casino_core 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +9 -9
- data/lib/casino_core/helper/ticket_granting_tickets.rb +9 -2
- data/lib/casino_core/model/ticket_granting_ticket.rb +9 -0
- data/lib/casino_core/settings.rb +4 -1
- data/lib/casino_core/tasks/cleanup.rake +7 -1
- data/lib/casino_core/version.rb +1 -1
- data/spec/model/ticket_granting_ticket_spec.rb +32 -0
- data/spec/processor/login_credential_requestor_spec.rb +12 -0
- data.tar.gz.sig +0 -0
- metadata +4 -4
- metadata.gz.sig +3 -1
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
casino_core (1.3.
|
4
|
+
casino_core (1.3.1)
|
5
5
|
activerecord (~> 3.2.9)
|
6
6
|
addressable (~> 2.3)
|
7
7
|
faraday (~> 0.8)
|
@@ -12,15 +12,15 @@ PATH
|
|
12
12
|
GEM
|
13
13
|
remote: http://rubygems.org/
|
14
14
|
specs:
|
15
|
-
activemodel (3.2.
|
16
|
-
activesupport (= 3.2.
|
15
|
+
activemodel (3.2.12)
|
16
|
+
activesupport (= 3.2.12)
|
17
17
|
builder (~> 3.0.0)
|
18
|
-
activerecord (3.2.
|
19
|
-
activemodel (= 3.2.
|
20
|
-
activesupport (= 3.2.
|
18
|
+
activerecord (3.2.12)
|
19
|
+
activemodel (= 3.2.12)
|
20
|
+
activesupport (= 3.2.12)
|
21
21
|
arel (~> 3.0.2)
|
22
22
|
tzinfo (~> 0.3.29)
|
23
|
-
activesupport (3.2.
|
23
|
+
activesupport (3.2.12)
|
24
24
|
i18n (~> 0.6)
|
25
25
|
multi_json (~> 1.0)
|
26
26
|
addressable (2.3.2)
|
@@ -34,7 +34,7 @@ GEM
|
|
34
34
|
faraday (0.8.5)
|
35
35
|
multipart-post (~> 1.1)
|
36
36
|
i18n (0.6.1)
|
37
|
-
multi_json (1.
|
37
|
+
multi_json (1.6.1)
|
38
38
|
multipart-post (1.1.5)
|
39
39
|
nokogiri (1.5.6)
|
40
40
|
rake (10.0.3)
|
@@ -58,7 +58,7 @@ GEM
|
|
58
58
|
webmock (1.9.0)
|
59
59
|
addressable (>= 2.2.7)
|
60
60
|
crack (>= 0.1.7)
|
61
|
-
yard (0.8.
|
61
|
+
yard (0.8.4.1)
|
62
62
|
|
63
63
|
PLATFORMS
|
64
64
|
ruby
|
@@ -9,8 +9,15 @@ module CASinoCore
|
|
9
9
|
|
10
10
|
def find_valid_ticket_granting_ticket(tgt, user_agent, ignore_two_factor = false)
|
11
11
|
ticket_granting_ticket = CASinoCore::Model::TicketGrantingTicket.where(ticket: tgt).first
|
12
|
-
unless ticket_granting_ticket.nil?
|
13
|
-
if
|
12
|
+
unless ticket_granting_ticket.nil?
|
13
|
+
if ticket_granting_ticket.expired?
|
14
|
+
logger.info "Ticket-granting ticket expired (Created: #{ticket_granting_ticket.created_at})"
|
15
|
+
ticket_granting_ticket.destroy
|
16
|
+
nil
|
17
|
+
elsif !ignore_two_factor && ticket_granting_ticket.awaiting_two_factor_authentication?
|
18
|
+
logger.info 'Ticket-granting ticket is valid, but two-factor authentication is pending'
|
19
|
+
nil
|
20
|
+
elsif same_browser?(ticket_granting_ticket.user_agent, user_agent)
|
14
21
|
ticket_granting_ticket.user_agent = user_agent
|
15
22
|
ticket_granting_ticket.touch
|
16
23
|
ticket_granting_ticket.save!
|
@@ -10,6 +10,10 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
|
|
10
10
|
before_destroy :destroy_service_tickets
|
11
11
|
after_destroy :destroy_proxy_granting_tickets
|
12
12
|
|
13
|
+
def self.cleanup
|
14
|
+
self.destroy_all(['created_at < ?', CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago])
|
15
|
+
end
|
16
|
+
|
13
17
|
def browser_info
|
14
18
|
unless self.user_agent.blank?
|
15
19
|
user_agent = UserAgent.parse(self.user_agent)
|
@@ -29,6 +33,11 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
|
|
29
33
|
end
|
30
34
|
end
|
31
35
|
|
36
|
+
def expired?
|
37
|
+
lifetime = CASinoCore::Settings.ticket_granting_ticket[:lifetime]
|
38
|
+
(Time.now - (self.created_at || Time.now)) > lifetime
|
39
|
+
end
|
40
|
+
|
32
41
|
private
|
33
42
|
def destroy_service_tickets
|
34
43
|
self.service_tickets.each do |service_ticket|
|
data/lib/casino_core/settings.rb
CHANGED
@@ -3,11 +3,14 @@ require 'casino_core/authenticator'
|
|
3
3
|
module CASinoCore
|
4
4
|
class Settings
|
5
5
|
class << self
|
6
|
-
attr_accessor :login_ticket, :service_ticket, :proxy_ticket, :two_factor_authenticator, :authenticators, :logger
|
6
|
+
attr_accessor :login_ticket, :ticket_granting_ticket, :service_ticket, :proxy_ticket, :two_factor_authenticator, :authenticators, :logger
|
7
7
|
DEFAULT_SETTINGS = {
|
8
8
|
login_ticket: {
|
9
9
|
lifetime: 600
|
10
10
|
},
|
11
|
+
ticket_granting_ticket: {
|
12
|
+
lifetime: 86400
|
13
|
+
},
|
11
14
|
service_ticket: {
|
12
15
|
lifetime_unconsumed: 300,
|
13
16
|
lifetime_consumed: 86400
|
@@ -35,8 +35,14 @@ namespace :casino_core do
|
|
35
35
|
puts "Deleted #{rows_affected} inactive two-factor authenticators."
|
36
36
|
end
|
37
37
|
|
38
|
+
desc 'Remove expired ticket-granting tickets.'
|
39
|
+
task ticket_granting_tickets: 'casino_core:db:configure_connection' do
|
40
|
+
rows_affected = CASinoCore::Model::TicketGrantingTicket.cleanup.length
|
41
|
+
puts "Deleted #{rows_affected} ticket-granting tickets."
|
42
|
+
end
|
43
|
+
|
38
44
|
desc 'Perform all cleanup tasks.'
|
39
|
-
task all: [:service_tickets, :proxy_tickets, :login_tickets, :two_factor_authenticators] do
|
45
|
+
task all: [:ticket_granting_tickets, :service_tickets, :proxy_tickets, :login_tickets, :two_factor_authenticators] do
|
40
46
|
end
|
41
47
|
end
|
42
48
|
end
|
data/lib/casino_core/version.rb
CHANGED
@@ -80,4 +80,36 @@ describe CASinoCore::Model::TicketGrantingTicket do
|
|
80
80
|
end
|
81
81
|
end
|
82
82
|
end
|
83
|
+
|
84
|
+
describe '#expired?' do
|
85
|
+
context 'with an expired ticket' do
|
86
|
+
before(:each) do
|
87
|
+
ticket_granting_ticket.created_at = 25.hours.ago
|
88
|
+
ticket_granting_ticket.save!
|
89
|
+
end
|
90
|
+
|
91
|
+
it 'returns true' do
|
92
|
+
ticket_granting_ticket.expired?.should == true
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
context 'with an unexpired ticket' do
|
97
|
+
it 'returns false' do
|
98
|
+
ticket_granting_ticket.expired?.should == false
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe '.cleanup' do
|
104
|
+
let!(:other_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
|
105
|
+
|
106
|
+
it 'deletes expired ticket-granting tickets' do
|
107
|
+
ticket_granting_ticket.created_at = 25.hours.ago
|
108
|
+
ticket_granting_ticket.save!
|
109
|
+
lambda do
|
110
|
+
described_class.cleanup
|
111
|
+
end.should change(described_class, :count).by(-1)
|
112
|
+
described_class.find_by_ticket(ticket_granting_ticket.ticket).should be_false
|
113
|
+
end
|
114
|
+
end
|
83
115
|
end
|
@@ -64,6 +64,18 @@ describe CASinoCore::Processor::LoginCredentialRequestor do
|
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
+
context 'when ticket-granting ticket expired' do
|
68
|
+
before(:each) do
|
69
|
+
ticket_granting_ticket.created_at = 25.hours.ago
|
70
|
+
ticket_granting_ticket.save!
|
71
|
+
end
|
72
|
+
|
73
|
+
it 'calls the #user_not_logged_in method on the listener' do
|
74
|
+
listener.should_receive(:user_not_logged_in).with(kind_of(CASinoCore::Model::LoginTicket))
|
75
|
+
processor.process(nil, cookies, user_agent)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
67
79
|
context 'with a service' do
|
68
80
|
let(:service) { 'http://example.com/' }
|
69
81
|
let(:params) { { service: service } }
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casino_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
36
36
|
b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
|
37
37
|
MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
|
38
38
|
eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
39
|
-
date: 2013-02-
|
39
|
+
date: 2013-02-17 00:00:00.000000000 Z
|
40
40
|
dependencies:
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
@@ -431,7 +431,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
431
431
|
version: '0'
|
432
432
|
segments:
|
433
433
|
- 0
|
434
|
-
hash:
|
434
|
+
hash: 4202762284368637569
|
435
435
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
436
436
|
none: false
|
437
437
|
requirements:
|
@@ -440,7 +440,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
440
440
|
version: '0'
|
441
441
|
segments:
|
442
442
|
- 0
|
443
|
-
hash:
|
443
|
+
hash: 4202762284368637569
|
444
444
|
requirements: []
|
445
445
|
rubyforge_project:
|
446
446
|
rubygems_version: 1.8.24
|
metadata.gz.sig
CHANGED
@@ -1 +1,3 @@
|
|
1
|
-
|
1
|
+
��p\T5|��s�SE�*
|
2
|
+
_f���O���}!#��� �T�.�re8e5�ȄZ�Z��.��{���R��+�\��/�P�p}7��ܫ�j\�s�"��ܟ�[S����]�:���~!$�|&��NƠ�\X��չl!za�����Ӷw�F�Ux�=
|
3
|
+
V��U���x��f����Y+������;&���Y��9�E>ߔ��f<�.�H�62d�)���۠�]�x3������/�3tJղfBۅSq &
|