casino_core 1.3.4 → 1.3.5
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/.gitignore +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +14 -2
- data/casino_core.gemspec +6 -2
- data/lib/casino_core.rb +0 -1
- data/lib/casino_core/helper/ticket_granting_tickets.rb +7 -0
- data/lib/casino_core/processor.rb +1 -0
- data/lib/casino_core/processor/other_sessions_destroyer.rb +30 -0
- data/lib/casino_core/version.rb +1 -1
- data/spec/processor/logout_other_sessions_spec.rb +53 -0
- data/spec/spec_helper.rb +5 -0
- metadata +21 -2
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
source
|
1
|
+
source 'https://rubygems.org'
|
2
2
|
gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
casino_core (1.3.
|
4
|
+
casino_core (1.3.5)
|
5
5
|
activerecord (~> 3.2.9)
|
6
6
|
addressable (~> 2.3)
|
7
7
|
faraday (~> 0.8)
|
@@ -10,7 +10,7 @@ PATH
|
|
10
10
|
useragent (~> 0.4)
|
11
11
|
|
12
12
|
GEM
|
13
|
-
remote:
|
13
|
+
remote: https://rubygems.org/
|
14
14
|
specs:
|
15
15
|
activemodel (3.2.12)
|
16
16
|
activesupport (= 3.2.12)
|
@@ -26,6 +26,13 @@ GEM
|
|
26
26
|
addressable (2.3.2)
|
27
27
|
arel (3.0.2)
|
28
28
|
builder (3.0.4)
|
29
|
+
colorize (0.5.8)
|
30
|
+
coveralls (0.6.2)
|
31
|
+
colorize
|
32
|
+
multi_json (~> 1.3)
|
33
|
+
rest-client
|
34
|
+
simplecov (>= 0.7)
|
35
|
+
thor
|
29
36
|
crack (0.3.2)
|
30
37
|
database_cleaner (0.9.1)
|
31
38
|
diff-lcs (1.1.3)
|
@@ -34,10 +41,13 @@ GEM
|
|
34
41
|
faraday (0.8.5)
|
35
42
|
multipart-post (~> 1.1)
|
36
43
|
i18n (0.6.1)
|
44
|
+
mime-types (1.21)
|
37
45
|
multi_json (1.6.1)
|
38
46
|
multipart-post (1.1.5)
|
39
47
|
nokogiri (1.5.6)
|
40
48
|
rake (10.0.3)
|
49
|
+
rest-client (1.6.7)
|
50
|
+
mime-types (>= 1.16)
|
41
51
|
rotp (1.4.1)
|
42
52
|
rspec (2.12.0)
|
43
53
|
rspec-core (~> 2.12.0)
|
@@ -53,6 +63,7 @@ GEM
|
|
53
63
|
simplecov-html (0.7.1)
|
54
64
|
sqlite3 (1.3.7)
|
55
65
|
terminal-table (1.4.5)
|
66
|
+
thor (0.17.0)
|
56
67
|
tzinfo (0.3.35)
|
57
68
|
useragent (0.4.16)
|
58
69
|
webmock (1.9.0)
|
@@ -65,6 +76,7 @@ PLATFORMS
|
|
65
76
|
|
66
77
|
DEPENDENCIES
|
67
78
|
casino_core!
|
79
|
+
coveralls
|
68
80
|
database_cleaner (~> 0.9)
|
69
81
|
factory_girl (~> 4.1)
|
70
82
|
nokogiri (~> 1.5)
|
data/casino_core.gemspec
CHANGED
@@ -17,8 +17,11 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
18
18
|
s.require_paths = ['lib']
|
19
19
|
|
20
|
-
|
21
|
-
|
20
|
+
sign_file = File.expand_path '~/.gem/casino-private_key.pem'
|
21
|
+
if File.exist?(sign_file)
|
22
|
+
s.signing_key = sign_file
|
23
|
+
s.cert_chain = ['casino-public_cert.pem']
|
24
|
+
end
|
22
25
|
|
23
26
|
s.add_development_dependency 'rake', '~> 10.0'
|
24
27
|
s.add_development_dependency 'rspec', '~> 2.12'
|
@@ -29,6 +32,7 @@ Gem::Specification.new do |s|
|
|
29
32
|
s.add_development_dependency 'nokogiri', '~> 1.5'
|
30
33
|
s.add_development_dependency 'factory_girl', '~> 4.1'
|
31
34
|
s.add_development_dependency 'yard', '~> 0.8'
|
35
|
+
s.add_development_dependency 'coveralls'
|
32
36
|
|
33
37
|
s.add_runtime_dependency 'activerecord', '~> 3.2.9'
|
34
38
|
s.add_runtime_dependency 'addressable', '~> 2.3'
|
data/lib/casino_core.rb
CHANGED
@@ -16,7 +16,6 @@ module CASinoCore
|
|
16
16
|
root_path = options[:application_root] || '.'
|
17
17
|
require 'active_record'
|
18
18
|
require 'yaml'
|
19
|
-
YAML::ENGINE.yamler = 'syck'
|
20
19
|
ActiveRecord::Base.establish_connection YAML.load_file(File.join(root_path, 'config/database.yml'))[@environment]
|
21
20
|
|
22
21
|
config = YAML.load_file(File.join(root_path, 'config/cas.yml'))[@environment].symbolize_keys
|
@@ -32,6 +32,7 @@ module CASinoCore
|
|
32
32
|
def acquire_ticket_granting_ticket(authentication_result, user_agent = nil)
|
33
33
|
user_data = authentication_result[:user_data]
|
34
34
|
user = load_or_initialize_user(authentication_result[:authenticator], user_data[:username], user_data[:extra_attributes])
|
35
|
+
cleanup_expired_ticket_granting_tickets(user)
|
35
36
|
user.ticket_granting_tickets.create!({
|
36
37
|
ticket: random_ticket_string('TGC'),
|
37
38
|
awaiting_two_factor_authentication: !user.active_two_factor_authenticator.nil?,
|
@@ -55,6 +56,12 @@ module CASinoCore
|
|
55
56
|
end
|
56
57
|
end
|
57
58
|
|
59
|
+
def cleanup_expired_ticket_granting_tickets(user)
|
60
|
+
user.ticket_granting_tickets.where(['created_at < ?', CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago]).destroy_all.tap do |destroyed|
|
61
|
+
logger.info "Destroyed #{destroyed.length} expired ticket-granting tickets"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
58
65
|
end
|
59
66
|
end
|
60
67
|
end
|
@@ -6,6 +6,7 @@ module CASinoCore
|
|
6
6
|
autoload :LoginCredentialAcceptor, 'casino_core/processor/login_credential_acceptor.rb'
|
7
7
|
autoload :LoginCredentialRequestor, 'casino_core/processor/login_credential_requestor.rb'
|
8
8
|
autoload :Logout, 'casino_core/processor/logout.rb'
|
9
|
+
autoload :OtherSessionsDestroyer, 'casino_core/processor/other_sessions_destroyer.rb'
|
9
10
|
autoload :ProxyTicketProvider, 'casino_core/processor/proxy_ticket_provider.rb'
|
10
11
|
autoload :ProxyTicketValidator, 'casino_core/processor/proxy_ticket_validator.rb'
|
11
12
|
autoload :SecondFactorAuthenticationAcceptor, 'casino_core/processor/second_factor_authentication_acceptor.rb'
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'casino_core/processor'
|
2
|
+
require 'casino_core/helper'
|
3
|
+
require 'casino_core/model'
|
4
|
+
|
5
|
+
# The OtherSessionsDestroyer processor should be used to process GET requests to /destroy-other-sessions.
|
6
|
+
#
|
7
|
+
# It is usefule to redirect users to this action after a password change.
|
8
|
+
#
|
9
|
+
# This feature is not described in the CAS specification so it's completly optional
|
10
|
+
# to implement this on the web application side.
|
11
|
+
class CASinoCore::Processor::OtherSessionsDestroyer < CASinoCore::Processor
|
12
|
+
include CASinoCore::Helper::TicketGrantingTickets
|
13
|
+
|
14
|
+
# This method will call `#other_sessions_destroyed` and may supply an URL that should be presented to the user.
|
15
|
+
# The user should be redirected to this URL immediately.
|
16
|
+
#
|
17
|
+
# @param [Hash] params parameters supplied by user
|
18
|
+
# @param [Hash] cookies cookies supplied by user
|
19
|
+
# @param [String] user_agent user-agent delivered by the client
|
20
|
+
def process(params = nil, cookies = nil, user_agent = nil)
|
21
|
+
params ||= {}
|
22
|
+
cookies ||= {}
|
23
|
+
tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
|
24
|
+
unless tgt.nil?
|
25
|
+
other_ticket_granting_tickets = tgt.user.ticket_granting_tickets.where('id != ?', tgt.id)
|
26
|
+
other_ticket_granting_tickets.destroy_all
|
27
|
+
end
|
28
|
+
@listener.other_sessions_destroyed(params[:service])
|
29
|
+
end
|
30
|
+
end
|
data/lib/casino_core/version.rb
CHANGED
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe CASinoCore::Processor::OtherSessionsDestroyer do
|
4
|
+
describe '#process' do
|
5
|
+
let(:listener) { Object.new }
|
6
|
+
let(:processor) { described_class.new(listener) }
|
7
|
+
let(:cookies) { { tgt: tgt } }
|
8
|
+
let(:url) { nil }
|
9
|
+
let(:params) { { :service => url } unless url.nil? }
|
10
|
+
|
11
|
+
before(:each) do
|
12
|
+
listener.stub(:other_sessions_destroyed)
|
13
|
+
end
|
14
|
+
|
15
|
+
context 'with an existing ticket-granting ticket' do
|
16
|
+
let(:user) { FactoryGirl.create :user }
|
17
|
+
let!(:other_users_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3 }
|
18
|
+
let!(:other_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3, user: user }
|
19
|
+
let!(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, user: user }
|
20
|
+
let(:tgt) { ticket_granting_ticket.ticket }
|
21
|
+
let(:user_agent) { ticket_granting_ticket.user_agent }
|
22
|
+
|
23
|
+
it 'deletes all other ticket-granting tickets' do
|
24
|
+
lambda do
|
25
|
+
processor.process(params, cookies, user_agent)
|
26
|
+
end.should change(CASinoCore::Model::TicketGrantingTicket, :count).by(-3)
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'calls the #user_logged_out method on the listener' do
|
30
|
+
listener.should_receive(:other_sessions_destroyed).with(nil)
|
31
|
+
processor.process(params, cookies, user_agent)
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'with an URL' do
|
35
|
+
let(:url) { 'http://www.example.com' }
|
36
|
+
|
37
|
+
it 'calls the #user_logged_out method on the listener and passes the URL' do
|
38
|
+
listener.should_receive(:other_sessions_destroyed).with(url)
|
39
|
+
processor.process(params, cookies, user_agent)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context 'with an invlaid ticket-granting ticket' do
|
45
|
+
let(:tgt) { 'TGT-lalala' }
|
46
|
+
|
47
|
+
it 'calls the #other_sessions_destroyed method on the listener' do
|
48
|
+
listener.should_receive(:other_sessions_destroyed).with(nil)
|
49
|
+
processor.process(params, cookies)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'active_support/core_ext'
|
2
2
|
require 'simplecov'
|
3
|
+
require 'coveralls'
|
3
4
|
|
5
|
+
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
4
6
|
SimpleCov.start do
|
5
7
|
add_filter '/spec'
|
6
8
|
base_path = "#{File.dirname(__FILE__)}/../"
|
@@ -11,6 +13,9 @@ SimpleCov.start do
|
|
11
13
|
end
|
12
14
|
end
|
13
15
|
|
16
|
+
require 'coveralls'
|
17
|
+
Coveralls.wear!
|
18
|
+
|
14
19
|
require 'database_cleaner'
|
15
20
|
require 'logger'
|
16
21
|
require 'webmock/rspec'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casino_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
36
36
|
b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
|
37
37
|
MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
|
38
38
|
eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
39
|
-
date: 2013-
|
39
|
+
date: 2013-03-19 00:00:00.000000000 Z
|
40
40
|
dependencies:
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
@@ -182,6 +182,22 @@ dependencies:
|
|
182
182
|
- - ~>
|
183
183
|
- !ruby/object:Gem::Version
|
184
184
|
version: '0.8'
|
185
|
+
- !ruby/object:Gem::Dependency
|
186
|
+
name: coveralls
|
187
|
+
requirement: !ruby/object:Gem::Requirement
|
188
|
+
none: false
|
189
|
+
requirements:
|
190
|
+
- - ! '>='
|
191
|
+
- !ruby/object:Gem::Version
|
192
|
+
version: '0'
|
193
|
+
type: :development
|
194
|
+
prerelease: false
|
195
|
+
version_requirements: !ruby/object:Gem::Requirement
|
196
|
+
none: false
|
197
|
+
requirements:
|
198
|
+
- - ! '>='
|
199
|
+
- !ruby/object:Gem::Version
|
200
|
+
version: '0'
|
185
201
|
- !ruby/object:Gem::Dependency
|
186
202
|
name: activerecord
|
187
203
|
requirement: !ruby/object:Gem::Requirement
|
@@ -363,6 +379,7 @@ files:
|
|
363
379
|
- lib/casino_core/processor/login_credential_acceptor.rb
|
364
380
|
- lib/casino_core/processor/login_credential_requestor.rb
|
365
381
|
- lib/casino_core/processor/logout.rb
|
382
|
+
- lib/casino_core/processor/other_sessions_destroyer.rb
|
366
383
|
- lib/casino_core/processor/proxy_ticket_provider.rb
|
367
384
|
- lib/casino_core/processor/proxy_ticket_validator.rb
|
368
385
|
- lib/casino_core/processor/second_factor_authentication_acceptor.rb
|
@@ -395,6 +412,7 @@ files:
|
|
395
412
|
- spec/processor/legacy_validator_spec.rb
|
396
413
|
- spec/processor/login_credential_acceptor_spec.rb
|
397
414
|
- spec/processor/login_credential_requestor_spec.rb
|
415
|
+
- spec/processor/logout_other_sessions_spec.rb
|
398
416
|
- spec/processor/logout_spec.rb
|
399
417
|
- spec/processor/proxy_ticket_provider_spec.rb
|
400
418
|
- spec/processor/proxy_ticket_validator_spec.rb
|
@@ -457,6 +475,7 @@ test_files:
|
|
457
475
|
- spec/processor/legacy_validator_spec.rb
|
458
476
|
- spec/processor/login_credential_acceptor_spec.rb
|
459
477
|
- spec/processor/login_credential_requestor_spec.rb
|
478
|
+
- spec/processor/logout_other_sessions_spec.rb
|
460
479
|
- spec/processor/logout_spec.rb
|
461
480
|
- spec/processor/proxy_ticket_provider_spec.rb
|
462
481
|
- spec/processor/proxy_ticket_validator_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|