intuit_ids_aggcat 0.0.5

data/lib/intuit_ids_aggcat/client/services.rb

@@ -0,0 +1,213 @@
+require 'oauth'
+require 'rexml/document'
+require 'xml/mapping'
+require 'intuit_ids_aggcat/client/intuit_xml_mappings'
+
+module IntuitIdsAggcat
+
+  module Client
+    
+    class Services
+
+      class << self
+
+        def initialize
+          
+        end
+
+        ##
+        # Gets all institutions supported by Intuit. If oauth_token_info isn't provided, new tokens are provisioned using "default" user
+        # consumer_key and consumer_secret will be retrieved from the Configuration class if not provided
+        def get_institutions oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens("default"), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          response = oauth_get_request "https://financialdatafeed.platform.intuit.com/rest-war/v1/institutions", oauth_token_info, consumer_key, consumer_secret
+          institutions = Institutions.load_from_xml(response[:response_xml].root)
+          institutions.institutions
+        end
+
+        ##
+        # Gets the institution details for id. If oauth_token_info isn't provided, new tokens are provisioned using "default" user
+        # consumer_key and consumer_secret will be retrieved from the Configuration class if not provided
+        def get_institution_detail id, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens("default"), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          response = oauth_get_request "https://financialdatafeed.platform.intuit.com/rest-war/v1/institutions/#{id}", oauth_token_info, consumer_key, consumer_secret
+          institutions = InstitutionDetail.load_from_xml(response[:response_xml].root)
+          institutions
+        end
+
+        ##
+        # Deletes the customer's accounts from aggregation at Intuit.
+        # username must be provided, if no oauth_token_info is provided, new tokens will be provisioned using username
+        def delete_customer username, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/customers/"
+          oauth_delete_request url, oauth_token_info
+        end
+
+        ##
+        # Deletes the a specific account for a customer from aggregation at Intuit.
+        # username and account ID must be provided, if no oauth_token_info is provided, new tokens will be provisioned using username
+        def delete_account username, account_id, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          puts "in gem, username = #{username}, account = #{account_id}."
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/accounts/#{account_id}"
+          oauth_delete_request url, oauth_token_info
+        end
+
+        ##
+        # Discovers and adds accounts using credentials
+        # institution_id is the ID of the institution, username is the ID for this customer's accounts at Intuit and must be used for future requests,
+        # creds_hash is a hash object of key value pairs used for authentication
+        # If oauth_token is not provided, new tokens will be provisioned using the username provided
+        # Returns a hash produced by discover_account_data_to_hash with the following keys:
+        #    discover_response   : hash including the following keys:
+        #                              response_code:        HTTP response code from Intuit
+        #                              response_xml :        XML returned by Intuit
+        #    accounts            : Ruby hash with accounts if returned by discover call
+        #    challenge_type      : text description of the type of challenge requested, if applicable
+        #                          "none" | "choice" | "image" | "text" 
+        #    challenge           : Ruby hash with the detail of the challenge if applicable
+        #    challenge_session_id: challenge session ID to pass to challenge_response if this is a challenge
+        #    challenge_node_id   : challenge node ID to pass to challenge_response if this is a challenge 
+        #    description         : text description of the result of the discover request
+        def discover_and_add_accounts_with_credentials institution_id, username, creds_hash, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret, timeout = 30
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/institutions/#{institution_id}/logins"
+          credentials_array = []
+          creds_hash.each do |k,v|
+            c = Credential.new
+            c.name = k
+            c.value = v
+            credentials_array.push c
+          end
+          creds = Credentials.new
+          creds.credential = credentials_array
+          il = InstitutionLogin.new
+          il.credentials = creds
+          daa = oauth_post_request url, il.save_to_xml.to_s, oauth_token_info
+          discover_account_data_to_hash daa
+        end
+
+        ##
+        # Given a username, response text, challenge session ID and challenge node ID, passes the credentials to Intuit to begin aggregation
+        def challenge_response institution_id, username, response, challenge_session_id, challenge_node_id, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/institutions/#{institution_id}/logins"
+          if !(response.kind_of?(Array) || response.respond_to?('each'))
+            response = [response]
+          end
+
+          cr = IntuitIdsAggcat::ChallengeResponses.new
+          cr.response = response
+          il = IntuitIdsAggcat::InstitutionLogin.new
+          il.challenge_responses = cr
+          daa = oauth_post_request url, il.save_to_xml.to_s, oauth_token_info, { "challengeSessionId" => challenge_session_id, "challengeNodeId" => challenge_node_id }
+          discover_account_data_to_hash daa
+        end
+
+        ##
+        # Gets all accounts for a customer
+        def get_customer_accounts username, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/accounts/"
+          response = oauth_get_request url, oauth_token_info
+          accounts = AccountList.load_from_xml(response[:response_xml].root)
+        end
+
+        ##
+        # Get transactions for a specific account and timeframe
+        def get_account_transactions username, account_id, start_date, end_date = nil, oauth_token_info = IntuitIdsAggcat::Client::Saml.get_tokens(username), consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret
+          txn_start = start_date.strftime("%Y-%m-%d")
+          url = "https://financialdatafeed.platform.intuit.com/rest-war/v1/accounts/#{account_id}/transactions?txnStartDate=#{txn_start}"
+          if !end_date.nil?
+            txn_end = end_date.strftime("%Y-%m-%d")
+            url = "#{url}&txnEndDate=#{txn_end}"
+          end
+          response = oauth_get_request url, oauth_token_info
+          xml = REXML::Document.new response[:response_xml].to_s
+          tl = IntuitIdsAggcat::TransactionList.load_from_xml xml.root
+        end
+
+        ## 
+        # Helper method for parsing discover account response data
+        def discover_account_data_to_hash daa
+          challenge_type = "none"
+          if daa[:response_code] == "201"
+            # return account list
+            accounts = AccountList.load_from_xml(daa[:response_xml].root)
+            { discover_response: daa, accounts: accounts, challenge_type: challenge_type, challenge: nil, description: "Account information retrieved." }
+          elsif daa[:response_code] == "401" && daa[:challenge_session_id]
+            # return challenge
+            challenge = Challenges.load_from_xml(daa[:response_xml].root)
+            challenge_type = "unknown"
+            if challenge.save_to_xml.to_s.include?("<choice>")
+              challenge_type = "choice"
+            elsif challenge.save_to_xml.to_s.include?("image")
+              challenge_type ="image"
+            else
+              challenge_type = "text"
+            end
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: challenge, challenge_session_id: daa[:challenge_session_id], challenge_node_id: daa[:challenge_node_id], description: "Multi-factor authentication required to retrieve accounts." }
+          elsif daa[:response_code] == "404"
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: nil, description: "Institution not found." }
+          elsif daa[:response_code] == "408"
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: nil, description: "Multi-factor authentication session expired." }
+          elsif daa[:response_code] == "500"
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: nil, description: "Internal server error." }
+          elsif daa[:response_code] == "503"
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: nil, description: "Problem at the finanical institution." }
+          else
+            { discover_response: daa, accounts: nil, challenge_type: challenge_type, challenge: nil, description: "Unknown error." }
+          end
+        end
+
+        ##
+        # Helper method to issue post requests
+        def oauth_post_request url, body, oauth_token_info, headers = {}, consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret, timeout = 120
+          oauth_token = oauth_token_info[:oauth_token]
+          oauth_token_secret = oauth_token_info[:oauth_token_secret]
+
+          options = { :request_token_path => 'https://financialdatafeed.platform.intuit.com', :timeout => timeout } 
+          options = options.merge({ :proxy => IntuitIdsAggcat.config.proxy}) if !IntuitIdsAggcat.config.proxy.nil?
+          consumer = OAuth::Consumer.new(consumer_key, consumer_secret, options)
+          access_token = OAuth::AccessToken.new(consumer, oauth_token, oauth_token_secret)
+          response = access_token.post(url, body, { "Content-Type"=>'application/xml', 'Host' => 'financialdatafeed.platform.intuit.com' }.merge(headers))
+          response_xml = REXML::Document.new response.body
+          
+          # handle challenge responses from discoverAndAcccounts flow
+          challenge_session_id = challenge_node_id = nil
+          if !response["challengeSessionId"].nil?
+            challenge_session_id = response["challengeSessionId"]
+            challenge_node_id = response["challengeNodeId"]
+          end
+
+          { :challenge_session_id => challenge_session_id, :challenge_node_id => challenge_node_id, :response_code => response.code, :response_xml => response_xml }
+        end
+
+        ##
+        # Helper method to issue get requests
+        def oauth_get_request url, oauth_token_info, consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret, timeout = 120
+          oauth_token = oauth_token_info[:oauth_token]
+          oauth_token_secret = oauth_token_info[:oauth_token_secret]
+
+          options = { :request_token_path => 'https://financialdatafeed.platform.intuit.com', :timeout => timeout } 
+          options = options.merge({ :proxy => IntuitIdsAggcat.config.proxy}) if !IntuitIdsAggcat.config.proxy.nil?
+          consumer = OAuth::Consumer.new(consumer_key, consumer_secret, options)
+          access_token = OAuth::AccessToken.new(consumer, oauth_token, oauth_token_secret)
+          response = access_token.get(url, { "Content-Type"=>'application/xml', 'Host' => 'financialdatafeed.platform.intuit.com' })
+          response_xml = REXML::Document.new response.body
+          { :response_code => response.code, :response_xml => response_xml }
+        end
+
+        ##
+        # Helper method to issue delete requests
+        def oauth_delete_request url, oauth_token_info, consumer_key = IntuitIdsAggcat.config.oauth_consumer_key, consumer_secret = IntuitIdsAggcat.config.oauth_consumer_secret, timeout = 120
+          oauth_token = oauth_token_info[:oauth_token]
+          oauth_token_secret = oauth_token_info[:oauth_token_secret]
+
+          options = { :request_token_path => 'https://financialdatafeed.platform.intuit.com', :timeout => timeout }
+          options = options.merge({ :proxy => IntuitIdsAggcat.config.proxy}) if !IntuitIdsAggcat.config.proxy.nil? 
+          consumer = OAuth::Consumer.new(consumer_key, consumer_secret, options)
+          access_token = OAuth::AccessToken.new(consumer, oauth_token, oauth_token_secret)
+          response = access_token.delete(url, { "Content-Type"=>'application/xml', 'Host' => 'financialdatafeed.platform.intuit.com' })
+          response_xml = REXML::Document.new response.body
+          { :response_code => response.code, :response_xml => response_xml }
+        end
+    
+      end
+    end
+  end
+end

data/lib/intuit_ids_aggcat/core/configuration.rb

@@ -0,0 +1,135 @@
+require 'set'
+require 'uri'
+
+module IntuitIdsAggcat
+  module Core
+
+    # A configuration object for the Intuit interface.
+    #
+    # == Configuring Credentials
+    #
+    # In order to do anything with the AggCat services you will need to assign credentials.
+    # The simplest method is to assing your credentials into the default
+    # configuration:
+    #
+    #   AWS.config(:access_key_id => 'KEY', :secret_access_key => 'SECRET')
+    #
+    # You can also export them into your environment and they will be picked up
+    # automatically:
+    #
+    #   export AWS_ACCESS_KEY_ID='YOUR_KEY_ID_HERE'
+    #   export AWS_SECRET_ACCESS_KEY='YOUR_SECRET_KEY_HERE'
+    #
+
+    class Configuration
+
+      # Creates a new Configuration object.
+      def initialize options = {}
+
+        @created = options.delete(:__created__) || {}
+        options.each_pair do |opt_name, value|
+          opt_name = opt_name.to_sym
+          if self.class.accepted_options.include?(opt_name)
+            supplied[opt_name] = value
+          end
+        end
+
+      end
+
+      # @return [Hash] Returns a hash with your configured credentials.
+      def credentials
+        credentials = {}
+        [:saml_idp_id, :user_id].each do |opt|
+          if value = credential_provider.send(opt)
+            credentials[opt] = value
+          end
+        end
+        credentials
+      end
+
+      def with options = {}
+
+        # symbolize option keys
+        options = options.inject({}) {|h,kv| h[kv.first.to_sym] = kv.last; h }
+
+        values = supplied.merge(options)
+
+        if supplied == values
+          self # nothing changed
+        else
+          self.class.new(values.merge(:__created__ => @created.dup))
+        end
+
+      end
+
+      # @return [Hash] Returns a hash of all configuration values.
+      def to_h
+        self.class.accepted_options.inject({}) do |h,k|
+          h.merge(k => send(k))
+        end
+      end
+      alias_method :to_hash, :to_h
+
+      # @return [Boolean] Returns true if the two configuration objects have
+      #   the same values.
+      def eql? other
+        other.is_a?(self.class) and self.supplied == other.supplied
+      end
+      alias_method :==, :eql?
+
+      # @private
+      def inspect
+        "<#{self.class.name}>"
+      end
+
+      protected
+
+      def supplied
+        @supplied ||= {}
+      end
+
+      class << self
+
+        # @private
+        def accepted_options
+          @options ||= Set.new
+        end
+
+        # @private
+        def add_option name, default_value = nil, options = {}, &transform
+
+          accepted_options << name
+
+          define_method(name) do |&default_override|
+
+            value =
+              if supplied.has_key?(name)
+                supplied[name]
+              elsif default_override
+                default_override.call
+              else
+                default_value
+              end
+
+            transform ? transform.call(self, value) : value
+
+          end
+
+          alias_method("#{name}?", name) if options[:boolean]
+
+        end
+
+      end
+
+      add_option :certificate_path
+      add_option :certificate_string
+      add_option :certificate_password
+      add_option :issuer_id
+      add_option :oauth_consumer_key
+      add_option :oauth_consumer_secret
+      add_option :oauth_token_info
+      add_option :proxy
+
+    end
+  end
+end

data/lib/intuit_ids_aggcat/core.rb

@@ -0,0 +1,4 @@
+require "intuit_ids_aggcat/core/configuration"
+require "intuit_ids_aggcat/client/saml"
+require "intuit_ids_aggcat/client/services"
+require "intuit_ids_aggcat/rails"

data/lib/intuit_ids_aggcat/rails.rb

@@ -0,0 +1,106 @@
+require 'yaml'
+
+module IntuitIdsAggcat
+
+  if Object.const_defined?(:Rails) and Rails.const_defined?(:Railtie)
+
+    # @private
+    class Railtie < Rails::Railtie
+
+      # configure our plugin on boot. other extension points such
+      # as configuration, rake tasks, etc, are also available
+      initializer "intuit_ids_aggcat.initialize" do |app|
+        IntuitIdsAggcat::Rails.setup
+      end
+    end
+
+  end
+
+  # A handful of useful Rails integration methods.
+  #
+  # If you require this gem inside a Rails application (via config.gem
+  # for rails 2 and bundler for rails 3) then {setup} is called
+  # automatically.
+  module Rails
+
+    # Adds extra functionality to Rails.
+    #
+    # Normailly this method is invoked automatically when you require this
+    # gem in a Rails Application:
+    #
+    # Rails 3+ (RAILS_ROOT/Gemfile)
+    #
+    #   gem 'intuit_ids_aggcat'
+    #
+
+    # @return [nil]
+    def self.setup
+      load_yaml_config
+      log_to_rails_logger
+      nil
+    end
+
+    # Loads Intuit IDS AggCat configuration options from +RAILS_ROOT/config/intuit_ids_aggcat.yml+.
+    #
+    # This configuration file is optional.  You can omit this file and instead
+    # use ruby to configure the gem inside a configuration initialization script
+    # (e.g. RAILS_ROOT/config/intializers/intuit_ids_aggcat.rb).
+    #
+    # If you have a yaml configuration file it should be formatted like the
+    # standard +database.yml+ file in a Rails application.  This means there
+    # should be one section for Rails environment:
+    #
+    #   development:
+    #     certificate_path: path to private key
+    #     issuer_id: SAML issuer ID provided by intuit
+    #     oauth_consumer_key: OAuth consumer key
+    #     oauth_consumer_secret: OAuth consumer secret
+    #
+    #   production:
+    #     certificate_path: path to private key
+    #     issuer_id: SAML issuer ID provided by intuit
+    #     oauth_consumer_key: OAuth consumer key
+    #     oauth_consumer_secret: OAuth consumer secret
+
+    def self.load_yaml_config
+
+      path = Pathname.new("#{rails_root}/config/intuit_ids_aggcat.yml")
+
+      if File.exists?(path)
+        cfg = YAML::load(ERB.new(File.read(path)).result)
+        unless cfg[rails_env]
+          raise "config/intuit_ids_aggcat.yml is missing a section for `#{rails_env}`"
+        end
+        IntuitIdsAggcat.config(cfg[rails_env])
+      end
+
+    end
+
+
+    # Configures gem to log to the Rails default logger.
+    # @return [nil]
+    def self.log_to_rails_logger
+      AWS.config(:logger => rails_logger)
+      nil
+    end
+
+    # @private
+    protected
+    def self.rails_env
+      ::Rails.respond_to?(:env) ? ::Rails.env : RAILS_ENV
+    end
+
+    # @private
+    protected
+    def self.rails_root
+      ::Rails.respond_to?(:root) ? ::Rails.root.to_s : RAILS_ROOT
+    end
+
+    # @private
+    protected
+    def self.rails_logger
+      ::Rails.respond_to?(:logger) ? ::Rails.logger : ::RAILS_DEFAULT_LOGGER
+    end
+
+  end
+end

data/lib/intuit_ids_aggcat/version.rb

@@ -0,0 +1,3 @@
+module IntuitIdsAggcat
+  VERSION = "0.0.5"
+end

data/lib/intuit_ids_aggcat.rb

@@ -0,0 +1,23 @@
+require "intuit_ids_aggcat/version"
+require "intuit_ids_aggcat/core"
+
+module IntuitIdsAggcat
+  class << self
+
+    # @private
+    @@config = nil
+    @@client = nil
+
+    def config options = {}
+      @@config ||= Core::Configuration.new
+      @@config = @@config.with(options) unless options.empty?
+      @@config
+    end
+
+    def client
+      @@client ||= Client::Services.new
+      @@client
+    end
+
+  end
+end

data/spec/config/intuit_ids_aggcat.yml

@@ -0,0 +1,5 @@
+development:
+  certificate_path: test.key
+  issuer_id: rails_test_id
+  oauth_consumer_key: rails_test_key
+  oauth_consumer_secret: rails_test_secret

data/spec/config/test.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAiWgAwIBAgIJAKqWuLF2VM4+MA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTESMBAGA1UEBxMJQ2hhcmxv
+dHRlMQ0wCwYDVQQKEwRUZXN0MB4XDTEyMTAyNjE4NDk1NloXDTEyMTEyNTE4NDk1
+NlowSTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYD
+VQQHEwlDaGFybG90dGUxDTALBgNVBAoTBFRlc3QwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAL9zKDXCbw+Xc8IugYrK7ffJsHQYr8rZKr0hw3XksEYRHb/LqCSw
+ZF5aUTY1ECGb0QlD9uYxYWTvmpqZcTRIJANQgqhr1CH4hpEXJAdTJVzdJMaxeCjO
+F40cHTwyeMP5Ou5Vsq3gKWTnJkGvDkJXHCqRkwduLk6FiWOfat2I9CjjAgMBAAGj
+gaswgagwHQYDVR0OBBYEFGdV8DGee/TMuZDgQW1wdZ1k0HuNMHkGA1UdIwRyMHCA
+FGdV8DGee/TMuZDgQW1wdZ1k0HuNoU2kSzBJMQswCQYDVQQGEwJVUzEXMBUGA1UE
+CBMOTm9ydGggQ2Fyb2xpbmExEjAQBgNVBAcTCUNoYXJsb3R0ZTENMAsGA1UEChME
+VGVzdIIJAKqWuLF2VM4+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+IdnfNuBftWE97JyhPiADYGsV8l+2KE2mxgqQacwGTgorxiwjBph1l26WY8fb3LCK
+xKNDrMfcDJfSxgI8xqw3AsjDTWSF3tOqKTS6ApIwKf7l6BIMCTD2Xc6PTTmgNV20
+NlLkzu6mXIXIuzBrUXfHUSXIsSUly+dX6fHKxMlToU8=
+-----END CERTIFICATE-----

data/spec/configuration_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe IntuitIdsAggcat::Core::Configuration do
+  it 'should configure issuer id' do
+    IntuitIdsAggcat.config(:issuer_id => "test_issuer")
+    IntuitIdsAggcat.config.issuer_id.should == "test_issuer"
+  end
+
+  it 'should configure oauth consumer key' do
+    IntuitIdsAggcat.config(:oauth_consumer_key => "consumer_key")
+    IntuitIdsAggcat.config.oauth_consumer_key.should == "consumer_key"
+  end
+
+  it 'should configure oauth consumer secret' do
+    IntuitIdsAggcat.config(:oauth_consumer_secret => "secret")
+    IntuitIdsAggcat.config.oauth_consumer_secret.should == "secret"
+  end
+
+  it 'should configure certificate path' do
+    IntuitIdsAggcat.config(:certificate_path => "cert")
+    IntuitIdsAggcat.config.certificate_path.should == "cert"
+  end
+end

data/spec/rails_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe IntuitIdsAggcat::Rails do
+  it 'should load configuration from a YAML file' do
+    Rails = Object.new
+    ::Rails.stub(:root).and_return("#{Dir.pwd}/spec")
+    ::Rails.stub(:env).and_return("development")
+    IntuitIdsAggcat::Rails.load_yaml_config
+    IntuitIdsAggcat.config.issuer_id.should == "rails_test_id"
+    IntuitIdsAggcat.config.certificate_path.should == "test.key"
+    IntuitIdsAggcat.config.oauth_consumer_key.should == "rails_test_key"
+    IntuitIdsAggcat.config.oauth_consumer_secret.should == "rails_test_secret"
+    
+  end
+end

data/spec/saml_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe IntuitIdsAggcat::Client::Saml do
+  it 'should generate a SAML assertion' do
+    SecureRandom.stub(:uuid).and_return("6bf05546-89ee-4ec1-8cf7-e90c438cb147")
+    IntuitIdsAggcat::Client::Saml.get_saml_assertion_xml("rails_test_id", "test", "spec/config/test.key", nil, nil, Time.new(2008,6,21, 13,30,0, "+09:00")).should == 
+      "<?xml version=\"1.0\" encoding=\"UTF-8\"?><saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_6bf0554689ee4ec18cf7e90c438cb147\" IssueInstant=\"2008-06-21T04:30:00.000Z\" Version=\"2.0\"><saml2:Issuer>rails_test_id</saml2:Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><ds:Reference URI=\"#_6bf0554689ee4ec18cf7e90c438cb147\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><ds:DigestValue>nzk4auzjFeqgAeWIKFAvtjxHKqc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Yv5BHxMttOlN+N+LQnEYXDvzCpTTpqWegDJQTnJtqyohH5WEllszOrDad0ZugO4NToa179aJkb0bhSHRlUZ83BAR2WqZjTG8a9tSEd/PGAbUkGmzNiGF8kYTuXAq//PmED6HYAO/PAXzaK9kubMLO+ZlOnyD0eW7+t913A0W0VY=</ds:SignatureValue></ds:Signature><saml2:Subject><saml2:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">test</saml2:NameID><saml2:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"/></saml2:Subject><saml2:Conditions NotBefore=\"2008-06-21T04:25:00.000Z\" NotOnOrAfter=\"2008-06-21T04:40:00.000Z\"><saml2:AudienceRestriction><saml2:Audience>rails_test_id</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant=\"2008-06-21T04:30:00.000Z\" SessionIndex=\"_6bf0554689ee4ec18cf7e90c438cb147\"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>\n"
+  end
+
+  it "should return signed XML" do
+    IntuitIdsAggcat::Client::Saml.get_signed_info_xml("123", "test").should == 
+      "<ds:SignedInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><ds:Reference URI=\"#123\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><ds:DigestValue>test</ds:DigestValue></ds:Reference></ds:SignedInfo>"
+  end
+
+  it "should return tokens" do
+    path = Pathname.new("spec/config/real_config.yml")
+    config = YAML::load(ERB.new(File.read(path)).result)
+    IntuitIdsAggcat.config(config)
+    tokens = IntuitIdsAggcat::Client::Saml.get_tokens "test"
+    tokens[:oauth_token_secret].should_not be_nil
+    tokens[:oauth_token].should_not be_nil
+    tokens[:token_expiry].should_not be_nil
+  end
+end
+