cassette 1.0.2 → 1.0.17

data/lib/cassette/rubycas/helper.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require "active_support/concern"
+require 'active_support/concern'
 
 module Cassette
   module Rubycas
@@ -19,18 +19,18 @@ module Cassette
       end
 
       def validate_authentication_ticket
-        return if ENV["NOAUTH"]
+        return if ENV['NOAUTH']
         ::CASClient::Frameworks::Rails::Filter.filter(self)
       end
 
       def employee_only_filter
-        return if ENV["NOAUTH"] or current_user.blank?
-        raise Cassette::Errors::NotAnEmployee unless current_user.employee?
+        return if ENV['NOAUTH'] || current_user.blank?
+        fail Cassette::Errors::NotAnEmployee unless current_user.employee?
       end
 
       def customer_only_filter
-        return if ENV["NOAUTH"] or current_user.blank?
-        raise Cassette::Errors::NotACustomer unless current_user.customer?
+        return if ENV['NOAUTH'] || current_user.blank?
+        fail Cassette::Errors::NotACustomer unless current_user.customer?
       end
 
       def cas_logout(to = root_url)
@@ -39,38 +39,34 @@ module Cassette
       end
 
       def fake_user
-        Cassette::Authentication::User.new({
-          login: "fake.user",
-          name: "Fake User",
-          email: "fake.user@locaweb.com.br",
-          authorities: [],
-          type: "customer"
-        })
+        Cassette::Authentication::User.new(login: 'fake.user',
+                                           name: 'Fake User',
+                                           email: 'fake.user@locaweb.com.br',
+                                           authorities: [],
+                                           type: 'customer')
       end
 
       def validate_role!(role)
-        return if ENV["NOAUTH"]
-        raise Cassette::Errors::Forbidden unless current_user.has_role?(role)
+        return if ENV['NOAUTH']
+        fail Cassette::Errors::Forbidden unless current_user.has_role?(role)
       end
 
       def validate_raw_role!(role)
-        return if ENV["NOAUTH"]
-        raise Cassette::Errors::Forbidden unless current_user.has_raw_role?(role)
+        return if ENV['NOAUTH']
+        fail Cassette::Errors::Forbidden unless current_user.has_raw_role?(role)
       end
 
       def current_user
-        return fake_user if ENV["NOAUTH"]
+        return fake_user if ENV['NOAUTH']
         return nil unless session[:cas_user]
 
         @current_user ||= begin
           attributes = session[:cas_extra_attributes]
-          Cassette::Authentication::User.new({
-            login: session[:cas_user],
-            name: attributes.try(:[], :cn),
-            email: attributes.try(:[], :email),
-            authorities: attributes.try(:[], :authorities),
-            type: attributes.try(:[], :type).try(:downcase)
-          })
+          Cassette::Authentication::User.new(login: session[:cas_user],
+                                             name: attributes.try(:[], :cn),
+                                             email: attributes.try(:[], :email),
+                                             authorities: attributes.try(:[], :authorities),
+                                             type: attributes.try(:[], :type).try(:downcase))
         end
       end
     end

data/lib/cassette/rubycas/not_single_sign_out_constraint.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require "cassette/rubycas/single_sign_out_constraint"
+require 'cassette/rubycas/single_sign_out_constraint'
 
 module Cassette
   module Rubycas
@@ -11,4 +11,3 @@ module Cassette
     end
   end
 end
-

data/lib/cassette/rubycas/single_sign_out_constraint.rb

@@ -4,16 +4,16 @@ module Cassette
   module Rubycas
     class SingleSignOutConstraint
       def matches?(request)
-        if (content_type = request.headers["CONTENT_TYPE"]) &&
-            content_type =~ /^multipart\//
+        if (content_type = request.headers['CONTENT_TYPE']) &&
+           content_type =~ /^multipart\//
           return false
         end
 
         if request.post? &&
-            request.request_parameters['logoutRequest'] &&
-            [request.request_parameters['logoutRequest'],
-              URI.unescape(request.request_parameters['logoutRequest'])]
-                .find { |xml| xml =~ /^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)<\/samlp:SessionIndex>/m }
+           request.request_parameters['logoutRequest'] &&
+           [request.request_parameters['logoutRequest'],
+            URI.unescape(request.request_parameters['logoutRequest'])]
+           .find { |xml| xml =~ /^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)<\/samlp:SessionIndex>/m }
 
           Cassette.logger.debug "Intercepted a single sign out request on #{request}"
           return true
@@ -24,4 +24,3 @@ module Cassette
     end
   end
 end
-

data/lib/cassette/rubycas.rb

@@ -1,11 +1,10 @@
 # encoding: UTF-8
 
-require "cassette/rubycas/helper"
-require "cassette/rubycas/single_sign_out_constraint"
-require "cassette/rubycas/not_single_sign_out_constraint"
+require 'cassette/rubycas/helper'
+require 'cassette/rubycas/single_sign_out_constraint'
+require 'cassette/rubycas/not_single_sign_out_constraint'
 
 module Cassette
   module Rubycas
   end
 end
-

data/lib/cassette/version.rb

@@ -1,15 +1,11 @@
 module Cassette
   class Version
-      MAJOR = "1"
-      MINOR = "0"
+    MAJOR = '1'
+    MINOR = '0'
+    PATCH = '17'
 
-      def self.build_number
-        ENV["BUILD_NUMBER"] || 2
-      end
-
-      def self.version
-        [MAJOR, MINOR, build_number].join(".")
-      end
+    def self.version
+      [MAJOR, MINOR, PATCH].join('.')
+    end
   end
 end
-

data/lib/cassette.rb

@@ -1,17 +1,17 @@
 # encoding: UTF-8
 
-require "cassette/errors"
-require "cassette/cache"
-require "cassette/client/cache"
-require "cassette/client"
-require "cassette/authentication"
-require "cassette/authentication/authorities"
-require "cassette/authentication/user"
-require "cassette/authentication/cache"
-require "cassette/authentication/filter"
+require 'cassette/errors'
+require 'cassette/cache'
+require 'cassette/client/cache'
+require 'cassette/client'
+require 'cassette/authentication'
+require 'cassette/authentication/authorities'
+require 'cassette/authentication/user'
+require 'cassette/authentication/cache'
+require 'cassette/authentication/filter'
 
-require "faraday"
-require "logger"
+require 'faraday'
+require 'logger'
 
 module Cassette
   extend self
@@ -20,12 +20,12 @@ module Cassette
 
   def logger
     @@logger ||= begin
-      if defined?(Rails) && Rails.logger
-        Rails.logger
-      else
-        Logger.new("/dev/null")
-      end
-    end
+                   if defined?(Rails) && Rails.logger
+                     Rails.logger
+                   else
+                     Logger.new('/dev/null')
+                   end
+                 end
   end
 
   def logger=(logger)
@@ -43,8 +43,8 @@ module Cassette
   end
 
   def new_request(uri, timeout)
-    Faraday.new(url: uri, ssl: { verify: false, version: "TLSv1" }) do |builder|
-      builder.adapter :httpclient
+    Faraday.new(url: uri, ssl: { verify: false, version: 'TLSv1' }) do |builder|
+      builder.adapter Faraday.default_adapter
       builder.options.timeout = timeout
     end
   end
@@ -58,14 +58,14 @@ module Cassette
 
   def post(uri, payload, timeout = DEFAULT_TIMEOUT)
     perform(:post, uri, payload, timeout) do |req|
-      req.body = payload
+      req.body = URI.encode_www_form(payload)
       logger.debug "Request: #{req.inspect}"
     end
   end
 
   protected
 
-  def perform(op, uri, payload, timeout = DEFAULT_TIMEOUT, &block)
+  def perform(op, uri, _payload, timeout = DEFAULT_TIMEOUT, &block)
     request = new_request(uri, timeout)
     res = request.send(op, &block)
 

data/spec/cas_spec.rb

@@ -1,13 +1,13 @@
-require "spec_helper"
+require 'spec_helper'
 
 describe Cassette do
-  let(:uri) { "http://example.org/" }
+  let(:uri) { 'http://example.org/' }
   let(:response) do
     Faraday.new do |builder|
       builder.adapter :test do |stub|
-        stub.post(uri, 'data') do |env|
+        stub.post(uri, 'ping=pong') do |env|
           headers = env.request_headers
-          [200, {}, "{ok: true}"]
+          [200, {}, '{ok: true}']
         end
       end
     end
@@ -16,30 +16,30 @@ describe Cassette do
   let(:failed_response) do
     Faraday.new do |builder|
       builder.adapter :test do |stub|
-        stub.post(uri, 'data') do |env|
+        stub.post(uri, 'ping=pong') do |env|
           headers = env.request_headers
-          [500, {}, "{ok: false}"]
+          [500, {}, '{ok: false}']
         end
       end
     end
   end
 
-  describe ".new_request" do
-    it "returns an instance" do
+  describe '.new_request' do
+    it 'returns an instance' do
       # damn coverage
       expect(Cassette.new_request(uri, 5)).to be_instance_of(Faraday::Connection)
     end
   end
 
-  describe ".post" do
-    it "forwards requests" do
+  describe '.post' do
+    it 'forwards requests' do
       allow(Cassette).to receive(:new_request).with(uri, 5).and_return(response)
-      Cassette.post(uri, "data", 5)
+      Cassette.post(uri, { ping: :pong }, 5)
     end
 
-    it "raises an exception when failed" do
+    it 'raises an exception when failed' do
       allow(Cassette).to receive(:new_request).with(uri, 5).and_return(failed_response)
-      expect { Cassette.post(uri, "data", 5) }.to raise_error(Cassette::Errors::InternalServerError)
+      expect { Cassette.post(uri, { ping: :pong }, 5) }.to raise_error(Cassette::Errors::InternalServerError)
     end
   end
 
@@ -49,26 +49,26 @@ describe Cassette do
     Cassette.logger = original_logger
   end
 
-  describe ".logger" do
-    it "returns a default instance" do
+  describe '.logger' do
+    it 'returns a default instance' do
       expect(Cassette.logger).not_to be_nil
-      expect(Cassette.logger.kind_of?(Logger)).to eql(true)
+      expect(Cassette.logger.is_a?(Logger)).to eql(true)
     end
 
-    it "returns rails logger when Rails is available" do
+    it 'returns rails logger when Rails is available' do
       keeping_logger do
         Cassette.logger = nil
-        rails = double("Rails")
+        rails = double('Rails')
         expect(rails).to receive(:logger).and_return(rails).at_least(:once)
-        stub_const("Rails", rails)
+        stub_const('Rails', rails)
         expect(Cassette.logger).to eql(rails)
       end
     end
   end
 
-  describe ".logger=" do
+  describe '.logger=' do
     let(:logger) { Logger.new(STDOUT) }
-    it "defines the logger instance" do
+    it 'defines the logger instance' do
       keeping_logger do
         Cassette.logger = logger
         expect(Cassette.logger).to eq(logger)

data/spec/cassette/authentication/authorities_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+describe Cassette::Authentication::Authorities do
+  subject do
+    Cassette::Authentication::Authorities
+  end
+
+  describe '#has_role?' do
+    let(:input) { "[#{Cassette.config.base_authority}, SAPI, #{Cassette.config.base_authority}_CREATE-USER]" }
+    let(:authorities) { subject.parse(input) }
+
+    it 'adds the application prefix to roles' do
+      expect(authorities.has_role?('CREATE-USER')).to eql(true)
+    end
+
+    it 'ignores role case' do
+      expect(authorities.has_role?('create-user')).to eql(true)
+    end
+
+    it 'replaces underscores with dashes' do
+      expect(authorities.has_role?('create_user')).to eql(true)
+    end
+  end
+
+  context 'with a defined base authority' do
+    let(:base_authority) { 'SOMEAPI' }
+
+    it 'stores the base authority' do
+      input = 'CUSTOMERAPI'
+      expect(subject.parse(input, base_authority).base).to eql(base_authority)
+    end
+
+    describe '#has_role?' do
+      let(:input) { "[#{Cassette.config.base_authority}_TEST2, SOMEAPI_TEST]" }
+
+      it 'returns true for a role that is using the base authority' do
+        expect(subject.parse(input, base_authority)).to have_role(:test)
+      end
+
+      it 'returns false for a role that is not using the base authority' do
+        expect(subject.parse(input, base_authority)).not_to have_role(:test2)
+      end
+    end
+  end
+
+  context 'CAS authorities parsing' do
+    it 'handles single authority' do
+      input = 'CUSTOMERAPI'
+      expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI))
+    end
+
+    it 'handles multiple authorities with surrounding []' do
+      input = '[CUSTOMERAPI, SAPI]'
+      expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
+    end
+
+    it 'ignores whitespace in multiple authorities' do
+      input = '[CUSTOMERAPI,SAPI]'
+      expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
+    end
+
+    it 'returns an empty array when input is nil' do
+      expect(subject.parse(nil).authorities).to eq([])
+    end
+  end
+
+  context 'with authentication disabled' do
+    before { ENV['NOAUTH'] = 'true' }
+    after { ENV.delete('NOAUTH') }
+    subject { Cassette::Authentication::Authorities.new('[]') }
+
+    it '#has_role? returns true for every role' do
+      expect(subject.authorities).to be_empty
+      expect(subject.has_role?(:can_manage)).to eql(true)
+    end
+
+    it '#has_raw_role? returns true for every role' do
+      expect(subject.authorities).to be_empty
+      expect(subject.has_raw_role?('SAPI_CUSTOMER-CREATOR')).to eql(true)
+    end
+  end
+end

data/spec/{cas → cassette}/authentication/filter_spec.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 
-require "spec_helper"
-require "active_support/core_ext/hash/indifferent_access"
+require 'spec_helper'
+require 'active_support/core_ext/hash/indifferent_access'
 
 describe Cassette::Authentication::Filter do
   before do
@@ -19,17 +19,17 @@ describe Cassette::Authentication::Filter do
     end
   end
 
-  shared_context "with NOAUTH" do
+  shared_context 'with NOAUTH' do
     before do
-      ENV["NOAUTH"] = "yes"
+      ENV['NOAUTH'] = 'yes'
     end
 
     after do
-      ENV.delete("NOAUTH")
+      ENV.delete('NOAUTH')
     end
   end
 
-  describe "#validate_raw_role!" do
+  describe '#validate_raw_role!' do
     let(:controller) { ControllerMock.new }
     let(:current_user) { instance_double(Cassette::Authentication::User) }
 
@@ -37,25 +37,25 @@ describe Cassette::Authentication::Filter do
       allow(controller).to receive(:current_user).and_return(current_user)
     end
 
-    it_behaves_like "with NOAUTH" do
-      it "never checks the role" do
+    it_behaves_like 'with NOAUTH' do
+      it 'never checks the role' do
         expect(current_user).not_to receive(:has_raw_role?)
         controller.validate_raw_role!(:something)
       end
 
-      it "does not raise error" do
+      it 'does not raise error' do
         expect { controller.validate_raw_role!(:something) }.not_to raise_error
       end
     end
 
-    it "forwards to current_user" do
+    it 'forwards to current_user' do
       role = instance_double(String)
 
       expect(current_user).to receive(:has_raw_role?).with(role).and_return(true)
       controller.validate_raw_role!(role)
     end
 
-    it "raises a Cassette::Errors::Forbidden when current_user does not have the role" do
+    it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
       role = instance_double(String)
 
       expect(current_user).to receive(:has_raw_role?).with(role).and_return(false)
@@ -63,7 +63,7 @@ describe Cassette::Authentication::Filter do
     end
   end
 
-  describe "#validate_role!" do
+  describe '#validate_role!' do
     let(:controller) { ControllerMock.new }
     let(:current_user) { instance_double(Cassette::Authentication::User) }
 
@@ -71,25 +71,25 @@ describe Cassette::Authentication::Filter do
       allow(controller).to receive(:current_user).and_return(current_user)
     end
 
-    it_behaves_like "with NOAUTH" do
-      it "never checks the role" do
+    it_behaves_like 'with NOAUTH' do
+      it 'never checks the role' do
         expect(current_user).not_to receive(:has_role?)
         controller.validate_role!(:something)
       end
 
-      it "does not raise error" do
+      it 'does not raise error' do
         expect { controller.validate_role!(:something) }.not_to raise_error
       end
     end
 
-    it "forwards to current_user" do
+    it 'forwards to current_user' do
       role = instance_double(String)
 
       expect(current_user).to receive(:has_role?).with(role).and_return(true)
       controller.validate_role!(role)
     end
 
-    it "raises a Cassette::Errors::Forbidden when current_user does not have the role" do
+    it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
       role = instance_double(String)
 
       expect(current_user).to receive(:has_role?).with(role).and_return(false)
@@ -97,75 +97,74 @@ describe Cassette::Authentication::Filter do
     end
   end
 
-  describe "#validate_authentication_ticket" do
-    it_behaves_like "with NOAUTH" do
-      context "and no ticket" do
-        let(:controller) { ControllerMock.new }
 
-        it "should not validate tickets" do
-          controller.validate_authentication_ticket
-          expect(Cassette::Authentication).not_to have_received(:validate_ticket)
-        end
+  describe '#validate_authentication_ticket' do
+    shared_examples_for 'controller without authentication' do
+      it 'does not validate tickets' do
+        controller.validate_authentication_ticket
+        expect(Cassette::Authentication).not_to have_received(:validate_ticket)
+      end
 
-        it "should set current_user" do
-          controller.validate_authentication_ticket
-          expect(controller.current_user).to be_present
-        end
+      it 'sets current_user' do
+        controller.validate_authentication_ticket
+        expect(controller.current_user).to be_present
       end
+    end
 
-      context "and a ticket header" do
+    it_behaves_like 'with NOAUTH' do
+      context 'and no ticket' do
+        let(:controller) { ControllerMock.new }
+
+        it_behaves_like 'controller without authentication'
+      end
+
+      context 'and a ticket header' do
         let(:controller) do
-          ControllerMock.new({}, "Service-Ticket" => "le ticket")
+          ControllerMock.new({}, 'Service-Ticket' => 'le ticket')
         end
 
-        it "should validate tickets" do
-          controller.validate_authentication_ticket
-          expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
-        end
+        it_behaves_like 'controller without authentication'
       end
 
-      context "and a ticket param" do
+      context 'and a ticket param' do
         let(:controller) do
-          ControllerMock.new(ticket: "le ticket")
+          ControllerMock.new(ticket: 'le ticket')
         end
 
-        it "should validate tickets" do
-          controller.validate_authentication_ticket
-          expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
-        end
+        it_behaves_like 'controller without authentication'
       end
     end
 
-    context "with a ticket in the query string *AND* headers" do
+    context 'with a ticket in the query string *AND* headers' do
       let(:controller) do
-        ControllerMock.new({"ticket" => "le other ticket"}, "Service-Ticket" => "le ticket")
+        ControllerMock.new({ 'ticket' => 'le other ticket' }, 'Service-Ticket' => 'le ticket')
       end
 
-      it "should send only the header ticket to validation" do
+      it 'should send only the header ticket to validation' do
         controller.validate_authentication_ticket
-        expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
+        expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
       end
     end
 
-    context "with a ticket in the query string" do
+    context 'with a ticket in the query string' do
       let(:controller) do
-        ControllerMock.new("ticket" => "le ticket")
+        ControllerMock.new('ticket' => 'le ticket')
       end
 
-      it "should send the ticket to validation" do
+      it 'should send the ticket to validation' do
         controller.validate_authentication_ticket
-        expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
+        expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
       end
     end
 
-    context "with a ticket in the Service-Ticket header" do
+    context 'with a ticket in the Service-Ticket header' do
       let(:controller) do
-        ControllerMock.new({}, "Service-Ticket" => "le ticket")
+        ControllerMock.new({}, 'Service-Ticket' => 'le ticket')
       end
 
-      it "should send the ticket to validation" do
+      it 'should send the ticket to validation' do
         controller.validate_authentication_ticket
-        expect(Cassette::Authentication).to have_received(:validate_ticket).with("le ticket", Cassette.config.service)
+        expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
       end
     end
   end