cassette 1.2.2 → 1.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7cb4c150e5462c22f1c9b50efc460f97b467fb46
|
4
|
+
data.tar.gz: 62125a47efc5907be567ddb8f5110e115f5b3822
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f5180968617bf8f175eedc6df3ebad946a29d53f8fc0f4bafad42485d4bb6df55f78d2ee7531c9e1518ceaa2acedec9cc1755b2587cc83dbb018c42efc472455
|
7
|
+
data.tar.gz: 48730cd09644516e5ea5f17e17f22cc8814213f7664021ef9b482961974bad2102022e8b81cab0b430fb9c5276d8f84bbeb047647cec55526cf331df374ff3fb
|
@@ -7,13 +7,21 @@ module Cassette
|
|
7
7
|
module Filter
|
8
8
|
def self.included(controller)
|
9
9
|
controller.extend(ClassMethods)
|
10
|
-
controller.
|
10
|
+
if controller.respond_to?(:before_action)
|
11
|
+
controller.before_action(:validate_authentication_ticket)
|
12
|
+
else
|
13
|
+
controller.before_filter(:validate_authentication_ticket)
|
14
|
+
end
|
11
15
|
controller.send(:attr_accessor, :current_user)
|
12
16
|
end
|
13
17
|
|
14
18
|
module ClassMethods
|
15
19
|
def skip_authentication(*options)
|
16
|
-
|
20
|
+
if respond_to?(:skip_before_action)
|
21
|
+
skip_before_action :validate_authentication_ticket, *options
|
22
|
+
else
|
23
|
+
skip_before_filter :validate_authentication_ticket, *options
|
24
|
+
end
|
17
25
|
end
|
18
26
|
end
|
19
27
|
|
@@ -8,14 +8,23 @@ module Cassette
|
|
8
8
|
extend ActiveSupport::Concern
|
9
9
|
include UserFactory
|
10
10
|
|
11
|
-
included do
|
12
|
-
|
13
|
-
|
11
|
+
included do |base|
|
12
|
+
if base.respond_to?(:before_action)
|
13
|
+
before_action :validate_authentication_ticket
|
14
|
+
else
|
15
|
+
before_filter :validate_authentication_ticket
|
16
|
+
end
|
17
|
+
|
18
|
+
base.helper_method :current_user
|
14
19
|
end
|
15
20
|
|
16
21
|
module ClassMethods
|
17
22
|
def skip_authentication(*options)
|
18
|
-
|
23
|
+
if respond_to?(:skip_before_action)
|
24
|
+
skip_before_action :validate_authentication_ticket, *options
|
25
|
+
else
|
26
|
+
skip_before_filter :validate_authentication_ticket, *options
|
27
|
+
end
|
19
28
|
end
|
20
29
|
end
|
21
30
|
|
data/lib/cassette/version.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
|
4
|
-
|
5
3
|
describe Cassette::Authentication::Filter do
|
6
4
|
before do
|
7
5
|
allow(Cassette::Authentication).to receive(:validate_ticket)
|
@@ -17,225 +15,239 @@ describe Cassette::Authentication::Filter do
|
|
17
15
|
end
|
18
16
|
end
|
19
17
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
before do
|
25
|
-
allow(controller).to receive(:current_user).and_return(current_user)
|
26
|
-
end
|
27
|
-
|
28
|
-
it_behaves_like 'with NOAUTH' do
|
29
|
-
it 'never checks the role' do
|
30
|
-
expect(current_user).not_to receive(:has_raw_role?)
|
31
|
-
controller.validate_raw_role!(:something)
|
32
|
-
end
|
18
|
+
shared_examples_for 'controller behaviour' do
|
19
|
+
describe '#validate_raw_role!' do
|
20
|
+
let(:controller) { controller_factory.(described_class).new }
|
21
|
+
let(:current_user) { instance_double(Cassette::Authentication::User) }
|
33
22
|
|
34
|
-
|
35
|
-
|
23
|
+
before do
|
24
|
+
allow(controller).to receive(:current_user).and_return(current_user)
|
36
25
|
end
|
37
|
-
end
|
38
|
-
|
39
|
-
it 'forwards to current_user' do
|
40
|
-
role = instance_double(String)
|
41
|
-
|
42
|
-
expect(current_user).to receive(:has_raw_role?).with(role).and_return(true)
|
43
|
-
controller.validate_raw_role!(role)
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
|
47
|
-
role = instance_double(String)
|
48
26
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
27
|
+
it_behaves_like 'with NOAUTH' do
|
28
|
+
it 'never checks the role' do
|
29
|
+
expect(current_user).not_to receive(:has_raw_role?)
|
30
|
+
controller.validate_raw_role!(:something)
|
31
|
+
end
|
53
32
|
|
54
|
-
|
55
|
-
|
56
|
-
|
33
|
+
it 'does not raise error' do
|
34
|
+
expect { controller.validate_raw_role!(:something) }.not_to raise_error
|
35
|
+
end
|
36
|
+
end
|
57
37
|
|
58
|
-
|
59
|
-
|
60
|
-
end
|
38
|
+
it 'forwards to current_user' do
|
39
|
+
role = instance_double(String)
|
61
40
|
|
62
|
-
|
63
|
-
|
64
|
-
expect(current_user).not_to receive(:has_role?)
|
65
|
-
controller.validate_role!(:something)
|
41
|
+
expect(current_user).to receive(:has_raw_role?).with(role).and_return(true)
|
42
|
+
controller.validate_raw_role!(role)
|
66
43
|
end
|
67
44
|
|
68
|
-
it 'does not
|
69
|
-
|
45
|
+
it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
|
46
|
+
role = instance_double(String)
|
47
|
+
|
48
|
+
expect(current_user).to receive(:has_raw_role?).with(role).and_return(false)
|
49
|
+
expect { controller.validate_raw_role!(role) }.to raise_error(Cassette::Errors::Forbidden)
|
70
50
|
end
|
71
51
|
end
|
72
52
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
expect(current_user).to receive(:has_role?).with(role).and_return(true)
|
77
|
-
controller.validate_role!(role)
|
78
|
-
end
|
53
|
+
describe '#validate_role!' do
|
54
|
+
let(:controller) { controller_factory.(described_class).new }
|
55
|
+
let(:current_user) { instance_double(Cassette::Authentication::User) }
|
79
56
|
|
80
|
-
|
81
|
-
|
57
|
+
before do
|
58
|
+
allow(controller).to receive(:current_user).and_return(current_user)
|
59
|
+
end
|
82
60
|
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
61
|
+
it_behaves_like 'with NOAUTH' do
|
62
|
+
it 'never checks the role' do
|
63
|
+
expect(current_user).not_to receive(:has_role?)
|
64
|
+
controller.validate_role!(:something)
|
65
|
+
end
|
87
66
|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
controller.validate_authentication_ticket
|
92
|
-
expect(Cassette::Authentication).not_to have_received(:validate_ticket)
|
67
|
+
it 'does not raise error' do
|
68
|
+
expect { controller.validate_role!(:something) }.not_to raise_error
|
69
|
+
end
|
93
70
|
end
|
94
71
|
|
95
|
-
it '
|
96
|
-
|
97
|
-
|
72
|
+
it 'forwards to current_user' do
|
73
|
+
role = instance_double(String)
|
74
|
+
|
75
|
+
expect(current_user).to receive(:has_role?).with(role).and_return(true)
|
76
|
+
controller.validate_role!(role)
|
98
77
|
end
|
99
|
-
end
|
100
78
|
|
101
|
-
|
102
|
-
|
103
|
-
let(:controller) { ControllerMock(described_class).new }
|
79
|
+
it 'raises a Cassette::Errors::Forbidden when current_user does not have the role' do
|
80
|
+
role = instance_double(String)
|
104
81
|
|
105
|
-
|
82
|
+
expect(current_user).to receive(:has_role?).with(role).and_return(false)
|
83
|
+
expect { controller.validate_role!(role) }.to raise_error(Cassette::Errors::Forbidden)
|
106
84
|
end
|
85
|
+
end
|
107
86
|
|
108
|
-
|
109
|
-
|
110
|
-
|
87
|
+
describe '#validate_authentication_ticket' do
|
88
|
+
shared_examples_for 'controller without authentication' do
|
89
|
+
it 'does not validate tickets' do
|
90
|
+
controller.validate_authentication_ticket
|
91
|
+
expect(Cassette::Authentication).not_to have_received(:validate_ticket)
|
111
92
|
end
|
112
93
|
|
113
|
-
|
94
|
+
it 'sets current_user' do
|
95
|
+
controller.validate_authentication_ticket
|
96
|
+
expect(controller.current_user).to be_present
|
97
|
+
end
|
114
98
|
end
|
115
99
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
end
|
100
|
+
it_behaves_like 'with NOAUTH' do
|
101
|
+
context 'and no ticket' do
|
102
|
+
let(:controller) { controller_factory.(described_class).new }
|
120
103
|
|
121
|
-
|
122
|
-
|
123
|
-
end
|
104
|
+
it_behaves_like 'controller without authentication'
|
105
|
+
end
|
124
106
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
107
|
+
context 'and a ticket header' do
|
108
|
+
let(:controller) do
|
109
|
+
controller_factory.(described_class).new({}, 'Service-Ticket' => 'le ticket')
|
110
|
+
end
|
129
111
|
|
130
|
-
|
131
|
-
|
132
|
-
.with(Cassette.config.service) { false }
|
133
|
-
end
|
112
|
+
it_behaves_like 'controller without authentication'
|
113
|
+
end
|
134
114
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
end
|
115
|
+
context 'and a ticket param' do
|
116
|
+
let(:controller) do
|
117
|
+
controller_factory.(described_class).new(ticket: 'le ticket')
|
118
|
+
end
|
140
119
|
|
141
|
-
|
142
|
-
|
143
|
-
expect(controller).to receive(:accepts_authentication_service?).with(anything) { true }
|
120
|
+
it_behaves_like 'controller without authentication'
|
121
|
+
end
|
144
122
|
end
|
145
123
|
|
146
|
-
context '
|
124
|
+
context 'when accepts_authentication_service? returns false' do
|
147
125
|
let(:controller) do
|
148
|
-
|
149
|
-
'Service-Ticket' => 'le ticket')
|
126
|
+
controller_factory.(described_class).new(ticket: 'le ticket')
|
150
127
|
end
|
151
128
|
|
152
|
-
|
153
|
-
controller.
|
154
|
-
|
129
|
+
before do
|
130
|
+
expect(controller).to receive(:accepts_authentication_service?)
|
131
|
+
.with(Cassette.config.service) { false }
|
155
132
|
end
|
156
|
-
end
|
157
133
|
|
158
|
-
|
159
|
-
|
160
|
-
|
134
|
+
it 'raises a Cassette::Errors::Forbidden' do
|
135
|
+
expect { controller.validate_authentication_ticket }
|
136
|
+
.to raise_error(Cassette::Errors::Forbidden)
|
161
137
|
end
|
138
|
+
end
|
162
139
|
|
163
|
-
|
164
|
-
|
165
|
-
expect(
|
140
|
+
context 'when accepts_authentication_service? returns true' do
|
141
|
+
before do
|
142
|
+
expect(controller).to receive(:accepts_authentication_service?).with(anything) { true }
|
166
143
|
end
|
167
|
-
end
|
168
144
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
"subdomain.#{Cassette.config.service}"
|
174
|
-
end
|
145
|
+
context 'with a ticket in the query string *AND* headers' do
|
146
|
+
let(:controller) do
|
147
|
+
controller_factory.(described_class).new({ 'ticket' => 'le other ticket' },
|
148
|
+
'Service-Ticket' => 'le ticket')
|
175
149
|
end
|
176
150
|
|
177
|
-
|
151
|
+
it 'should send only the header ticket to validation' do
|
152
|
+
controller.validate_authentication_ticket
|
153
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
|
154
|
+
end
|
178
155
|
end
|
179
156
|
|
180
|
-
|
181
|
-
controller
|
157
|
+
context 'with a ticket in the query string' do
|
158
|
+
let(:controller) do
|
159
|
+
controller_factory.(described_class).new('ticket' => 'le ticket')
|
160
|
+
end
|
182
161
|
|
183
|
-
|
184
|
-
.
|
162
|
+
it 'should send the ticket to validation' do
|
163
|
+
controller.validate_authentication_ticket
|
164
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket).with('le ticket', Cassette.config.service)
|
165
|
+
end
|
185
166
|
end
|
186
|
-
end
|
187
167
|
|
188
|
-
|
189
|
-
|
190
|
-
|
168
|
+
context 'when #authentication_service is overriden' do
|
169
|
+
let(:controller) do
|
170
|
+
mod = Module.new do
|
171
|
+
def authentication_service
|
172
|
+
"subdomain.#{Cassette.config.service}"
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
controller_factory.(described_class, mod).new({}, 'Service-Ticket' => 'le ticket')
|
177
|
+
end
|
178
|
+
|
179
|
+
it 'validates with the overriden value and not the config' do
|
180
|
+
controller.validate_authentication_ticket
|
181
|
+
|
182
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket)
|
183
|
+
.with('le ticket', "subdomain.#{Cassette.config.service}")
|
184
|
+
end
|
191
185
|
end
|
192
186
|
|
193
|
-
|
194
|
-
controller
|
187
|
+
context 'with a ticket in the Service-Ticket header' do
|
188
|
+
let(:controller) do
|
189
|
+
controller_factory.(described_class).new({}, 'Service-Ticket' => 'le ticket')
|
190
|
+
end
|
191
|
+
|
192
|
+
it 'sends the ticket to validation' do
|
193
|
+
controller.validate_authentication_ticket
|
195
194
|
|
196
|
-
|
197
|
-
|
195
|
+
expect(Cassette::Authentication).to have_received(:validate_ticket)
|
196
|
+
.with('le ticket', Cassette.config.service)
|
197
|
+
end
|
198
198
|
end
|
199
199
|
end
|
200
200
|
end
|
201
|
-
end
|
202
201
|
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
202
|
+
describe '#accepts_authentication_service?' do
|
203
|
+
let(:controller) do
|
204
|
+
controller_factory.(described_class).new(ticket: 'le ticket')
|
205
|
+
end
|
207
206
|
|
208
|
-
|
209
|
-
|
210
|
-
|
207
|
+
before do
|
208
|
+
allow(Cassette).to receive(:config) { config }
|
209
|
+
end
|
211
210
|
|
212
|
-
|
211
|
+
subject { controller.accepts_authentication_service?(service) }
|
213
212
|
|
214
|
-
|
215
|
-
|
216
|
-
|
213
|
+
context 'when config responds to #services' do
|
214
|
+
let(:subdomain) { "subdomain.acme.org" }
|
215
|
+
let(:not_related) { "acme.org" }
|
217
216
|
|
218
|
-
|
219
|
-
|
220
|
-
|
217
|
+
let(:config) do
|
218
|
+
OpenStruct.new(YAML.load_file('spec/config.yml').merge(services: [subdomain]))
|
219
|
+
end
|
221
220
|
|
222
|
-
|
223
|
-
|
221
|
+
context 'and the authentication service is included in the configuration' do
|
222
|
+
let(:service) { subdomain }
|
224
223
|
|
225
|
-
|
226
|
-
|
224
|
+
it { is_expected.to eq true }
|
225
|
+
end
|
227
226
|
|
228
|
-
|
229
|
-
|
227
|
+
context 'and the authentication service is Cassette.config.service' do
|
228
|
+
let(:service) { Cassette.config.service }
|
230
229
|
|
231
|
-
|
232
|
-
|
230
|
+
it { is_expected.to eq true }
|
231
|
+
end
|
233
232
|
|
234
|
-
|
235
|
-
|
233
|
+
context 'and the authentication service is not included in the configuration' do
|
234
|
+
let(:service) { not_related }
|
236
235
|
|
237
|
-
|
236
|
+
it { is_expected.to eq false }
|
237
|
+
end
|
238
238
|
end
|
239
239
|
end
|
240
240
|
end
|
241
|
+
|
242
|
+
context 'a Rails 4+ controller' do
|
243
|
+
let(:controller_factory) { method(:ControllerMock) }
|
244
|
+
|
245
|
+
it_behaves_like 'controller behaviour'
|
246
|
+
end
|
247
|
+
|
248
|
+
context 'a Rails 3 controller' do
|
249
|
+
let(:controller_factory) { method(:LegacyControllerMock) }
|
250
|
+
|
251
|
+
it_behaves_like 'controller behaviour'
|
252
|
+
end
|
241
253
|
end
|
@@ -8,6 +8,12 @@ def ControllerMock(*mods)
|
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
11
|
+
def LegacyControllerMock(*mods)
|
12
|
+
mods.inject(Class.new(LegacyControllerMock)) do |c, mod|
|
13
|
+
c.send(:include, mod)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
11
17
|
class ControllerMock
|
12
18
|
attr_accessor :params, :request, :current_user
|
13
19
|
def self.before_action(*); end
|
@@ -17,3 +23,13 @@ class ControllerMock
|
|
17
23
|
self.request = OpenStruct.new(headers: headers.with_indifferent_access)
|
18
24
|
end
|
19
25
|
end
|
26
|
+
|
27
|
+
class LegacyControllerMock
|
28
|
+
attr_accessor :params, :request, :current_user
|
29
|
+
def self.before_filter(*); end
|
30
|
+
|
31
|
+
def initialize(params = {}, headers = {})
|
32
|
+
self.params = params.with_indifferent_access
|
33
|
+
self.request = OpenStruct.new(headers: headers.with_indifferent_access)
|
34
|
+
end
|
35
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cassette
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ricardo Hermida Ruiz
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-10-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|