els_token 1.0.1 → 1.2.0

data/test/dummy/app/assets/javascripts/application.js

@@ -11,5 +11,4 @@
 // GO AFTER THE REQUIRES BELOW.
 //
 //= require jquery
-//= require jquery_ujs
-//= require_tree .
+//= require els_session

data/test/dummy/app/assets/javascripts/els_session.js.coffee

@@ -0,0 +1,7 @@
+$ ->
+  
+  $('.els_session input#override').on "click", ->
+    if $(this).is(':checked')
+      $('.els_session input#password').parent().fadeOut()
+    else
+      $('.els_session input#password').parent().fadeIn()

data/test/dummy/app/controllers/application_controller.rb

@@ -2,16 +2,55 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
   
   include ElsToken
-  #els_options ELS_CONFIG
+  els_config ELS_CONFIG
   
-  before_filter :authenticate
+  helper_method :remote_user, :rpa_username, :els_identity
   
   private
   
-  def authenticate
-    session[:user] ||= get_identity
-    unless session[:user]
-      render :nothing => true, :status => :unauthorized
+  # will set a @cdid instance variable
+  # determined by the REMOTE_USER or RPA_USERNAME headers.
+  # cdid doesn't change often so it's gets stashed in the session  
+  #
+  def cdid
+    @cdid ||= 
+    session[:cdid] ||= 
+    request.headers["REMOTE_USER"] ||=
+    request.headers["RPA_USERNAME"]
+  end
+  
+  # the els_identity is backed by the ELS SSO system.
+  # It will try to get a full identity object and then store
+  # that in a memcache as raw retrieval currently hits performance.
+  # Whilst SSO is brilliant, it can be a bit of a drag working around
+  # it during development.
+  # 
+  # This method will allow an end user to circumvent
+  # the domain specific ELS login by authenticating directly with the ELS
+  # system or, if a cookie is already resent, use that to retrieve an identity.
+  # As an additional development bonus, it's possible to fake the identity -
+  # setting it to whatever username is desired. 
+  #
+  # It's up to the implementer to test the validity of that username in 
+  # their own application. 
+  # Likewise once you have an ElsIdentity object you may want to call your own
+  # usermodel based on some value. 'cdid' and 'employee_number'
+  # are common ones.
+  #
+  # One of the best things about the ElsIdentity is that it contains Group
+  # information :) So, rather than implementing yet-another-role system in
+  # your app, let the identity be managed centrally. Once you have the
+  # ElsIdentity you can ask it whether it belongs to some role:
+  #
+  #  @els_identity.has_role? "some group"
+  # 
+  def els_identity
+    @els_identity = Rails.cache.fetch(session[:els_token], :namespace => "els_identity")
+    unless @els_identity
+      Rails.logger.debug("no identity in cache. Redirecting")
+      session[:redirect_to] = request.env["PATH_INFO"]
+      logger.debug("user will be returned to #{session[:redirect_to]}")
+      redirect_to els_session_new_path
     end
   end
 

data/test/dummy/app/controllers/els_session_controller.rb

@@ -0,0 +1,91 @@
+class ElsSessionController < ApplicationController
+
+  before_filter :els_identity, :only => [:show]
+
+  def show
+  end
+
+  # When in dev/qa we may need to provide credentials
+  # if ELS has not been setup
+  # this will be valid if a known cookie exists
+  def new
+    @els_identity = get_identity rescue nil
+    if @els_identity
+      session[:els_token] = @els_identity.token_id
+      Rails.cache.write(session[:els_token], @els_identity, 
+        :namespace => "els_identity",
+        :expires_in => 1200)
+      go_back
+    end
+    # or get some login details  
+  end
+
+  # Should not get here during production
+  def create
+    begin
+      if params["override"]
+        # just fake the session
+        logger.debug("faking session with id #{params["username"]}")
+        @els_identity = ElsFaker.new(params["username"])
+      else
+        logger.debug("attempting to authenticate #{params["username"]}")
+        token = authenticate(params["username"],params["password"])
+        logger.debug("got token #{token}")
+        if token
+          @els_identity = get_token_identity(token)
+          flash[:notice] = "cannot retrieve identity" unless @els_identity
+        else
+          flash[:error] = "unable to authenticate"
+        end
+      end
+    rescue Exception => e
+      flash[:error] = "Something went wrong #{e.message}"
+    end
+    if @els_identity
+      update_and_return
+    else
+      render :new
+    end
+  end
+
+  def destroy
+    Rails.cache.delete(session[:els_token])
+    session[:els_token] = nil
+    cookies.delete(ELS_CONFIG['cookie'], :domain => request.env["SERVER_NAME"])
+    redirect_to els_session_new_path
+  end
+
+  private
+
+  # This app should really be running behind an els processor
+  # stashing the els token against the current host should allow
+  # for a better dev/qa experience without affecting production
+  def stash_cookie
+    cookies[ELS_CONFIG['cookie']] = {
+      :value => @els_identity.token_id,
+      :domain => request.env["SERVER_NAME"],
+      :path => '/',
+      :expires => Time.now + 24.hours
+    }
+  end
+
+  def update_and_return
+    stash_cookie
+    session[:els_token] = @els_identity.token_id
+    logger.debug("got token id #{session[:els_token]}")
+    Rails.cache.write(session[:els_token], @els_identity, 
+      :namespace => "els_identity",
+      :expires_in => 1200)
+    go_back
+  end
+  
+  def go_back
+    if session[:redirect_to] =~ /els_session\//
+      # Do not redirect back to a session action
+      redirect_to root_path
+    else
+      redirect_to session[:redirect_to]
+    end
+  end
+
+end

data/test/dummy/app/models/els_faker.rb

@@ -0,0 +1,8 @@
+# Simple class Used for development only
+class ElsFaker < ElsToken::ElsIdentity
+  def initialize(cdid)
+    super
+    @name = cdid
+    @token_id = Random.rand
+  end 
+end

data/test/dummy/app/views/els_session/new.html.erb

@@ -0,0 +1,41 @@
+<h1>Oops! Authentication Required</h1>
+<p>We are currently running with a <span class="env"><%= Rails.env %></span> configuration</p>
+
+<div class='flash'>
+  <% if flash[:notice] %>
+    <p class="notice"><%= flash[:notice] %></p>
+  <% end %>
+
+  <% if flash[:error] %>
+    <p class="error"><%= flash[:error] %></p>
+  <% end %>
+</div>
+
+<% if Rails.env.eql? "development" %>
+  <p>As a convenience, anyone can login as anyone when in dev mode - just enter a valid cdid and go</p>
+  <p>If you need to test real authentication, uncheck the override box and enter a UAT password.<br>
+    If you don't know what your UAT cdid password is then speak to someone in EIO@teamaol.com</p>
+<% else %>
+  <p>This login screen should only appear when in development mode so something has gone wrong.<br> 
+    However, you can still use the system if you enter valid cdid credentials.<br> 
+    Someone has been notified of the situation so don't worry :)
+  </p>
+<% end %>
+
+<%= form_tag els_session_create_path, :class => "els_session" do %>
+  <div class="field">
+    <%= label_tag :username %>
+    <%= text_field_tag :username, params[:username] %>
+  </div>
+  <div class="field<%= Rails.env.eql?("development") ? ' default_hidden' : '' %>">
+    <%= label_tag :password %>
+    <%= password_field_tag :password, params[:password] %>
+  </div>
+  <% if Rails.env.eql? "development" %>
+    <div class="field">
+      <%= label_tag "Override: Just log me in and forget the password. I know what I'm doing, honest :)" %>
+      <%= check_box_tag :override, params[:override] %>
+    </div>
+  <% end %>
+  <div class="actions"><%= submit_tag "Log in" %></div>
+<% end %>

data/test/dummy/app/views/els_session/show.html.erb

@@ -0,0 +1,4 @@
+<h1>Session Info<h1>
+<div class='field'>
+  <p>Identity: <%= @els_identity.inspect %></p>
+</div>

data/test/dummy/app/views/layouts/application.html.erb

@@ -1,12 +1,17 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>Dummy</title>
+  <title>ElsSession</title>
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
   <%= csrf_meta_tags %>
 </head>
 <body>
+<% if @els_identity %>
+	<div class='els_logout'>
+		<%= button_to "logout", els_session_destroy_path, :method => :delete %>
+	</div>
+<% end %>
 
 <%= yield %>
 

data/test/dummy/config/application.rb

@@ -7,50 +7,14 @@ require "els_token"
 
 module Dummy
   class Application < Rails::Application
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration should go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded.
 
-    # Custom directories with classes and modules you want to be autoloadable.
-    # config.autoload_paths += %W(#{config.root}/extras)
-
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-
-    # Activate observers that should always be running.
-    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
-
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
-
-    # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
-
-    # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
-
-    # Use SQL instead of Active Record's schema dumper when creating the database.
-    # This is necessary if your schema can't be completely dumped by the schema dumper,
-    # like if you have constraints or database-specific column types
-    # config.active_record.schema_format = :sql
-
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    # config.active_record.whitelist_attributes = true
-
-    # Enable the asset pipeline
     config.assets.enabled = true
-
-    # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'
+    config.cache_store =  :memory_store
+    #, :size => 100.megabytes
+    #, :namespace => "els_identity", :expires_in => 1200
   end
 end
 

data/test/dummy/config/els_token.yml

@@ -0,0 +1,21 @@
+development:
+  uri: https://elsuat-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryProuat
+  
+test:
+  faker:
+    name: neilcuk
+    employee_number: 09095
+    roles:
+      - Passport Admins
+      - Domain Users
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro
+
+uat:
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro    
+    
+production:
+  uri: https://els-sso.corp.aol.com/opensso/identity
+  cookie: iPlanetDirectoryPro    

data/test/dummy/config/environments/development.rb

@@ -11,7 +11,7 @@ Dummy::Application.configure do
 
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
-  config.action_controller.perform_caching = false
+  config.action_controller.perform_caching = true
 
   # Don't care if the mailer can't send
   config.action_mailer.raise_delivery_errors = false

data/test/dummy/config/environments/uat.rb

@@ -0,0 +1,67 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to Rails.root.join("public/assets")
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

data/test/dummy/config/initializers/els_token.rb

@@ -1,4 +1,4 @@
-ELS_CONFIG = YAML.load_file("#{Rails.root}/config/els.yml")["test"]
+ELS_CONFIG = YAML.load_file("#{Rails.root}/config/els_token.yml")[Rails.env]
 
 class ElsTester  < ActionController::Base
   include ElsToken

data/test/dummy/config/routes.rb

@@ -1,60 +1,14 @@
 Dummy::Application.routes.draw do
-  get "hello/index"
-
-  # The priority is based upon order of creation:
-  # first created -> highest priority.
-
-  # Sample of regular route:
-  #   match 'products/:id' => 'catalog#view'
-  # Keep in mind you can assign values other than :controller and :action
-
-  # Sample of named route:
-  #   match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
-  # This route can be invoked with purchase_url(:id => product.id)
-
-  # Sample resource route (maps HTTP verbs to controller actions automatically):
-  #   resources :products
-
-  # Sample resource route with options:
-  #   resources :products do
-  #     member do
-  #       get 'short'
-  #       post 'toggle'
-  #     end
   #
-  #     collection do
-  #       get 'sold'
-  #     end
-  #   end
-
-  # Sample resource route with sub-resources:
-  #   resources :products do
-  #     resources :comments, :sales
-  #     resource :seller
-  #   end
-
-  # Sample resource route with more complex sub-resources
-  #   resources :products do
-  #     resources :comments
-  #     resources :sales do
-  #       get 'recent', :on => :collection
-  #     end
-  #   end
-
-  # Sample resource route within a namespace:
-  #   namespace :admin do
-  #     # Directs /admin/products/* to Admin::ProductsController
-  #     # (app/controllers/admin/products_controller.rb)
-  #     resources :products
-  #   end
-
-  # You can have the root of your site routed with "root"
-  # just remember to delete public/index.html.
-  # root :to => 'welcome#index'
+  # session handlers
+  #
+  get     "els_session/new"
 
-  # See how all your routes lay out with "rake routes"
+  get     "els_session/show"
+  
+  post    "els_session/create"
 
-  # This is a legacy wild controller route that's not recommended for RESTful applications.
-  # Note: This route will make all actions in every controller accessible via GET requests.
-  # match ':controller(/:action(/:id))(.:format)'
+  delete  "els_session/destroy"
+  
+  root :to => 'els_session#show'
 end