maestrano-rails-test 0.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +273 -0
- data/Rakefile +38 -0
- data/app/controllers/maestrano/rails/metadata_controller.rb +8 -0
- data/app/controllers/maestrano/rails/saml_base_controller.rb +40 -0
- data/app/controllers/maestrano/rails/web_hook_controller.rb +16 -0
- data/lib/generators/active_record/maestrano_group_generator.rb +38 -0
- data/lib/generators/active_record/maestrano_user_generator.rb +38 -0
- data/lib/generators/active_record/templates/migration.rb +13 -0
- data/lib/generators/maestrano/USAGE +2 -0
- data/lib/generators/maestrano/group_generator.rb +11 -0
- data/lib/generators/maestrano/install_generator.rb +31 -0
- data/lib/generators/maestrano/orm_helpers.rb +75 -0
- data/lib/generators/maestrano/templates/group_users_controller.rb +26 -0
- data/lib/generators/maestrano/templates/groups_controller.rb +36 -0
- data/lib/generators/maestrano/templates/maestrano.rb +126 -0
- data/lib/generators/maestrano/templates/saml_controller.rb +52 -0
- data/lib/generators/maestrano/user_generator.rb +11 -0
- data/lib/generators/mongoid/maestrano_group_generator.rb +26 -0
- data/lib/generators/mongoid/maestrano_user_generator.rb +26 -0
- data/lib/maestrano-rails.rb +1 -0
- data/lib/maestrano/rails.rb +11 -0
- data/lib/maestrano/rails/controllers/maestrano_security.rb +32 -0
- data/lib/maestrano/rails/models/maestrano_auth_resource.rb +116 -0
- data/lib/maestrano/rails/routing/routes.rb +28 -0
- data/lib/maestrano/rails/version.rb +5 -0
- data/test/controllers/generic_controller_test.rb +56 -0
- data/test/controllers/group_users_controller_test.rb +23 -0
- data/test/controllers/groups_controller_test.rb +24 -0
- data/test/controllers/metadata_controller_test.rb +25 -0
- data/test/controllers/saml_controller_test.rb +123 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +44 -0
- data/test/dummy/log/test.log +6611 -0
- data/test/dummy_activerecord/README.rdoc +261 -0
- data/test/dummy_activerecord/Rakefile +7 -0
- data/test/dummy_activerecord/app/assets/javascripts/application.js +15 -0
- data/test/dummy_activerecord/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_activerecord/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_activerecord/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_activerecord/app/controllers/application_controller.rb +3 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_activerecord/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_activerecord/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_activerecord/app/helpers/application_helper.rb +2 -0
- data/test/dummy_activerecord/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_activerecord/app/models/admin.rb +5 -0
- data/test/dummy_activerecord/app/models/admin/monster.rb +2 -0
- data/test/dummy_activerecord/app/models/mno_crew.rb +7 -0
- data/test/dummy_activerecord/app/models/mno_monster.rb +9 -0
- data/test/dummy_activerecord/app/models/monster.rb +2 -0
- data/test/dummy_activerecord/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_activerecord/app/views/pages/home.html.erb +2 -0
- data/test/dummy_activerecord/config.ru +4 -0
- data/test/dummy_activerecord/config/application.rb +56 -0
- data/test/dummy_activerecord/config/boot.rb +10 -0
- data/test/dummy_activerecord/config/database.yml +25 -0
- data/test/dummy_activerecord/config/environment.rb +5 -0
- data/test/dummy_activerecord/config/environments/development.rb +37 -0
- data/test/dummy_activerecord/config/environments/production.rb +67 -0
- data/test/dummy_activerecord/config/environments/test.rb +37 -0
- data/test/dummy_activerecord/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_activerecord/config/initializers/inflections.rb +15 -0
- data/test/dummy_activerecord/config/initializers/maestrano.rb +85 -0
- data/test/dummy_activerecord/config/initializers/mime_types.rb +5 -0
- data/test/dummy_activerecord/config/initializers/secret_token.rb +7 -0
- data/test/dummy_activerecord/config/initializers/session_store.rb +8 -0
- data/test/dummy_activerecord/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_activerecord/config/locales/en.yml +5 -0
- data/test/dummy_activerecord/config/routes.rb +63 -0
- data/test/dummy_activerecord/db/development.sqlite3 +0 -0
- data/test/dummy_activerecord/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_activerecord/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_activerecord/db/schema.rb +44 -0
- data/test/dummy_activerecord/db/test.sqlite3 +0 -0
- data/test/dummy_activerecord/log/development.log +76 -0
- data/test/dummy_activerecord/log/test.log +326 -0
- data/test/dummy_activerecord/public/404.html +26 -0
- data/test/dummy_activerecord/public/422.html +26 -0
- data/test/dummy_activerecord/public/500.html +25 -0
- data/test/dummy_activerecord/public/favicon.ico +0 -0
- data/test/dummy_activerecord/script/rails +6 -0
- data/test/dummy_mongoid/README.rdoc +261 -0
- data/test/dummy_mongoid/Rakefile +7 -0
- data/test/dummy_mongoid/app/assets/javascripts/application.js +15 -0
- data/test/dummy_mongoid/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_mongoid/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_mongoid/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_mongoid/app/controllers/application_controller.rb +3 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_mongoid/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_mongoid/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_mongoid/app/helpers/application_helper.rb +2 -0
- data/test/dummy_mongoid/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_mongoid/app/models/mno_crew.rb +11 -0
- data/test/dummy_mongoid/app/models/mno_monster.rb +14 -0
- data/test/dummy_mongoid/app/models/monster.rb +3 -0
- data/test/dummy_mongoid/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_mongoid/app/views/pages/home.html.erb +2 -0
- data/test/dummy_mongoid/config.ru +4 -0
- data/test/dummy_mongoid/config/application.rb +59 -0
- data/test/dummy_mongoid/config/boot.rb +10 -0
- data/test/dummy_mongoid/config/environment.rb +5 -0
- data/test/dummy_mongoid/config/environments/development.rb +37 -0
- data/test/dummy_mongoid/config/environments/production.rb +67 -0
- data/test/dummy_mongoid/config/environments/test.rb +37 -0
- data/test/dummy_mongoid/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_mongoid/config/initializers/inflections.rb +15 -0
- data/test/dummy_mongoid/config/initializers/maestrano.rb +85 -0
- data/test/dummy_mongoid/config/initializers/mime_types.rb +5 -0
- data/test/dummy_mongoid/config/initializers/secret_token.rb +7 -0
- data/test/dummy_mongoid/config/initializers/session_store.rb +8 -0
- data/test/dummy_mongoid/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_mongoid/config/locales/en.yml +5 -0
- data/test/dummy_mongoid/config/mongoid.yml +80 -0
- data/test/dummy_mongoid/config/routes.rb +63 -0
- data/test/dummy_mongoid/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_mongoid/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_mongoid/db/schema.rb +44 -0
- data/test/dummy_mongoid/public/404.html +26 -0
- data/test/dummy_mongoid/public/422.html +26 -0
- data/test/dummy_mongoid/public/500.html +25 -0
- data/test/dummy_mongoid/public/favicon.ico +0 -0
- data/test/dummy_mongoid/script/rails +6 -0
- data/test/generators/group/active_record_generator_test.rb +79 -0
- data/test/generators/group/mongoid_generator_test.rb +76 -0
- data/test/generators/group_generator_test.rb +39 -0
- data/test/generators/install_generator_test.rb +45 -0
- data/test/generators/user/active_record_generator_test.rb +79 -0
- data/test/generators/user/mongoid_generator_test.rb +76 -0
- data/test/generators/user_generator_test.rb +39 -0
- data/test/maestrano-rails_test.rb +7 -0
- data/test/models/maestrano_group_via_test.rb +66 -0
- data/test/models/maestrano_user_via_test.rb +70 -0
- data/test/test_files/config/routes.rb +58 -0
- data/test/test_helper.rb +42 -0
- data/test/tmp/app/models/monster.rb +20 -0
- metadata +418 -0
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'rails/generators/named_base'
|
2
|
+
require 'generators/maestrano/orm_helpers'
|
3
|
+
|
4
|
+
module Mongoid
|
5
|
+
module Generators
|
6
|
+
class MaestranoUserGenerator < Rails::Generators::NamedBase
|
7
|
+
include Maestrano::Generators::OrmHelpers
|
8
|
+
|
9
|
+
def inject_field_types
|
10
|
+
inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
|
11
|
+
end
|
12
|
+
|
13
|
+
def inject_maestrano_content
|
14
|
+
inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
|
15
|
+
end
|
16
|
+
|
17
|
+
def migration_data
|
18
|
+
<<RUBY
|
19
|
+
## User source identification fields
|
20
|
+
field :provider, type: String, default: ""
|
21
|
+
field :uid, type: String, default: ""
|
22
|
+
RUBY
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'maestrano/rails'
|
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'maestrano'
|
2
|
+
require 'maestrano/rails/routing/routes'
|
3
|
+
require 'maestrano/rails/models/maestrano_auth_resource'
|
4
|
+
require 'maestrano/rails/controllers/maestrano_security'
|
5
|
+
|
6
|
+
module Maestrano
|
7
|
+
module Rails
|
8
|
+
class Engine < ::Rails::Engine
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module Maestrano
|
2
|
+
module Rails
|
3
|
+
module MaestranoSecurity
|
4
|
+
# This module aims at being included into ApplicationController
|
5
|
+
# but we do not do until a maestrano_user_via is declared on
|
6
|
+
# a model (no need to polute the app)
|
7
|
+
# -
|
8
|
+
# See MaestranoAuthResource for details on how the inclusion
|
9
|
+
# is done
|
10
|
+
def self.included(base)
|
11
|
+
base.send :include, ControllerFilters
|
12
|
+
base.before_filter :verify_maestrano_session
|
13
|
+
end
|
14
|
+
|
15
|
+
module ControllerFilters
|
16
|
+
# If a maestrano session is present then we check
|
17
|
+
# its validity. If not valid anymore the filter
|
18
|
+
# triggers a Maestrano SSO handshake
|
19
|
+
def verify_maestrano_session
|
20
|
+
if Maestrano.param(:sso_enabled)
|
21
|
+
unless controller_name == 'saml' && ['init','consume'].include?(action_name)
|
22
|
+
if !Maestrano::SSO::Session.new(session).valid?(if_session:true)
|
23
|
+
redirect_to Maestrano::SSO.init_url
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
true
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,116 @@
|
|
1
|
+
require 'digest/sha1'
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module Rails
|
5
|
+
module MaestranoAuthResource
|
6
|
+
extend ActiveSupport::Concern
|
7
|
+
|
8
|
+
included do
|
9
|
+
end
|
10
|
+
|
11
|
+
# These methods are used to extend the
|
12
|
+
# behaviour of a model
|
13
|
+
module ClassMethods
|
14
|
+
# Configure a user model with mapping to SSO fields
|
15
|
+
# and add user behaviour
|
16
|
+
def maestrano_user_via(provider_field,uid_field, &block)
|
17
|
+
extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
|
18
|
+
self.maestrano_generic_configurator(provider_field,uid_field, &block)
|
19
|
+
|
20
|
+
include Maestrano::Rails::MaestranoAuthResource::LocalInstanceUserMethods
|
21
|
+
|
22
|
+
# Finally extend ApplicationController with MaestranoSecurity
|
23
|
+
# filters. It's useless to do that unless a maestrano_user is
|
24
|
+
# declared
|
25
|
+
ApplicationController.send :include, Maestrano::Rails::MaestranoSecurity
|
26
|
+
end
|
27
|
+
|
28
|
+
# Configure a group model with mapping to SSO fields
|
29
|
+
# and add group behaviour
|
30
|
+
def maestrano_group_via(provider_field,uid_field, &block)
|
31
|
+
extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
|
32
|
+
self.maestrano_generic_configurator(provider_field,uid_field, &block)
|
33
|
+
|
34
|
+
include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGroupMethods
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# Actual class methods - injected after behaviour
|
39
|
+
# has been added (don't polute the model scope)
|
40
|
+
module LocalClassGenericMethods
|
41
|
+
def maestrano_generic_configurator(provider_field,uid_field, &block)
|
42
|
+
cattr_accessor :maestrano_options
|
43
|
+
self.maestrano_options = {
|
44
|
+
provider: provider_field.to_s,
|
45
|
+
uid: uid_field.to_s,
|
46
|
+
mapping: block
|
47
|
+
}
|
48
|
+
|
49
|
+
include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGenericMethods
|
50
|
+
end
|
51
|
+
|
52
|
+
# Find the resource based on provider and uid fields or create
|
53
|
+
# it using the mapping block defined at the model level
|
54
|
+
def find_or_create_for_maestrano(auth_hash)
|
55
|
+
# Look for the entity first
|
56
|
+
entity = self.where(
|
57
|
+
self.maestrano_options[:provider].to_sym => auth_hash[:provider],
|
58
|
+
self.maestrano_options[:uid].to_sym => auth_hash[:uid],
|
59
|
+
).first
|
60
|
+
|
61
|
+
# Create it otherwise
|
62
|
+
unless entity
|
63
|
+
# Extract maestrano information into proper objects
|
64
|
+
info = OpenStruct.new(auth_hash[:info])
|
65
|
+
extra = OpenStruct.new(auth_hash[:extra])
|
66
|
+
|
67
|
+
# Create entity
|
68
|
+
entity = self.new
|
69
|
+
|
70
|
+
# Set password on entity in case this is required
|
71
|
+
# This is done before the mapping block in case
|
72
|
+
# password has been taken care of by the developer
|
73
|
+
password = Digest::SHA1.hexdigest("#{Time.now.utc}-#{rand(100)}")[0..20]
|
74
|
+
begin
|
75
|
+
entity.password = password if entity.respond_to?(:password)
|
76
|
+
entity.password_confirmation = password if entity.respond_to?(:password_confirmation)
|
77
|
+
rescue Exception => e
|
78
|
+
end
|
79
|
+
|
80
|
+
# Call mapping block
|
81
|
+
self.maestrano_options[:mapping].call(entity,info,extra)
|
82
|
+
|
83
|
+
# Finally set provider and uid then save
|
84
|
+
entity.send("#{self.maestrano_options[:provider]}=",auth_hash[:provider])
|
85
|
+
entity.send("#{self.maestrano_options[:uid]}=",auth_hash[:uid])
|
86
|
+
entity.save!
|
87
|
+
end
|
88
|
+
|
89
|
+
return entity
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
# Generic Instance behaviour
|
94
|
+
module LocalInstanceGenericMethods
|
95
|
+
def maestrano?
|
96
|
+
send(self.maestrano_options[:provider]) == 'maestrano' &&
|
97
|
+
!send(self.maestrano_options[:uid]).blank?
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
module LocalInstanceUserMethods
|
102
|
+
end
|
103
|
+
|
104
|
+
module LocalInstanceGroupMethods
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
if defined?(ActiveRecord)
|
111
|
+
ActiveRecord::Base.send :include, Maestrano::Rails::MaestranoAuthResource
|
112
|
+
end
|
113
|
+
|
114
|
+
if defined?(Mongoid)
|
115
|
+
Mongoid::Document.send :include, Maestrano::Rails::MaestranoAuthResource
|
116
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module ActionDispatch::Routing
|
2
|
+
class Mapper
|
3
|
+
def maestrano_routes
|
4
|
+
namespace :maestrano do
|
5
|
+
scope module: :rails do
|
6
|
+
get '/metadata' => 'metadata#index'
|
7
|
+
end
|
8
|
+
|
9
|
+
namespace :rails do
|
10
|
+
get '/maestrano/metadata'
|
11
|
+
end
|
12
|
+
|
13
|
+
namespace :auth do
|
14
|
+
resources :saml, only:[] do
|
15
|
+
get 'init', on: :collection
|
16
|
+
post 'consume', on: :collection
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
namespace :account do
|
21
|
+
resources :groups, only: [:destroy] do
|
22
|
+
resources :users, only: [:destroy], controller: 'group_users'
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class GenericControllerTest < ActionController::TestCase
|
4
|
+
tests PagesController
|
5
|
+
|
6
|
+
context "with a maestrano session" do
|
7
|
+
setup do
|
8
|
+
@original_sso_value = Maestrano.param(:sso_enabled)
|
9
|
+
Maestrano.configure { |config| config.sso_enabled = true }
|
10
|
+
|
11
|
+
@request.session[:maestrano] = Base64.encode64({
|
12
|
+
uid: 'usr-1',
|
13
|
+
session: 'fdsf544fd5sd4f',
|
14
|
+
session_recheck: Time.now.utc.iso8601,
|
15
|
+
group_uid: 'cld-1'
|
16
|
+
}.to_json)
|
17
|
+
end
|
18
|
+
|
19
|
+
teardown do
|
20
|
+
Maestrano.configure { |config| config.sso_enabled = @original_sso_value }
|
21
|
+
end
|
22
|
+
|
23
|
+
should "be successful if the maestrano session is still valid" do
|
24
|
+
sso_session = mock('maestrano_sso_session')
|
25
|
+
sso_session.stubs(:valid?).returns(true)
|
26
|
+
Maestrano::SSO::Session.stubs(:new).returns(sso_session)
|
27
|
+
get :home
|
28
|
+
assert_response :success
|
29
|
+
end
|
30
|
+
|
31
|
+
should "initialize redirect to SSO initialization if invalid" do
|
32
|
+
sso_session = mock('maestrano_sso_session')
|
33
|
+
sso_session.stubs(:valid?).returns(false)
|
34
|
+
Maestrano::SSO::Session.stubs(:new).returns(sso_session)
|
35
|
+
get :home
|
36
|
+
assert_redirected_to Maestrano::SSO.init_url
|
37
|
+
end
|
38
|
+
|
39
|
+
should "not redirect to SSO init if sso is disabled" do
|
40
|
+
Maestrano.configure { |config| config.sso_enabled = false }
|
41
|
+
sso_session = mock('maestrano_sso_session')
|
42
|
+
sso_session.stubs(:valid?).returns(false)
|
43
|
+
Maestrano::SSO::Session.stubs(:new).returns(sso_session)
|
44
|
+
get :home
|
45
|
+
assert_response :success
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
context "with no maestrano session" do
|
50
|
+
should "be successful" do
|
51
|
+
get :home
|
52
|
+
assert_response :success
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class GroupUsersControllerTest < ActionController::TestCase
|
4
|
+
tests Maestrano::Account::GroupUsersController
|
5
|
+
|
6
|
+
context "unauthenticated" do
|
7
|
+
should "deny access" do
|
8
|
+
delete :destroy, group_id: 'cld-1', id: 'usr-1'
|
9
|
+
assert_equal '401', response.code
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "authenticated" do
|
14
|
+
setup do
|
15
|
+
@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64.encode64("#{Maestrano.param('api.id')}:#{Maestrano.param('api.key')}")
|
16
|
+
end
|
17
|
+
|
18
|
+
should "be successful" do
|
19
|
+
delete :destroy, group_id: 'cld-1', id: 'usr-1'
|
20
|
+
assert_equal '200', response.code
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class GroupsControllerTest < ActionController::TestCase
|
4
|
+
tests Maestrano::Account::GroupsController
|
5
|
+
|
6
|
+
context "unauthenticated" do
|
7
|
+
should "deny access" do
|
8
|
+
delete :destroy, id: 'cld-1'
|
9
|
+
assert_equal '401', response.code
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "authenticated" do
|
14
|
+
setup do
|
15
|
+
@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64.encode64("#{Maestrano.param('api.id')}:#{Maestrano.param('api.key')}")
|
16
|
+
end
|
17
|
+
|
18
|
+
should "be successful" do
|
19
|
+
delete :destroy, id: 'cld-1'
|
20
|
+
assert_equal '200', response.code
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class MetadataControllerTest < ActionController::TestCase
|
4
|
+
tests Maestrano::Rails::MetadataController
|
5
|
+
|
6
|
+
context "unauthenticated" do
|
7
|
+
should "deny access" do
|
8
|
+
get :index
|
9
|
+
assert_equal '401', response.code
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "authenticated" do
|
14
|
+
setup do
|
15
|
+
@request.env["HTTP_AUTHORIZATION"] = "Basic " + Base64.encode64("#{Maestrano.param('api.id')}:#{Maestrano.param('api.key')}")
|
16
|
+
end
|
17
|
+
|
18
|
+
should "be successful" do
|
19
|
+
get :index
|
20
|
+
assert_equal '200', response.code
|
21
|
+
assert_equal Maestrano.to_metadata.to_json, response.body
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
@@ -0,0 +1,123 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class SamlBaseControllerTest < ActionController::TestCase
|
4
|
+
tests Maestrano::Auth::SamlController
|
5
|
+
|
6
|
+
context "init phase" do
|
7
|
+
setup do
|
8
|
+
@req = mock('saml_request_instance')
|
9
|
+
@req_params = {'controller' => 'maestrano/auth/saml', 'action' => 'init', 'a_param' => 'value'}
|
10
|
+
@req.stubs(:redirect_url).returns("http://idpprovider.com?r=request")
|
11
|
+
|
12
|
+
end
|
13
|
+
|
14
|
+
should "create a saml request using params and session and redirect the user" do
|
15
|
+
Maestrano::Saml::Request.stubs(:new).with(@req_params,@request.session).returns(@req)
|
16
|
+
get :init, a_param: 'value'
|
17
|
+
assert_redirected_to @req.redirect_url
|
18
|
+
end
|
19
|
+
|
20
|
+
should "create a saml request successfully if a maestrano session is already set" do
|
21
|
+
@request.session[:mno_uid] = 'usr-1'
|
22
|
+
@request.session[:mno_session] = 'fdsf544fd5sd4f'
|
23
|
+
@request.session[:mno_session_recheck] = Time.now.utc.iso8601
|
24
|
+
@request.session[:mno_group_uid] = 'cld-1'
|
25
|
+
|
26
|
+
Maestrano::Saml::Request.stubs(:new).with(@req_params,@request.session).returns(@req)
|
27
|
+
get :init, a_param: 'value'
|
28
|
+
assert_redirected_to @req.redirect_url
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context "consume phase" do
|
33
|
+
setup do
|
34
|
+
@saml_attr = {
|
35
|
+
'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
|
36
|
+
'mno_session_recheck' => Time.now.utc.iso8601,
|
37
|
+
'group_uid' => 'cld-1',
|
38
|
+
'group_end_free_trial' => Time.now.utc.iso8601,
|
39
|
+
'group_role' => 'Admin',
|
40
|
+
'uid' => "usr-1",
|
41
|
+
'virtual_uid' => "usr-1.cld-1",
|
42
|
+
'email' => "j.doe@doecorp.com",
|
43
|
+
'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
|
44
|
+
'name' => "John",
|
45
|
+
"surname" => "Doe",
|
46
|
+
"country" => "AU",
|
47
|
+
"company_name" => "DoeCorp"
|
48
|
+
}
|
49
|
+
@saml_resp = mock('saml_response')
|
50
|
+
@saml_resp.stubs(:attributes).returns(@saml_attr)
|
51
|
+
@saml_resp.stubs(:validate!).returns(true)
|
52
|
+
Maestrano::Saml::Response.stubs(:new).returns(@saml_resp)
|
53
|
+
end
|
54
|
+
|
55
|
+
should "set a saml_request in scope" do
|
56
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
57
|
+
assert_equal @saml_resp, @controller.saml_response
|
58
|
+
end
|
59
|
+
|
60
|
+
should "set the user_auth_hash in scope" do
|
61
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
62
|
+
expected_hash = Maestrano::SSO::BaseUser.new(@saml_resp).to_hash
|
63
|
+
assert_equal expected_hash, @controller.user_auth_hash
|
64
|
+
end
|
65
|
+
|
66
|
+
should "set the group_auth_hash in scope" do
|
67
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
68
|
+
expected_hash = Maestrano::SSO::BaseGroup.new(@saml_resp).to_hash
|
69
|
+
assert_equal expected_hash, @controller.group_auth_hash
|
70
|
+
end
|
71
|
+
|
72
|
+
should "set the user_group_rel_hash in scope" do
|
73
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
74
|
+
expected_hash = {
|
75
|
+
provider: 'maestrano',
|
76
|
+
user_uid: @saml_attr['uid'],
|
77
|
+
group_uid: @saml_attr['group_uid'],
|
78
|
+
role: @saml_attr['group_role'],
|
79
|
+
}
|
80
|
+
assert_equal expected_hash, @controller.user_group_rel_hash
|
81
|
+
end
|
82
|
+
|
83
|
+
should "set the maestrano session" do
|
84
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
85
|
+
decrypted_session = JSON.parse(Base64.decode64(@request.session[:maestrano]))
|
86
|
+
|
87
|
+
assert_equal @saml_attr['uid'], decrypted_session['uid']
|
88
|
+
assert_equal @saml_attr['mno_session'], decrypted_session['session']
|
89
|
+
assert_equal @saml_attr['mno_session_recheck'], decrypted_session['session_recheck']
|
90
|
+
assert_equal @saml_attr['group_uid'], decrypted_session['group_uid']
|
91
|
+
end
|
92
|
+
|
93
|
+
should "reset the maestrano session successfully if one already exists" do
|
94
|
+
params = {
|
95
|
+
uid: 'usr-1',
|
96
|
+
session: 'fdsf544fd5sd4f',
|
97
|
+
session_recheck: Time.now.utc.iso8601,
|
98
|
+
group_uid: 'cld-1'
|
99
|
+
}
|
100
|
+
@request.session[:maestrano] = Base64.encode64(params.to_json)
|
101
|
+
|
102
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
103
|
+
decrypted_session = JSON.parse(Base64.decode64(@request.session[:maestrano]))
|
104
|
+
|
105
|
+
assert_equal @saml_attr['uid'], decrypted_session['uid']
|
106
|
+
assert_equal @saml_attr['mno_session'], decrypted_session['session']
|
107
|
+
assert_equal @saml_attr['mno_session_recheck'], decrypted_session['session_recheck']
|
108
|
+
assert_equal @saml_attr['group_uid'], decrypted_session['group_uid']
|
109
|
+
end
|
110
|
+
|
111
|
+
context "error" do
|
112
|
+
setup do
|
113
|
+
@saml_resp.stubs(:validate!).raises(NoMethodError.new("Bla"))
|
114
|
+
end
|
115
|
+
|
116
|
+
should "redirect to maestrano on any error" do
|
117
|
+
post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
|
118
|
+
assert_redirected_to "#{Maestrano::SSO.unauthorized_url}?err=internal"
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
end
|