maestrano 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (82) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +34 -0
  3. data/Gemfile +2 -0
  4. data/Gemfile.lock +43 -0
  5. data/LICENSE +21 -0
  6. data/README.md +4 -0
  7. data/Rakefile +32 -0
  8. data/bin/maestrano-console +9 -0
  9. data/lib/maestrano.rb +114 -0
  10. data/lib/maestrano/account/bill.rb +14 -0
  11. data/lib/maestrano/api/error/authentication_error.rb +8 -0
  12. data/lib/maestrano/api/error/base_error.rb +24 -0
  13. data/lib/maestrano/api/error/connection_error.rb +8 -0
  14. data/lib/maestrano/api/error/invalid_request_error.rb +14 -0
  15. data/lib/maestrano/api/list_object.rb +37 -0
  16. data/lib/maestrano/api/object.rb +187 -0
  17. data/lib/maestrano/api/operation/base.rb +216 -0
  18. data/lib/maestrano/api/operation/create.rb +18 -0
  19. data/lib/maestrano/api/operation/delete.rb +13 -0
  20. data/lib/maestrano/api/operation/list.rb +18 -0
  21. data/lib/maestrano/api/operation/update.rb +59 -0
  22. data/lib/maestrano/api/resource.rb +39 -0
  23. data/lib/maestrano/api/util.rb +121 -0
  24. data/lib/maestrano/saml/attribute_value.rb +15 -0
  25. data/lib/maestrano/saml/metadata.rb +64 -0
  26. data/lib/maestrano/saml/request.rb +93 -0
  27. data/lib/maestrano/saml/response.rb +201 -0
  28. data/lib/maestrano/saml/schemas/saml20assertion_schema.xsd +283 -0
  29. data/lib/maestrano/saml/schemas/saml20protocol_schema.xsd +302 -0
  30. data/lib/maestrano/saml/schemas/xenc_schema.xsd +146 -0
  31. data/lib/maestrano/saml/schemas/xmldsig_schema.xsd +318 -0
  32. data/lib/maestrano/saml/settings.rb +37 -0
  33. data/lib/maestrano/saml/validation_error.rb +7 -0
  34. data/lib/maestrano/sso.rb +81 -0
  35. data/lib/maestrano/sso/base_group.rb +31 -0
  36. data/lib/maestrano/sso/base_user.rb +75 -0
  37. data/lib/maestrano/sso/group.rb +24 -0
  38. data/lib/maestrano/sso/session.rb +63 -0
  39. data/lib/maestrano/sso/user.rb +34 -0
  40. data/lib/maestrano/version.rb +3 -0
  41. data/lib/maestrano/xml_security/signed_document.rb +170 -0
  42. data/maestrano.gemspec +32 -0
  43. data/test/helpers/api_helpers.rb +82 -0
  44. data/test/helpers/saml_helpers.rb +62 -0
  45. data/test/maestrano/account/bill_test.rb +48 -0
  46. data/test/maestrano/api/list_object_test.rb +20 -0
  47. data/test/maestrano/api/object_test.rb +28 -0
  48. data/test/maestrano/api/resource_test.rb +343 -0
  49. data/test/maestrano/api/util_test.rb +31 -0
  50. data/test/maestrano/maestrano_test.rb +49 -0
  51. data/test/maestrano/saml/request_test.rb +168 -0
  52. data/test/maestrano/saml/response_test.rb +290 -0
  53. data/test/maestrano/saml/settings_test.rb +51 -0
  54. data/test/maestrano/sso/base_group_test.rb +54 -0
  55. data/test/maestrano/sso/base_user_test.rb +114 -0
  56. data/test/maestrano/sso/group_test.rb +47 -0
  57. data/test/maestrano/sso/session_test.rb +108 -0
  58. data/test/maestrano/sso/user_test.rb +65 -0
  59. data/test/maestrano/sso_test.rb +81 -0
  60. data/test/maestrano/xml_security/signed_document.rb +163 -0
  61. data/test/support/saml/certificates/certificate1 +12 -0
  62. data/test/support/saml/certificates/r1_certificate2_base64 +1 -0
  63. data/test/support/saml/responses/adfs_response_sha1.xml +46 -0
  64. data/test/support/saml/responses/adfs_response_sha256.xml +46 -0
  65. data/test/support/saml/responses/adfs_response_sha384.xml +46 -0
  66. data/test/support/saml/responses/adfs_response_sha512.xml +46 -0
  67. data/test/support/saml/responses/no_signature_ns.xml +48 -0
  68. data/test/support/saml/responses/open_saml_response.xml +56 -0
  69. data/test/support/saml/responses/r1_response6.xml.base64 +1 -0
  70. data/test/support/saml/responses/response1.xml.base64 +1 -0
  71. data/test/support/saml/responses/response2.xml.base64 +79 -0
  72. data/test/support/saml/responses/response3.xml.base64 +66 -0
  73. data/test/support/saml/responses/response4.xml.base64 +93 -0
  74. data/test/support/saml/responses/response5.xml.base64 +102 -0
  75. data/test/support/saml/responses/response_with_ampersands.xml +139 -0
  76. data/test/support/saml/responses/response_with_ampersands.xml.base64 +93 -0
  77. data/test/support/saml/responses/response_with_multiple_attribute_values.xml +57 -0
  78. data/test/support/saml/responses/simple_saml_php.xml +71 -0
  79. data/test/support/saml/responses/starfield_response.xml.base64 +1 -0
  80. data/test/support/saml/responses/wrapped_response_2.xml.base64 +150 -0
  81. data/test/test_helper.rb +46 -0
  82. metadata +305 -0
@@ -0,0 +1,51 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module Saml
5
+ class SettingsTest < Test::Unit::TestCase
6
+
7
+ context "Settings" do
8
+ setup do
9
+ @settings = Maestrano::Saml::Settings.new
10
+ end
11
+ should "should provide getters and settings" do
12
+ accessors = [
13
+ :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
14
+ :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
15
+ :idp_slo_target_url, :name_identifier_value, :sessionindex,
16
+ :assertion_consumer_logout_service_url,
17
+ :passive, :protocol_binding
18
+ ]
19
+
20
+ accessors.each do |accessor|
21
+ value = Kernel.rand
22
+ @settings.send("#{accessor}=".to_sym, value)
23
+ assert_equal value, @settings.send(accessor)
24
+ end
25
+ end
26
+
27
+ should "create settings from hash" do
28
+
29
+ config = {
30
+ :assertion_consumer_service_url => "http://app.muda.no/sso",
31
+ :issuer => "http://muda.no",
32
+ :sp_name_qualifier => "http://sso.muda.no",
33
+ :idp_sso_target_url => "http://sso.muda.no/sso",
34
+ :idp_slo_target_url => "http://sso.muda.no/slo",
35
+ :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
36
+ :name_identifier_format => Maestrano::Saml::Settings::NAMEID_TRANSIENT,
37
+ :passive => true,
38
+ :protocol_binding => Maestrano::Saml::Settings::PROTOCOL_BINDING_POST
39
+ }
40
+ @settings = Maestrano::Saml::Settings.new(config)
41
+
42
+ config.each do |k,v|
43
+ assert_equal v, @settings.send(k)
44
+ end
45
+ end
46
+
47
+ end
48
+
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,54 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class BaseGroupTest < Test::Unit::TestCase
6
+ include SamlTestHelper
7
+
8
+ setup do
9
+ @saml_response = Maestrano::Saml::Response.new(response_document)
10
+ @saml_response.stubs(:attributes).returns({
11
+ 'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
12
+ 'mno_session_recheck' => Time.now.utc.iso8601,
13
+ 'group_uid' => 'cld-1',
14
+ 'group_end_free_trial' => Time.now.utc.iso8601,
15
+ 'group_role' => 'Admin',
16
+ 'uid' => "usr-1",
17
+ 'virtual_uid' => "usr-1.cld-1",
18
+ 'email' => "j.doe@doecorp.com",
19
+ 'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
20
+ 'name' => "John",
21
+ "surname" => "Doe",
22
+ "country" => "AU",
23
+ "company_name" => "DoeCorp"
24
+ })
25
+ end
26
+
27
+ should "have a local_id accessor" do
28
+ assert Maestrano::SSO::BaseGroup.new(@saml_response).respond_to?(:local_id) == true
29
+ end
30
+
31
+ should "extract the rights attributes from the saml response" do
32
+ group = Maestrano::SSO::BaseGroup.new(@saml_response)
33
+ assert group.uid == @saml_response.attributes['group_uid']
34
+ assert group.free_trial_end_at == Time.iso8601(@saml_response.attributes['group_end_free_trial'])
35
+ assert group.company_name == @saml_response.attributes['company_name']
36
+ assert group.country == @saml_response.attributes['country']
37
+ end
38
+
39
+ should "have the right hash representation" do
40
+ sso_group = Maestrano::SSO::BaseGroup.new(@saml_response)
41
+ assert sso_group.to_hash == {
42
+ provider: 'maestrano',
43
+ uid: sso_group.uid,
44
+ info: {
45
+ free_trial_end_at: sso_group.free_trial_end_at,
46
+ company_name: sso_group.company_name,
47
+ country: sso_group.country,
48
+ },
49
+ extra: {}
50
+ }
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,114 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class BaseUserTest < Test::Unit::TestCase
6
+ include SamlTestHelper
7
+
8
+ setup do
9
+ @saml_response = Maestrano::Saml::Response.new(response_document)
10
+ @saml_response.stubs(:attributes).returns({
11
+ 'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
12
+ 'mno_session_recheck' => Time.now.utc.iso8601,
13
+ 'group_uid' => 'cld-1',
14
+ 'group_end_free_trial' => Time.now.utc.iso8601,
15
+ 'group_role' => 'Admin',
16
+ 'uid' => "usr-1",
17
+ 'virtual_uid' => "usr-1.cld-1",
18
+ 'email' => "j.doe@doecorp.com",
19
+ 'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
20
+ 'name' => "John",
21
+ "surname" => "Doe",
22
+ "country" => "AU",
23
+ "company_name" => "DoeCorp"
24
+ })
25
+ end
26
+
27
+ should "have a local_id accessor" do
28
+ assert Maestrano::SSO::BaseUser.new(@saml_response).respond_to?(:local_id) == true
29
+ end
30
+
31
+ should "extract the rights attributes from the saml response" do
32
+ user = Maestrano::SSO::BaseUser.new(@saml_response)
33
+ assert user.sso_session == @saml_response.attributes['mno_session']
34
+ assert user.sso_session_recheck == Time.iso8601(@saml_response.attributes['mno_session_recheck'])
35
+ assert user.group_uid == @saml_response.attributes['group_uid']
36
+ assert user.group_role == @saml_response.attributes['group_role']
37
+ assert user.uid == @saml_response.attributes['uid']
38
+ assert user.virtual_uid == @saml_response.attributes['virtual_uid']
39
+ assert user.email == @saml_response.attributes['email']
40
+ assert user.virtual_email == @saml_response.attributes['virtual_email']
41
+ assert user.first_name == @saml_response.attributes['name']
42
+ assert user.last_name == @saml_response.attributes['surname']
43
+ assert user.country == @saml_response.attributes['country']
44
+ assert user.company_name == @saml_response.attributes['company_name']
45
+ end
46
+
47
+ context "to_hash presentation" do
48
+ should "have the right representation when user_creation_mode is virtual" do
49
+ Maestrano.configure { |config| config.user_creation_mode = 'virtual' }
50
+ sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
51
+ assert_equal sso_user.to_hash, {
52
+ provider: 'maestrano',
53
+ uid: sso_user.virtual_uid,
54
+ info: {
55
+ email: sso_user.virtual_email,
56
+ first_name: sso_user.first_name,
57
+ last_name: sso_user.last_name,
58
+ country: sso_user.country,
59
+ company_name: sso_user.company_name,
60
+ },
61
+ extra: {
62
+ uid: sso_user.uid,
63
+ virtual_uid: sso_user.virtual_uid,
64
+ real_email: sso_user.email,
65
+ virtual_email: sso_user.virtual_email,
66
+ group: {
67
+ uid: sso_user.group_uid,
68
+ role: sso_user.group_role
69
+ },
70
+ session: {
71
+ uid: sso_user.uid,
72
+ token: sso_user.sso_session,
73
+ recheck: sso_user.sso_session_recheck,
74
+ group_uid: sso_user.group_uid
75
+ }
76
+ }
77
+ }
78
+ end
79
+
80
+ should "have the right representation when user_creation_mode is real" do
81
+ Maestrano.configure { |config| config.user_creation_mode = 'real' }
82
+ sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
83
+ assert_equal sso_user.to_hash, {
84
+ provider: 'maestrano',
85
+ uid: sso_user.uid,
86
+ info: {
87
+ email: sso_user.email,
88
+ first_name: sso_user.first_name,
89
+ last_name: sso_user.last_name,
90
+ country: sso_user.country,
91
+ company_name: sso_user.company_name,
92
+ },
93
+ extra: {
94
+ uid: sso_user.uid,
95
+ virtual_uid: sso_user.virtual_uid,
96
+ real_email: sso_user.email,
97
+ virtual_email: sso_user.virtual_email,
98
+ group: {
99
+ uid: sso_user.group_uid,
100
+ role: sso_user.group_role,
101
+ },
102
+ session: {
103
+ uid: sso_user.uid,
104
+ token: sso_user.sso_session,
105
+ recheck: sso_user.sso_session_recheck,
106
+ group_uid: sso_user.group_uid
107
+ }
108
+ }
109
+ }
110
+ end
111
+ end
112
+ end
113
+ end
114
+ end
@@ -0,0 +1,47 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class GroupTest < Test::Unit::TestCase
6
+ setup do
7
+ @group = mock('group')
8
+ class << @group
9
+ include Maestrano::SSO::Group
10
+ end
11
+ end
12
+
13
+ context "find_for_maestrano_auth" do
14
+ should "raise an error if not overriden" do
15
+ assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
16
+ @group.find_for_maestrano_auth({})
17
+ end
18
+ end
19
+
20
+ should "execute properly otherwise" do
21
+ def @group.find_for_maestrano_auth(auth); return true; end
22
+ assert_nothing_thrown do
23
+ @group.find_for_maestrano_auth({})
24
+ end
25
+ end
26
+ end
27
+
28
+ context "maestrano?" do
29
+ should "raise an error if no provider attribute and not overriden" do
30
+ assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
31
+ @group.maestrano?
32
+ end
33
+ end
34
+
35
+ should "return true if the provider is 'maestrano'" do
36
+ @group.stubs(:provider).returns('maestrano')
37
+ assert @group.maestrano?
38
+ end
39
+
40
+ should "return false if the provider is something else" do
41
+ @group.stubs(:provider).returns('someprovider')
42
+ assert !@group.maestrano?
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,108 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class SessionTest < Test::Unit::TestCase
6
+ setup do
7
+ @session = {
8
+ mno_uid: 'usr-1',
9
+ mno_session: 'g4dfg4fdg8378d6acf45',
10
+ mno_session_recheck: Time.now.utc.iso8601
11
+ }
12
+ end
13
+
14
+ should "initialize the sso session properly" do
15
+ sso_session = Maestrano::SSO::Session.new(@session)
16
+ assert_equal sso_session.uid, @session[:mno_uid]
17
+ assert_equal sso_session.session_token, @session[:mno_session]
18
+ assert_equal sso_session.recheck, Time.iso8601(@session[:mno_session_recheck])
19
+ end
20
+
21
+ context "remote_check_required?" do
22
+ setup do
23
+ @sso_session = Maestrano::SSO::Session.new(@session)
24
+ end
25
+
26
+ should "should return true if uid is missing" do
27
+ @sso_session.uid = nil
28
+ assert @sso_session.remote_check_required?
29
+ end
30
+
31
+ should "should return true if session_token is missing" do
32
+ @sso_session.session_token = nil
33
+ assert @sso_session.remote_check_required?
34
+ end
35
+
36
+ should "should return true if recheck is missing" do
37
+ @sso_session.recheck = nil
38
+ assert @sso_session.remote_check_required?
39
+ end
40
+
41
+ should "return true if now is after recheck" do
42
+ Timecop.freeze(@sso_session.recheck + 60) do
43
+ assert @sso_session.remote_check_required?
44
+ end
45
+ end
46
+
47
+ should "return false if now is before recheck" do
48
+ Timecop.freeze(@sso_session.recheck - 60) do
49
+ assert !@sso_session.remote_check_required?
50
+ end
51
+ end
52
+ end
53
+
54
+ context "perform_remote_check" do
55
+ setup do
56
+ @sso_session = Maestrano::SSO::Session.new(@session)
57
+ end
58
+
59
+ should "update the session recheck and return true if valid" do
60
+ recheck = @sso_session.recheck + 600
61
+ RestClient.stubs(:get).returns({'valid' => true, 'recheck' => recheck.utc.iso8601 }.to_json)
62
+ assert @sso_session.perform_remote_check
63
+ assert_equal @sso_session.recheck, recheck
64
+ end
65
+
66
+ should "leave the session recheck unchanged and return false if invalid" do
67
+ recheck = @sso_session.recheck
68
+ RestClient.stubs(:get).returns({'valid' => false, 'recheck' => (recheck + 600).utc.iso8601 }.to_json)
69
+ assert !@sso_session.perform_remote_check
70
+ assert_equal @sso_session.recheck, recheck
71
+ end
72
+ end
73
+
74
+ context "valid?" do
75
+ setup do
76
+ @sso_session = Maestrano::SSO::Session.new(@session)
77
+ end
78
+
79
+ should "return true if no remote_check_required?" do
80
+ @sso_session.stubs(:remote_check_required?).returns(false)
81
+ assert @sso_session.valid?
82
+ end
83
+
84
+ should "return true if remote_check_required? and valid" do
85
+ @sso_session.stubs(:remote_check_required?).returns(true)
86
+ @sso_session.stubs(:perform_remote_check).returns(true)
87
+ assert @sso_session.valid?
88
+ end
89
+
90
+ should "update session recheck timestamp if remote_check_required? and valid" do
91
+ recheck = (@sso_session.recheck + 600)
92
+ @sso_session.recheck = recheck
93
+ @sso_session.stubs(:remote_check_required?).returns(true)
94
+ @sso_session.stubs(:perform_remote_check).returns(true)
95
+ @sso_session.valid?
96
+ assert_equal @session[:mno_session_recheck], recheck.utc.iso8601
97
+ end
98
+
99
+ should "return false if remote_check_required? and invalid" do
100
+ @sso_session.stubs(:remote_check_required?).returns(true)
101
+ @sso_session.stubs(:perform_remote_check).returns(false)
102
+ assert !@sso_session.valid?
103
+ end
104
+ end
105
+
106
+ end
107
+ end
108
+ end
@@ -0,0 +1,65 @@
1
+ require File.expand_path('../../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ module SSO
5
+ class UserTest < Test::Unit::TestCase
6
+ setup do
7
+ @user = mock('user')
8
+ class << @user
9
+ include Maestrano::SSO::User
10
+ end
11
+ end
12
+
13
+ context "find_for_maestrano_auth" do
14
+ should "raise an error if not overriden" do
15
+ assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
16
+ @user.find_for_maestrano_auth({})
17
+ end
18
+ end
19
+
20
+ should "execute properly otherwise" do
21
+ def @user.find_for_maestrano_auth(auth); return true; end
22
+ assert_nothing_thrown do
23
+ @user.find_for_maestrano_auth({})
24
+ end
25
+ end
26
+ end
27
+
28
+ context "maestrano?" do
29
+ should "raise an error if no provider attribute and not overriden" do
30
+ assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
31
+ @user.maestrano?
32
+ end
33
+ end
34
+
35
+ should "return true if the provider is 'maestrano'" do
36
+ @user.stubs(:provider).returns('maestrano')
37
+ assert @user.maestrano?
38
+ end
39
+
40
+ should "return false if the provider is something else" do
41
+ @user.stubs(:provider).returns('someprovider')
42
+ assert !@user.maestrano?
43
+ end
44
+ end
45
+
46
+ context "maestrano_session_valid?" do
47
+ should "return true if the sso session is valid" do
48
+ session = {}
49
+ sso_session = mock('sso_session')
50
+ Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
51
+ sso_session.stubs(:valid?).returns(true)
52
+ assert @user.maestrano_session_valid?(session)
53
+ end
54
+
55
+ should "return false if the sso session is invalid" do
56
+ session = {}
57
+ sso_session = mock('sso_session')
58
+ Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
59
+ sso_session.stubs(:valid?).returns(false)
60
+ assert !@user.maestrano_session_valid?(session)
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
@@ -0,0 +1,81 @@
1
+ require File.expand_path('../../test_helper', __FILE__)
2
+
3
+ module Maestrano
4
+ class SSOTest < Test::Unit::TestCase
5
+ include SamlTestHelper
6
+
7
+ setup do
8
+ Maestrano.config = nil
9
+ Maestrano.configure { |config| config.environment = 'production' }
10
+ end
11
+
12
+ should "return the right init_url" do
13
+ assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
14
+ end
15
+
16
+ should "return the right consume_url" do
17
+ assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
18
+ end
19
+
20
+ should "return the right logout_url" do
21
+ assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
22
+ end
23
+
24
+ should "return the right unauthorized_url" do
25
+ assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
26
+ end
27
+
28
+ should "return the right idp_url" do
29
+ assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
30
+ end
31
+
32
+ should "return the right session_check_url" do
33
+ assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
34
+ end
35
+
36
+ should "return the right enabled parameter" do
37
+ assert Maestrano::SSO.enabled? == !!Maestrano.param('sso_enabled')
38
+ end
39
+
40
+ should "return the right saml_settings" do
41
+ settings = Maestrano::SSO.saml_settings
42
+ assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
43
+ assert settings.issuer == Maestrano.param('app_host')
44
+ assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
45
+ assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
46
+ assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
47
+ end
48
+
49
+ should "build the right saml request" do
50
+ request = mock('request')
51
+ Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
52
+ assert Maestrano::SSO.build_request(group_id: "cld-3") == request
53
+ end
54
+
55
+ should "build the right saml response" do
56
+ response = mock('response')
57
+ Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
58
+ response = Maestrano::SSO.build_response(response_document)
59
+ assert Maestrano::SSO.build_response(response_document) == response
60
+ end
61
+
62
+ should "set the session correctly" do
63
+ session = {}
64
+ auth = {
65
+ extra: {
66
+ session: {
67
+ uid: 'usr-1',
68
+ token: '15fg6d',
69
+ recheck: Time.now,
70
+ group_uid: 'cld-3'
71
+ }
72
+ }
73
+ }
74
+ Maestrano::SSO.set_session(session,auth)
75
+ assert_equal session[:mno_uid], auth[:extra][:session][:uid]
76
+ assert_equal session[:mno_session], auth[:extra][:session][:token]
77
+ assert_equal session[:mno_session_recheck], auth[:extra][:session][:recheck].utc.iso8601
78
+ assert_equal session[:mno_group_uid], auth[:extra][:session][:group_uid]
79
+ end
80
+ end
81
+ end