hancock 0.0.2

data/spec/units/app_spec.rb

@@ -0,0 +1,15 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe Hancock::App do
+  describe "default sreg parameters" do
+    it "returns sane defaults" do
+      Hancock::App.sreg_params.should eql([:email, :first_name, :last_name, :internal])
+    end
+  end
+  describe "setting the default sreg parameters" do
+    it "returns the values set by the method" do
+      Hancock::App.sreg_params = [:email, :birthdate, :gender]
+      Hancock::App.sreg_params.should eql([:email, :birthdate, :gender])
+    end
+  end
+end

data/spec/units/consumer_spec.rb

@@ -0,0 +1,43 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe Hancock::Consumer do
+  describe "when queried about a disallowed host" do
+    it "returns false" do
+      Hancock::Consumer.allowed?('http://blogspot.com').should be_false
+    end
+  end
+
+  describe "visible to staff" do
+    before(:each) do
+      @consumer = Hancock::Consumer.gen(:internal)
+      @consumer.save
+    end
+    describe "when queried about an allowed host" do
+      it "returns true" do
+        Hancock::Consumer.allowed?(@consumer.url).should be_true
+      end
+    end
+  end
+  describe "visible to customers and staff" do
+    before(:each) do
+      @consumer = Hancock::Consumer.gen(:visible_to_all)
+      @consumer.save
+    end
+    describe "when queried about an allowed host" do
+      it "returns true" do
+        Hancock::Consumer.allowed?(@consumer.url).should be_true
+      end
+    end
+  end
+  describe "hidden (API) apps" do
+    before(:each) do
+      @consumer = Hancock::Consumer.gen(:hidden)
+      @consumer.save
+    end
+    describe "when queried about an allowed host" do
+      it "returns true" do
+        Hancock::Consumer.allowed?(@consumer.url).should be_true
+      end
+    end
+  end
+end

data/spec/units/identity_provider_spec.rb

@@ -0,0 +1,27 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "Requesting the server's xrds" do
+  describe "when accepting xrds+xml" do
+    it "renders the provider idp page" do
+      get '/sso/xrds'
+      last_response.headers['Content-Type'].should eql('application/xrds+xml')
+      last_response.should have_xpath("//xrd/service[uri='http://example.org/sso']")
+      last_response.should have_xpath("//xrd/service[type='http://specs.openid.net/auth/2.0/server']")
+    end
+  end
+end
+
+describe "Requesting a user's xrds" do
+  before(:each) do
+    @user = Hancock::User.gen
+  end
+
+  it "renders the users idp page" do
+    get "/sso/users/#{@user.id}"
+
+    last_response.headers['Content-Type'].should eql('application/xrds+xml')
+    last_response.headers['X-XRDS-Location'].should eql("http://example.org/sso/users/#{@user.id}")
+    last_response.body.should have_xpath("//xrd/service[uri='http://example.org/sso']")
+    last_response.body.should have_xpath("//xrd/service[type='http://specs.openid.net/auth/2.0/signon']")
+  end
+end

data/spec/units/landing_page_spec.rb

@@ -0,0 +1,42 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "visiting /" do
+  before(:each) do
+    @last  = Hancock::Consumer.gen(:internal)
+    @first = Hancock::Consumer.gen(:visible_to_all)
+  end
+  describe "when authenticated" do
+    describe "as an internal user" do
+      before(:each) do
+        @user = Hancock::User.gen(:internal)
+      end
+      it "should greet the user" do
+        login(@user)
+        get '/'
+
+        last_response.body.to_s.should have_selector("h3:contains('Hello #{@user.first_name} #{@user.last_name}')")
+        last_response.body.to_s.should have_selector("ul#consumers li a[href='#{@first.url}']:contains('#{@first.label}')")
+        last_response.body.to_s.should have_selector("ul#consumers li a[href='#{@last.url}']:contains('#{@last.label}')")
+      end
+    end
+    describe "as an external user" do
+      before(:each) do
+        @user = Hancock::User.gen
+      end
+      it "should greet the user" do
+        login(@user)
+        get '/'
+
+        last_response.body.to_s.should have_selector("h3:contains('Hello #{@user.first_name} #{@user.last_name}')")
+        last_response.body.to_s.should have_selector("ul#consumers li a[href='#{@first.url}']:contains('#{@first.label}')")
+        last_response.body.to_s.should_not have_selector("ul#consumers li a[href='#{@last.url}']:contains('#{@last.label}')")
+      end
+    end
+  end
+  describe "when unauthenticated" do
+    it "should prompt the user to login" do
+      get '/'
+      last_response.should be_a_login_form
+    end
+  end
+end

data/spec/units/login_spec.rb

@@ -0,0 +1,61 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "posting to /sso/login" do
+  before(:each) do
+    @user = Hancock::User.gen
+    @consumer = Hancock::Consumer.gen(:internal)
+  end
+  describe "with a valid password" do
+    it "should authenticate a user and redirect to /" do
+      post '/sso/login', :email => @user.email, :password => @user.password
+      last_response.status.should eql(302)
+      last_response.headers['Location'].should eql('/')
+    end
+  end
+  describe "with an invalid password" do
+    it "should display a form to login" do
+      post '/sso/login', :email => @user.email, :password => 's3cr3t'
+      last_response.body.should be_a_login_form
+    end
+  end
+end
+describe "getting /sso/login" do
+  before(:each) do
+    @user = Hancock::User.gen
+    @consumer = Hancock::Consumer.gen(:internal)
+  end
+  describe "with a valid session" do
+    it "should redirect to the consumer w/ the id for openid discovery" do
+      get '/sso/login', :return_to => @consumer.url
+
+      post '/sso/login', :email => @user.email, :password => @user.password
+      follow_redirect!
+
+      get '/sso/login'
+      last_response.status.should eql(302)
+
+      uri = Addressable::URI.parse(last_response.headers['Location'])
+      @consumer.url.should eql("#{uri.scheme}://#{uri.host}#{uri.path}")
+
+      uri.query_values['id'].should eql("#{@user.id}")
+    end
+
+    describe "from an invalid consumer" do
+      it "should return forbidden" do
+        get '/sso/login', { 'return_to' => 'http://rogueconsumerapp.com/login' }
+
+        login(@user)
+
+        get '/sso/login', { 'return_to' => 'http://rogueconsumerapp.com/login' }
+
+        last_response.status.should eql(403)
+      end
+    end
+  end
+  describe "without a valid session" do
+    it "should prompt the user to login" do
+      get '/sso/login', { 'return_to' => @consumer.url }
+      last_response.body.should be_a_login_form
+    end
+  end
+end

data/spec/units/logout_spec.rb

@@ -0,0 +1,22 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "visiting /sso/logout" do
+  before(:each) do
+    @user = Hancock::User.gen
+    @consumer = Hancock::Consumer.gen(:internal)
+  end
+  describe "when authenticated" do
+    it "should clear the session and redirec to /" do
+      get '/sso/logout'
+      last_response.status.should eql(302)
+      last_response.headers['Location'].should eql('/')
+    end
+  end
+  describe "when unauthenticated" do
+    it "should redirect to /" do
+      get '/sso/logout'
+      last_response.status.should eql(302)
+      last_response.headers['Location'].should eql('/')
+    end
+  end
+end

data/spec/units/openid_spec.rb

@@ -0,0 +1,154 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "visiting /sso" do
+  before(:each) do
+    @user = Hancock::User.gen
+    @consumer = Hancock::Consumer.gen(:internal)
+    @identity_url = "http://example.org/sso/users/#{@user.id}"
+  end
+  it "should throw a bad request if there aren't any openid params" do
+    get '/sso'
+    last_response.status.should eql(400)
+  end
+  describe "with openid mode of associate" do
+    it "should respond with Diffie Hellman data in kv format" do
+      session = OpenID::Consumer::AssociationManager.create_session("DH-SHA1")
+      params =  {"openid.ns"           => 'http://specs.openid.net/auth/2.0',
+                 "openid.mode"         => "associate",
+                 "openid.session_type" => 'DH-SHA1',
+                 "openid.assoc_type"   => 'HMAC-SHA1',
+                 "openid.dh_consumer_public"=> session.get_request['dh_consumer_public']}
+
+      get "/sso", params
+
+      last_response.should be_an_openid_associate_response(session)
+    end
+  end
+  describe "with openid mode of checkid_setup" do
+    describe "authenticated" do
+      it "should redirect to the consumer app" do
+        params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_setup",
+            "openid.return_to"  => @consumer.url,
+            "openid.identity"   => @identity_url,
+            "openid.claimed_id" => @identity_url
+        }
+
+        login(@user) 
+        get "/sso", params
+        last_response.should be_a_redirect_to_the_consumer(@consumer, @user)
+      end
+
+      describe "attempting to access another identity" do
+        it "should return forbidden" do
+          params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_setup",
+            "openid.return_to"  => @consumer.url,
+            "openid.identity"   => "http://example.org/sso/users/42",
+            "openid.claimed_id" => "http://example.org/sso/users/42"
+          }
+
+          login(@user)
+          get "/sso", params
+          last_response.status.should == 403
+        end
+      end
+      describe "attempting to access from an untrusted consumer" do
+        it "cancel the openid request" do
+          params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_setup",
+            "openid.return_to"  => "http://rogueconsumerapp.com/",
+            "openid.identity"   => @identity_url,
+            "openid.claimed_id" => @identity_url
+          }
+
+          login(@user)
+          get "/sso", params
+          last_response.status.should == 403
+        end
+      end
+    end
+    describe "unauthenticated user" do
+      it "should require authentication" do
+        params = {
+          "openid.ns"         => "http://specs.openid.net/auth/2.0",
+          "openid.mode"       => "checkid_setup",
+          "openid.return_to"  => @consumer.url,
+          "openid.identity"   => @identity_url,
+          "openid.claimed_id" => @identity_url
+        }
+
+        get "/sso", params
+        last_response.body.should be_a_login_form
+      end
+    end
+  end
+  describe "with openid mode of checkid_immediate" do
+    describe "unauthenticated user" do
+      it "should require authentication" do
+        params = {
+          "openid.ns"         => "http://specs.openid.net/auth/2.0",
+          "openid.mode"       => "checkid_immediate",
+          "openid.return_to"  => @consumer.url,
+          "openid.identity"   => @identity_url,
+          "openid.claimed_id" => @identity_url
+        }
+
+        get "/sso", params
+        last_response.body.should be_a_login_form
+      end
+    end
+    describe "authenticated user" do
+      describe "with appropriate request parameters" do
+        it "should redirect to the consumer app" do
+          params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_immediate",
+            "openid.return_to"  => @consumer.url,
+            "openid.identity"   => @identity_url,
+            "openid.claimed_id" => @identity_url
+          }
+
+          login(@user)
+          get "/sso", params
+          last_response.should be_an_openid_immediate_response(@consumer, @user)
+        end
+      end
+
+      describe "attempting to access another identity" do
+        it "should return forbidden" do
+          params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_immediate",
+            "openid.return_to"  => @consumer.url,
+            "openid.identity"   => "http://example.org/sso/users/42",
+            "openid.claimed_id" => "http://example.org/sso/users/42" 
+          }
+
+          login(@user)
+          get "/sso", params
+          last_response.status.should == 403
+        end
+      end
+
+      describe "attempting to access from an untrusted consumer" do
+        it "cancel the openid request" do
+          params = {
+            "openid.ns"         => "http://specs.openid.net/auth/2.0",
+            "openid.mode"       => "checkid_immediate",
+            "openid.return_to"  => "http://rogueconsumerapp.com/",
+            "openid.identity"   => @identity_url,
+            "openid.claimed_id" => @identity_url
+          }
+
+          login(@user)
+          get "/sso", params
+          last_response.status.should == 403
+        end
+      end
+    end
+  end
+end

data/spec/units/signup_spec.rb

@@ -0,0 +1,34 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe "posting to /sso/signup" do
+  before(:each) do
+    @existing_user = Hancock::User.gen
+    @user = Hancock::User.new(:email      => /\w+@\w+\.\w{2,3}/.gen.downcase,
+                              :first_name => /\w+/.gen.capitalize,
+                              :last_name  => /\w+/.gen.capitalize)
+    @consumer = Hancock::Consumer.gen(:internal)
+  end
+  describe "with valid information" do
+    it "should sign the user up" do
+      post '/sso/signup', :email      => @user.email,
+                          :first_name => @user.first_name,
+                          :last_name  => @user.last_name
+
+      last_response.body.to_s.should have_selector("h3:contains('Success')")
+      last_response.body.to_s.should have_selector('p:contains("Check your email and you\'ll see a registration link!")')
+      last_response.body.to_s.should match(%r!href='http://example.org/sso/register/\w{40}'!)
+      Sinatra::Mailer::Email.should have(1).deliveries
+    end
+  end
+  describe "with invalid information" do
+    it "should not sign the user up" do
+      post '/sso/signup', :email      => @existing_user.email,
+                          :first_name => @existing_user.first_name,
+                          :last_name  => @existing_user.last_name
+      last_response.should have_selector("h3:contains('Signup Failed')")
+      last_response.should have_selector("#errors p:contains('Email is already taken')")
+      last_response.should have_selector("p a[href='/sso/signup']:contains('Try Again?')")
+      Sinatra::Mailer::Email.should have(0).deliveries
+    end
+  end
+end

data/spec/units/user_spec.rb

@@ -0,0 +1,10 @@
+require File.expand_path(File.dirname(__FILE__)+'/../spec_helper')
+
+describe Hancock::User do
+  before(:each) do
+    @user = Hancock::User.gen
+  end
+  it "should save successfully" do
+    @user.save.should be_true
+  end
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification 
+name: hancock
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Corey Donohoe
+- Tim Carey-Smith
+autorequire: hancock
+bindir: bin
+cert_chain: []
+
+date: 2009-03-19 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: dm-core
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.9.10
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-openid
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.1.2
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.9.1.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: guid
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.1.1
+    version: 
+description: A gem that provides a Single Sign On server
+email: 
+- atmos@atmos.org
+- tim@spork.in
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+- LICENSE
+files: 
+- LICENSE
+- README.md
+- Rakefile
+- lib/hancock.rb
+- lib/models
+- lib/models/consumer.rb
+- lib/models/user.rb
+- lib/sinatra
+- lib/sinatra/hancock
+- lib/sinatra/hancock/defaults.rb
+- lib/sinatra/hancock/openid_server.rb
+- lib/sinatra/hancock/sessions.rb
+- lib/sinatra/hancock/users.rb
+- lib/sinatra/hancock/views
+- lib/sinatra/hancock/views/openid_server
+- lib/sinatra/hancock/views/openid_server/yadis.erb
+- lib/sinatra/hancock/views/sessions
+- lib/sinatra/hancock/views/sessions/unauthenticated.haml
+- lib/sinatra/hancock/views/users
+- lib/sinatra/hancock/views/users/register_form.haml
+- lib/sinatra/hancock/views/users/signup_confirmation.haml
+- lib/sinatra/hancock/views/users/signup_form.haml
+- spec/acceptance
+- spec/acceptance/signing_up_spec.rb
+- spec/app.rb
+- spec/features
+- spec/features/sessions.feature
+- spec/features/signup.feature
+- spec/features/sso.feature
+- spec/features/step_definitions
+- spec/features/step_definitions/sessions_steps.rb
+- spec/features/step_definitions/signup_steps.rb
+- spec/features/step_definitions/sso_steps.rb
+- spec/features/support
+- spec/features/support/env.rb
+- spec/fixtures.rb
+- spec/matchers.rb
+- spec/spec_helper.rb
+- spec/units
+- spec/units/app_spec.rb
+- spec/units/consumer_spec.rb
+- spec/units/identity_provider_spec.rb
+- spec/units/landing_page_spec.rb
+- spec/units/login_spec.rb
+- spec/units/logout_spec.rb
+- spec/units/openid_spec.rb
+- spec/units/signup_spec.rb
+- spec/units/user_spec.rb
+has_rdoc: true
+homepage: http://github.com/atmos/hancock
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: A gem that provides a Single Sign On server
+test_files: []
+