maestrano 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +34 -0
- data/Gemfile +2 -0
- data/Gemfile.lock +43 -0
- data/LICENSE +21 -0
- data/README.md +4 -0
- data/Rakefile +32 -0
- data/bin/maestrano-console +9 -0
- data/lib/maestrano.rb +114 -0
- data/lib/maestrano/account/bill.rb +14 -0
- data/lib/maestrano/api/error/authentication_error.rb +8 -0
- data/lib/maestrano/api/error/base_error.rb +24 -0
- data/lib/maestrano/api/error/connection_error.rb +8 -0
- data/lib/maestrano/api/error/invalid_request_error.rb +14 -0
- data/lib/maestrano/api/list_object.rb +37 -0
- data/lib/maestrano/api/object.rb +187 -0
- data/lib/maestrano/api/operation/base.rb +216 -0
- data/lib/maestrano/api/operation/create.rb +18 -0
- data/lib/maestrano/api/operation/delete.rb +13 -0
- data/lib/maestrano/api/operation/list.rb +18 -0
- data/lib/maestrano/api/operation/update.rb +59 -0
- data/lib/maestrano/api/resource.rb +39 -0
- data/lib/maestrano/api/util.rb +121 -0
- data/lib/maestrano/saml/attribute_value.rb +15 -0
- data/lib/maestrano/saml/metadata.rb +64 -0
- data/lib/maestrano/saml/request.rb +93 -0
- data/lib/maestrano/saml/response.rb +201 -0
- data/lib/maestrano/saml/schemas/saml20assertion_schema.xsd +283 -0
- data/lib/maestrano/saml/schemas/saml20protocol_schema.xsd +302 -0
- data/lib/maestrano/saml/schemas/xenc_schema.xsd +146 -0
- data/lib/maestrano/saml/schemas/xmldsig_schema.xsd +318 -0
- data/lib/maestrano/saml/settings.rb +37 -0
- data/lib/maestrano/saml/validation_error.rb +7 -0
- data/lib/maestrano/sso.rb +81 -0
- data/lib/maestrano/sso/base_group.rb +31 -0
- data/lib/maestrano/sso/base_user.rb +75 -0
- data/lib/maestrano/sso/group.rb +24 -0
- data/lib/maestrano/sso/session.rb +63 -0
- data/lib/maestrano/sso/user.rb +34 -0
- data/lib/maestrano/version.rb +3 -0
- data/lib/maestrano/xml_security/signed_document.rb +170 -0
- data/maestrano.gemspec +32 -0
- data/test/helpers/api_helpers.rb +82 -0
- data/test/helpers/saml_helpers.rb +62 -0
- data/test/maestrano/account/bill_test.rb +48 -0
- data/test/maestrano/api/list_object_test.rb +20 -0
- data/test/maestrano/api/object_test.rb +28 -0
- data/test/maestrano/api/resource_test.rb +343 -0
- data/test/maestrano/api/util_test.rb +31 -0
- data/test/maestrano/maestrano_test.rb +49 -0
- data/test/maestrano/saml/request_test.rb +168 -0
- data/test/maestrano/saml/response_test.rb +290 -0
- data/test/maestrano/saml/settings_test.rb +51 -0
- data/test/maestrano/sso/base_group_test.rb +54 -0
- data/test/maestrano/sso/base_user_test.rb +114 -0
- data/test/maestrano/sso/group_test.rb +47 -0
- data/test/maestrano/sso/session_test.rb +108 -0
- data/test/maestrano/sso/user_test.rb +65 -0
- data/test/maestrano/sso_test.rb +81 -0
- data/test/maestrano/xml_security/signed_document.rb +163 -0
- data/test/support/saml/certificates/certificate1 +12 -0
- data/test/support/saml/certificates/r1_certificate2_base64 +1 -0
- data/test/support/saml/responses/adfs_response_sha1.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha256.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha384.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha512.xml +46 -0
- data/test/support/saml/responses/no_signature_ns.xml +48 -0
- data/test/support/saml/responses/open_saml_response.xml +56 -0
- data/test/support/saml/responses/r1_response6.xml.base64 +1 -0
- data/test/support/saml/responses/response1.xml.base64 +1 -0
- data/test/support/saml/responses/response2.xml.base64 +79 -0
- data/test/support/saml/responses/response3.xml.base64 +66 -0
- data/test/support/saml/responses/response4.xml.base64 +93 -0
- data/test/support/saml/responses/response5.xml.base64 +102 -0
- data/test/support/saml/responses/response_with_ampersands.xml +139 -0
- data/test/support/saml/responses/response_with_ampersands.xml.base64 +93 -0
- data/test/support/saml/responses/response_with_multiple_attribute_values.xml +57 -0
- data/test/support/saml/responses/simple_saml_php.xml +71 -0
- data/test/support/saml/responses/starfield_response.xml.base64 +1 -0
- data/test/support/saml/responses/wrapped_response_2.xml.base64 +150 -0
- data/test/test_helper.rb +46 -0
- metadata +305 -0
@@ -0,0 +1,51 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module Saml
|
5
|
+
class SettingsTest < Test::Unit::TestCase
|
6
|
+
|
7
|
+
context "Settings" do
|
8
|
+
setup do
|
9
|
+
@settings = Maestrano::Saml::Settings.new
|
10
|
+
end
|
11
|
+
should "should provide getters and settings" do
|
12
|
+
accessors = [
|
13
|
+
:assertion_consumer_service_url, :issuer, :sp_name_qualifier,
|
14
|
+
:idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
|
15
|
+
:idp_slo_target_url, :name_identifier_value, :sessionindex,
|
16
|
+
:assertion_consumer_logout_service_url,
|
17
|
+
:passive, :protocol_binding
|
18
|
+
]
|
19
|
+
|
20
|
+
accessors.each do |accessor|
|
21
|
+
value = Kernel.rand
|
22
|
+
@settings.send("#{accessor}=".to_sym, value)
|
23
|
+
assert_equal value, @settings.send(accessor)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
should "create settings from hash" do
|
28
|
+
|
29
|
+
config = {
|
30
|
+
:assertion_consumer_service_url => "http://app.muda.no/sso",
|
31
|
+
:issuer => "http://muda.no",
|
32
|
+
:sp_name_qualifier => "http://sso.muda.no",
|
33
|
+
:idp_sso_target_url => "http://sso.muda.no/sso",
|
34
|
+
:idp_slo_target_url => "http://sso.muda.no/slo",
|
35
|
+
:idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
|
36
|
+
:name_identifier_format => Maestrano::Saml::Settings::NAMEID_TRANSIENT,
|
37
|
+
:passive => true,
|
38
|
+
:protocol_binding => Maestrano::Saml::Settings::PROTOCOL_BINDING_POST
|
39
|
+
}
|
40
|
+
@settings = Maestrano::Saml::Settings.new(config)
|
41
|
+
|
42
|
+
config.each do |k,v|
|
43
|
+
assert_equal v, @settings.send(k)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class BaseGroupTest < Test::Unit::TestCase
|
6
|
+
include SamlTestHelper
|
7
|
+
|
8
|
+
setup do
|
9
|
+
@saml_response = Maestrano::Saml::Response.new(response_document)
|
10
|
+
@saml_response.stubs(:attributes).returns({
|
11
|
+
'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
|
12
|
+
'mno_session_recheck' => Time.now.utc.iso8601,
|
13
|
+
'group_uid' => 'cld-1',
|
14
|
+
'group_end_free_trial' => Time.now.utc.iso8601,
|
15
|
+
'group_role' => 'Admin',
|
16
|
+
'uid' => "usr-1",
|
17
|
+
'virtual_uid' => "usr-1.cld-1",
|
18
|
+
'email' => "j.doe@doecorp.com",
|
19
|
+
'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
|
20
|
+
'name' => "John",
|
21
|
+
"surname" => "Doe",
|
22
|
+
"country" => "AU",
|
23
|
+
"company_name" => "DoeCorp"
|
24
|
+
})
|
25
|
+
end
|
26
|
+
|
27
|
+
should "have a local_id accessor" do
|
28
|
+
assert Maestrano::SSO::BaseGroup.new(@saml_response).respond_to?(:local_id) == true
|
29
|
+
end
|
30
|
+
|
31
|
+
should "extract the rights attributes from the saml response" do
|
32
|
+
group = Maestrano::SSO::BaseGroup.new(@saml_response)
|
33
|
+
assert group.uid == @saml_response.attributes['group_uid']
|
34
|
+
assert group.free_trial_end_at == Time.iso8601(@saml_response.attributes['group_end_free_trial'])
|
35
|
+
assert group.company_name == @saml_response.attributes['company_name']
|
36
|
+
assert group.country == @saml_response.attributes['country']
|
37
|
+
end
|
38
|
+
|
39
|
+
should "have the right hash representation" do
|
40
|
+
sso_group = Maestrano::SSO::BaseGroup.new(@saml_response)
|
41
|
+
assert sso_group.to_hash == {
|
42
|
+
provider: 'maestrano',
|
43
|
+
uid: sso_group.uid,
|
44
|
+
info: {
|
45
|
+
free_trial_end_at: sso_group.free_trial_end_at,
|
46
|
+
company_name: sso_group.company_name,
|
47
|
+
country: sso_group.country,
|
48
|
+
},
|
49
|
+
extra: {}
|
50
|
+
}
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,114 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class BaseUserTest < Test::Unit::TestCase
|
6
|
+
include SamlTestHelper
|
7
|
+
|
8
|
+
setup do
|
9
|
+
@saml_response = Maestrano::Saml::Response.new(response_document)
|
10
|
+
@saml_response.stubs(:attributes).returns({
|
11
|
+
'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
|
12
|
+
'mno_session_recheck' => Time.now.utc.iso8601,
|
13
|
+
'group_uid' => 'cld-1',
|
14
|
+
'group_end_free_trial' => Time.now.utc.iso8601,
|
15
|
+
'group_role' => 'Admin',
|
16
|
+
'uid' => "usr-1",
|
17
|
+
'virtual_uid' => "usr-1.cld-1",
|
18
|
+
'email' => "j.doe@doecorp.com",
|
19
|
+
'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
|
20
|
+
'name' => "John",
|
21
|
+
"surname" => "Doe",
|
22
|
+
"country" => "AU",
|
23
|
+
"company_name" => "DoeCorp"
|
24
|
+
})
|
25
|
+
end
|
26
|
+
|
27
|
+
should "have a local_id accessor" do
|
28
|
+
assert Maestrano::SSO::BaseUser.new(@saml_response).respond_to?(:local_id) == true
|
29
|
+
end
|
30
|
+
|
31
|
+
should "extract the rights attributes from the saml response" do
|
32
|
+
user = Maestrano::SSO::BaseUser.new(@saml_response)
|
33
|
+
assert user.sso_session == @saml_response.attributes['mno_session']
|
34
|
+
assert user.sso_session_recheck == Time.iso8601(@saml_response.attributes['mno_session_recheck'])
|
35
|
+
assert user.group_uid == @saml_response.attributes['group_uid']
|
36
|
+
assert user.group_role == @saml_response.attributes['group_role']
|
37
|
+
assert user.uid == @saml_response.attributes['uid']
|
38
|
+
assert user.virtual_uid == @saml_response.attributes['virtual_uid']
|
39
|
+
assert user.email == @saml_response.attributes['email']
|
40
|
+
assert user.virtual_email == @saml_response.attributes['virtual_email']
|
41
|
+
assert user.first_name == @saml_response.attributes['name']
|
42
|
+
assert user.last_name == @saml_response.attributes['surname']
|
43
|
+
assert user.country == @saml_response.attributes['country']
|
44
|
+
assert user.company_name == @saml_response.attributes['company_name']
|
45
|
+
end
|
46
|
+
|
47
|
+
context "to_hash presentation" do
|
48
|
+
should "have the right representation when user_creation_mode is virtual" do
|
49
|
+
Maestrano.configure { |config| config.user_creation_mode = 'virtual' }
|
50
|
+
sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
|
51
|
+
assert_equal sso_user.to_hash, {
|
52
|
+
provider: 'maestrano',
|
53
|
+
uid: sso_user.virtual_uid,
|
54
|
+
info: {
|
55
|
+
email: sso_user.virtual_email,
|
56
|
+
first_name: sso_user.first_name,
|
57
|
+
last_name: sso_user.last_name,
|
58
|
+
country: sso_user.country,
|
59
|
+
company_name: sso_user.company_name,
|
60
|
+
},
|
61
|
+
extra: {
|
62
|
+
uid: sso_user.uid,
|
63
|
+
virtual_uid: sso_user.virtual_uid,
|
64
|
+
real_email: sso_user.email,
|
65
|
+
virtual_email: sso_user.virtual_email,
|
66
|
+
group: {
|
67
|
+
uid: sso_user.group_uid,
|
68
|
+
role: sso_user.group_role
|
69
|
+
},
|
70
|
+
session: {
|
71
|
+
uid: sso_user.uid,
|
72
|
+
token: sso_user.sso_session,
|
73
|
+
recheck: sso_user.sso_session_recheck,
|
74
|
+
group_uid: sso_user.group_uid
|
75
|
+
}
|
76
|
+
}
|
77
|
+
}
|
78
|
+
end
|
79
|
+
|
80
|
+
should "have the right representation when user_creation_mode is real" do
|
81
|
+
Maestrano.configure { |config| config.user_creation_mode = 'real' }
|
82
|
+
sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
|
83
|
+
assert_equal sso_user.to_hash, {
|
84
|
+
provider: 'maestrano',
|
85
|
+
uid: sso_user.uid,
|
86
|
+
info: {
|
87
|
+
email: sso_user.email,
|
88
|
+
first_name: sso_user.first_name,
|
89
|
+
last_name: sso_user.last_name,
|
90
|
+
country: sso_user.country,
|
91
|
+
company_name: sso_user.company_name,
|
92
|
+
},
|
93
|
+
extra: {
|
94
|
+
uid: sso_user.uid,
|
95
|
+
virtual_uid: sso_user.virtual_uid,
|
96
|
+
real_email: sso_user.email,
|
97
|
+
virtual_email: sso_user.virtual_email,
|
98
|
+
group: {
|
99
|
+
uid: sso_user.group_uid,
|
100
|
+
role: sso_user.group_role,
|
101
|
+
},
|
102
|
+
session: {
|
103
|
+
uid: sso_user.uid,
|
104
|
+
token: sso_user.sso_session,
|
105
|
+
recheck: sso_user.sso_session_recheck,
|
106
|
+
group_uid: sso_user.group_uid
|
107
|
+
}
|
108
|
+
}
|
109
|
+
}
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class GroupTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@group = mock('group')
|
8
|
+
class << @group
|
9
|
+
include Maestrano::SSO::Group
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "find_for_maestrano_auth" do
|
14
|
+
should "raise an error if not overriden" do
|
15
|
+
assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
|
16
|
+
@group.find_for_maestrano_auth({})
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
should "execute properly otherwise" do
|
21
|
+
def @group.find_for_maestrano_auth(auth); return true; end
|
22
|
+
assert_nothing_thrown do
|
23
|
+
@group.find_for_maestrano_auth({})
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "maestrano?" do
|
29
|
+
should "raise an error if no provider attribute and not overriden" do
|
30
|
+
assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
|
31
|
+
@group.maestrano?
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
should "return true if the provider is 'maestrano'" do
|
36
|
+
@group.stubs(:provider).returns('maestrano')
|
37
|
+
assert @group.maestrano?
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return false if the provider is something else" do
|
41
|
+
@group.stubs(:provider).returns('someprovider')
|
42
|
+
assert !@group.maestrano?
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class SessionTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@session = {
|
8
|
+
mno_uid: 'usr-1',
|
9
|
+
mno_session: 'g4dfg4fdg8378d6acf45',
|
10
|
+
mno_session_recheck: Time.now.utc.iso8601
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
should "initialize the sso session properly" do
|
15
|
+
sso_session = Maestrano::SSO::Session.new(@session)
|
16
|
+
assert_equal sso_session.uid, @session[:mno_uid]
|
17
|
+
assert_equal sso_session.session_token, @session[:mno_session]
|
18
|
+
assert_equal sso_session.recheck, Time.iso8601(@session[:mno_session_recheck])
|
19
|
+
end
|
20
|
+
|
21
|
+
context "remote_check_required?" do
|
22
|
+
setup do
|
23
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
24
|
+
end
|
25
|
+
|
26
|
+
should "should return true if uid is missing" do
|
27
|
+
@sso_session.uid = nil
|
28
|
+
assert @sso_session.remote_check_required?
|
29
|
+
end
|
30
|
+
|
31
|
+
should "should return true if session_token is missing" do
|
32
|
+
@sso_session.session_token = nil
|
33
|
+
assert @sso_session.remote_check_required?
|
34
|
+
end
|
35
|
+
|
36
|
+
should "should return true if recheck is missing" do
|
37
|
+
@sso_session.recheck = nil
|
38
|
+
assert @sso_session.remote_check_required?
|
39
|
+
end
|
40
|
+
|
41
|
+
should "return true if now is after recheck" do
|
42
|
+
Timecop.freeze(@sso_session.recheck + 60) do
|
43
|
+
assert @sso_session.remote_check_required?
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
should "return false if now is before recheck" do
|
48
|
+
Timecop.freeze(@sso_session.recheck - 60) do
|
49
|
+
assert !@sso_session.remote_check_required?
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
context "perform_remote_check" do
|
55
|
+
setup do
|
56
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
57
|
+
end
|
58
|
+
|
59
|
+
should "update the session recheck and return true if valid" do
|
60
|
+
recheck = @sso_session.recheck + 600
|
61
|
+
RestClient.stubs(:get).returns({'valid' => true, 'recheck' => recheck.utc.iso8601 }.to_json)
|
62
|
+
assert @sso_session.perform_remote_check
|
63
|
+
assert_equal @sso_session.recheck, recheck
|
64
|
+
end
|
65
|
+
|
66
|
+
should "leave the session recheck unchanged and return false if invalid" do
|
67
|
+
recheck = @sso_session.recheck
|
68
|
+
RestClient.stubs(:get).returns({'valid' => false, 'recheck' => (recheck + 600).utc.iso8601 }.to_json)
|
69
|
+
assert !@sso_session.perform_remote_check
|
70
|
+
assert_equal @sso_session.recheck, recheck
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
context "valid?" do
|
75
|
+
setup do
|
76
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
77
|
+
end
|
78
|
+
|
79
|
+
should "return true if no remote_check_required?" do
|
80
|
+
@sso_session.stubs(:remote_check_required?).returns(false)
|
81
|
+
assert @sso_session.valid?
|
82
|
+
end
|
83
|
+
|
84
|
+
should "return true if remote_check_required? and valid" do
|
85
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
86
|
+
@sso_session.stubs(:perform_remote_check).returns(true)
|
87
|
+
assert @sso_session.valid?
|
88
|
+
end
|
89
|
+
|
90
|
+
should "update session recheck timestamp if remote_check_required? and valid" do
|
91
|
+
recheck = (@sso_session.recheck + 600)
|
92
|
+
@sso_session.recheck = recheck
|
93
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
94
|
+
@sso_session.stubs(:perform_remote_check).returns(true)
|
95
|
+
@sso_session.valid?
|
96
|
+
assert_equal @session[:mno_session_recheck], recheck.utc.iso8601
|
97
|
+
end
|
98
|
+
|
99
|
+
should "return false if remote_check_required? and invalid" do
|
100
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
101
|
+
@sso_session.stubs(:perform_remote_check).returns(false)
|
102
|
+
assert !@sso_session.valid?
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class UserTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@user = mock('user')
|
8
|
+
class << @user
|
9
|
+
include Maestrano::SSO::User
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "find_for_maestrano_auth" do
|
14
|
+
should "raise an error if not overriden" do
|
15
|
+
assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
|
16
|
+
@user.find_for_maestrano_auth({})
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
should "execute properly otherwise" do
|
21
|
+
def @user.find_for_maestrano_auth(auth); return true; end
|
22
|
+
assert_nothing_thrown do
|
23
|
+
@user.find_for_maestrano_auth({})
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "maestrano?" do
|
29
|
+
should "raise an error if no provider attribute and not overriden" do
|
30
|
+
assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
|
31
|
+
@user.maestrano?
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
should "return true if the provider is 'maestrano'" do
|
36
|
+
@user.stubs(:provider).returns('maestrano')
|
37
|
+
assert @user.maestrano?
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return false if the provider is something else" do
|
41
|
+
@user.stubs(:provider).returns('someprovider')
|
42
|
+
assert !@user.maestrano?
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
context "maestrano_session_valid?" do
|
47
|
+
should "return true if the sso session is valid" do
|
48
|
+
session = {}
|
49
|
+
sso_session = mock('sso_session')
|
50
|
+
Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
|
51
|
+
sso_session.stubs(:valid?).returns(true)
|
52
|
+
assert @user.maestrano_session_valid?(session)
|
53
|
+
end
|
54
|
+
|
55
|
+
should "return false if the sso session is invalid" do
|
56
|
+
session = {}
|
57
|
+
sso_session = mock('sso_session')
|
58
|
+
Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
|
59
|
+
sso_session.stubs(:valid?).returns(false)
|
60
|
+
assert !@user.maestrano_session_valid?(session)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
require File.expand_path('../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
class SSOTest < Test::Unit::TestCase
|
5
|
+
include SamlTestHelper
|
6
|
+
|
7
|
+
setup do
|
8
|
+
Maestrano.config = nil
|
9
|
+
Maestrano.configure { |config| config.environment = 'production' }
|
10
|
+
end
|
11
|
+
|
12
|
+
should "return the right init_url" do
|
13
|
+
assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
|
14
|
+
end
|
15
|
+
|
16
|
+
should "return the right consume_url" do
|
17
|
+
assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
|
18
|
+
end
|
19
|
+
|
20
|
+
should "return the right logout_url" do
|
21
|
+
assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
|
22
|
+
end
|
23
|
+
|
24
|
+
should "return the right unauthorized_url" do
|
25
|
+
assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
|
26
|
+
end
|
27
|
+
|
28
|
+
should "return the right idp_url" do
|
29
|
+
assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
|
30
|
+
end
|
31
|
+
|
32
|
+
should "return the right session_check_url" do
|
33
|
+
assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
|
34
|
+
end
|
35
|
+
|
36
|
+
should "return the right enabled parameter" do
|
37
|
+
assert Maestrano::SSO.enabled? == !!Maestrano.param('sso_enabled')
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return the right saml_settings" do
|
41
|
+
settings = Maestrano::SSO.saml_settings
|
42
|
+
assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
|
43
|
+
assert settings.issuer == Maestrano.param('app_host')
|
44
|
+
assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
|
45
|
+
assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
|
46
|
+
assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
|
47
|
+
end
|
48
|
+
|
49
|
+
should "build the right saml request" do
|
50
|
+
request = mock('request')
|
51
|
+
Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
|
52
|
+
assert Maestrano::SSO.build_request(group_id: "cld-3") == request
|
53
|
+
end
|
54
|
+
|
55
|
+
should "build the right saml response" do
|
56
|
+
response = mock('response')
|
57
|
+
Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
|
58
|
+
response = Maestrano::SSO.build_response(response_document)
|
59
|
+
assert Maestrano::SSO.build_response(response_document) == response
|
60
|
+
end
|
61
|
+
|
62
|
+
should "set the session correctly" do
|
63
|
+
session = {}
|
64
|
+
auth = {
|
65
|
+
extra: {
|
66
|
+
session: {
|
67
|
+
uid: 'usr-1',
|
68
|
+
token: '15fg6d',
|
69
|
+
recheck: Time.now,
|
70
|
+
group_uid: 'cld-3'
|
71
|
+
}
|
72
|
+
}
|
73
|
+
}
|
74
|
+
Maestrano::SSO.set_session(session,auth)
|
75
|
+
assert_equal session[:mno_uid], auth[:extra][:session][:uid]
|
76
|
+
assert_equal session[:mno_session], auth[:extra][:session][:token]
|
77
|
+
assert_equal session[:mno_session_recheck], auth[:extra][:session][:recheck].utc.iso8601
|
78
|
+
assert_equal session[:mno_group_uid], auth[:extra][:session][:group_uid]
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|