casino_core 1.3.4 → 1.3.5

data/.gitignore

@@ -17,3 +17,5 @@ pkg
 
 # Ignore the default SQLite database.
 /db/*.sqlite3
+
+.coveralls.yml

data/.travis.yml

@@ -1,3 +1,6 @@
 language: ruby
 before_script:
   - DATABASE_ENV=test rake casino_core:db:schema:load
+rvm:
+  - 1.9.3
+  - 2.0.0

data/Gemfile

@@ -1,2 +1,2 @@
-source :rubygems
+source 'https://rubygems.org'
 gemspec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    casino_core (1.3.4)
+    casino_core (1.3.5)
       activerecord (~> 3.2.9)
       addressable (~> 2.3)
       faraday (~> 0.8)
@@ -10,7 +10,7 @@ PATH
       useragent (~> 0.4)
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
     activemodel (3.2.12)
       activesupport (= 3.2.12)
@@ -26,6 +26,13 @@ GEM
     addressable (2.3.2)
     arel (3.0.2)
     builder (3.0.4)
+    colorize (0.5.8)
+    coveralls (0.6.2)
+      colorize
+      multi_json (~> 1.3)
+      rest-client
+      simplecov (>= 0.7)
+      thor
     crack (0.3.2)
     database_cleaner (0.9.1)
     diff-lcs (1.1.3)
@@ -34,10 +41,13 @@ GEM
     faraday (0.8.5)
       multipart-post (~> 1.1)
     i18n (0.6.1)
+    mime-types (1.21)
     multi_json (1.6.1)
     multipart-post (1.1.5)
     nokogiri (1.5.6)
     rake (10.0.3)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
     rotp (1.4.1)
     rspec (2.12.0)
       rspec-core (~> 2.12.0)
@@ -53,6 +63,7 @@ GEM
     simplecov-html (0.7.1)
     sqlite3 (1.3.7)
     terminal-table (1.4.5)
+    thor (0.17.0)
     tzinfo (0.3.35)
     useragent (0.4.16)
     webmock (1.9.0)
@@ -65,6 +76,7 @@ PLATFORMS
 
 DEPENDENCIES
   casino_core!
+  coveralls
   database_cleaner (~> 0.9)
   factory_girl (~> 4.1)
   nokogiri (~> 1.5)

data/casino_core.gemspec

@@ -17,8 +17,11 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.signing_key   = File.expand_path '~/.gem/casino-private_key.pem'
-  s.cert_chain    = ['casino-public_cert.pem']
+  sign_file = File.expand_path '~/.gem/casino-private_key.pem'
+  if File.exist?(sign_file)
+    s.signing_key = sign_file
+    s.cert_chain  = ['casino-public_cert.pem']
+  end
 
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'rspec', '~> 2.12'
@@ -29,6 +32,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'nokogiri', '~> 1.5'
   s.add_development_dependency 'factory_girl', '~> 4.1'
   s.add_development_dependency 'yard', '~> 0.8'
+  s.add_development_dependency 'coveralls'
 
   s.add_runtime_dependency 'activerecord', '~> 3.2.9'
   s.add_runtime_dependency 'addressable', '~> 2.3'

data/lib/casino_core.rb

@@ -16,7 +16,6 @@ module CASinoCore
       root_path = options[:application_root] || '.'
       require 'active_record'
       require 'yaml'
-      YAML::ENGINE.yamler = 'syck'
       ActiveRecord::Base.establish_connection YAML.load_file(File.join(root_path, 'config/database.yml'))[@environment]
 
       config = YAML.load_file(File.join(root_path, 'config/cas.yml'))[@environment].symbolize_keys

data/lib/casino_core/helper/ticket_granting_tickets.rb

@@ -32,6 +32,7 @@ module CASinoCore
       def acquire_ticket_granting_ticket(authentication_result, user_agent = nil)
         user_data = authentication_result[:user_data]
         user = load_or_initialize_user(authentication_result[:authenticator], user_data[:username], user_data[:extra_attributes])
+        cleanup_expired_ticket_granting_tickets(user)
         user.ticket_granting_tickets.create!({
           ticket: random_ticket_string('TGC'),
           awaiting_two_factor_authentication: !user.active_two_factor_authenticator.nil?,
@@ -55,6 +56,12 @@ module CASinoCore
         end
       end
 
+      def cleanup_expired_ticket_granting_tickets(user)
+        user.ticket_granting_tickets.where(['created_at < ?', CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago]).destroy_all.tap do |destroyed|
+          logger.info "Destroyed #{destroyed.length} expired ticket-granting tickets"
+        end
+      end
+
     end
   end
 end

data/lib/casino_core/processor.rb

@@ -6,6 +6,7 @@ module CASinoCore
     autoload :LoginCredentialAcceptor, 'casino_core/processor/login_credential_acceptor.rb'
     autoload :LoginCredentialRequestor, 'casino_core/processor/login_credential_requestor.rb'
     autoload :Logout, 'casino_core/processor/logout.rb'
+    autoload :OtherSessionsDestroyer, 'casino_core/processor/other_sessions_destroyer.rb'
     autoload :ProxyTicketProvider, 'casino_core/processor/proxy_ticket_provider.rb'
     autoload :ProxyTicketValidator, 'casino_core/processor/proxy_ticket_validator.rb'
     autoload :SecondFactorAuthenticationAcceptor, 'casino_core/processor/second_factor_authentication_acceptor.rb'

data/lib/casino_core/processor/other_sessions_destroyer.rb

@@ -0,0 +1,30 @@
+require 'casino_core/processor'
+require 'casino_core/helper'
+require 'casino_core/model'
+
+# The OtherSessionsDestroyer processor should be used to process GET requests to /destroy-other-sessions.
+#
+# It is usefule to redirect users to this action after a password change.
+#
+# This feature is not described in the CAS specification so it's completly optional
+# to implement this on the web application side.
+class CASinoCore::Processor::OtherSessionsDestroyer < CASinoCore::Processor
+  include CASinoCore::Helper::TicketGrantingTickets
+
+  # This method will call `#other_sessions_destroyed` and may supply an URL that should be presented to the user.
+  # The user should be redirected to this URL immediately.
+  #
+  # @param [Hash] params parameters supplied by user
+  # @param [Hash] cookies cookies supplied by user
+  # @param [String] user_agent user-agent delivered by the client
+  def process(params = nil, cookies = nil, user_agent = nil)
+    params ||= {}
+    cookies ||= {}
+    tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
+    unless tgt.nil?
+      other_ticket_granting_tickets = tgt.user.ticket_granting_tickets.where('id != ?', tgt.id)
+      other_ticket_granting_tickets.destroy_all
+    end
+    @listener.other_sessions_destroyed(params[:service])
+  end
+end

data/lib/casino_core/version.rb

@@ -1,3 +1,3 @@
 module CASinoCore
-  VERSION = '1.3.4'
+  VERSION = '1.3.5'
 end

data/spec/processor/logout_other_sessions_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe CASinoCore::Processor::OtherSessionsDestroyer do
+  describe '#process' do
+    let(:listener) { Object.new }
+    let(:processor) { described_class.new(listener) }
+    let(:cookies) { { tgt: tgt } }
+    let(:url) { nil }
+    let(:params) { { :service => url } unless url.nil? }
+
+    before(:each) do
+      listener.stub(:other_sessions_destroyed)
+    end
+
+    context 'with an existing ticket-granting ticket' do
+      let(:user) { FactoryGirl.create :user }
+      let!(:other_users_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3 }
+      let!(:other_ticket_granting_tickets) { FactoryGirl.create_list :ticket_granting_ticket, 3, user: user }
+      let!(:ticket_granting_ticket) { FactoryGirl.create :ticket_granting_ticket, user: user }
+      let(:tgt) { ticket_granting_ticket.ticket }
+      let(:user_agent) { ticket_granting_ticket.user_agent }
+
+      it 'deletes all other ticket-granting tickets' do
+        lambda do
+          processor.process(params, cookies, user_agent)
+        end.should change(CASinoCore::Model::TicketGrantingTicket, :count).by(-3)
+      end
+
+      it 'calls the #user_logged_out method on the listener' do
+        listener.should_receive(:other_sessions_destroyed).with(nil)
+        processor.process(params, cookies, user_agent)
+      end
+
+      context 'with an URL' do
+        let(:url) { 'http://www.example.com' }
+
+        it 'calls the #user_logged_out method on the listener and passes the URL' do
+          listener.should_receive(:other_sessions_destroyed).with(url)
+          processor.process(params, cookies, user_agent)
+        end
+      end
+    end
+
+    context 'with an invlaid ticket-granting ticket' do
+      let(:tgt) { 'TGT-lalala' }
+
+      it 'calls the #other_sessions_destroyed method on the listener' do
+        listener.should_receive(:other_sessions_destroyed).with(nil)
+        processor.process(params, cookies)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,6 +1,8 @@
 require 'active_support/core_ext'
 require 'simplecov'
+require 'coveralls'
 
+SimpleCov.formatter = Coveralls::SimpleCov::Formatter
 SimpleCov.start do
   add_filter '/spec'
   base_path = "#{File.dirname(__FILE__)}/../"
@@ -11,6 +13,9 @@ SimpleCov.start do
   end
 end
 
+require 'coveralls'
+Coveralls.wear!
+
 require 'database_cleaner'
 require 'logger'
 require 'webmock/rspec'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: casino_core
 version: !ruby/object:Gem::Version
-  version: 1.3.4
+  version: 1.3.5
   prerelease: 
 platform: ruby
 authors:
@@ -36,7 +36,7 @@ cert_chain:
   b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
   MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
   eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-date: 2013-02-22 00:00:00.000000000 Z
+date: 2013-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -182,6 +182,22 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -363,6 +379,7 @@ files:
 - lib/casino_core/processor/login_credential_acceptor.rb
 - lib/casino_core/processor/login_credential_requestor.rb
 - lib/casino_core/processor/logout.rb
+- lib/casino_core/processor/other_sessions_destroyer.rb
 - lib/casino_core/processor/proxy_ticket_provider.rb
 - lib/casino_core/processor/proxy_ticket_validator.rb
 - lib/casino_core/processor/second_factor_authentication_acceptor.rb
@@ -395,6 +412,7 @@ files:
 - spec/processor/legacy_validator_spec.rb
 - spec/processor/login_credential_acceptor_spec.rb
 - spec/processor/login_credential_requestor_spec.rb
+- spec/processor/logout_other_sessions_spec.rb
 - spec/processor/logout_spec.rb
 - spec/processor/proxy_ticket_provider_spec.rb
 - spec/processor/proxy_ticket_validator_spec.rb
@@ -457,6 +475,7 @@ test_files:
 - spec/processor/legacy_validator_spec.rb
 - spec/processor/login_credential_acceptor_spec.rb
 - spec/processor/login_credential_requestor_spec.rb
+- spec/processor/logout_other_sessions_spec.rb
 - spec/processor/logout_spec.rb
 - spec/processor/proxy_ticket_provider_spec.rb
 - spec/processor/proxy_ticket_validator_spec.rb