cul_omniauth 0.4.3 → 0.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a7d79b0f43eeca5c75a633f01fe939ddcc798e5a
-  data.tar.gz: a09213d0e00ca9642955507fba71d1e940fbcc30
+SHA256:
+  metadata.gz: 256693f7dfea34961802ebcc0ddfbdc63c6ffba5e2e64c37867cc8974182dcad
+  data.tar.gz: 2152d4fa6aa5880e909a0d2f2de087130d09359f3275e9498fe75c42b2fd5f4e
 SHA512:
-  metadata.gz: 977bed10ff96bfcc48668b99313076c2267bf8023071709be49d8d51a2de37317e1dc3bfe2ed00d065b8bd6f84658be2c7ff63623a50c50d3db18f9ff651ccbd
-  data.tar.gz: bc39d14929e69cbd30e50aeab065f069c8c14cdf935d484dd48ab1341291468ce97d7e65c35a8396e67e8f86800cec0d058c51d1b1a28d3103b23468d0ef50ef
+  metadata.gz: 7ef5c36b7e5fbdd799f76aeb4cfb0b977db1ab03ba93772aebd82ef314565106b77a4e759a78225746425cc9e53df558f3c67f366464c3fb4a5d730b01a912a1
+  data.tar.gz: 29cc800ed27409b46d77357bca0e0b1dee9e85262715d3e2e1de6b96c98e7cb33e6b75edf76a4f6cb30e3b458f0f811a6ea1f0e163e1c145612effa262379cfa

data/app/controllers/concerns/cul/omniauth/callbacks.rb

@@ -28,7 +28,12 @@ module Cul::Omniauth::Callbacks
     affiliations(@current_user,affils)
     session["devise.roles"] = affils
     if @current_user && @current_user.persisted?
-      flash[:notice] = I18n.t "devise.omniauth_callbacks.success", kind: auth_type
+      message = I18n.t "devise.omniauth_callbacks.success", kind: auth_type
+      if message.blank?
+        flash.delete(:notice)
+      else
+        flash[:notice] = message
+      end
       sign_in_and_redirect @current_user, :event => :authentication
     else
       reason = @current_user ? 'no persisted user for id' : 'no uid in token'

data/app/models/concerns/cul/omniauth/abilities.rb

@@ -5,17 +5,21 @@ module Cul::Omniauth::Abilities
     ARRAY = [].freeze
   end
   def initialize(user=nil, opts={})
-    @user = user || User.new
-    roles = opts[:roles] || Empty::HASH
     if user
+      @user = user
+      opts = {user_id: user.uid}.merge(opts)
+    else
+      @user = User.new
+    end
+    roles = opts[:roles] || Empty::HASH
+    if @user
       role_permissions = self.class.config.select do |role,config|
-        roles.include?(role) or user.role?(role)
+        roles.include?(role) or @user.role?(role)
       end
-      role_permissions[:'*'] = self.class.config.fetch(:*,Empty::HASH)
-      opts = {user_id: user.uid}.merge(opts)
     else
-      role_permissions = {:'*' => self.class.config.fetch(:*,Empty::HASH)}
+      role_permissions = {}
     end
+    role_permissions[:'*'] = self.class.config.fetch(:*,Empty::HASH)
     role_permissions.each do |role, config|
       config.fetch(:can,Empty::HASH).each do |action, conditions|
         if conditions.blank?

data/app/models/concerns/cul/omniauth/users/configured_roles.rb

@@ -0,0 +1,12 @@
+module Cul::Omniauth::Users::ConfiguredRoles
+  extend ActiveSupport::Concern
+  def role? role_sym
+    super || begin
+      found = false
+      found = role_members(role_sym).detect {|member| self.role?(member.to_sym)}
+    end
+  end
+  def role_members(role_sym)
+    Ability.config.fetch(role_sym.to_sym,{}).fetch(:members,[])
+  end
+end

data/lib/cul/omniauth/version.rb

@@ -1,5 +1,5 @@
 module Cul
   module Omniauth
-    VERSION = "0.4.3"
+    VERSION = "0.5.5"
   end
-end
+end

data/lib/omni_auth/strategies/saml.rb

@@ -79,7 +79,9 @@ module OmniAuth
       end
 
       def login_url(service)
-        cas_url + append_params(options.login_url, { TARGET: service })
+        target_url = service.split('?').first
+        parms = { TARGET: target_url }
+        cas_url + append_params(options.login_url, parms)
       end
       def logout_url(service)
         cas_url + append_params(options.logout_url, { service: service})
@@ -117,11 +119,10 @@ module OmniAuth
       end
 
       def service_validate_url(service_url, ticket)
-        service_url = Addressable::URI.parse(service_url).origin
+        target_url = service_url.split('?').first
+
         parms = {
-          TARGET: service_url,
-#          service: service_url,
-#          ticket: ticket
+          TARGET: target_url,
         }
         r = cas_url + append_params(options.service_validate_url, parms)
         r

data/lib/omni_auth/strategies/saml/service_ticket_validator.rb

@@ -8,7 +8,7 @@ module OmniAuth
       class ServiceTicketValidator < OmniAuth::Strategies::CAS::ServiceTicketValidator
        ART_TEMPLATE = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
                      "<SOAP-ENV:Header/><SOAP-ENV:Body>" +
-                     "<samlp:Request IssueInstant=\"%s\" MajorVersion=\"1\" MinorVersion=\"1\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\">" +
+                     "<samlp:Request IssueInstant=\"%s\" RequestID=\"%s\" MajorVersion=\"1\" MinorVersion=\"1\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\">" +
                      "<samlp:AssertionArtifact>%s</samlp:AssertionArtifact>" +
                      "</samlp:Request>" +
                      "</SOAP-ENV:Body>" +
@@ -52,7 +52,7 @@ module OmniAuth
           end
         end
         def get_service_request_body
-          ART_TEMPLATE % [Time.now.utc.iso8601(3), @ticket]
+          ART_TEMPLATE % [Time.now.utc.iso8601(3), SecureRandom.hex(16), @ticket]
         end
         # retrieves the `<sprot:Response>` XML from the CAS server
         def get_service_response_body

data/lib/tasks/cul_omniauth_tasks.rake

@@ -22,8 +22,8 @@ namespace :cul_omniauth do
     end
 
   rescue LoadError => e
-    puts "[Warning] Exception creating rspec rake tasks.  This message can be ignored in environments that intentionally do not pull in the RSpec gem (i.e. production)."
-    puts e
+    # https://github.com/rspec/rspec-core/issues/1638
+    # rspec is not available
   end
   desc "Execute specs with coverage"
   task :coverage do

data/spec/dummy/log/test.log

@@ -1,124 +1,3 @@
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.2ms)  begin transaction
-------------------------------------------------------------------
-OmniAuth::Strategies::WIND::ServiceTicketValidatorTest: test_truth
-------------------------------------------------------------------
-   (0.0ms)  rollback transaction
-   (0.0ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
-----------------------------------------------------------------------------
-OmniAuth::Strategies::WIND::ServiceTicketValidatorTest: test_success_parsing
-----------------------------------------------------------------------------
-   (0.0ms)  rollback transaction
-   (0.0ms)  begin transaction
-------------------------------------------------------------------
-OmniAuth::Strategies::WIND::ServiceTicketValidatorTest: test_truth
-------------------------------------------------------------------
-   (0.0ms)  rollback transaction
-   (0.0ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------
-CulOmniauthTest: test_truth
----------------------------
-   (0.0ms)  rollback transaction
-   (0.1ms)  begin transaction
----------------------------------------------------
-CulOmniauthTest: test_FailureApp_provider_overrides
----------------------------------------------------
-   (0.1ms)  rollback transaction
-   (0.1ms)  begin transaction
-----------------------------
-CulOmniauthTest: test_module
-----------------------------
-   (0.1ms)  rollback transaction
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
-no persisted user for id {"uid"=>"foo", "extra"=>{}}
 no persisted user for id {"uid"=>"foo", "extra"=>{}}
 no persisted user for id {"uid"=>"foo", "extra"=>{}}
 no persisted user for id {"uid"=>"foo", "extra"=>{}}

data/spec/lib/cul/omniauth/abilities_spec.rb

@@ -163,4 +163,30 @@ describe Cul::Omniauth::Abilities do
       end
     end
   end
+
+  context "with no user" do
+  let(:current_user) { nil }
+    let(:rules) do
+      YAML.load(fixture('test/role_config/members.yml').read)['_all_environments']
+    end
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+      rig.instance_variable_set :@current_ability, nil
+    end
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+    subject do
+      rig.current_ability
+    end
+    it "has abilities of *" do
+        expect(subject.can?  :index, proxy).to be
+    end
+    it "has abilities of roles with member *" do
+        expect(subject.can?  :download, proxy).to be
+    end
+    it "doesn't have unexpected abilities" do
+        expect(subject.can?  :update, proxy).not_to be
+    end
+  end
 end

data/spec/lib/cul/omniauth/callbacks_spec.rb

@@ -59,6 +59,21 @@ describe Cul::Omniauth::Callbacks do
             subject.send method.downcase.to_sym
             expect(rig.flash[:notice]).to be
           end
+          context "and success translation is empty" do
+            before do
+              I18n.load_path.unshift fixture_path(File.join('test', 'locales', 'translation.en.yml'))
+              I18n.backend.reload!
+            end
+            after do
+              I18n.load_path.shift
+              I18n.backend.reload!
+            end
+            it do
+              is_expected.to receive(:sign_in_and_redirect)
+              subject.send method.downcase.to_sym
+              expect(rig.flash[:notice]).not_to be
+            end
+          end
           context "no current_user" do
             before do
               rig.instance_variable_set :@current_user, nil

data/spec/lib/cul/omniauth/users/configured_roles_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe Cul::Omniauth::Users::ConfiguredRoles do
+
+  it do
+    is_expected.to be_a Module
+  end
+  context "is included" do
+    let(:uid) { 'foo' }
+    let(:rules) do
+      YAML.load(fixture('test/role_config/members.yml').read)['_all_environments']
+    end
+    let(:test_class) {
+    	c = Class.new(User)
+      c.class_eval do
+        attr_accessor :request, :flash, :session
+        include Cul::Omniauth::Users::ConfiguredRoles
+      end
+      c
+    }
+
+    before do
+      Ability.instance_variable_set :@role_proxy_config, symbolize_hash_keys(rules)
+    end
+
+    after do
+      Ability.instance_variable_set :@role_proxy_config, nil
+    end
+
+    subject { test_class.new }
+
+    context "a role as ad-hoc members" do
+      it 'should find memberships one level removed' do
+        expect(subject.role? 'one_level').to be
+      end
+      it 'should find memberships several levels removed' do
+        expect(subject.role? 'three_level').to be
+      end
+      it 'should still return false for other roles' do
+        expect(subject.role? 'none_level').not_to be
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -28,6 +28,10 @@ if ActiveSupport::TestCase.method_defined?(:fixture_path=)
   ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
 end
 
+def fixture_path(filename)
+  path = File.join(File.dirname(__FILE__),'..','fixtures',filename)
+end
+
 def fixture(filename, mode="r")
   path = File.join(File.dirname(__FILE__),'..','fixtures',filename)
   if block_given?
@@ -57,4 +61,5 @@ class User
   def self.devise(*args); end
   def persisted?; persisted; end
   include Cul::Omniauth::Users
+  include Cul::Omniauth::Users::ConfiguredRoles
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cul_omniauth
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.5.5
 platform: ruby
 authors:
 - barmintor
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-02 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.5'
 description: Engine and model mixins for Omniauth with CAS and SSL.
 email:
 - LASTNAME at gmail
@@ -113,6 +113,7 @@ files:
 - app/helpers/cul/omniauth/application_helper.rb
 - app/models/concerns/cul/omniauth/abilities.rb
 - app/models/concerns/cul/omniauth/users.rb
+- app/models/concerns/cul/omniauth/users/configured_roles.rb
 - app/views/layouts/cul/omniauth/application.html.erb
 - config/locales/cul_omniauth.en.yml
 - config/routes.rb
@@ -170,6 +171,7 @@ files:
 - spec/lib/cul/omniauth/abilities_spec.rb
 - spec/lib/cul/omniauth/callbacks_spec.rb
 - spec/lib/cul/omniauth/remote_ip_ability_spec.rb
+- spec/lib/cul/omniauth/users/configured_roles_spec.rb
 - spec/lib/cul/omniauth/users_spec.rb
 - spec/lib/omni_auth/strategies/saml/service_ticket_validator_spec.rb
 - spec/lib/omni_auth/strategies/wind/service_ticket_validator_spec.rb
@@ -193,55 +195,54 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Omniauth engine for CUL web apps.
 test_files:
-- spec/cul_omniauth_spec.rb
+- spec/spec_helper.rb
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
-- spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/bin/rake
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
-- spec/dummy/bin/rake
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
+- spec/dummy/config/secrets.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/config/locales/en.yml
 - spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/environment.rb
+- spec/dummy/config/application.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/boot.rb
+- spec/dummy/config/roles.yml
 - spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/cookies_serializer.rb
-- spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/config/roles.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/config/secrets.yml
+- spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config.ru
-- spec/dummy/db/test.sqlite3
-- spec/dummy/log/test.log
-- spec/dummy/public/404.html
+- spec/dummy/Rakefile
+- spec/dummy/public/favicon.ico
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/Rakefile
+- spec/dummy/public/404.html
+- spec/dummy/db/test.sqlite3
+- spec/dummy/log/test.log
 - spec/dummy/README.rdoc
 - spec/integration/navigation_spec.rb
 - spec/lib/cul/omniauth/abilities_spec.rb
 - spec/lib/cul/omniauth/callbacks_spec.rb
-- spec/lib/cul/omniauth/remote_ip_ability_spec.rb
+- spec/lib/cul/omniauth/users/configured_roles_spec.rb
 - spec/lib/cul/omniauth/users_spec.rb
-- spec/lib/omni_auth/strategies/saml/service_ticket_validator_spec.rb
+- spec/lib/cul/omniauth/remote_ip_ability_spec.rb
 - spec/lib/omni_auth/strategies/wind/service_ticket_validator_spec.rb
-- spec/spec_helper.rb
-has_rdoc: 
+- spec/lib/omni_auth/strategies/saml/service_ticket_validator_spec.rb
+- spec/cul_omniauth_spec.rb