casino_core 1.0.3 → 1.0.4

data/Gemfile

@@ -19,6 +19,7 @@ group :development, :test do
   gem 'database_cleaner'
   gem 'webmock'
   gem 'nokogiri'
+  gem 'factory_girl', '~> 4.1.0'
 end
 
 gem 'activerecord', '~> 3.2.9'

data/Gemfile.lock

@@ -18,6 +18,8 @@ GEM
     crack (0.3.1)
     database_cleaner (0.9.1)
     diff-lcs (1.1.3)
+    factory_girl (4.1.0)
+      activesupport (>= 3.0.0)
     git (1.2.5)
     i18n (0.6.1)
     jeweler (1.8.4)
@@ -60,6 +62,7 @@ DEPENDENCIES
   addressable (~> 2.3.2)
   bundler (~> 1.2.0)
   database_cleaner
+  factory_girl (~> 4.1.0)
   jeweler (~> 1.8.4)
   nokogiri
   redcarpet

data/VERSION

@@ -1 +1 @@
-1.0.3
+1.0.4

data/casino_core.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "casino_core"
-  s.version = "1.0.3"
+  s.version = "1.0.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Nils Caspar"]
-  s.date = "2012-12-29"
+  s.date = "2012-12-30"
   s.description = "A CAS server core library."
   s.email = "ncaspar@me.com"
   s.extra_rdoc_files = [
@@ -48,6 +48,7 @@ Gem::Specification.new do |s|
     "db/migrate/20121225231713_no_default_granter_type.rb",
     "db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb",
     "db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb",
+    "db/migrate/20121231114141_add_authenticator_to_ticket_granting_tickets.rb",
     "db/schema.rb",
     "lib/casino_core.rb",
     "lib/casino_core/authenticator.rb",
@@ -101,7 +102,12 @@ Gem::Specification.new do |s|
     "spec/processor/session_destroyer_spec.rb",
     "spec/processor/session_overview_spec.rb",
     "spec/processor/ticket_validator_spec.rb",
-    "spec/spec_helper.rb"
+    "spec/spec_helper.rb",
+    "spec/support/factories/login_ticket_factory.rb",
+    "spec/support/factories/proxy_granting_ticket_factory.rb",
+    "spec/support/factories/proxy_ticket_factory.rb",
+    "spec/support/factories/service_ticket_factory.rb",
+    "spec/support/factories/ticket_granting_ticket_factory.rb"
   ]
   s.homepage = "http://github.com/pencil/CASinoCore"
   s.licenses = ["MIT"]
@@ -126,6 +132,7 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<database_cleaner>, [">= 0"])
       s.add_development_dependency(%q<webmock>, [">= 0"])
       s.add_development_dependency(%q<nokogiri>, [">= 0"])
+      s.add_development_dependency(%q<factory_girl>, ["~> 4.1.0"])
     else
       s.add_dependency(%q<activerecord>, ["~> 3.2.9"])
       s.add_dependency(%q<addressable>, ["~> 2.3.2"])
@@ -140,6 +147,7 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<database_cleaner>, [">= 0"])
       s.add_dependency(%q<webmock>, [">= 0"])
       s.add_dependency(%q<nokogiri>, [">= 0"])
+      s.add_dependency(%q<factory_girl>, ["~> 4.1.0"])
     end
   else
     s.add_dependency(%q<activerecord>, ["~> 3.2.9"])
@@ -155,6 +163,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<database_cleaner>, [">= 0"])
     s.add_dependency(%q<webmock>, [">= 0"])
     s.add_dependency(%q<nokogiri>, [">= 0"])
+    s.add_dependency(%q<factory_girl>, ["~> 4.1.0"])
   end
 end
 

data/config/cas.yml

@@ -7,25 +7,24 @@ defaults: &defaults
   proxy_ticket:
     lifetime_unconsumed: 300
     lifetime_consumed: 86400
-
-development:
-  <<: *defaults
   authenticators:
-    -
+    static_1:
       class: "CASinoCore::Authenticator::Static"
       options:
         users:
           testuser:
             password: "foobar123"
             name: "Test User"
-
-test:
-  <<: *defaults
-  authenticators:
-    -
+    static_2:
       class: "CASinoCore::Authenticator::Static"
       options:
         users:
-          testuser:
-            password: "foobar123"
+          example:
+            password: "dito123"
             name: "Test User"
+
+development:
+  <<: *defaults
+
+test:
+  <<: *defaults

data/db/migrate/20121231114141_add_authenticator_to_ticket_granting_tickets.rb

@@ -0,0 +1,15 @@
+class AddAuthenticatorToTicketGrantingTickets < ActiveRecord::Migration
+  def up
+    add_column :ticket_granting_tickets, :authenticator, :string, null: true
+    CASinoCore::Model::TicketGrantingTicket.delete_all
+    change_column :ticket_granting_tickets, :authenticator, :string, null: false
+    add_index :ticket_granting_tickets, [:authenticator, :username]
+    remove_index :ticket_granting_tickets, :username
+  end
+
+  def down
+    remove_index :ticket_granting_tickets, [:authenticator, :username]
+    remove_column :ticket_granting_tickets, :authenticator
+    add_index :ticket_granting_tickets, :username
+  end
+end

data/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20121226211511) do
+ActiveRecord::Schema.define(:version => 20121231114141) do
 
   create_table "login_tickets", :force => true do |t|
     t.string   "ticket",     :null => false
@@ -67,9 +67,10 @@ ActiveRecord::Schema.define(:version => 20121226211511) do
     t.datetime "created_at",       :null => false
     t.datetime "updated_at",       :null => false
     t.string   "user_agent"
+    t.string   "authenticator",    :null => false
   end
 
+  add_index "ticket_granting_tickets", ["authenticator", "username"], :name => "index_ticket_granting_tickets_on_authenticator_and_username"
   add_index "ticket_granting_tickets", ["ticket"], :name => "index_ticket_granting_tickets_on_ticket", :unique => true
-  add_index "ticket_granting_tickets", ["username"], :name => "index_ticket_granting_tickets_on_username"
 
 end

data/lib/casino_core/builder/ticket_validation_response.rb

@@ -37,8 +37,6 @@ class CASinoCore::Builder::TicketValidationResponse < CASinoCore::Builder
   def serialize_extra_attribute(builder, key, value)
     if value.kind_of?(String) || value.kind_of?(Numeric) || value.kind_of?(Symbol)
       builder.cas key, "#{value}"
-    elsif value.kind_of?(Numeric)
-      builder.cas key, value.to_s
     else
       builder.cas key do |container|
         container.cdata! value.to_yaml

data/lib/casino_core/model/ticket_granting_ticket.rb

@@ -1,7 +1,7 @@
 require 'casino_core/model'
 
 class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
-  attr_accessible :ticket, :username, :user_agent, :extra_attributes
+  attr_accessible :ticket, :authenticator, :username, :user_agent, :extra_attributes
   serialize :extra_attributes, Hash
   validates :ticket, uniqueness: true
   has_many :service_tickets
@@ -18,7 +18,7 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
     if other_ticket.nil?
       false
     else
-      other_ticket.username == self.username
+      other_ticket.username == self.username && other_ticket.authenticator == self.authenticator
     end
   end
 

data/lib/casino_core/processor/login_credential_acceptor.rb

@@ -23,9 +23,9 @@ class CASinoCore::Processor::LoginCredentialAcceptor < CASinoCore::Processor
     params ||= {}
     cookies ||= {}
     if login_ticket_valid?(params[:lt])
-      user_data = validate_login_credentials(params[:username], params[:password])
-      if !user_data.nil?
-        ticket_granting_ticket = acquire_ticket_granting_ticket(user_data, user_agent)
+      authentication_result = validate_login_credentials(params[:username], params[:password])
+      if !authentication_result.nil?
+        ticket_granting_ticket = acquire_ticket_granting_ticket(authentication_result, user_agent)
         url = unless params[:service].nil?
           acquire_service_ticket(ticket_granting_ticket, params[:service], true).service_with_ticket_url
         end
@@ -55,24 +55,23 @@ class CASinoCore::Processor::LoginCredentialAcceptor < CASinoCore::Processor
   end
 
   def validate_login_credentials(username, password)
-    user_data = nil
-    CASinoCore::Settings.authenticators.each do |authenticator|
+    authentication_result = nil
+    CASinoCore::Settings.authenticators.each do |authenticator_name, authenticator|
       data = authenticator.validate(username, password)
       if data
-        if data[:username].nil?
-          data[:username] = username
-        end
-        user_data = data
-        logger.info("Credentials for username '#{data[:username]}' successfully validated using #{authenticator.class}")
+        authentication_result = { authenticator: authenticator_name, user_data: data }
+        logger.info("Credentials for username '#{data[:username]}' successfully validated using authenticator '#{authenticator_name}' (#{authenticator.class})")
         break
       end
     end
-    user_data
+    authentication_result
   end
 
-  def acquire_ticket_granting_ticket(user_data, user_agent = nil)
+  def acquire_ticket_granting_ticket(authentication_result, user_agent = nil)
+    user_data = authentication_result[:user_data]
     CASinoCore::Model::TicketGrantingTicket.create!({
       ticket: random_ticket_string('TGC'),
+      authenticator: authentication_result[:authenticator],
       username: user_data[:username],
       extra_attributes: user_data[:extra_attributes],
       user_agent: user_agent

data/lib/casino_core/processor/login_credential_requestor.rb

@@ -28,8 +28,13 @@ class CASinoCore::Processor::LoginCredentialRequestor < CASinoCore::Processor
       end
       @listener.user_logged_in(service_url_with_ticket)
     else
-      login_ticket = acquire_login_ticket
-      @listener.user_not_logged_in(login_ticket)
+      if params[:gateway] == 'true' && params[:service]
+        # we actually lie to the listener to simplify things
+        @listener.user_logged_in(params[:service])
+      else
+        login_ticket = acquire_login_ticket
+        @listener.user_not_logged_in(login_ticket)
+      end
     end
   end
 end

data/lib/casino_core/processor/session_overview.rb

@@ -18,7 +18,10 @@ class CASinoCore::Processor::SessionOverview < CASinoCore::Processor
     if tgt.nil?
       @listener.user_not_logged_in
     else
-      ticket_granting_tickets = CASinoCore::Model::TicketGrantingTicket.where(username: tgt.username).order('updated_at DESC')
+      ticket_granting_tickets = CASinoCore::Model::TicketGrantingTicket.where(
+        username: tgt.username,
+        authenticator: tgt.authenticator
+      ).order('updated_at DESC')
       @listener.ticket_granting_tickets_found(ticket_granting_tickets)
     end
   end

data/lib/casino_core/settings.rb

@@ -17,12 +17,12 @@ module CASinoCore
       end
 
       def authenticators=(authenticators)
-        @authenticators = []
-        authenticators.each do |authenticator|
+        @authenticators = {}
+        authenticators.each do |index, authenticator|
           unless authenticator.is_a?(CASinoCore::Authenticator)
             authenticator = authenticator[:class].constantize.new(authenticator[:options])
           end
-          @authenticators << authenticator
+          @authenticators[index] = authenticator
         end
       end
     end

data/spec/model/service_ticket/single_sign_out_notifier_spec.rb

@@ -2,9 +2,8 @@ require 'spec_helper'
 require 'nokogiri'
 
 describe CASinoCore::Model::ServiceTicket::SingleSignOutNotifier do
-  let(:ticket) { 'ST-123456' }
-  let(:service) { 'http://www.example.org/' }
-  let(:service_ticket) { CASinoCore::Model::ServiceTicket.create ticket: ticket, service: service }
+  let(:service_ticket) { FactoryGirl.create :service_ticket }
+  let(:service) { service_ticket.service }
   let(:notifier) { described_class.new service_ticket }
 
   describe '#notify' do
@@ -18,7 +17,7 @@ describe CASinoCore::Model::ServiceTicket::SingleSignOutNotifier do
         post_params = CGI.parse(request.body)
         post_params.should_not be_nil
         xml = Nokogiri::XML post_params['logoutRequest'].first
-        xml.at_xpath('/samlp:LogoutRequest/samlp:SessionIndex').text.strip.should == service_ticket.ticket
+        xml.at_xpath('/samlp:LogoutRequest/samlp:SessionIndex').text.should == service_ticket.ticket
       }
     end
 

data/spec/model/ticket_granting_ticket_spec.rb

@@ -1,16 +1,9 @@
 require 'spec_helper'
 
 describe CASinoCore::Model::TicketGrantingTicket do
-  let(:subject) { described_class.create! ticket: 'TGT-3ep9awhy2ty5UhL8wM1xAZ', username: 'example-user' }
-  let(:service_ticket) {
-    subject.service_tickets.create! ticket: 'ST-12345', service: 'https://example.com/cas-service'
-  }
-  let(:consumed_service_ticket) {
-    service_ticket = subject.service_tickets.create! ticket: 'ST-n9oZvDtYkVFHj5M3s59Ws5', service: 'https://example.com/cas-service'
-    service_ticket.consumed = true
-    service_ticket.save!
-    service_ticket
-  }
+  let(:ticket_granting_ticket) { described_class.create! ticket: 'TGT-3ep9awhy2ty5UhL8wM1xAZ', username: 'example-user', authenticator: 'test' }
+  let(:service_ticket) { FactoryGirl.create :service_ticket, ticket_granting_ticket: ticket_granting_ticket }
+  let(:consumed_service_ticket) { FactoryGirl.create :service_ticket, :consumed, ticket_granting_ticket: ticket_granting_ticket }
 
   describe '#destroy' do
     context 'when notification for a service ticket fails' do
@@ -21,14 +14,14 @@ describe CASinoCore::Model::TicketGrantingTicket do
       it 'deletes depending proxy-granting tickets' do
         consumed_service_ticket.proxy_granting_tickets.create! ticket: 'PGT-12345', iou: 'PGTIOU-12345', pgt_url: 'bla'
         lambda {
-          subject.destroy
+          ticket_granting_ticket.destroy
         }.should change(CASinoCore::Model::ProxyGrantingTicket, :count).by(-1)
       end
 
       it 'nullifies depending service tickets' do
         lambda {
-          subject.destroy
-        }.should change { consumed_service_ticket.reload.ticket_granting_ticket_id }.from(subject.id).to(nil)
+          ticket_granting_ticket.destroy
+        }.should change { consumed_service_ticket.reload.ticket_granting_ticket_id }.from(ticket_granting_ticket.id).to(nil)
       end
     end
   end

data/spec/processor/legacy_validator_spec.rb

@@ -4,18 +4,8 @@ describe CASinoCore::Processor::LegacyValidator do
   describe '#process' do
     let(:listener) { Object.new }
     let(:processor) { described_class.new(listener) }
-    let(:user_agent) { 'TestBrowser 1.0' }
-    let(:ticket_granting_ticket) {
-      CASinoCore::Model::TicketGrantingTicket.create!({
-        ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-        username: 'test',
-        extra_attributes: nil,
-        user_agent: user_agent
-      })
-    }
-    let(:service) { 'https://example.com/cas-service' }
-    let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: service }
-    let(:parameters) { { service: service, ticket: service_ticket.ticket }}
+    let(:service_ticket) { FactoryGirl.create :service_ticket }
+    let(:parameters) { { service: service_ticket.service, ticket: service_ticket.ticket }}
 
     before(:each) do
       listener.stub(:validation_failed)

data/spec/processor/login_credential_acceptor_spec.rb

@@ -12,8 +12,17 @@ describe CASinoCore::Processor::LoginCredentialAcceptor do
       end
     end
 
+    context 'with an expired login ticket' do
+      let(:expired_login_ticket) { FactoryGirl.create :login_ticket, :expired }
+
+      it 'calls the #invalid_login_ticket method on the listener' do
+        listener.should_receive(:invalid_login_ticket).with(kind_of(CASinoCore::Model::LoginTicket))
+        processor.process(lt: expired_login_ticket.ticket)
+      end
+    end
+
     context 'with a valid login ticket' do
-      let(:login_ticket) { CASinoCore::Model::LoginTicket.create! ticket: "LT-#{Random.rand(10000000)}" }
+      let(:login_ticket) { FactoryGirl.create :login_ticket }
 
       context 'with invalid credentials' do
         it 'calls the #invalid_login_credentials method on the listener' do

data/spec/processor/login_credential_requestor_spec.rb

@@ -10,18 +10,32 @@ describe CASinoCore::Processor::LoginCredentialRequestor do
         listener.should_receive(:user_not_logged_in).with(kind_of(CASinoCore::Model::LoginTicket))
         processor.process
       end
+
+      context 'with gateway parameter' do
+        context 'with a service' do
+          let(:service) { 'http://example.com/' }
+          let(:params) { { service: service, gateway: 'true' } }
+
+          it 'calls the #user_logged_in method on the listener' do
+            listener.should_receive(:user_logged_in).with(service)
+            processor.process(params)
+          end
+        end
+
+        context 'without a service' do
+          let(:params) { { gateway: 'true' } }
+
+          it 'calls the #user_not_logged_in method on the listener' do
+            listener.should_receive(:user_not_logged_in).with(kind_of(CASinoCore::Model::LoginTicket))
+            processor.process
+          end
+        end
+      end
     end
 
     context 'when logged in' do
-      let(:user_agent) { 'TestBrowser 1.0' }
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-9H6Vx4850i2Ksp3R8hTCwO',
-          username: 'test',
-          extra_attributes: nil,
-          user_agent: user_agent
-        })
-      }
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
       let(:cookies) { { tgt: ticket_granting_ticket.ticket } }
 
       before(:each) do
@@ -64,9 +78,11 @@ describe CASinoCore::Processor::LoginCredentialRequestor do
         end
 
         context 'with a changed browser' do
+          let(:user_agent) { 'FooBar 1.0' }
+
           it 'calls the #user_not_logged_in method on the listener' do
             listener.should_receive(:user_not_logged_in).with(kind_of(CASinoCore::Model::LoginTicket))
-            processor.process(nil, cookies)
+            processor.process(nil, cookies, user_agent)
           end
         end
       end

data/spec/processor/logout_spec.rb

@@ -7,22 +7,15 @@ describe CASinoCore::Processor::Logout do
     let(:cookies) { { tgt: tgt } }
     let(:url) { nil }
     let(:params) { { :url => url } unless url.nil? }
-    let(:user_agent) { 'TestBrowser 1.0' }
 
     before(:each) do
       listener.stub(:user_logged_out)
     end
 
     context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-          username: 'test',
-          extra_attributes: nil,
-          user_agent: user_agent
-        })
-      }
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
       let(:tgt) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
 
       it 'deletes the ticket-granting ticket' do
         processor.process(params, cookies, user_agent)

data/spec/processor/proxy_ticket_provider_spec.rb

@@ -40,16 +40,7 @@ describe CASinoCore::Processor::ProxyTicketProvider do
     end
 
     context 'with a proxy-granting ticket' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-Qu6B5IVQ7RmLc972TruM9u',
-          username: 'test'
-        })
-      }
-      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: 'http://www.example.com/' }
-      let(:proxy_granting_ticket) {
-        service_ticket.proxy_granting_tickets.create! ticket: 'PGT-OIE42ZadV3B9VcaG2xMjAf', iou: 'PGTIOU-PYg4CCPQHNyyS9s6bJF6Rg', pgt_url: 'https://www.example.com/pgtUrl'
-      }
+      let(:proxy_granting_ticket) { FactoryGirl.create :proxy_granting_ticket }
       let(:params_with_valid_pgt) { params.merge(pgt: proxy_granting_ticket.ticket) }
 
       it 'calls the #request_succeeded method on the listener' do

data/spec/processor/proxy_ticket_validator_spec.rb

@@ -7,21 +7,20 @@ describe CASinoCore::Processor::ProxyTicketValidator do
   describe '#process' do
     let(:regex_success) { /\A<cas:serviceResponse.*\n.*authenticationSuccess/ }
 
+    context 'with a login ticket' do
+      let(:login_ticket) { FactoryGirl.create :login_ticket }
+      let(:parameters) { { ticket: login_ticket.ticket, service: 'http://www.example.org/' } }
+
+      it 'calls the #validation_failed method on the listener' do
+        listener.should_receive(:validation_failed)
+        processor.process(parameters)
+      end
+    end
+
     context 'with an unconsumed proxy ticket' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-Qu6B5IVQ7RmLc972TruM9u',
-          username: 'test'
-        })
-      }
-      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: 'http://www.example.com/' }
-      let(:proxy_granting_ticket) {
-        service_ticket.proxy_granting_tickets.create! ticket: 'PGT-OIE42ZadV3B9VcaG2xMjAf', iou: 'PGTIOU-PYg4CCPQHNyyS9s6bJF6Rg', pgt_url: 'https://www.example.com/pgtUrl'
-      }
-      let(:proxy_service) { 'imaps://127.0.0.1:4578/' }
-      let(:proxy_ticket) { proxy_granting_ticket.proxy_tickets.create! ticket: 'PT-8nA7vuxuNY7RcpVoaDvuZi', service: proxy_service }
-      let(:parameters) { { ticket: proxy_ticket.ticket, service: proxy_service } }
-      let(:regex_proxy) { /<cas:proxies>\s*<cas:proxy>https:\/\/www.example.com\/pgtUrl<\/cas:proxy>\s*<\/cas:proxies[>]/ }
+      let(:proxy_ticket) { FactoryGirl.create :proxy_ticket }
+      let(:parameters) { { ticket: proxy_ticket.ticket, service: proxy_ticket.service } }
+      let(:regex_proxy) { /<cas:proxies>\s*<cas:proxy>#{proxy_ticket.proxy_granting_ticket.pgt_url}<\/cas:proxy>\s*<\/cas:proxies>/ }
 
       it 'calls the #validation_succeeded method on the listener' do
         listener.should_receive(:validation_succeeded).with(regex_success)

data/spec/processor/session_destroyer_spec.rb

@@ -4,15 +4,8 @@ describe CASinoCore::Processor::SessionDestroyer do
   describe '#process' do
     let(:listener) { Object.new }
     let(:processor) { described_class.new(listener) }
-    let(:user_agent) { 'TestBrowser 1.0' }
-    let(:owner_ticket_granting_ticket) {
-      CASinoCore::Model::TicketGrantingTicket.create!({
-        ticket: 'TGC-ocCudGzZjJtrvOXJ485mt3',
-        username: 'test',
-        extra_attributes: nil,
-        user_agent: user_agent
-      })
-    }
+    let(:owner_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+    let(:user_agent) { owner_ticket_granting_ticket.user_agent }
     let(:cookies) { { tgt: owner_ticket_granting_ticket.ticket } }
 
     before(:each) do
@@ -21,23 +14,9 @@ describe CASinoCore::Processor::SessionDestroyer do
     end
 
     context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-          username: 'test',
-          extra_attributes: nil,
-          user_agent: user_agent
-        })
-      }
-      let(:service_ticket) {
-        ticket_granting_ticket.service_tickets.create! ticket: 'ST-6NBRr5DAg2NW181H5chaHh', service: 'http://www.example.com'
-      }
-      let(:consumed_service_ticket) {
-        st = ticket_granting_ticket.service_tickets.create! ticket: 'ST-6NBRr5DAg2NW181H5chaHh', service: 'http://www.example.com'
-        st.consumed = true
-        st.save!
-        st
-      }
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+      let(:service_ticket) { FactoryGirl.create :service_ticket, ticket_granting_ticket: ticket_granting_ticket }
+      let(:consumed_service_ticket) { FactoryGirl.create :service_ticket, :consumed, ticket_granting_ticket: ticket_granting_ticket }
       let(:params) { { id: ticket_granting_ticket.id } }
 
       it 'deletes only one ticket-granting ticket' do
@@ -75,14 +54,7 @@ describe CASinoCore::Processor::SessionDestroyer do
     end
 
     context 'when trying to delete ticket-granting ticket of another user' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-          username: 'this_is_another_user',
-          extra_attributes: nil,
-          user_agent: user_agent
-        })
-      }
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, username: 'other_user' }
       let(:params) { { id: ticket_granting_ticket.id } }
 
       it 'does not delete a ticket-granting ticket' do

data/spec/processor/session_overview_spec.rb

@@ -4,15 +4,8 @@ describe CASinoCore::Processor::SessionOverview do
   describe '#process' do
     let(:listener) { Object.new }
     let(:processor) { described_class.new(listener) }
-    let(:user_agent) { 'TestBrowser 1.0' }
-    let(:other_ticket_granting_ticket) {
-      CASinoCore::Model::TicketGrantingTicket.create!({
-        ticket: 'TGC-ocCudGzZjJtrvOXJ485mt3',
-        username: 'test',
-        extra_attributes: nil,
-        user_agent: user_agent
-      })
-    }
+    let(:other_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+    let(:user_agent) { other_ticket_granting_ticket.user_agent }
     let(:cookies) { { tgt: tgt } }
 
     before(:each) do
@@ -22,14 +15,7 @@ describe CASinoCore::Processor::SessionOverview do
     end
 
     context 'with an existing ticket-granting ticket' do
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-          username: 'test',
-          extra_attributes: nil,
-          user_agent: user_agent
-        })
-      }
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
       let(:tgt) { ticket_granting_ticket.ticket }
       it 'calls the #ticket_granting_tickets_found method on the listener' do
         listener.should_receive(:ticket_granting_tickets_found) do |tickets|
@@ -39,6 +25,18 @@ describe CASinoCore::Processor::SessionOverview do
       end
     end
 
+    context 'with a ticket-granting ticket with same username but different authenticator' do
+      let(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, authenticator: 'other' }
+      let(:tgt) { ticket_granting_ticket.ticket }
+
+      it 'calls the #ticket_granting_tickets_found method on the listener' do
+        listener.should_receive(:ticket_granting_tickets_found) do |tickets|
+          tickets.length.should == 1
+        end
+        processor.process(cookies, user_agent)
+      end
+    end
+
     context 'with an invalid ticket-granting ticket' do
       let(:tgt) { 'TGT-lalala' }
       it 'calls the #user_not_logged_in method on the listener' do

data/spec/processor/ticket_validator_spec.rb

@@ -5,19 +5,8 @@ require 'spec_helper'
     describe '#process' do
       let(:listener) { Object.new }
       let(:processor) { described_class.new(listener) }
-      let(:user_agent) { 'TestBrowser 1.0' }
-      let(:ticket_granting_ticket) {
-        CASinoCore::Model::TicketGrantingTicket.create!({
-          ticket: 'TGC-HXdkW233TsRtiqYGq4b8U7',
-          username: 'test',
-          extra_attributes: { name: "Example User", roles: ['User', 'Admin'] },
-          user_agent: user_agent
-        })
-      }
-      let(:service) { 'https://www.example.com/cas-service' }
-      let(:service_ticket) { ticket_granting_ticket.service_tickets.create! ticket: 'ST-2nOcXx56dtPTsB069yYf0h', service: service }
-      let(:parameters) { { service: service, ticket: service_ticket.ticket }}
-
+      let(:service_ticket) { FactoryGirl.create :service_ticket }
+      let(:parameters) { { service: service_ticket.service, ticket: service_ticket.ticket }}
       let(:regex_failure) { /\A\<cas\:serviceResponse.*\n.*authenticationFailure/ }
       let(:regex_success) { /\A\<cas\:serviceResponse.*\n.*authenticationSuccess/ }
 
@@ -26,6 +15,19 @@ require 'spec_helper'
         listener.stub(:validation_succeeded)
       end
 
+      context 'without all required parameters' do
+        [:ticket, :service].each do |missing_parameter|
+          let(:invalid_parameters) { parameters.except(missing_parameter) }
+
+          context "without '#{missing_parameter}'" do
+            it 'calls the #validation_failed method on the listener' do
+              listener.should_receive(:validation_failed).with(regex_failure)
+              processor.process(invalid_parameters)
+            end
+          end
+        end
+      end
+
       context 'with an unconsumed service ticket' do
         context 'without renew flag' do
           it 'consumes the service ticket' do
@@ -43,7 +45,7 @@ require 'spec_helper'
         context 'with empty query values' do
           it 'calls the #validation_succeeded method on the listener' do
             listener.should_receive(:validation_succeeded).with(regex_success)
-            processor.process(parameters.merge(service: "#{service}/?"))
+            processor.process(parameters.merge(service: "#{service_ticket.service}/?"))
           end
         end
 

data/spec/spec_helper.rb

@@ -10,6 +10,11 @@ require 'simplecov'
 # loaded once.
 #
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
 RSpec.configure do |config|
   config.treat_symbols_as_metadata_keys_with_true_values = true
 
@@ -21,6 +26,12 @@ RSpec.configure do |config|
 
   SimpleCov.start do
     add_filter '/spec'
+    base_path = "#{File.dirname(__FILE__)}/../"
+    Dir["#{base_path}lib/casino_core/*.rb"].each do |f|
+      f.gsub!(/\A#{base_path}(.+)\.rb\z/, '\1')
+      name = File.basename(f).humanize.pluralize
+      add_group name, f
+    end
   end
 
   CASinoCore.setup 'test'

data/spec/support/factories/login_ticket_factory.rb

@@ -0,0 +1,16 @@
+require 'factory_girl'
+
+FactoryGirl.define do
+  factory :login_ticket, class: CASinoCore::Model::LoginTicket do
+    sequence :ticket do |n|
+      "LT-ticket#{n}"
+    end
+
+    trait :consumed do
+      consumed true
+    end
+    trait :expired do
+      created_at 601.seconds.ago
+    end
+  end
+end

data/spec/support/factories/proxy_granting_ticket_factory.rb

@@ -0,0 +1,16 @@
+require 'factory_girl'
+
+FactoryGirl.define do
+  factory :proxy_granting_ticket, class: CASinoCore::Model::ProxyGrantingTicket do
+    association :granter, factory: :service_ticket
+    sequence :ticket do |n|
+      "PGT-ticket#{n}"
+    end
+    sequence :iou do |n|
+      "PGTIOU-ticket#{n}"
+    end
+    sequence :pgt_url do |n|
+      "https://www#{n}.example.org/pgtUrl"
+    end
+  end
+end

data/spec/support/factories/proxy_ticket_factory.rb

@@ -0,0 +1,17 @@
+require 'factory_girl'
+
+FactoryGirl.define do
+  factory :proxy_ticket, class: CASinoCore::Model::ProxyTicket do
+    proxy_granting_ticket
+    sequence :ticket do |n|
+      "PT-ticket#{n}"
+    end
+    sequence :service do |n|
+      "imaps://mail#{n}.example.org/"
+    end
+
+    trait :consumed do
+      consumed true
+    end
+  end
+end

data/spec/support/factories/service_ticket_factory.rb

@@ -0,0 +1,17 @@
+require 'factory_girl'
+
+FactoryGirl.define do
+  factory :service_ticket, class: CASinoCore::Model::ServiceTicket do
+    ticket_granting_ticket
+    sequence :ticket do |n|
+      "ST-ticket#{n}"
+    end
+    sequence :service do |n|
+      "http://www#{n}.example.org/"
+    end
+
+    trait :consumed do
+      consumed true
+    end
+  end
+end

data/spec/support/factories/ticket_granting_ticket_factory.rb

@@ -0,0 +1,13 @@
+require 'factory_girl'
+
+FactoryGirl.define do
+  factory :ticket_granting_ticket, class: CASinoCore::Model::TicketGrantingTicket do
+    sequence :ticket do |n|
+      "TGC-ticket#{n}"
+    end
+    authenticator 'test'
+    username 'test'
+    extra_attributes({ fullname: "Test User", age: 15, roles: [:user] })
+    user_agent 'TestBrowser 1.0'
+  end
+end

metadata

@@ -2,7 +2,7 @@
 name: casino_core
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors: 
 - Nils Caspar
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-12-29 00:00:00 Z
+date: 2012-12-30 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: activerecord
@@ -155,6 +155,17 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: *id013
+- !ruby/object:Gem::Dependency 
+  name: factory_girl
+  requirement: &id014 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 4.1.0
+  type: :development
+  prerelease: false
+  version_requirements: *id014
 description: A CAS server core library.
 email: ncaspar@me.com
 executables: []
@@ -196,6 +207,7 @@ files:
 - db/migrate/20121225231713_no_default_granter_type.rb
 - db/migrate/20121226192211_fix_index_for_granter_on_proxy_granting_ticket.rb
 - db/migrate/20121226211511_allow_service_tickets_without_ticket_granting_ticket.rb
+- db/migrate/20121231114141_add_authenticator_to_ticket_granting_tickets.rb
 - db/schema.rb
 - lib/casino_core.rb
 - lib/casino_core/authenticator.rb
@@ -250,6 +262,11 @@ files:
 - spec/processor/session_overview_spec.rb
 - spec/processor/ticket_validator_spec.rb
 - spec/spec_helper.rb
+- spec/support/factories/login_ticket_factory.rb
+- spec/support/factories/proxy_granting_ticket_factory.rb
+- spec/support/factories/proxy_ticket_factory.rb
+- spec/support/factories/service_ticket_factory.rb
+- spec/support/factories/ticket_granting_ticket_factory.rb
 homepage: http://github.com/pencil/CASinoCore
 licenses: 
 - MIT
@@ -263,7 +280,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 1358580775161495326
+      hash: -1912000289096139821
       segments: 
       - 0
       version: "0"