ddr-models 1.10.0 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/users/omniauth_callbacks_controller.rb +7 -3
- data/app/controllers/users/sessions_controller.rb +11 -1
- data/app/views/devise/sessions/new.html.erb +22 -0
- data/app/views/devise/shared/_links.erb +9 -0
- data/config/initializers/devise.rb +0 -1
- data/config/routes.rb +0 -3
- data/lib/ddr/auth.rb +4 -1
- data/lib/ddr/models/version.rb +1 -1
- data/spec/controllers/users/sessions_controller_spec.rb +25 -0
- data/spec/routing/user_routing_spec.rb +0 -6
- data/spec/spec_helper.rb +2 -0
- metadata +6 -5
- data/lib/ddr/auth/failure_app.rb +0 -16
- data/spec/controllers/application_controller_spec.rb +0 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 47da234ecb43f36fb0eb336d31519cddf290a207
|
|
4
|
+
data.tar.gz: ff7d195e23915f0e127161c01f24d2044dc879d2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3c435826a74310c1e70f2b8edf46569727edd0939a5863519bbe858a44313b1fb01dfdfd8cecb63d86399fc23e16205b80c634f73e4177c50d7ba1034fbdb2b4
|
|
7
|
+
data.tar.gz: dfce4af10755852dea51a93ebbed93b31aeef6f3b3b5672bfe5171a0cdd88c6b3b836752efaecee5e6b7c2a5419f9c82a9e8b4a37e0c6d0616cea18442fb92f0
|
|
@@ -2,10 +2,14 @@ require "devise/omniauth_callbacks_controller"
|
|
|
2
2
|
|
|
3
3
|
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
4
4
|
|
|
5
|
-
# Shibboleth callback
|
|
6
5
|
def shibboleth
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
user = resource_class.from_omniauth(request.env["omniauth.auth"])
|
|
7
|
+
set_flash_message :notice, :success, kind: "Duke NetID"
|
|
8
|
+
sign_in_and_redirect user
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def after_sign_in_path_for(resource)
|
|
12
|
+
request.env["omniauth.origin"] || super
|
|
9
13
|
end
|
|
10
14
|
|
|
11
15
|
end
|
|
@@ -1,7 +1,17 @@
|
|
|
1
1
|
class Users::SessionsController < Devise::SessionsController
|
|
2
2
|
|
|
3
|
+
def new
|
|
4
|
+
if Ddr::Auth.require_shib_user_authn
|
|
5
|
+
redirect_to user_omniauth_authorize_path(:shibboleth, origin: request.referrer)
|
|
6
|
+
else
|
|
7
|
+
store_location_for(:user, request.referrer)
|
|
8
|
+
super
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
3
12
|
def after_sign_out_path_for(scope)
|
|
4
|
-
|
|
13
|
+
return Ddr::Auth.sso_logout_url if Ddr::Auth.require_shib_user_authn
|
|
14
|
+
super
|
|
5
15
|
end
|
|
6
16
|
|
|
7
17
|
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
<h2>Login</h2>
|
|
2
|
+
|
|
3
|
+
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
|
|
4
|
+
<div class="form-group">
|
|
5
|
+
<%= f.label :username %>
|
|
6
|
+
<%= f.text_field :username %>
|
|
7
|
+
</div>
|
|
8
|
+
<div class="form-group">
|
|
9
|
+
<%= f.label :password %>
|
|
10
|
+
<%= f.password_field :password %>
|
|
11
|
+
</div>
|
|
12
|
+
<% if devise_mapping.rememberable? -%>
|
|
13
|
+
<div class="form-group">
|
|
14
|
+
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
|
|
15
|
+
</div>
|
|
16
|
+
<% end -%>
|
|
17
|
+
<div>
|
|
18
|
+
<%= f.submit "Login" %>
|
|
19
|
+
</div>
|
|
20
|
+
<% end %>
|
|
21
|
+
|
|
22
|
+
<%= render "devise/shared/links" %>
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
<%- if controller_name != 'sessions' %>
|
|
2
|
+
<%= link_to "Login", new_session_path(resource_name) %><br />
|
|
3
|
+
<% end -%>
|
|
4
|
+
|
|
5
|
+
<%- if devise_mapping.omniauthable? %>
|
|
6
|
+
<%- resource_class.omniauth_providers.each do |provider| %>
|
|
7
|
+
<%= link_to "Login with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
|
|
8
|
+
<% end -%>
|
|
9
|
+
<% end -%>
|
|
@@ -238,7 +238,6 @@ Devise.setup do |config|
|
|
|
238
238
|
# end
|
|
239
239
|
|
|
240
240
|
config.warden do |manager|
|
|
241
|
-
manager.failure_app = Ddr::Auth::FailureApp
|
|
242
241
|
# :superuser scope
|
|
243
242
|
manager.serialize_into_session(:superuser) { |superuser| superuser.id }
|
|
244
243
|
manager.serialize_from_session(:superuser) { |id| Devise.mappings[:user].to.find(id) }
|
data/config/routes.rb
CHANGED
data/lib/ddr/auth.rb
CHANGED
|
@@ -8,7 +8,6 @@ module Ddr
|
|
|
8
8
|
autoload :GroupService
|
|
9
9
|
autoload :GrouperService
|
|
10
10
|
autoload :RemoteGroupService
|
|
11
|
-
autoload :FailureApp
|
|
12
11
|
|
|
13
12
|
# Group authorized to act as superuser
|
|
14
13
|
mattr_accessor :superuser_group
|
|
@@ -52,5 +51,9 @@ module Ddr
|
|
|
52
51
|
false
|
|
53
52
|
end
|
|
54
53
|
|
|
54
|
+
mattr_accessor :sso_logout_url do
|
|
55
|
+
"/Shibboleth.sso/Logout?return=https://shib.oit.duke.edu/cgi-bin/logout.pl"
|
|
56
|
+
end
|
|
57
|
+
|
|
55
58
|
end
|
|
56
59
|
end
|
data/lib/ddr/models/version.rb
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
RSpec.describe Users::SessionsController, type: :controller do
|
|
2
|
+
|
|
3
|
+
before { request.env["devise.mapping"] = Devise.mappings[:user] }
|
|
4
|
+
|
|
5
|
+
describe "#new" do
|
|
6
|
+
before { request.env["HTTP_REFERER"] = "/foo/bar" }
|
|
7
|
+
describe "when shibboleth user authentication is required" do
|
|
8
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
|
9
|
+
it "should redirect to the shib authn path, setting the origin to the previous page" do
|
|
10
|
+
get :new
|
|
11
|
+
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth, origin: "/foo/bar"))
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
describe "when shibboleth user authentication is NOT required" do
|
|
16
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
|
|
17
|
+
it "should store the location of the previous page and render the 'new' template" do
|
|
18
|
+
expect(subject).to receive(:store_location_for).with(:user, "/foo/bar")
|
|
19
|
+
get :new
|
|
20
|
+
expect(response).to render_template(:new)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
@@ -17,10 +17,4 @@ RSpec.describe "users router", type: :routing do
|
|
|
17
17
|
it "should have a shibboleth authentication path helper" do
|
|
18
18
|
expect(get: user_omniauth_authorize_path(:shibboleth)).to route_to(controller: 'users/omniauth_callbacks', action: 'passthru', provider: 'shibboleth')
|
|
19
19
|
end
|
|
20
|
-
describe "redirects", type: :request do
|
|
21
|
-
it "should have a signed out path" do
|
|
22
|
-
get '/users/signed_out'
|
|
23
|
-
expect(response).to redirect_to('/')
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
20
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ddr-models
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jim Coble
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-02-
|
|
12
|
+
date: 2015-02-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
@@ -294,6 +294,8 @@ files:
|
|
|
294
294
|
- app/models/component.rb
|
|
295
295
|
- app/models/item.rb
|
|
296
296
|
- app/models/target.rb
|
|
297
|
+
- app/views/devise/sessions/new.html.erb
|
|
298
|
+
- app/views/devise/shared/_links.erb
|
|
297
299
|
- config/initializers/active_fedora_base.rb
|
|
298
300
|
- config/initializers/active_fedora_datastream.rb
|
|
299
301
|
- config/initializers/devise.rb
|
|
@@ -314,7 +316,6 @@ files:
|
|
|
314
316
|
- lib/ddr/actions/fixity_check.rb
|
|
315
317
|
- lib/ddr/auth.rb
|
|
316
318
|
- lib/ddr/auth/ability.rb
|
|
317
|
-
- lib/ddr/auth/failure_app.rb
|
|
318
319
|
- lib/ddr/auth/group_service.rb
|
|
319
320
|
- lib/ddr/auth/grouper_service.rb
|
|
320
321
|
- lib/ddr/auth/remote_group_service.rb
|
|
@@ -377,7 +378,7 @@ files:
|
|
|
377
378
|
- lib/ddr/vocab.rb
|
|
378
379
|
- lib/ddr/vocab/asset.rb
|
|
379
380
|
- lib/ddr/vocab/roles.rb
|
|
380
|
-
- spec/controllers/
|
|
381
|
+
- spec/controllers/users/sessions_controller_spec.rb
|
|
381
382
|
- spec/dummy/README.rdoc
|
|
382
383
|
- spec/dummy/Rakefile
|
|
383
384
|
- spec/dummy/app/assets/javascripts/application.js
|
|
@@ -488,7 +489,7 @@ signing_key:
|
|
|
488
489
|
specification_version: 4
|
|
489
490
|
summary: Models used in the Duke Digital Repository
|
|
490
491
|
test_files:
|
|
491
|
-
- spec/controllers/
|
|
492
|
+
- spec/controllers/users/sessions_controller_spec.rb
|
|
492
493
|
- spec/dummy/app/assets/javascripts/application.js
|
|
493
494
|
- spec/dummy/app/assets/stylesheets/application.css
|
|
494
495
|
- spec/dummy/app/controllers/application_controller.rb
|
data/lib/ddr/auth/failure_app.rb
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
module Ddr
|
|
2
|
-
module Auth
|
|
3
|
-
class FailureApp < Devise::FailureApp
|
|
4
|
-
|
|
5
|
-
def respond
|
|
6
|
-
if scope == :user && Ddr::Auth.require_shib_user_authn
|
|
7
|
-
store_location!
|
|
8
|
-
redirect_to user_omniauth_authorize_path(:shibboleth)
|
|
9
|
-
else
|
|
10
|
-
super
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
RSpec.describe ApplicationController, type: :controller do
|
|
2
|
-
controller do
|
|
3
|
-
before_action :authenticate_user!
|
|
4
|
-
def index; end
|
|
5
|
-
end
|
|
6
|
-
describe "authentication failure handling" do
|
|
7
|
-
describe "when shibboleth user authentication is required" do
|
|
8
|
-
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
|
9
|
-
it "should redirect to the shib authn path" do
|
|
10
|
-
get :index
|
|
11
|
-
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
describe "when shibboleth user authentication is not required" do
|
|
15
|
-
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
|
|
16
|
-
it "should redirect to the new user session path" do
|
|
17
|
-
get :index
|
|
18
|
-
expect(response).to redirect_to(new_user_session_path)
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|