maestrano 0.1.0

data/test/maestrano/saml/settings_test.rb

@@ -0,0 +1,51 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module Saml
+    class SettingsTest < Test::Unit::TestCase
+
+      context "Settings" do
+        setup do
+          @settings = Maestrano::Saml::Settings.new
+        end
+        should "should provide getters and settings" do
+          accessors = [
+            :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
+            :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
+            :idp_slo_target_url, :name_identifier_value, :sessionindex,
+            :assertion_consumer_logout_service_url,
+            :passive, :protocol_binding
+          ]
+
+          accessors.each do |accessor|
+            value = Kernel.rand
+            @settings.send("#{accessor}=".to_sym, value)
+            assert_equal value, @settings.send(accessor)
+          end
+        end
+
+        should "create settings from hash" do
+
+          config = {
+              :assertion_consumer_service_url => "http://app.muda.no/sso",
+              :issuer => "http://muda.no",
+              :sp_name_qualifier => "http://sso.muda.no",
+              :idp_sso_target_url => "http://sso.muda.no/sso",
+              :idp_slo_target_url => "http://sso.muda.no/slo",
+              :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
+              :name_identifier_format => Maestrano::Saml::Settings::NAMEID_TRANSIENT,
+              :passive => true,
+              :protocol_binding => Maestrano::Saml::Settings::PROTOCOL_BINDING_POST
+          }
+          @settings = Maestrano::Saml::Settings.new(config)
+
+          config.each do |k,v|
+            assert_equal v, @settings.send(k)
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/test/maestrano/sso/base_group_test.rb

@@ -0,0 +1,54 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module SSO
+    class BaseGroupTest < Test::Unit::TestCase
+      include SamlTestHelper
+  
+      setup do
+        @saml_response = Maestrano::Saml::Response.new(response_document)
+        @saml_response.stubs(:attributes).returns({
+          'mno_session'          => 'f54sd54fd64fs5df4s3d48gf2',
+          'mno_session_recheck'  => Time.now.utc.iso8601,
+          'group_uid'            => 'cld-1',
+          'group_end_free_trial' => Time.now.utc.iso8601,
+          'group_role'           => 'Admin',
+          'uid'                  => "usr-1",
+          'virtual_uid'          => "usr-1.cld-1",
+          'email'                => "j.doe@doecorp.com",
+          'virtual_email'        => "usr-1.cld-1@mail.maestrano.com",
+          'name'                 => "John",
+          "surname"              => "Doe",
+          "country"              => "AU",
+          "company_name"         => "DoeCorp"
+        })
+      end
+  
+      should "have a local_id accessor" do
+        assert Maestrano::SSO::BaseGroup.new(@saml_response).respond_to?(:local_id) == true
+      end
+  
+      should "extract the rights attributes from the saml response" do
+        group = Maestrano::SSO::BaseGroup.new(@saml_response)
+        assert group.uid == @saml_response.attributes['group_uid']
+        assert group.free_trial_end_at == Time.iso8601(@saml_response.attributes['group_end_free_trial'])
+        assert group.company_name == @saml_response.attributes['company_name']
+        assert group.country == @saml_response.attributes['country']
+      end
+  
+      should "have the right hash representation" do
+        sso_group = Maestrano::SSO::BaseGroup.new(@saml_response)
+        assert sso_group.to_hash == {
+          provider: 'maestrano',
+          uid: sso_group.uid,
+          info: {
+            free_trial_end_at: sso_group.free_trial_end_at,
+            company_name: sso_group.company_name,
+            country: sso_group.country,
+          },
+          extra: {}
+        }
+      end
+    end
+  end
+end

data/test/maestrano/sso/base_user_test.rb

@@ -0,0 +1,114 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module SSO
+    class BaseUserTest < Test::Unit::TestCase
+      include SamlTestHelper
+  
+      setup do
+        @saml_response = Maestrano::Saml::Response.new(response_document)
+        @saml_response.stubs(:attributes).returns({
+          'mno_session'          => 'f54sd54fd64fs5df4s3d48gf2',
+          'mno_session_recheck'  => Time.now.utc.iso8601,
+          'group_uid'            => 'cld-1',
+          'group_end_free_trial' => Time.now.utc.iso8601,
+          'group_role'           => 'Admin',
+          'uid'                  => "usr-1",
+          'virtual_uid'          => "usr-1.cld-1",
+          'email'                => "j.doe@doecorp.com",
+          'virtual_email'        => "usr-1.cld-1@mail.maestrano.com",
+          'name'                 => "John",
+          "surname"              => "Doe",
+          "country"              => "AU",
+          "company_name"         => "DoeCorp"
+        })
+      end
+  
+      should "have a local_id accessor" do
+        assert Maestrano::SSO::BaseUser.new(@saml_response).respond_to?(:local_id) == true
+      end
+  
+      should "extract the rights attributes from the saml response" do
+        user = Maestrano::SSO::BaseUser.new(@saml_response)
+        assert user.sso_session == @saml_response.attributes['mno_session']
+        assert user.sso_session_recheck == Time.iso8601(@saml_response.attributes['mno_session_recheck'])
+        assert user.group_uid == @saml_response.attributes['group_uid']
+        assert user.group_role == @saml_response.attributes['group_role']
+        assert user.uid == @saml_response.attributes['uid']
+        assert user.virtual_uid == @saml_response.attributes['virtual_uid']
+        assert user.email == @saml_response.attributes['email']
+        assert user.virtual_email == @saml_response.attributes['virtual_email']
+        assert user.first_name == @saml_response.attributes['name']
+        assert user.last_name == @saml_response.attributes['surname']
+        assert user.country == @saml_response.attributes['country']
+        assert user.company_name == @saml_response.attributes['company_name']
+      end
+  
+      context "to_hash presentation" do
+        should "have the right representation when user_creation_mode is virtual" do
+          Maestrano.configure { |config| config.user_creation_mode = 'virtual' }
+          sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
+          assert_equal sso_user.to_hash, {
+            provider: 'maestrano',
+            uid: sso_user.virtual_uid,
+            info: {
+              email: sso_user.virtual_email,
+              first_name: sso_user.first_name,
+              last_name: sso_user.last_name,
+              country: sso_user.country,
+              company_name: sso_user.company_name,
+            },
+            extra: {
+              uid: sso_user.uid,
+              virtual_uid: sso_user.virtual_uid,
+              real_email: sso_user.email,
+              virtual_email: sso_user.virtual_email,
+              group: {
+                uid: sso_user.group_uid,
+                role: sso_user.group_role
+              },
+              session: {
+                uid: sso_user.uid,
+                token: sso_user.sso_session,
+                recheck: sso_user.sso_session_recheck,
+                group_uid: sso_user.group_uid
+              }
+            }
+          }
+        end
+    
+        should "have the right representation when user_creation_mode is real" do
+          Maestrano.configure { |config| config.user_creation_mode = 'real' }
+          sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
+          assert_equal sso_user.to_hash, {
+            provider: 'maestrano',
+            uid: sso_user.uid,
+            info: {
+              email: sso_user.email,
+              first_name: sso_user.first_name,
+              last_name: sso_user.last_name,
+              country: sso_user.country,
+              company_name: sso_user.company_name,
+            },
+            extra: {
+              uid: sso_user.uid,
+              virtual_uid: sso_user.virtual_uid,
+              real_email: sso_user.email,
+              virtual_email: sso_user.virtual_email,
+              group: {
+                uid: sso_user.group_uid,
+                role: sso_user.group_role,
+              },
+              session: {
+                uid: sso_user.uid,
+                token: sso_user.sso_session,
+                recheck: sso_user.sso_session_recheck,
+                group_uid: sso_user.group_uid
+              }
+            }
+          }
+        end
+      end
+    end
+  end
+end

data/test/maestrano/sso/group_test.rb

@@ -0,0 +1,47 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module SSO
+    class GroupTest < Test::Unit::TestCase
+      setup do
+        @group = mock('group')
+        class << @group
+          include Maestrano::SSO::Group
+        end
+      end
+  
+      context "find_for_maestrano_auth" do
+        should "raise an error if not overriden" do
+          assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
+            @group.find_for_maestrano_auth({})
+          end
+        end
+    
+        should "execute properly otherwise" do
+          def @group.find_for_maestrano_auth(auth); return true; end
+          assert_nothing_thrown do
+            @group.find_for_maestrano_auth({})
+          end
+        end
+      end
+  
+      context "maestrano?" do
+        should "raise an error if no provider attribute and not overriden" do
+          assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
+            @group.maestrano?
+          end
+        end
+    
+        should "return true if the provider is 'maestrano'" do
+          @group.stubs(:provider).returns('maestrano')
+          assert @group.maestrano?
+        end
+    
+        should "return false if the provider is something else" do
+          @group.stubs(:provider).returns('someprovider')
+          assert !@group.maestrano?
+        end
+      end
+    end
+  end
+end

data/test/maestrano/sso/session_test.rb

@@ -0,0 +1,108 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module SSO
+    class SessionTest < Test::Unit::TestCase
+      setup do
+        @session = {
+          mno_uid: 'usr-1',
+          mno_session: 'g4dfg4fdg8378d6acf45',
+          mno_session_recheck: Time.now.utc.iso8601
+        }
+      end
+  
+      should "initialize the sso session properly" do
+        sso_session = Maestrano::SSO::Session.new(@session)
+        assert_equal sso_session.uid, @session[:mno_uid]
+        assert_equal sso_session.session_token, @session[:mno_session]
+        assert_equal sso_session.recheck, Time.iso8601(@session[:mno_session_recheck])
+      end
+  
+      context "remote_check_required?" do
+        setup do
+          @sso_session = Maestrano::SSO::Session.new(@session)
+        end
+  
+        should "should return true if uid is missing" do
+          @sso_session.uid = nil
+          assert @sso_session.remote_check_required?
+        end
+    
+        should "should return true if session_token is missing" do
+          @sso_session.session_token = nil
+          assert @sso_session.remote_check_required?
+        end
+    
+        should "should return true if recheck is missing" do
+          @sso_session.recheck = nil
+          assert @sso_session.remote_check_required?
+        end
+    
+        should "return true if now is after recheck" do
+          Timecop.freeze(@sso_session.recheck + 60) do
+            assert @sso_session.remote_check_required?
+          end
+        end
+    
+        should "return false if now is before recheck" do
+          Timecop.freeze(@sso_session.recheck - 60) do
+            assert !@sso_session.remote_check_required?
+          end
+        end
+      end
+  
+      context "perform_remote_check" do
+        setup do
+          @sso_session = Maestrano::SSO::Session.new(@session)
+        end
+  
+        should "update the session recheck and return true if valid" do
+          recheck = @sso_session.recheck + 600
+          RestClient.stubs(:get).returns({'valid' => true, 'recheck' => recheck.utc.iso8601 }.to_json)
+          assert @sso_session.perform_remote_check
+          assert_equal @sso_session.recheck, recheck
+        end
+    
+        should "leave the session recheck unchanged and return false if invalid" do
+          recheck = @sso_session.recheck
+          RestClient.stubs(:get).returns({'valid' => false, 'recheck' => (recheck + 600).utc.iso8601 }.to_json)
+          assert !@sso_session.perform_remote_check
+          assert_equal @sso_session.recheck, recheck
+        end
+      end
+  
+      context "valid?" do
+        setup do
+          @sso_session = Maestrano::SSO::Session.new(@session)
+        end
+  
+        should "return true if no remote_check_required?" do
+          @sso_session.stubs(:remote_check_required?).returns(false)
+          assert @sso_session.valid?
+        end
+    
+        should "return true if remote_check_required? and valid" do
+          @sso_session.stubs(:remote_check_required?).returns(true)
+          @sso_session.stubs(:perform_remote_check).returns(true)
+          assert @sso_session.valid?
+        end
+    
+        should "update session recheck timestamp if remote_check_required? and valid" do
+          recheck = (@sso_session.recheck + 600)
+          @sso_session.recheck = recheck
+          @sso_session.stubs(:remote_check_required?).returns(true)
+          @sso_session.stubs(:perform_remote_check).returns(true)
+          @sso_session.valid?
+          assert_equal @session[:mno_session_recheck], recheck.utc.iso8601
+        end
+    
+        should "return false if remote_check_required? and invalid" do
+          @sso_session.stubs(:remote_check_required?).returns(true)
+          @sso_session.stubs(:perform_remote_check).returns(false)
+          assert !@sso_session.valid?
+        end
+      end
+  
+    end
+  end
+end

data/test/maestrano/sso/user_test.rb

@@ -0,0 +1,65 @@
+require File.expand_path('../../../test_helper', __FILE__)
+
+module Maestrano
+  module SSO
+    class UserTest < Test::Unit::TestCase
+      setup do
+        @user = mock('user')
+        class << @user
+          include Maestrano::SSO::User
+        end
+      end
+  
+      context "find_for_maestrano_auth" do
+        should "raise an error if not overriden" do
+          assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
+            @user.find_for_maestrano_auth({})
+          end
+        end
+    
+        should "execute properly otherwise" do
+          def @user.find_for_maestrano_auth(auth); return true; end
+          assert_nothing_thrown do
+            @user.find_for_maestrano_auth({})
+          end
+        end
+      end
+  
+      context "maestrano?" do
+        should "raise an error if no provider attribute and not overriden" do
+          assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
+            @user.maestrano?
+          end
+        end
+    
+        should "return true if the provider is 'maestrano'" do
+          @user.stubs(:provider).returns('maestrano')
+          assert @user.maestrano?
+        end
+    
+        should "return false if the provider is something else" do
+          @user.stubs(:provider).returns('someprovider')
+          assert !@user.maestrano?
+        end
+      end
+  
+      context "maestrano_session_valid?" do
+        should "return true if the sso session is valid" do
+          session = {}
+          sso_session = mock('sso_session')
+          Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
+          sso_session.stubs(:valid?).returns(true)
+          assert @user.maestrano_session_valid?(session)
+        end
+    
+        should "return false if the sso session is invalid" do
+          session = {}
+          sso_session = mock('sso_session')
+          Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
+          sso_session.stubs(:valid?).returns(false)
+          assert !@user.maestrano_session_valid?(session)
+        end
+      end
+    end
+  end
+end

data/test/maestrano/sso_test.rb

@@ -0,0 +1,81 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+module Maestrano
+  class SSOTest < Test::Unit::TestCase
+    include SamlTestHelper
+  
+    setup do
+      Maestrano.config = nil
+      Maestrano.configure { |config| config.environment = 'production' }
+    end
+  
+    should "return the right init_url" do
+      assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
+    end
+  
+    should "return the right consume_url" do
+      assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
+    end
+  
+    should "return the right logout_url" do
+      assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
+    end
+  
+    should "return the right unauthorized_url" do
+      assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
+    end
+  
+    should "return the right idp_url" do
+      assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
+    end
+  
+    should "return the right session_check_url" do
+      assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
+    end
+  
+    should "return the right enabled parameter" do
+      assert Maestrano::SSO.enabled? == !!Maestrano.param('sso_enabled')
+    end
+  
+    should "return the right saml_settings" do
+      settings = Maestrano::SSO.saml_settings
+      assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
+      assert settings.issuer == Maestrano.param('app_host')
+      assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
+      assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
+      assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
+    end
+  
+    should "build the right saml request" do
+      request = mock('request')
+      Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
+      assert Maestrano::SSO.build_request(group_id: "cld-3") == request
+    end
+  
+    should "build the right saml response" do
+      response = mock('response')
+      Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
+      response = Maestrano::SSO.build_response(response_document)
+      assert Maestrano::SSO.build_response(response_document) == response
+    end
+  
+    should "set the session correctly" do
+      session = {}
+      auth = {
+        extra: {
+          session: {
+            uid: 'usr-1',
+            token: '15fg6d',
+            recheck: Time.now,
+            group_uid: 'cld-3'
+          }
+        }
+      }
+      Maestrano::SSO.set_session(session,auth)
+      assert_equal session[:mno_uid], auth[:extra][:session][:uid]
+      assert_equal session[:mno_session], auth[:extra][:session][:token]
+      assert_equal session[:mno_session_recheck], auth[:extra][:session][:recheck].utc.iso8601
+      assert_equal session[:mno_group_uid], auth[:extra][:session][:group_uid]
+    end
+  end
+end