omniauth-aai 0.4 → 0.5

data/Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: git://github.com/switch-ch/omniauth-shibboleth.git
-  revision: 8da8cbcb4d42e8b810cb5eaed59581e38b15b187
+  revision: ea3922a8ee98b7a892f26440b8e37bd3ec3fc03d
   specs:
     omniauth-shibboleth (1.0.6)
       omniauth (>= 1.0.0)
@@ -8,53 +8,147 @@ GIT
 PATH
   remote: .
   specs:
-    omniauth-aai (0.3)
+    omniauth-aai (0.5)
       omniauth-shibboleth
 
 GEM
   remote: http://rubygems.org/
   specs:
+    actionmailer (3.2.8)
+      actionpack (= 3.2.8)
+      mail (~> 2.4.4)
+    actionpack (3.2.8)
+      activemodel (= 3.2.8)
+      activesupport (= 3.2.8)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.8)
+      activesupport (= 3.2.8)
+      builder (~> 3.0.0)
+    activerecord (3.2.8)
+      activemodel (= 3.2.8)
+      activesupport (= 3.2.8)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.8)
+      activemodel (= 3.2.8)
+      activesupport (= 3.2.8)
+    activesupport (3.2.8)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    addressable (2.3.2)
+    arel (3.0.2)
+    builder (3.0.4)
+    capybara (1.1.3)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.3.6)
+      ffi (~> 1.0, >= 1.0.6)
     diff-lcs (1.1.3)
-    ffi (1.0.11)
-    guard (1.2.3)
+    erubis (2.7.0)
+    ffi (1.1.5)
+    guard (1.3.2)
       listen (>= 0.4.2)
       thor (>= 0.14.6)
-    guard-rspec (1.1.0)
+    guard-rspec (1.2.1)
       guard (>= 1.1)
     hashie (1.2.0)
+    hike (1.2.1)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.7.5)
+    libwebsocket (0.1.5)
+      addressable
     listen (0.4.7)
       rb-fchange (~> 0.0.5)
       rb-fsevent (~> 0.9.1)
       rb-inotify (~> 0.8.8)
-    omniauth (1.1.0)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.19)
+    multi_json (1.3.7)
+    nokogiri (1.5.5)
+    omniauth (1.1.1)
       hashie (~> 1.2)
       rack
+    polyglot (0.3.3)
     rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
     rack-test (0.6.1)
       rack (>= 1.0)
+    rails (3.2.8)
+      actionmailer (= 3.2.8)
+      actionpack (= 3.2.8)
+      activerecord (= 3.2.8)
+      activeresource (= 3.2.8)
+      activesupport (= 3.2.8)
+      bundler (~> 1.0)
+      railties (= 3.2.8)
+    railties (3.2.8)
+      actionpack (= 3.2.8)
+      activesupport (= 3.2.8)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
     rake (0.9.2.2)
     rb-fchange (0.0.5)
       ffi
     rb-fsevent (0.9.1)
     rb-inotify (0.8.8)
       ffi (>= 0.5.0)
-    rspec (2.10.0)
-      rspec-core (~> 2.10.0)
-      rspec-expectations (~> 2.10.0)
-      rspec-mocks (~> 2.10.0)
-    rspec-core (2.10.1)
-    rspec-expectations (2.10.0)
+    rdoc (3.12)
+      json (~> 1.4)
+    rspec (2.11.0)
+      rspec-core (~> 2.11.0)
+      rspec-expectations (~> 2.11.0)
+      rspec-mocks (~> 2.11.0)
+    rspec-core (2.11.1)
+    rspec-expectations (2.11.2)
       diff-lcs (~> 1.1.3)
-    rspec-mocks (2.10.1)
-    thor (0.15.4)
+    rspec-mocks (2.11.2)
+    rubyzip (0.9.9)
+    selenium-webdriver (2.26.0)
+      childprocess (>= 0.2.5)
+      libwebsocket (~> 0.1.3)
+      multi_json (~> 1.0)
+      rubyzip
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.16.0)
+    tilt (1.3.3)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.35)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  capybara
   guard-rspec
   omniauth-aai!
   omniauth-shibboleth!
   rack-test
+  rails
   rake
   rspec (~> 2.8)

data/README.md

@@ -1,12 +1,12 @@
 # OmniAuth AAI strategy
 
-OmniAuth Shibboleth AAI strategy is an OmniAuth strategy for authenticating through SWITCHaai. 
+OmniAuth Shibboleth AAI strategy is an OmniAuth strategy for authenticating through SWITCHaai.
 
 - OmniAuth: https://github.com/intridea/omniauth/wiki
 - Shibboleth: https://wiki.shibboleth.net/
 - SWITCHaai: http://www.switch.ch/aai/index.html
 
-Most functionallity is borrwoed from https://github.com/toyokazu/omniauth-shibboleth
+Most functionallity is based on https://github.com/toyokazu/omniauth-shibboleth
 
 ## Getting Started
 
@@ -16,18 +16,36 @@ Install as a gem via Gemfile or with
 
     % gem install omniauth-aai
 
-### Setup SWITCHaai Strategy
 
-To use Shibboleth SWITCHaai strategy as a middleware in your rails application, add the following file to your rails application initializer directory. (There will be a generator soon)
+### Generator
 
+    rails generate aai:install
 
-    # config/initializer/omniauth.rb
-    Rails.application.config.middleware.use OmniAuth::Builder do
-      provider :aai, {}
+This will generate some basic authenthication objects for rails:
+
+* config/omniauth.rb
+* app/controller/session_controller.rb
+* app/models/user.rb
+* db/migrate/create_users_adapt_and_copy_to_migration.rb
+
+You'll need to configure at least the 'db/migrate/create_users_adapt_and_copy_to_migration.rb' file. Just run 'rails g migration createUsersTable' copy the content of 'create_users_adapt_and_copy_to_migration.rb' and delete it.
+
+You can run it with '--persist false' if you don't want to persist the user to the local db.
+
+If you want more than just the uid persisted, change the 'user.rb' and override the 'aai=' method to do so and the migration to add the columns.
+
+```ruby
+    def aai=(aai)
+      self.email = auth_hash[:info][:email]
+      @aai = aai
     end
+```
 
-You will get by default all the standard SWITCHaai values, or you can configure it via options:
+### Additional Shibboleth attributes
 
+By default, you will get all the standard SWITCHaai values, or you can configure it via options:
+
+```ruby
     # config/initializer/omniauth.rb
     Rails.application.config.middleware.use OmniAuth::Builder do
       provider :aai,{
@@ -35,58 +53,57 @@ You will get by default all the standard SWITCHaai values, or you can configure
         :fields => [:name, :email, :swiss_ep_uid],
         :extra_fields => [:'Shib-Authentication-Instant']# See lib/omniauth/strategies/aai.rb for full list.
       }
+```
 
 Fields are provided in the Env as request.env["omniauth.auth"]["info"]["name"] and extra_fields attributes are provided as ['extra']['raw_info']['Shib-Authentication-Instant'].
 
+
 ### How to authenticate users
 
-In your application, simply direct users to '/auth/aai' to have them sign in via your organizations's AAI SP and IdP. '/auth/aai' url simply redirect users to '/auth/aai/callback', so thus you must protect '/auth/aai/callback' with something like devise.
+Setup your web server to request a valid shibboleth session for the Location/Directory /auth/aai. In your application, send users to '/auth/aai' to have them sign in via the WAYF and your organizations' IdP.  After successful login the user gets redirected to '/auth/aai/callback', from where your application should take over again.
 
 SWITCHaai strategy only checks the existence of Shib-Session-ID or Shib-Application-ID, not anything else. See devise or the genrator for further libraries to authenticate user.
 
-### Generator
-
-    rails generate aai:install
-
-This will generate some basic authenthication objects for rails: 
-
-* config/omniauth.rb
-* app/controller/session_controller.rb
-* app/models/user.rb
-* db/migrate/create_users_adapt_and_copy_to_migration.rb
-
-You'll need to configure at least the `db/migrate/create_users_adapt_and_copy_to_migration.rb` file. Just run `rails g migration createUsersTable` copy the content of `create_users_adapt_and_copy_to_migration.rb` and delete it. 
-
-You can run it with `--presist false` if you don't want to persist the user to the local db. 
-
-If you want more than just the uid presisted, change the `user.rb` and override the `aai=` method to do so and the migration to add the columns.
-
-    def aai=(aai)
-      self.email = auth_hash[:info][:email]
-      @aai = aai
-    end
 
 ### Development Mode
 
-In development / local mode you can use the following mock (with default SWITCHaai values):
+In development/local mode or in cases where you don't have a SWITCHaai Service Provider (SP) installed and configured, you can use the following mock (with default SWITCHaai values):
 
+```ruby
     # config/initializer/omniauth.rb
     Rails.application.config.middleware.use OmniAuth::Builder do
-      provider :developer, {
-        :uid_field => :'persistent-id',
-        :fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
-        :extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
-      } if Rails.env == 'development'
+      if Rails.env.development?
+        provider :developer, {
+          :uid_field => :'persistent-id',
+          :fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
+          :extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
+        }
+      end
     end
+````
 
 ### Debug Mode
 
-When you deploy a new application, you may want to confirm the assumed attributes are correctly provided by SWITCHaai SP. OmniAuth SWITCHaai strategy provides a confirmation option :debug. If you set :debug true, you can see the environment variables provided at the /auth/aai/callback uri.
+When you deploy a new application, you may want to confirm the assumed attributes are correctly provided by SWITCHaai SP. OmniAuth SWITCHaai strategy provides a confirmation option :debug. If you set :debug to true, you can see the environment variables provided at the /auth/aai/callback uri.
 
+```ruby
     # config/initializer/omniauth.rb
     Rails.application.config.middleware.use OmniAuth::Builder do
       provider :aai, { :debug => true }
     end
+```
+
+### Current User
+
+If you want to use the build in User object and the 'current_user' functionality, you can use the magic call 'has_current_user'
+
+```ruby
+    class ApplicationController < ActionController::Base
+      protect_from_forgery
+      has_current_user
+    end
+```
+
 
 ## License (MIT License)
 
@@ -108,4 +125,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.

data/lib/action_controller/has_current_user.rb

@@ -0,0 +1,44 @@
+module HasCurrentUser
+  def has_current_user
+    helper_method :current_user
+    include InstanceMethods
+  end
+  module InstanceMethods
+    @user = nil
+
+    def current_user
+      return nil unless @user.present? || session[:current_user].present?
+      @user = @user || User.unmarshal( session[:current_user] ) 
+      @user
+    end
+
+    # Set the current user
+    def current_user=(user) 
+      @user = user
+      session[:current_user] = @user.marshal unless @user.nil?
+    end
+    
+    # Authenticate User
+    def authenticate!
+      return if authenticated?
+      session[:return_to] = request.url
+      if Rails.env.development?
+        redirect_to "/auth/developer"
+      else
+        redirect_to "/auth/aai"
+      end
+    end
+    
+    # User authenticated?
+    def authenticated?
+      return true if self.current_user.present? && self.current_user.uid.present?
+      return false
+    end
+  end
+end
+
+begin
+  ActionController::Base.extend HasCurrentUser
+rescue NameError => e
+  puts "ActionController undefined"
+end

data/lib/generators/aai/install_generator.rb

@@ -1,5 +1,10 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+
 module Aai
   class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
     desc "Generate Config Files / User / Session and Routes"
 
     class_option :persist, :type => :boolean, :default => true, :desc => "Set to false if you don't want persistent User"
@@ -14,7 +19,7 @@ module Aai
 
     def copy_session_controller_file
       if true
-        copy_file "session_controller.rb", "app/controllers/session_controller.rb"
+        template "session_controller.rb", "app/controllers/session_controller.rb"
         route("match '/auth/:provider/callback', :to => 'session#create', :as => 'auth_callback'")
         route("match '/auth/failure', :to => 'session#failure', :as => 'auth_failure'")
         route("match '/auth/logout',  :to => 'session#destroy', :as => 'logout'")
@@ -23,8 +28,14 @@ module Aai
 
     def copy_user_file
       template "user.rb", "app/models/user.rb"
-      copy_file "migration.rb", "db/migrate/create_users_adapt_and_copy_to_migration.rb" if options[:persist]
+      migration_template "migration.rb", "db/migrate/aai_create_user.rb" if options[:persist]
     end
 
+
+    def self.next_migration_number(dirname)
+      orm = Rails.configuration.generators.options[:rails][:orm]
+      require "rails/generators/#{orm}"
+      "#{orm.to_s.camelize}::Generators::Base".constantize.next_migration_number(dirname)
+    end
   end
 end

data/lib/generators/aai/templates/omniauth.rb

@@ -1,33 +1,11 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
   if Rails.env.development?
     provider :developer, {
-      :uid_field => :'persistent-id',
+      :uid_field => :swiss_ep_uid, #:'persistent-id', swiss_ep_uid
       :fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
       :extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
     } 
   else
     provider :aai
   end
-end
-
-class ApplicationController < ActionController::Base
-  # Get the current user
-  def current_user() session[:current_user]; end
-  # Set the current user
-  def current_user=(user) session[:current_user] = user; end
-  # Authenticate User
-  def authenticate!
-    return if authenticated?
-    session[:return_to] = request.url
-    if Rails.env.development?
-      redirect_to "/auth/developer"
-    else
-      redirect_to "/auth/aai"
-    end
-  end
-  # User authenticated?
-  def authenticated?
-    return true if self.current_user
-    return false
-  end
 end

data/lib/generators/aai/templates/session_controller.rb

@@ -1,23 +1,22 @@
 class SessionController < ApplicationController
 
   def create
-    auth_hash[:info][:uid] = auth_hash[:info][:email] if Rails.env.development?
-
-    if User.superclass == ActiveRecord::Base
-      self.current_user = User.find_or_create_by_uid(
-        :uid => auth_hash[:info][:uid]
-      )
-    else
-      self.current_user = User.new
-      self.current_user.uid = auth_hash[:info][:uid]
-    end
-
-    # SET HERE ADDITIONAL ATTRIBUTES TO PERSIST
 
+  <% if options[:persist] %>
+    #Add  whatever fields you want to save
+    self.current_user = User.find_or_create_by_uid( auth_hash[:uid] )
+    #Auth Hash is not persistent
     self.current_user.aai = auth_hash
+  <% else %>
+    user = User.new
+    user.uid = auth_hash[:uid]
+    user.aai = auth_hash
+    self.current_user = user
+  <% end %>
 
     flash[:notice] = "Login successful"
-    redirect_to(session[:return_to] || root_path)
+
+    redirect_to(session.delete( :return_to ) || root_path)
   end
 
   def failure

data/lib/generators/aai/templates/user.rb

@@ -1,7 +1,12 @@
 class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
+<% if options[:persist] %>
   attr_accessible :uid
-
   attr_accessor :aai
+  PERSISTENT = true
+<% else %>
+  attr_accessor :aai, :uid
+  PERSISTENT = false
+<% end %>
 
   def name
     aai[:info][:name]
@@ -10,11 +15,46 @@ class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
   end
 
   def email
-    auth_hash[:info][:email]
+    aai[:info][:email]
   rescue
     nil
   end
 
+<% if options[:persist] %>
+
+  def marshal
+    self.uid
+  end
+
+  def self.unmarshal(session_data)
+    user = User.find_by_uid(session_data)
+  end
+
+  def unmarshal(session_data)
+    self.reload
+  end
+
+<% else %>
+  def marshal
+    {
+      id: self.uid,
+      aai: aai.present? ? aai[:info] : {}
+    }
+  end
+
+  def self.unmarshal(session_data)
+    user = User.new
+    user.unmarshal(session_data)
+    return user
+  end
+
+  def unmarshal(session_data)
+    self.uid = session_data[:id]
+    self.aai = session_data[:aai]
+  end
+
+ <% end %>
+
   #def ship_session_id
   #  aai["extra"]["raw_info"]['Shib-Session-ID']
   #end

data/lib/omniauth-aai/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Aai
-    VERSION = "0.4"
+    VERSION = "0.5"
   end
 end

data/lib/omniauth-aai.rb

@@ -1,6 +1,6 @@
 require "omniauth-aai/version"
 require "omniauth"
-#require "generators/aai/install_generator"
+require "action_controller/has_current_user"
 
 module OmniAuth
   module Strategies

data/omniauth-aai.gemspec

@@ -8,6 +8,9 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'rspec', '~> 2.8'
   gem.add_development_dependency 'guard-rspec'
+  gem.add_development_dependency 'rails'
+  gem.add_development_dependency 'capybara'
+  #gem.add_development_dependency 'sqlite3'
 
   gem.authors       = ["Claudio Beffa"]
   gem.email         = ["claudio@beffa.ch"]

data/spec/example_rails_app/Gemfile

@@ -1,39 +1,16 @@
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.6'
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
+gem 'rails', '3.2.8'
 gem 'sqlite3'
 
-gem 'omniauth-aai', :path => File.join(File.dirname(__FILE__), '../../../omniauth-aai')
+gem 'omniauth-aai', :path => "../../../omniauth-aai"
 
-# Gems used only for assets and not required
-# in production environments by default.
 group :assets do
   gem 'sass-rails',   '~> 3.2.3'
   gem 'coffee-rails', '~> 3.2.1'
-
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-
   gem 'uglifier', '>= 1.0.3'
 end
 
 gem 'jquery-rails'
 
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
 
-# To use debugger
-# gem 'debugger'

data/spec/example_rails_app/Rakefile

@@ -4,4 +4,4 @@
 
 require File.expand_path('../config/application', __FILE__)
 
-TestApp::Application.load_tasks
+TestApp1::Application.load_tasks

data/spec/example_rails_app/app/assets/stylesheets/welcome.css.scss

@@ -1,3 +1,3 @@
-// Place all the styles related to the Welcome controller here.
+// Place all the styles related to the welcome controller here.
 // They will automatically be included in application.css.
 // You can use Sass (SCSS) here: http://sass-lang.com/

data/spec/example_rails_app/app/controllers/application_controller.rb

@@ -1,26 +1,3 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
-
-  def current_user
-    session[:user]
-  end
-
-  def current_user=(user)
-    session[:user] = user
-  end
-
-
-  def authenticate!
-    if self.current_user.blank?
-      session[:return_to] = request.url
-      if Rails.env == 'development'
-        redirect_to"/auth/developer"
-      else
-        redirect_to "/auth/aai"
-      end
-    else
-      return true
-    end
-  end
-
 end

data/spec/example_rails_app/app/controllers/welcome_controller.rb

@@ -1,10 +1,9 @@
 class WelcomeController < ApplicationController
-
   before_filter :authenticate!, :except => :index
-
+  
   def index
   end
 
-  def other_protected
+  def protected
   end
 end

data/spec/example_rails_app/app/views/layouts/application.html.erb

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>TestApp</title>
+  <title>TestApp1</title>
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
   <%= csrf_meta_tags %>

data/spec/example_rails_app/app/views/welcome/index.html.erb

@@ -1,3 +1,3 @@
 <h1>Welcome#index</h1>
-
-<%= link_to "Other Page", "welcome/other_protected" %>
+<p><%= current_user.inspect %></p>
+<%= link_to "protected", welcome_protected_path()%>

data/spec/example_rails_app/app/views/welcome/protected.html.erb

@@ -1,2 +1,2 @@
-<h1>Welcome#protected</h1>
-<p>Find me in app/views/welcome/protected.html.erb</p>
+<h1>AAI Views</h1>
+<p><%= current_user.inspect %></p>