maestrano 0.11.0 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +17 -8
- data/LICENSE +1 -1
- data/README.md +91 -14
- data/lib/maestrano/account/bill.rb +1 -1
- data/lib/maestrano/account/recurring_bill.rb +1 -1
- data/lib/maestrano/api/object.rb +1 -0
- data/lib/maestrano/api/operation/base.rb +13 -15
- data/lib/maestrano/api/operation/create.rb +1 -1
- data/lib/maestrano/api/operation/delete.rb +1 -1
- data/lib/maestrano/api/operation/list.rb +1 -1
- data/lib/maestrano/api/operation/update.rb +1 -1
- data/lib/maestrano/connec/client.rb +6 -5
- data/lib/maestrano/preset.rb +23 -0
- data/lib/maestrano/saml/request.rb +4 -3
- data/lib/maestrano/saml/response.rb +3 -2
- data/lib/maestrano/sso/base_user.rb +3 -2
- data/lib/maestrano/sso/session.rb +3 -2
- data/lib/maestrano/sso.rb +18 -17
- data/lib/maestrano/version.rb +1 -1
- data/lib/maestrano.rb +59 -8
- data/test/maestrano/account/bill_test.rb +54 -13
- data/test/maestrano/account/user_test.rb +20 -0
- data/test/maestrano/connec/client_test.rb +210 -66
- data/test/maestrano/maestrano_test.rb +141 -4
- data/test/maestrano/saml/response_test.rb +83 -0
- data/test/maestrano/sso/session_test.rb +61 -0
- data/test/maestrano/sso_test.rb +246 -85
- metadata +4 -3
data/test/maestrano/sso_test.rb
CHANGED
@@ -4,101 +4,262 @@ module Maestrano
|
|
4
4
|
class SSOTest < Test::Unit::TestCase
|
5
5
|
include SamlTestHelper
|
6
6
|
|
7
|
-
|
8
|
-
Maestrano.config = nil
|
9
|
-
Maestrano.configure { |config| config.environment = 'production' }
|
10
|
-
end
|
11
|
-
|
12
|
-
should "return the right init_url" do
|
13
|
-
assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
|
14
|
-
end
|
15
|
-
|
16
|
-
should "return the right consume_url" do
|
17
|
-
assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
|
18
|
-
end
|
19
|
-
|
20
|
-
should "return the right logout_url" do
|
21
|
-
assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
|
22
|
-
end
|
23
|
-
|
24
|
-
should "return the right unauthorized_url" do
|
25
|
-
assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
|
26
|
-
end
|
27
|
-
|
28
|
-
should "return the right idp_url" do
|
29
|
-
assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
|
30
|
-
end
|
31
|
-
|
32
|
-
should "return the right session_check_url" do
|
33
|
-
assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
|
34
|
-
end
|
35
|
-
|
36
|
-
should "return the right enabled parameter" do
|
37
|
-
assert Maestrano::SSO.enabled? == !!Maestrano.param('sso.enabled')
|
38
|
-
end
|
39
|
-
|
40
|
-
should "return the right saml_settings" do
|
41
|
-
settings = Maestrano::SSO.saml_settings
|
42
|
-
assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
|
43
|
-
assert settings.issuer == Maestrano.param('api.id')
|
44
|
-
assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
|
45
|
-
assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
|
46
|
-
assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
|
47
|
-
end
|
48
|
-
|
49
|
-
should "build the right saml request" do
|
50
|
-
request = mock('request')
|
51
|
-
Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
|
52
|
-
assert Maestrano::SSO.build_request(group_id: "cld-3") == request
|
53
|
-
end
|
54
|
-
|
55
|
-
should "build the right saml response" do
|
56
|
-
response = mock('response')
|
57
|
-
Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
|
58
|
-
response = Maestrano::SSO.build_response(response_document)
|
59
|
-
assert Maestrano::SSO.build_response(response_document) == response
|
60
|
-
end
|
61
|
-
|
62
|
-
context "session management" do
|
7
|
+
context 'without preset' do
|
63
8
|
setup do
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
9
|
+
Maestrano.configs = nil
|
10
|
+
Maestrano.configure { |config| config.environment = 'production' }
|
11
|
+
end
|
12
|
+
|
13
|
+
should "return the right init_url" do
|
14
|
+
assert Maestrano::SSO.init_url == "http://localhost:3000/maestrano/auth/saml/init"
|
15
|
+
end
|
16
|
+
|
17
|
+
should "return the right consume_url" do
|
18
|
+
assert Maestrano::SSO.consume_url == "http://localhost:3000/maestrano/auth/saml/consume"
|
19
|
+
end
|
20
|
+
|
21
|
+
should "return the right logout_url" do
|
22
|
+
assert Maestrano::SSO.logout_url == "https://maestrano.com/app_logout"
|
23
|
+
end
|
24
|
+
|
25
|
+
should "return the right unauthorized_url" do
|
26
|
+
assert Maestrano::SSO.unauthorized_url == "https://maestrano.com/app_access_unauthorized"
|
27
|
+
end
|
28
|
+
|
29
|
+
should "return the right idp_url" do
|
30
|
+
assert Maestrano::SSO.idp_url == "https://maestrano.com/api/v1/auth/saml"
|
31
|
+
end
|
32
|
+
|
33
|
+
should "return the right session_check_url" do
|
34
|
+
assert Maestrano::SSO.session_check_url('usr-1','f9ds8fdg7f89') == "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
|
35
|
+
end
|
36
|
+
|
37
|
+
should "return the right enabled parameter" do
|
38
|
+
assert Maestrano::SSO.enabled? == !!Maestrano.param('sso.enabled')
|
39
|
+
end
|
40
|
+
|
41
|
+
should "return the right saml_settings" do
|
42
|
+
settings = Maestrano::SSO.saml_settings
|
43
|
+
assert settings.assertion_consumer_service_url == Maestrano::SSO.consume_url
|
44
|
+
assert settings.issuer == Maestrano.param('api.id')
|
45
|
+
assert settings.idp_sso_target_url == Maestrano::SSO.idp_url
|
46
|
+
assert settings.idp_cert_fingerprint == Maestrano.param('sso_x509_fingerprint')
|
47
|
+
assert settings.name_identifier_format == Maestrano.param('sso_name_id_format')
|
48
|
+
end
|
49
|
+
|
50
|
+
should "build the right saml request" do
|
51
|
+
request = mock('request')
|
52
|
+
Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
|
53
|
+
assert Maestrano::SSO.build_request(group_id: "cld-3") == request
|
54
|
+
end
|
55
|
+
|
56
|
+
should "build the right saml response" do
|
57
|
+
response = mock('response')
|
58
|
+
Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
|
59
|
+
response = Maestrano::SSO.build_response(response_document)
|
60
|
+
assert Maestrano::SSO.build_response(response_document) == response
|
61
|
+
end
|
62
|
+
|
63
|
+
context "session management" do
|
64
|
+
setup do
|
65
|
+
@session = {}
|
66
|
+
@auth = {
|
67
|
+
extra: {
|
68
|
+
session: {
|
69
|
+
uid: 'usr-1',
|
70
|
+
token: '15fg6d',
|
71
|
+
recheck: Time.now,
|
72
|
+
group_uid: 'cld-3'
|
73
|
+
}
|
72
74
|
}
|
73
75
|
}
|
76
|
+
end
|
77
|
+
|
78
|
+
should "set the session correctly" do
|
79
|
+
Maestrano::SSO.set_session(@session,@auth)
|
80
|
+
decrypt_session = JSON.parse(Base64.decode64(@session[:maestrano]))
|
81
|
+
assert_equal decrypt_session['uid'], @auth[:extra][:session][:uid]
|
82
|
+
assert_equal decrypt_session['session'], @auth[:extra][:session][:token]
|
83
|
+
assert_equal decrypt_session['session_recheck'], @auth[:extra][:session][:recheck].utc.iso8601
|
84
|
+
assert_equal decrypt_session['group_uid'], @auth[:extra][:session][:group_uid]
|
85
|
+
end
|
86
|
+
|
87
|
+
should "unset the session correctly" do
|
88
|
+
Maestrano::SSO.set_session(@session,@auth)
|
89
|
+
Maestrano::SSO.clear_session(@session)
|
90
|
+
assert @session[:maestrano].nil?
|
91
|
+
end
|
92
|
+
|
93
|
+
should "unset the session if key is a string" do
|
94
|
+
@session['maestrano'] = "bla"
|
95
|
+
Maestrano::SSO.clear_session(@session)
|
96
|
+
assert @session["maestrano"].nil?
|
97
|
+
end
|
98
|
+
|
99
|
+
should "alias clear_session as unset_session" do
|
100
|
+
Maestrano::SSO.set_session(@session,@auth)
|
101
|
+
Maestrano::SSO.unset_session(@session)
|
102
|
+
assert @session[:maestrano].nil?
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
context 'with preset' do
|
108
|
+
setup do
|
109
|
+
@preset = 'mypreset'
|
110
|
+
|
111
|
+
@config = {
|
112
|
+
'environment' => 'production',
|
113
|
+
'app.host' => 'http://mysuperapp.com',
|
114
|
+
|
115
|
+
'api.id' => 'app-f54ds4f8',
|
116
|
+
'api.key' => 'someapikey',
|
117
|
+
|
118
|
+
'sso.enabled' => false,
|
119
|
+
'sso.slo_enabled' => false,
|
120
|
+
'sso.init_path' => '/mno/sso/init',
|
121
|
+
'sso.consume_path' => '/mno/sso/consume',
|
122
|
+
'sso.creation_mode' => 'real',
|
123
|
+
'sso.idm' => 'http://idp.mysuperapp.com'
|
124
|
+
}
|
125
|
+
|
126
|
+
@preset_config = {
|
127
|
+
'environment' => 'production',
|
128
|
+
'app.host' => 'http://myotherapp.com',
|
129
|
+
|
130
|
+
'api.id' => 'app-553941',
|
131
|
+
'api.key' => 'otherapikey',
|
132
|
+
|
133
|
+
'sso.enabled' => false,
|
134
|
+
'sso.slo_enabled' => false,
|
135
|
+
'sso.init_path' => '/mno/sso/init',
|
136
|
+
'sso.consume_path' => '/mno/sso/consume',
|
137
|
+
'sso.creation_mode' => 'real',
|
138
|
+
'sso.idm' => 'http://idp.myotherapp.com'
|
74
139
|
}
|
140
|
+
|
141
|
+
Maestrano.configure do |config|
|
142
|
+
config.environment = @config['environment']
|
143
|
+
config.app.host = @config['app.host']
|
144
|
+
|
145
|
+
config.api.id = @config['api.id']
|
146
|
+
config.api.key = @config['api.key']
|
147
|
+
|
148
|
+
config.sso.enabled = @config['sso.enabled']
|
149
|
+
config.sso.slo_enabled = @config['sso.slo_enabled']
|
150
|
+
config.sso.idm = @config['sso.idm']
|
151
|
+
config.sso.init_path = @config['sso.init_path']
|
152
|
+
config.sso.consume_path = @config['sso.consume_path']
|
153
|
+
config.sso.creation_mode = @config['sso.creation_mode']
|
154
|
+
end
|
155
|
+
|
156
|
+
Maestrano[@preset].configure do |config|
|
157
|
+
config.environment = @preset_config['environment']
|
158
|
+
config.app.host = @preset_config['app.host']
|
159
|
+
|
160
|
+
config.api.id = @preset_config['api.id']
|
161
|
+
config.api.key = @preset_config['api.key']
|
162
|
+
|
163
|
+
config.sso.enabled = @preset_config['sso.enabled']
|
164
|
+
config.sso.slo_enabled = @preset_config['sso.slo_enabled']
|
165
|
+
config.sso.idm = @preset_config['sso.idm']
|
166
|
+
config.sso.init_path = @preset_config['sso.init_path']
|
167
|
+
config.sso.consume_path = @preset_config['sso.consume_path']
|
168
|
+
config.sso.creation_mode = @preset_config['sso.creation_mode']
|
169
|
+
end
|
75
170
|
end
|
76
171
|
|
77
|
-
should "
|
78
|
-
Maestrano::SSO.
|
79
|
-
decrypt_session = JSON.parse(Base64.decode64(@session[:maestrano]))
|
80
|
-
assert_equal decrypt_session['uid'], @auth[:extra][:session][:uid]
|
81
|
-
assert_equal decrypt_session['session'], @auth[:extra][:session][:token]
|
82
|
-
assert_equal decrypt_session['session_recheck'], @auth[:extra][:session][:recheck].utc.iso8601
|
83
|
-
assert_equal decrypt_session['group_uid'], @auth[:extra][:session][:group_uid]
|
172
|
+
should "return the right init_url" do
|
173
|
+
assert_equal Maestrano::SSO[@preset].init_url, "http://idp.myotherapp.com/mno/sso/init"
|
84
174
|
end
|
85
|
-
|
86
|
-
should "
|
87
|
-
Maestrano::SSO.
|
88
|
-
Maestrano::SSO.clear_session(@session)
|
89
|
-
assert @session[:maestrano].nil?
|
175
|
+
|
176
|
+
should "return the right consume_url" do
|
177
|
+
assert_equal Maestrano::SSO[@preset].consume_url, "http://idp.myotherapp.com/mno/sso/consume"
|
90
178
|
end
|
91
|
-
|
92
|
-
should "
|
93
|
-
@
|
94
|
-
|
95
|
-
|
179
|
+
|
180
|
+
should "return the right logout_url" do
|
181
|
+
assert_equal Maestrano::SSO[@preset].logout_url, "https://maestrano.com/app_logout"
|
182
|
+
end
|
183
|
+
|
184
|
+
should "return the right unauthorized_url" do
|
185
|
+
assert_equal Maestrano::SSO[@preset].unauthorized_url, "https://maestrano.com/app_access_unauthorized"
|
186
|
+
end
|
187
|
+
|
188
|
+
should "return the right idp_url" do
|
189
|
+
assert_equal Maestrano::SSO[@preset].idp_url, "https://maestrano.com/api/v1/auth/saml"
|
190
|
+
end
|
191
|
+
|
192
|
+
should "return the right session_check_url" do
|
193
|
+
assert_equal Maestrano::SSO[@preset].session_check_url('usr-1','f9ds8fdg7f89'), "https://maestrano.com/api/v1/auth/saml/usr-1?session=f9ds8fdg7f89"
|
194
|
+
end
|
195
|
+
|
196
|
+
should "return the right enabled parameter" do
|
197
|
+
assert_equal Maestrano::SSO[@preset].enabled?, !!Maestrano[@preset].param('sso.enabled')
|
96
198
|
end
|
199
|
+
|
200
|
+
should "return the right saml_settings" do
|
201
|
+
settings = Maestrano::SSO[@preset].saml_settings
|
202
|
+
assert settings.assertion_consumer_service_url == Maestrano::SSO[@preset].consume_url
|
203
|
+
assert settings.issuer == Maestrano[@preset].param('api.id')
|
204
|
+
assert settings.idp_sso_target_url == Maestrano::SSO[@preset].idp_url
|
205
|
+
assert settings.idp_cert_fingerprint == Maestrano[@preset].param('sso_x509_fingerprint')
|
206
|
+
assert settings.name_identifier_format == Maestrano[@preset].param('sso_name_id_format')
|
207
|
+
end
|
208
|
+
|
209
|
+
should "build the right saml request" do
|
210
|
+
request = mock('request')
|
211
|
+
Maestrano::Saml::Request.stubs(:new).with(group_id: "cld-3").returns(request)
|
212
|
+
assert Maestrano::SSO[@preset].build_request(group_id: "cld-3") == request
|
213
|
+
end
|
214
|
+
|
215
|
+
should "build the right saml response" do
|
216
|
+
response = mock('response')
|
217
|
+
Maestrano::Saml::Response.stubs(:new).with(response_document).returns(response)
|
218
|
+
response = Maestrano::SSO[@preset].build_response(response_document)
|
219
|
+
assert Maestrano::SSO[@preset].build_response(response_document) == response
|
220
|
+
end
|
221
|
+
|
222
|
+
context "session management" do
|
223
|
+
setup do
|
224
|
+
@session = {}
|
225
|
+
@auth = {
|
226
|
+
extra: {
|
227
|
+
session: {
|
228
|
+
uid: 'usr-1',
|
229
|
+
token: '15fg6d',
|
230
|
+
recheck: Time.now,
|
231
|
+
group_uid: 'cld-3'
|
232
|
+
}
|
233
|
+
}
|
234
|
+
}
|
235
|
+
end
|
97
236
|
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
237
|
+
should "set the session correctly" do
|
238
|
+
Maestrano::SSO[@preset].set_session(@session,@auth)
|
239
|
+
decrypt_session = JSON.parse(Base64.decode64(@session[:maestrano]))
|
240
|
+
assert_equal decrypt_session['uid'], @auth[:extra][:session][:uid]
|
241
|
+
assert_equal decrypt_session['session'], @auth[:extra][:session][:token]
|
242
|
+
assert_equal decrypt_session['session_recheck'], @auth[:extra][:session][:recheck].utc.iso8601
|
243
|
+
assert_equal decrypt_session['group_uid'], @auth[:extra][:session][:group_uid]
|
244
|
+
end
|
245
|
+
|
246
|
+
should "unset the session correctly" do
|
247
|
+
Maestrano::SSO[@preset].set_session(@session,@auth)
|
248
|
+
Maestrano::SSO[@preset].clear_session(@session)
|
249
|
+
assert @session[:maestrano].nil?
|
250
|
+
end
|
251
|
+
|
252
|
+
should "unset the session if key is a string" do
|
253
|
+
@session['maestrano'] = "bla"
|
254
|
+
Maestrano::SSO[@preset].clear_session(@session)
|
255
|
+
assert @session["maestrano"].nil?
|
256
|
+
end
|
257
|
+
|
258
|
+
should "alias clear_session as unset_session" do
|
259
|
+
Maestrano::SSO[@preset].set_session(@session,@auth)
|
260
|
+
Maestrano::SSO[@preset].unset_session(@session)
|
261
|
+
assert @session[:maestrano].nil?
|
262
|
+
end
|
102
263
|
end
|
103
264
|
end
|
104
265
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: maestrano
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arnaud Lachaume
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-10-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|
@@ -200,6 +200,7 @@ files:
|
|
200
200
|
- lib/maestrano/api/util.rb
|
201
201
|
- lib/maestrano/connec/client.rb
|
202
202
|
- lib/maestrano/open_struct.rb
|
203
|
+
- lib/maestrano/preset.rb
|
203
204
|
- lib/maestrano/saml/attribute_value.rb
|
204
205
|
- lib/maestrano/saml/metadata.rb
|
205
206
|
- lib/maestrano/saml/request.rb
|
@@ -286,7 +287,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
286
287
|
version: '0'
|
287
288
|
requirements: []
|
288
289
|
rubyforge_project:
|
289
|
-
rubygems_version: 2.
|
290
|
+
rubygems_version: 2.4.5
|
290
291
|
signing_key:
|
291
292
|
specification_version: 4
|
292
293
|
summary: Ruby bindings for the Maestrano API
|