els_bootstrap 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,42 @@
+= ElsBootstrap
+
+Does your code sometimes feel a bit hacked in order to work around ELS authentication during development and testing?
+
+Does pulling out the REMOTE_USER and RPA_USERNAME leave you with a slightly metallic taste at the back of your mouth?
+
+Do you find yourself running multiple queries to pull the identity of the person using your site?
+
+If you answer yes to any of the above then the Els Bootsrap might be your cup of tea.
+
+== What it does
+
+The Els Bootstrap is a Rails engine providing some methods, routes and views to help your product work in the world of ELS authentication - whether you are using a bonafide ELS agent (behind Apache for example) or have rolled your own Web Server.
+
+It does this by interacting with the OpenAM HTTP API in order to provide credential authentication and SSO token identity lookup.
+
+When in ELS Identity mode, the Els Bootstrap will attempt to create a user identity from a known cookie SSO token. If no cookie is found (because you are developing, for example) then the user is directed to a built-in logon page where valid credentials can be supplied and validated against ELS - just as they would in production! However, if you want to put any ol' username in to test your app then you can override the auth and create a mock user.
+
+== How it does it
+
+When you include the gem, your Rails project will get 2 helper methods that you can use in any of your controllers (probably as before_filter methods).
+
+1. *cdid*. When used it will attempt to retrieve the REMOTE_USER or RPA_USERNAME header value. This is a very typical operation. The value is stashed in session[:cdid] and provides a *@cdid* instance variable for all controllers. Boring :p
+
+2. *els_identity*. When used your application will do whatever it can to generate a user identity based on the value of the ELS SSO token. The token can be retrieved from the browser or generated anew via a custom login process. This stashes the SSO token in session[:els_token] and results in an *@els_identity* instance variable accessible across all controllers. Mega :D
+
+_els_identity_ will not only result in a user cdid, but also their name, email address, employee number, AD Group membership (baked in roles!), account status and a few other tidbits. So unless you are after the entire HR Record, this is all you'll need for user identity in your app :)
+
+
+== How to use it
+
+1. add the gem to your Gemfile
+ gem 'els_bootstrap', "~>0.0.1"
+
+2. call els_identity in your controller. Example:
+	class ApplicationController < ActionController::Base
+		before_filter :els_identity
+	end
+
+== Contributing
+Yes please.
+fork, hack, send pull request :)

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ElsBootstrap'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/javascripts/els_bootstrap/els_session.js.coffee

@@ -0,0 +1,6 @@
+$ ->
+  $('.els_session input#override').on "click", ->
+    if $(this).is(':checked')
+      $('.els_session input#password').parent().fadeOut()
+    else
+      $('.els_session input#password').parent().fadeIn()

data/app/controllers/els_session_controller.rb

@@ -0,0 +1,94 @@
+class ElsSessionController < ApplicationController
+
+  include ElsToken
+  els_config YAML.load_file("#{Rails.root}/config/els_token.yml")[Rails.env]
+
+  before_filter :els_identity, :only => [:show]
+
+  def show
+  end
+
+  # When in dev/qa we may need to provide credentials
+  # if ELS has not been setup
+  # this will be valid if a known cookie exists
+  def new
+    @els_identity = get_identity rescue nil
+    if @els_identity
+      session[:els_token] = @els_identity.token_id
+      Rails.cache.write(session[:els_token], @els_identity, 
+        :namespace => "els_identity",
+        :expires_in => 1200)
+      go_back
+    end
+    # or get some login details  
+  end
+
+  # Should not get here during production
+  def create
+    begin
+      if params["override"]
+        # just fake the session
+        logger.debug("faking session with id #{params["username"]}")
+        @els_identity = ElsFaker.new(params["username"])
+      else
+        logger.debug("attempting to authenticate #{params["username"]}")
+        token = authenticate(params["username"],params["password"])
+        logger.debug("got token #{token}")
+        if token
+          @els_identity = get_token_identity(token)
+          flash[:notice] = "cannot retrieve identity" unless @els_identity
+        else
+          flash[:error] = "unable to authenticate"
+        end
+      end
+    rescue Exception => e
+      flash[:error] = "Something went wrong #{e.message}"
+    end
+    if @els_identity
+      update_and_return
+    else
+      render :new
+    end
+  end
+
+  def destroy
+    Rails.cache.delete(session[:els_token])
+    session[:els_token] = nil
+    cookies.delete(self.class.els_options['cookie'], :domain => request.env["SERVER_NAME"])
+    redirect_to els_session_new_path
+  end
+
+  private
+
+  # This app should really be running behind an els processor
+  # stashing the els token against the current host should allow
+  # for a better dev/qa experience without affecting production
+  def stash_cookie
+    cookies[self.class.els_options['cookie']] = {
+      :value => @els_identity.token_id,
+      :domain => request.env["SERVER_NAME"],
+      :path => '/',
+      :expires => Time.now + 24.hours
+    }
+  end
+
+  def update_and_return
+    stash_cookie
+    session[:els_token] = @els_identity.token_id
+    logger.debug("got token id #{session[:els_token]}")
+    Rails.cache.write(session[:els_token], @els_identity, 
+      :namespace => "els_identity",
+      :expires_in => 1200)
+    go_back
+  end
+  
+  def go_back
+    if session[:redirect_to] =~ /els_session\//
+      # Do not redirect back to a session action
+      redirect_to root_path
+    else
+      redirect_to session[:redirect_to]
+    end
+  end
+
+end

data/app/views/els_session/new.html.erb

@@ -0,0 +1,43 @@
+<%= javascript_include_tag "els_bootstrap/els_session" %>
+
+<h1>Oops! Authentication Required</h1>
+<p>We are currently running with a <span class="env"><%= Rails.env %></span> configuration</p>
+
+<div class='flash'>
+  <% if flash[:notice] %>
+    <p class="notice"><%= flash[:notice] %></p>
+  <% end %>
+
+  <% if flash[:error] %>
+    <p class="error"><%= flash[:error] %></p>
+  <% end %>
+</div>
+
+<% if Rails.env.eql? "development" %>
+  <p>As a convenience, anyone can login as anyone when in dev mode - just enter a valid cdid and go</p>
+  <p>If you need to test real authentication, uncheck the override box and enter a UAT password.<br>
+    If you don't know what your UAT cdid password is then speak to someone in EIO@teamaol.com</p>
+<% else %>
+  <p>This login screen should only appear when in development mode so something has gone wrong.<br> 
+    However, you can still use the system if you enter valid cdid credentials.<br> 
+    Someone has been notified of the situation so don't worry :)
+  </p>
+<% end %>
+
+<%= form_tag els_session_create_path, :class => "els_session" do %>
+  <div class="field">
+    <%= label_tag :username %>
+    <%= text_field_tag :username, params[:username] %>
+  </div>
+  <div class="field<%= Rails.env.eql?("development") ? ' default_hidden' : '' %>">
+    <%= label_tag :password %>
+    <%= password_field_tag :password, params[:password] %>
+  </div>
+  <% if Rails.env.eql? "development" %>
+    <div class="field">
+      <%= label_tag "Override: Just log me in and forget the password. I know what I'm doing, honest :)" %>
+      <%= check_box_tag :override, params[:override] %>
+    </div>
+  <% end %>
+  <div class="actions"><%= submit_tag "Log in" %></div>
+<% end %>

data/app/views/els_session/show.html.erb

@@ -0,0 +1,9 @@
+<% if @els_identity %>
+	<div class='els_logout'>
+		<%= button_to "logout", els_session_destroy_path, :method => :delete %>
+	</div>
+<% end %>
+<h1>Session Info<h1>
+<div class='field'>
+  <p>Identity: <%= @els_identity.inspect %></p>
+</div>

data/config/els_token.yml

@@ -0,0 +1,21 @@
+development:
+  uri: https://elsuat-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryProuat
+  
+test:
+  faker:
+    name: bob
+    employee_number: 00001
+    roles:
+      - Admins
+      - Domain Users
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro
+
+uat:
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro    
+    
+production:
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro    

data/config/routes.rb

@@ -0,0 +1,15 @@
+Rails.application.routes.draw do
+  
+  #
+  # session handlers
+  #
+  get     "els_session/new"
+
+  get     "els_session/show"
+  
+  post    "els_session/create"
+
+  delete  "els_session/destroy"
+  
+  root :to => 'els_session#show'
+end

data/lib/els_bootstrap/engine.rb

@@ -0,0 +1,4 @@
+module ElsBootstrap
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/els_bootstrap/version.rb

@@ -0,0 +1,3 @@
+module ElsBootstrap
+  VERSION = "0.0.1"
+end

data/lib/els_bootstrap.rb

@@ -0,0 +1,54 @@
+require "els_bootstrap/engine"
+require 'els_token'
+
+module ElsBootstrap
+    # will set a @cdid instance variable
+    # determined by the REMOTE_USER or RPA_USERNAME headers.
+    # cdid doesn't change often so it's gets stashed in the session  
+    #
+    def cdid
+      @cdid ||= 
+      session[:cdid] ||= 
+      request.headers["REMOTE_USER"] ||=
+      request.headers["RPA_USERNAME"]
+    end
+
+    # the els_identity is backed by the ELS SSO system.
+    # It will try to get a full identity object and then store
+    # that in a memcache as raw retrieval currently hits performance.
+    # Whilst SSO is brilliant, it can be a bit of a drag working around
+    # it during development.
+    # 
+    # This method will allow an end user to circumvent
+    # the domain specific ELS login by authenticating directly with the ELS
+    # system or, if a cookie is already resent, use that to retrieve an identity.
+    # As an additional development bonus, it's possible to fake the identity -
+    # setting it to whatever username is desired. 
+    #
+    # It's up to the implementer to test the validity of that username in 
+    # their own application. 
+    # Likewise once you have an ElsIdentity object you may want to call your own
+    # usermodel based on some value. 'cdid' and 'employee_number'
+    # are common ones.
+    #
+    # One of the best things about the ElsIdentity is that it contains Group
+    # information :) So, rather than implementing yet-another-role system in
+    # your app, let the identity be managed centrally. Once you have the
+    # ElsIdentity you can ask it whether it belongs to some role:
+    #
+    #  @els_identity.has_role? "some group"
+    # 
+    def els_identity
+      @els_identity = Rails.cache.fetch(session[:els_token], :namespace => "els_identity")
+      unless @els_identity
+        Rails.logger.debug("no identity in cache. Redirecting")
+        session[:redirect_to] = request.env["PATH_INFO"]
+        logger.debug("user will be returned to #{session[:redirect_to]}")
+        redirect_to els_session_new_path
+      end
+    end
+end
+
+ActiveSupport.on_load(:action_controller) do
+  include ElsBootstrap
+end

data/lib/tasks/els_bootstrap_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :els_bootstrap do
+#   # Task goes here
+# end

data/test/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.

data/test/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/test/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/test/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end