cassette 1.0.2 → 1.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/README.md +125 -106
- data/lib/cassette/authentication/authorities.rb +5 -5
- data/lib/cassette/authentication/cache.rb +5 -6
- data/lib/cassette/authentication/filter.rb +9 -9
- data/lib/cassette/authentication/user.rb +4 -4
- data/lib/cassette/authentication.rb +9 -9
- data/lib/cassette/cache.rb +2 -4
- data/lib/cassette/client/cache.rb +12 -12
- data/lib/cassette/client.rb +11 -16
- data/lib/cassette/errors/not_a_customer.rb +1 -2
- data/lib/cassette/errors/not_an_employee.rb +1 -2
- data/lib/cassette/errors.rb +8 -8
- data/lib/cassette/rubycas/helper.rb +21 -25
- data/lib/cassette/rubycas/not_single_sign_out_constraint.rb +1 -2
- data/lib/cassette/rubycas/single_sign_out_constraint.rb +6 -7
- data/lib/cassette/rubycas.rb +3 -4
- data/lib/cassette/version.rb +6 -10
- data/lib/cassette.rb +21 -21
- data/spec/cas_spec.rb +21 -21
- data/spec/cassette/authentication/authorities_spec.rb +82 -0
- data/spec/{cas → cassette}/authentication/cache_spec.rb +0 -0
- data/spec/{cas → cassette}/authentication/filter_spec.rb +52 -53
- data/spec/cassette/authentication/user_spec.rb +70 -0
- data/spec/cassette/authentication_spec.rb +84 -0
- data/spec/{cas → cassette}/cache_spec.rb +7 -8
- data/spec/{cas → cassette}/client/cache_spec.rb +0 -0
- data/spec/{cas → cassette}/errors_spec.rb +6 -6
- data/spec/config.yml +4 -4
- data/spec/integration/cas/client_spec.rb +32 -31
- data/spec/spec_helper.rb +7 -7
- metadata +57 -57
- data/spec/cas/authentication/authorities_spec.rb +0 -82
- data/spec/cas/authentication/user_spec.rb +0 -70
- data/spec/cas/authentication_spec.rb +0 -84
@@ -1,6 +1,6 @@
|
|
1
1
|
# encoding: UTF-8
|
2
2
|
|
3
|
-
require
|
3
|
+
require 'active_support/concern'
|
4
4
|
|
5
5
|
module Cassette
|
6
6
|
module Rubycas
|
@@ -19,18 +19,18 @@ module Cassette
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def validate_authentication_ticket
|
22
|
-
return if ENV[
|
22
|
+
return if ENV['NOAUTH']
|
23
23
|
::CASClient::Frameworks::Rails::Filter.filter(self)
|
24
24
|
end
|
25
25
|
|
26
26
|
def employee_only_filter
|
27
|
-
return if ENV[
|
28
|
-
|
27
|
+
return if ENV['NOAUTH'] || current_user.blank?
|
28
|
+
fail Cassette::Errors::NotAnEmployee unless current_user.employee?
|
29
29
|
end
|
30
30
|
|
31
31
|
def customer_only_filter
|
32
|
-
return if ENV[
|
33
|
-
|
32
|
+
return if ENV['NOAUTH'] || current_user.blank?
|
33
|
+
fail Cassette::Errors::NotACustomer unless current_user.customer?
|
34
34
|
end
|
35
35
|
|
36
36
|
def cas_logout(to = root_url)
|
@@ -39,38 +39,34 @@ module Cassette
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def fake_user
|
42
|
-
Cassette::Authentication::User.new(
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
type: "customer"
|
48
|
-
})
|
42
|
+
Cassette::Authentication::User.new(login: 'fake.user',
|
43
|
+
name: 'Fake User',
|
44
|
+
email: 'fake.user@locaweb.com.br',
|
45
|
+
authorities: [],
|
46
|
+
type: 'customer')
|
49
47
|
end
|
50
48
|
|
51
49
|
def validate_role!(role)
|
52
|
-
return if ENV[
|
53
|
-
|
50
|
+
return if ENV['NOAUTH']
|
51
|
+
fail Cassette::Errors::Forbidden unless current_user.has_role?(role)
|
54
52
|
end
|
55
53
|
|
56
54
|
def validate_raw_role!(role)
|
57
|
-
return if ENV[
|
58
|
-
|
55
|
+
return if ENV['NOAUTH']
|
56
|
+
fail Cassette::Errors::Forbidden unless current_user.has_raw_role?(role)
|
59
57
|
end
|
60
58
|
|
61
59
|
def current_user
|
62
|
-
return fake_user if ENV[
|
60
|
+
return fake_user if ENV['NOAUTH']
|
63
61
|
return nil unless session[:cas_user]
|
64
62
|
|
65
63
|
@current_user ||= begin
|
66
64
|
attributes = session[:cas_extra_attributes]
|
67
|
-
Cassette::Authentication::User.new(
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
type: attributes.try(:[], :type).try(:downcase)
|
73
|
-
})
|
65
|
+
Cassette::Authentication::User.new(login: session[:cas_user],
|
66
|
+
name: attributes.try(:[], :cn),
|
67
|
+
email: attributes.try(:[], :email),
|
68
|
+
authorities: attributes.try(:[], :authorities),
|
69
|
+
type: attributes.try(:[], :type).try(:downcase))
|
74
70
|
end
|
75
71
|
end
|
76
72
|
end
|
@@ -4,16 +4,16 @@ module Cassette
|
|
4
4
|
module Rubycas
|
5
5
|
class SingleSignOutConstraint
|
6
6
|
def matches?(request)
|
7
|
-
if (content_type = request.headers[
|
8
|
-
|
7
|
+
if (content_type = request.headers['CONTENT_TYPE']) &&
|
8
|
+
content_type =~ /^multipart\//
|
9
9
|
return false
|
10
10
|
end
|
11
11
|
|
12
12
|
if request.post? &&
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
13
|
+
request.request_parameters['logoutRequest'] &&
|
14
|
+
[request.request_parameters['logoutRequest'],
|
15
|
+
URI.unescape(request.request_parameters['logoutRequest'])]
|
16
|
+
.find { |xml| xml =~ /^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)<\/samlp:SessionIndex>/m }
|
17
17
|
|
18
18
|
Cassette.logger.debug "Intercepted a single sign out request on #{request}"
|
19
19
|
return true
|
@@ -24,4 +24,3 @@ module Cassette
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
end
|
27
|
-
|
data/lib/cassette/rubycas.rb
CHANGED
@@ -1,11 +1,10 @@
|
|
1
1
|
# encoding: UTF-8
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require 'cassette/rubycas/helper'
|
4
|
+
require 'cassette/rubycas/single_sign_out_constraint'
|
5
|
+
require 'cassette/rubycas/not_single_sign_out_constraint'
|
6
6
|
|
7
7
|
module Cassette
|
8
8
|
module Rubycas
|
9
9
|
end
|
10
10
|
end
|
11
|
-
|
data/lib/cassette/version.rb
CHANGED
@@ -1,15 +1,11 @@
|
|
1
1
|
module Cassette
|
2
2
|
class Version
|
3
|
-
|
4
|
-
|
3
|
+
MAJOR = '1'
|
4
|
+
MINOR = '0'
|
5
|
+
PATCH = '17'
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
def self.version
|
11
|
-
[MAJOR, MINOR, build_number].join(".")
|
12
|
-
end
|
7
|
+
def self.version
|
8
|
+
[MAJOR, MINOR, PATCH].join('.')
|
9
|
+
end
|
13
10
|
end
|
14
11
|
end
|
15
|
-
|
data/lib/cassette.rb
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
# encoding: UTF-8
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
3
|
+
require 'cassette/errors'
|
4
|
+
require 'cassette/cache'
|
5
|
+
require 'cassette/client/cache'
|
6
|
+
require 'cassette/client'
|
7
|
+
require 'cassette/authentication'
|
8
|
+
require 'cassette/authentication/authorities'
|
9
|
+
require 'cassette/authentication/user'
|
10
|
+
require 'cassette/authentication/cache'
|
11
|
+
require 'cassette/authentication/filter'
|
12
12
|
|
13
|
-
require
|
14
|
-
require
|
13
|
+
require 'faraday'
|
14
|
+
require 'logger'
|
15
15
|
|
16
16
|
module Cassette
|
17
17
|
extend self
|
@@ -20,12 +20,12 @@ module Cassette
|
|
20
20
|
|
21
21
|
def logger
|
22
22
|
@@logger ||= begin
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
23
|
+
if defined?(Rails) && Rails.logger
|
24
|
+
Rails.logger
|
25
|
+
else
|
26
|
+
Logger.new('/dev/null')
|
27
|
+
end
|
28
|
+
end
|
29
29
|
end
|
30
30
|
|
31
31
|
def logger=(logger)
|
@@ -43,8 +43,8 @@ module Cassette
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def new_request(uri, timeout)
|
46
|
-
Faraday.new(url: uri, ssl: { verify: false, version:
|
47
|
-
builder.adapter
|
46
|
+
Faraday.new(url: uri, ssl: { verify: false, version: 'TLSv1' }) do |builder|
|
47
|
+
builder.adapter Faraday.default_adapter
|
48
48
|
builder.options.timeout = timeout
|
49
49
|
end
|
50
50
|
end
|
@@ -58,14 +58,14 @@ module Cassette
|
|
58
58
|
|
59
59
|
def post(uri, payload, timeout = DEFAULT_TIMEOUT)
|
60
60
|
perform(:post, uri, payload, timeout) do |req|
|
61
|
-
req.body = payload
|
61
|
+
req.body = URI.encode_www_form(payload)
|
62
62
|
logger.debug "Request: #{req.inspect}"
|
63
63
|
end
|
64
64
|
end
|
65
65
|
|
66
66
|
protected
|
67
67
|
|
68
|
-
def perform(op, uri,
|
68
|
+
def perform(op, uri, _payload, timeout = DEFAULT_TIMEOUT, &block)
|
69
69
|
request = new_request(uri, timeout)
|
70
70
|
res = request.send(op, &block)
|
71
71
|
|
data/spec/cas_spec.rb
CHANGED
@@ -1,13 +1,13 @@
|
|
1
|
-
require
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Cassette do
|
4
|
-
let(:uri) {
|
4
|
+
let(:uri) { 'http://example.org/' }
|
5
5
|
let(:response) do
|
6
6
|
Faraday.new do |builder|
|
7
7
|
builder.adapter :test do |stub|
|
8
|
-
stub.post(uri, '
|
8
|
+
stub.post(uri, 'ping=pong') do |env|
|
9
9
|
headers = env.request_headers
|
10
|
-
[200, {},
|
10
|
+
[200, {}, '{ok: true}']
|
11
11
|
end
|
12
12
|
end
|
13
13
|
end
|
@@ -16,30 +16,30 @@ describe Cassette do
|
|
16
16
|
let(:failed_response) do
|
17
17
|
Faraday.new do |builder|
|
18
18
|
builder.adapter :test do |stub|
|
19
|
-
stub.post(uri, '
|
19
|
+
stub.post(uri, 'ping=pong') do |env|
|
20
20
|
headers = env.request_headers
|
21
|
-
[500, {},
|
21
|
+
[500, {}, '{ok: false}']
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
describe
|
28
|
-
it
|
27
|
+
describe '.new_request' do
|
28
|
+
it 'returns an instance' do
|
29
29
|
# damn coverage
|
30
30
|
expect(Cassette.new_request(uri, 5)).to be_instance_of(Faraday::Connection)
|
31
31
|
end
|
32
32
|
end
|
33
33
|
|
34
|
-
describe
|
35
|
-
it
|
34
|
+
describe '.post' do
|
35
|
+
it 'forwards requests' do
|
36
36
|
allow(Cassette).to receive(:new_request).with(uri, 5).and_return(response)
|
37
|
-
Cassette.post(uri,
|
37
|
+
Cassette.post(uri, { ping: :pong }, 5)
|
38
38
|
end
|
39
39
|
|
40
|
-
it
|
40
|
+
it 'raises an exception when failed' do
|
41
41
|
allow(Cassette).to receive(:new_request).with(uri, 5).and_return(failed_response)
|
42
|
-
expect { Cassette.post(uri,
|
42
|
+
expect { Cassette.post(uri, { ping: :pong }, 5) }.to raise_error(Cassette::Errors::InternalServerError)
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
@@ -49,26 +49,26 @@ describe Cassette do
|
|
49
49
|
Cassette.logger = original_logger
|
50
50
|
end
|
51
51
|
|
52
|
-
describe
|
53
|
-
it
|
52
|
+
describe '.logger' do
|
53
|
+
it 'returns a default instance' do
|
54
54
|
expect(Cassette.logger).not_to be_nil
|
55
|
-
expect(Cassette.logger.
|
55
|
+
expect(Cassette.logger.is_a?(Logger)).to eql(true)
|
56
56
|
end
|
57
57
|
|
58
|
-
it
|
58
|
+
it 'returns rails logger when Rails is available' do
|
59
59
|
keeping_logger do
|
60
60
|
Cassette.logger = nil
|
61
|
-
rails = double(
|
61
|
+
rails = double('Rails')
|
62
62
|
expect(rails).to receive(:logger).and_return(rails).at_least(:once)
|
63
|
-
stub_const(
|
63
|
+
stub_const('Rails', rails)
|
64
64
|
expect(Cassette.logger).to eql(rails)
|
65
65
|
end
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
|
-
describe
|
69
|
+
describe '.logger=' do
|
70
70
|
let(:logger) { Logger.new(STDOUT) }
|
71
|
-
it
|
71
|
+
it 'defines the logger instance' do
|
72
72
|
keeping_logger do
|
73
73
|
Cassette.logger = logger
|
74
74
|
expect(Cassette.logger).to eq(logger)
|
@@ -0,0 +1,82 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Cassette::Authentication::Authorities do
|
4
|
+
subject do
|
5
|
+
Cassette::Authentication::Authorities
|
6
|
+
end
|
7
|
+
|
8
|
+
describe '#has_role?' do
|
9
|
+
let(:input) { "[#{Cassette.config.base_authority}, SAPI, #{Cassette.config.base_authority}_CREATE-USER]" }
|
10
|
+
let(:authorities) { subject.parse(input) }
|
11
|
+
|
12
|
+
it 'adds the application prefix to roles' do
|
13
|
+
expect(authorities.has_role?('CREATE-USER')).to eql(true)
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'ignores role case' do
|
17
|
+
expect(authorities.has_role?('create-user')).to eql(true)
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'replaces underscores with dashes' do
|
21
|
+
expect(authorities.has_role?('create_user')).to eql(true)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
context 'with a defined base authority' do
|
26
|
+
let(:base_authority) { 'SOMEAPI' }
|
27
|
+
|
28
|
+
it 'stores the base authority' do
|
29
|
+
input = 'CUSTOMERAPI'
|
30
|
+
expect(subject.parse(input, base_authority).base).to eql(base_authority)
|
31
|
+
end
|
32
|
+
|
33
|
+
describe '#has_role?' do
|
34
|
+
let(:input) { "[#{Cassette.config.base_authority}_TEST2, SOMEAPI_TEST]" }
|
35
|
+
|
36
|
+
it 'returns true for a role that is using the base authority' do
|
37
|
+
expect(subject.parse(input, base_authority)).to have_role(:test)
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'returns false for a role that is not using the base authority' do
|
41
|
+
expect(subject.parse(input, base_authority)).not_to have_role(:test2)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
context 'CAS authorities parsing' do
|
47
|
+
it 'handles single authority' do
|
48
|
+
input = 'CUSTOMERAPI'
|
49
|
+
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI))
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'handles multiple authorities with surrounding []' do
|
53
|
+
input = '[CUSTOMERAPI, SAPI]'
|
54
|
+
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
|
55
|
+
end
|
56
|
+
|
57
|
+
it 'ignores whitespace in multiple authorities' do
|
58
|
+
input = '[CUSTOMERAPI,SAPI]'
|
59
|
+
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'returns an empty array when input is nil' do
|
63
|
+
expect(subject.parse(nil).authorities).to eq([])
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
context 'with authentication disabled' do
|
68
|
+
before { ENV['NOAUTH'] = 'true' }
|
69
|
+
after { ENV.delete('NOAUTH') }
|
70
|
+
subject { Cassette::Authentication::Authorities.new('[]') }
|
71
|
+
|
72
|
+
it '#has_role? returns true for every role' do
|
73
|
+
expect(subject.authorities).to be_empty
|
74
|
+
expect(subject.has_role?(:can_manage)).to eql(true)
|
75
|
+
end
|
76
|
+
|
77
|
+
it '#has_raw_role? returns true for every role' do
|
78
|
+
expect(subject.authorities).to be_empty
|
79
|
+
expect(subject.has_raw_role?('SAPI_CUSTOMER-CREATOR')).to eql(true)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
File without changes
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require 'spec_helper'
|
4
|
+
require 'active_support/core_ext/hash/indifferent_access'
|
5
5
|
|
6
6
|
describe Cassette::Authentication::Filter do
|
7
7
|
before do
|
@@ -19,17 +19,17 @@ describe Cassette::Authentication::Filter do
|
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
|
-
shared_context
|
22
|
+
shared_context 'with NOAUTH' do
|
23
23
|
before do
|
24
|
-
ENV[
|
24
|
+
ENV['NOAUTH'] = 'yes'
|
25
25
|
end
|
26
26
|
|
27
27
|
after do
|
28
|
-
ENV.delete(
|
28
|
+
ENV.delete('NOAUTH')
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
-
describe
|
32
|
+
describe '#validate_raw_role!' do
|
33
33
|
let(:controller) { ControllerMock.new }
|
34
34
|
let(:current_user) { instance_double(Cassette::Authentication::User) }
|
35
35
|
|
@@ -37,25 +37,25 @@ describe Cassette::Authentication::Filter do
|
|
37
37
|
allow(controller).to receive(:current_user).and_return(current_user)
|
38
38
|
end
|
39
39
|
|
40
|
-
it_behaves_like
|
41
|
-
it
|
40
|
+
it_behaves_like 'with NOAUTH' do
|
41
|
+
it 'never checks the role' do
|
42
42
|
expect(current_user).not_to receive(:has_raw_role?)
|
43
43
|
controller.validate_raw_role!(:something)
|
44
44
|
end
|
45
45
|
|
46
|
-
it
|
46
|
+
it 'does not raise error' do
|
47
47
|
expect { controller.validate_raw_role!(:something) }.not_to raise_error
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
-
it
|
51
|
+
it 'forwards to current_user' do
|
52
52
|
role = instance_double(String)
|
53
53
|
|
54
54
|
expect(current_user).to receive(:has_raw_role?).with(role).and_return(true)
|
55
55
|
controller.validate_raw_role!(role)
|
56
56
|
end
|
57
57
|
|
58
|
-
it
|
58
|
+
it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
|
59
59
|
role = instance_double(String)
|
60
60
|
|
61
61
|
expect(current_user).to receive(:has_raw_role?).with(role).and_return(false)
|
@@ -63,7 +63,7 @@ describe Cassette::Authentication::Filter do
|
|
63
63
|
end
|
64
64
|
end
|
65
65
|
|
66
|
-
describe
|
66
|
+
describe '#validate_role!' do
|
67
67
|
let(:controller) { ControllerMock.new }
|
68
68
|
let(:current_user) { instance_double(Cassette::Authentication::User) }
|
69
69
|
|
@@ -71,25 +71,25 @@ describe Cassette::Authentication::Filter do
|
|
71
71
|
allow(controller).to receive(:current_user).and_return(current_user)
|
72
72
|
end
|
73
73
|
|
74
|
-
it_behaves_like
|
75
|
-
it
|
74
|
+
it_behaves_like 'with NOAUTH' do
|
75
|
+
it 'never checks the role' do
|
76
76
|
expect(current_user).not_to receive(:has_role?)
|
77
77
|
controller.validate_role!(:something)
|
78
78
|
end
|
79
79
|
|
80
|
-
it
|
80
|
+
it 'does not raise error' do
|
81
81
|
expect { controller.validate_role!(:something) }.not_to raise_error
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
85
|
-
it
|
85
|
+
it 'forwards to current_user' do
|
86
86
|
role = instance_double(String)
|
87
87
|
|
88
88
|
expect(current_user).to receive(:has_role?).with(role).and_return(true)
|
89
89
|
controller.validate_role!(role)
|
90
90
|
end
|
91
91
|
|
92
|
-
it
|
92
|
+
it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
|
93
93
|
role = instance_double(String)
|
94
94
|
|
95
95
|
expect(current_user).to receive(:has_role?).with(role).and_return(false)
|
@@ -97,75 +97,74 @@ describe Cassette::Authentication::Filter do
|
|
97
97
|
end
|
98
98
|
end
|
99
99
|
|
100
|
-
describe "#validate_authentication_ticket" do
|
101
|
-
it_behaves_like "with NOAUTH" do
|
102
|
-
context "and no ticket" do
|
103
|
-
let(:controller) { ControllerMock.new }
|
104
100
|
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
101
|
+
describe '#validate_authentication_ticket' do
|
102
|
+
shared_examples_for 'controller without authentication' do
|
103
|
+
it 'does not validate tickets' do
|
104
|
+
controller.validate_authentication_ticket
|
105
|
+
expect(Cassette::Authentication).not_to have_received(:validate_ticket)
|
106
|
+
end
|
109
107
|
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
end
|
108
|
+
it 'sets current_user' do
|
109
|
+
controller.validate_authentication_ticket
|
110
|
+
expect(controller.current_user).to be_present
|
114
111
|
end
|
112
|
+
end
|
115
113
|
|
116
|
-
|
114
|
+
it_behaves_like 'with NOAUTH' do
|
115
|
+
context 'and no ticket' do
|
116
|
+
let(:controller) { ControllerMock.new }
|
117
|
+
|
118
|
+
it_behaves_like 'controller without authentication'
|
119
|
+
end
|
120
|
+
|
121
|
+
context 'and a ticket header' do
|
117
122
|
let(:controller) do
|
118
|
-
ControllerMock.new({},
|
123
|
+
ControllerMock.new({}, 'Service-Ticket' => 'le ticket')
|
119
124
|
end
|
120
125
|
|
121
|
-
|
122
|
-
controller.validate_authentication_ticket
|
123
|
-
expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
|
124
|
-
end
|
126
|
+
it_behaves_like 'controller without authentication'
|
125
127
|
end
|
126
128
|
|
127
|
-
context
|
129
|
+
context 'and a ticket param' do
|
128
130
|
let(:controller) do
|
129
|
-
ControllerMock.new(ticket:
|
131
|
+
ControllerMock.new(ticket: 'le ticket')
|
130
132
|
end
|
131
133
|
|
132
|
-
|
133
|
-
controller.validate_authentication_ticket
|
134
|
-
expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
|
135
|
-
end
|
134
|
+
it_behaves_like 'controller without authentication'
|
136
135
|
end
|
137
136
|
end
|
138
137
|
|
139
|
-
context
|
138
|
+
context 'with a ticket in the query string *AND* headers' do
|
140
139
|
let(:controller) do
|
141
|
-
ControllerMock.new({
|
140
|
+
ControllerMock.new({ 'ticket' => 'le other ticket' }, 'Service-Ticket' => 'le ticket')
|
142
141
|
end
|
143
142
|
|
144
|
-
it
|
143
|
+
it 'should send only the header ticket to validation' do
|
145
144
|
controller.validate_authentication_ticket
|
146
|
-
expect(Cassette::Authentication).to have_received(:validate_ticket).with(
|
145
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
|
147
146
|
end
|
148
147
|
end
|
149
148
|
|
150
|
-
context
|
149
|
+
context 'with a ticket in the query string' do
|
151
150
|
let(:controller) do
|
152
|
-
ControllerMock.new(
|
151
|
+
ControllerMock.new('ticket' => 'le ticket')
|
153
152
|
end
|
154
153
|
|
155
|
-
it
|
154
|
+
it 'should send the ticket to validation' do
|
156
155
|
controller.validate_authentication_ticket
|
157
|
-
expect(Cassette::Authentication).to have_received(:validate_ticket).with(
|
156
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
|
158
157
|
end
|
159
158
|
end
|
160
159
|
|
161
|
-
context
|
160
|
+
context 'with a ticket in the Service-Ticket header' do
|
162
161
|
let(:controller) do
|
163
|
-
ControllerMock.new({},
|
162
|
+
ControllerMock.new({}, 'Service-Ticket' => 'le ticket')
|
164
163
|
end
|
165
164
|
|
166
|
-
it
|
165
|
+
it 'should send the ticket to validation' do
|
167
166
|
controller.validate_authentication_ticket
|
168
|
-
expect(Cassette::Authentication).to have_received(:validate_ticket).with(
|
167
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
|
169
168
|
end
|
170
169
|
end
|
171
170
|
end
|