        other: "أقل من %{count} ثانية"
+      over_x_years:
+        one: "أكثر من سنة"
+        other: "أكثر من %{count} أعوام"
+      x_days:
+        one: "يوم واحد"
+        other: ! "%{count} أيام"
+      x_minutes:
+        one: "دقيقة واحدة"
+        other: ! "%{count} دقائق"
+      x_months:
+        one: "شهر واحد"
+        other: ! "%{count} أشهر"
+      x_seconds:
+        one: "ثانية واحدة"
+        other: ! "%{count} ثواني"

data/config/locales/en.yml

@@ -53,11 +53,11 @@ en:
     ago: "%{datetime} ago"
     distance_in_words:
       about_x_hours:
-        one: about oue hour
+        one: about one hour
         other: about %{count} hours
       about_x_months:
-        one: about one monate
-        other: about %{count} monates
+        one: about one month
+        other: about %{count} months
       about_x_years:
         one: about one year
         other: about %{count} years

data/config/locales/pt-BR.yml

@@ -0,0 +1,88 @@
+pt-BR:
+  login_credential_acceptor:
+    invalid_login_ticket: "Por favor, insira seus dados de acesso."
+    invalid_login_credentials: "Usuário ou senha incorretos."
+  login:
+    label_username: "Usuário"
+    label_password: "Senha"
+    label_button: "Acessar"
+    label_remember_me: "Lembre-se de mim"
+    notice: ""
+  service_not_allowed:
+    title: "Serviço não permitido"
+    message: "Este servidor SSO não está configurado para aceitar acessos para \"%{service}\". Se isso for um erro, por favor contacte o administrador."
+  validate_otp:
+    title: "Autenticação dupla"
+    description: "Por favor, insira a senha única corretamente"
+    code: "Código"
+    submit: "Continuar"
+    invalid_otp: "A senha única informada está incorreta"
+  logout:
+    title: "Até logo."
+    logged_out_without_url: "Saiu com sucesso"
+    logged_out_with_url: "A aplicação que você acabou de sair retornou um link para você:"
+  sessions:
+    title: "Olá!"
+    currently_logged_in_as: "Você está logado como <strong>%{username}</strong>."
+    label_logout_button: "Sair"
+    your_active_sessions: "Suas sessões ativas"
+    table:
+      column_browser: "Navegador"
+      column_services: "Serviços"
+      column_activity: "Atividade mais recente"
+    current_session: "Sessão atual"
+    end_session: "Finalizar sessão"
+  two_factor_authenticators:
+    title: "Autenticação dupla"
+    setup: "Configure a autenticação dupla"
+    description: "A autenticação única requer que você insira uma senha única adicional (OTP) cada vez que você tentar acessar sua conta. Uma senha única (OTP) pode ser criada com uma aplicação como o <a href='http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447'>Google Authenticator</a> em seu telefone celular."
+    instructions: "Se você está utilizando o Google Authenticator, escaneie o QR code abaixo com a aplicação. Insira o código de verificação no campo abaixo."
+    disabled: "Desabilitado"
+    enable: "Habilitar"
+    enabled: "Habilitado"
+    disable: "Desabilitar"
+    cancel: "Cancelar"
+    secret: "Secreto"
+    code: "Código de confirmação"
+    submit: "Verificar e ativar"
+    invalid_one_time_password: "A senha única está incorreta."
+    invalid_two_factor_authenticator: "A autenticação dupla expirou. Por favor, siga as instruções baixo."
+    successfully_activated: "A autenticação dupla está habilitada para essa conta."
+    successfully_deleted: "A autenticação dupla foi excluída com sucesso."
+  datetime:
+    ago: "%{datetime} atrás"
+    distance_in_words:
+      about_x_hours:
+        one: cerca de uma hora
+        other: cerca de %{count} horas
+      about_x_months:
+        one: cerca de um mês
+        other: cerca de %{count} meses
+      about_x_years:
+        one: cerca de um ano
+        other: cerca de %{count} anos
+      almost_x_years:
+        one: quase um ano
+        other: quase %{count} anos
+      half_a_minute: meio minuto
+      less_than_x_minutes:
+        one: menos de um minuto
+        other: menos de %{count} minutos
+      less_than_x_seconds:
+        one: menos de um segundo
+        other: menos de %{count} segundos
+      over_x_years:
+        one: mais de um ano
+        other: mais de %{count} anos
+      x_days:
+        one: um dia
+        other: ! '%{count} dias'
+      x_minutes:
+        one: um minuto
+        other: ! '%{count} minutos'
+      x_months:
+        one: um mês
+        other: ! '%{count} meses'
+      x_seconds:
+        one: um segundo
+        other: ! '%{count} segundos'

data/db/migrate/20151022192752_add_user_ip_to_ticket_granting_ticket.rb

@@ -0,0 +1,9 @@
+class AddUserIpToTicketGrantingTicket < ActiveRecord::Migration
+  def up
+    add_column :casino_ticket_granting_tickets, :user_ip, :string
+  end
+
+  def down
+    remove_column :casino_ticket_granting_tickets, :user_ip
+  end
+end

data/lib/casino.rb

@@ -6,6 +6,7 @@ module CASino
 
   defaults = {
     authenticators: HashWithIndifferentAccess.new,
+    require_service_rules: false,
     logger: Rails.logger,
     frontend: HashWithIndifferentAccess.new(
       sso_name: 'CASino',

data/lib/casino/inflections.rb

@@ -2,6 +2,5 @@
 # the Railtie is going to declare a table_name_suffix based upon the name of the
 # Railtie. Without this definition, the Railtie would use 'ca_s_ino'
 ActiveSupport::Inflector.inflections do |inflect|
-  inflect.acronym 'CAS'
   inflect.acronym 'CASino'
 end

data/lib/casino/version.rb

@@ -1,3 +1,3 @@
 module CASino
-  VERSION = '4.0.2'
+  VERSION = '4.0.3'
 end

data/spec/controllers/sessions_controller_spec.rb

@@ -204,6 +204,12 @@ describe CASino::SessionsController do
           response.cookies['tgt'].should_not be_nil
         end
 
+        it 'saves user_ip' do
+          post :create, request_options
+          tgt = CASino::TicketGrantingTicket.last
+          tgt.user_ip.should == '0.0.0.0'
+        end
+
         context 'with rememberMe set' do
           let(:cookie_jar) { HashWithIndifferentAccess.new }
 

data/spec/dummy/db/migrate/20151026130743_add_user_ip_to_ticket_granting_ticket.casino.rb

@@ -0,0 +1,10 @@
+# This migration comes from casino (originally 20151022192752)
+class AddUserIpToTicketGrantingTicket < ActiveRecord::Migration
+  def up
+    add_column :casino_ticket_granting_tickets, :user_ip, :string
+  end
+
+  def down
+    remove_column :casino_ticket_granting_tickets, :user_ip
+  end
+end

data/spec/dummy/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140831214852) do
+ActiveRecord::Schema.define(version: 20151026130743) do
 
   create_table "casino_auth_token_tickets", force: true do |t|
     t.string   "ticket",     null: false
@@ -89,6 +89,7 @@ ActiveRecord::Schema.define(version: 20140831214852) do
     t.boolean  "long_term",                          default: false, null: false
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "user_ip"
   end
 
   add_index "casino_ticket_granting_tickets", ["ticket"], name: "index_casino_ticket_granting_tickets_on_ticket", unique: true

data/spec/model/service_rule_spec.rb

@@ -3,9 +3,23 @@ require 'spec_helper'
 describe CASino::ServiceRule do
   describe '.allowed?' do
     context 'with an empty table' do
-      ['https://www.example.org/', 'http://www.google.com/'].each do |service_url|
-        it "allows access to #{service_url}" do
-          described_class.allowed?(service_url).should == true
+      context 'with default settings' do
+        ['https://www.example.org/', 'http://www.google.com/'].each do |service_url|
+          it "allows access to #{service_url}" do
+            described_class.allowed?(service_url).should == true
+          end
+        end
+      end
+
+      context 'with require_service_rules option' do
+        before(:each) do
+          CASino.config.require_service_rules = true
+        end
+
+        ['https://www.example.org/', 'http://www.google.com/'].each do |service_url|
+          it "does not allow access to #{service_url}" do
+            described_class.allowed?(service_url).should == false
+          end
         end
       end
     end

data/spec/model/ticket_granting_ticket_spec.rb

@@ -28,6 +28,14 @@ describe CASino::TicketGrantingTicket do
     end
   end
 
+  describe "user_ip" do
+
+    it 'returns request remote_ip' do
+      ticket_granting_ticket.user_ip.should == '127.0.0.1'
+    end
+    
+  end
+
   describe '#browser_info' do
     let(:user_agent) { Object.new }
     before(:each) do

data/spec/support/factories/ticket_granting_ticket_factory.rb

@@ -7,6 +7,7 @@ FactoryGirl.define do
       "TGC-ticket#{n}"
     end
     user_agent 'TestBrowser 1.0'
+    user_ip '127.0.0.1'
 
     trait :awaiting_two_factor_authentication do
       awaiting_two_factor_authentication true

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 4.0.3
 platform: ruby
 authors:
 - Nils Caspar
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-30 00:00:00.000000000 Z
+date: 2015-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capybara
@@ -374,9 +374,11 @@ files:
 - config/database.yml
 - config/initializers/mime_types.rb
 - config/initializers/wrap_parameters.rb
+- config/locales/ar.yml
 - config/locales/de.yml
 - config/locales/en.yml
 - config/locales/fr.yml
+- config/locales/pt-BR.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-TW.yml
 - config/routes.rb
@@ -388,6 +390,7 @@ files:
 - db/migrate/20140821142611_change_user_agent_to_text.rb
 - db/migrate/20140827183611_fix_length_of_text_fields.rb
 - db/migrate/20140831205255_create_auth_token_tickets.rb
+- db/migrate/20151022192752_add_user_ip_to_ticket_granting_ticket.rb
 - lib/assets/.gitkeep
 - lib/casino.rb
 - lib/casino/authenticator.rb
@@ -455,6 +458,7 @@ files:
 - spec/dummy/db/migrate/20140831214850_change_user_agent_to_text.casino.rb
 - spec/dummy/db/migrate/20140831214851_fix_length_of_text_fields.casino.rb
 - spec/dummy/db/migrate/20140831214852_create_auth_token_tickets.casino.rb
+- spec/dummy/db/migrate/20151026130743_add_user_ip_to_ticket_granting_ticket.casino.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
@@ -513,7 +517,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: A simple CAS server written in Ruby using the Rails framework.
@@ -561,6 +565,7 @@ test_files:
 - spec/dummy/db/migrate/20140831214850_change_user_agent_to_text.casino.rb
 - spec/dummy/db/migrate/20140831214851_fix_length_of_text_fields.casino.rb
 - spec/dummy/db/migrate/20140831214852_create_auth_token_tickets.casino.rb
+- spec/dummy/db/migrate/20151026130743_add_user_ip_to_ticket_granting_ticket.casino.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep