kraut 0.5.6

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,106 @@
+require "spec_helper"
+
+describe Kraut::SessionsController do
+
+  describe "routing" do
+    it "should route to new" do
+      { :get => "/sessions/new" }.
+        should route_to(:controller => "kraut/sessions", :action => "new")
+    end
+
+    it "should route to create" do
+      { :post => "/sessions" }.
+        should route_to(:controller => "kraut/sessions", :action => "create")
+    end
+
+    it "should route to destroy" do
+      { :delete => "/sessions" }.
+        should route_to(:controller => "kraut/sessions", :action => "destroy")
+    end
+  end
+
+  describe "GET :new" do
+    it "should assign a session" do
+      get :new
+      assigns[:session].should be_a(Kraut::Session)
+    end
+  end
+
+  describe "POST :create" do
+    before do
+      @user = Kraut::Session.new
+      Kraut::Session.expects(:new).returns(@user)
+      controller.expects(:authenticate_application)
+      Kraut::Rails::Engine.config.entry_url = "/blu"
+    end
+
+    context "with valid credentials" do
+      context "and :stored_location is not set" do
+        before do
+          @user.expects(:valid?).returns(true)
+          post :create
+        end
+
+        it "should store the new session" do
+          controller.user.should == @user
+        end
+
+        it "should redirect to configured entry_url" do
+          response.should redirect_to("/blu")
+        end
+      end
+
+      context "and :stored_location is set" do
+        before do
+          @user.expects(:valid?).returns(true)
+          session[:stored_location] = "/url/we/want"
+          post :create
+        end
+
+        it "should store the new session" do
+          controller.user.should == @user
+        end
+
+        it "should redirect to :stored_location" do
+          response.should redirect_to("/url/we/want")
+        end
+
+        it "should delete the :stored_location parameter" do
+          session[:stored_location].should be_nil
+        end
+      end
+    end
+
+    context "with invalid credentials" do
+      before do
+        @user.expects(:valid?).returns(false)
+        session[:stored_location] = "/url/we/want"
+        post :create
+      end
+
+      it "should not store the new session" do
+        controller.user.should be_nil
+      end
+
+      it "should render the :new action" do
+        response.should render_template(:new)
+      end
+
+      it "should not delete the :stored_location parameter" do
+        session[:stored_location].should_not be_nil
+      end
+    end
+  end
+
+  describe "DELETE :destroy" do
+    it "should logout, reset the session and redirect to configured entry_url" do
+      controller.switch_user(Kraut::Session.new)
+      Kraut::Rails::Engine.config.entry_url = "/bla"
+      delete :destroy
+      controller.logged_in?.should == false
+      session.should == {}
+      response.should redirect_to("/bla")
+    end
+  end
+
+end

data/spec/fixtures/authenticate_application/invalid_app.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>Failed to find entity of type [com.atlassian.crowd.model.application.Application] with identifier [invalid]</faultstring>
+         <detail>
+            <InvalidAuthenticationException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_application/invalid_password.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>The password in the application's crowd.properties file does not match the password in Crowd. Application with invalid password: app</faultstring>
+         <detail>
+            <InvalidAuthenticationException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_application/success.xml

@@ -0,0 +1,10 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:authenticateApplicationResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>
+            <name xmlns="http://authentication.integration.crowd.atlassian.com">app</name>
+            <token xmlns="http://authentication.integration.crowd.atlassian.com">J8n5KCem7Djk30zel0rUdA00</token>
+         </ns1:out>
+      </ns1:authenticateApplicationResponse>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_principal/application_access_denied.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>com.atlassian.crowd.manager.application.ApplicationAccessDeniedException: User does not have access to application my-app</faultstring>
+         <detail>
+            <ApplicationAccessDeniedException xmlns="urn:SecurityServer" />
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_principal/invalid_password.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>Failed to authenticate principal, password was invalid</faultstring>
+         <detail>
+            <InvalidAuthenticationException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_principal/invalid_user.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>Failed to find entity of type [com.atlassian.crowd.model.application.Application] with identifier [unknown]</faultstring>
+         <detail>
+            <InvalidAuthenticationException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/authenticate_principal/success.xml

@@ -0,0 +1,7 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:authenticatePrincipalResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>COvlhb092poBHXi4rh4PQg00</ns1:out>
+      </ns1:authenticatePrincipalResponse>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/find_principal_by_token/invalid_token.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>Failed to find entity of type [com.atlassian.crowd.model.token.Token] with identifier [0d0hWMoxDJLsO05lX06oKA02]</faultstring>
+         <detail>
+            <InvalidTokenException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/find_principal_by_token/success.xml

@@ -0,0 +1,39 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:findPrincipalByTokenResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>
+            <ID xmlns="http://soap.integration.crowd.atlassian.com">-1</ID>
+            <active xmlns="http://soap.integration.crowd.atlassian.com">true</active>
+            <attributes xmlns="http://soap.integration.crowd.atlassian.com">
+               <SOAPAttribute>
+                  <name>givenName</name>
+                  <values>
+                     <ns1:string>Test</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>sn</name>
+                  <values>
+                     <ns1:string>Supervisor</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>displayName</name>
+                  <values>
+                     <ns1:string>Test Supervisor</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>mail</name>
+                  <values>
+                     <ns1:string>no_reply@blau.de</ns1:string>
+                  </values>
+               </SOAPAttribute>
+            </attributes>
+            <description xsi:nil="true" xmlns="http://soap.integration.crowd.atlassian.com"/>
+            <directoryId xmlns="http://soap.integration.crowd.atlassian.com">32769</directoryId>
+            <name xmlns="http://soap.integration.crowd.atlassian.com">test-supervisor</name>
+         </ns1:out>
+      </ns1:findPrincipalByTokenResponse>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/find_principal_with_attributes_by_name/invalid_user.xml

@@ -0,0 +1,11 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <soap:Fault>
+         <faultcode>soap:Server</faultcode>
+         <faultstring>Failed to find entity of type [com.atlassian.crowd.integration.model.user.User] with identifier [unknown]</faultstring>
+         <detail>
+            <ObjectNotFoundException xmlns="urn:SecurityServer"/>
+         </detail>
+      </soap:Fault>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/find_principal_with_attributes_by_name/success.xml

@@ -0,0 +1,69 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:findPrincipalWithAttributesByNameResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>
+            <ID xmlns="http://soap.integration.crowd.atlassian.com">-1</ID>
+            <active xmlns="http://soap.integration.crowd.atlassian.com">true</active>
+            <attributes xmlns="http://soap.integration.crowd.atlassian.com">
+               <SOAPAttribute>
+                  <name>givenName</name>
+                  <values>
+                     <ns1:string>Test</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>sn</name>
+                  <values>
+                     <ns1:string>User</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>displayName</name>
+                  <values>
+                     <ns1:string>Test User</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>mail</name>
+                  <values>
+                     <ns1:string>test@blau.de</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>requiresPasswordChange</name>
+                  <values>
+                     <ns1:string>false</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>invalidPasswordAttempts</name>
+                  <values>
+                     <ns1:string>0</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>lastAuthenticated</name>
+                  <values>
+                     <ns1:string>1286895918952</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>passwordLastChanged</name>
+                  <values>
+                     <ns1:string>1274258741546</ns1:string>
+                  </values>
+               </SOAPAttribute>
+               <SOAPAttribute>
+                  <name>inexsoUserId</name>
+                  <values>
+                     <ns1:string>107</ns1:string>
+                  </values>
+               </SOAPAttribute>
+            </attributes>
+            <description xsi:nil="true" xmlns="http://soap.integration.crowd.atlassian.com"/>
+            <directoryId xmlns="http://soap.integration.crowd.atlassian.com">32769</directoryId>
+            <name xmlns="http://soap.integration.crowd.atlassian.com">test</name>
+         </ns1:out>
+      </ns1:findPrincipalWithAttributesByNameResponse>
+   </soap:Body>
+</soap:Envelope>

data/spec/fixtures/is_group_member/not_in_group.xml

@@ -0,0 +1,8 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:isGroupMemberResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>false</ns1:out>
+      </ns1:isGroupMemberResponse>
+   </soap:Body>
+</soap:Envelope>
+

data/spec/fixtures/is_group_member/success.xml

@@ -0,0 +1,8 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+   <soap:Body>
+      <ns1:isGroupMemberResponse xmlns:ns1="urn:SecurityServer">
+         <ns1:out>true</ns1:out>
+      </ns1:isGroupMemberResponse>
+   </soap:Body>
+</soap:Envelope>
+

data/spec/kraut/application_spec.rb

@@ -0,0 +1,99 @@
+require "spec_helper"
+require "kraut/application"
+
+describe Kraut::Application do
+  let(:application) { Kraut::Application }
+
+  before do
+    savon.expects(:authenticate_application).returns(:success)
+    Kraut::Application.authenticate "app", "password"
+  end
+
+  describe ".authenticate" do
+    it "should return the application credentials" do
+      savon.expects(:authenticate_application).returns(:success)
+      
+      credentials = application.authenticate "app", "password"
+      credentials.should == ["app", "password", "J8n5KCem7Djk30zel0rUdA00"]
+    end
+
+    it "should set the application name" do
+      application.name.should == "app"
+    end
+
+    it "should set the application password" do
+      application.password.should == "password"
+    end
+
+    it "should set the authentication token" do
+      application.token.should == "J8n5KCem7Djk30zel0rUdA00"
+    end
+
+    it "should set the last authentication time" do
+      application.authenticated_at.should be_a(Time)
+    end
+
+    context "in case of an invalid application name" do
+      before { savon.expects(:authenticate_application).returns(:invalid_app) }
+
+      it "should raise an InvalidAuthentication error" do
+        lambda { Kraut::Application.authenticate "invalid", "invalid" }.
+          should raise_error(Kraut::InvalidAuthentication, /with identifier \[invalid\]/)
+      end
+    end
+
+    context "in case of an invalid password" do
+      before { savon.expects(:authenticate_application).returns(:invalid_password) }
+
+      it "should raise an InvalidAuthentication error" do
+        lambda { Kraut::Application.authenticate "app", "invalid" }.
+          should raise_error(Kraut::InvalidAuthentication, /Application with invalid password/)
+      end
+    end
+  end
+
+  describe ".name" do
+    it "should contain the application name" do
+      application.name.should == "app"
+    end
+  end
+
+  describe ".password" do
+    it "should contain the application password" do
+      application.password.should == "password"
+    end
+  end
+
+  describe ".token" do
+    it "should contain the authentication token" do
+      application.token.should == "J8n5KCem7Djk30zel0rUdA00"
+    end
+  end
+
+  describe ".authentication_required?" do
+    context "when not authenticated" do
+      before { Kraut::Application.authenticated_at = nil }
+
+      it "should return true" do
+        application.authentication_required?.should == true
+      end
+    end
+
+    context "when authentication expired (default timeout = 10 min)" do
+      before { Kraut::Application.authenticated_at = Time.now - (60 * 11) }
+
+      it "should return true" do
+        application.authentication_required?.should == true
+      end
+    end
+
+    context "when authenticated" do
+      before { Kraut::Application.authenticated_at = Time.now }
+
+      it "should return false" do
+        application.authentication_required?.should == false
+      end
+    end
+  end
+
+end

data/spec/kraut/client_spec.rb

@@ -0,0 +1,101 @@
+require "spec_helper"
+require "kraut/client"
+
+describe Kraut::Client do
+
+  shared_examples_for "a Kraut::Client" do
+    context "when receiving an ApplicationAccessDenied error" do
+      it "should raise a Kraut::ApplicationAccessDenied error" do
+        savon.expects(:authenticate_principal).returns(:application_access_denied)
+        expect { subject.request :authenticate_principal, :some => :request }.to raise_error(Kraut::ApplicationAccessDenied)
+      end
+    end
+
+    context "when receiving an InvalidAuthentication error" do
+      it "should raise a Kraut::InvalidAuthentication error" do
+        savon.expects(:authenticate_principal).returns(:invalid_user)
+        expect { subject.request :authenticate_principal, :some => :request }.to raise_error(Kraut::InvalidAuthentication)
+      end
+    end
+  end
+
+  describe ".request" do
+    context "when successful" do
+      before do
+        savon.expects(:authenticate_application).with(
+          :in0 => { "aut:credential" => { "aut:credential" => "password" }, "aut:name" => "name" }
+        ).returns(:success)
+      end
+
+      it "should return the response as a Hash" do
+        result = subject.request :authenticate_application, :in0 => {
+          "aut:credential" => { "aut:credential" => "password" }, "aut:name" => "name"
+        }
+        
+        result.should include(:out => { :token => "J8n5KCem7Djk30zel0rUdA00", :name => "app" })
+      end
+    end
+
+    context "when Savon raises errors" do
+      it_should_behave_like "a Kraut::Client"
+    end
+
+    context "when Savon does not raise errors" do
+      it_should_behave_like "a Kraut::Client"
+    end
+  end
+
+  describe ".auth_request" do
+    context "when successful" do
+      before do
+        Kraut::Application.expects(:name).returns("app")
+        Kraut::Application.expects(:token).returns("J8n5KCem7Djk30zel0rUdA00")
+        
+        savon.expects(:authenticate_principal).with(
+          :in0 => { "aut:name" => "app", "aut:token" => "J8n5KCem7Djk30zel0rUdA00" },
+          :in1 => {
+            "aut:application" => "app",
+            "aut:credential" => { "aut:credential" => "password" }, "aut:name" => "name"
+          },
+          :order! => [:in0, :in1]
+        ).returns(:success)
+      end
+
+      it "should return the response as a Hash" do
+        result = subject.auth_request :authenticate_principal, :in1 => {
+          "aut:application" => "app",
+          "aut:credential" => { "aut:credential" => "password" }, "aut:name" => "name"
+        }
+        
+        result.should include(:out => "COvlhb092poBHXi4rh4PQg00")
+      end
+    end
+
+    context "when Savon raises errors" do
+      it_should_behave_like "a Kraut::Client"
+    end
+
+    context "when Savon does not raise errors" do
+      it_should_behave_like "a Kraut::Client"
+    end
+  end
+
+  describe ".client" do
+    it "should return a Savon::Client instance" do
+      Kraut::Client.client.should be_a(Savon::Client)
+    end
+
+    it "should memoize the Savon::Client instance" do
+      Kraut::Client.client.should equal(Kraut::Client.client)
+    end
+
+    it "should set the SOAP endpoint" do
+      Kraut::Client.client.wsdl.endpoint.should == Kraut.endpoint
+    end
+
+    it "should set the target namespace" do
+      Kraut::Client.client.wsdl.namespace.should == "urn:SecurityServer"
+    end
+  end
+
+end