casino_core 0.0.6 → 1.0.0

data/spec/model/service_ticket_spec.rb

@@ -6,6 +6,13 @@ describe CASinoCore::Model::ServiceTicket do
     ticket.ticket_granting_ticket_id = 1
     ticket
   }
+  let(:consumed_ticket) {
+    ticket = described_class.new ticket: 'ST-54321', service: 'https://example.com/cas-service'
+    ticket.ticket_granting_ticket_id = 1
+    ticket.consumed = true
+    ticket.save!
+    ticket
+  }
 
   describe '.cleanup_unconsumed' do
     it 'deletes expired unconsumed service tickets' do
@@ -24,9 +31,8 @@ describe CASinoCore::Model::ServiceTicket do
     end
 
     it 'deletes expired consumed service tickets' do
-      ticket.consumed = true
-      ticket.created_at = 10.days.ago
-      ticket.save!
+      consumed_ticket.created_at = 10.days.ago
+      consumed_ticket.save!
       lambda do
         described_class.cleanup_consumed
       end.should change(described_class, :count).by(-1)
@@ -34,12 +40,23 @@ describe CASinoCore::Model::ServiceTicket do
     end
   end
 
-  describe '.destroy' do
+  describe '#destroy' do
     it 'sends out a single sign out notification' do
       described_class::SingleSignOutNotifier.any_instance.should_receive(:notify).and_return(true)
-      ticket.consumed = true
-      ticket.save!
-      ticket.destroy
+      consumed_ticket.destroy
+    end
+
+    context 'when notification fails' do
+      before(:each) do
+        described_class::SingleSignOutNotifier.any_instance.stub(:notify).and_return(false)
+      end
+
+      it 'does not delete the service ticket' do
+        consumed_ticket
+        lambda {
+          consumed_ticket.destroy
+        }.should_not change(CASinoCore::Model::ServiceTicket, :count)
+      end
     end
   end
 end

data/spec/model/ticket_granting_ticket_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe CASinoCore::Model::TicketGrantingTicket do
+  let(:subject) { described_class.create! ticket: 'TGT-3ep9awhy2ty5UhL8wM1xAZ', username: 'example-user' }
+  let(:service_ticket) {
+    subject.service_tickets.create! ticket: 'ST-12345', service: 'https://example.com/cas-service'
+  }
+  let(:consumed_service_ticket) {
+    service_ticket = subject.service_tickets.create! ticket: 'ST-n9oZvDtYkVFHj5M3s59Ws5', service: 'https://example.com/cas-service'
+    service_ticket.consumed = true
+    service_ticket.save!
+    service_ticket
+  }
+
+  describe '#destroy' do
+    context 'when notification for a service ticket fails' do
+      before(:each) do
+        CASinoCore::Model::ServiceTicket::SingleSignOutNotifier.any_instance.stub(:notify).and_return(false)
+      end
+
+      it 'deletes depending proxy-granting tickets' do
+        consumed_service_ticket.proxy_granting_tickets.create! ticket: 'PGT-12345', iou: 'PGTIOU-12345', pgt_url: 'bla'
+        lambda {
+          subject.destroy
+        }.should change(CASinoCore::Model::ProxyGrantingTicket, :count).by(-1)
+      end
+
+      it 'nullifies depending service tickets' do
+        lambda {
+          subject.destroy
+        }.should change { consumed_service_ticket.reload.ticket_granting_ticket_id }.from(subject.id).to(nil)
+      end
+    end
+  end
+end

data/spec/processor/proxy_ticket_provider_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::ProxyTicketProvider do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:params) { { targetService: 'this_does_not_have_to_be_a_url' } }
+
+    before(:each) do
+      listener.stub(:request_failed)
+      listener.stub(:request_succeeded)
+    end
+
+    context 'without proxy-granting ticket' do
+      it 'calls the #request_failed method on the listener' do
+        listener.should_receive(:request_failed)
+        processor.process(params)
+      end
+
+      it 'does not create a proxy ticket' do
+        lambda do
+          processor.process(params)
+        end.should_not change(CASinoCore::Model::ProxyTicket, :count)
+      end
+    end
+
+    context 'with a not-existing proxy-granting ticket' do
+      let(:params_with_deleted_pgt) { params.merge(pgt: 'PGT-123453789') }
+
+      it 'calls the #request_failed method on the listener' do
+        listener.should_receive(:request_failed)
+        processor.process(params_with_deleted_pgt)
+      end
+
+      it 'does not create a proxy ticket' do
+        lambda do
+          processor.process(params_with_deleted_pgt)
+        end.should_not change(CASinoCore::Model::ProxyTicket, :count)
+      end
+    end
+
+    context 'with a proxy-granting ticket' do
+      let(:ticket_granting_ticket) {
+        CASinoCore::Model::TicketGrantingTicket.create!({
+          ticket: 'TGC-Qu6B5IVQ7RmLc972TruM9u',
+          username: 'test'
+        })
+      }
+      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: 'http://www.example.com/' }
+      let(:proxy_granting_ticket) {
+        service_ticket.proxy_granting_tickets.create! ticket: 'PGT-OIE42ZadV3B9VcaG2xMjAf', iou: 'PGTIOU-PYg4CCPQHNyyS9s6bJF6Rg', pgt_url: 'https://www.example.com/pgtUrl'
+      }
+      let(:params_with_valid_pgt) { params.merge(pgt: proxy_granting_ticket.ticket) }
+
+      it 'calls the #request_succeeded method on the listener' do
+        listener.should_receive(:request_succeeded)
+        processor.process(params_with_valid_pgt)
+      end
+
+      it 'does not create a proxy ticket' do
+        lambda do
+          processor.process(params_with_valid_pgt)
+        end.should change(proxy_granting_ticket.proxy_tickets, :count).by(1)
+      end
+
+      it 'includes the proxy ticket in the response' do
+        listener.should_receive(:request_succeeded) do |response|
+          proxy_ticket = CASinoCore::Model::ProxyTicket.last
+          response.should =~ /<cas:proxyTicket>#{proxy_ticket.ticket}<\/cas:proxyTicket>/
+        end
+        processor.process(params_with_valid_pgt)
+      end
+    end
+  end
+end

data/spec/processor/proxy_ticket_validator_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::ProxyTicketValidator do
+  let(:listener) { Object.new }
+  let(:processor) { described_class.new(listener) }
+
+  describe '#process' do
+    let(:regex_success) { /\A<cas:serviceResponse.*\n.*authenticationSuccess/ }
+
+    context 'with an unconsumed proxy ticket' do
+      let(:ticket_granting_ticket) {
+        CASinoCore::Model::TicketGrantingTicket.create!({
+          ticket: 'TGC-Qu6B5IVQ7RmLc972TruM9u',
+          username: 'test'
+        })
+      }
+      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: 'http://www.example.com/' }
+      let(:proxy_granting_ticket) {
+        service_ticket.proxy_granting_tickets.create! ticket: 'PGT-OIE42ZadV3B9VcaG2xMjAf', iou: 'PGTIOU-PYg4CCPQHNyyS9s6bJF6Rg', pgt_url: 'https://www.example.com/pgtUrl'
+      }
+      let(:proxy_service) { 'imaps://127.0.0.1:4578/' }
+      let(:proxy_ticket) { proxy_granting_ticket.proxy_tickets.create! ticket: 'PT-8nA7vuxuNY7RcpVoaDvuZi', service: proxy_service }
+      let(:parameters) { { ticket: proxy_ticket.ticket, service: proxy_service } }
+      let(:regex_proxy) { /<cas:proxies>\s*<cas:proxy>https:\/\/www.example.com\/pgtUrl<\/cas:proxy>\s*<\/cas:proxies[>]/ }
+
+      it 'calls the #validation_succeeded method on the listener' do
+        listener.should_receive(:validation_succeeded).with(regex_success)
+        processor.process(parameters)
+      end
+
+      it 'includes the proxy in the response' do
+        listener.should_receive(:validation_succeeded).with(regex_proxy)
+        processor.process(parameters)
+      end
+
+      context 'with an expired proxy ticket' do
+        before(:each) do
+          CASinoCore::Model::ProxyTicket.any_instance.stub(:expired?).and_return(true)
+        end
+
+        it 'calls the #validation_failed method on the listener' do
+          listener.should_receive(:validation_failed)
+          processor.process(parameters)
+        end
+      end
+
+      context 'with an other service' do
+        let(:parameters_with_other_service) { parameters.merge(service: 'this_is_another_service') }
+
+        it 'calls the #validation_failed method on the listener' do
+          listener.should_receive(:validation_failed)
+          processor.process(parameters_with_other_service)
+        end
+      end
+
+      context 'without an existing ticket' do
+        let(:parameters_without_existing_ticket) { { ticket: 'PT-1234', service: 'https://www.example.com/' } }
+
+        it 'calls the #validation_failed method on the listener' do
+          listener.should_receive(:validation_failed)
+          processor.process(parameters_without_existing_ticket)
+        end
+      end
+    end
+  end
+end

data/spec/processor/session_destroyer_spec.rb

@@ -29,6 +29,15 @@ describe CASinoCore::Processor::SessionDestroyer do
           user_agent: user_agent
         })
       }
+      let(:service_ticket) {
+        ticket_granting_ticket.service_tickets.create! ticket: 'ST-6NBRr5DAg2NW181H5chaHh', service: 'http://www.example.com'
+      }
+      let(:consumed_service_ticket) {
+        st = ticket_granting_ticket.service_tickets.create! ticket: 'ST-6NBRr5DAg2NW181H5chaHh', service: 'http://www.example.com'
+        st.consumed = true
+        st.save!
+        st
+      }
       let(:params) { { id: ticket_granting_ticket.id } }
 
       it 'deletes only one ticket-granting ticket' do
@@ -48,15 +57,28 @@ describe CASinoCore::Processor::SessionDestroyer do
         listener.should_receive(:ticket_deleted).with(no_args)
         processor.process(params, cookies, user_agent)
       end
+
+      it 'deletes the dependent service ticket' do
+        service_ticket.ticket # creates the service ticket
+        lambda {
+          processor.process(params, cookies, user_agent)
+        }.should change(CASinoCore::Model::ServiceTicket, :count).by(-1)
+      end
+
+      it 'nullifies the dependent service ticket if destroying fails' do
+        lambda {
+          processor.process(params, cookies, user_agent)
+        }.should change { consumed_service_ticket.reload.ticket_granting_ticket_id }.to(nil)
+      end
     end
 
-    context 'with an invlaid ticket-granting ticket' do
+    context 'with an invalid ticket-granting ticket' do
       let(:params) { { id: 99999 } }
       it 'does not delete a ticket-granting ticket' do
         owner_ticket_granting_ticket
         lambda do
           processor.process(params, cookies, user_agent)
-        end.should change(CASinoCore::Model::TicketGrantingTicket, :count).by(0)
+        end.should_not change(CASinoCore::Model::TicketGrantingTicket, :count)
       end
 
       it 'calls the #ticket_not_found method on the listener' do

data/spec/processor/ticket_validator_spec.rb

@@ -0,0 +1,125 @@
+require 'spec_helper'
+
+[CASinoCore::Processor::ServiceTicketValidator, CASinoCore::Processor::ProxyTicketValidator].each do |class_under_test|
+  describe class_under_test do
+    describe '#process' do
+      let(:listener) { Object.new }
+      let(:processor) { described_class.new(listener) }
+      let(:user_agent) { 'TestBrowser 1.0' }
+      let(:ticket_granting_ticket) {
+        CASinoCore::Model::TicketGrantingTicket.create!({
+          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
+          username: 'test',
+          extra_attributes: { name: "Example User", roles: ['User', 'Admin'] },
+          user_agent: user_agent
+        })
+      }
+      let(:service) { 'https://www.example.com/cas-service' }
+      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: service }
+      let(:parameters) { { service: service, ticket: service_ticket.ticket }}
+
+      let(:regex_failure) { /\A\<cas\:serviceResponse.*\n.*authenticationFailure/ }
+      let(:regex_success) { /\A\<cas\:serviceResponse.*\n.*authenticationSuccess/ }
+
+      before(:each) do
+        listener.stub(:validation_failed)
+        listener.stub(:validation_succeeded)
+      end
+
+      context 'with an unconsumed service ticket' do
+        context 'without renew flag' do
+          it 'consumes the service ticket' do
+            processor.process(parameters)
+            service_ticket.reload
+            service_ticket.consumed.should == true
+          end
+
+          it 'calls the #validation_succeeded method on the listener' do
+            listener.should_receive(:validation_succeeded).with(regex_success)
+            processor.process(parameters)
+          end
+        end
+
+        context 'with renew flag' do
+          let(:parameters_with_renew) { parameters.merge renew: 'true' }
+
+          context 'with a service ticket without issued_from_credentials flag' do
+            it 'consumes the service ticket' do
+              processor.process(parameters_with_renew)
+              service_ticket.reload
+              service_ticket.consumed.should == true
+            end
+
+            it 'calls the #validation_failed method on the listener' do
+              listener.should_receive(:validation_failed).with(regex_failure)
+              processor.process(parameters_with_renew)
+            end
+          end
+
+          context 'with a service ticket with issued_from_credentials flag' do
+            before(:each) do
+              service_ticket.issued_from_credentials = true
+              service_ticket.save!
+            end
+
+            it 'consumes the service ticket' do
+              processor.process(parameters_with_renew)
+              service_ticket.reload
+              service_ticket.consumed.should == true
+            end
+
+            it 'calls the #validation_succeeded method on the listener' do
+              listener.should_receive(:validation_succeeded).with(regex_success)
+              processor.process(parameters_with_renew)
+            end
+          end
+        end
+
+        context 'with proxy-granting ticket callback server' do
+          let(:parameters_with_pgt_url) { parameters.merge pgtUrl: "https://www.example.org" }
+
+          before(:each) do
+            stub_request(:get, /https:\/\/www\.example\.org\/\?pgtId=[^&]+&pgtIou=[^&]+/)
+          end
+
+          it 'calls the #validation_succeeded method on the listener' do
+            listener.should_receive(:validation_succeeded).with(regex_success)
+            processor.process(parameters_with_pgt_url)
+          end
+
+          it 'includes the PGTIOU in the response' do
+            listener.should_receive(:validation_succeeded).with(/\<cas\:proxyGrantingTicket\>\n?\s*PGTIOU-.+/)
+            processor.process(parameters_with_pgt_url)
+          end
+
+          it 'creates a proxy-granting ticket' do
+            lambda do
+              processor.process(parameters_with_pgt_url)
+            end.should change(service_ticket.proxy_granting_tickets, :count).by(1)
+          end
+
+          it 'contacts the callback server' do
+            processor.process(parameters_with_pgt_url)
+            proxy_granting_ticket = CASinoCore::Model::ProxyGrantingTicket.last
+            WebMock.should have_requested(:get, 'https://www.example.org').with(query: {
+              pgtId: proxy_granting_ticket.ticket,
+              pgtIou: proxy_granting_ticket.iou
+            })
+          end
+        end
+      end
+
+      context 'with a consumed service ticket' do
+        before(:each) do
+          service_ticket.consumed = true
+          service_ticket.save!
+        end
+
+        it 'calls the #validation_failed method on the listener' do
+          listener.should_receive(:validation_failed).with(regex_failure)
+          processor.process(parameters)
+        end
+      end
+    end
+  end
+end

metadata

@@ -2,7 +2,7 @@
 name: casino_core
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.6
+  version: 1.0.0
 platform: ruby
 authors: 
 - Nils Caspar
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-12-24 00:00:00 Z
+date: 2012-12-26 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: activerecord
@@ -179,21 +179,31 @@ files:
 - db/migrate/20121125185415_create_proxy_granting_tickets.rb
 - db/migrate/20121125190013_tickets_should_be_unique.rb
 - db/migrate/20121223135227_proxy_granting_tickets_belongs_to_service_ticket.rb
+- db/migrate/20121224113737_create_proxy_tickets.rb
+- db/migrate/20121225153637_add_pgt_url_to_proxy_granting_tickets.rb
+- db/migrate/20121225231301_proxy_granting_ticket_can_be_granted_by_proxy_ticket.rb
+- db/migrate/20121225231713_no_default_granter_type.rb
+- db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb
+- db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb
 - db/schema.rb
 - lib/casino_core.rb
 - lib/casino_core/authenticator.rb
 - lib/casino_core/authenticator/static.rb
+- lib/casino_core/builder.rb
+- lib/casino_core/builder/ticket_validation_response.rb
 - lib/casino_core/helper.rb
 - lib/casino_core/helper/browser.rb
 - lib/casino_core/helper/logger.rb
 - lib/casino_core/helper/login_tickets.rb
 - lib/casino_core/helper/proxy_granting_tickets.rb
+- lib/casino_core/helper/proxy_tickets.rb
 - lib/casino_core/helper/service_tickets.rb
 - lib/casino_core/helper/ticket_granting_tickets.rb
 - lib/casino_core/helper/tickets.rb
 - lib/casino_core/model.rb
 - lib/casino_core/model/login_ticket.rb
 - lib/casino_core/model/proxy_granting_ticket.rb
+- lib/casino_core/model/proxy_ticket.rb
 - lib/casino_core/model/service_ticket.rb
 - lib/casino_core/model/service_ticket/single_sign_out_notifier.rb
 - lib/casino_core/model/ticket_granting_ticket.rb
@@ -202,6 +212,8 @@ files:
 - lib/casino_core/processor/login_credential_acceptor.rb
 - lib/casino_core/processor/login_credential_requestor.rb
 - lib/casino_core/processor/logout.rb
+- lib/casino_core/processor/proxy_ticket_provider.rb
+- lib/casino_core/processor/proxy_ticket_validator.rb
 - lib/casino_core/processor/service_ticket_validator.rb
 - lib/casino_core/processor/session_destroyer.rb
 - lib/casino_core/processor/session_overview.rb
@@ -210,16 +222,21 @@ files:
 - lib/casino_core/settings.rb
 - lib/casino_core/tasks/cleanup.rake
 - lib/casino_core/tasks/database.rake
+- spec/authenticator/base_spec.rb
 - spec/authenticator/static_spec.rb
 - spec/model/login_ticket_spec.rb
+- spec/model/proxy_ticket_spec.rb
 - spec/model/service_ticket_spec.rb
+- spec/model/ticket_granting_ticket_spec.rb
 - spec/processor/legacy_validator_spec.rb
 - spec/processor/login_credential_acceptor_spec.rb
 - spec/processor/login_credential_requestor_spec.rb
 - spec/processor/logout_spec.rb
-- spec/processor/service_ticket_validator_spec.rb
+- spec/processor/proxy_ticket_provider_spec.rb
+- spec/processor/proxy_ticket_validator_spec.rb
 - spec/processor/session_destroyer_spec.rb
 - spec/processor/session_overview_spec.rb
+- spec/processor/ticket_validator_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/pencil/CASinoCore
 licenses: 
@@ -234,7 +251,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 209769528785287815
+      hash: 218008976937004289
       segments: 
       - 0
       version: "0"