gds-sso 9.2.1 → 9.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -23,17 +23,17 @@ describe "Integration of client using GDS-SSO with signonotron" do
23
23
 
24
24
  specify "a non-restricted page can be accessed without authentication" do
25
25
  visit "http://#{@client_host}/"
26
- page.should have_content('jabberwocky')
26
+ expect(page).to have_content('jabberwocky')
27
27
  end
28
28
 
29
29
  specify "first access to a restricted page requires authentication and application approval" do
30
30
  visit "http://#{@client_host}/restricted"
31
- page.should have_content("Sign in")
31
+ expect(page).to have_content("Sign in")
32
32
  fill_in "Email", :with => "test@example-client.com"
33
33
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
34
34
  click_on "Sign in"
35
35
 
36
- page.should have_content('restricted kablooie')
36
+ expect(page).to have_content('restricted kablooie')
37
37
  end
38
38
 
39
39
  specify "access to a restricted page for an approved application requires only authentication" do
@@ -48,12 +48,13 @@ describe "Integration of client using GDS-SSO with signonotron" do
48
48
  page.driver.header 'accept', 'text/html'
49
49
 
50
50
  visit "http://#{@client_host}/restricted"
51
- page.should have_content("Sign in")
51
+ expect(page).to have_content("Sign in")
52
+
52
53
  fill_in "Email", :with => "test@example-client.com"
53
54
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
54
55
  click_on "Sign in"
55
56
 
56
- page.should have_content('restricted kablooie')
57
+ expect(page).to have_content('restricted kablooie')
57
58
  end
58
59
 
59
60
  specify "access to a page that requires signin permission granted" do
@@ -68,12 +69,13 @@ describe "Integration of client using GDS-SSO with signonotron" do
68
69
  page.driver.header 'accept', 'text/html'
69
70
 
70
71
  visit "http://#{@client_host}/this_requires_signin_permission"
71
- page.should have_content("Sign in")
72
+ expect(page).to have_content("Sign in")
73
+
72
74
  fill_in "Email", :with => "test@example-client.com"
73
75
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
74
76
  click_on "Sign in"
75
77
 
76
- page.should have_content('you have signin permission')
78
+ expect(page).to have_content('you have signin permission')
77
79
  end
78
80
 
79
81
  describe "remotely signed out" do
@@ -85,7 +87,7 @@ describe "Integration of client using GDS-SSO with signonotron" do
85
87
  click_on "Sign in"
86
88
 
87
89
  page.driver.header 'accept', 'text/html'
88
- page.should have_content('restricted kablooie')
90
+ expect(page).to have_content('restricted kablooie')
89
91
 
90
92
  # logout from signon
91
93
  visit "http://localhost:4567/users/sign_out"
@@ -99,48 +101,48 @@ describe "Integration of client using GDS-SSO with signonotron" do
99
101
  visit "http://#{@client_host}/restricted"
100
102
 
101
103
  # be redirected to signon
102
- page.should have_content('GOV.UK Signon')
104
+ expect(page).to have_content('GOV.UK Signon')
103
105
  fill_in "Email", :with => "test@example-client.com"
104
106
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
105
107
  click_on "Sign in"
106
108
 
107
109
  # then back again to the restricted page
108
- page.should have_content('restricted kablooie')
110
+ expect(page).to have_content('restricted kablooie')
109
111
  end
110
112
  end
111
113
 
112
114
  describe "session expiry" do
113
115
  it "should force you to re-authenticate with signonotron N hours after login" do
114
116
  visit "http://#{@client_host}/restricted"
115
- page.should have_content("Sign in")
117
+ expect(page).to have_content("Sign in")
116
118
  fill_in "Email", :with => "test@example-client.com"
117
119
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
118
120
  click_on "Sign in"
119
121
 
120
- page.should have_content('restricted kablooie')
122
+ expect(page).to have_content('restricted kablooie')
121
123
 
122
124
  Timecop.travel(Time.now.utc + GDS::SSO::Config.auth_valid_for + 5.minutes) do
123
125
  visit "http://#{@client_host}/restricted"
124
126
  end
125
127
 
126
- page.driver.request.referrer.should =~ %r(\Ahttp://#{@client_host}/auth/gds/callback)
128
+ expect(page.driver.request.referrer).to match(%r(\Ahttp://#{@client_host}/auth/gds/callback))
127
129
  end
128
130
 
129
131
 
130
132
  it "should not require re-authentication with signonotron fewer than N hours after login" do
131
133
  visit "http://#{@client_host}/restricted"
132
- page.should have_content("Sign in")
134
+ expect(page).to have_content("Sign in")
133
135
  fill_in "Email", :with => "test@example-client.com"
134
136
  fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
135
137
  click_on "Sign in"
136
138
 
137
- page.should have_content('restricted kablooie')
139
+ expect(page).to have_content('restricted kablooie')
138
140
 
139
141
  Timecop.travel(Time.now.utc + GDS::SSO::Config.auth_valid_for - 5.minutes) do
140
142
  visit "http://#{@client_host}/restricted"
141
143
  end
142
144
 
143
- page.driver.request.referrer.should =~ %r(\Ahttp://#{@client_host}/restricted)
145
+ expect(page.driver.request.referrer).to match(%r(\Ahttp://#{@client_host}/restricted))
144
146
  end
145
147
  end
146
148
  end
@@ -157,17 +159,17 @@ describe "Integration of client using GDS-SSO with signonotron" do
157
159
  specify "access to a restricted page for an api client requires auth" do
158
160
  page.driver.header 'authorization', 'Bearer Bad Token'
159
161
  visit "http://#{@client_host}/restricted"
160
- page.driver.response.status.should == 401
162
+ expect(page.driver.response.status).to eq(401)
161
163
  end
162
164
 
163
165
  specify "setting a correct bearer token allows sign in" do
164
166
  visit "http://#{@client_host}/restricted"
165
- page.should have_content('restricted kablooie')
167
+ expect(page).to have_content('restricted kablooie')
166
168
  end
167
169
 
168
170
  specify "setting a correct bearer token picks up permissions" do
169
171
  visit "http://#{@client_host}/this_requires_signin_permission"
170
- page.should have_content('you have signin permission')
172
+ expect(page).to have_content('you have signin permission')
171
173
  end
172
174
  end
173
175
  end
data/spec/spec_helper.rb CHANGED
@@ -21,7 +21,15 @@ require 'capybara/mechanize'
21
21
  include Warden::Test::Helpers
22
22
 
23
23
  RSpec.configure do |config|
24
- config.mock_framework = :mocha
24
+ config.treat_symbols_as_metadata_keys_with_true_values = true
25
+ config.run_all_when_everything_filtered = true
26
+ config.filter_run :focus
27
+
28
+ # Run specs in random order to surface order dependencies. If you find an
29
+ # order dependency and want to debug it, you can fix the order by providing
30
+ # the seed, which is printed after each run.
31
+ # --seed 1234
32
+ config.order = 'random'
25
33
  end
26
34
 
27
35
  Dir[File.join(File.dirname(__FILE__), "support/**/*.rb")].each {|f| require f}
@@ -0,0 +1,7 @@
1
+ require 'timecop'
2
+
3
+ RSpec.configure do |config|
4
+ config.after :each do
5
+ Timecop.return
6
+ end
7
+ end
@@ -0,0 +1,27 @@
1
+ require 'spec_helper'
2
+ require 'gds-sso/api_access'
3
+
4
+ describe GDS::SSO::ApiAccess do
5
+ it "should not consider IE7 accept header as an api call" do
6
+ ie7_accept_header = 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ' +
7
+ 'application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, ' +
8
+ 'application/x-ms-application, */*'
9
+ expect(GDS::SSO::ApiAccess.api_call?('HTTP_ACCEPT' => ie7_accept_header)).to be_false
10
+ end
11
+
12
+ it "should consider a json accept header to be an api call" do
13
+ expect(GDS::SSO::ApiAccess.api_call?('HTTP_ACCEPT' => 'application/json')).to be_true
14
+ end
15
+
16
+ it "should consider a request with an authorization header to be an oauth api call" do
17
+ expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => 'Bearer blahblahblah')).to be_true
18
+ end
19
+
20
+ it "should not consider a request with HTTP basic auth to be an oauth api call" do
21
+ expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => 'Basic Some basic credentials')).to be_false
22
+ end
23
+
24
+ it "should not consider a request with an empty authorization header to be an oauth api call" do
25
+ expect(GDS::SSO::ApiAccess.oauth_api_call?('HTTP_AUTHORIZATION' => '')).to be_false
26
+ end
27
+ end
@@ -0,0 +1,62 @@
1
+ require 'spec_helper'
2
+ require 'active_record'
3
+
4
+ describe Warden::SessionSerializer do
5
+ class User < ActiveRecord::Base
6
+ include GDS::SSO::User
7
+
8
+ end
9
+
10
+ before :each do
11
+ @old_user_model = GDS::SSO::Config.user_model
12
+ GDS::SSO::Config.user_model = User
13
+ @user = double("User", uid: 1234)
14
+ @serializer = Warden::SessionSerializer.new(nil)
15
+ end
16
+ after :each do
17
+ GDS::SSO::Config.user_model = @old_user_model
18
+ end
19
+
20
+ describe "serializing a user" do
21
+
22
+ it "should return the uid and a timestamp" do
23
+ Timecop.freeze
24
+ result = @serializer.serialize(@user)
25
+
26
+ expect(result).to eq([1234, Time.now.utc])
27
+ end
28
+
29
+ it "should return nil if the user has no uid" do
30
+ @user.stub(:uid).and_return(nil)
31
+ result = @serializer.serialize(@user)
32
+
33
+ expect(result).to be_nil
34
+ end
35
+ end
36
+
37
+ describe "deserialize a user" do
38
+ it "should return the user if the timestamp is current" do
39
+ expect(User).to receive(:where).with(:uid => 1234, :remotely_signed_out => false).and_return(double(:first => :a_user))
40
+
41
+ result = @serializer.deserialize [1234, Time.now.utc - GDS::SSO::Config.auth_valid_for + 3600]
42
+
43
+ expect(result).to equal(:a_user)
44
+ end
45
+
46
+ it "should return nil if the timestamp is out of date" do
47
+ expect(User).not_to receive(:where)
48
+
49
+ result = @serializer.deserialize [1234, Time.now.utc - GDS::SSO::Config.auth_valid_for - 3600]
50
+
51
+ expect(result).to be_nil
52
+ end
53
+
54
+ it "should return nil for a user without a timestamp" do
55
+ expect(User).not_to receive(:where)
56
+
57
+ result = @serializer.deserialize 1234
58
+
59
+ expect(result).to be_nil
60
+ end
61
+ end
62
+ end
@@ -1,8 +1,8 @@
1
- require 'test_helper'
1
+ require 'spec_helper'
2
2
  require 'gds-sso/user'
3
3
 
4
- class TestUser < Test::Unit::TestCase
5
- def setup
4
+ describe GDS::SSO::User do
5
+ before :each do
6
6
  @auth_hash = {
7
7
  'provider' => 'gds',
8
8
  'uid' => 'abcde',
@@ -12,8 +12,8 @@ class TestUser < Test::Unit::TestCase
12
12
  }
13
13
  end
14
14
 
15
- def test_user_params_creation
15
+ it "should extract the user params from the oauth hash" do
16
16
  expected = {'uid' => 'abcde', 'name' => 'Matt Patterson', 'email' => 'matt@alphagov.co.uk', "permissions" => [], "organisation_slug" => nil}
17
- assert_equal expected, GDS::SSO::User.user_params_from_auth_hash(@auth_hash)
17
+ expect(GDS::SSO::User.user_params_from_auth_hash(@auth_hash)).to eq(expected)
18
18
  end
19
19
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gds-sso
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.2.1
4
+ version: 9.2.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-01-30 00:00:00.000000000 Z
13
+ date: 2014-02-11 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
@@ -92,22 +92,6 @@ dependencies:
92
92
  - - '='
93
93
  - !ruby/object:Gem::Version
94
94
  version: 0.9.2.2
95
- - !ruby/object:Gem::Dependency
96
- name: mocha
97
- requirement: !ruby/object:Gem::Requirement
98
- none: false
99
- requirements:
100
- - - '='
101
- - !ruby/object:Gem::Version
102
- version: 0.13.3
103
- type: :development
104
- prerelease: false
105
- version_requirements: !ruby/object:Gem::Requirement
106
- none: false
107
- requirements:
108
- - - '='
109
- - !ruby/object:Gem::Version
110
- version: 0.13.3
111
95
  - !ruby/object:Gem::Dependency
112
96
  name: capybara
113
97
  requirement: !ruby/object:Gem::Requirement
@@ -131,7 +115,7 @@ dependencies:
131
115
  requirements:
132
116
  - - '='
133
117
  - !ruby/object:Gem::Version
134
- version: 2.12.2
118
+ version: 2.14.1
135
119
  type: :development
136
120
  prerelease: false
137
121
  version_requirements: !ruby/object:Gem::Requirement
@@ -139,7 +123,7 @@ dependencies:
139
123
  requirements:
140
124
  - - '='
141
125
  - !ruby/object:Gem::Version
142
- version: 2.12.2
126
+ version: 2.14.1
143
127
  - !ruby/object:Gem::Dependency
144
128
  name: capybara-mechanize
145
129
  requirement: !ruby/object:Gem::Requirement
@@ -294,12 +278,11 @@ files:
294
278
  - README.md
295
279
  - Gemfile
296
280
  - Rakefile
297
- - test/session_serialisation_test.rb
298
- - test/api_access_test.rb
299
- - test/user_test.rb
300
- - test/test_helper.rb
281
+ - spec/unit/session_serialisation_spec.rb
282
+ - spec/unit/user_spec.rb
283
+ - spec/unit/api_access_spec.rb
284
+ - spec/support/timecop.rb
301
285
  - spec/support/signonotron2_integration_helpers.rb
302
- - spec/requests/authentication_soot2.rb
303
286
  - spec/requests/end_to_end_spec.rb
304
287
  - spec/spec_helper.rb
305
288
  - spec/controller/api_user_controller_spec.rb
@@ -332,7 +315,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
332
315
  version: '0'
333
316
  segments:
334
317
  - 0
335
- hash: -250005457247113865
318
+ hash: 426318311748726962
336
319
  required_rubygems_version: !ruby/object:Gem::Requirement
337
320
  none: false
338
321
  requirements:
@@ -341,7 +324,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
341
324
  version: '0'
342
325
  segments:
343
326
  - 0
344
- hash: -250005457247113865
327
+ hash: 426318311748726962
345
328
  requirements: []
346
329
  rubyforge_project: gds-sso
347
330
  rubygems_version: 1.8.23
@@ -349,12 +332,11 @@ signing_key:
349
332
  specification_version: 3
350
333
  summary: Client for GDS' OAuth 2-based SSO
351
334
  test_files:
352
- - test/session_serialisation_test.rb
353
- - test/api_access_test.rb
354
- - test/user_test.rb
355
- - test/test_helper.rb
335
+ - spec/unit/session_serialisation_spec.rb
336
+ - spec/unit/user_spec.rb
337
+ - spec/unit/api_access_spec.rb
338
+ - spec/support/timecop.rb
356
339
  - spec/support/signonotron2_integration_helpers.rb
357
- - spec/requests/authentication_soot2.rb
358
340
  - spec/requests/end_to_end_spec.rb
359
341
  - spec/spec_helper.rb
360
342
  - spec/controller/api_user_controller_spec.rb
@@ -1,116 +0,0 @@
1
- require_relative '../spec_helper'
2
-
3
- include Rack::Test
4
-
5
- describe "authenticating with sign-on-o-tron" do
6
-
7
- describe "when not signed in" do
8
-
9
- describe "a protected page" do
10
- it "redirects to /auth/gds" do
11
- get "/restricted"
12
-
13
- response.code.should == "302"
14
- response.location.should == "http://www.example.com/auth/gds"
15
- end
16
- end
17
-
18
- describe "/auth/gds" do
19
- it "redirects to signonotron2" do
20
- get "/auth/gds"
21
-
22
- response.code.should == "302"
23
- response.location.should =~ /^http:\/\/localhost:4567\/oauth\/authorize/
24
- end
25
-
26
- it "authenticates with a username and password and redirects back to the app" do
27
- get "/auth/gds"
28
-
29
- uri = URI.parse(response.location)
30
- auth_path = uri.path + '?' + uri.query
31
-
32
- client_cookies = response.headers['Set-Cookie'].split('; ')[0]
33
-
34
- @signonotron = Faraday.new(:url => "#{uri.scheme}://#{uri.host}:#{uri.port}") do |builder|
35
- builder.request :url_encoded
36
- builder.adapter :net_http
37
- end
38
-
39
- authz_return_location = do_auth_request(auth_path)
40
-
41
- return_path = authz_return_location.path + '?' + (authz_return_location.query || '')
42
-
43
- get return_path, { }, { 'Cookie' => client_cookies }
44
-
45
- puts "HANDLE AUTH RESULT\n====================\n"
46
- puts response.headers
47
-
48
- # resp = Net::HTTP.get_response( URI::parse(response.location) )
49
- # location = resp["location"]
50
-
51
- # visit location
52
- # puts page.current_uri
53
-
54
- # fill_in "user_email", :with => "foo@example.com"
55
- # fill_in "user_password", :with => "this is an example for the test"
56
- # click_button "Sign in"
57
- end
58
-
59
- def do_auth_request(auth_path)
60
- auth_request = @signonotron.get(auth_path)
61
-
62
- debug_request('Auth Request', 'GET', auth_path, auth_request, '')
63
-
64
- sign_in_location = URI.parse(auth_request.headers['location']).path
65
- cookie = auth_request.headers['Set-Cookie'].split('; ')[0]
66
-
67
- return do_sign_in_request(sign_in_location, cookie)
68
- end
69
-
70
- def do_sign_in_request(sign_in_location, cookie)
71
- sign_in_request = @signonotron.get do |req|
72
- req.url sign_in_location
73
- req.headers['Cookie'] = cookie
74
- end
75
-
76
- debug_request('Sign In', 'GET', sign_in_location, sign_in_request, cookie)
77
-
78
- cookie = sign_in_request.headers['Set-Cookie'].split('; ')[0]
79
- sign_in_location = Nokogiri.parse(sign_in_request.body).xpath("//form").first.attributes['action'].text
80
- authenticity_token = Nokogiri.parse(sign_in_request.body).xpath("//input[@name='authenticity_token']").first.attributes['value'].text
81
-
82
- return do_sign_in_post(sign_in_location, cookie, authenticity_token)
83
- end
84
-
85
- def do_sign_in_post(sign_in_location, cookie, authenticity_token)
86
-
87
- sign_in_post = @signonotron.post do |req|
88
- req.url sign_in_location
89
- req.body = { :user => { :email => 'foo@example.com', :password => 'this is an example for the test' }, :authenticity_token => authenticity_token }
90
- req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
91
- req.headers['Cookie'] = cookie
92
- end
93
-
94
- debug_request('Sign In', 'POST', sign_in_location, sign_in_post, cookie)
95
-
96
- cookie = sign_in_post.headers['Set-Cookie'].split('; ')[0]
97
- authz_location = URI.parse(sign_in_post.headers['location'])
98
-
99
- return authz_location
100
- end
101
-
102
- def debug_request(name, method, path, response, cookie)
103
- puts "#{name} REQUEST RESULT:\n=========================\n"
104
- puts "#{method} #{path}"
105
- puts "#{cookie}"
106
-
107
- puts "\n\n"
108
-
109
- puts response.headers.inspect
110
- puts response.body
111
- end
112
- end
113
-
114
- end
115
-
116
- end