omniauth-cas 1.1.0.beta.1 → 1.1.0.pre.rc.1

data/omniauth-cas.gemspec

@@ -4,8 +4,8 @@ require File.expand_path('../lib/omniauth/cas/version', __FILE__)
 Gem::Specification.new do |gem|
   gem.authors       = ["Derek Lindahl"]
   gem.email         = ["dlindahl@customink.com"]
-  # gem.description   = %q{TODO: Write a gem description}
   gem.summary       = %q{CAS Strategy for OmniAuth}
+  gem.description   = gem.summary
   gem.homepage      = "https://github.com/dlindahl/omniauth-cas"
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
@@ -15,16 +15,14 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Omniauth::Cas::VERSION
 
-  gem.add_dependency 'omniauth',                '~> 1.1.0'
+  gem.add_dependency 'omniauth',                '~> 1.2.0'
   gem.add_dependency 'nokogiri',                '~> 1.5'
   gem.add_dependency 'addressable',             '~> 2.3'
 
-  gem.add_development_dependency 'rake',        '~> 0.9'
-  gem.add_development_dependency 'webmock',     '~> 1.8.11'
-  gem.add_development_dependency 'simplecov',   '~> 0.7.1'
-  gem.add_development_dependency 'rspec',       '~> 2.11'
+  gem.add_development_dependency 'rake',        '~> 10.0'
+  gem.add_development_dependency 'webmock',     '~> 1.19.0'
+  gem.add_development_dependency 'rspec',       '~> 3.1.0'
   gem.add_development_dependency 'rack-test',   '~> 0.6'
 
   gem.add_development_dependency 'awesome_print'
-
 end

data/spec/fixtures/cas_success_jasig.xml

@@ -0,0 +1,16 @@
+<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
+  <cas:authenticationSuccess>
+    <cas:user>psegel</cas:user>
+    <cas:attributes>
+      <cas:employeeid>54</cas:employeeid>
+      <cas:first_name>P. Segel</cas:first_name>
+      <cas:first_name>Peter</cas:first_name>
+      <cas:last_name>Segel</cas:last_name>
+      <cas:email>psegel@intridea.com</cas:email>
+      <cas:location>Washington, D.C.</cas:location>
+      <cas:image>/images/user.jpg</cas:image>
+      <cas:phone>555-555-5555</cas:phone>
+      <cas:hire_date>2004-07-13</cas:hire_date>
+    </cas:attributes>
+  </cas:authenticationSuccess>
+</cas:serviceResponse>

data/spec/omniauth/strategies/cas/logout_request_spec.rb

@@ -0,0 +1,103 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::CAS::LogoutRequest do
+  let(:strategy) { double('strategy') }
+  let(:env) do
+    { 'rack.input' => StringIO.new('','r') }
+  end
+  let(:request) { double('request', params:params, env:env) }
+  let(:params) { { 'url' => url, 'logoutRequest' => logoutRequest } }
+  let(:url) { 'http://notes.dev/signed_in' }
+  let(:logoutRequest) do
+    %Q[
+      <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
+        <saml:NameID>@NOT_USED@</saml:NameID>
+        <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
+      </samlp:LogoutRequest>
+    ]
+  end
+
+  subject { described_class.new(strategy, request).call(options) }
+
+  describe 'SAML attributes' do
+    let(:callback) { Proc.new{} }
+    let(:options) do
+      { on_single_sign_out: callback }
+    end
+
+    before do
+      @rack_input = nil
+      allow(callback).to receive(:call) do |req|
+        @rack_input = req.env['rack.input'].read
+        true
+      end
+      subject
+    end
+
+    it 'are parsed and injected into the Rack Request parameters' do
+      expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-123456-123abc456def'
+    end
+
+    context 'that raise when parsed' do
+      let(:env) { { 'rack.input' => nil } }
+
+      before do
+        allow(strategy).to receive(:fail!)
+        subject
+        expect(strategy).to have_received(:fail!)
+      end
+
+      it 'responds with an error' do
+        expect(strategy).to have_received(:fail!)
+      end
+    end
+  end
+
+  describe 'with a configured callback' do
+    let(:options) do
+      { on_single_sign_out: callback }
+    end
+
+    context 'that returns TRUE' do
+      let(:callback) { Proc.new{true} }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 200
+        expect(subject[2].body).to eq ['OK']
+      end
+    end
+
+    context 'that returns Nil' do
+      let(:callback) { Proc.new{} }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 200
+        expect(subject[2].body).to eq ['OK']
+      end
+    end
+
+    context 'that returns a tuple' do
+      let(:callback) { Proc.new{ [400,{},'Bad Request'] } }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 400
+        expect(subject[2].body).to eq ['Bad Request']
+      end
+    end
+
+    context 'that raises an error' do
+      let(:exception) { RuntimeError.new('error' )}
+      let(:callback) { Proc.new{raise exception} }
+
+      before do
+        allow(strategy).to receive(:fail!)
+        subject
+      end
+
+      it 'responds with an error' do
+        expect(strategy).to have_received(:fail!)
+          .with(:logout_request, exception)
+      end
+    end
+  end
+end

data/spec/omniauth/strategies/cas/service_ticket_validator_spec.rb

@@ -1,33 +1,55 @@
 require 'spec_helper'
 
 describe OmniAuth::Strategies::CAS::ServiceTicketValidator do
-  let(:strategy_stub) do
-    stub('strategy stub',
+  let(:strategy) do
+    double('strategy',
       service_validate_url: 'https://example.org/serviceValidate'
     )
   end
-
   let(:provider_options) do
-    stub('provider options',
+    double('provider_options',
       disable_ssl_verification?: false,
       ca_path: '/etc/ssl/certsZOMG'
     )
   end
-
   let(:validator) do
-    OmniAuth::Strategies::CAS::ServiceTicketValidator.new( strategy_stub, provider_options, '/foo', nil )
+    OmniAuth::Strategies::CAS::ServiceTicketValidator.new( strategy, provider_options, '/foo', nil )
   end
 
-  describe '#user_info' do
-    subject do
-      stub_request(:get, 'https://example.org/serviceValidate?').to_return(status: 200, body: '')
-      validator.user_info
+  describe '#call' do
+    before do
+      stub_request(:get, 'https://example.org/serviceValidate?')
+        .to_return(status: 200, body: '')
     end
 
-    it 'should use the configured CA path' do
-      provider_options.should_receive :ca_path
+    subject { validator.call }
 
+    it 'returns itself' do
+      expect(subject).to eq validator
+    end
+
+    it 'uses the configured CA path' do
       subject
+      expect(provider_options).to have_received :ca_path
+    end
+  end
+
+  describe '#user_info' do
+    let(:ok_fixture) do
+      File.expand_path(File.join(File.dirname(__FILE__), '../../../fixtures/cas_success.xml'))
+    end
+    let(:service_response) { File.read(ok_fixture) }
+
+    before do
+      stub_request(:get, 'https://example.org/serviceValidate?')
+        .to_return(status: 200, body:service_response)
+      validator.call
+    end
+
+    subject { validator.user_info }
+
+    it 'parses user info from the response' do
+      expect(subject).to include 'user' => 'psegel'
     end
   end
-end
+end

data/spec/omniauth/strategies/cas_spec.rb

@@ -3,11 +3,14 @@ require 'spec_helper'
 describe OmniAuth::Strategies::CAS, type: :strategy do
   include Rack::Test::Methods
 
-  class MyCasProvider < OmniAuth::Strategies::CAS; end # TODO: Not really needed. just an alias but it requires the :name option which might confuse users...
-  def app
+  let(:my_cas_provider) { Class.new(OmniAuth::Strategies::CAS) }
+  before do
+    stub_const 'MyCasProvider', my_cas_provider
+  end
+  let(:app) do
     Rack::Builder.new {
       use OmniAuth::Test::PhonySession
-      use MyCasProvider, name: :cas, host: 'cas.example.org', ssl: false, port: 8080, uid_key: :employeeid
+      use MyCasProvider, name: :cas, host: 'cas.example.org', ssl: false, port: 8080, uid_field: :employeeid
       run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
     }.to_app
   end
@@ -22,13 +25,56 @@ describe OmniAuth::Strategies::CAS, type: :strategy do
 
     it { should be_redirect }
 
-    it 'should redirect to the CAS server' do
-      subject.headers['Location'].should == 'http://cas.example.org:8080/login?' + redirect_params
+    it 'redirects to the CAS server' do
+      expect(subject.headers).to include 'Location' => "http://cas.example.org:8080/login?#{redirect_params}"
+    end
+  end
+
+  describe '#cas_url' do
+    let(:params) { Hash.new }
+    let(:provider) { MyCasProvider.new(nil, params) }
+
+    subject { provider.cas_url }
+
+    it 'raises an ArgumentError' do
+      expect{subject}.to raise_error ArgumentError, %r{:host and :login_url MUST be provided}
+    end
+
+    context 'with an explicit :url option' do
+      let(:url) { 'https://example.org:8080/my_cas' }
+      let(:params) { super().merge url:url }
+
+      before { subject }
+
+      it { should eq url }
+
+      it 'parses the URL into it the appropriate strategy options' do
+        expect(provider.options).to include ssl:true
+        expect(provider.options).to include host:'example.org'
+        expect(provider.options).to include port:8080
+        expect(provider.options).to include path:'/my_cas'
+      end
+    end
+
+    context 'with explicit URL component' do
+      let(:params) { super().merge host:'example.org', port:1234, ssl:true, path:'/a/path' }
+
+      before { subject }
+
+      it { should eq 'https://example.org:1234/a/path' }
+
+      it 'parses the URL into it the appropriate strategy options' do
+        expect(provider.options).to include ssl:true
+        expect(provider.options).to include host:'example.org'
+        expect(provider.options).to include port:1234
+        expect(provider.options).to include path:'/a/path'
+      end
     end
   end
 
   describe 'defaults' do
     subject { MyCasProvider.default_options.to_hash }
+
     it { should include('ssl' => true) }
   end
 
@@ -52,102 +98,153 @@ describe OmniAuth::Strategies::CAS, type: :strategy do
     end
   end
 
-  describe 'GET /auth/cas/callback without a ticket' do
-    before { get '/auth/cas/callback' }
-
-    subject { last_response }
+  describe 'GET /auth/cas/callback' do
+    context 'without a ticket' do
+      before { get '/auth/cas/callback' }
 
-    it { should be_redirect }
+      subject { last_response }
 
-    it 'should have a failure message' do
-      subject.headers['Location'].should == '/auth/failure?message=no_ticket&strategy=cas'
-    end
-  end
+      it { should be_redirect }
 
-  describe 'GET /auth/cas/callback with an invalid ticket' do
-    before do
-      stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=9391d/).
-         to_return( body: File.read('spec/fixtures/cas_failure.xml') )
-      get '/auth/cas/callback?ticket=9391d'
-    end
-
-    subject { last_response }
-
-    it { should be_redirect }
-
-    it 'should have a failure message' do
-      subject.headers['Location'].should == '/auth/failure?message=invalid_ticket&strategy=cas'
+      it 'redirects with a failure message' do
+        expect(subject.headers).to include 'Location' => '/auth/failure?message=no_ticket&strategy=cas'
+      end
     end
-  end
-
-  describe 'GET /auth/cas/callback with a valid ticket' do
-    let(:return_url) { 'http://127.0.0.10/?some=parameter' }
 
-    before do
-      stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=593af/)
-        .with { |request| @request_uri = request.uri.to_s }
-        .to_return( body: File.read('spec/fixtures/cas_success.xml') )
+    context 'with an invalid ticket' do
+      before do
+        stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=9391d/).
+           to_return( body: File.read('spec/fixtures/cas_failure.xml') )
+        get '/auth/cas/callback?ticket=9391d'
+      end
 
-      get "/auth/cas/callback?ticket=593af&url=#{return_url}"
-    end
+      subject { last_response }
 
-    it 'should strip the ticket parameter from the callback URL' do
-      @request_uri.scan('ticket=').length.should == 1
-    end
+      it { should be_redirect }
 
-    it 'should properly encode the service URL' do
-      WebMock.should have_requested(:get, 'http://cas.example.org:8080/serviceValidate')
-        .with(query: {
-          ticket:  '593af',
-          service: 'http://example.org/auth/cas/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter')
-        })
+      it 'redirects with a failure message' do
+        expect(subject.headers).to include 'Location' => '/auth/failure?message=invalid_ticket&strategy=cas'
+      end
     end
 
-    context "request.env['omniauth.auth']" do
-      subject { last_request.env['omniauth.auth'] }
-
-      it { should be_kind_of Hash }
+    describe 'with a valid ticket' do
+      shared_examples :successful_validation do
+        before do
+          stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=593af/)
+            .with { |request| @request_uri = request.uri.to_s }
+            .to_return( body: File.read("spec/fixtures/#{xml_file_name}") )
+
+          get "/auth/cas/callback?ticket=593af&url=#{return_url}"
+        end
+
+        it 'strips the ticket parameter from the callback URL' do
+          expect(@request_uri.scan('ticket=').size).to eq 1
+        end
+
+        it 'properly encodes the service URL' do
+          expect(WebMock).to have_requested(:get, 'http://cas.example.org:8080/serviceValidate')
+            .with(query: {
+              ticket:  '593af',
+              service: 'http://example.org/auth/cas/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter')
+            })
+        end
+
+        context "request.env['omniauth.auth']" do
+          subject { last_request.env['omniauth.auth'] }
+
+          it { should be_kind_of Hash }
+
+          it 'identifes the provider' do
+            expect(subject.provider).to eq :cas
+          end
+
+          it 'returns the UID of the user' do
+            expect(subject.uid).to eq '54'
+          end
+
+          context 'the info hash' do
+            subject { last_request.env['omniauth.auth']['info'] }
+
+            it 'includes user info attributes' do
+              expect(subject.name).to eq 'Peter Segel'
+              expect(subject.first_name).to eq 'Peter'
+              expect(subject.last_name).to eq 'Segel'
+              expect(subject.nickname).to eq 'psegel'
+              expect(subject.email).to eq 'psegel@intridea.com'
+              expect(subject.location).to eq 'Washington, D.C.'
+              expect(subject.image).to eq '/images/user.jpg'
+              expect(subject.phone).to eq '555-555-5555'
+            end
+          end
+
+          context 'the extra hash' do
+            subject { last_request.env['omniauth.auth']['extra'] }
+
+            it 'includes additional user attributes' do
+              expect(subject.user).to eq 'psegel'
+              expect(subject.employeeid).to eq '54'
+              expect(subject.hire_date).to eq '2004-07-13'
+            end
+          end
+
+          context 'the credentials hash' do
+            subject { last_request.env['omniauth.auth']['credentials'] }
+
+            it 'has a ticket value' do
+              expect(subject.ticket).to eq '593af'
+            end
+          end
+        end
+
+        it 'calls through to the master app' do
+          expect(last_response.body).to eq 'true'
+        end
+      end
 
-      its(:provider) { should == :cas }
+      let(:return_url) { 'http://127.0.0.10/?some=parameter' }
 
-      its(:uid) { should == '54'}
+      context 'with JASIG flavored XML' do
+        let(:xml_file_name) { 'cas_success_jasig.xml' }
 
-      context 'the info hash' do
-        subject { last_request.env['omniauth.auth']['info'] }
+        it_behaves_like :successful_validation
+      end
 
-        it { should have(6).items }
+      context 'with classic XML' do
+        let(:xml_file_name) { 'cas_success.xml' }
 
-        its(:name)       { should == 'Peter Segel' }
-        its(:first_name) { should == 'Peter' }
-        its(:last_name)  { should == 'Segel' }
-        its(:email)      { should == 'psegel@intridea.com' }
-        its(:location)   { should == 'Washington, D.C.' }
-        its(:image)      { should == '/images/user.jpg' }
-        its(:phone)      { should == '555-555-5555' }
+        it_behaves_like :successful_validation
       end
+    end
+  end
 
-      context 'the extra hash' do
-        subject { last_request.env['omniauth.auth']['extra'] }
+  describe 'POST /auth/cas/callback' do
+    describe 'with a Single Sign-Out logoutRequest' do
+      let(:logoutRequest) do
+        %Q[
+          <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
+            <saml:NameID>@NOT_USED@</saml:NameID>
+            <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
+          </samlp:LogoutRequest>
+        ]
+      end
 
-        it { should have(3).items }
+      let(:logout_request) { double('logout_request', call:[200,{},'OK']) }
 
-        its(:user)       { should == 'psegel' }
-        its(:employeeid) { should == '54' }
-        its(:hire_date)  { should == '2004-07-13' }
+      subject do
+        post 'auth/cas/callback', logoutRequest:logoutRequest
       end
 
-      context 'the credentials hash' do
-        subject { last_request.env['omniauth.auth']['credentials'] }
-
-        it { should have(1).items }
+      before do
+        allow_any_instance_of(MyCasProvider)
+          .to receive(:logout_request_service)
+          .and_return double('LogoutRequest', new:logout_request)
 
-        its(:ticket) { should == '593af' }
+        subject
       end
-    end
 
-    it 'should call through to the master app' do
-      last_response.body.should == 'true'
+      it 'initializes a LogoutRequest' do
+        expect(logout_request).to have_received :call
+      end
     end
   end
-
 end