casino_core 1.3.4 → 1.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +0 -0
- data/.gitignore +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +14 -2
- data/casino_core.gemspec +6 -2
- data/lib/casino_core.rb +0 -1
- data/lib/casino_core/helper/ticket_granting_tickets.rb +7 -0
- data/lib/casino_core/processor.rb +1 -0
- data/lib/casino_core/processor/other_sessions_destroyer.rb +30 -0
- data/lib/casino_core/version.rb +1 -1
- data/spec/processor/logout_other_sessions_spec.rb +53 -0
- data/spec/spec_helper.rb +5 -0
- metadata +21 -2
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
|
Binary file
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
source
|
|
1
|
+
source 'https://rubygems.org'
|
|
2
2
|
gemspec
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
casino_core (1.3.
|
|
4
|
+
casino_core (1.3.5)
|
|
5
5
|
activerecord (~> 3.2.9)
|
|
6
6
|
addressable (~> 2.3)
|
|
7
7
|
faraday (~> 0.8)
|
|
@@ -10,7 +10,7 @@ PATH
|
|
|
10
10
|
useragent (~> 0.4)
|
|
11
11
|
|
|
12
12
|
GEM
|
|
13
|
-
remote:
|
|
13
|
+
remote: https://rubygems.org/
|
|
14
14
|
specs:
|
|
15
15
|
activemodel (3.2.12)
|
|
16
16
|
activesupport (= 3.2.12)
|
|
@@ -26,6 +26,13 @@ GEM
|
|
|
26
26
|
addressable (2.3.2)
|
|
27
27
|
arel (3.0.2)
|
|
28
28
|
builder (3.0.4)
|
|
29
|
+
colorize (0.5.8)
|
|
30
|
+
coveralls (0.6.2)
|
|
31
|
+
colorize
|
|
32
|
+
multi_json (~> 1.3)
|
|
33
|
+
rest-client
|
|
34
|
+
simplecov (>= 0.7)
|
|
35
|
+
thor
|
|
29
36
|
crack (0.3.2)
|
|
30
37
|
database_cleaner (0.9.1)
|
|
31
38
|
diff-lcs (1.1.3)
|
|
@@ -34,10 +41,13 @@ GEM
|
|
|
34
41
|
faraday (0.8.5)
|
|
35
42
|
multipart-post (~> 1.1)
|
|
36
43
|
i18n (0.6.1)
|
|
44
|
+
mime-types (1.21)
|
|
37
45
|
multi_json (1.6.1)
|
|
38
46
|
multipart-post (1.1.5)
|
|
39
47
|
nokogiri (1.5.6)
|
|
40
48
|
rake (10.0.3)
|
|
49
|
+
rest-client (1.6.7)
|
|
50
|
+
mime-types (>= 1.16)
|
|
41
51
|
rotp (1.4.1)
|
|
42
52
|
rspec (2.12.0)
|
|
43
53
|
rspec-core (~> 2.12.0)
|
|
@@ -53,6 +63,7 @@ GEM
|
|
|
53
63
|
simplecov-html (0.7.1)
|
|
54
64
|
sqlite3 (1.3.7)
|
|
55
65
|
terminal-table (1.4.5)
|
|
66
|
+
thor (0.17.0)
|
|
56
67
|
tzinfo (0.3.35)
|
|
57
68
|
useragent (0.4.16)
|
|
58
69
|
webmock (1.9.0)
|
|
@@ -65,6 +76,7 @@ PLATFORMS
|
|
|
65
76
|
|
|
66
77
|
DEPENDENCIES
|
|
67
78
|
casino_core!
|
|
79
|
+
coveralls
|
|
68
80
|
database_cleaner (~> 0.9)
|
|
69
81
|
factory_girl (~> 4.1)
|
|
70
82
|
nokogiri (~> 1.5)
|
data/casino_core.gemspec
CHANGED
|
@@ -17,8 +17,11 @@ Gem::Specification.new do |s|
|
|
|
17
17
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
|
18
18
|
s.require_paths = ['lib']
|
|
19
19
|
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
sign_file = File.expand_path '~/.gem/casino-private_key.pem'
|
|
21
|
+
if File.exist?(sign_file)
|
|
22
|
+
s.signing_key = sign_file
|
|
23
|
+
s.cert_chain = ['casino-public_cert.pem']
|
|
24
|
+
end
|
|
22
25
|
|
|
23
26
|
s.add_development_dependency 'rake', '~> 10.0'
|
|
24
27
|
s.add_development_dependency 'rspec', '~> 2.12'
|
|
@@ -29,6 +32,7 @@ Gem::Specification.new do |s|
|
|
|
29
32
|
s.add_development_dependency 'nokogiri', '~> 1.5'
|
|
30
33
|
s.add_development_dependency 'factory_girl', '~> 4.1'
|
|
31
34
|
s.add_development_dependency 'yard', '~> 0.8'
|
|
35
|
+
s.add_development_dependency 'coveralls'
|
|
32
36
|
|
|
33
37
|
s.add_runtime_dependency 'activerecord', '~> 3.2.9'
|
|
34
38
|
s.add_runtime_dependency 'addressable', '~> 2.3'
|
data/lib/casino_core.rb
CHANGED
|
@@ -16,7 +16,6 @@ module CASinoCore
|
|
|
16
16
|
root_path = options[:application_root] || '.'
|
|
17
17
|
require 'active_record'
|
|
18
18
|
require 'yaml'
|
|
19
|
-
YAML::ENGINE.yamler = 'syck'
|
|
20
19
|
ActiveRecord::Base.establish_connection YAML.load_file(File.join(root_path, 'config/database.yml'))[@environment]
|
|
21
20
|
|
|
22
21
|
config = YAML.load_file(File.join(root_path, 'config/cas.yml'))[@environment].symbolize_keys
|
|
@@ -32,6 +32,7 @@ module CASinoCore
|
|
|
32
32
|
def acquire_ticket_granting_ticket(authentication_result, user_agent = nil)
|
|
33
33
|
user_data = authentication_result[:user_data]
|
|
34
34
|
user = load_or_initialize_user(authentication_result[:authenticator], user_data[:username], user_data[:extra_attributes])
|
|
35
|
+
cleanup_expired_ticket_granting_tickets(user)
|
|
35
36
|
user.ticket_granting_tickets.create!({
|
|
36
37
|
ticket: random_ticket_string('TGC'),
|
|
37
38
|
awaiting_two_factor_authentication: !user.active_two_factor_authenticator.nil?,
|
|
@@ -55,6 +56,12 @@ module CASinoCore
|
|
|
55
56
|
end
|
|
56
57
|
end
|
|
57
58
|
|
|
59
|
+
def cleanup_expired_ticket_granting_tickets(user)
|
|
60
|
+
user.ticket_granting_tickets.where(['created_at < ?', CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago]).destroy_all.tap do |destroyed|
|
|
61
|
+
logger.info "Destroyed #{destroyed.length} expired ticket-granting tickets"
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
58
65
|
end
|
|
59
66
|
end
|
|
60
67
|
end
|
|
@@ -6,6 +6,7 @@ module CASinoCore
|
|
|
6
6
|
autoload :LoginCredentialAcceptor, 'casino_core/processor/login_credential_acceptor.rb'
|
|
7
7
|
autoload :LoginCredentialRequestor, 'casino_core/processor/login_credential_requestor.rb'
|
|
8
8
|
autoload :Logout, 'casino_core/processor/logout.rb'
|
|
9
|
+
autoload :OtherSessionsDestroyer, 'casino_core/processor/other_sessions_destroyer.rb'
|
|
9
10
|
autoload :ProxyTicketProvider, 'casino_core/processor/proxy_ticket_provider.rb'
|
|
10
11
|
autoload :ProxyTicketValidator, 'casino_core/processor/proxy_ticket_validator.rb'
|
|
11
12
|
autoload :SecondFactorAuthenticationAcceptor, 'casino_core/processor/second_factor_authentication_acceptor.rb'
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
require 'casino_core/processor'
|
|
2
|
+
require 'casino_core/helper'
|
|
3
|
+
require 'casino_core/model'
|
|
4
|
+
|
|
5
|
+
# The OtherSessionsDestroyer processor should be used to process GET requests to /destroy-other-sessions.
|
|
6
|
+
#
|
|
7
|
+
# It is usefule to redirect users to this action after a password change.
|
|
8
|
+
#
|
|
9
|
+
# This feature is not described in the CAS specification so it's completly optional
|
|
10
|
+
# to implement this on the web application side.
|
|
11
|
+
class CASinoCore::Processor::OtherSessionsDestroyer < CASinoCore::Processor
|
|
12
|
+
include CASinoCore::Helper::TicketGrantingTickets
|
|
13
|
+
|
|
14
|
+
# This method will call `#other_sessions_destroyed` and may supply an URL that should be presented to the user.
|
|
15
|
+
# The user should be redirected to this URL immediately.
|
|
16
|
+
#
|
|
17
|
+
# @param [Hash] params parameters supplied by user
|
|
18
|
+
# @param [Hash] cookies cookies supplied by user
|
|
19
|
+
# @param [String] user_agent user-agent delivered by the client
|
|
20
|
+
def process(params = nil, cookies = nil, user_agent = nil)
|
|
21
|
+
params ||= {}
|
|
22
|
+
cookies ||= {}
|
|
23
|
+
tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
|
|
24
|
+
unless tgt.nil?
|
|
25
|
+
other_ticket_granting_tickets = tgt.user.ticket_granting_tickets.where('id != ?', tgt.id)
|
|
26
|
+
other_ticket_granting_tickets.destroy_all
|
|
27
|
+
end
|
|
28
|
+
@listener.other_sessions_destroyed(params[:service])
|
|
29
|
+
end
|
|
30
|
+
end
|
data/lib/casino_core/version.rb
CHANGED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe CASinoCore::Processor::OtherSessionsDestroyer do
|
|
4
|
+
describe '#process' do
|
|
5
|
+
let(:listener) { Object.new }
|
|
6
|
+
let(:processor) { described_class.new(listener) }
|
|
7
|
+
let(:cookies) { { tgt: tgt } }
|
|
8
|
+
let(:url) { nil }
|
|
9
|
+
let(:params) { { :service => url } unless url.nil? }
|
|
10
|
+
|
|
11
|
+
before(:each) do
|
|
12
|
+
listener.stub(:other_sessions_destroyed)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
context 'with an existing ticket-granting ticket' do
|
|
16
|
+
let(:user) { FactoryGirl.create :user }
|
|
17
|
+
let!(:other_users_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3 }
|
|
18
|
+
let!(:other_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3, user: user }
|
|
19
|
+
let!(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, user: user }
|
|
20
|
+
let(:tgt) { ticket_granting_ticket.ticket }
|
|
21
|
+
let(:user_agent) { ticket_granting_ticket.user_agent }
|
|
22
|
+
|
|
23
|
+
it 'deletes all other ticket-granting tickets' do
|
|
24
|
+
lambda do
|
|
25
|
+
processor.process(params, cookies, user_agent)
|
|
26
|
+
end.should change(CASinoCore::Model::TicketGrantingTicket, :count).by(-3)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
it 'calls the #user_logged_out method on the listener' do
|
|
30
|
+
listener.should_receive(:other_sessions_destroyed).with(nil)
|
|
31
|
+
processor.process(params, cookies, user_agent)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
context 'with an URL' do
|
|
35
|
+
let(:url) { 'http://www.example.com' }
|
|
36
|
+
|
|
37
|
+
it 'calls the #user_logged_out method on the listener and passes the URL' do
|
|
38
|
+
listener.should_receive(:other_sessions_destroyed).with(url)
|
|
39
|
+
processor.process(params, cookies, user_agent)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
context 'with an invlaid ticket-granting ticket' do
|
|
45
|
+
let(:tgt) { 'TGT-lalala' }
|
|
46
|
+
|
|
47
|
+
it 'calls the #other_sessions_destroyed method on the listener' do
|
|
48
|
+
listener.should_receive(:other_sessions_destroyed).with(nil)
|
|
49
|
+
processor.process(params, cookies)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
require 'active_support/core_ext'
|
|
2
2
|
require 'simplecov'
|
|
3
|
+
require 'coveralls'
|
|
3
4
|
|
|
5
|
+
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
|
4
6
|
SimpleCov.start do
|
|
5
7
|
add_filter '/spec'
|
|
6
8
|
base_path = "#{File.dirname(__FILE__)}/../"
|
|
@@ -11,6 +13,9 @@ SimpleCov.start do
|
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
|
|
16
|
+
require 'coveralls'
|
|
17
|
+
Coveralls.wear!
|
|
18
|
+
|
|
14
19
|
require 'database_cleaner'
|
|
15
20
|
require 'logger'
|
|
16
21
|
require 'webmock/rspec'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: casino_core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.5
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
|
36
36
|
b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
|
|
37
37
|
MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
|
|
38
38
|
eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
|
39
|
-
date: 2013-
|
|
39
|
+
date: 2013-03-19 00:00:00.000000000 Z
|
|
40
40
|
dependencies:
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
@@ -182,6 +182,22 @@ dependencies:
|
|
|
182
182
|
- - ~>
|
|
183
183
|
- !ruby/object:Gem::Version
|
|
184
184
|
version: '0.8'
|
|
185
|
+
- !ruby/object:Gem::Dependency
|
|
186
|
+
name: coveralls
|
|
187
|
+
requirement: !ruby/object:Gem::Requirement
|
|
188
|
+
none: false
|
|
189
|
+
requirements:
|
|
190
|
+
- - ! '>='
|
|
191
|
+
- !ruby/object:Gem::Version
|
|
192
|
+
version: '0'
|
|
193
|
+
type: :development
|
|
194
|
+
prerelease: false
|
|
195
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
196
|
+
none: false
|
|
197
|
+
requirements:
|
|
198
|
+
- - ! '>='
|
|
199
|
+
- !ruby/object:Gem::Version
|
|
200
|
+
version: '0'
|
|
185
201
|
- !ruby/object:Gem::Dependency
|
|
186
202
|
name: activerecord
|
|
187
203
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -363,6 +379,7 @@ files:
|
|
|
363
379
|
- lib/casino_core/processor/login_credential_acceptor.rb
|
|
364
380
|
- lib/casino_core/processor/login_credential_requestor.rb
|
|
365
381
|
- lib/casino_core/processor/logout.rb
|
|
382
|
+
- lib/casino_core/processor/other_sessions_destroyer.rb
|
|
366
383
|
- lib/casino_core/processor/proxy_ticket_provider.rb
|
|
367
384
|
- lib/casino_core/processor/proxy_ticket_validator.rb
|
|
368
385
|
- lib/casino_core/processor/second_factor_authentication_acceptor.rb
|
|
@@ -395,6 +412,7 @@ files:
|
|
|
395
412
|
- spec/processor/legacy_validator_spec.rb
|
|
396
413
|
- spec/processor/login_credential_acceptor_spec.rb
|
|
397
414
|
- spec/processor/login_credential_requestor_spec.rb
|
|
415
|
+
- spec/processor/logout_other_sessions_spec.rb
|
|
398
416
|
- spec/processor/logout_spec.rb
|
|
399
417
|
- spec/processor/proxy_ticket_provider_spec.rb
|
|
400
418
|
- spec/processor/proxy_ticket_validator_spec.rb
|
|
@@ -457,6 +475,7 @@ test_files:
|
|
|
457
475
|
- spec/processor/legacy_validator_spec.rb
|
|
458
476
|
- spec/processor/login_credential_acceptor_spec.rb
|
|
459
477
|
- spec/processor/login_credential_requestor_spec.rb
|
|
478
|
+
- spec/processor/logout_other_sessions_spec.rb
|
|
460
479
|
- spec/processor/logout_spec.rb
|
|
461
480
|
- spec/processor/proxy_ticket_provider_spec.rb
|
|
462
481
|
- spec/processor/proxy_ticket_validator_spec.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|