custom-adal 1.0.1

data/spec/adal/user_credential_spec.rb

@@ -0,0 +1,125 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative '../spec_helper'
+
+include FakeData
+
+describe ADAL::UserCredential do
+  let(:user_cred) { ADAL::UserCredential.new(USERNAME, PASSWORD) }
+  let(:fed_url) { 'https://abc.def/' }
+
+  before(:each) do
+    expect(Net::HTTP).to receive(:get).once.and_return(
+      "{\"account_type\": \"#{account_type}\", " \
+      "\"federation_metadata_url\": \"#{fed_url}\"}")
+  end
+
+  context 'with a federated user' do
+    let(:account_type) { 'Federated' }
+
+    describe '#account_type' do
+      subject { user_cred.account_type }
+
+      it { is_expected.to eq ADAL::UserCredential::AccountType::FEDERATED }
+
+      it 'should cache the response instead of making multiple HTTP requests' do
+        # Note the .once in the before block.
+        user_cred.account_type
+        user_cred.account_type
+      end
+    end
+
+    describe '#request_params' do
+      subject { user_cred.request_params }
+      let(:action) do
+        'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal'
+      end
+      let(:grant_type) { 'grant_type' }
+      let(:token) { 'token' }
+      let(:wstrust_url) { 'https://ghi.jkl/' }
+
+      before(:each) do
+        expect_any_instance_of(ADAL::MexRequest).to receive(:execute)
+          .and_return(double(wstrust_url: wstrust_url, action: action))
+        expect_any_instance_of(ADAL::WSTrustRequest).to receive(:execute)
+          .and_return(double(token: token, grant_type: grant_type))
+      end
+
+      it 'contains assertion, grant_type and scope' do
+        expect(subject.keys).to contain_exactly(:assertion, :grant_type, :scope)
+      end
+
+      describe 'assertion' do
+        subject { user_cred.request_params[:assertion] }
+
+        it 'contains the base64 encoded token' do
+          expect(Base64.decode64(subject)).to eq token
+        end
+      end
+
+      describe 'scope' do
+        subject { user_cred.request_params[:scope] }
+
+        it { is_expected.to eq :openid }
+      end
+    end
+  end
+
+  context 'with a managed user' do
+    let(:account_type) { 'Managed' }
+
+    describe '#account_type' do
+      subject { user_cred.account_type }
+      it { is_expected.to eq ADAL::UserCredential::AccountType::MANAGED }
+    end
+
+    describe '#request_params' do
+      it 'should contain username, password and grant type' do
+        expect(user_cred.request_params.keys).to contain_exactly(
+          :username, :password, :grant_type, :scope)
+      end
+
+      describe 'grant_type' do
+        subject { user_cred.request_params[:grant_type] }
+
+        it { is_expected.to eq 'password' }
+      end
+    end
+  end
+
+  context 'with an unknown account type user' do
+    let(:account_type) { 'Unknown' }
+
+    describe '#account_type' do
+      subject { user_cred.account_type }
+      it { is_expected.to eq ADAL::UserCredential::AccountType::UNKNOWN }
+    end
+
+    describe '#request_params' do
+      it 'should throw an error' do
+        expect { user_cred.request_params }.to raise_error(
+          ADAL::UserCredential::UnsupportedAccountTypeError)
+      end
+    end
+  end
+end

data/spec/adal/user_identifier_spec.rb

@@ -0,0 +1,115 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+require_relative '../spec_helper'
+
+describe ADAL::UserIdentifier do
+  describe '#initialize' do
+    context 'with a valid type' do
+      subject { -> { ADAL::UserIdentifier.new('a@io', :DISPLAYABLE_ID) } }
+      it { is_expected.to_not raise_error }
+    end
+
+    context 'with an invalid type' do
+      subject { -> { ADAL::UserIdentifier.new('a@io', :NEW_ID) } }
+      it { is_expected.to raise_error ArgumentError }
+    end
+  end
+
+  describe 'request_parameters' do
+    let(:id) { 'my id' }
+    let(:type) { ADAL::UserIdentifier::UNIQUE_ID }
+    let(:user_id) { ADAL::UserIdentifier.new(id, type) }
+    subject { user_id.request_params }
+    it { is_expected.to eq(user_info: user_id) }
+  end
+
+  describe '==' do
+    let(:id) { 'my id' }
+    subject { ADAL::UserIdentifier.new(id, type) }
+
+    context 'with another UserIdentifier' do
+      let(:type) { ADAL::UserIdentifier::Type::UNIQUE_ID }
+      it 'uses object equality' do
+        expect(subject == subject).to be_truthy
+        expect(subject == ADAL::UserIdentifier.new(id, type)).to be_falsey
+      end
+    end
+
+    context 'with a string username' do
+      let(:type) { ADAL::UserIdentifier::Type::UNIQUE_ID }
+      it 'matches strings to the id' do
+        expect(subject == id).to be_truthy
+        expect(subject == '5').to be_falsey
+      end
+    end
+
+    context 'with a UserInformation' do
+      context 'with type UNIQUE_ID' do
+        let(:type) { ADAL::UserIdentifier::Type::UNIQUE_ID }
+
+        it 'matches oid' do
+          user_info = ADAL::UserInformation.new(oid: id)
+          expect(subject == user_info).to be_truthy
+        end
+
+        it 'matches sub' do
+          user_info = ADAL::UserInformation.new(sub: id)
+          expect(subject == user_info).to be_truthy
+        end
+
+        it 'does not match upn' do
+          user_info = ADAL::UserInformation.new(upn: id)
+          expect(subject == user_info).to be_falsey
+        end
+
+        it 'does not match email' do
+          user_info = ADAL::UserInformation.new(email: id)
+          expect(subject == user_info).to be_falsey
+        end
+      end
+
+      context 'with type DISPLAYABLE_ID' do
+        let(:type) { ADAL::UserIdentifier::Type::DISPLAYABLE_ID }
+
+        it 'does not match oid' do
+          user_info = ADAL::UserInformation.new(oid: id)
+          expect(subject == user_info).to be_falsey
+        end
+
+        it 'does not match sub' do
+          user_info = ADAL::UserInformation.new(sub: id)
+          expect(subject == user_info).to be_falsey
+        end
+
+        it 'matches upn' do
+          user_info = ADAL::UserInformation.new(upn: id)
+          expect(subject == user_info).to be_truthy
+        end
+
+        it 'matches email' do
+          user_info = ADAL::UserInformation.new(email: id)
+          expect(subject == user_info).to be_truthy
+        end
+      end
+    end
+  end
+end

data/spec/adal/wstrust_request_spec.rb

@@ -0,0 +1,51 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative '../spec_helper'
+
+describe ADAL::WSTrustRequest do
+  subject { ADAL::WSTrustRequest.new(uri) }
+
+  describe '#initialize' do
+    context 'with an invalid URI' do
+      let(:uri) { 'not a uri' }
+
+      it 'should raise InvalidURIError' do
+        expect do
+          ADAL::WSTrustRequest.new(uri)
+        end.to raise_error(URI::InvalidURIError)
+      end
+    end
+  end
+
+  describe '#execute' do
+    let(:uri) { 'https://microsoft.com/' }
+
+    it 'parses the body as an ADAL::WSTrustResponse' do
+      mex_response_body = 'mex body'
+      expect_any_instance_of(Net::HTTP).to receive(:request).once
+        .and_return(double(body: mex_response_body, code: '200'))
+      expect(ADAL::WSTrustResponse).to receive(:parse).with(mex_response_body)
+      subject.execute('some user', 'some password')
+    end
+  end
+end

data/spec/adal/wstrust_response_spec.rb

@@ -0,0 +1,152 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative '../spec_helper'
+
+WSTRUST_FIXTURES = File.expand_path('../../fixtures/wstrust', __FILE__)
+
+describe ADAL::WSTrustResponse do
+  describe '::parse' do
+    let(:response) { File.read(File.expand_path(file_name, WSTRUST_FIXTURES)) }
+
+    context 'with a successful response' do
+      let(:file_name) { 'success.xml' }
+
+      let(:token) do
+        File.read(File.expand_path('token.xml', WSTRUST_FIXTURES))
+      end
+
+      it 'correctly extracts the token' do
+        wstrust_response = ADAL::WSTrustResponse.parse(response)
+        expect(wstrust_response.token.strip).to eq(token.strip)
+      end
+
+      it 'has the correct grant type' do
+        wstrust_response = ADAL::WSTrustResponse.parse(response)
+        expect(wstrust_response.grant_type).to eq(
+          ADAL::TokenRequest::GrantType::SAML1)
+      end
+    end
+
+    context 'with an unrecognized token type' do
+      let(:file_name) { 'unrecognized_token_type.xml' }
+
+      it 'throws the appropriate error' do
+        expect { ADAL::WSTrustResponse.parse(response) }
+          .to raise_error(ADAL::WSTrustResponse::UnrecognizedTokenTypeError)
+      end
+    end
+
+    context 'with a WS-Trust 1.3 response' do
+      let(:file_name) { 'wstrust.13.xml' }
+
+      it 'extracts the token' do
+        wstrust_response = ADAL::WSTrustResponse.parse(response)
+        expect(wstrust_response.token.strip).to_not be nil
+      end
+    end
+
+    context 'with a WS-Trust 2005 response' do
+      let(:file_name) { 'wstrust.2005.xml' }
+
+      it 'extracts the token' do
+        wstrust_response = ADAL::WSTrustResponse.parse(response)
+        expect(wstrust_response.token.strip).to_not be nil
+      end
+    end
+
+    context 'with an error response' do
+      let(:file_name) { 'error.xml' }
+
+      it 'throws the appropriate error' do
+        expect do
+          ADAL::WSTrustResponse.parse(response)
+        end.to raise_error(ADAL::WSTrustResponse::WSTrustError, /MSIS3127/)
+      end
+    end
+
+    context 'with invalid namespaces' do
+      let(:file_name) { 'invalid_namespaces.xml' }
+
+      it 'throws the appropriate error' do
+        expect { ADAL::WSTrustResponse.parse(response) }
+          .to raise_error(
+            ADAL::WSTrustResponse::WSTrustError, /Unable to parse token/)
+      end
+    end
+
+    context 'with an invalid abundance of security tokens' do
+      let(:file_name) { 'too_many_security_tokens.xml' }
+
+      it 'throws the appropriate error' do
+        expect { ADAL::WSTrustResponse.parse(response) }
+          .to raise_error(
+            ADAL::WSTrustResponse::WSTrustError,
+            /too many RequestedSecurityTokens/)
+      end
+    end
+
+    context 'with no security tokens on the first token response node' do
+      let(:file_name) { 'missing_security_tokens.xml' }
+      let(:expected_token) { '<foo:Assertion xmlns:foo="bar"/>' }
+      subject { ADAL::WSTrustResponse.parse(response) }
+
+      it { expect { subject }.to_not raise_error }
+
+      it 'should use the backup' do
+        expect(subject.token.to_s).to eq(expected_token)
+      end
+    end
+  end
+
+  describe '#grant_type' do
+    context 'with a SAML1 token type' do
+      subject do
+        response = ADAL::WSTrustResponse.new(
+          'irrelevant', ADAL::WSTrustResponse::TokenType::V1)
+        response.grant_type
+      end
+      it { is_expected.to eq(ADAL::TokenRequest::GrantType::SAML1) }
+    end
+
+    context 'with a SAML2 token type' do
+      subject do
+        response = ADAL::WSTrustResponse.new(
+          'irrelevant', ADAL::WSTrustResponse::TokenType::V2)
+        response.grant_type
+      end
+      it { is_expected.to eq(ADAL::TokenRequest::GrantType::SAML2) }
+    end
+
+    # This case should not happen unless the developer is being intentionally
+    # hacky. The constructor ensures that the token type is valid.
+    context 'with an unrecognized token type' do
+      subject do
+        response = ADAL::WSTrustResponse.new(
+          'irrelevant', ADAL::WSTrustResponse::TokenType::V1)
+        response.instance_variable_set(:@token_type, 'not a token type')
+        response.grant_type
+      end
+      it { is_expected.to be_nil }
+    end
+  end
+end