casino_core 1.3.0 → 1.3.1

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    casino_core (1.3.0)
+    casino_core (1.3.1)
       activerecord (~> 3.2.9)
       addressable (~> 2.3)
       faraday (~> 0.8)
@@ -12,15 +12,15 @@ PATH
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.2.11)
-      activesupport (= 3.2.11)
+    activemodel (3.2.12)
+      activesupport (= 3.2.12)
       builder (~> 3.0.0)
-    activerecord (3.2.11)
-      activemodel (= 3.2.11)
-      activesupport (= 3.2.11)
+    activerecord (3.2.12)
+      activemodel (= 3.2.12)
+      activesupport (= 3.2.12)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activesupport (3.2.11)
+    activesupport (3.2.12)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     addressable (2.3.2)
@@ -34,7 +34,7 @@ GEM
     faraday (0.8.5)
       multipart-post (~> 1.1)
     i18n (0.6.1)
-    multi_json (1.5.0)
+    multi_json (1.6.1)
     multipart-post (1.1.5)
     nokogiri (1.5.6)
     rake (10.0.3)
@@ -58,7 +58,7 @@ GEM
     webmock (1.9.0)
       addressable (>= 2.2.7)
       crack (>= 0.1.7)
-    yard (0.8.3)
+    yard (0.8.4.1)
 
 PLATFORMS
   ruby

data/lib/casino_core/helper/ticket_granting_tickets.rb

@@ -9,8 +9,15 @@ module CASinoCore
 
       def find_valid_ticket_granting_ticket(tgt, user_agent, ignore_two_factor = false)
         ticket_granting_ticket = CASinoCore::Model::TicketGrantingTicket.where(ticket: tgt).first
-        unless ticket_granting_ticket.nil? || (!ignore_two_factor && ticket_granting_ticket.awaiting_two_factor_authentication?)
-          if same_browser?(ticket_granting_ticket.user_agent, user_agent)
+        unless ticket_granting_ticket.nil?
+          if ticket_granting_ticket.expired?
+            logger.info "Ticket-granting ticket expired (Created: #{ticket_granting_ticket.created_at})"
+            ticket_granting_ticket.destroy
+            nil
+          elsif !ignore_two_factor && ticket_granting_ticket.awaiting_two_factor_authentication?
+            logger.info 'Ticket-granting ticket is valid, but two-factor authentication is pending'
+            nil
+          elsif same_browser?(ticket_granting_ticket.user_agent, user_agent)
             ticket_granting_ticket.user_agent = user_agent
             ticket_granting_ticket.touch
             ticket_granting_ticket.save!

data/lib/casino_core/model/ticket_granting_ticket.rb

@@ -10,6 +10,10 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
   before_destroy :destroy_service_tickets
   after_destroy :destroy_proxy_granting_tickets
 
+  def self.cleanup
+    self.destroy_all(['created_at < ?', CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago])
+  end
+
   def browser_info
     unless self.user_agent.blank?
       user_agent = UserAgent.parse(self.user_agent)
@@ -29,6 +33,11 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
     end
   end
 
+  def expired?
+    lifetime = CASinoCore::Settings.ticket_granting_ticket[:lifetime]
+    (Time.now - (self.created_at || Time.now)) > lifetime
+  end
+
   private
   def destroy_service_tickets
     self.service_tickets.each do |service_ticket|

data/lib/casino_core/settings.rb

@@ -3,11 +3,14 @@ require 'casino_core/authenticator'
 module CASinoCore
   class Settings
     class << self
-      attr_accessor :login_ticket, :service_ticket, :proxy_ticket, :two_factor_authenticator, :authenticators, :logger
+      attr_accessor :login_ticket, :ticket_granting_ticket, :service_ticket, :proxy_ticket, :two_factor_authenticator, :authenticators, :logger
       DEFAULT_SETTINGS = {
         login_ticket: {
           lifetime: 600
         },
+        ticket_granting_ticket: {
+          lifetime: 86400
+        },
         service_ticket: {
           lifetime_unconsumed: 300,
           lifetime_consumed: 86400

data/lib/casino_core/tasks/cleanup.rake

@@ -35,8 +35,14 @@ namespace :casino_core do
       puts "Deleted #{rows_affected} inactive two-factor authenticators."
     end
 
+    desc 'Remove expired ticket-granting tickets.'
+    task ticket_granting_tickets: 'casino_core:db:configure_connection' do
+      rows_affected = CASinoCore::Model::TicketGrantingTicket.cleanup.length
+      puts "Deleted #{rows_affected} ticket-granting tickets."
+    end
+
     desc 'Perform all cleanup tasks.'
-    task all: [:service_tickets, :proxy_tickets, :login_tickets, :two_factor_authenticators] do
+    task all: [:ticket_granting_tickets, :service_tickets, :proxy_tickets, :login_tickets, :two_factor_authenticators] do
     end
   end
 end

data/lib/casino_core/version.rb

@@ -1,3 +1,3 @@
 module CASinoCore
-  VERSION = '1.3.0'
+  VERSION = '1.3.1'
 end

data/spec/model/ticket_granting_ticket_spec.rb

@@ -80,4 +80,36 @@ describe CASinoCore::Model::TicketGrantingTicket do
       end
     end
   end
+
+  describe '#expired?' do
+    context 'with an expired ticket' do
+      before(:each) do
+        ticket_granting_ticket.created_at = 25.hours.ago
+        ticket_granting_ticket.save!
+      end
+
+      it 'returns true' do
+        ticket_granting_ticket.expired?.should == true
+      end
+    end
+
+    context 'with an unexpired ticket' do
+      it 'returns false' do
+        ticket_granting_ticket.expired?.should == false
+      end
+    end
+  end
+
+  describe '.cleanup' do
+    let!(:other_ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket }
+
+    it 'deletes expired ticket-granting tickets' do
+      ticket_granting_ticket.created_at = 25.hours.ago
+      ticket_granting_ticket.save!
+      lambda do
+        described_class.cleanup
+      end.should change(described_class, :count).by(-1)
+      described_class.find_by_ticket(ticket_granting_ticket.ticket).should be_false
+    end
+  end
 end

data/spec/processor/login_credential_requestor_spec.rb

@@ -64,6 +64,18 @@ describe CASinoCore::Processor::LoginCredentialRequestor do
         end
       end
 
+      context 'when ticket-granting ticket expired' do
+        before(:each) do
+          ticket_granting_ticket.created_at = 25.hours.ago
+          ticket_granting_ticket.save!
+        end
+
+        it 'calls the #user_not_logged_in method on the listener' do
+          listener.should_receive(:user_not_logged_in).with(kind_of(CASinoCore::Model::LoginTicket))
+          processor.process(nil, cookies, user_agent)
+        end
+      end
+
       context 'with a service' do
         let(:service) { 'http://example.com/' }
         let(:params) { { service: service } }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino_core
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
   prerelease: 
 platform: ruby
 authors:
@@ -36,7 +36,7 @@ cert_chain:
   b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
   MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
   eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-date: 2013-02-08 00:00:00.000000000 Z
+date: 2013-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -431,7 +431,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1075447066647602137
+      hash: 4202762284368637569
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -440,7 +440,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1075447066647602137
+      hash: 4202762284368637569
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24

metadata.gz.sig

@@ -1 +1,3 @@
-���þ�i�cʞ|�⦏m4��~����V��o\�d��9�3�2ҹ�ǰd@�(yy�謵��[�k�����!u�"��L(�+�z�\���	���r�)���l�N�ߌ{c�+�����S7����z�}'��o ���R���ħl�̆���������[jq���'F`��7q�m���p�R�l-�:XB²B��%k��T&�Bᣔ#�__�k�Yf�_�]*M�]m
k��Q�B
+��p\T5|��s�SE�*
+_f���O���}!#��� �T�.�re8e5�ȄZ�Z��.��{���R��+�\��/�P�p}7��ܫ�j\�s�"��ܟ�[S����]�:���„~!$�|&��NƠ�\X��չl!za�����Ӷw�F�Ux�=
+V��U���x��f����Y+������
;&���Y��9�E>ߔ��f<�.�H�62d�)���۠�]�x3������/�3tJղfBۅSq	&