casino_core 1.4.2 → 1.4.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Gemfile.lock +1 -1
- data/lib/casino_core/helper/tickets.rb +9 -2
- data/lib/casino_core/model/service_ticket.rb +1 -1
- data/lib/casino_core/model/ticket_granting_ticket.rb +3 -1
- data/lib/casino_core/processor/second_factor_authentication_acceptor.rb +5 -1
- data/lib/casino_core/version.rb +1 -1
- data/spec/model/ticket_granting_ticket_spec.rb +19 -0
- data/spec/processor/second_factor_authenticaton_acceptor_spec.rb +14 -3
- data.tar.gz.sig +0 -0
- metadata +6 -5
- metadata.gz.sig +0 -0
- data/.rvmrc +0 -48
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
casino_core
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-1.9.3-p194
|
data/Gemfile.lock
CHANGED
@@ -1,9 +1,16 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
|
1
3
|
module CASinoCore
|
2
4
|
module Helper
|
3
5
|
module Tickets
|
6
|
+
|
7
|
+
ALLOWED_TICKET_STRING_CHARACTERS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a
|
8
|
+
|
4
9
|
def random_ticket_string(prefix, length = 40)
|
5
|
-
random_string =
|
6
|
-
|
10
|
+
random_string = SecureRandom.random_bytes(length).each_char.map do |char|
|
11
|
+
ALLOWED_TICKET_STRING_CHARACTERS[(char.ord % ALLOWED_TICKET_STRING_CHARACTERS.length)]
|
12
|
+
end.join
|
13
|
+
"#{prefix}-#{'%d' % (Time.now.to_f * 10000)}-#{random_string}"
|
7
14
|
end
|
8
15
|
end
|
9
16
|
end
|
@@ -5,7 +5,7 @@ require 'addressable/uri'
|
|
5
5
|
class CASinoCore::Model::ServiceTicket < ActiveRecord::Base
|
6
6
|
autoload :SingleSignOutNotifier, 'casino_core/model/service_ticket/single_sign_out_notifier.rb'
|
7
7
|
|
8
|
-
attr_accessible :ticket, :service
|
8
|
+
attr_accessible :ticket, :service, :issued_from_credentials
|
9
9
|
validates :ticket, uniqueness: true
|
10
10
|
belongs_to :ticket_granting_ticket
|
11
11
|
before_destroy :send_single_sing_out_notification, if: :consumed?
|
@@ -14,7 +14,9 @@ class CASinoCore::Model::TicketGrantingTicket < ActiveRecord::Base
|
|
14
14
|
base = user.ticket_granting_tickets
|
15
15
|
end
|
16
16
|
base.where([
|
17
|
-
'(created_at < ? AND long_term = ?) OR created_at < ?',
|
17
|
+
'(created_at < ? AND awaiting_two_factor_authentication = ?) OR (created_at < ? AND long_term = ?) OR created_at < ?',
|
18
|
+
CASinoCore::Settings.two_factor_authenticator[:timeout].seconds.ago,
|
19
|
+
true,
|
18
20
|
CASinoCore::Settings.ticket_granting_ticket[:lifetime].seconds.ago,
|
19
21
|
false,
|
20
22
|
CASinoCore::Settings.ticket_granting_ticket[:lifetime_long_term].seconds.ago
|
@@ -34,7 +34,11 @@ class CASinoCore::Processor::SecondFactorAuthenticationAcceptor < CASinoCore::Pr
|
|
34
34
|
url = unless params[:service].blank?
|
35
35
|
acquire_service_ticket(tgt, params[:service], true).service_with_ticket_url
|
36
36
|
end
|
37
|
-
|
37
|
+
if tgt.long_term?
|
38
|
+
@listener.user_logged_in(url, tgt.ticket, CASinoCore::Settings.ticket_granting_ticket[:lifetime_long_term].seconds.from_now)
|
39
|
+
else
|
40
|
+
@listener.user_logged_in(url, tgt.ticket)
|
41
|
+
end
|
38
42
|
rescue ServiceNotAllowedError => e
|
39
43
|
@listener.service_not_allowed(clean_service_url params[:service])
|
40
44
|
end
|
data/lib/casino_core/version.rb
CHANGED
@@ -181,5 +181,24 @@ describe CASinoCore::Model::TicketGrantingTicket do
|
|
181
181
|
end.should change(described_class, :count).by(-1)
|
182
182
|
described_class.find_by_ticket(ticket_granting_ticket.ticket).should be_false
|
183
183
|
end
|
184
|
+
|
185
|
+
it 'does not delete almost expired ticket-granting tickets with pending two-factor authentication' do
|
186
|
+
ticket_granting_ticket.created_at = 2.minutes.ago
|
187
|
+
ticket_granting_ticket.awaiting_two_factor_authentication = true
|
188
|
+
ticket_granting_ticket.save!
|
189
|
+
lambda do
|
190
|
+
described_class.cleanup
|
191
|
+
end.should_not change(described_class, :count)
|
192
|
+
end
|
193
|
+
|
194
|
+
it 'does delete expired ticket-granting tickets with pending two-factor authentication' do
|
195
|
+
ticket_granting_ticket.created_at = 20.minutes.ago
|
196
|
+
ticket_granting_ticket.awaiting_two_factor_authentication = true
|
197
|
+
ticket_granting_ticket.save!
|
198
|
+
lambda do
|
199
|
+
described_class.cleanup
|
200
|
+
end.should change(described_class, :count).by(-1)
|
201
|
+
described_class.find_by_ticket(ticket_granting_ticket.ticket).should be_false
|
202
|
+
end
|
184
203
|
end
|
185
204
|
end
|
@@ -17,7 +17,7 @@ describe CASinoCore::Processor::SecondFactorAuthenticationAcceptor do
|
|
17
17
|
let(:tgt) { ticket_granting_ticket.ticket }
|
18
18
|
let(:user_agent) { ticket_granting_ticket.user_agent }
|
19
19
|
let(:otp) { '123456' }
|
20
|
-
let(:service) { 'http://www.example.com/testing' }
|
20
|
+
let(:service) { 'http://www.example.com/testing' }
|
21
21
|
let(:params) { { tgt: tgt, otp: otp, service: service }}
|
22
22
|
|
23
23
|
context 'with an active authenticator' do
|
@@ -39,6 +39,17 @@ describe CASinoCore::Processor::SecondFactorAuthenticationAcceptor do
|
|
39
39
|
ticket_granting_ticket.should_not be_awaiting_two_factor_authentication
|
40
40
|
end
|
41
41
|
|
42
|
+
context 'with a long-term ticket-granting ticket' do
|
43
|
+
before(:each) do
|
44
|
+
ticket_granting_ticket.update_attributes! long_term: true
|
45
|
+
end
|
46
|
+
|
47
|
+
it 'calls the #user_logged_in method on the listener with an expiration date set' do
|
48
|
+
listener.should_receive(:user_logged_in).with(/^#{service}\?ticket=ST\-/, /^TGC\-/, kind_of(Time))
|
49
|
+
processor.process(params, user_agent)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
42
53
|
context 'with a not allowed service' do
|
43
54
|
before(:each) do
|
44
55
|
FactoryGirl.create :service_rule, :regex, url: '^https://.*'
|
@@ -56,12 +67,12 @@ describe CASinoCore::Processor::SecondFactorAuthenticationAcceptor do
|
|
56
67
|
before(:each) do
|
57
68
|
ROTP::TOTP.any_instance.should_receive(:verify_with_drift).with(otp, 30).and_return(false)
|
58
69
|
end
|
59
|
-
|
70
|
+
|
60
71
|
it 'calls the `#invalid_one_time_password` method an the listener' do
|
61
72
|
listener.should_receive(:invalid_one_time_password).with(no_args)
|
62
73
|
processor.process(params, user_agent)
|
63
74
|
end
|
64
|
-
|
75
|
+
|
65
76
|
it 'does not activate the ticket-granting ticket' do
|
66
77
|
processor.process(params, user_agent)
|
67
78
|
ticket_granting_ticket.reload
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: casino_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -36,7 +36,7 @@ cert_chain:
|
|
36
36
|
b1VSdnUwRzgvWXlIVUFtSVUvV0tyanIxYmdjZjFWUnYKUjRLRDFNblVWL3Y1
|
37
37
|
MDJwaU1sWG1qeE9XZGJLOHl2UUVIa3N1L3pqYkNqU3UrTTJrd0ZtV0dzeDVu
|
38
38
|
eCtWZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
39
|
-
date: 2013-
|
39
|
+
date: 2013-04-21 00:00:00.000000000 Z
|
40
40
|
dependencies:
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
@@ -305,7 +305,8 @@ files:
|
|
305
305
|
- .document
|
306
306
|
- .gitignore
|
307
307
|
- .rspec
|
308
|
-
- .
|
308
|
+
- .ruby-gemset
|
309
|
+
- .ruby-version
|
309
310
|
- .travis.yml
|
310
311
|
- Gemfile
|
311
312
|
- Gemfile.lock
|
@@ -449,7 +450,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
449
450
|
version: '0'
|
450
451
|
segments:
|
451
452
|
- 0
|
452
|
-
hash:
|
453
|
+
hash: 3956376216012117413
|
453
454
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
454
455
|
none: false
|
455
456
|
requirements:
|
@@ -458,7 +459,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
458
459
|
version: '0'
|
459
460
|
segments:
|
460
461
|
- 0
|
461
|
-
hash:
|
462
|
+
hash: 3956376216012117413
|
462
463
|
requirements: []
|
463
464
|
rubyforge_project:
|
464
465
|
rubygems_version: 1.8.25
|
metadata.gz.sig
CHANGED
Binary file
|
data/.rvmrc
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
#!/usr/bin/env bash
|
2
|
-
|
3
|
-
# This is an RVM Project .rvmrc file, used to automatically load the ruby
|
4
|
-
# development environment upon cd'ing into the directory
|
5
|
-
|
6
|
-
# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
|
7
|
-
# Only full ruby name is supported here, for short names use:
|
8
|
-
# echo "rvm use 1.9.3" > .rvmrc
|
9
|
-
environment_id="ruby-1.9.3-p194@casino_core"
|
10
|
-
|
11
|
-
# Uncomment the following lines if you want to verify rvm version per project
|
12
|
-
# rvmrc_rvm_version="1.15.8 (stable)" # 1.10.1 seams as a safe start
|
13
|
-
# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
|
14
|
-
# echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
|
15
|
-
# return 1
|
16
|
-
# }
|
17
|
-
|
18
|
-
# First we attempt to load the desired environment directly from the environment
|
19
|
-
# file. This is very fast and efficient compared to running through the entire
|
20
|
-
# CLI and selector. If you want feedback on which environment was used then
|
21
|
-
# insert the word 'use' after --create as this triggers verbose mode.
|
22
|
-
if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
|
23
|
-
&& -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
|
24
|
-
then
|
25
|
-
\. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
|
26
|
-
[[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
|
27
|
-
\. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
|
28
|
-
else
|
29
|
-
# If the environment file has not yet been created, use the RVM CLI to select.
|
30
|
-
rvm --create "$environment_id" || {
|
31
|
-
echo "Failed to create RVM environment '${environment_id}'."
|
32
|
-
return 1
|
33
|
-
}
|
34
|
-
fi
|
35
|
-
|
36
|
-
# If you use bundler, this might be useful to you:
|
37
|
-
# if [[ -s Gemfile ]] && {
|
38
|
-
# ! builtin command -v bundle >/dev/null ||
|
39
|
-
# builtin command -v bundle | GREP_OPTIONS= \grep $rvm_path/bin/bundle >/dev/null
|
40
|
-
# }
|
41
|
-
# then
|
42
|
-
# printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
|
43
|
-
# gem install bundler
|
44
|
-
# fi
|
45
|
-
# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
|
46
|
-
# then
|
47
|
-
# bundle install | GREP_OPTIONS= \grep -vE '^Using|Your bundle is complete'
|
48
|
-
# fi
|