maestrano-rails 0.1.0

data/lib/generators/mongoid/maestrano_user_generator.rb

@@ -0,0 +1,26 @@
+require 'rails/generators/named_base'
+require 'generators/maestrano/orm_helpers'
+
+module Mongoid
+  module Generators
+    class MaestranoUserGenerator < Rails::Generators::NamedBase
+      include Maestrano::Generators::OrmHelpers
+      
+      def inject_field_types
+        inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
+      end
+
+      def inject_maestrano_content
+        inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
+      end
+      
+      def migration_data
+<<RUBY
+  ## User source identification fields
+  field :provider,  type: String, default: ""
+  field :uid,       type: String, default: ""
+RUBY
+      end
+    end
+  end
+end

data/lib/maestrano/rails/controllers/maestrano_security.rb

@@ -0,0 +1,32 @@
+module Maestrano
+  module Rails
+    module MaestranoSecurity
+      # This module aims at being included into ApplicationController
+      # but we do not do until a maestrano_user_via is declared on
+      # a model (no need to polute the app)
+      # - 
+      # See MaestranoAuthResource for details on how the inclusion
+      # is done
+      def self.included(base)
+        base.send :include, ControllerFilters
+        base.before_filter :verify_maestrano_session
+      end
+      
+      module ControllerFilters
+        # If a maestrano session is present then we check
+        # its validity. If not valid anymore the filter
+        # triggers a Maestrano SSO handshake
+        def verify_maestrano_session
+          if Maestrano.param(:sso_enabled)
+            unless controller_name == 'saml' && ['init','consume'].include?(action_name)
+              if session && session[:mno_uid] && !Maestrano::SSO::Session.new(session).valid?
+                redirect_to Maestrano::SSO.init_url
+              end
+            end
+          end
+          true
+        end
+      end
+    end
+  end
+end

data/lib/maestrano/rails/models/maestrano_auth_resource.rb

@@ -0,0 +1,96 @@
+module Maestrano
+  module Rails
+    module MaestranoAuthResource
+      extend ActiveSupport::Concern
+ 
+      included do
+      end
+      
+      # These methods are used to extend the
+      # behaviour of a model
+      module ClassMethods
+        # Configure a user model with mapping to SSO fields
+        # and add user behaviour
+        def maestrano_user_via(provider_field,uid_field, &block)
+          extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
+          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          
+          include Maestrano::Rails::MaestranoAuthResource::LocalInstanceUserMethods
+          
+          # Finally extend ApplicationController with MaestranoSecurity
+          # filters. It's useless to do that unless a maestrano_user is
+          # declared
+          ApplicationController.send :include, Maestrano::Rails::MaestranoSecurity
+        end
+        
+        # Configure a group model with mapping to SSO fields
+        # and add group behaviour
+        def maestrano_group_via(provider_field,uid_field, &block)
+          extend Maestrano::Rails::MaestranoAuthResource::LocalClassGenericMethods
+          self.maestrano_generic_configurator(provider_field,uid_field, &block)
+          
+          include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGroupMethods
+        end
+      end
+      
+      # Actual class methods - injected after behaviour 
+      # has been added (don't polute the model scope)
+      module LocalClassGenericMethods
+        def maestrano_generic_configurator(provider_field,uid_field, &block)
+          cattr_accessor :maestrano_options
+          self.maestrano_options = {
+            provider: provider_field.to_s,
+            uid: uid_field.to_s,
+            mapping: block
+          }
+          
+          include Maestrano::Rails::MaestranoAuthResource::LocalInstanceGenericMethods
+        end
+        
+        # Find the resource based on provider and uid fields or create
+        # it using the mapping block defined at the model level
+        def find_or_create_for_maestrano(auth_hash)
+          # Look for the entity first
+          entity = self.where(
+            self.maestrano_options[:provider].to_sym => auth_hash[:provider],
+            self.maestrano_options[:uid].to_sym => auth_hash[:uid],
+          ).first
+          
+          # Create it otherwise
+          unless entity
+            # Extract maestrano information into proper objects
+            info = OpenStruct.new(auth_hash[:info])
+            extra = OpenStruct.new(auth_hash[:extra])
+            
+            # Create entity and call mapping block
+            entity = self.new
+            self.maestrano_options[:mapping].call(entity,info,extra)
+            
+            # Finally set provider and uid then save
+            entity.send("#{self.maestrano_options[:provider]}=",auth_hash[:provider])
+            entity.send("#{self.maestrano_options[:uid]}=",auth_hash[:uid])
+            entity.save!
+          end
+          
+          return entity
+        end
+      end
+      
+      # Generic Instance behaviour
+      module LocalInstanceGenericMethods
+        def maestrano?
+          send(self.maestrano_options[:provider]) == 'maestrano' &&
+          !send(self.maestrano_options[:uid]).blank?
+        end
+      end
+      
+      module LocalInstanceUserMethods
+      end
+      
+      module LocalInstanceGroupMethods
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send :include, Maestrano::Rails::MaestranoAuthResource

data/lib/maestrano/rails/version.rb

@@ -0,0 +1,5 @@
+module Maestrano
+  module Rails
+    VERSION = "0.1.0"
+  end
+end

data/lib/maestrano/rails.rb

@@ -0,0 +1,10 @@
+require 'maestrano'
+require 'maestrano/rails/models/maestrano_auth_resource'
+require 'maestrano/rails/controllers/maestrano_security'
+
+module Maestrano
+  module Rails
+    class Engine < ::Rails::Engine
+    end
+  end
+end

data/lib/maestrano-rails.rb

@@ -0,0 +1 @@
+require 'maestrano/rails'

data/test/controllers/generic_controller_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+class GenericControllerTest < ActionController::TestCase
+  tests PagesController
+  
+  context "with a maestrano session" do
+    setup do
+      @original_sso_value = Maestrano.param(:sso_enabled)
+      Maestrano.configure { |config| config.sso_enabled = true }
+      
+      @request.session[:mno_uid] = 'usr-1'
+      @request.session[:mno_session] = 'fdsf544fd5sd4f'
+      @request.session[:mno_session_recheck] = Time.now.utc.iso8601
+      @request.session[:mno_group_uid] = 'cld-1'
+    end
+    
+    teardown do
+      Maestrano.configure { |config| config.sso_enabled = @original_sso_value }
+    end
+    
+    should "be successful if the maestrano session is still valid" do
+      sso_session = mock('maestrano_sso_session')
+      sso_session.stubs(:valid?).returns(true)
+      Maestrano::SSO::Session.stubs(:new).returns(sso_session)
+      get :home
+      assert_response :success
+    end
+    
+    should "initialize redirect to SSO initialization if invalid" do
+      sso_session = mock('maestrano_sso_session')
+      sso_session.stubs(:valid?).returns(false)
+      Maestrano::SSO::Session.stubs(:new).returns(sso_session)
+      get :home
+      assert_redirected_to Maestrano::SSO.init_url
+    end
+    
+    should "not redirect to SSO init if sso is disabled" do
+      Maestrano.configure { |config| config.sso_enabled = false }
+      sso_session = mock('maestrano_sso_session')
+      sso_session.stubs(:valid?).returns(false)
+      Maestrano::SSO::Session.stubs(:new).returns(sso_session)
+      get :home
+      assert_response :success
+    end
+  end
+  
+  context "with no maestrano session" do
+    should "be successful" do
+      get :home
+      assert_response :success
+    end
+  end
+  
+end

data/test/controllers/saml_controller_test.rb

@@ -0,0 +1,117 @@
+require 'test_helper'
+
+class SamlBaseControllerTest < ActionController::TestCase
+  tests Maestrano::Auth::SamlController
+  
+  context "init phase" do
+    setup do
+      @req = mock('saml_request_instance')
+      @req_params = {'controller' => 'maestrano/auth/saml', 'action' => 'init', 'a_param' => 'value'}
+      @req.stubs(:redirect_url).returns("http://idpprovider.com?r=request")
+      
+    end
+    
+    should "create a saml request using params and session and redirect the user" do
+      Maestrano::Saml::Request.stubs(:new).with(@req_params,@request.session).returns(@req)
+      get :init, a_param: 'value'
+      assert_redirected_to @req.redirect_url
+    end
+    
+    should "create a saml request successfully if a maestrano session is already set" do
+      @request.session[:mno_uid] = 'usr-1'
+      @request.session[:mno_session] = 'fdsf544fd5sd4f'
+      @request.session[:mno_session_recheck] = Time.now.utc.iso8601
+      @request.session[:mno_group_uid] = 'cld-1'
+      
+      Maestrano::Saml::Request.stubs(:new).with(@req_params,@request.session).returns(@req)
+      get :init, a_param: 'value'
+      assert_redirected_to @req.redirect_url
+    end
+  end
+  
+  context "consume phase" do
+    setup do
+      @saml_attr = {
+        'mno_session'          => 'f54sd54fd64fs5df4s3d48gf2',
+        'mno_session_recheck'  => Time.now.utc.iso8601,
+        'group_uid'            => 'cld-1',
+        'group_end_free_trial' => Time.now.utc.iso8601,
+        'group_role'           => 'Admin',
+        'uid'                  => "usr-1",
+        'virtual_uid'          => "usr-1.cld-1",
+        'email'                => "j.doe@doecorp.com",
+        'virtual_email'        => "usr-1.cld-1@mail.maestrano.com",
+        'name'                 => "John",
+        "surname"              => "Doe",
+        "country"              => "AU",
+        "company_name"         => "DoeCorp"
+      }
+      @saml_resp = mock('saml_response')
+      @saml_resp.stubs(:attributes).returns(@saml_attr)
+      @saml_resp.stubs(:validate!).returns(true)
+      Maestrano::Saml::Response.stubs(:new).returns(@saml_resp)
+    end
+    
+    should "set a saml_request in scope" do
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      assert_equal @saml_resp, @controller.saml_response
+    end
+    
+    should "set the user_auth_hash in scope" do
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      expected_hash = Maestrano::SSO::BaseUser.new(@saml_resp).to_hash
+      assert_equal expected_hash, @controller.user_auth_hash
+    end
+    
+    should "set the group_auth_hash in scope" do
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      expected_hash = Maestrano::SSO::BaseGroup.new(@saml_resp).to_hash
+      assert_equal expected_hash, @controller.group_auth_hash
+    end
+    
+    should "set the user_group_rel_hash in scope" do
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      expected_hash = {
+        user_uid: @saml_attr['uid'],
+        group_uid: @saml_attr['group_uid'],
+        role: @saml_attr['group_role'],
+      }
+      assert_equal expected_hash, @controller.user_group_rel_hash
+    end
+    
+    should "set the maestrano session" do
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      assert_equal @saml_attr['uid'], @request.session[:mno_uid]
+      assert_equal @saml_attr['mno_session'], @request.session[:mno_session]
+      assert_equal @saml_attr['mno_session_recheck'], @request.session[:mno_session_recheck]
+      assert_equal @saml_attr['group_uid'], @request.session[:mno_group_uid]
+      # group id as well!!!
+    end
+    
+    should "reset the maestrano session successfully if one already exists" do
+      @request.session[:mno_uid] = 'usr-1'
+      @request.session[:mno_session] = 'fdsf544fd5sd4f'
+      @request.session[:mno_session_recheck] = Time.now.utc.iso8601
+      @request.session[:mno_group_uid] = 'cld-1'
+      
+      post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+      assert_equal @saml_attr['uid'], @request.session[:mno_uid]
+      assert_equal @saml_attr['mno_session'], @request.session[:mno_session]
+      assert_equal @saml_attr['mno_session_recheck'], @request.session[:mno_session_recheck]
+      assert_equal @saml_attr['group_uid'], @request.session[:mno_group_uid]
+      # group id as well!!!
+    end
+    
+    context "error" do
+      setup do
+        @saml_resp.stubs(:validate!).raises(NoMethodError.new("Bla"))
+      end
+    
+      should "redirect to maestrano on any error" do
+        post :consume, SAMLResponse: "g45ad5v40xc4b3fd478"
+        assert_redirected_to "#{Maestrano::SSO.unauthorized_url}?err=internal"
+      end
+    end
+  end
+  
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.

data/test/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/test/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/test/dummy/app/assets/javascripts/pages.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/test/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+*/

data/test/dummy/app/assets/stylesheets/pages.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/test/dummy/app/controllers/maestrano/auth/saml_controller.rb

@@ -0,0 +1,14 @@
+class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
+  
+  # == GET '/maestrano/auth/saml/init'
+  # == Action automatically handled by parent controller
+  # Initialize the SAML request and redirects the
+  # user to Maestrano.
+  # def init
+  #   redirect_to Maestrano::Saml::Request.new(params,session).redirect_url
+  # end
+  
+  def consume
+    redirect_to root_path
+  end
+end