ddr-models 1.10.0 → 1.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/users/omniauth_callbacks_controller.rb +7 -3
- data/app/controllers/users/sessions_controller.rb +11 -1
- data/app/views/devise/sessions/new.html.erb +22 -0
- data/app/views/devise/shared/_links.erb +9 -0
- data/config/initializers/devise.rb +0 -1
- data/config/routes.rb +0 -3
- data/lib/ddr/auth.rb +4 -1
- data/lib/ddr/models/version.rb +1 -1
- data/spec/controllers/users/sessions_controller_spec.rb +25 -0
- data/spec/routing/user_routing_spec.rb +0 -6
- data/spec/spec_helper.rb +2 -0
- metadata +6 -5
- data/lib/ddr/auth/failure_app.rb +0 -16
- data/spec/controllers/application_controller_spec.rb +0 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 47da234ecb43f36fb0eb336d31519cddf290a207
|
|
4
|
+
data.tar.gz: ff7d195e23915f0e127161c01f24d2044dc879d2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3c435826a74310c1e70f2b8edf46569727edd0939a5863519bbe858a44313b1fb01dfdfd8cecb63d86399fc23e16205b80c634f73e4177c50d7ba1034fbdb2b4
|
|
7
|
+
data.tar.gz: dfce4af10755852dea51a93ebbed93b31aeef6f3b3b5672bfe5171a0cdd88c6b3b836752efaecee5e6b7c2a5419f9c82a9e8b4a37e0c6d0616cea18442fb92f0
|
|
@@ -2,10 +2,14 @@ require "devise/omniauth_callbacks_controller"
|
|
|
2
2
|
|
|
3
3
|
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
4
4
|
|
|
5
|
-
# Shibboleth callback
|
|
6
5
|
def shibboleth
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
user = resource_class.from_omniauth(request.env["omniauth.auth"])
|
|
7
|
+
set_flash_message :notice, :success, kind: "Duke NetID"
|
|
8
|
+
sign_in_and_redirect user
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def after_sign_in_path_for(resource)
|
|
12
|
+
request.env["omniauth.origin"] || super
|
|
9
13
|
end
|
|
10
14
|
|
|
11
15
|
end
|
|
@@ -1,7 +1,17 @@
|
|
|
1
1
|
class Users::SessionsController < Devise::SessionsController
|
|
2
2
|
|
|
3
|
+
def new
|
|
4
|
+
if Ddr::Auth.require_shib_user_authn
|
|
5
|
+
redirect_to user_omniauth_authorize_path(:shibboleth, origin: request.referrer)
|
|
6
|
+
else
|
|
7
|
+
store_location_for(:user, request.referrer)
|
|
8
|
+
super
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
3
12
|
def after_sign_out_path_for(scope)
|
|
4
|
-
|
|
13
|
+
return Ddr::Auth.sso_logout_url if Ddr::Auth.require_shib_user_authn
|
|
14
|
+
super
|
|
5
15
|
end
|
|
6
16
|
|
|
7
17
|
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
<h2>Login</h2>
|
|
2
|
+
|
|
3
|
+
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
|
|
4
|
+
<div class="form-group">
|
|
5
|
+
<%= f.label :username %>
|
|
6
|
+
<%= f.text_field :username %>
|
|
7
|
+
</div>
|
|
8
|
+
<div class="form-group">
|
|
9
|
+
<%= f.label :password %>
|
|
10
|
+
<%= f.password_field :password %>
|
|
11
|
+
</div>
|
|
12
|
+
<% if devise_mapping.rememberable? -%>
|
|
13
|
+
<div class="form-group">
|
|
14
|
+
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
|
|
15
|
+
</div>
|
|
16
|
+
<% end -%>
|
|
17
|
+
<div>
|
|
18
|
+
<%= f.submit "Login" %>
|
|
19
|
+
</div>
|
|
20
|
+
<% end %>
|
|
21
|
+
|
|
22
|
+
<%= render "devise/shared/links" %>
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
<%- if controller_name != 'sessions' %>
|
|
2
|
+
<%= link_to "Login", new_session_path(resource_name) %><br />
|
|
3
|
+
<% end -%>
|
|
4
|
+
|
|
5
|
+
<%- if devise_mapping.omniauthable? %>
|
|
6
|
+
<%- resource_class.omniauth_providers.each do |provider| %>
|
|
7
|
+
<%= link_to "Login with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
|
|
8
|
+
<% end -%>
|
|
9
|
+
<% end -%>
|
|
@@ -238,7 +238,6 @@ Devise.setup do |config|
|
|
|
238
238
|
# end
|
|
239
239
|
|
|
240
240
|
config.warden do |manager|
|
|
241
|
-
manager.failure_app = Ddr::Auth::FailureApp
|
|
242
241
|
# :superuser scope
|
|
243
242
|
manager.serialize_into_session(:superuser) { |superuser| superuser.id }
|
|
244
243
|
manager.serialize_from_session(:superuser) { |id| Devise.mappings[:user].to.find(id) }
|
data/config/routes.rb
CHANGED
data/lib/ddr/auth.rb
CHANGED
|
@@ -8,7 +8,6 @@ module Ddr
|
|
|
8
8
|
autoload :GroupService
|
|
9
9
|
autoload :GrouperService
|
|
10
10
|
autoload :RemoteGroupService
|
|
11
|
-
autoload :FailureApp
|
|
12
11
|
|
|
13
12
|
# Group authorized to act as superuser
|
|
14
13
|
mattr_accessor :superuser_group
|
|
@@ -52,5 +51,9 @@ module Ddr
|
|
|
52
51
|
false
|
|
53
52
|
end
|
|
54
53
|
|
|
54
|
+
mattr_accessor :sso_logout_url do
|
|
55
|
+
"/Shibboleth.sso/Logout?return=https://shib.oit.duke.edu/cgi-bin/logout.pl"
|
|
56
|
+
end
|
|
57
|
+
|
|
55
58
|
end
|
|
56
59
|
end
|
data/lib/ddr/models/version.rb
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
RSpec.describe Users::SessionsController, type: :controller do
|
|
2
|
+
|
|
3
|
+
before { request.env["devise.mapping"] = Devise.mappings[:user] }
|
|
4
|
+
|
|
5
|
+
describe "#new" do
|
|
6
|
+
before { request.env["HTTP_REFERER"] = "/foo/bar" }
|
|
7
|
+
describe "when shibboleth user authentication is required" do
|
|
8
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
|
9
|
+
it "should redirect to the shib authn path, setting the origin to the previous page" do
|
|
10
|
+
get :new
|
|
11
|
+
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth, origin: "/foo/bar"))
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
describe "when shibboleth user authentication is NOT required" do
|
|
16
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
|
|
17
|
+
it "should store the location of the previous page and render the 'new' template" do
|
|
18
|
+
expect(subject).to receive(:store_location_for).with(:user, "/foo/bar")
|
|
19
|
+
get :new
|
|
20
|
+
expect(response).to render_template(:new)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
@@ -17,10 +17,4 @@ RSpec.describe "users router", type: :routing do
|
|
|
17
17
|
it "should have a shibboleth authentication path helper" do
|
|
18
18
|
expect(get: user_omniauth_authorize_path(:shibboleth)).to route_to(controller: 'users/omniauth_callbacks', action: 'passthru', provider: 'shibboleth')
|
|
19
19
|
end
|
|
20
|
-
describe "redirects", type: :request do
|
|
21
|
-
it "should have a signed out path" do
|
|
22
|
-
get '/users/signed_out'
|
|
23
|
-
expect(response).to redirect_to('/')
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
20
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ddr-models
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jim Coble
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-02-
|
|
12
|
+
date: 2015-02-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
@@ -294,6 +294,8 @@ files:
|
|
|
294
294
|
- app/models/component.rb
|
|
295
295
|
- app/models/item.rb
|
|
296
296
|
- app/models/target.rb
|
|
297
|
+
- app/views/devise/sessions/new.html.erb
|
|
298
|
+
- app/views/devise/shared/_links.erb
|
|
297
299
|
- config/initializers/active_fedora_base.rb
|
|
298
300
|
- config/initializers/active_fedora_datastream.rb
|
|
299
301
|
- config/initializers/devise.rb
|
|
@@ -314,7 +316,6 @@ files:
|
|
|
314
316
|
- lib/ddr/actions/fixity_check.rb
|
|
315
317
|
- lib/ddr/auth.rb
|
|
316
318
|
- lib/ddr/auth/ability.rb
|
|
317
|
-
- lib/ddr/auth/failure_app.rb
|
|
318
319
|
- lib/ddr/auth/group_service.rb
|
|
319
320
|
- lib/ddr/auth/grouper_service.rb
|
|
320
321
|
- lib/ddr/auth/remote_group_service.rb
|
|
@@ -377,7 +378,7 @@ files:
|
|
|
377
378
|
- lib/ddr/vocab.rb
|
|
378
379
|
- lib/ddr/vocab/asset.rb
|
|
379
380
|
- lib/ddr/vocab/roles.rb
|
|
380
|
-
- spec/controllers/
|
|
381
|
+
- spec/controllers/users/sessions_controller_spec.rb
|
|
381
382
|
- spec/dummy/README.rdoc
|
|
382
383
|
- spec/dummy/Rakefile
|
|
383
384
|
- spec/dummy/app/assets/javascripts/application.js
|
|
@@ -488,7 +489,7 @@ signing_key:
|
|
|
488
489
|
specification_version: 4
|
|
489
490
|
summary: Models used in the Duke Digital Repository
|
|
490
491
|
test_files:
|
|
491
|
-
- spec/controllers/
|
|
492
|
+
- spec/controllers/users/sessions_controller_spec.rb
|
|
492
493
|
- spec/dummy/app/assets/javascripts/application.js
|
|
493
494
|
- spec/dummy/app/assets/stylesheets/application.css
|
|
494
495
|
- spec/dummy/app/controllers/application_controller.rb
|
data/lib/ddr/auth/failure_app.rb
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
module Ddr
|
|
2
|
-
module Auth
|
|
3
|
-
class FailureApp < Devise::FailureApp
|
|
4
|
-
|
|
5
|
-
def respond
|
|
6
|
-
if scope == :user && Ddr::Auth.require_shib_user_authn
|
|
7
|
-
store_location!
|
|
8
|
-
redirect_to user_omniauth_authorize_path(:shibboleth)
|
|
9
|
-
else
|
|
10
|
-
super
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
RSpec.describe ApplicationController, type: :controller do
|
|
2
|
-
controller do
|
|
3
|
-
before_action :authenticate_user!
|
|
4
|
-
def index; end
|
|
5
|
-
end
|
|
6
|
-
describe "authentication failure handling" do
|
|
7
|
-
describe "when shibboleth user authentication is required" do
|
|
8
|
-
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
|
9
|
-
it "should redirect to the shib authn path" do
|
|
10
|
-
get :index
|
|
11
|
-
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
describe "when shibboleth user authentication is not required" do
|
|
15
|
-
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
|
|
16
|
-
it "should redirect to the new user session path" do
|
|
17
|
-
get :index
|
|
18
|
-
expect(response).to redirect_to(new_user_session_path)
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|