casino_core 0.0.1

data/lib/casino_core/processor/login_credential_acceptor.rb

@@ -0,0 +1,67 @@
+require 'casino_core/processor'
+require 'casino_core/helper'
+
+class CASinoCore::Processor::LoginCredentialAcceptor < CASinoCore::Processor
+  include CASinoCore::Helper
+  include CASinoCore::Helper::ServiceTickets
+
+  def process(params = nil, cookies = nil, user_agent = nil)
+    params ||= {}
+    cookies ||= {}
+    if login_ticket_valid?(params[:lt])
+      user_data = validate_login_credentials(params[:username], params[:password])
+      if !user_data.nil?
+        ticket_granting_ticket = acquire_ticket_granting_ticket(user_data, user_agent)
+        url = unless params[:service].nil?
+          acquire_service_ticket(ticket_granting_ticket, params[:service], true).service_with_ticket_url
+        end
+        @listener.user_logged_in(url, ticket_granting_ticket.ticket)
+      else
+        @listener.invalid_login_credentials
+      end
+    else
+      @listener.invalid_login_ticket
+    end
+  end
+
+  private
+  def login_ticket_valid?(lt)
+    ticket = CASinoCore::Model::LoginTicket.find_by_ticket lt
+    if ticket.nil?
+      logger.info "Login ticket '#{lt}' not found"
+      false
+    elsif ticket.created_at < CASinoCore::Settings.login_ticket[:lifetime].seconds.ago
+      logger.info "Login ticket '#{ticket.ticket}' expired"
+      false
+    else
+      logger.debug "Login ticket '#{ticket.ticket}' successfully validated"
+      ticket.delete
+      true
+    end
+  end
+
+  def validate_login_credentials(username, password)
+    user_data = nil
+    CASinoCore::Settings.authenticators.each do |authenticator|
+      data = authenticator.validate(username, password)
+      if data
+        if data[:username].nil?
+          data[:username] = username
+        end
+        user_data = data
+        logger.info("Credentials for username '#{data[:username]}' successfully validated using #{authenticator.class}")
+        break
+      end
+    end
+    user_data
+  end
+
+  def acquire_ticket_granting_ticket(user_data, user_agent = nil)
+    CASinoCore::Model::TicketGrantingTicket.create!({
+      ticket: random_ticket_string('TGC'),
+      username: user_data[:username],
+      extra_attributes: user_data[:extra_attributes],
+      user_agent: user_agent
+    })
+  end
+end

data/lib/casino_core/processor/login_credential_requestor.rb

@@ -0,0 +1,45 @@
+require 'casino_core/processor'
+require 'casino_core/helper'
+
+class CASinoCore::Processor::LoginCredentialRequestor < CASinoCore::Processor
+  include CASinoCore::Helper
+  include CASinoCore::Helper::ServiceTickets
+  include CASinoCore::Helper::Browser
+
+  def process(params = nil, cookies = nil, user_agent = nil)
+    params ||= {}
+    cookies ||= {}
+    request_env ||= {}
+    if !params[:renew] && (ticket_granting_ticket = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent))
+      # TODO create new service ticket and url
+      service_url_with_ticket = unless params[:service].nil?
+        acquire_service_ticket(ticket_granting_ticket, params[:service], true).service_with_ticket_url
+      end
+      @listener.user_logged_in(service_url_with_ticket)
+    else
+      login_ticket = acquire_login_ticket
+      @listener.user_not_logged_in(login_ticket)
+    end
+  end
+
+  private
+  def acquire_login_ticket
+    ticket = CASinoCore::Model::LoginTicket.create ticket: random_ticket_string('LT')
+    logger.debug "Created login ticket '#{ticket.ticket}'"
+    ticket
+  end
+
+  def find_valid_ticket_granting_ticket(tgt, user_agent)
+    ticket_granting_ticket = CASinoCore::Model::TicketGrantingTicket.where(ticket: tgt).first
+    unless ticket_granting_ticket.nil?
+      if same_browser?(ticket_granting_ticket.user_agent, user_agent)
+        ticket_granting_ticket.user_agent = user_agent
+        ticket_granting_ticket.save!
+        ticket_granting_ticket
+      else
+        logger.info 'User-Agent changed: ticket-granting ticket not valid for this browser'
+        nil
+      end
+    end
+  end
+end

data/lib/casino_core/processor/logout.rb

@@ -0,0 +1,23 @@
+require 'casino_core/processor'
+require 'casino_core/helper'
+require 'casino_core/model'
+
+class CASinoCore::Processor::Logout < CASinoCore::Processor
+  include CASinoCore::Helper
+
+  def process(params = nil, cookies = nil)
+    params = params || {}
+    cookies ||= {}
+    session_destroyer = CASinoCore::Processor::SessionDestroyer.new(DummyListener.new)
+    session_destroyer.process(cookies[:tgt])
+    @listener.user_logged_out(params[:url])
+  end
+
+  class DummyListener
+    def ticket_deleted(*args)
+    end
+
+    def ticket_not_found(*args)
+    end
+  end
+end

data/lib/casino_core/processor/session_destroyer.rb

@@ -0,0 +1,17 @@
+require 'casino_core/processor'
+require 'casino_core/helper'
+require 'casino_core/model'
+
+class CASinoCore::Processor::SessionDestroyer < CASinoCore::Processor
+  include CASinoCore::Helper
+
+  def process(tgt)
+    ticket = CASinoCore::Model::TicketGrantingTicket.where(ticket: tgt).first
+    if ticket.nil?
+      @listener.ticket_not_found
+    else
+      ticket.destroy
+      @listener.ticket_deleted
+    end
+  end
+end

data/lib/casino_core/railtie.rb

@@ -0,0 +1,10 @@
+require 'casino_core'
+require 'rails'
+
+module CASinoCore
+  class Railtie < Rails::Railtie
+    rake_tasks do
+      CASinoCore::RakeTasks.load_tasks
+    end
+  end
+end

data/lib/casino_core/rake_tasks.rb

@@ -0,0 +1,14 @@
+module CASinoCore
+  class RakeTasks
+    class << self
+      def load_tasks
+        %w(
+          database
+          cleanup
+        ).each do |task|
+          load "casino_core/tasks/#{task}.rake"
+        end
+      end
+    end
+  end
+end

data/lib/casino_core/settings.rb

@@ -0,0 +1,26 @@
+require 'casino_core/authenticator'
+
+module CASinoCore
+  class Settings
+    class << self
+      attr_accessor :login_ticket, :service_ticket, :authenticators
+      def init(config = {})
+        config.each do |key,value|
+          if respond_to?("#{key}=")
+            send("#{key}=", value)
+          end
+        end
+      end
+
+      def authenticators=(authenticators)
+        @authenticators = []
+        authenticators.each do |authenticator|
+          unless authenticator.is_a?(CASinoCore::Authenticator)
+            authenticator = authenticator[:class].constantize.new(authenticator[:options])
+          end
+          @authenticators << authenticator
+        end
+      end
+    end
+  end
+end

data/lib/casino_core/tasks/cleanup.rake

@@ -0,0 +1,26 @@
+require 'yaml'
+require 'logger'
+require 'active_record'
+require 'casino_core/model'
+
+namespace :casino_core do
+  namespace :cleanup do
+    desc 'Remove expired service tickets.'
+    task service_tickets: 'casino_core:db:configure_connection' do
+      [:consumed, :unconsumed].each do |type|
+        rows_affected = CASinoCore::Model::ServiceTicket.send("cleanup_#{type}")
+        puts "Deleted #{rows_affected} #{type} service tickets."
+      end
+    end
+
+    desc 'Remove expired login tickets.'
+    task login_tickets: 'casino_core:db:configure_connection' do
+      rows_affected = CASinoCore::Model::LoginTicket.cleanup
+      puts "Deleted #{rows_affected} login tickets."
+    end
+
+    desc 'Perform all cleanup tasks.'
+    task all: [:service_tickets, :login_tickets] do
+    end
+  end
+end

data/lib/casino_core/tasks/database.rake

@@ -0,0 +1,60 @@
+require 'yaml'
+require 'logger'
+require 'active_record'
+
+namespace :casino_core do
+  namespace :db do 
+    task :environment do
+      BASE_DIR = if Gem.loaded_specs['casino_core'].nil?
+          Dir.pwd
+        else
+          Gem.loaded_specs['casino_core'].full_gem_path
+        end
+      DATABASE_ENV = ENV['DATABASE_ENV'] || ENV['RAILS_ENV'] || 'development'
+      MIGRATIONS_DIR = File.join(BASE_DIR, 'db', 'migrate')
+      SCHEMA_PATH = ENV['SCHEMA'] || File.join(BASE_DIR, 'db', 'schema.rb')
+    end
+
+    task :configuration => :environment do
+      @config = YAML.load_file('config/database.yml')[DATABASE_ENV]
+    end
+
+    task :configure_connection => :configuration do
+      ActiveRecord::Base.establish_connection @config
+      ActiveRecord::Base.logger = Logger.new STDOUT if @config['logger']
+    end
+
+    desc 'Migrate the database (options: VERSION=x, VERBOSE=false)'
+    task :migrate => :configure_connection do
+      ActiveRecord::Migration.verbose = ENV["VERBOSE"] ? ENV["VERBOSE"] == "true" : true
+      ActiveRecord::Migrator.migrate(ActiveRecord::Migrator.migrations_paths, ENV["VERSION"] ? ENV["VERSION"].to_i : nil) do |migration|
+        ENV["SCOPE"].blank? || (ENV["SCOPE"] == migration.scope)
+      end
+    end
+
+    desc 'Rolls the schema back to the previous version (specify steps w/ STEP=n).'
+    task :rollback => [:environment, :load_config] do
+      step = ENV['STEP'] ? ENV['STEP'].to_i : 1
+      ActiveRecord::Migrator.rollback(ActiveRecord::Migrator.migrations_paths, step)
+    end
+
+    namespace :schema do
+      desc 'Create a db/schema.rb file that can be portably used against any DB supported by AR'
+      task :dump => :configure_connection do
+        require 'active_record/schema_dumper'
+        File.open(SCHEMA_PATH, "w:utf-8") do |file|
+          ActiveRecord::SchemaDumper.dump(ActiveRecord::Base.connection, file)
+        end
+      end
+
+      desc 'Load a schema.rb file into the database'
+      task :load => :configure_connection do
+        if File.exists?(SCHEMA_PATH)
+          load(SCHEMA_PATH)
+        else
+          abort %{#{SCHEMA_PATH} doesn't exist yet.}
+        end
+      end
+    end
+  end
+end

data/spec/authenticator/static_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe CASinoCore::Authenticator::Static do
+  subject {
+    CASinoCore::Authenticator::Static.new({
+      users: {
+        user: {
+          password: 'testing123',
+          fullname: 'Example User'
+        }
+      }
+    })
+  }
+
+  context '#validate' do
+    context 'with invalid credentials' do
+      it 'returns false for an unknown username' do
+        subject.validate('foobar', 'test').should == false
+      end
+
+      it 'returns false for a known username with wrong password' do
+        subject.validate('user', 'test').should == false
+      end
+    end
+
+    context 'with valid credentials' do
+      let(:result) { subject.validate('user', 'testing123') }
+
+      it 'does not return false' do
+        result.should_not == false
+      end
+
+      it 'returns the username' do
+        result[:username].should == 'user'
+      end
+
+      it 'returns extra attributes' do
+        result[:extra_attributes][:fullname].should == 'Example User'
+      end
+    end
+  end
+end

data/spec/model/login_ticket_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe CASinoCore::Model::LoginTicket do
+  describe '.cleanup' do
+    it 'deletes expired login tickets' do
+      ticket = described_class.new ticket: 'LT-12345'
+      ticket.save!
+      ticket.created_at = 10.hours.ago
+      ticket.save!
+      lambda do
+        described_class.cleanup
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('LT-12345').should be_false
+    end
+  end
+end

data/spec/model/service_ticket_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe CASinoCore::Model::ServiceTicket do
+  let(:ticket) {
+    ticket = described_class.new ticket: 'ST-12345', service: 'https://example.com/cas-service'
+    ticket.ticket_granting_ticket_id = 1
+    ticket
+  }
+
+  describe '.cleanup_unconsumed' do
+    it 'deletes expired unconsumed service tickets' do
+      ticket.created_at = 10.hours.ago
+      ticket.save!
+      lambda do
+        described_class.cleanup_unconsumed
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('ST-12345').should be_false
+    end
+  end
+
+  describe '.cleanup_consumed' do
+    before(:each) do
+      described_class::SingleSignOutNotifier.any_instance.stub(:notify).and_return(true)
+    end
+
+    it 'deletes expired consumed service tickets' do
+      ticket.consumed = true
+      ticket.created_at = 10.days.ago
+      ticket.save!
+      lambda do
+        described_class.cleanup_consumed
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('ST-12345').should be_false
+    end
+  end
+
+  describe '.destroy' do
+    it 'sends out a single sign out notification' do
+      described_class::SingleSignOutNotifier.any_instance.should_receive(:notify).and_return(true)
+      ticket.consumed = true
+      ticket.save!
+      ticket.destroy
+    end
+  end
+end

data/spec/processor/legacy_validator_spec.rb

@@ -0,0 +1,87 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::LegacyValidator do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:user_agent) { 'TestBrowser 1.0' }
+    let(:ticket_granting_ticket) {
+      CASinoCore::Model::TicketGrantingTicket.create!({
+        ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
+        username: 'test',
+        extra_attributes: nil,
+        user_agent: user_agent
+      })
+    }
+    let(:service) { 'https://example.com/cas-service' }
+    let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: service }
+    let(:parameters) { { service: service, ticket: service_ticket.ticket }}
+
+    before(:each) do
+      listener.stub(:validation_failed)
+      listener.stub(:validation_succeeded)
+    end
+
+    context 'with an unconsumed service ticket' do
+      context 'without renew flag' do
+        it 'consumes the service ticket' do
+          processor.process(parameters)
+          service_ticket.reload
+          service_ticket.consumed.should == true
+        end
+
+        it 'calls the #validation_succeeded method on the listener' do
+          listener.should_receive(:validation_succeeded).with("yes\ntest\n")
+          processor.process(parameters)
+        end
+      end
+
+      context 'with renew flag' do
+        let(:parameters) { { service: service, ticket: service_ticket.ticket, renew: 'true' }}
+
+        context 'with a service ticket without issued_from_credentials flag' do
+          it 'consumes the service ticket' do
+            processor.process(parameters)
+            service_ticket.reload
+            service_ticket.consumed.should == true
+          end
+
+          it 'calls the #validation_failed method on the listener' do
+            listener.should_receive(:validation_failed).with("no\n\n")
+            processor.process(parameters)
+          end
+        end
+
+        context 'with a service ticket with issued_from_credentials flag' do
+          before(:each) do
+            service_ticket.issued_from_credentials = true
+            service_ticket.save!
+          end
+
+          it 'consumes the service ticket' do
+            processor.process(parameters)
+            service_ticket.reload
+            service_ticket.consumed.should == true
+          end
+
+          it 'calls the #validation_succeeded method on the listener' do
+            listener.should_receive(:validation_succeeded).with("yes\ntest\n")
+            processor.process(parameters)
+          end
+        end
+      end
+    end
+
+    context 'with a consumed service ticket' do
+      before(:each) do
+        service_ticket.consumed = true
+        service_ticket.save!
+      end
+
+      it 'calls the #validation_failed method on the listener' do
+        listener.should_receive(:validation_failed).with("no\n\n")
+        processor.process(parameters)
+      end
+    end
+  end
+end