cul_omniauth 0.4.2 → 0.4.3

data/spec/integration/navigation_spec.rb

@@ -0,0 +1,4 @@
+require 'spec_helper'
+
+describe :navigation do; end
+

data/spec/lib/cul/omniauth/abilities_spec.rb

@@ -0,0 +1,166 @@
+require 'spec_helper'
+
+describe Cul::Omniauth::Abilities do
+  let(:request) {
+    DummyRequest.new
+  }
+  let(:role_config) {
+    Hash.new
+  }
+  let(:rig_class) {
+    c = Class.new
+    c.class_eval do
+      include Cul::Omniauth::RemoteIpAbility
+    end
+    c
+  }
+  let(:current_user) { User.new }
+  let(:proxy) { Cul::Omniauth::AbilityProxy.new }
+  let(:rig) {
+    rig = rig_class.new
+    allow(rig).to receive(:request) { request }
+    allow(rig).to receive(:current_user) { current_user }
+    allow(rig).to receive(:session) { Hash.new }
+    rig
+  }
+
+  subject do
+    rig.current_ability
+  end
+
+  context "when no valid session, role or id" do
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+      rig.instance_variable_set :@current_ability, nil
+    end
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+    let(:rules) do
+      YAML.load(fixture('test/role_config/and.yml').read)['_all_environments']
+    end
+    it do
+      expect(subject.can?  :download, proxy).not_to be
+    end
+  end
+
+  context "when user has a valid role" do
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+      rig.instance_variable_set :@current_ability, nil
+    end
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+    let(:rules) do
+      YAML.load(fixture('test/role_config/and.yml').read)['_all_environments']
+    end
+    context "in a session" do
+      before do
+        allow(rig).to receive(:session) { {'devise.roles' => [:'downloaders']} }
+      end
+      it do
+        expect(subject.can? :download, proxy).to be
+      end
+    end
+    context "in a user" do
+      it do
+        #allow(current_user).to receive(:role?).and_return(false)
+        allow(current_user).to receive(:role?).with(:*).and_return(true)
+        allow(current_user).to receive(:role?).with(:downloaders).and_return(true)
+        expect(subject.can? :download, proxy).to be
+      end
+    end
+  end
+
+  context "when combining with and" do
+    let(:rules) do
+      YAML.load(fixture('test/role_config/and.yml').read)['_all_environments']
+    end
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+      rig.instance_variable_set :@current_ability, nil
+    end
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+    context "when the IP is on the approved list and login is right" do
+      before do
+        allow(current_user).to receive(:uid).and_return('test_user')
+        request.remote_ip = '255.255.255.255'
+      end
+      it do
+        expect(subject.can?  :download, proxy).to be
+      end
+    end
+    context "when the IP is not on the approved list" do
+      before do
+        allow(current_user).to receive(:uid).and_return('test_user')
+        request.remote_ip = '255.255.255.1'
+      end
+      it do
+        expect(subject.can?  :download, proxy).not_to be
+      end
+    end
+    context "when login is wrong" do
+      before do
+        allow(current_user).to receive(:uid).and_return('wrong_user')
+        request.remote_ip = '255.255.255.255'
+      end
+      it do
+        expect(subject.can?  :download, proxy).not_to be
+      end
+    end
+  end
+  context "when combining with or" do
+    let(:rules) do
+      YAML.load(fixture('test/role_config/or.yml').read)['_all_environments']
+    end
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+      rig.instance_variable_set :@current_ability, nil
+    end
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+    subject do
+      rig.current_ability
+    end
+    context "when the IP is on the approved list and login is right" do
+      before do
+        allow(current_user).to receive(:uid).and_return('test_user')
+        request.remote_ip = '255.255.255.255'
+      end
+      it do
+        expect(subject.can?  :download, proxy).to be
+      end
+    end
+    context "when neither IP or login is approved" do
+      before do
+        allow(current_user).to receive(:uid).and_return('wrong_user')
+        request.remote_ip = '255.255.255.1'
+      end
+      it do
+        expect(subject.can?  :download, proxy).not_to be
+      end
+    end
+    context "when the IP is not on the approved list" do
+      before do
+        allow(current_user).to receive(:uid).and_return('test_user')
+        request.remote_ip = '255.255.255.1'
+      end
+      it do
+        expect(subject.can?  :download, proxy).to be
+      end
+    end
+    context "when login is wrong" do
+      before do
+        allow(current_user).to receive(:uid).and_return('wrong_user')
+        request.remote_ip = '255.255.255.255'
+      end
+      it do
+        expect(subject.can?  :download, proxy).to be
+      end
+    end
+  end
+end

data/spec/lib/cul/omniauth/callbacks_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper'
+
+describe Cul::Omniauth::Callbacks do
+  let(:oa_response) do
+    {}
+  end
+  let(:request) {
+    DummyRequest.new
+  }
+  let(:role_config) {
+    Hash.new
+  }
+  let(:rig_class) {
+    c = Class.new
+    c.class_eval do
+      attr_accessor :request, :flash, :session
+      include Cul::Omniauth::Callbacks
+    end
+    c
+  }
+  let(:current_user) { User.new }
+  let(:rig) {
+    rig = rig_class.new
+    rig
+  }
+
+  it do
+    is_expected.to be_a Module
+  end
+  context "is included" do
+    subject { rig }
+    before do
+      rig.instance_variable_set :@current_user, current_user
+      rig.request = request
+      rig.session = {}
+      oa_response['uid'] = 'foo'
+      oa_response['extra'] = {}
+      request.env = {'omniauth.auth' => oa_response}
+      rig.flash = {}
+    end
+    ['SAML', 'CAS', 'WIND'].each do |method|
+      context "logging in with #{method}" do
+        before do
+          allow(oa_response).to receive(:provider).and_return(method)
+        end
+        it do
+          is_expected.to receive(:redirect_to)
+          is_expected.to receive(:root_url)
+          expect(User).not_to receive("find_for_#{method.downcase}".to_sym)
+          subject.send method.downcase.to_sym
+          expect(rig.flash[:notice]).to be
+        end
+        context "user is persisted" do
+          before do
+            current_user.persisted = true
+          end
+          it do
+            is_expected.to receive(:sign_in_and_redirect)
+            subject.send method.downcase.to_sym
+            expect(rig.flash[:notice]).to be
+          end
+          context "no current_user" do
+            before do
+              rig.instance_variable_set :@current_user, nil
+            end
+            it do
+              is_expected.to receive(:sign_in_and_redirect)
+              expect(User).to receive("find_for_#{method.downcase}".to_sym).and_return(current_user)
+              subject.send method.downcase.to_sym
+              expect(rig.flash[:notice]).to be
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/cul/omniauth/remote_ip_ability_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe Cul::Omniauth::RemoteIpAbility do
+  let(:request) {
+    DummyRequest.new
+  }
+  let(:role_config) {
+    Hash.new
+  }
+  let(:rig_class) {
+    c = Class.new
+    c.class_eval do
+      include Cul::Omniauth::RemoteIpAbility
+    end
+    c
+  }
+  let(:current_user) { User.new }
+  let(:rig) {
+    rig = rig_class.new
+    allow(rig).to receive(:request) { request }
+    allow(rig).to receive(:current_user) { current_user }
+    allow(rig).to receive(:session) { Hash.new }
+    rig
+  }
+  before do
+    Ability.instance_variable_set :@role_proxy_config, Hash.new
+    rig.instance_variable_set :@current_ability, nil
+  end
+  after do
+    Ability.instance_variable_set :@role_proxy_config, nil
+  end
+
+  it do
+    is_expected.to be_a Module
+  end
+  context "is included" do
+    subject { request }
+    it do
+      is_expected.to receive(:remote_ip)
+      rig.current_ability
+    end
+  end
+end

data/spec/lib/cul/omniauth/users_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe Cul::Omniauth::Users do
+
+  it do
+    is_expected.to be_a Module
+  end
+  context "is included" do
+    let(:token){ {'uid'=> uid, 'provider'=> provider} }
+    let(:uid) { 'foo' }
+    let(:provider) { 'lol' }
+    subject { User }
+    context "token has no uid" do
+      before do
+        token['uid'] = nil
+      end
+      it do
+        expect(subject.find_for_provider(token, provider)).not_to be
+      end
+    end
+    context "existing user" do
+      let(:users) { [double(User)]}
+      it do
+        is_expected.to receive(:where).with(uid: uid, provider: provider).and_return(users)
+        is_expected.not_to receive(:"create!")
+        subject.find_for_provider(token, provider)
+      end
+    end
+    context "new user" do
+      let(:users) { []}
+      it do
+        is_expected.to receive(:where).with(uid: uid, provider: provider).and_return(users)
+        is_expected.to receive(:"create!").with(uid: uid, provider: provider).and_return(double(User))
+        subject.find_for_provider(token, provider)
+      end
+    end
+    ["cas", "saml", "wind"].each do |method|
+      context "find with #{method} provider" do
+        it do
+          is_expected.to receive(:find_for_provider).with(token,method)
+          subject.send :"find_for_#{method}", token
+        end
+      end
+    end
+  end
+end

data/spec/lib/omni_auth/strategies/saml/service_ticket_validator_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::SAML::ServiceTicketValidator do
+  it "should be a class" do
+    expect(OmniAuth::Strategies::SAML::ServiceTicketValidator).to be_a Class
+  end
+  describe "success parsing" do
+    let(:strategy) do
+      mock = double('strategy')
+      allow(mock).to receive(:service_validate_url) {'/validate'}
+
+      mock
+    end
+    let(:options) do
+      {}
+    end
+    let(:return_to_url) do
+      'http://test.server/test'
+    end
+    let(:ticket) do
+      SecureRandom.hex(16)
+    end
+    subject do
+      OmniAuth::Strategies::SAML::ServiceTicketValidator.new(strategy, options, return_to_url, ticket)
+    end
+    it "should generate the ticket envelope" do
+      pattern = "<samlp:AssertionArtifact>#{ticket}</samlp:AssertionArtifact>"
+      SAML_NS = {
+        samla: "urn:oasis:names:tc:SAML:1.0:assertion",
+        samlp: "urn:oasis:names:tc:SAML:1.0:protocol",
+      }
+      actual = Nokogiri::XML(subject.get_service_request_body).xpath('//samlp:AssertionArtifact', SAML_NS).text
+      expect(actual).to eql(ticket)
+    end
+    context "on a successful authentication" do
+      before do
+        allow(subject).to receive(:get_service_response_body) {
+          fixture('test/saml/success_affils.xml') {|io| io.read }
+        }
+      end
+      it "should find the user id" do
+        user_info = subject.call.user_info
+        puts user_info.inspect
+        expect(user_info['user']).to eql('de3')
+      end
+      it "should find the affils" do
+        user_info = subject.call.user_info
+        puts user_info.inspect
+        expect(user_info['affiliations'].size).to eql(6)
+      end
+    end
+  end
+end

data/spec/lib/omni_auth/strategies/wind/service_ticket_validator_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::WIND::ServiceTicketValidator do
+  it "should be a class" do
+    expect(OmniAuth::Strategies::WIND::ServiceTicketValidator).to be_a Class
+  end
+  describe "success parsing" do
+    let(:strategy) do
+      mock = double('strategy')
+      allow(mock).to receive(:service_validate_url) {'/validate'}
+
+      mock
+    end
+    let(:options) do
+      {}
+    end
+    let(:return_to_url) do
+      'http://test.server/test'
+    end
+    let(:ticket) do
+      mock = double('ticket')
+      mock
+    end
+    subject do
+      OmniAuth::Strategies::WIND::ServiceTicketValidator.new(strategy, options, return_to_url, ticket)
+    end
+    it do
+      allow(subject).to receive(:get_service_response_body) {
+        fixture('test/wind/success_affils.xml') {|io| io.read }
+      }
+      user_info = subject.call.user_info
+      puts user_info.inspect
+      expect(user_info[:affiliations].size).to eql(2)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,60 @@
+# Configure Rails Environment
+ENV["RAILS_ENV"] ||= "test"
+require "bundler/setup"
+
+if ENV['COVERAGE']
+  require 'simplecov'
+  SimpleCov.command_name "spec"
+end
+
+require File.expand_path("../../spec/dummy/config/environment.rb",  __FILE__)
+ActiveRecord::Migrator.migrations_paths = [File.expand_path("../../spec/dummy/db/migrate", __FILE__)]
+ActiveRecord::Migrator.migrations_paths << File.expand_path('../../db/migrate', __FILE__)
+
+Rails.backtrace_cleaner.remove_silencers!
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+$:.unshift File.join('..','spec','lib')
+$:.unshift File.join('..','app','models','concerns')
+
+require 'cancan'
+require 'cul/omniauth/users'
+require 'cul/omniauth/abilities'
+
+# Load fixtures from the engine
+if ActiveSupport::TestCase.method_defined?(:fixture_path=)
+  ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
+end
+
+def fixture(filename, mode="r")
+  path = File.join(File.dirname(__FILE__),'..','fixtures',filename)
+  if block_given?
+    open(path, mode) {|io| yield io}
+  else
+    open(path, mode)
+  end
+end
+
+def symbolize_hash_keys(hash)
+  hash.symbolize_keys!
+  hash.values.select{|v| v.is_a? Hash}.each{|h| symbolize_hash_keys(h)}
+  hash
+end
+
+class DummyRequest
+  attr_accessor :remote_ip
+  attr_accessor :env
+end
+class Ability
+  include CanCan::Ability
+  include Cul::Omniauth::Abilities
+end
+
+class User
+  attr_accessor :uid, :persisted
+  def self.devise(*args); end
+  def persisted?; persisted; end
+  include Cul::Omniauth::Users
+end