cassette 1.0.2 → 1.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/README.md +125 -106
- data/lib/cassette/authentication/authorities.rb +5 -5
- data/lib/cassette/authentication/cache.rb +5 -6
- data/lib/cassette/authentication/filter.rb +9 -9
- data/lib/cassette/authentication/user.rb +4 -4
- data/lib/cassette/authentication.rb +9 -9
- data/lib/cassette/cache.rb +2 -4
- data/lib/cassette/client/cache.rb +12 -12
- data/lib/cassette/client.rb +11 -16
- data/lib/cassette/errors/not_a_customer.rb +1 -2
- data/lib/cassette/errors/not_an_employee.rb +1 -2
- data/lib/cassette/errors.rb +8 -8
- data/lib/cassette/rubycas/helper.rb +21 -25
- data/lib/cassette/rubycas/not_single_sign_out_constraint.rb +1 -2
- data/lib/cassette/rubycas/single_sign_out_constraint.rb +6 -7
- data/lib/cassette/rubycas.rb +3 -4
- data/lib/cassette/version.rb +6 -10
- data/lib/cassette.rb +21 -21
- data/spec/cas_spec.rb +21 -21
- data/spec/cassette/authentication/authorities_spec.rb +82 -0
- data/spec/{cas → cassette}/authentication/cache_spec.rb +0 -0
- data/spec/{cas → cassette}/authentication/filter_spec.rb +52 -53
- data/spec/cassette/authentication/user_spec.rb +70 -0
- data/spec/cassette/authentication_spec.rb +84 -0
- data/spec/{cas → cassette}/cache_spec.rb +7 -8
- data/spec/{cas → cassette}/client/cache_spec.rb +0 -0
- data/spec/{cas → cassette}/errors_spec.rb +6 -6
- data/spec/config.yml +4 -4
- data/spec/integration/cas/client_spec.rb +32 -31
- data/spec/spec_helper.rb +7 -7
- metadata +57 -57
- data/spec/cas/authentication/authorities_spec.rb +0 -82
- data/spec/cas/authentication/user_spec.rb +0 -70
- data/spec/cas/authentication_spec.rb +0 -84
@@ -1,82 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Cassette::Authentication::Authorities do
|
4
|
-
subject do
|
5
|
-
Cassette::Authentication::Authorities
|
6
|
-
end
|
7
|
-
|
8
|
-
describe "#has_role?" do
|
9
|
-
let(:input) { "[#{Cassette.config.base_authority}, SAPI, #{Cassette.config.base_authority}_CREATE-USER]" }
|
10
|
-
let(:authorities) { subject.parse(input) }
|
11
|
-
|
12
|
-
it "adds the application prefix to roles" do
|
13
|
-
expect(authorities.has_role?("CREATE-USER")).to eql(true)
|
14
|
-
end
|
15
|
-
|
16
|
-
it "ignores role case" do
|
17
|
-
expect(authorities.has_role?("create-user")).to eql(true)
|
18
|
-
end
|
19
|
-
|
20
|
-
it "replaces underscores with dashes" do
|
21
|
-
expect(authorities.has_role?("create_user")).to eql(true)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
context "with a defined base authority" do
|
26
|
-
let(:base_authority) { "SOMEAPI" }
|
27
|
-
|
28
|
-
it "stores the base authority" do
|
29
|
-
input = "CUSTOMERAPI"
|
30
|
-
expect(subject.parse(input, base_authority).base).to eql(base_authority)
|
31
|
-
end
|
32
|
-
|
33
|
-
describe "#has_role?" do
|
34
|
-
let(:input) { "[#{Cassette.config.base_authority}_TEST2, SOMEAPI_TEST]" }
|
35
|
-
|
36
|
-
it "returns true for a role that is using the base authority" do
|
37
|
-
expect(subject.parse(input, base_authority)).to have_role(:test)
|
38
|
-
end
|
39
|
-
|
40
|
-
it "returns false for a role that is not using the base authority" do
|
41
|
-
expect(subject.parse(input, base_authority)).not_to have_role(:test2)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context "CAS authorities parsing" do
|
47
|
-
it "handles single authority" do
|
48
|
-
input = "CUSTOMERAPI"
|
49
|
-
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI))
|
50
|
-
end
|
51
|
-
|
52
|
-
it "handles multiple authorities with surrounding []" do
|
53
|
-
input = "[CUSTOMERAPI, SAPI]"
|
54
|
-
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
|
55
|
-
end
|
56
|
-
|
57
|
-
it "ignores whitespace in multiple authorities" do
|
58
|
-
input = "[CUSTOMERAPI,SAPI]"
|
59
|
-
expect(subject.parse(input).authorities).to eq(%w(CUSTOMERAPI SAPI))
|
60
|
-
end
|
61
|
-
|
62
|
-
it "returns an empty array when input is nil" do
|
63
|
-
expect(subject.parse(nil).authorities).to eq([])
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
context "with authentication disabled" do
|
68
|
-
before { ENV["NOAUTH"] = "true" }
|
69
|
-
after { ENV.delete("NOAUTH") }
|
70
|
-
subject { Cassette::Authentication::Authorities.new("[]") }
|
71
|
-
|
72
|
-
it "#has_role? returns true for every role" do
|
73
|
-
expect(subject.authorities).to be_empty
|
74
|
-
expect(subject.has_role?(:can_manage)).to eql(true)
|
75
|
-
end
|
76
|
-
|
77
|
-
it "#has_raw_role? returns true for every role" do
|
78
|
-
expect(subject.authorities).to be_empty
|
79
|
-
expect(subject.has_raw_role?("SAPI_CUSTOMER-CREATOR")).to eql(true)
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
@@ -1,70 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Cassette::Authentication::User do
|
4
|
-
let(:base_authority) do
|
5
|
-
Cassette.config.base_authority
|
6
|
-
end
|
7
|
-
|
8
|
-
describe "#initialize" do
|
9
|
-
context "without a config" do
|
10
|
-
it "forwards authorities parsing" do
|
11
|
-
expect(Cassette::Authentication::Authorities).to receive(:new).with("[CUSTOMERAPI, SAPI]", nil)
|
12
|
-
Cassette::Authentication::User.new(login: "john.doe", name: "John Doe", authorities: "[CUSTOMERAPI, SAPI]")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
context "with a config" do
|
17
|
-
it "forwards authorities parsing passing along the base authority" do
|
18
|
-
config = object_double(Cassette.config)
|
19
|
-
|
20
|
-
expect(config).to receive(:base_authority).and_return("TESTAPI")
|
21
|
-
expect(Cassette::Authentication::Authorities).to receive(:new).with("[CUSTOMERAPI, SAPI]", "TESTAPI")
|
22
|
-
|
23
|
-
Cassette::Authentication::User.new(login: "john.doe", name: "John Doe", authorities: "[CUSTOMERAPI, SAPI]", config: config)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
describe "#has_role?" do
|
29
|
-
let (:user) do
|
30
|
-
Cassette::Authentication::User.new(login: "john.doe", name: "John Doe",
|
31
|
-
authorities: "[#{base_authority}, SAPI, #{base_authority}_CREATE-USER]")
|
32
|
-
end
|
33
|
-
|
34
|
-
it "adds the application prefix to roles" do
|
35
|
-
expect(user.has_role?("CREATE-USER")).to eql(true)
|
36
|
-
end
|
37
|
-
|
38
|
-
it "ignores role case" do
|
39
|
-
expect(user.has_role?("create-user")).to eql(true)
|
40
|
-
end
|
41
|
-
|
42
|
-
it "replaces underscores with dashes" do
|
43
|
-
expect(user.has_role?("create_user")).to eql(true)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
context "user types" do
|
48
|
-
context "#employee?" do
|
49
|
-
it "returns true when user is an employee" do
|
50
|
-
expect(Cassette::Authentication::User.new(type: "employee")).to be_employee
|
51
|
-
expect(Cassette::Authentication::User.new(type: "Employee")).to be_employee
|
52
|
-
expect(Cassette::Authentication::User.new(type: :employee)).to be_employee
|
53
|
-
expect(Cassette::Authentication::User.new(type: "customer")).not_to be_employee
|
54
|
-
expect(Cassette::Authentication::User.new(type: nil)).not_to be_employee
|
55
|
-
expect(Cassette::Authentication::User.new(type: "")).not_to be_employee
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
context "#customer?" do
|
60
|
-
it "returns true when the user is a customer" do
|
61
|
-
expect(Cassette::Authentication::User.new(type: "customer")).to be_customer
|
62
|
-
expect(Cassette::Authentication::User.new(type: "Customer")).to be_customer
|
63
|
-
expect(Cassette::Authentication::User.new(type: :customer)).to be_customer
|
64
|
-
expect(Cassette::Authentication::User.new(type: "employee")).not_to be_customer
|
65
|
-
expect(Cassette::Authentication::User.new(type: nil)).not_to be_customer
|
66
|
-
expect(Cassette::Authentication::User.new(type: "")).not_to be_customer
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
@@ -1,84 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Cassette::Authentication do
|
6
|
-
let(:cache) { instance_double(Cassette::Authentication::Cache) }
|
7
|
-
let(:http) { class_double(Cassette) }
|
8
|
-
|
9
|
-
subject do
|
10
|
-
Cassette::Authentication.new(cache: cache, http_client: http)
|
11
|
-
end
|
12
|
-
|
13
|
-
describe "#ticket_user" do
|
14
|
-
context "when cached" do
|
15
|
-
it "returns the cached value when cached" do
|
16
|
-
cached = double('cached')
|
17
|
-
|
18
|
-
expect(cache).to receive(:fetch_authentication) do |ticket, &block|
|
19
|
-
expect(ticket).to eql("ticket")
|
20
|
-
expect(block).to be_present
|
21
|
-
cached
|
22
|
-
end
|
23
|
-
|
24
|
-
expect(subject.ticket_user("ticket")).to eql(cached)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
context "when not cached" do
|
29
|
-
before do
|
30
|
-
expect(cache).to receive(:fetch_authentication) do |ticket, &block|
|
31
|
-
block.call
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
it "raises a Forbidden exception on any exceptions" do
|
36
|
-
allow(http).to receive(:post).with(anything, anything).and_raise(Cassette::Errors::BadRequest)
|
37
|
-
expect { subject.ticket_user("ticket") }.to raise_error(Cassette::Errors::Forbidden)
|
38
|
-
end
|
39
|
-
|
40
|
-
context "with a failed CAS response" do
|
41
|
-
before do
|
42
|
-
allow(http).to receive(:post).with(anything, anything)
|
43
|
-
.and_return(OpenStruct.new(body: fixture("cas/fail.xml")))
|
44
|
-
end
|
45
|
-
|
46
|
-
it "returns nil" do
|
47
|
-
expect(subject.ticket_user("ticket")).to be_nil
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
context "with a successful CAS response" do
|
52
|
-
before do
|
53
|
-
allow(http).to receive(:post).with(anything, anything)
|
54
|
-
.and_return(OpenStruct.new(body: fixture("cas/success.xml")))
|
55
|
-
end
|
56
|
-
|
57
|
-
it "returns an User" do
|
58
|
-
expect(subject.ticket_user("ticket")).to be_instance_of(Cassette::Authentication::User)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
describe "#validate_ticket" do
|
65
|
-
it "raises a authorization required error when no ticket is provided" do
|
66
|
-
expect { subject.validate_ticket(nil) }.to raise_error(Cassette::Errors::AuthorizationRequired)
|
67
|
-
end
|
68
|
-
|
69
|
-
it "raises a authorization required error when ticket is blank" do
|
70
|
-
expect { subject.validate_ticket("") }.to raise_error(Cassette::Errors::AuthorizationRequired)
|
71
|
-
end
|
72
|
-
|
73
|
-
it "raises a forbidden error when the associated user is not found" do
|
74
|
-
expect(subject).to receive(:ticket_user).with("ticket", Cassette.config.service).and_return(nil)
|
75
|
-
expect { subject.validate_ticket("ticket") }.to raise_error(Cassette::Errors::Forbidden)
|
76
|
-
end
|
77
|
-
|
78
|
-
it "returns the associated user" do
|
79
|
-
user = double('User')
|
80
|
-
expect(subject).to receive(:ticket_user).with("ticket", Cassette.config.service).and_return(user)
|
81
|
-
expect(subject.validate_ticket("ticket")).to eql(user)
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|