ccls-calnet_authenticated 1.3.2

data/generators/calnet_authenticated/templates/views/users/_form.html.erb

@@ -0,0 +1,27 @@
+<% stylesheets('user') %>
+
+<% form_for @user do |form| %>
+	<%= form.error_messages %>
+<% if params[:token] %>
+	<%= hidden_field_tag :token, params[:token] %>
+<% end %>
+	<div>
+		<%= form.label :username, "Username" %>
+		<%= form.text_field :username %>
+	</div>
+	<div>
+		<%= form.label :email, "Email" %>
+		<%= form.text_field :email %>
+	</div>
+	<div>
+		<%= form.label :password, "Password" %>
+		<%= form.password_field :password %>
+	</div>
+	<div>
+		<%= form.label :password_confirmation, "Password confirmation" %>
+		<%= form.password_field :password_confirmation %>
+	</div>
+	<p>
+		<%= form.submit "Submit" %>
+	</p>
+<% end %>

data/generators/calnet_authenticated/templates/views/users/edit.html.erb

@@ -0,0 +1 @@
+<%= render 'form' %>  

data/generators/calnet_authenticated/templates/views/users/index.html.erb

@@ -0,0 +1,26 @@
+<% stylesheets('users') %>
+<h4>Users:</h4>
+<% unless @users.empty? %>
+<table id='users'><tbody>
+<% @users.each do |user| %>
+<tr class='<%=user.role_names.join(' ')-%> user row'>
+<td class='gravatar'>
+<%#= link_to( image_tag(user.gravatar_url), "http://gravatar.com", :target => 'new' )%>
+</td>
+<td class='username'>
+<%= link_to user.displayname, user_path(user) -%>
+</td>
+<td class='role_name'>&nbsp;
+<% user.role_names.each do |role_name| %>
+<%= link_to role_name, users_path( :role_name => role_name ) -%>
+<% end %>
+</td>
+<td class='manage'>
+<%= destroy_link_to( 'Destroy', user_path(user) ) %>
+</td>
+</tr>
+<% end %>
+</tbody></table><!-- id='users' -->
+<% else %>
+Sorry, no users yet.
+<% end %>

data/generators/calnet_authenticated/templates/views/users/menu.js.erb

@@ -0,0 +1,4 @@
+<% if logged_in? %>
+jQuery(function(){
+});
+<% end %>

data/generators/calnet_authenticated/templates/views/users/new.html.erb

@@ -0,0 +1 @@
+<%= render 'form' %>  

data/generators/calnet_authenticated/templates/views/users/show.html.erb

@@ -0,0 +1,19 @@
+<% stylesheets('user') %>
+
+<fieldset id='user'>
+<legend><%= @user.sn %></legend>
+
+<div class='person'><dl>
+	<% %w( displayname mail uid ).each do |key| -%>
+		<dt><%= key -%></dt>
+		<dd><%= @user.attributes[key] -%></dd>
+	<% end -%>
+</dl>
+</div>
+
+<div id='roles'>
+<%#= link_to( image_tag(@user.gravatar_url), "http://gravatar.com", :target => 'new' )%>
+<%= user_roles() %>
+</div>
+ 
+</fieldset> 

data/lib/calnet_authenticated.rb

@@ -0,0 +1,83 @@
+require 'active_record'
+require 'active_support'
+require 'action_controller'
+
+gem 'ccls-common_lib'
+require 'common_lib'
+
+gem 'rubycas-client', '>= 2.2.1'
+require 'rubycas-client'
+
+require 'casclient'
+require 'casclient/frameworks/rails/filter'
+
+gem 'ucb_ldap', '>= 1.4.2'
+require 'ucb_ldap'
+
+gem 'ccls-simply_authorized'
+require 'simply_authorized'
+
+gem 'ryanb-acts-as-list'
+require 'acts_as_list'
+
+#	Don't know if I use CalnetAuthenticated namespace anymore
+#	It is used in functional test names
+module CalnetAuthenticated
+#	predefine namespace
+end
+module Calnet
+#	predefine namespace
+end
+
+require 'calnet_authenticated/calnet_user'
+require 'calnet_authenticated/controller'
+
+#	I don't think that this is needed
+#	Apparently it is.  I don't quite understand
+#	why my ccls_engine doesn't.
+#%w{models controllers}.each do |dir|
+#	path = File.expand_path(File.join(File.dirname(__FILE__), '../app', dir))
+#	ActiveSupport::Dependencies.autoload_paths << path
+#	ActiveSupport::Dependencies.autoload_once_paths << path
+#end
+
+#	I don't think this is needed
+#
+#	Why do I need this for calnet_authenticated,
+#	but not for authorized or photos or ...
+#
+#	I think that it depends on whether the gem is
+#	explictly added to the configuration with config.gem
+#	or just a dependency with a require.
+#	Since buffler and clic and engine only have config.gem ccls_engine,
+#	we need to be explicit, which is probably better anyway.
+#ActionController::Routing::Routes.add_configuration_file(
+#	File.expand_path(
+#		File.join(
+#			File.dirname(__FILE__), '../config/routes.rb')))
+
+HTML::WhiteListSanitizer.allowed_attributes.merge(%w(
+	id class style
+))
+
+if defined?(Rails) && Rails.env == 'test' && Rails.class_variable_defined?("@@configuration")
+	require 'active_support/test_case'
+	require 'calnet_authenticated/test_helper'
+	require 'factory_girl'
+end
+
+#ActionController::Base.view_paths <<
+#	File.expand_path(
+#		File.join(
+#			File.dirname(__FILE__), '../app/views'))
+
+#	I don't use paperclip anymore, especially not here.
+#	gem 'paperclip'
+#	require 'paperclip'
+#	if defined? ::Paperclip::Glue
+#		ActiveRecord::Base.send(:include, ::Paperclip::Glue)
+#	else
+#		#	older versions did not have "Glue"
+#		ActiveRecord::Base.send(:include, ::Paperclip)
+#	end
+

data/lib/calnet_authenticated/autotest.rb

@@ -0,0 +1,54 @@
+class Autotest::Rails
+
+#
+#	Need both the mapping and the extra files
+#
+	def run_with_calnet_authenticated
+		add_exception %r%config/%
+		add_exception %r%versions/%
+		add_exception %r%\.git/%
+		self.extra_files << File.expand_path(File.join(
+				File.dirname(__FILE__),'/../../test/unit/calnet/'))
+
+#		self.extra_files << File.expand_path(File.join(
+#				File.dirname(__FILE__),'/../../test/functional/calnet/'))
+
+#		add_mapping( 
+#			%r{^#{File.expand_path(File.join(File.dirname(__FILE__),'/../../test/'))}/(unit|functional)/calnet/.*_test\.rb$}
+#			) do |filename, _|
+#			filename
+#		end
+
+		add_mapping( 
+			%r{^#{File.expand_path(File.join(File.dirname(__FILE__),'/../../test/'))}/unit/calnet/.*_test\.rb$}
+			) do |filename, _|
+			filename
+		end
+
+		##
+		#	This stops the ...
+		#
+		#	Unable to map class Ccls::IdentifierTest to a file
+		#	Unable to map class Ccls::SubjectTest to a file
+		#
+		#	By default autotest is expecting all the namespaces to end with Test
+		#		ie. CclsTest::IdentifierTest
+		#	Could have renamed the dir, I suppose.
+		#
+		Dir[File.join(File.dirname(__FILE__),'/../../test/unit/**/*rb')].each do |f|
+#	the condition isn't as important as grabbing "calnet/test_file_name.rb" for camelcasing
+			if f =~ /test\/unit\/(calnet\/.*)\.rb/
+				self.extra_class_map[$1.camelcase] = File.expand_path(f)
+			end
+		end
+#		Dir[File.join(File.dirname(__FILE__),'/../../test/functional/**/*rb')].each do |f|
+#			if f =~ /test\/functional\/(calnet\/.*)\.rb/
+#				self.extra_class_map[$1.camelcase] = File.expand_path(f)
+#			end
+#		end
+
+		run_without_calnet_authenticated
+	end
+	alias_method_chain :run, :calnet_authenticated
+
+end

data/lib/calnet_authenticated/calnet_user.rb

@@ -0,0 +1,89 @@
+#	== requires
+#	*	uid (unique)
+#
+#	== accessible attributes
+#	*	sn
+#	*	displayname
+#	*	mail
+#	*	telephonenumber
+class Calnet::User < ActiveRecord::Base
+	self.abstract_class = true
+
+	def self.search(options={})
+		conditions = {}
+		includes = joins = []
+		if !options[:role_name].blank?
+			includes = [:roles]
+			if Role.all.collect(&:name).include?(options[:role_name])
+				joins = [:roles]
+				conditions = ["roles.name = ?",options[:role_name]]
+			end 
+		end 
+		self.all( 
+			:joins => joins, 
+			:include => includes,
+			:conditions => conditions )
+	end 
+
+	#	Find or Create a user from a given uid, and then 
+	#	proceed to update the user's information from the 
+	#	UCB::LDAP::Person.find_by_uid(uid) response.
+	#	
+	#	Returns: user
+	def self.find_create_and_update_by_uid(uid)
+		user = self.find_or_create_by_uid(uid)
+		person = UCB::LDAP::Person.find_by_uid(uid) 
+		user.update_attributes!({
+			:displayname     => person.displayname,
+			:sn              => person.sn.first,
+			:mail            => person.mail.first || '',
+			:telephonenumber => person.telephonenumber.first
+		}) unless person.nil?
+		user
+	end
+
+	def to_s
+		displayname
+	end
+
+#	this has been included above
+#	ucb_authenticated
+
+#	defined in plugin/engine ...
+#
+#	def may_administrate?(*args)
+#		(self.role_names & ['superuser','administrator']).length > 0
+#	end
+#
+#	def may_read?(*args)
+#		(self.role_names & 
+#			['superuser','administrator','editor','interviewer','reader']
+#		).length > 0
+#	end
+#
+#	def may_edit?(*args)
+#		(self.role_names & 
+#			['superuser','administrator','editor']
+#		).length > 0
+#	end
+
+	def self.inherited(subclass)
+
+		subclass.class_eval do
+			#	for some reason is nil which causes problems
+			self.default_scoping = []
+
+			validates_presence_of   :uid
+			validates_uniqueness_of :uid
+
+			#	include the many may_*? for use in the controllers
+			authorized
+
+			alias_method :may_create?,  :may_edit?
+			alias_method :may_update?,  :may_edit?
+			alias_method :may_destroy?, :may_edit?
+
+		end	#	class_eval
+	end	#	inherited()
+
+end

data/lib/calnet_authenticated/controller.rb

@@ -0,0 +1,94 @@
+require 'action_controller'
+
+#	Further info regarding UCB's CAS setup can be found at 
+#	https://calnet.berkeley.edu/developers/developerResources/cas/CASAppSetup.html#firstLevelServers
+
+module Calnet::Controller
+
+	#	Setup the CASClient and add the cas_filter before_filter
+	#	to all application_controller requests.  This can be
+	#	overridden or "skipped" in any controller, particularly
+	#	those that are passive and will use the cas_gateway_filter
+	#	instead.
+	def self.included(base)
+		base_server_url = ( RAILS_ENV == "production" ) ? 
+			"https://auth.berkeley.edu" : 
+			"https://auth-test.berkeley.edu"
+
+		CASClient::Frameworks::Rails::Filter.configure(
+			:username_session_key => :calnetuid,
+			:cas_base_url => "#{base_server_url}/cas/"
+		)
+
+		base.helper_method :current_user, :logged_in?
+
+		base.extend(ClassMethods)
+		base.send(:include, InstanceMethods)
+
+		base.class_eval do
+			class << self
+				alias_method_chain :inherited, :calnet_before_filter
+			end
+			@@calnet_controller_loaded = true
+			#	try to stop any possiblity of duplicating self in chain
+		end unless base.class_variable_defined?("@@calnet_controller_loaded")
+	end
+
+	module ClassMethods
+
+	private
+
+		def inherited_with_calnet_before_filter(base)
+			identifier = 'inherited_calnet_authenticated_login_required'
+			unless filter_chain.select(&:before?).map(&:identifier
+				).include?(identifier)
+				before_filter :login_required,
+					:identifier => identifier
+			end
+			inherited_without_calnet_before_filter(base)
+		end
+
+	end
+
+	module InstanceMethods
+
+		def logged_in?
+			!current_user.nil?
+		end
+
+		#	Force the user to be have an SSO session open.
+		def current_user_required
+			# Have to add ".filter(self)" when not in before_filter line.
+			CASClient::Frameworks::Rails::Filter.filter(self)
+		end
+		alias_method :login_required, :current_user_required
+
+		def current_user
+			load 'user.rb' unless defined?(User)
+			@current_user ||= if( session && session[:calnetuid] )
+					#	if the user model hasn't been loaded yet
+					#	this will return nil and fail.
+					User.find_create_and_update_by_uid(session[:calnetuid])
+				else
+					nil
+				end
+		end
+
+		# This will allow the user to view the page without authentication
+		# but will process CAS authentication data if the user already
+		# has an SSO session open.  This is potentially useful if you
+		#	don't store a copy of the user info locally.  Otherwise,
+		#	not so much.
+	#
+	#	Not using, so commented out so not to affect code coverage output.
+	#
+	#	def cas_gateway_filter
+	#		# Have to add ".filter(self)" when not in before_filter line.
+	#		CASClient::Frameworks::Rails::GatewayFilter.filter(self)
+	#		@login_url = CASClient::Frameworks::Rails::Filter.login_url(self)
+	#	end
+
+	end	#	InstanceMethods
+
+end	#	Calnet::Controller
+ActionController::Base.send(:include,Calnet::Controller)

data/lib/calnet_authenticated/test_helper.rb

@@ -0,0 +1,100 @@
+module CalnetAuthenticated::TestHelper
+
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+
+	def login_as( user=nil )
+		uid = ( user.is_a?(User) ) ? user.uid : user
+		if !uid.blank?
+			@request.session[:calnetuid] = uid
+			stub_ucb_ldap_person()
+			User.find_create_and_update_by_uid(uid)
+
+			CASClient::Frameworks::Rails::Filter.stubs(
+				:filter).returns(true)
+			# No longer using the GatewayFilter stuff.
+			# CASClient::Frameworks::Rails::GatewayFilter.stubs(
+			# :filter).returns(true)
+		end
+	end
+	alias :login :login_as
+	alias :log_in :login_as
+
+
+	def stub_ucb_ldap_person(options={})
+		UCB::LDAP::Person.stubs(:find_by_uid).returns(
+			UCB::LDAP::Person.new({
+				:sn => ["Wendt"],
+				:displayname => ["Mr. Jake Wendt, BA"],
+				:telephonenumber => ["+1 510 642-9749"],
+				:mail => []
+			})
+		)
+		# Load schema locally for offline testing.
+		# This will generate this warning...
+		# Warning: schema loading from file
+		# from ucb_ldap-1.3.2/lib/ucb_ldap_schema.rb
+		# Comment this out to get the schema from Cal.
+		# This will generate this warning...
+		# warning: peer certificate won't be verified in this SSL session
+		UCB::LDAP::Schema.stubs(
+			:load_attributes_from_url).raises(StandardError)
+	end
+
+	def assert_redirected_to_login
+		assert_response :redirect
+		assert_match "https://auth-test.berkeley.edu/cas/login",
+			@response.redirected_to
+	end
+
+	def assert_redirected_to_logout
+		assert_response :redirect
+		assert_match "https://auth-test.berkeley.edu/cas/logout",
+			@response.redirected_to
+	end
+
+	def assert_logged_in
+		assert_not_nil session[:calnetuid]
+	end
+
+	def assert_not_logged_in
+		assert_nil session[:calnetuid]
+	end
+
+	module ClassMethods
+
+		def site_administrators
+			@site_administrators ||= %w( superuser administrator )
+		end
+
+		def non_site_administrators
+			@non_site_administrators ||= ( all_test_roles - site_administrators )
+		end
+
+		def site_editors
+			@site_editors ||= %w( superuser administrator editor )
+		end
+
+		def non_site_editors
+			@non_site_editors ||= ( all_test_roles - site_editors )
+		end
+
+		def site_readers
+			@site_readers ||= %w( superuser administrator editor interviewer reader )
+		end
+
+		def non_site_readers
+			@non_site_readers ||= ( all_test_roles - site_readers )
+		end
+
+		def all_test_roles
+			@all_test_roles = %w( superuser administrator editor interviewer reader active_user )
+		end
+	end
+
+end	#	module CalnetAuthenticated::TestHelper
+
+require 'active_support'
+require 'active_support/test_case'
+ActiveSupport::TestCase.send(:include,CalnetAuthenticated::TestHelper)