gds-sso 9.2.1 → 9.2.2

data/spec/requests/end_to_end_spec.rb

@@ -23,17 +23,17 @@ describe "Integration of client using GDS-SSO with signonotron" do
 
     specify "a non-restricted page can be accessed without authentication" do
       visit "http://#{@client_host}/"
-      page.should have_content('jabberwocky')
+      expect(page).to have_content('jabberwocky')
     end
 
     specify "first access to a restricted page requires authentication and application approval" do
       visit "http://#{@client_host}/restricted"
-      page.should have_content("Sign in")
+      expect(page).to have_content("Sign in")
       fill_in "Email", :with => "test@example-client.com"
       fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
       click_on "Sign in"
 
-      page.should have_content('restricted kablooie')
+      expect(page).to have_content('restricted kablooie')
     end
 
     specify "access to a restricted page for an approved application requires only authentication" do
@@ -48,12 +48,13 @@ describe "Integration of client using GDS-SSO with signonotron" do
       page.driver.header 'accept', 'text/html'
 
       visit "http://#{@client_host}/restricted"
-      page.should have_content("Sign in")
+      expect(page).to have_content("Sign in")
+
       fill_in "Email", :with => "test@example-client.com"
       fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
       click_on "Sign in"
 
-      page.should have_content('restricted kablooie')
+      expect(page).to have_content('restricted kablooie')
     end
 
     specify "access to a page that requires signin permission granted" do
@@ -68,12 +69,13 @@ describe "Integration of client using GDS-SSO with signonotron" do
       page.driver.header 'accept', 'text/html'
 
       visit "http://#{@client_host}/this_requires_signin_permission"
-      page.should have_content("Sign in")
+      expect(page).to have_content("Sign in")
+
       fill_in "Email", :with => "test@example-client.com"
       fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
       click_on "Sign in"
 
-      page.should have_content('you have signin permission')
+      expect(page).to have_content('you have signin permission')
     end
 
     describe "remotely signed out" do
@@ -85,7 +87,7 @@ describe "Integration of client using GDS-SSO with signonotron" do
         click_on "Sign in"
 
         page.driver.header 'accept', 'text/html'
-        page.should have_content('restricted kablooie')
+        expect(page).to have_content('restricted kablooie')
 
         # logout from signon
         visit "http://localhost:4567/users/sign_out"
@@ -99,48 +101,48 @@ describe "Integration of client using GDS-SSO with signonotron" do
         visit "http://#{@client_host}/restricted"
 
         # be redirected to signon
-        page.should have_content('GOV.UK Signon')
+        expect(page).to have_content('GOV.UK Signon')
         fill_in "Email", :with => "test@example-client.com"
         fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
         click_on "Sign in"
 
         # then back again to the restricted page
-        page.should have_content('restricted kablooie')
+        expect(page).to have_content('restricted kablooie')
       end
     end
 
     describe "session expiry" do
       it "should force you to re-authenticate with signonotron N hours after login" do
         visit "http://#{@client_host}/restricted"
-        page.should have_content("Sign in")
+        expect(page).to have_content("Sign in")
         fill_in "Email", :with => "test@example-client.com"
         fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
         click_on "Sign in"
 
-        page.should have_content('restricted kablooie')
+        expect(page).to have_content('restricted kablooie')
 
         Timecop.travel(Time.now.utc + GDS::SSO::Config.auth_valid_for + 5.minutes) do
           visit "http://#{@client_host}/restricted"
         end
 
-        page.driver.request.referrer.should =~ %r(\Ahttp://#{@client_host}/auth/gds/callback)
+        expect(page.driver.request.referrer).to match(%r(\Ahttp://#{@client_host}/auth/gds/callback))
       end
 
 
       it "should not require re-authentication with signonotron fewer than N hours after login" do
         visit "http://#{@client_host}/restricted"
-        page.should have_content("Sign in")
+        expect(page).to have_content("Sign in")
         fill_in "Email", :with => "test@example-client.com"
         fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
         click_on "Sign in"
 
-        page.should have_content('restricted kablooie')
+        expect(page).to have_content('restricted kablooie')
 
         Timecop.travel(Time.now.utc + GDS::SSO::Config.auth_valid_for - 5.minutes) do
           visit "http://#{@client_host}/restricted"
         end
 
-        page.driver.request.referrer.should =~ %r(\Ahttp://#{@client_host}/restricted)
+        expect(page.driver.request.referrer).to match(%r(\Ahttp://#{@client_host}/restricted))
       end
     end
   end
@@ -157,17 +159,17 @@ describe "Integration of client using GDS-SSO with signonotron" do
     specify "access to a restricted page for an api client requires auth" do
       page.driver.header 'authorization', 'Bearer Bad Token'
       visit "http://#{@client_host}/restricted"
-      page.driver.response.status.should == 401
+      expect(page.driver.response.status).to eq(401)
     end
 
     specify "setting a correct bearer token allows sign in" do
       visit "http://#{@client_host}/restricted"
-      page.should have_content('restricted kablooie')
+      expect(page).to have_content('restricted kablooie')
     end
 
     specify "setting a correct bearer token picks up permissions" do
       visit "http://#{@client_host}/this_requires_signin_permission"
-      page.should have_content('you have signin permission')
+      expect(page).to have_content('you have signin permission')
     end
   end
 end

data/spec/spec_helper.rb

@@ -21,7 +21,15 @@ require 'capybara/mechanize'
 include Warden::Test::Helpers
 
 RSpec.configure do |config|
-  config.mock_framework = :mocha
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
 end
 
 Dir[File.join(File.dirname(__FILE__), "support/**/*.rb")].each {|f| require f}

data/spec/support/timecop.rb

@@ -0,0 +1,7 @@
+require 'timecop'
+
+RSpec.configure do |config|
+  config.after :each do
+    Timecop.return
+  end
+end

data/spec/unit/api_access_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'gds-sso/api_access'
+
+describe GDS::SSO::ApiAccess do
+  it "should not consider IE7 accept header as an api call" do
+    ie7_accept_header = 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ' +
+      'application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, ' +
+      'application/x-ms-application, */*'
+    expect(GDS::SSO::ApiAccess.api_call?('HTTP_ACCEPT' => ie7_accept_header)).to be_false
+  end
+
+  it "should consider a json accept header to be an api call" do
+    expect(GDS::SSO::ApiAccess.api_call?('HTTP_ACCEPT' => 'application/json')).to be_true
+  end
+
+  it "should consider a request with an authorization header to be an oauth api call" do
+    expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => 'Bearer blahblahblah')).to be_true
+  end
+
+  it "should not consider a request with HTTP basic auth to be an oauth api call" do
+    expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => 'Basic Some basic credentials')).to be_false
+  end
+
+  it "should not consider a request with an empty authorization header to be an oauth api call" do
+    expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => '')).to be_false
+  end
+end

data/spec/unit/session_serialisation_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+require 'active_record'
+
+describe Warden::SessionSerializer do
+  class User < ActiveRecord::Base
+    include GDS::SSO::User
+
+  end
+
+  before :each do
+    @old_user_model = GDS::SSO::Config.user_model
+    GDS::SSO::Config.user_model = User
+    @user = double("User", uid: 1234)
+    @serializer = Warden::SessionSerializer.new(nil)
+  end
+  after :each do
+    GDS::SSO::Config.user_model = @old_user_model
+  end
+
+  describe "serializing a user" do
+
+    it "should return the uid and a timestamp" do
+      Timecop.freeze
+      result = @serializer.serialize(@user)
+
+      expect(result).to eq([1234, Time.now.utc])
+    end
+
+    it "should return nil if the user has no uid" do
+      @user.stub(:uid).and_return(nil)
+      result = @serializer.serialize(@user)
+
+      expect(result).to be_nil
+    end
+  end
+
+  describe "deserialize a user" do
+    it "should return the user if the timestamp is current" do
+      expect(User).to receive(:where).with(:uid => 1234, :remotely_signed_out => false).and_return(double(:first => :a_user))
+
+      result = @serializer.deserialize [1234, Time.now.utc - GDS::SSO::Config.auth_valid_for + 3600]
+
+      expect(result).to equal(:a_user)
+    end
+
+    it "should return nil if the timestamp is out of date" do
+      expect(User).not_to receive(:where)
+
+      result = @serializer.deserialize [1234, Time.now.utc - GDS::SSO::Config.auth_valid_for - 3600]
+
+      expect(result).to be_nil
+    end
+
+    it "should return nil for a user without a timestamp" do
+      expect(User).not_to receive(:where)
+
+      result = @serializer.deserialize 1234
+
+      expect(result).to be_nil
+    end
+  end
+end

data/{test/user_test.rb → spec/unit/user_spec.rb}

@@ -1,8 +1,8 @@
-require 'test_helper'
+require 'spec_helper'
 require 'gds-sso/user'
 
-class TestUser < Test::Unit::TestCase
-  def setup
+describe GDS::SSO::User do
+  before :each do
     @auth_hash = {
       'provider' => 'gds',
       'uid' => 'abcde',
@@ -12,8 +12,8 @@ class TestUser < Test::Unit::TestCase
     }
   end
 
-  def test_user_params_creation
+  it "should extract the user params from the oauth hash" do
     expected = {'uid' => 'abcde', 'name' => 'Matt Patterson', 'email' => 'matt@alphagov.co.uk', "permissions" => [], "organisation_slug" => nil}
-    assert_equal expected, GDS::SSO::User.user_params_from_auth_hash(@auth_hash)
+    expect(GDS::SSO::User.user_params_from_auth_hash(@auth_hash)).to eq(expected)
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 9.2.1
+  version: 9.2.2
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-30 00:00:00.000000000 Z
+date: 2014-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -92,22 +92,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.9.2.2
-- !ruby/object:Gem::Dependency
-  name: mocha
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.13.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.13.3
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -131,7 +115,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.12.2
+        version: 2.14.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -139,7 +123,7 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.12.2
+        version: 2.14.1
 - !ruby/object:Gem::Dependency
   name: capybara-mechanize
   requirement: !ruby/object:Gem::Requirement
@@ -294,12 +278,11 @@ files:
 - README.md
 - Gemfile
 - Rakefile
-- test/session_serialisation_test.rb
-- test/api_access_test.rb
-- test/user_test.rb
-- test/test_helper.rb
+- spec/unit/session_serialisation_spec.rb
+- spec/unit/user_spec.rb
+- spec/unit/api_access_spec.rb
+- spec/support/timecop.rb
 - spec/support/signonotron2_integration_helpers.rb
-- spec/requests/authentication_soot2.rb
 - spec/requests/end_to_end_spec.rb
 - spec/spec_helper.rb
 - spec/controller/api_user_controller_spec.rb
@@ -332,7 +315,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -250005457247113865
+      hash: 426318311748726962
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -341,7 +324,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -250005457247113865
+      hash: 426318311748726962
 requirements: []
 rubyforge_project: gds-sso
 rubygems_version: 1.8.23
@@ -349,12 +332,11 @@ signing_key:
 specification_version: 3
 summary: Client for GDS' OAuth 2-based SSO
 test_files:
-- test/session_serialisation_test.rb
-- test/api_access_test.rb
-- test/user_test.rb
-- test/test_helper.rb
+- spec/unit/session_serialisation_spec.rb
+- spec/unit/user_spec.rb
+- spec/unit/api_access_spec.rb
+- spec/support/timecop.rb
 - spec/support/signonotron2_integration_helpers.rb
-- spec/requests/authentication_soot2.rb
 - spec/requests/end_to_end_spec.rb
 - spec/spec_helper.rb
 - spec/controller/api_user_controller_spec.rb

data/spec/requests/authentication_soot2.rb

@@ -1,116 +0,0 @@
-require_relative '../spec_helper'
-
-include Rack::Test
-
-describe "authenticating with sign-on-o-tron" do
-
-  describe "when not signed in" do
-
-    describe "a protected page" do
-      it "redirects to /auth/gds" do
-        get "/restricted"
-
-        response.code.should == "302"
-        response.location.should == "http://www.example.com/auth/gds"
-      end
-    end
-
-    describe "/auth/gds" do
-      it "redirects to signonotron2" do
-        get "/auth/gds"
-
-        response.code.should == "302"
-        response.location.should =~ /^http:\/\/localhost:4567\/oauth\/authorize/
-      end
-
-      it "authenticates with a username and password and redirects back to the app" do
-        get "/auth/gds"
-
-        uri = URI.parse(response.location)
-        auth_path = uri.path + '?' + uri.query
-
-        client_cookies = response.headers['Set-Cookie'].split('; ')[0]
-
-        @signonotron = Faraday.new(:url => "#{uri.scheme}://#{uri.host}:#{uri.port}") do |builder|
-          builder.request :url_encoded
-          builder.adapter :net_http
-        end
-
-        authz_return_location = do_auth_request(auth_path)
-
-        return_path = authz_return_location.path + '?' + (authz_return_location.query || '')
-
-        get return_path, { }, { 'Cookie' => client_cookies }
-
-        puts "HANDLE AUTH RESULT\n====================\n"
-        puts response.headers
-
-        # resp = Net::HTTP.get_response( URI::parse(response.location) )
-        # location = resp["location"]
-
-        # visit location
-        # puts page.current_uri
-
-        # fill_in "user_email", :with => "foo@example.com"
-        # fill_in "user_password", :with => "this is an example for the test"
-        # click_button "Sign in"
-      end
-
-      def do_auth_request(auth_path)
-        auth_request = @signonotron.get(auth_path)
-
-        debug_request('Auth Request', 'GET', auth_path, auth_request, '')
-
-        sign_in_location = URI.parse(auth_request.headers['location']).path
-        cookie = auth_request.headers['Set-Cookie'].split('; ')[0]
-
-        return do_sign_in_request(sign_in_location, cookie)
-      end
-
-      def do_sign_in_request(sign_in_location, cookie)
-        sign_in_request = @signonotron.get do |req|
-          req.url sign_in_location
-          req.headers['Cookie'] = cookie
-        end
-
-        debug_request('Sign In', 'GET', sign_in_location, sign_in_request, cookie)
-
-        cookie = sign_in_request.headers['Set-Cookie'].split('; ')[0]
-        sign_in_location =  Nokogiri.parse(sign_in_request.body).xpath("//form").first.attributes['action'].text
-        authenticity_token = Nokogiri.parse(sign_in_request.body).xpath("//input[@name='authenticity_token']").first.attributes['value'].text
-
-        return do_sign_in_post(sign_in_location, cookie, authenticity_token)
-      end
-
-      def do_sign_in_post(sign_in_location, cookie, authenticity_token)
-
-        sign_in_post = @signonotron.post do |req|
-          req.url sign_in_location
-          req.body = { :user => { :email => 'foo@example.com', :password => 'this is an example for the test' }, :authenticity_token => authenticity_token }
-          req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
-          req.headers['Cookie'] = cookie
-        end
-
-        debug_request('Sign In', 'POST', sign_in_location, sign_in_post, cookie)
-
-        cookie = sign_in_post.headers['Set-Cookie'].split('; ')[0]
-        authz_location = URI.parse(sign_in_post.headers['location'])
-
-        return authz_location
-      end
-
-      def debug_request(name, method, path, response, cookie)
-        puts "#{name} REQUEST RESULT:\n=========================\n"
-        puts "#{method} #{path}"
-        puts "#{cookie}"
-
-        puts "\n\n"
-
-        puts response.headers.inspect
-        puts response.body
-      end
-    end
-
-  end
-
-end