omniauth-aleph 0.1.0

data/spec/omniauth/strategies/aleph_spec.rb

@@ -0,0 +1,251 @@
+require 'spec_helper'
+describe "OmniAuth::Strategies::Aleph" do
+  let(:request) do
+    double('Request', params: {}, cookies: {}, env: {})
+  end
+
+  context "when it's improperly configured" do
+    let(:config) {{ host: "host" }}
+
+    subject(:strategy) do
+      OmniAuth::Strategies::Aleph.new(nil, config).tap do |strategy|
+        strategy.stub(:request) { request }
+        strategy.stub(:username) { aleph_username }
+        strategy.stub(:password) { aleph_password }
+      end
+    end
+
+    describe "#request_phase" do
+      it 'should raise an Argument Error' do
+        expect{ strategy.request_phase }.to raise_error(ArgumentError)
+      end
+    end
+
+    describe "#callback_phase" do
+      it 'should raise an Argument Error' do
+        expect{ strategy.callback_phase }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  context "when it's properly configured" do
+    let(:config) do
+      { host: aleph_host,
+        library: aleph_library,
+        sub_library: aleph_sub_library }
+    end
+
+    subject(:strategy) do
+      # First argument is the app, which gets called with env,
+      # i.e. app.call(env), so fake it with a stabby lambda
+      OmniAuth::Strategies::Aleph.new(->(env) {}, config).tap do |strategy|
+        strategy.stub(:request) { request }
+        strategy.stub(:username) { aleph_username }
+        strategy.stub(:password) { aleph_password }
+        strategy.stub(:env) { {} }
+        strategy.stub(:fail!) { true }
+      end
+    end
+
+    describe '#options' do
+      it 'should not error' do
+        expect{ strategy.options }.not_to raise_error
+      end
+
+      subject(:options) { strategy.options }
+
+      describe'#name' do
+        it 'should equal "Aleph"' do
+          expect(options.name).to eq("aleph")
+        end
+      end
+
+      describe '#title' do
+        it 'should equal "Aleph Authentication"' do
+          expect(options.title).to eq("Aleph Authentication")
+        end
+      end
+
+      describe '#scheme' do
+        it 'should equal "http"' do
+          expect(options.scheme).to eq("http")
+        end
+      end
+
+      describe '#host' do
+        it 'should be the aleph host' do
+          expect(options.host).to eq(aleph_host)
+        end
+      end
+
+      describe '#port' do
+        it 'should be 80' do
+          expect(options.port).to be(80)
+        end
+      end
+
+      describe '#library' do
+        it 'should be the aleph library' do
+          expect(options.library).to eq(aleph_library)
+        end
+      end
+
+      describe '#sub_library' do
+        it 'should be the aleph sub_library' do
+          expect(options.sub_library).to eq(aleph_sub_library)
+        end
+      end
+    end
+
+    describe "#request_phase" do
+      it 'shouldn\'t raise an error' do
+        expect{ strategy.request_phase }.not_to raise_error
+      end
+    end
+
+    describe "#callback_phase", vcr: { cassette_name: "valid" } do
+      context "when the credentials are missing" do
+        before(:each) do |example|
+          strategy.stub(:username) { "" }
+          strategy.stub(:password) { "" }
+        end          
+
+        it 'shouldn\'t raise an error' do
+          expect{ strategy.callback_phase }.not_to raise_error
+        end
+
+        it 'should fail!' do
+          strategy.callback_phase
+          expect(strategy).to have_received(:fail!)
+        end
+      end
+
+      context "when the credentials are included" do
+        before(:each) do
+          strategy.stub(:username) { aleph_username }
+          strategy.stub(:password) { aleph_password }
+        end          
+
+        it 'shouldn\'t raise an error' do
+          expect{ strategy.callback_phase }.not_to raise_error
+        end
+ 
+        it 'shouldn\'t fail!' do
+          strategy.callback_phase
+          expect(strategy).not_to have_received(:fail!)
+        end
+      end
+    end
+  end
+  context "when it's used as middleware" do
+    let(:config) do
+      { title: "MY Aleph Authentication",
+        host: aleph_host,
+        library: aleph_library,
+        sub_library: aleph_sub_library }
+    end
+
+    let(:app) do
+      args = config
+      Rack::Builder.new {
+        use OmniAuth::Test::PhonySession
+        use OmniAuth::Strategies::Aleph, args
+        run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
+      }.to_app
+    end
+
+    let(:session) do
+      last_request.env['rack.session']
+    end
+
+    describe '/auth/aleph' do
+      before(:each){ get '/auth/aleph' }
+
+      it 'should display a form' do
+        expect(last_response.status).to be(200)
+        expect(last_response.body).to include("<form")
+      end
+
+      it 'should have the callback as the action for the form' do
+        expect(last_response.body).to include("action='/auth/aleph/callback'")
+      end
+
+      it 'should have a text field for each of the fields' do
+        expect(last_response.body.scan('<input').size).to be(2)
+      end
+      it 'should have a label of the form title' do
+        expect(last_response.body.scan('MY Aleph Authentication').size).to be > 1
+      end
+    end
+
+    describe 'post /auth/aleph/callback' do
+      context 'failure' do
+        context "when username is not present" do
+          it 'should redirect to error page' do
+            post('/auth/aleph/callback', {})
+            expect(last_response).to be_redirect
+            expect(last_response.headers['Location']).to match(%r{missing_credentials})
+          end
+        end
+
+        context "when username is empty" do
+          it 'should redirect to error page' do
+            post('/auth/aleph/callback', {:username => ""})
+            expect(last_response).to be_redirect
+            expect(last_response.headers['Location']).to match(%r{missing_credentials})
+          end
+        end
+
+        context "when username is present" do
+          context "and password is not present" do
+            it 'should redirect to error page' do
+              post('/auth/aleph/callback', {:username => aleph_username})
+              expect(last_response).to be_redirect
+              expect(last_response.headers['Location']).to match(%r{missing_credentials})
+            end
+          end
+
+          context "and password is empty" do
+            it 'should redirect to error page' do
+              post('/auth/aleph/callback', {:username => aleph_username, :password => ""})
+              expect(last_response).to be_redirect
+              expect(last_response.headers['Location']).to match(%r{missing_credentials})
+            end
+          end
+        end
+
+        context "when username and password are present" do
+          context "and authentication failed", vcr: { cassette_name: "invalid password" } do
+            it 'should redirect to error page' do
+              post('/auth/aleph/callback', {:username => aleph_username, :password => 'INVALID'})
+              expect(last_response).to be_redirect
+              expect(last_response.headers['Location']).to match(%r{Error in Verification})
+            end
+          end
+
+          context "and Aleph is down" do
+            it "should redirect to error page"
+          end
+        end
+      end
+
+      context 'success', vcr: { cassette_name: "valid" } do
+        let(:auth_hash){ last_request.env['omniauth.auth'] }
+
+        it 'should not redirect to error page' do
+          post('/auth/aleph/callback', { username: aleph_username, password: aleph_password })
+          expect(last_response).not_to be_redirect
+        end
+
+        it 'should map user info to Auth Hash' do
+          post('/auth/aleph/callback', { username: aleph_username, password: aleph_password })
+          expect(auth_hash.uid).to eq('USERNAME')
+          expect(auth_hash.info.name).to eq('USERNAME, TEST-RECORD')
+          expect(auth_hash.info.nickname).to eq('USERNAME')
+          expect(auth_hash.info.email).to eq('username@library.edu')
+          expect(auth_hash.info.phone).to be_nil
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,59 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'coveralls'
+Coveralls.wear!
+require 'rspec'
+require 'rack/test'
+require 'vcr'
+require 'faraday'
+require 'omniauth'
+require 'omniauth-aleph'
+require 'pry'
+
+def aleph_host
+  @aleph_host ||= (ENV['ALEPH_HOST'] || 'aleph.library.edu')
+end
+
+def aleph_username
+  @aleph_username ||= (ENV['ALEPH_USERNAME'] || "USERNAME")
+end
+
+def aleph_password
+  @aleph_password ||= (ENV['ALEPH_PASSWORD'] || "PASSWORD")
+end
+
+def aleph_email
+  @aleph_email ||= (ENV['ALEPH_EMAIL'] || "username@library.edu")
+end
+
+def aleph_library
+  @aleph_library ||= (ENV['ALEPH_LIBRARY'] || "ADM50")
+end
+
+def aleph_sub_library
+  @aleph_sub_library ||= (ENV['ALEPH_SUB_LIBRARY'] || "SUB")
+end
+
+VCR.configure do |c|
+  c.cassette_library_dir = 'spec/vcr_cassettes'
+  c.configure_rspec_metadata!
+  c.hook_into :webmock
+  c.filter_sensitive_data("aleph.library.edu") { aleph_host }
+  c.filter_sensitive_data("USERNAME") { aleph_username }
+  c.filter_sensitive_data("username") { aleph_username.downcase }
+  c.filter_sensitive_data("verification=PASSWORD") { "verification=#{aleph_password}" }
+  c.filter_sensitive_data("username@library.edu") { aleph_email }
+  c.filter_sensitive_data("ADM50") { aleph_library }
+  c.filter_sensitive_data("SUB") { aleph_sub_library }
+end
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  # so we can use :vcr rather than :vcr => true;
+  # in RSpec 3 this will no longer be necessary.
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+end

data/spec/vcr_cassettes/OmniAuth_Aleph_Adaptor/when_the_aleph_host_doesn_t_connect/_authenticate/should_raise_an_Aleph_error.yml

@@ -0,0 +1,36 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://aleph.library.edu/X?bor_id=USERNAME&library=ADM50&op=bor-auth&sub_library=SUB&verification=PASSWORD
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - ! '*/*'
+  response:
+    status:
+      code: 303
+      message: See Other
+    headers:
+      Location:
+      - http://guidetest.a.id.opendns.com/?url=aleph%2Elibrary%2Eedu%2FX%3Fbor%5Fid%3DUSERNAME%26library%3DADM50%26op%3Dbor%2Dauth%26sub%5Flibrary%3DSUB%26verification%3DPASSWORD
+      Content-Length:
+      - '0'
+      Connection:
+      - close
+      Date:
+      - Thu, 23 Jan 2014 01:50:00 GMT
+      Server:
+      - OpenDNS Guide
+    body:
+      encoding: US-ASCII
+      string: ''
+    http_version: 
+  recorded_at: Thu, 23 Jan 2014 01:49:59 GMT
+recorded_with: VCR 2.8.0

data/spec/vcr_cassettes/aleph_host_returns_an_empty_body.yml

@@ -0,0 +1,48 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://example.com/X?bor_id=USERNAME&library=ADM50&op=bor-auth&sub_library=SUB&verification=PASSWORD
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - ! '*/*'
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Accept-Ranges:
+      - bytes
+      Cache-Control:
+      - max-age=604800
+      Content-Type:
+      - text/xml
+      Date:
+      - Wed, 22 Jan 2014 16:55:24 GMT
+      Etag:
+      - ! '"359670651"'
+      Expires:
+      - Wed, 29 Jan 2014 16:55:24 GMT
+      Last-Modified:
+      - Fri, 09 Aug 2013 23:54:35 GMT
+      Server:
+      - ECS (ewr/15E3)
+      X-Cache:
+      - HIT
+      X-Ec-Custom-Error:
+      - '1'
+      Content-Length:
+      - '1'
+    body:
+      encoding: US-ASCII
+      string: ! " "
+    http_version: 
+  recorded_at: Wed, 22 Jan 2014 16:55:24 GMT
+recorded_with: VCR 2.8.0

data/spec/vcr_cassettes/aleph_host_returns_html.yml

@@ -0,0 +1,64 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://example.com/X?bor_id=USERNAME&library=ADM50&op=bor-auth&sub_library=SUB&verification=PASSWORD
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - ! '*/*'
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Accept-Ranges:
+      - bytes
+      Cache-Control:
+      - max-age=604800
+      Content-Type:
+      - text/html
+      Date:
+      - Wed, 22 Jan 2014 16:55:24 GMT
+      Etag:
+      - ! '"359670651"'
+      Expires:
+      - Wed, 29 Jan 2014 16:55:24 GMT
+      Last-Modified:
+      - Fri, 09 Aug 2013 23:54:35 GMT
+      Server:
+      - ECS (ewr/15E3)
+      X-Cache:
+      - HIT
+      X-Ec-Custom-Error:
+      - '1'
+      Content-Length:
+      - '1270'
+    body:
+      encoding: US-ASCII
+      string: ! "<!doctype html>\n<html>\n<head>\n    <title>Example Domain</title>\n\n
+        \   <meta charset=\"utf-8\" />\n    <meta http-equiv=\"Content-type\" content=\"text/html;
+        charset=utf-8\" />\n    <meta name=\"viewport\" content=\"width=device-width,
+        initial-scale=1\" />\n    <style type=\"text/css\">\n    body {\n        background-color:
+        #f0f0f2;\n        margin: 0;\n        padding: 0;\n        font-family: \"Open
+        Sans\", \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n        \n    }\n
+        \   div {\n        width: 600px;\n        margin: 5em auto;\n        padding:
+        50px;\n        background-color: #fff;\n        border-radius: 1em;\n    }\n
+        \   a:link, a:visited {\n        color: #38488f;\n        text-decoration:
+        none;\n    }\n    @media (max-width: 700px) {\n        body {\n            background-color:
+        #fff;\n        }\n        div {\n            width: auto;\n            margin:
+        0 auto;\n            border-radius: 0;\n            padding: 1em;\n        }\n
+        \   }\n    </style>    \n</head>\n\n<body>\n<div>\n    <h1>Example Domain</h1>\n
+        \   <p>This domain is established to be used for illustrative examples in
+        documents. You may use this\n    domain in examples without prior coordination
+        or asking for permission.</p>\n    <p><a href=\"http://www.iana.org/domains/example\">More
+        information...</a></p>\n</div>\n</body>\n</html>\n"
+    http_version: 
+  recorded_at: Wed, 22 Jan 2014 16:55:24 GMT
+recorded_with: VCR 2.8.0