casino_core 0.0.6 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/casino_core.gemspec +20 -3
- data/config/cas.yml +3 -0
- data/db/migrate/20121224113737_create_proxy_tickets.rb +15 -0
- data/db/migrate/20121225153637_add_pgt_url_to_proxy_granting_tickets.rb +11 -0
- data/db/migrate/20121225231301_proxy_granting_ticket_can_be_granted_by_proxy_ticket.rb +6 -0
- data/db/migrate/20121225231713_no_default_granter_type.rb +5 -0
- data/db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb +6 -0
- data/db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb +5 -0
- data/db/schema.rb +22 -8
- data/lib/casino_core/builder.rb +7 -0
- data/lib/casino_core/builder/ticket_validation_response.rb +76 -0
- data/lib/casino_core/helper.rb +1 -0
- data/lib/casino_core/helper/proxy_granting_tickets.rb +29 -22
- data/lib/casino_core/helper/proxy_tickets.rb +61 -0
- data/lib/casino_core/helper/service_tickets.rb +1 -34
- data/lib/casino_core/model.rb +1 -0
- data/lib/casino_core/model/proxy_granting_ticket.rb +3 -2
- data/lib/casino_core/model/proxy_ticket.rb +27 -0
- data/lib/casino_core/model/service_ticket.rb +17 -4
- data/lib/casino_core/model/service_ticket/single_sign_out_notifier.rb +6 -2
- data/lib/casino_core/model/ticket_granting_ticket.rb +21 -0
- data/lib/casino_core/processor.rb +2 -0
- data/lib/casino_core/processor/legacy_validator.rb +1 -1
- data/lib/casino_core/processor/proxy_ticket_provider.rb +44 -0
- data/lib/casino_core/processor/proxy_ticket_validator.rb +27 -0
- data/lib/casino_core/processor/service_ticket_validator.rb +25 -43
- data/lib/casino_core/processor/session_destroyer.rb +3 -0
- data/lib/casino_core/settings.rb +1 -1
- data/lib/casino_core/tasks/cleanup.rake +12 -2
- data/lib/casino_core/tasks/database.rake +3 -2
- data/spec/authenticator/base_spec.rb +13 -0
- data/spec/model/proxy_ticket_spec.rb +32 -0
- data/spec/model/service_ticket_spec.rb +24 -7
- data/spec/model/ticket_granting_ticket_spec.rb +35 -0
- data/spec/processor/proxy_ticket_provider_spec.rb +75 -0
- data/spec/processor/proxy_ticket_validator_spec.rb +66 -0
- data/spec/processor/session_destroyer_spec.rb +24 -2
- data/spec/processor/ticket_validator_spec.rb +125 -0
- metadata +21 -4
- data/spec/processor/service_ticket_validator_spec.rb +0 -123
|
@@ -1,123 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe CASinoCore::Processor::ServiceTicketValidator do
|
|
4
|
-
describe '#process' do
|
|
5
|
-
let(:listener) { Object.new }
|
|
6
|
-
let(:processor) { described_class.new(listener) }
|
|
7
|
-
let(:user_agent) { 'TestBrowser 1.0' }
|
|
8
|
-
let(:ticket_granting_ticket) {
|
|
9
|
-
CASinoCore::Model::TicketGrantingTicket.create!({
|
|
10
|
-
ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
|
|
11
|
-
username: 'test',
|
|
12
|
-
extra_attributes: nil,
|
|
13
|
-
user_agent: user_agent
|
|
14
|
-
})
|
|
15
|
-
}
|
|
16
|
-
let(:service) { 'https://example.com/cas-service' }
|
|
17
|
-
let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: service }
|
|
18
|
-
let(:parameters) { { service: service, ticket: service_ticket.ticket }}
|
|
19
|
-
|
|
20
|
-
let(:regex_failure) { /\A\<cas\:serviceResponse.*\n.*authenticationFailure/ }
|
|
21
|
-
let(:regex_success) { /\A\<cas\:serviceResponse.*\n.*authenticationSuccess/ }
|
|
22
|
-
|
|
23
|
-
before(:each) do
|
|
24
|
-
listener.stub(:validation_failed)
|
|
25
|
-
listener.stub(:validation_succeeded)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
context 'with an unconsumed service ticket' do
|
|
29
|
-
context 'without renew flag' do
|
|
30
|
-
it 'consumes the service ticket' do
|
|
31
|
-
processor.process(parameters)
|
|
32
|
-
service_ticket.reload
|
|
33
|
-
service_ticket.consumed.should == true
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
it 'calls the #validation_succeeded method on the listener' do
|
|
37
|
-
listener.should_receive(:validation_succeeded).with(regex_success)
|
|
38
|
-
processor.process(parameters)
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
context 'with renew flag' do
|
|
43
|
-
let(:parameters_with_renew) { parameters.merge renew: 'true' }
|
|
44
|
-
|
|
45
|
-
context 'with a service ticket without issued_from_credentials flag' do
|
|
46
|
-
it 'consumes the service ticket' do
|
|
47
|
-
processor.process(parameters_with_renew)
|
|
48
|
-
service_ticket.reload
|
|
49
|
-
service_ticket.consumed.should == true
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
it 'calls the #validation_failed method on the listener' do
|
|
53
|
-
listener.should_receive(:validation_failed).with(regex_failure)
|
|
54
|
-
processor.process(parameters_with_renew)
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
context 'with a service ticket with issued_from_credentials flag' do
|
|
59
|
-
before(:each) do
|
|
60
|
-
service_ticket.issued_from_credentials = true
|
|
61
|
-
service_ticket.save!
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
it 'consumes the service ticket' do
|
|
65
|
-
processor.process(parameters_with_renew)
|
|
66
|
-
service_ticket.reload
|
|
67
|
-
service_ticket.consumed.should == true
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
it 'calls the #validation_succeeded method on the listener' do
|
|
71
|
-
listener.should_receive(:validation_succeeded).with(regex_success)
|
|
72
|
-
processor.process(parameters_with_renew)
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
context 'with proxy-granting ticket callback server' do
|
|
78
|
-
let(:parameters_with_pgt_url) { parameters.merge pgtUrl: 'https://www.example.com/' }
|
|
79
|
-
|
|
80
|
-
before(:each) do
|
|
81
|
-
stub_request(:get, /https:\/\/www\.example\.com\/\?pgtId=[^&]+&pgtIou=[^&]+/)
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
it 'calls the #validation_succeeded method on the listener' do
|
|
85
|
-
listener.should_receive(:validation_succeeded).with(regex_success)
|
|
86
|
-
processor.process(parameters_with_pgt_url)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
it 'includes the PGTIOU in the response' do
|
|
90
|
-
listener.should_receive(:validation_succeeded).with(/\<cas\:proxyGrantingTicket\>\n?\s*PGTIOU-.+/)
|
|
91
|
-
processor.process(parameters_with_pgt_url)
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
it 'creates a proxy-granting ticket' do
|
|
95
|
-
lambda do
|
|
96
|
-
processor.process(parameters_with_pgt_url)
|
|
97
|
-
end.should change(service_ticket.proxy_granting_tickets, :count).by(1)
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
it 'contacts the callback server' do
|
|
101
|
-
processor.process(parameters_with_pgt_url)
|
|
102
|
-
proxy_granting_ticket = CASinoCore::Model::ProxyGrantingTicket.last
|
|
103
|
-
WebMock.should have_requested(:get, 'https://www.example.com').with(query: {
|
|
104
|
-
pgtId: proxy_granting_ticket.ticket,
|
|
105
|
-
pgtIou: proxy_granting_ticket.iou
|
|
106
|
-
})
|
|
107
|
-
end
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
context 'with a consumed service ticket' do
|
|
112
|
-
before(:each) do
|
|
113
|
-
service_ticket.consumed = true
|
|
114
|
-
service_ticket.save!
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
it 'calls the #validation_failed method on the listener' do
|
|
118
|
-
listener.should_receive(:validation_failed).with(regex_failure)
|
|
119
|
-
processor.process(parameters)
|
|
120
|
-
end
|
|
121
|
-
end
|
|
122
|
-
end
|
|
123
|
-
end
|