maestrano 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +34 -0
- data/Gemfile +2 -0
- data/Gemfile.lock +43 -0
- data/LICENSE +21 -0
- data/README.md +4 -0
- data/Rakefile +32 -0
- data/bin/maestrano-console +9 -0
- data/lib/maestrano.rb +114 -0
- data/lib/maestrano/account/bill.rb +14 -0
- data/lib/maestrano/api/error/authentication_error.rb +8 -0
- data/lib/maestrano/api/error/base_error.rb +24 -0
- data/lib/maestrano/api/error/connection_error.rb +8 -0
- data/lib/maestrano/api/error/invalid_request_error.rb +14 -0
- data/lib/maestrano/api/list_object.rb +37 -0
- data/lib/maestrano/api/object.rb +187 -0
- data/lib/maestrano/api/operation/base.rb +216 -0
- data/lib/maestrano/api/operation/create.rb +18 -0
- data/lib/maestrano/api/operation/delete.rb +13 -0
- data/lib/maestrano/api/operation/list.rb +18 -0
- data/lib/maestrano/api/operation/update.rb +59 -0
- data/lib/maestrano/api/resource.rb +39 -0
- data/lib/maestrano/api/util.rb +121 -0
- data/lib/maestrano/saml/attribute_value.rb +15 -0
- data/lib/maestrano/saml/metadata.rb +64 -0
- data/lib/maestrano/saml/request.rb +93 -0
- data/lib/maestrano/saml/response.rb +201 -0
- data/lib/maestrano/saml/schemas/saml20assertion_schema.xsd +283 -0
- data/lib/maestrano/saml/schemas/saml20protocol_schema.xsd +302 -0
- data/lib/maestrano/saml/schemas/xenc_schema.xsd +146 -0
- data/lib/maestrano/saml/schemas/xmldsig_schema.xsd +318 -0
- data/lib/maestrano/saml/settings.rb +37 -0
- data/lib/maestrano/saml/validation_error.rb +7 -0
- data/lib/maestrano/sso.rb +81 -0
- data/lib/maestrano/sso/base_group.rb +31 -0
- data/lib/maestrano/sso/base_user.rb +75 -0
- data/lib/maestrano/sso/group.rb +24 -0
- data/lib/maestrano/sso/session.rb +63 -0
- data/lib/maestrano/sso/user.rb +34 -0
- data/lib/maestrano/version.rb +3 -0
- data/lib/maestrano/xml_security/signed_document.rb +170 -0
- data/maestrano.gemspec +32 -0
- data/test/helpers/api_helpers.rb +82 -0
- data/test/helpers/saml_helpers.rb +62 -0
- data/test/maestrano/account/bill_test.rb +48 -0
- data/test/maestrano/api/list_object_test.rb +20 -0
- data/test/maestrano/api/object_test.rb +28 -0
- data/test/maestrano/api/resource_test.rb +343 -0
- data/test/maestrano/api/util_test.rb +31 -0
- data/test/maestrano/maestrano_test.rb +49 -0
- data/test/maestrano/saml/request_test.rb +168 -0
- data/test/maestrano/saml/response_test.rb +290 -0
- data/test/maestrano/saml/settings_test.rb +51 -0
- data/test/maestrano/sso/base_group_test.rb +54 -0
- data/test/maestrano/sso/base_user_test.rb +114 -0
- data/test/maestrano/sso/group_test.rb +47 -0
- data/test/maestrano/sso/session_test.rb +108 -0
- data/test/maestrano/sso/user_test.rb +65 -0
- data/test/maestrano/sso_test.rb +81 -0
- data/test/maestrano/xml_security/signed_document.rb +163 -0
- data/test/support/saml/certificates/certificate1 +12 -0
- data/test/support/saml/certificates/r1_certificate2_base64 +1 -0
- data/test/support/saml/responses/adfs_response_sha1.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha256.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha384.xml +46 -0
- data/test/support/saml/responses/adfs_response_sha512.xml +46 -0
- data/test/support/saml/responses/no_signature_ns.xml +48 -0
- data/test/support/saml/responses/open_saml_response.xml +56 -0
- data/test/support/saml/responses/r1_response6.xml.base64 +1 -0
- data/test/support/saml/responses/response1.xml.base64 +1 -0
- data/test/support/saml/responses/response2.xml.base64 +79 -0
- data/test/support/saml/responses/response3.xml.base64 +66 -0
- data/test/support/saml/responses/response4.xml.base64 +93 -0
- data/test/support/saml/responses/response5.xml.base64 +102 -0
- data/test/support/saml/responses/response_with_ampersands.xml +139 -0
- data/test/support/saml/responses/response_with_ampersands.xml.base64 +93 -0
- data/test/support/saml/responses/response_with_multiple_attribute_values.xml +57 -0
- data/test/support/saml/responses/simple_saml_php.xml +71 -0
- data/test/support/saml/responses/starfield_response.xml.base64 +1 -0
- data/test/support/saml/responses/wrapped_response_2.xml.base64 +150 -0
- data/test/test_helper.rb +46 -0
- metadata +305 -0
@@ -0,0 +1,51 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module Saml
|
5
|
+
class SettingsTest < Test::Unit::TestCase
|
6
|
+
|
7
|
+
context "Settings" do
|
8
|
+
setup do
|
9
|
+
@settings = Maestrano::Saml::Settings.new
|
10
|
+
end
|
11
|
+
should "should provide getters and settings" do
|
12
|
+
accessors = [
|
13
|
+
:assertion_consumer_service_url, :issuer, :sp_name_qualifier,
|
14
|
+
:idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
|
15
|
+
:idp_slo_target_url, :name_identifier_value, :sessionindex,
|
16
|
+
:assertion_consumer_logout_service_url,
|
17
|
+
:passive, :protocol_binding
|
18
|
+
]
|
19
|
+
|
20
|
+
accessors.each do |accessor|
|
21
|
+
value = Kernel.rand
|
22
|
+
@settings.send("#{accessor}=".to_sym, value)
|
23
|
+
assert_equal value, @settings.send(accessor)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
should "create settings from hash" do
|
28
|
+
|
29
|
+
config = {
|
30
|
+
:assertion_consumer_service_url => "http://app.muda.no/sso",
|
31
|
+
:issuer => "http://muda.no",
|
32
|
+
:sp_name_qualifier => "http://sso.muda.no",
|
33
|
+
:idp_sso_target_url => "http://sso.muda.no/sso",
|
34
|
+
:idp_slo_target_url => "http://sso.muda.no/slo",
|
35
|
+
:idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
|
36
|
+
:name_identifier_format => Maestrano::Saml::Settings::NAMEID_TRANSIENT,
|
37
|
+
:passive => true,
|
38
|
+
:protocol_binding => Maestrano::Saml::Settings::PROTOCOL_BINDING_POST
|
39
|
+
}
|
40
|
+
@settings = Maestrano::Saml::Settings.new(config)
|
41
|
+
|
42
|
+
config.each do |k,v|
|
43
|
+
assert_equal v, @settings.send(k)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class BaseGroupTest < Test::Unit::TestCase
|
6
|
+
include SamlTestHelper
|
7
|
+
|
8
|
+
setup do
|
9
|
+
@saml_response = Maestrano::Saml::Response.new(response_document)
|
10
|
+
@saml_response.stubs(:attributes).returns({
|
11
|
+
'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
|
12
|
+
'mno_session_recheck' => Time.now.utc.iso8601,
|
13
|
+
'group_uid' => 'cld-1',
|
14
|
+
'group_end_free_trial' => Time.now.utc.iso8601,
|
15
|
+
'group_role' => 'Admin',
|
16
|
+
'uid' => "usr-1",
|
17
|
+
'virtual_uid' => "usr-1.cld-1",
|
18
|
+
'email' => "j.doe@doecorp.com",
|
19
|
+
'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
|
20
|
+
'name' => "John",
|
21
|
+
"surname" => "Doe",
|
22
|
+
"country" => "AU",
|
23
|
+
"company_name" => "DoeCorp"
|
24
|
+
})
|
25
|
+
end
|
26
|
+
|
27
|
+
should "have a local_id accessor" do
|
28
|
+
assert Maestrano::SSO::BaseGroup.new(@saml_response).respond_to?(:local_id) == true
|
29
|
+
end
|
30
|
+
|
31
|
+
should "extract the rights attributes from the saml response" do
|
32
|
+
group = Maestrano::SSO::BaseGroup.new(@saml_response)
|
33
|
+
assert group.uid == @saml_response.attributes['group_uid']
|
34
|
+
assert group.free_trial_end_at == Time.iso8601(@saml_response.attributes['group_end_free_trial'])
|
35
|
+
assert group.company_name == @saml_response.attributes['company_name']
|
36
|
+
assert group.country == @saml_response.attributes['country']
|
37
|
+
end
|
38
|
+
|
39
|
+
should "have the right hash representation" do
|
40
|
+
sso_group = Maestrano::SSO::BaseGroup.new(@saml_response)
|
41
|
+
assert sso_group.to_hash == {
|
42
|
+
provider: 'maestrano',
|
43
|
+
uid: sso_group.uid,
|
44
|
+
info: {
|
45
|
+
free_trial_end_at: sso_group.free_trial_end_at,
|
46
|
+
company_name: sso_group.company_name,
|
47
|
+
country: sso_group.country,
|
48
|
+
},
|
49
|
+
extra: {}
|
50
|
+
}
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,114 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class BaseUserTest < Test::Unit::TestCase
|
6
|
+
include SamlTestHelper
|
7
|
+
|
8
|
+
setup do
|
9
|
+
@saml_response = Maestrano::Saml::Response.new(response_document)
|
10
|
+
@saml_response.stubs(:attributes).returns({
|
11
|
+
'mno_session' => 'f54sd54fd64fs5df4s3d48gf2',
|
12
|
+
'mno_session_recheck' => Time.now.utc.iso8601,
|
13
|
+
'group_uid' => 'cld-1',
|
14
|
+
'group_end_free_trial' => Time.now.utc.iso8601,
|
15
|
+
'group_role' => 'Admin',
|
16
|
+
'uid' => "usr-1",
|
17
|
+
'virtual_uid' => "usr-1.cld-1",
|
18
|
+
'email' => "j.doe@doecorp.com",
|
19
|
+
'virtual_email' => "usr-1.cld-1@mail.maestrano.com",
|
20
|
+
'name' => "John",
|
21
|
+
"surname" => "Doe",
|
22
|
+
"country" => "AU",
|
23
|
+
"company_name" => "DoeCorp"
|
24
|
+
})
|
25
|
+
end
|
26
|
+
|
27
|
+
should "have a local_id accessor" do
|
28
|
+
assert Maestrano::SSO::BaseUser.new(@saml_response).respond_to?(:local_id) == true
|
29
|
+
end
|
30
|
+
|
31
|
+
should "extract the rights attributes from the saml response" do
|
32
|
+
user = Maestrano::SSO::BaseUser.new(@saml_response)
|
33
|
+
assert user.sso_session == @saml_response.attributes['mno_session']
|
34
|
+
assert user.sso_session_recheck == Time.iso8601(@saml_response.attributes['mno_session_recheck'])
|
35
|
+
assert user.group_uid == @saml_response.attributes['group_uid']
|
36
|
+
assert user.group_role == @saml_response.attributes['group_role']
|
37
|
+
assert user.uid == @saml_response.attributes['uid']
|
38
|
+
assert user.virtual_uid == @saml_response.attributes['virtual_uid']
|
39
|
+
assert user.email == @saml_response.attributes['email']
|
40
|
+
assert user.virtual_email == @saml_response.attributes['virtual_email']
|
41
|
+
assert user.first_name == @saml_response.attributes['name']
|
42
|
+
assert user.last_name == @saml_response.attributes['surname']
|
43
|
+
assert user.country == @saml_response.attributes['country']
|
44
|
+
assert user.company_name == @saml_response.attributes['company_name']
|
45
|
+
end
|
46
|
+
|
47
|
+
context "to_hash presentation" do
|
48
|
+
should "have the right representation when user_creation_mode is virtual" do
|
49
|
+
Maestrano.configure { |config| config.user_creation_mode = 'virtual' }
|
50
|
+
sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
|
51
|
+
assert_equal sso_user.to_hash, {
|
52
|
+
provider: 'maestrano',
|
53
|
+
uid: sso_user.virtual_uid,
|
54
|
+
info: {
|
55
|
+
email: sso_user.virtual_email,
|
56
|
+
first_name: sso_user.first_name,
|
57
|
+
last_name: sso_user.last_name,
|
58
|
+
country: sso_user.country,
|
59
|
+
company_name: sso_user.company_name,
|
60
|
+
},
|
61
|
+
extra: {
|
62
|
+
uid: sso_user.uid,
|
63
|
+
virtual_uid: sso_user.virtual_uid,
|
64
|
+
real_email: sso_user.email,
|
65
|
+
virtual_email: sso_user.virtual_email,
|
66
|
+
group: {
|
67
|
+
uid: sso_user.group_uid,
|
68
|
+
role: sso_user.group_role
|
69
|
+
},
|
70
|
+
session: {
|
71
|
+
uid: sso_user.uid,
|
72
|
+
token: sso_user.sso_session,
|
73
|
+
recheck: sso_user.sso_session_recheck,
|
74
|
+
group_uid: sso_user.group_uid
|
75
|
+
}
|
76
|
+
}
|
77
|
+
}
|
78
|
+
end
|
79
|
+
|
80
|
+
should "have the right representation when user_creation_mode is real" do
|
81
|
+
Maestrano.configure { |config| config.user_creation_mode = 'real' }
|
82
|
+
sso_user = Maestrano::SSO::BaseUser.new(@saml_response)
|
83
|
+
assert_equal sso_user.to_hash, {
|
84
|
+
provider: 'maestrano',
|
85
|
+
uid: sso_user.uid,
|
86
|
+
info: {
|
87
|
+
email: sso_user.email,
|
88
|
+
first_name: sso_user.first_name,
|
89
|
+
last_name: sso_user.last_name,
|
90
|
+
country: sso_user.country,
|
91
|
+
company_name: sso_user.company_name,
|
92
|
+
},
|
93
|
+
extra: {
|
94
|
+
uid: sso_user.uid,
|
95
|
+
virtual_uid: sso_user.virtual_uid,
|
96
|
+
real_email: sso_user.email,
|
97
|
+
virtual_email: sso_user.virtual_email,
|
98
|
+
group: {
|
99
|
+
uid: sso_user.group_uid,
|
100
|
+
role: sso_user.group_role,
|
101
|
+
},
|
102
|
+
session: {
|
103
|
+
uid: sso_user.uid,
|
104
|
+
token: sso_user.sso_session,
|
105
|
+
recheck: sso_user.sso_session_recheck,
|
106
|
+
group_uid: sso_user.group_uid
|
107
|
+
}
|
108
|
+
}
|
109
|
+
}
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class GroupTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@group = mock('group')
|
8
|
+
class << @group
|
9
|
+
include Maestrano::SSO::Group
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "find_for_maestrano_auth" do
|
14
|
+
should "raise an error if not overriden" do
|
15
|
+
assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
|
16
|
+
@group.find_for_maestrano_auth({})
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
should "execute properly otherwise" do
|
21
|
+
def @group.find_for_maestrano_auth(auth); return true; end
|
22
|
+
assert_nothing_thrown do
|
23
|
+
@group.find_for_maestrano_auth({})
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "maestrano?" do
|
29
|
+
should "raise an error if no provider attribute and not overriden" do
|
30
|
+
assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
|
31
|
+
@group.maestrano?
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
should "return true if the provider is 'maestrano'" do
|
36
|
+
@group.stubs(:provider).returns('maestrano')
|
37
|
+
assert @group.maestrano?
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return false if the provider is something else" do
|
41
|
+
@group.stubs(:provider).returns('someprovider')
|
42
|
+
assert !@group.maestrano?
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class SessionTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@session = {
|
8
|
+
mno_uid: 'usr-1',
|
9
|
+
mno_session: 'g4dfg4fdg8378d6acf45',
|
10
|
+
mno_session_recheck: Time.now.utc.iso8601
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
should "initialize the sso session properly" do
|
15
|
+
sso_session = Maestrano::SSO::Session.new(@session)
|
16
|
+
assert_equal sso_session.uid, @session[:mno_uid]
|
17
|
+
assert_equal sso_session.session_token, @session[:mno_session]
|
18
|
+
assert_equal sso_session.recheck, Time.iso8601(@session[:mno_session_recheck])
|
19
|
+
end
|
20
|
+
|
21
|
+
context "remote_check_required?" do
|
22
|
+
setup do
|
23
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
24
|
+
end
|
25
|
+
|
26
|
+
should "should return true if uid is missing" do
|
27
|
+
@sso_session.uid = nil
|
28
|
+
assert @sso_session.remote_check_required?
|
29
|
+
end
|
30
|
+
|
31
|
+
should "should return true if session_token is missing" do
|
32
|
+
@sso_session.session_token = nil
|
33
|
+
assert @sso_session.remote_check_required?
|
34
|
+
end
|
35
|
+
|
36
|
+
should "should return true if recheck is missing" do
|
37
|
+
@sso_session.recheck = nil
|
38
|
+
assert @sso_session.remote_check_required?
|
39
|
+
end
|
40
|
+
|
41
|
+
should "return true if now is after recheck" do
|
42
|
+
Timecop.freeze(@sso_session.recheck + 60) do
|
43
|
+
assert @sso_session.remote_check_required?
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
should "return false if now is before recheck" do
|
48
|
+
Timecop.freeze(@sso_session.recheck - 60) do
|
49
|
+
assert !@sso_session.remote_check_required?
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
context "perform_remote_check" do
|
55
|
+
setup do
|
56
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
57
|
+
end
|
58
|
+
|
59
|
+
should "update the session recheck and return true if valid" do
|
60
|
+
recheck = @sso_session.recheck + 600
|
61
|
+
RestClient.stubs(:get).returns({'valid' => true, 'recheck' => recheck.utc.iso8601 }.to_json)
|
62
|
+
assert @sso_session.perform_remote_check
|
63
|
+
assert_equal @sso_session.recheck, recheck
|
64
|
+
end
|
65
|
+
|
66
|
+
should "leave the session recheck unchanged and return false if invalid" do
|
67
|
+
recheck = @sso_session.recheck
|
68
|
+
RestClient.stubs(:get).returns({'valid' => false, 'recheck' => (recheck + 600).utc.iso8601 }.to_json)
|
69
|
+
assert !@sso_session.perform_remote_check
|
70
|
+
assert_equal @sso_session.recheck, recheck
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
context "valid?" do
|
75
|
+
setup do
|
76
|
+
@sso_session = Maestrano::SSO::Session.new(@session)
|
77
|
+
end
|
78
|
+
|
79
|
+
should "return true if no remote_check_required?" do
|
80
|
+
@sso_session.stubs(:remote_check_required?).returns(false)
|
81
|
+
assert @sso_session.valid?
|
82
|
+
end
|
83
|
+
|
84
|
+
should "return true if remote_check_required? and valid" do
|
85
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
86
|
+
@sso_session.stubs(:perform_remote_check).returns(true)
|
87
|
+
assert @sso_session.valid?
|
88
|
+
end
|
89
|
+
|
90
|
+
should "update session recheck timestamp if remote_check_required? and valid" do
|
91
|
+
recheck = (@sso_session.recheck + 600)
|
92
|
+
@sso_session.recheck = recheck
|
93
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
94
|
+
@sso_session.stubs(:perform_remote_check).returns(true)
|
95
|
+
@sso_session.valid?
|
96
|
+
assert_equal @session[:mno_session_recheck], recheck.utc.iso8601
|
97
|
+
end
|
98
|
+
|
99
|
+
should "return false if remote_check_required? and invalid" do
|
100
|
+
@sso_session.stubs(:remote_check_required?).returns(true)
|
101
|
+
@sso_session.stubs(:perform_remote_check).returns(false)
|
102
|
+
assert !@sso_session.valid?
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
require File.expand_path('../../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
module SSO
|
5
|
+
class UserTest < Test::Unit::TestCase
|
6
|
+
setup do
|
7
|
+
@user = mock('user')
|
8
|
+
class << @user
|
9
|
+
include Maestrano::SSO::User
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "find_for_maestrano_auth" do
|
14
|
+
should "raise an error if not overriden" do
|
15
|
+
assert_raise(NoMethodError.new("You need to override find_for_maestrano_auth in your Mocha::Mock model")) do
|
16
|
+
@user.find_for_maestrano_auth({})
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
should "execute properly otherwise" do
|
21
|
+
def @user.find_for_maestrano_auth(auth); return true; end
|
22
|
+
assert_nothing_thrown do
|
23
|
+
@user.find_for_maestrano_auth({})
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "maestrano?" do
|
29
|
+
should "raise an error if no provider attribute and not overriden" do
|
30
|
+
assert_raise(NoMethodError.new("You need to override maestrano? in your Mocha::Mock model")) do
|
31
|
+
@user.maestrano?
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
should "return true if the provider is 'maestrano'" do
|
36
|
+
@user.stubs(:provider).returns('maestrano')
|
37
|
+
assert @user.maestrano?
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return false if the provider is something else" do
|
41
|
+
@user.stubs(:provider).returns('someprovider')
|
42
|
+
assert !@user.maestrano?
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
context "maestrano_session_valid?" do
|
47
|
+
should "return true if the sso session is valid" do
|
48
|
+
session = {}
|
49
|
+
sso_session = mock('sso_session')
|
50
|
+
Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
|
51
|
+
sso_session.stubs(:valid?).returns(true)
|
52
|
+
assert @user.maestrano_session_valid?(session)
|
53
|
+
end
|
54
|
+
|
55
|
+
should "return false if the sso session is invalid" do
|
56
|
+
session = {}
|
57
|
+
sso_session = mock('sso_session')
|
58
|
+
Maestrano::SSO::Session.stubs(:new).with(session).returns(sso_session)
|
59
|
+
sso_session.stubs(:valid?).returns(false)
|
60
|
+
assert !@user.maestrano_session_valid?(session)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
require File.expand_path('../../test_helper', __FILE__)
|
2
|
+
|
3
|
+
module Maestrano
|
4
|
+
class SSOTest < Test::Unit::TestCase
|
5
|
+
include SamlTestHelper
|
6
|
+
|
7
|
+
setup do
|
8
|
+
Maestrano.config = nil
|
9
|
+
Maestrano.configure { |config| config.environment = 'production' }
|
10
|
+
end
|
11
|
+
|
12
|
+
should "return the right init_url" do
|
13
|
+
assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
|
14
|
+
end
|
15
|
+
|
16
|
+
should "return the right consume_url" do
|
17
|
+
assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
|
18
|
+
end
|
19
|
+
|
20
|
+
should "return the right logout_url" do
|
21
|
+
assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
|
22
|
+
end
|
23
|
+
|
24
|
+
should "return the right unauthorized_url" do
|
25
|
+
assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
|
26
|
+
end
|
27
|
+
|
28
|
+
should "return the right idp_url" do
|
29
|
+
assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
|
30
|
+
end
|
31
|
+
|
32
|
+
should "return the right session_check_url" do
|
33
|
+
assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
|
34
|
+
end
|
35
|
+
|
36
|
+
should "return the right enabled parameter" do
|
37
|
+
assert Maestrano::SSO.enabled? == !!Maestrano.param('sso_enabled')
|
38
|
+
end
|
39
|
+
|
40
|
+
should "return the right saml_settings" do
|
41
|
+
settings = Maestrano::SSO.saml_settings
|
42
|
+
assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
|
43
|
+
assert settings.issuer == Maestrano.param('app_host')
|
44
|
+
assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
|
45
|
+
assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
|
46
|
+
assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
|
47
|
+
end
|
48
|
+
|
49
|
+
should "build the right saml request" do
|
50
|
+
request = mock('request')
|
51
|
+
Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
|
52
|
+
assert Maestrano::SSO.build_request(group_id: "cld-3") == request
|
53
|
+
end
|
54
|
+
|
55
|
+
should "build the right saml response" do
|
56
|
+
response = mock('response')
|
57
|
+
Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
|
58
|
+
response = Maestrano::SSO.build_response(response_document)
|
59
|
+
assert Maestrano::SSO.build_response(response_document) == response
|
60
|
+
end
|
61
|
+
|
62
|
+
should "set the session correctly" do
|
63
|
+
session = {}
|
64
|
+
auth = {
|
65
|
+
extra: {
|
66
|
+
session: {
|
67
|
+
uid: 'usr-1',
|
68
|
+
token: '15fg6d',
|
69
|
+
recheck: Time.now,
|
70
|
+
group_uid: 'cld-3'
|
71
|
+
}
|
72
|
+
}
|
73
|
+
}
|
74
|
+
Maestrano::SSO.set_session(session,auth)
|
75
|
+
assert_equal session[:mno_uid], auth[:extra][:session][:uid]
|
76
|
+
assert_equal session[:mno_session], auth[:extra][:session][:token]
|
77
|
+
assert_equal session[:mno_session_recheck], auth[:extra][:session][:recheck].utc.iso8601
|
78
|
+
assert_equal session[:mno_group_uid], auth[:extra][:session][:group_uid]
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|