casino_core 1.2.0 → 1.3.0

data/spec/processor/two_factor_authenticator_destroyer_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::TwoFactorAuthenticatorDestroyer do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:cookies) { { tgt: tgt } }
+
+    before(:each) do
+      listener.stub(:user_not_logged_in)
+      listener.stub(:two_factor_authenticator_destroyed)
+      listener.stub(:invalid_two_factor_authenticator)
+    end
+
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:tgt) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+      let(:params) { { id: two_factor_authenticator.id } }
+
+      context 'with a valid two-factor authenticator' do
+        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
+
+        it 'calls the #two_factor_authenticator_destroyed method on the listener' do
+          listener.should_receive(:two_factor_authenticator_destroyed).with(no_args)
+          processor.process(params, cookies, user_agent)
+        end
+
+        it 'deletes the two-factor authenticator' do
+          processor.process(params, cookies, user_agent)
+          lambda do
+            two_factor_authenticator.reload
+          end.should raise_error(ActiveRecord::RecordNotFound)
+        end
+
+        it 'does not delete other two-factor authenticators' do
+          other = FactoryGirl.create :two_factor_authenticator
+          lambda do
+            processor.process(params, cookies, user_agent)
+          end.should change(CASinoCore::Model::TwoFactorAuthenticator, :count).by(-1)
+        end
+      end
+
+      context 'with a two-factor authenticator of another user' do
+        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator }
+
+        it 'calls the #invalid_two_factor_authenticator method on the listener' do
+          listener.should_receive(:invalid_two_factor_authenticator).with(no_args)
+          processor.process(params, cookies, user_agent)
+        end
+
+        it 'does not delete two-factor authenticators' do
+          lambda do
+            processor.process(params, cookies, user_agent)
+          end.should_not change(CASinoCore::Model::TwoFactorAuthenticator, :count)
+        end
+      end
+    end
+
+    context 'with an invalid ticket-granting ticket' do
+      let(:params) { {} }
+      let(:tgt) { 'TGT-lalala' }
+      let(:user_agent) { 'TestBrowser 1.0' }
+      it 'calls the #user_not_logged_in method on the listener' do
+        listener.should_receive(:user_not_logged_in).with(no_args)
+        processor.process(params, cookies, user_agent)
+      end
+    end
+  end
+end

data/spec/processor/two_factor_authenticator_overview_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::TwoFactorAuthenticatorOverview do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:cookies) { { tgt: tgt } }
+
+    before(:each) do
+      listener.stub(:user_not_logged_in)
+      listener.stub(:two_factor_authenticators_found)
+    end
+
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:tgt) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+
+      context 'without a two-factor authenticator registered' do
+        it 'calls the #two_factor_authenticators_found method on the listener' do
+          listener.should_receive(:two_factor_authenticators_found).with([])
+          processor.process(cookies, user_agent)
+        end
+      end
+
+      context 'with an inactive two-factor authenticator' do
+        let!(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, :inactive, user: user }
+
+        it 'does not include the inactive authenticator' do
+          listener.should_receive(:two_factor_authenticators_found).with([])
+          processor.process(cookies, user_agent)
+        end
+      end
+
+      context 'with a two-factor authenticator registered' do
+        let(:two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator, user: user }
+        let!(:other_two_factor_authenticator) { FactoryGirl.create :two_factor_authenticator }
+
+        it 'calls the #two_factor_authenticators_found method on the listener' do
+          listener.should_receive(:two_factor_authenticators_found).with([two_factor_authenticator])
+          processor.process(cookies, user_agent)
+        end
+      end
+    end
+
+    context 'with an invalid ticket-granting ticket' do
+      let(:tgt) { 'TGT-lalala' }
+      let(:user_agent) { 'TestBrowser 1.0' }
+      it 'calls the #user_not_logged_in method on the listener' do
+        listener.should_receive(:user_not_logged_in).with(no_args)
+        processor.process(cookies, user_agent)
+      end
+    end
+  end
+end

data/spec/processor/two_factor_authenticator_registrator_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::TwoFactorAuthenticatorRegistrator do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:cookies) { { tgt: tgt } }
+
+    before(:each) do
+      listener.stub(:user_not_logged_in)
+      listener.stub(:two_factor_authenticator_registered)
+    end
+
+    context 'with an existing ticket-granting ticket' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user) { ticket_granting_ticket.user }
+      let(:tgt) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+
+      it 'creates exactly one authenticator' do
+        lambda do
+          processor.process(cookies, user_agent)
+        end.should change(CASinoCore::Model::TwoFactorAuthenticator, :count).by(1)
+      end
+
+      it 'calls #two_factor_authenticator_created on the listener' do
+        listener.should_receive(:two_factor_authenticator_registered) do |authenticator|
+          authenticator.should == CASinoCore::Model::TwoFactorAuthenticator.last
+        end
+        processor.process(cookies, user_agent)
+      end
+
+      it 'creates an inactive two-factor authenticator' do
+        processor.process(cookies, user_agent)
+        CASinoCore::Model::TwoFactorAuthenticator.last.should_not be_active
+      end
+    end
+
+    context 'with an invalid ticket-granting ticket' do
+      let(:tgt) { 'TGT-lalala' }
+      let(:user_agent) { 'TestBrowser 1.0' }
+      it 'calls the #user_not_logged_in method on the listener' do
+        listener.should_receive(:user_not_logged_in).with(no_args)
+        processor.process(cookies, user_agent)
+      end
+    end
+  end
+end

data/spec/settings_spec.rb

@@ -1,6 +1,15 @@
 require 'spec_helper'
 
 describe CASinoCore::Settings do
+  describe 'initializer' do
+    it 'loads default settings' do
+      described_class.service_ticket[:lifetime_consumed].should == 86400
+    end
+    it 'overwrites specific settings' do
+      described_class.service_ticket[:lifetime_unconsumed].should == 299
+    end
+  end
+
   describe '#authenticators=' do
     context 'with an authenticator name' do
       let(:authenticator_name) { 'testing' }

data/spec/support/factories/ticket_granting_ticket_factory.rb

@@ -7,5 +7,9 @@ FactoryGirl.define do
       "TGC-ticket#{n}"
     end
     user_agent 'TestBrowser 1.0'
+
+    trait :awaiting_two_factor_authentication do
+      awaiting_two_factor_authentication true
+    end
   end
 end

data/spec/support/factories/two_factor_authenticator_factory.rb

@@ -0,0 +1,16 @@
+require 'factory_girl'
+require 'rotp'
+
+FactoryGirl.define do
+  factory :two_factor_authenticator, class: CASinoCore::Model::TwoFactorAuthenticator do
+    user
+    secret do
+      ROTP::Base32.random_base32
+    end
+    active true
+
+    trait :inactive do
+      active false
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino_core
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -36,7 +36,7 @@ cert_chain:
   b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
   MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
   eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-date: 2013-02-02 00:00:00.000000000 Z
+date: 2013-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -246,6 +246,38 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
 description: CASinoCore is a CAS server library. It can be used by other projects
   to build a fully functional CAS server.
 email:
@@ -291,6 +323,9 @@ files:
 - db/migrate/20121231114141_add_authenticator_to_ticket_granting_tickets.rb
 - db/migrate/20130105152327_create_service_rules.rb
 - db/migrate/20130202210100_create_users.rb
+- db/migrate/20130203100015_create_two_factor_authenticators.rb
+- db/migrate/20130203101351_add_active_to_two_factor_authenticators.rb
+- db/migrate/20130203155008_add_awaiting_two_factor_authentication_to_ticket_granting_tickets.rb
 - db/schema.rb
 - lib/casino_core.rb
 - lib/casino_core/authenticator.rb
@@ -307,6 +342,7 @@ files:
 - lib/casino_core/helper/service_tickets.rb
 - lib/casino_core/helper/ticket_granting_tickets.rb
 - lib/casino_core/helper/tickets.rb
+- lib/casino_core/helper/two_factor_authenticators.rb
 - lib/casino_core/model.rb
 - lib/casino_core/model/login_ticket.rb
 - lib/casino_core/model/proxy_granting_ticket.rb
@@ -315,7 +351,9 @@ files:
 - lib/casino_core/model/service_ticket.rb
 - lib/casino_core/model/service_ticket/single_sign_out_notifier.rb
 - lib/casino_core/model/ticket_granting_ticket.rb
+- lib/casino_core/model/two_factor_authenticator.rb
 - lib/casino_core/model/user.rb
+- lib/casino_core/model/validation_result.rb
 - lib/casino_core/processor.rb
 - lib/casino_core/processor/api.rb
 - lib/casino_core/processor/api/login_credential_acceptor.rb
@@ -327,9 +365,14 @@ files:
 - lib/casino_core/processor/logout.rb
 - lib/casino_core/processor/proxy_ticket_provider.rb
 - lib/casino_core/processor/proxy_ticket_validator.rb
+- lib/casino_core/processor/second_factor_authentication_acceptor.rb
 - lib/casino_core/processor/service_ticket_validator.rb
 - lib/casino_core/processor/session_destroyer.rb
 - lib/casino_core/processor/session_overview.rb
+- lib/casino_core/processor/two_factor_authenticator_activator.rb
+- lib/casino_core/processor/two_factor_authenticator_destroyer.rb
+- lib/casino_core/processor/two_factor_authenticator_overview.rb
+- lib/casino_core/processor/two_factor_authenticator_registrator.rb
 - lib/casino_core/railtie.rb
 - lib/casino_core/rake_tasks.rb
 - lib/casino_core/settings.rb
@@ -345,6 +388,7 @@ files:
 - spec/model/service_ticket/single_sign_out_notifier_spec.rb
 - spec/model/service_ticket_spec.rb
 - spec/model/ticket_granting_ticket_spec.rb
+- spec/model/two_factor_authenticator_spec.rb
 - spec/processor/api/login_credential_acceptor_spec.rb
 - spec/processor/api/logout_spec.rb
 - spec/processor/api/service_ticket_provider_spec.rb
@@ -354,9 +398,14 @@ files:
 - spec/processor/logout_spec.rb
 - spec/processor/proxy_ticket_provider_spec.rb
 - spec/processor/proxy_ticket_validator_spec.rb
+- spec/processor/second_factor_authenticaton_acceptor_spec.rb
 - spec/processor/session_destroyer_spec.rb
 - spec/processor/session_overview_spec.rb
 - spec/processor/ticket_validator_spec.rb
+- spec/processor/two_factor_authenticator_activator_spec.rb
+- spec/processor/two_factor_authenticator_destroyer_spec.rb
+- spec/processor/two_factor_authenticator_overview_spec.rb
+- spec/processor/two_factor_authenticator_registrator_spec.rb
 - spec/settings_spec.rb
 - spec/spec_helper.rb
 - spec/support/factories/login_ticket_factory.rb
@@ -365,6 +414,7 @@ files:
 - spec/support/factories/service_rule_factory.rb
 - spec/support/factories/service_ticket_factory.rb
 - spec/support/factories/ticket_granting_ticket_factory.rb
+- spec/support/factories/two_factor_authenticator_factory.rb
 - spec/support/factories/user_factory.rb
 homepage: http://rbcas.org/
 licenses:
@@ -381,7 +431,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2617767929690973862
+      hash: 1075447066647602137
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -390,7 +440,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2617767929690973862
+      hash: 1075447066647602137
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24
@@ -406,6 +456,7 @@ test_files:
 - spec/model/service_ticket/single_sign_out_notifier_spec.rb
 - spec/model/service_ticket_spec.rb
 - spec/model/ticket_granting_ticket_spec.rb
+- spec/model/two_factor_authenticator_spec.rb
 - spec/processor/api/login_credential_acceptor_spec.rb
 - spec/processor/api/logout_spec.rb
 - spec/processor/api/service_ticket_provider_spec.rb
@@ -415,9 +466,14 @@ test_files:
 - spec/processor/logout_spec.rb
 - spec/processor/proxy_ticket_provider_spec.rb
 - spec/processor/proxy_ticket_validator_spec.rb
+- spec/processor/second_factor_authenticaton_acceptor_spec.rb
 - spec/processor/session_destroyer_spec.rb
 - spec/processor/session_overview_spec.rb
 - spec/processor/ticket_validator_spec.rb
+- spec/processor/two_factor_authenticator_activator_spec.rb
+- spec/processor/two_factor_authenticator_destroyer_spec.rb
+- spec/processor/two_factor_authenticator_overview_spec.rb
+- spec/processor/two_factor_authenticator_registrator_spec.rb
 - spec/settings_spec.rb
 - spec/spec_helper.rb
 - spec/support/factories/login_ticket_factory.rb
@@ -426,5 +482,6 @@ test_files:
 - spec/support/factories/service_rule_factory.rb
 - spec/support/factories/service_ticket_factory.rb
 - spec/support/factories/ticket_granting_ticket_factory.rb
+- spec/support/factories/two_factor_authenticator_factory.rb
 - spec/support/factories/user_factory.rb
 has_rdoc: 

metadata.gz.sig

@@ -1,3 +1 @@
-�n�̢���csxh]?u��8�)��dg-��'��ɏ�q�Gd:�p)[�e���zK�"���t��Q�s��H�C{��A�wPw���K��8�*.<��"c}}���
@�2$RЎ�`������$��\(N�7�J�ђ�O��W�Ϥ
-�Do�^�L��P+r�m�>�橿c��1���87O�(��_�>^�
-�D�^�d]�_�M`b��IS^/���i�%���!�]&���J�֣���� B�0�yP�-l��;
+���þ�i�cʞ|�⦏m4��~����V��o\�d��9�3�2ҹ�ǰd@�(yy�謵��[�k�����!u�"��L(�+�z�\���	���r�)���l�N�ߌ{c�+�����S7����z�}'��o ���R���ħl�̆���������[jq���'F`��7q�m���p�R�l-�:XB²B��%k��T&�Bᣔ#�__�k�Yf�_�]*M�]m
k��Q�B