casino_core 1.0.2 → 1.0.3

data/Gemfile

@@ -18,6 +18,7 @@ group :development, :test do
   gem 'sqlite3'
   gem 'database_cleaner'
   gem 'webmock'
+  gem 'nokogiri'
 end
 
 gem 'activerecord', '~> 3.2.9'

data/Gemfile.lock

@@ -27,6 +27,7 @@ GEM
       rdoc
     json (1.7.5)
     multi_json (1.5.0)
+    nokogiri (1.5.6)
     rake (10.0.3)
     rdoc (3.12)
       json (~> 1.4)
@@ -60,6 +61,7 @@ DEPENDENCIES
   bundler (~> 1.2.0)
   database_cleaner
   jeweler (~> 1.8.4)
+  nokogiri
   redcarpet
   rspec (~> 2.12.0)
   simplecov (~> 0.7.1)

data/VERSION

@@ -1 +1 @@
-1.0.2
+1.0.3

data/casino_core.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = "casino_core"
-  s.version = "1.0.2"
+  s.version = "1.0.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Nils Caspar"]
@@ -89,6 +89,7 @@ Gem::Specification.new do |s|
     "spec/authenticator/static_spec.rb",
     "spec/model/login_ticket_spec.rb",
     "spec/model/proxy_ticket_spec.rb",
+    "spec/model/service_ticket/single_sign_out_notifier_spec.rb",
     "spec/model/service_ticket_spec.rb",
     "spec/model/ticket_granting_ticket_spec.rb",
     "spec/processor/legacy_validator_spec.rb",
@@ -124,6 +125,7 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<sqlite3>, [">= 0"])
       s.add_development_dependency(%q<database_cleaner>, [">= 0"])
       s.add_development_dependency(%q<webmock>, [">= 0"])
+      s.add_development_dependency(%q<nokogiri>, [">= 0"])
     else
       s.add_dependency(%q<activerecord>, ["~> 3.2.9"])
       s.add_dependency(%q<addressable>, ["~> 2.3.2"])
@@ -137,6 +139,7 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<sqlite3>, [">= 0"])
       s.add_dependency(%q<database_cleaner>, [">= 0"])
       s.add_dependency(%q<webmock>, [">= 0"])
+      s.add_dependency(%q<nokogiri>, [">= 0"])
     end
   else
     s.add_dependency(%q<activerecord>, ["~> 3.2.9"])
@@ -151,6 +154,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<sqlite3>, [">= 0"])
     s.add_dependency(%q<database_cleaner>, [">= 0"])
     s.add_dependency(%q<webmock>, [">= 0"])
+    s.add_dependency(%q<nokogiri>, [">= 0"])
   end
 end
 

data/lib/casino_core/helper/proxy_granting_tickets.rb

@@ -13,7 +13,7 @@ module CASinoCore
       def acquire_proxy_granting_ticket(pgt_url, service_ticket)
         begin
           return contact_callback_server(pgt_url, service_ticket)
-        rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError
+        rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e
           logger.warn "Exception while communicating with proxy-granting ticket callback server: #{e.message}"
         end
         nil

data/lib/casino_core/model/service_ticket.rb

@@ -16,7 +16,7 @@ class CASinoCore::Model::ServiceTicket < ActiveRecord::Base
   end
 
   def self.cleanup_consumed
-    self.destroy_all(['created_at < ? AND consumed = ?', CASinoCore::Settings.service_ticket[:lifetime_consumed].seconds.ago, true])
+    self.destroy_all(['(ticket_granting_ticket_id IS NULL OR created_at < ?) AND consumed = ?', CASinoCore::Settings.service_ticket[:lifetime_consumed].seconds.ago, true])
   end
 
   def self.cleanup_consumed_hard

data/lib/casino_core/model/service_ticket/single_sign_out_notifier.rb

@@ -20,8 +20,13 @@ class CASinoCore::Model::ServiceTicket::SingleSignOutNotifier
   private
   def build_xml
     xml = Builder::XmlMarkup.new(indent: 2)
-    xml.samlp :LogoutRequest, ID: SecureRandom.uuid, Version: '2.0', IsseInstant: Time.now do |logout_request|
-      logout_request.samlp :NameID, '@NOT_USED@'
+    xml.samlp :LogoutRequest,
+      'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol',
+      'xmlns:saml' => 'urn:oasis:names:tc:SAML:2.0:assertion',
+      ID: SecureRandom.uuid,
+      Version: '2.0',
+      IssueInstant: Time.now do |logout_request|
+      logout_request.saml :NameID, '@NOT_USED@'
       logout_request.samlp :SessionIndex, @service_ticket.ticket
     end
     xml.target!
@@ -49,7 +54,7 @@ class CASinoCore::Model::ServiceTicket::SingleSignOutNotifier
           return false
         end
       end
-    rescue Exception => e
+    rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e
       logger.warn "Failed to send logout notification to service #{uri} due to #{e}"
       return false
     end

data/spec/model/service_ticket/single_sign_out_notifier_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'nokogiri'
+
+describe CASinoCore::Model::ServiceTicket::SingleSignOutNotifier do
+  let(:ticket) { 'ST-123456' }
+  let(:service) { 'http://www.example.org/' }
+  let(:service_ticket) { CASinoCore::Model::ServiceTicket.create ticket: ticket, service: service }
+  let(:notifier) { described_class.new service_ticket }
+
+  describe '#notify' do
+    before(:each) do
+      stub_request(:post, service)
+    end
+
+    it 'sends a valid Single Sign Out XML to the service URL' do
+      notifier.notify
+      WebMock.should have_requested(:post, service).with { |request|
+        post_params = CGI.parse(request.body)
+        post_params.should_not be_nil
+        xml = Nokogiri::XML post_params['logoutRequest'].first
+        xml.at_xpath('/samlp:LogoutRequest/samlp:SessionIndex').text.strip.should == service_ticket.ticket
+      }
+    end
+
+    context 'when it is a success' do
+      it 'returns true' do
+        notifier.notify.should == true
+      end
+    end
+
+    context 'with server error' do
+      [404, 500].each do |status_code|
+        context "#{status_code}" do
+          before(:each) do
+            stub_request(:post, service).to_return status: status_code
+          end
+
+          it 'returns false' do
+            notifier.notify.should == false
+          end
+        end
+      end
+
+      context 'connection timeout' do
+        before(:each) do
+          stub_request(:post, service).to_raise Timeout::Error
+        end
+
+        it 'returns false' do
+          notifier.notify.should == false
+        end
+      end
+    end
+  end
+end

data/spec/model/service_ticket_spec.rb

@@ -38,6 +38,22 @@ describe CASinoCore::Model::ServiceTicket do
       end.should change(described_class, :count).by(-1)
       described_class.find_by_ticket('ST-12345').should be_false
     end
+
+    it 'deletes consumed service tickets without ticket_granting_ticket' do
+      consumed_ticket.ticket_granting_ticket_id = nil
+      consumed_ticket.save!
+      lambda do
+        described_class.cleanup_consumed
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket('ST-12345').should be_false
+    end
+
+    it 'does not delete unexpired service tickets' do
+      consumed_ticket # create the ticket
+      lambda do
+        described_class.cleanup_consumed
+      end.should_not change(described_class, :count)
+    end
   end
 
   describe '#destroy' do

data/spec/processor/session_destroyer_spec.rb

@@ -57,19 +57,6 @@ describe CASinoCore::Processor::SessionDestroyer do
         listener.should_receive(:ticket_deleted).with(no_args)
         processor.process(params, cookies, user_agent)
       end
-
-      it 'deletes the dependent service ticket' do
-        service_ticket.ticket # creates the service ticket
-        lambda {
-          processor.process(params, cookies, user_agent)
-        }.should change(CASinoCore::Model::ServiceTicket, :count).by(-1)
-      end
-
-      it 'nullifies the dependent service ticket if destroying fails' do
-        lambda {
-          processor.process(params, cookies, user_agent)
-        }.should change { consumed_service_ticket.reload.ticket_granting_ticket_id }.to(nil)
-      end
     end
 
     context 'with an invalid ticket-granting ticket' do

data/spec/processor/ticket_validator_spec.rb

@@ -83,10 +83,11 @@ require 'spec_helper'
         end
 
         context 'with proxy-granting ticket callback server' do
-          let(:parameters_with_pgt_url) { parameters.merge pgtUrl: "https://www.example.org" }
+          let(:pgt_url) { 'https://www.example.org' }
+          let(:parameters_with_pgt_url) { parameters.merge pgtUrl: pgt_url }
 
           before(:each) do
-            stub_request(:get, /https:\/\/www\.example\.org\/\?pgtId=[^&]+&pgtIou=[^&]+/)
+            stub_request(:get, /#{pgt_url}\/\?pgtId=[^&]+&pgtIou=[^&]+/)
           end
 
           it 'calls the #validation_succeeded method on the listener' do
@@ -113,6 +114,40 @@ require 'spec_helper'
               pgtIou: proxy_granting_ticket.iou
             })
           end
+
+          context 'when callback server gives an error' do
+            before(:each) do
+              stub_request(:get, /#{pgt_url}.*/).to_return status: 404
+            end
+
+            it 'calls the #validation_succeeded method on the listener' do
+              listener.should_receive(:validation_succeeded).with(regex_success)
+              processor.process(parameters_with_pgt_url)
+            end
+
+            it 'does not create a proxy-granting ticket' do
+              lambda do
+                processor.process(parameters_with_pgt_url)
+              end.should_not change(service_ticket.proxy_granting_tickets, :count)
+            end
+          end
+
+          context 'when callback server is unreachable' do
+            before(:each) do
+              stub_request(:get, /#{pgt_url}.*/).to_raise(Timeout::Error)
+            end
+
+            it 'calls the #validation_succeeded method on the listener' do
+              listener.should_receive(:validation_succeeded).with(regex_success)
+              processor.process(parameters_with_pgt_url)
+            end
+
+            it 'does not create a proxy-granting ticket' do
+              lambda do
+                processor.process(parameters_with_pgt_url)
+              end.should_not change(service_ticket.proxy_granting_tickets, :count)
+            end
+          end
         end
       end
 

data/spec/spec_helper.rb

@@ -19,7 +19,9 @@ RSpec.configure do |config|
   #     --seed 1234
   config.order = 'random'
 
-  SimpleCov.start
+  SimpleCov.start do
+    add_filter '/spec'
+  end
 
   CASinoCore.setup 'test'
   CASinoCore::Settings.logger.level = ::Logger::Severity::UNKNOWN

metadata

@@ -2,7 +2,7 @@
 name: casino_core
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors: 
 - Nils Caspar
@@ -144,6 +144,17 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: *id012
+- !ruby/object:Gem::Dependency 
+  name: nokogiri
+  requirement: &id013 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id013
 description: A CAS server core library.
 email: ncaspar@me.com
 executables: []
@@ -226,6 +237,7 @@ files:
 - spec/authenticator/static_spec.rb
 - spec/model/login_ticket_spec.rb
 - spec/model/proxy_ticket_spec.rb
+- spec/model/service_ticket/single_sign_out_notifier_spec.rb
 - spec/model/service_ticket_spec.rb
 - spec/model/ticket_granting_ticket_spec.rb
 - spec/processor/legacy_validator_spec.rb
@@ -251,7 +263,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 4407808327317958750
+      hash: 1358580775161495326
       segments: 
       - 0
       version: "0"