maestrano 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +34 -0
  3. data/Gemfile +2 -0
  4. data/Gemfile.lock +43 -0
  5. data/LICENSE +21 -0
  6. data/README.md +4 -0
  7. data/Rakefile +32 -0
  8. data/bin/maestrano-console +9 -0
  9. data/lib/maestrano.rb +114 -0
  10. data/lib/maestrano/account/bill.rb +14 -0
  11. data/lib/maestrano/api/error/authentication_error.rb +8 -0
  12. data/lib/maestrano/api/error/base_error.rb +24 -0
  13. data/lib/maestrano/api/error/connection_error.rb +8 -0
  14. data/lib/maestrano/api/error/invalid_request_error.rb +14 -0
  15. data/lib/maestrano/api/list_object.rb +37 -0
  16. data/lib/maestrano/api/object.rb +187 -0
  17. data/lib/maestrano/api/operation/base.rb +216 -0
  18. data/lib/maestrano/api/operation/create.rb +18 -0
  19. data/lib/maestrano/api/operation/delete.rb +13 -0
  20. data/lib/maestrano/api/operation/list.rb +18 -0
  21. data/lib/maestrano/api/operation/update.rb +59 -0
  22. data/lib/maestrano/api/resource.rb +39 -0
  23. data/lib/maestrano/api/util.rb +121 -0
  24. data/lib/maestrano/saml/attribute_value.rb +15 -0
  25. data/lib/maestrano/saml/metadata.rb +64 -0
  26. data/lib/maestrano/saml/request.rb +93 -0
  27. data/lib/maestrano/saml/response.rb +201 -0
  28. data/lib/maestrano/saml/schemas/saml20assertion_schema.xsd +283 -0
  29. data/lib/maestrano/saml/schemas/saml20protocol_schema.xsd +302 -0
  30. data/lib/maestrano/saml/schemas/xenc_schema.xsd +146 -0
  31. data/lib/maestrano/saml/schemas/xmldsig_schema.xsd +318 -0
  32. data/lib/maestrano/saml/settings.rb +37 -0
  33. data/lib/maestrano/saml/validation_error.rb +7 -0
  34. data/lib/maestrano/sso.rb +81 -0
  35. data/lib/maestrano/sso/base_group.rb +31 -0
  36. data/lib/maestrano/sso/base_user.rb +75 -0
  37. data/lib/maestrano/sso/group.rb +24 -0
  38. data/lib/maestrano/sso/session.rb +63 -0
  39. data/lib/maestrano/sso/user.rb +34 -0
  40. data/lib/maestrano/version.rb +3 -0
  41. data/lib/maestrano/xml_security/signed_document.rb +170 -0
  42. data/maestrano.gemspec +32 -0
  43. data/test/helpers/api_helpers.rb +82 -0
  44. data/test/helpers/saml_helpers.rb +62 -0
  45. data/test/maestrano/account/bill_test.rb +48 -0
  46. data/test/maestrano/api/list_object_test.rb +20 -0
  47. data/test/maestrano/api/object_test.rb +28 -0
  48. data/test/maestrano/api/resource_test.rb +343 -0
  49. data/test/maestrano/api/util_test.rb +31 -0
  50. data/test/maestrano/maestrano_test.rb +49 -0
  51. data/test/maestrano/saml/request_test.rb +168 -0
  52. data/test/maestrano/saml/response_test.rb +290 -0
  53. data/test/maestrano/saml/settings_test.rb +51 -0
  54. data/test/maestrano/sso/base_group_test.rb +54 -0
  55. data/test/maestrano/sso/base_user_test.rb +114 -0
  56. data/test/maestrano/sso/group_test.rb +47 -0
  57. data/test/maestrano/sso/session_test.rb +108 -0
  58. data/test/maestrano/sso/user_test.rb +65 -0
  59. data/test/maestrano/sso_test.rb +81 -0
  60. data/test/maestrano/xml_security/signed_document.rb +163 -0
  61. data/test/support/saml/certificates/certificate1 +12 -0
  62. data/test/support/saml/certificates/r1_certificate2_base64 +1 -0
  63. data/test/support/saml/responses/adfs_response_sha1.xml +46 -0
  64. data/test/support/saml/responses/adfs_response_sha256.xml +46 -0
  65. data/test/support/saml/responses/adfs_response_sha384.xml +46 -0
  66. data/test/support/saml/responses/adfs_response_sha512.xml +46 -0
  67. data/test/support/saml/responses/no_signature_ns.xml +48 -0
  68. data/test/support/saml/responses/open_saml_response.xml +56 -0
  69. data/test/support/saml/responses/r1_response6.xml.base64 +1 -0
  70. data/test/support/saml/responses/response1.xml.base64 +1 -0
  71. data/test/support/saml/responses/response2.xml.base64 +79 -0
  72. data/test/support/saml/responses/response3.xml.base64 +66 -0
  73. data/test/support/saml/responses/response4.xml.base64 +93 -0
  74. data/test/support/saml/responses/response5.xml.base64 +102 -0
  75. data/test/support/saml/responses/response_with_ampersands.xml +139 -0
  76. data/test/support/saml/responses/response_with_ampersands.xml.base64 +93 -0
  77. data/test/support/saml/responses/response_with_multiple_attribute_values.xml +57 -0
  78. data/test/support/saml/responses/simple_saml_php.xml +71 -0
  79. data/test/support/saml/responses/starfield_response.xml.base64 +1 -0
  80. data/test/support/saml/responses/wrapped_response_2.xml.base64 +150 -0
  81. data/test/test_helper.rb +46 -0
  82. metadata +305 -0
@@ -0,0 +1,51 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module Saml
5
+ class SettingsTest < Test::Unit::TestCase
6
+
7
+ context "Settings" do
8
+ setup do
9
+ @settings = Maestrano::Saml::Settings.new
10
+ end
11
+ should "should provide getters and settings" do
12
+ accessors = [
13
+ :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
14
+ :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
15
+ :idp_slo_target_url, :name_identifier_value, :sessionindex,
16
+ :assertion_consumer_logout_service_url,
17
+ :passive, :protocol_binding
18
+ ]
19
+
20
+ accessors.each do |accessor|
21
+ value = Kernel.rand
22
+ @settings.send("#{accessor}=".to_sym, value)
23
+ assert_equal value, @settings.send(accessor)
24
+ end
25
+ end
26
+
27
+ should "create settings from hash" do
28
+
29
+ config = {
30
+ :assertion_consumer_service_url => "http://app.muda.no/sso",
31
+ :issuer => "http://muda.no",
32
+ :sp_name_qualifier => "http://sso.muda.no",
33
+ :idp_sso_target_url => "http://sso.muda.no/sso",
34
+ :idp_slo_target_url => "http://sso.muda.no/slo",
35
+ :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
36
+ :name_identifier_format => Maestrano::Saml::Settings::NAMEID_TRANSIENT,
37
+ :passive => true,
38
+ :protocol_binding => Maestrano::Saml::Settings::PROTOCOL_BINDING_POST
39
+ }
40
+ @settings = Maestrano::Saml::Settings.new(config)
41
+
42
+ config.each do |k,v|
43
+ assert_equal v, @settings.send(k)
44
+ end
45
+ end
46
+
47
+ end
48
+
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,54 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class BaseGroupTest < Test::Unit::TestCase
6
+ include SamlTestHelper
7
+
8
+ setup do
9
+ @saml_response = Maestrano::Saml::Response.new(response_document)
10
+ @saml_response.stubs(:attributes).returns({
11
+ 'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
12
+ 'mno_session_recheck' => Time.now.utc.iso8601,
13
+ 'group_uid' => 'cld-1',
14
+ 'group_end_free_trial' => Time.now.utc.iso8601,
15
+ 'group_role' => 'Admin',
16
+ 'uid' => "usr-1",
17
+ 'virtual_uid' => "usr-1.cld-1",
18
+ 'email' => "j.doe@doecorp.com",
19
+ 'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
20
+ 'name' => "John",
21
+ "surname" => "Doe",
22
+ "country" => "AU",
23
+ "company_name" => "DoeCorp"
24
+ })
25
+ end
26
+
27
+ should "have a local_id accessor" do
28
+ assert Maestrano::SSO::BaseGroup.new(@saml_response).respond_to?(:local_id) == true
29
+ end
30
+
31
+ should "extract the rights attributes from the saml response" do
32
+ group = Maestrano::SSO::BaseGroup.new(@saml_response)
33
+ assert group.uid == @saml_response.attributes['group_uid']
34
+ assert group.free_trial_end_at == Time.iso8601(@saml_response.attributes['group_end_free_trial'])
35
+ assert group.company_name == @saml_response.attributes['company_name']
36
+ assert group.country == @saml_response.attributes['country']
37
+ end
38
+
39
+ should "have the right hash representation" do
40
+ sso_group = Maestrano::SSO::BaseGroup.new(@saml_response)
41
+ assert sso_group.to_hash == {
42
+ provider: 'maestrano',
43
+ uid: sso_group.uid,
44
+ info: {
45
+ free_trial_end_at: sso_group.free_trial_end_at,
46
+ company_name: sso_group.company_name,
47
+ country: sso_group.country,
48
+ },
49
+ extra: {}
50
+ }
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,114 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class BaseUserTest < Test::Unit::TestCase
6
+ include SamlTestHelper
7
+
8
+ setup do
9
+ @saml_response = Maestrano::Saml::Response.new(response_document)
10
+ @saml_response.stubs(:attributes).returns({
11
+ 'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
12
+ 'mno_session_recheck' => Time.now.utc.iso8601,
13
+ 'group_uid' => 'cld-1',
14
+ 'group_end_free_trial' => Time.now.utc.iso8601,
15
+ 'group_role' => 'Admin',
16
+ 'uid' => "usr-1",
17
+ 'virtual_uid' => "usr-1.cld-1",
18
+ 'email' => "j.doe@doecorp.com",
19
+ 'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
20
+ 'name' => "John",
21
+ "surname" => "Doe",
22
+ "country" => "AU",
23
+ "company_name" => "DoeCorp"
24
+ })
25
+ end
26
+
27
+ should "have a local_id accessor" do
28
+ assert Maestrano::SSO::BaseUser.new(@saml_response).respond_to?(:local_id) == true
29
+ end
30
+
31
+ should "extract the rights attributes from the saml response" do
32
+ user = Maestrano::SSO::BaseUser.new(@saml_response)
33
+ assert user.sso_session == @saml_response.attributes['mno_session']
34
+ assert user.sso_session_recheck == Time.iso8601(@saml_response.attributes['mno_session_recheck'])
35
+ assert user.group_uid == @saml_response.attributes['group_uid']
36
+ assert user.group_role == @saml_response.attributes['group_role']
37
+ assert user.uid == @saml_response.attributes['uid']
38
+ assert user.virtual_uid == @saml_response.attributes['virtual_uid']
39
+ assert user.email == @saml_response.attributes['email']
40
+ assert user.virtual_email == @saml_response.attributes['virtual_email']
41
+ assert user.first_name == @saml_response.attributes['name']
42
+ assert user.last_name == @saml_response.attributes['surname']
43
+ assert user.country == @saml_response.attributes['country']
44
+ assert user.company_name == @saml_response.attributes['company_name']
45
+ end
46
+
47
+ context "to_hash presentation" do
48
+ should "have the right representation when user_creation_mode is virtual" do
49
+ Maestrano.configure { |config| config.user_creation_mode = 'virtual' }
50
+ sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
51
+ assert_equal sso_user.to_hash, {
52
+ provider: 'maestrano',
53
+ uid: sso_user.virtual_uid,
54
+ info: {
55
+ email: sso_user.virtual_email,
56
+ first_name: sso_user.first_name,
57
+ last_name: sso_user.last_name,
58
+ country: sso_user.country,
59
+ company_name: sso_user.company_name,
60
+ },
61
+ extra: {
62
+ uid: sso_user.uid,
63
+ virtual_uid: sso_user.virtual_uid,
64
+ real_email: sso_user.email,
65
+ virtual_email: sso_user.virtual_email,
66
+ group: {
67
+ uid: sso_user.group_uid,
68
+ role: sso_user.group_role
69
+ },
70
+ session: {
71
+ uid: sso_user.uid,
72
+ token: sso_user.sso_session,
73
+ recheck: sso_user.sso_session_recheck,
74
+ group_uid: sso_user.group_uid
75
+ }
76
+ }
77
+ }
78
+ end
79
+
80
+ should "have the right representation when user_creation_mode is real" do
81
+ Maestrano.configure { |config| config.user_creation_mode = 'real' }
82
+ sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
83
+ assert_equal sso_user.to_hash, {
84
+ provider: 'maestrano',
85
+ uid: sso_user.uid,
86
+ info: {
87
+ email: sso_user.email,
88
+ first_name: sso_user.first_name,
89
+ last_name: sso_user.last_name,
90
+ country: sso_user.country,
91
+ company_name: sso_user.company_name,
92
+ },
93
+ extra: {
94
+ uid: sso_user.uid,
95
+ virtual_uid: sso_user.virtual_uid,
96
+ real_email: sso_user.email,
97
+ virtual_email: sso_user.virtual_email,
98
+ group: {
99
+ uid: sso_user.group_uid,
100
+ role: sso_user.group_role,
101
+ },
102
+ session: {
103
+ uid: sso_user.uid,
104
+ token: sso_user.sso_session,
105
+ recheck: sso_user.sso_session_recheck,
106
+ group_uid: sso_user.group_uid
107
+ }
108
+ }
109
+ }
110
+ end
111
+ end
112
+ end
113
+ end
114
+ end
@@ -0,0 +1,47 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class GroupTest < Test::Unit::TestCase
6
+ setup do
7
+ @group = mock('group')
8
+ class << @group
9
+ include Maestrano::SSO::Group
10
+ end
11
+ end
12
+
13
+ context "find_for_maestrano_auth" do
14
+ should "raise an error if not overriden" do
15
+ assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
16
+ @group.find_for_maestrano_auth({})
17
+ end
18
+ end
19
+
20
+ should "execute properly otherwise" do
21
+ def @group.find_for_maestrano_auth(auth); return true; end
22
+ assert_nothing_thrown do
23
+ @group.find_for_maestrano_auth({})
24
+ end
25
+ end
26
+ end
27
+
28
+ context "maestrano?" do
29
+ should "raise an error if no provider attribute and not overriden" do
30
+ assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
31
+ @group.maestrano?
32
+ end
33
+ end
34
+
35
+ should "return true if the provider is 'maestrano'" do
36
+ @group.stubs(:provider).returns('maestrano')
37
+ assert @group.maestrano?
38
+ end
39
+
40
+ should "return false if the provider is something else" do
41
+ @group.stubs(:provider).returns('someprovider')
42
+ assert !@group.maestrano?
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,108 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class SessionTest < Test::Unit::TestCase
6
+ setup do
7
+ @session = {
8
+ mno_uid: 'usr-1',
9
+ mno_session: 'g4dfg4fdg8378d6acf45',
10
+ mno_session_recheck: Time.now.utc.iso8601
11
+ }
12
+ end
13
+
14
+ should "initialize the sso session properly" do
15
+ sso_session = Maestrano::SSO::Session.new(@session)
16
+ assert_equal sso_session.uid, @session[:mno_uid]
17
+ assert_equal sso_session.session_token, @session[:mno_session]
18
+ assert_equal sso_session.recheck, Time.iso8601(@session[:mno_session_recheck])
19
+ end
20
+
21
+ context "remote_check_required?" do
22
+ setup do
23
+ @sso_session = Maestrano::SSO::Session.new(@session)
24
+ end
25
+
26
+ should "should return true if uid is missing" do
27
+ @sso_session.uid = nil
28
+ assert @sso_session.remote_check_required?
29
+ end
30
+
31
+ should "should return true if session_token is missing" do
32
+ @sso_session.session_token = nil
33
+ assert @sso_session.remote_check_required?
34
+ end
35
+
36
+ should "should return true if recheck is missing" do
37
+ @sso_session.recheck = nil
38
+ assert @sso_session.remote_check_required?
39
+ end
40
+
41
+ should "return true if now is after recheck" do
42
+ Timecop.freeze(@sso_session.recheck + 60) do
43
+ assert @sso_session.remote_check_required?
44
+ end
45
+ end
46
+
47
+ should "return false if now is before recheck" do
48
+ Timecop.freeze(@sso_session.recheck - 60) do
49
+ assert !@sso_session.remote_check_required?
50
+ end
51
+ end
52
+ end
53
+
54
+ context "perform_remote_check" do
55
+ setup do
56
+ @sso_session = Maestrano::SSO::Session.new(@session)
57
+ end
58
+
59
+ should "update the session recheck and return true if valid" do
60
+ recheck = @sso_session.recheck + 600
61
+ RestClient.stubs(:get).returns({'valid' => true, 'recheck' => recheck.utc.iso8601 }.to_json)
62
+ assert @sso_session.perform_remote_check
63
+ assert_equal @sso_session.recheck, recheck
64
+ end
65
+
66
+ should "leave the session recheck unchanged and return false if invalid" do
67
+ recheck = @sso_session.recheck
68
+ RestClient.stubs(:get).returns({'valid' => false, 'recheck' => (recheck + 600).utc.iso8601 }.to_json)
69
+ assert !@sso_session.perform_remote_check
70
+ assert_equal @sso_session.recheck, recheck
71
+ end
72
+ end
73
+
74
+ context "valid?" do
75
+ setup do
76
+ @sso_session = Maestrano::SSO::Session.new(@session)
77
+ end
78
+
79
+ should "return true if no remote_check_required?" do
80
+ @sso_session.stubs(:remote_check_required?).returns(false)
81
+ assert @sso_session.valid?
82
+ end
83
+
84
+ should "return true if remote_check_required? and valid" do
85
+ @sso_session.stubs(:remote_check_required?).returns(true)
86
+ @sso_session.stubs(:perform_remote_check).returns(true)
87
+ assert @sso_session.valid?
88
+ end
89
+
90
+ should "update session recheck timestamp if remote_check_required? and valid" do
91
+ recheck = (@sso_session.recheck + 600)
92
+ @sso_session.recheck = recheck
93
+ @sso_session.stubs(:remote_check_required?).returns(true)
94
+ @sso_session.stubs(:perform_remote_check).returns(true)
95
+ @sso_session.valid?
96
+ assert_equal @session[:mno_session_recheck], recheck.utc.iso8601
97
+ end
98
+
99
+ should "return false if remote_check_required? and invalid" do
100
+ @sso_session.stubs(:remote_check_required?).returns(true)
101
+ @sso_session.stubs(:perform_remote_check).returns(false)
102
+ assert !@sso_session.valid?
103
+ end
104
+ end
105
+
106
+ end
107
+ end
108
+ end
@@ -0,0 +1,65 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class UserTest < Test::Unit::TestCase
6
+ setup do
7
+ @user = mock('user')
8
+ class << @user
9
+ include Maestrano::SSO::User
10
+ end
11
+ end
12
+
13
+ context "find_for_maestrano_auth" do
14
+ should "raise an error if not overriden" do
15
+ assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
16
+ @user.find_for_maestrano_auth({})
17
+ end
18
+ end
19
+
20
+ should "execute properly otherwise" do
21
+ def @user.find_for_maestrano_auth(auth); return true; end
22
+ assert_nothing_thrown do
23
+ @user.find_for_maestrano_auth({})
24
+ end
25
+ end
26
+ end
27
+
28
+ context "maestrano?" do
29
+ should "raise an error if no provider attribute and not overriden" do
30
+ assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
31
+ @user.maestrano?
32
+ end
33
+ end
34
+
35
+ should "return true if the provider is 'maestrano'" do
36
+ @user.stubs(:provider).returns('maestrano')
37
+ assert @user.maestrano?
38
+ end
39
+
40
+ should "return false if the provider is something else" do
41
+ @user.stubs(:provider).returns('someprovider')
42
+ assert !@user.maestrano?
43
+ end
44
+ end
45
+
46
+ context "maestrano_session_valid?" do
47
+ should "return true if the sso session is valid" do
48
+ session = {}
49
+ sso_session = mock('sso_session')
50
+ Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
51
+ sso_session.stubs(:valid?).returns(true)
52
+ assert @user.maestrano_session_valid?(session)
53
+ end
54
+
55
+ should "return false if the sso session is invalid" do
56
+ session = {}
57
+ sso_session = mock('sso_session')
58
+ Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
59
+ sso_session.stubs(:valid?).returns(false)
60
+ assert !@user.maestrano_session_valid?(session)
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
@@ -0,0 +1,81 @@
1
+ require File.expand_path('../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ class SSOTest < Test::Unit::TestCase
5
+ include SamlTestHelper
6
+
7
+ setup do
8
+ Maestrano.config = nil
9
+ Maestrano.configure { |config| config.environment = 'production' }
10
+ end
11
+
12
+ should "return the right init_url" do
13
+ assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
14
+ end
15
+
16
+ should "return the right consume_url" do
17
+ assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
18
+ end
19
+
20
+ should "return the right logout_url" do
21
+ assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
22
+ end
23
+
24
+ should "return the right unauthorized_url" do
25
+ assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
26
+ end
27
+
28
+ should "return the right idp_url" do
29
+ assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
30
+ end
31
+
32
+ should "return the right session_check_url" do
33
+ assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
34
+ end
35
+
36
+ should "return the right enabled parameter" do
37
+ assert Maestrano::SSO.enabled? == !!Maestrano.param('sso_enabled')
38
+ end
39
+
40
+ should "return the right saml_settings" do
41
+ settings = Maestrano::SSO.saml_settings
42
+ assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
43
+ assert settings.issuer == Maestrano.param('app_host')
44
+ assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
45
+ assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
46
+ assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
47
+ end
48
+
49
+ should "build the right saml request" do
50
+ request = mock('request')
51
+ Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
52
+ assert Maestrano::SSO.build_request(group_id: "cld-3") == request
53
+ end
54
+
55
+ should "build the right saml response" do
56
+ response = mock('response')
57
+ Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
58
+ response = Maestrano::SSO.build_response(response_document)
59
+ assert Maestrano::SSO.build_response(response_document) == response
60
+ end
61
+
62
+ should "set the session correctly" do
63
+ session = {}
64
+ auth = {
65
+ extra: {
66
+ session: {
67
+ uid: 'usr-1',
68
+ token: '15fg6d',
69
+ recheck: Time.now,
70
+ group_uid: 'cld-3'
71
+ }
72
+ }
73
+ }
74
+ Maestrano::SSO.set_session(session,auth)
75
+ assert_equal session[:mno_uid], auth[:extra][:session][:uid]
76
+ assert_equal session[:mno_session], auth[:extra][:session][:token]
77
+ assert_equal session[:mno_session_recheck], auth[:extra][:session][:recheck].utc.iso8601
78
+ assert_equal session[:mno_group_uid], auth[:extra][:session][:group_uid]
79
+ end
80
+ end
81
+ end