omniauth-wsfed 0.2.0 → 0.2.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NTdjMWJkYzEyNmNmNDZmNzRlMzlhN2IzYmZmMGY4MzM1ZTBkNTRmOA==
+  data.tar.gz: !binary |-
+    ODhlOTYxY2E5M2ZlMjBiZGIzNTFiYTUzNzQ2N2FjMDRlYTdlMDJhMA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    OWU2OTYzMDBhNDE4Y2YyY2NmOGNhNjM4MWVjMTUyMmE4MzYwNjI1NjFhMWM5
+    NGIxY2YwNGYwNTk1YjdjNTdiOGE0NTlmODdlZDY1YjA4NDU4MWI5NDc0YWM0
+    ZmQ4YjE2MmM3NjNlNGY3N2QwNzY4ZTU5Nzc4Mzc4ZjFjNzVjNjY=
+  data.tar.gz: !binary |-
+    MTAyMDc4ZWZlYWMwZjQ5YTI0M2RiNGVlYTExMmIyNzJkMzZmZWFhY2EzZjQ1
+    YjY4ZTllNTE4ZWQ0MDZlZGIwN2QwNWU3YmZhNWU0NTAyYzE2MTRjYjUwODVk
+    ZWZhYmQzMjE5ZjBkNTM2YmUzMWNjMjJhNzMyN2JhMTcyMzE4NDc=

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 1.9.2
+script: bundle exec rspec spec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    omniauth-wsfed (0.2.0)
+    omniauth-wsfed (0.2.1)
       omniauth (~> 1.1.0)
       xmlcanonicalizer (= 0.1.1)
 

data/README.md

@@ -1,5 +1,9 @@
 # OmniAuth WS-Fed #
 
+[![Gem Version](https://badge.fury.io/rb/omniauth-wsfed.png)](http://badge.fury.io/rb/omniauth-wsfed)
+[![Code Climate](https://codeclimate.com/github/kbeckman/omniauth-wsfed.png)](https://codeclimate.com/github/kbeckman/omniauth-wsfed)
+[![Build Status](https://travis-ci.org/kbeckman/omniauth-wsfed.png?branch=development)](https://travis-ci.org/kbeckman/omniauth-wsfed)
+
 The OmniAuth-WSFed authentication strategy can be used with the following technologies
 under scenarios requiring the [WS-Federation protocol](http://msdn.microsoft.com/en-us/library/bb498017.aspx)
 for authentication. These services are typically used for Identity Federation and Single

data/lib/omniauth-wsfed/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module WSFed
-    VERSION = '0.2.0'
+    VERSION = '0.2.1'
   end
 end

data/lib/omniauth/strategies/wsfed/auth_callback_validator.rb

@@ -8,7 +8,6 @@ module OmniAuth
 
         ISSUER_MISMATCH     = 'AuthN token issuer does not match configured issuer.'
         AUDIENCE_MISMATCH   = 'AuthN token audience does not match configured realm.'
-        FUTURE_CREATED_AT   = 'AuthN token created timestamp occurs in the future.'
         TOKEN_EXPIRED       = 'AuthN token has expired.'
         NO_CLAIMS           = 'AuthN token contains no claims.'
         NO_USER_IDENTIFIER  = 'AuthN token contains no user identifier. Verify that configured :id_claim setting is correct.'
@@ -19,27 +18,40 @@ module OmniAuth
         end
 
         def validate!
+          validate_issuer!
+          validate_audience!
+          validate_token_expiration!
+          validate_claims!
+          validate_uid!
+
+          true
+        end
+
+        def validate_issuer!
           raise OmniAuth::Strategies::WSFed::ValidationError.new(ISSUER_MISMATCH) unless
-            auth_callback.issuer == wsfed_settings[:issuer_name]
+              auth_callback.issuer == wsfed_settings[:issuer_name]
+        end
 
+        def validate_audience!
           raise OmniAuth::Strategies::WSFed::ValidationError.new(AUDIENCE_MISMATCH) unless
-            auth_callback.audience == wsfed_settings[:realm]
-
-          raise OmniAuth::Strategies::WSFed::ValidationError.new(FUTURE_CREATED_AT) unless
-            auth_callback.created_at < Time.now.utc
+              auth_callback.audience == wsfed_settings[:realm]
+        end
 
+        def validate_token_expiration!
           raise OmniAuth::Strategies::WSFed::ValidationError.new(TOKEN_EXPIRED) unless
-            auth_callback.expires_at > Time.now.utc
+              auth_callback.expires_at > Time.now.utc
+        end
 
+        def validate_claims!
           if auth_callback.claims.nil? || auth_callback.claims.empty?
             raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_CLAIMS)
           end
+        end
 
+        def validate_uid!
           if auth_callback.name_id.nil? || auth_callback.name_id.empty?
             raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_USER_IDENTIFIER)
           end
-
-          true
         end
 
       end

data/spec/omniauth/strategies/wsfed/auth_callback_validator_spec.rb

@@ -2,85 +2,116 @@ require 'spec_helper'
 
 describe OmniAuth::Strategies::WSFed::AuthCallbackValidator do
 
-  describe 'Response Validation Rules' do
+  let(:auth_callback) { OmniAuth::Strategies::WSFed::AuthCallback.new({}, {})}
 
-    let(:auth_callback) { OmniAuth::Strategies::WSFed::AuthCallback.new({}, {})}
+  before(:each) do
+    @wsfed_settings = {
+        :issuer_name  => 'https://identity-wwf.accesscontrol.windows.net/',
+        :realm        => 'http://rp.wwf.com/wsfed-sample',
+        :id_claim     => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
+    }
 
-    before(:each) do
-      @wsfed_settings = {
-          :issuer_name  => 'https://identity-wwf.accesscontrol.windows.net/',
-          :realm        => 'http://rp.wwf.com/wsfed-sample',
-          :id_claim     => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
-      }
-
-      @claims = {
+    @claims = {
         'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'                => 'ravishing_rick@wwf.com',
         'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'                        => 'rick.rude',
         'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' => 'http://sso.wwf.com'
-      }
-
-      auth_callback.stub(:issuer).and_return(@wsfed_settings[:issuer_name])
-      auth_callback.stub(:audience).and_return(@wsfed_settings[:realm])
-      auth_callback.stub(:claims).and_return(@claims)
-      auth_callback.stub(:name_id).and_return(@claims[@wsfed_settings[:id_claim]])
-      auth_callback.stub(:created_at).and_return(Time.now.utc - 1) # 1 second ago
-      auth_callback.stub(:expires_at).and_return(Time.now.utc + 300) # 5 minutes from now
-    end
+    }
+
+    auth_callback.stub(:issuer).and_return(@wsfed_settings[:issuer_name])
+    auth_callback.stub(:audience).and_return(@wsfed_settings[:realm])
+    auth_callback.stub(:claims).and_return(@claims)
+    auth_callback.stub(:name_id).and_return(@claims[@wsfed_settings[:id_claim]])
+    auth_callback.stub(:created_at).and_return(Time.now.utc - 1) # 1 second ago
+    auth_callback.stub(:expires_at).and_return(Time.now.utc + 300) # 5 minutes from now
+  end
+
+  context 'with a Valid AuthN Token Response' do
 
-    it 'should pass validation with....' do
+    it 'should pass validation' do
       validator = described_class.new(auth_callback, @wsfed_settings)
 
       validator.validate!.should == true
     end
 
-    context 'with Invalid Response' do
+  end
+
+  context 'with an Invalid AuthN Token Response' do
+
+    context 'having invalid issuer' do
 
-      it 'should throw an exception when issuers do not match' do
+      before(:each) do
         auth_callback.stub(:issuer).and_return('https://c4sc-federation-nomatch.accesscontrol.windows.net/')
+        @validator = described_class.new(auth_callback, @wsfed_settings)
+      end
 
-        validator = described_class.new(auth_callback, @wsfed_settings)
+      it 'validate_issuer! should throw an exception' do
+        lambda { @validator.validate_issuer! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                                  OmniAuth::Strategies::WSFed::AuthCallbackValidator::ISSUER_MISMATCH
+      end
 
-        lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
-                                                          OmniAuth::Strategies::WSFed::AuthCallbackValidator::ISSUER_MISMATCH
+      it 'validate! should throw an exception' do
+        lambda { @validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                           OmniAuth::Strategies::WSFed::AuthCallbackValidator::ISSUER_MISMATCH
       end
 
-      it 'should throw an exception when realm/audience do not match' do
-        auth_callback.stub(:audience).and_return('http://rp.c4sc.com/wsfed-sample-nomatch')
+    end
 
-        validator = described_class.new(auth_callback, @wsfed_settings)
+    context 'having invalid realm/audience' do
 
-        lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
-                                                          OmniAuth::Strategies::WSFed::AuthCallbackValidator::AUDIENCE_MISMATCH
+      before(:each) do
+        auth_callback.stub(:audience).and_return('http://rp.c4sc.com/wsfed-sample-nomatch')
+        @validator = described_class.new(auth_callback, @wsfed_settings)
       end
 
-      it 'should throw an exception when the created_at timestamp is in the future' do
-        auth_callback.stub(:created_at).and_return(Time.now.utc + 2)
-
-        validator = described_class.new(auth_callback, @wsfed_settings)
+      it 'validate_audience! should throw an exception' do
+        lambda { @validator.validate_audience! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                                    OmniAuth::Strategies::WSFed::AuthCallbackValidator::AUDIENCE_MISMATCH
+      end
 
-        lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
-                                                          OmniAuth::Strategies::WSFed::AuthCallbackValidator::FUTURE_CREATED_AT
+      it 'validate! should throw an exception' do
+        lambda { @validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                           OmniAuth::Strategies::WSFed::AuthCallbackValidator::AUDIENCE_MISMATCH
       end
 
-      it 'should throw an exception when the expires_at timestamp limit has been exceeded' do
+    end
+
+    context 'having invalid (limit exceeded) expires_at' do
+
+      before(:each) do
         auth_callback.stub(:expires_at).and_return(Time.now.utc - 1)
+        @validator = described_class.new(auth_callback, @wsfed_settings)
+      end
 
-        validator = described_class.new(auth_callback, @wsfed_settings)
+      it 'validate_token_expiration! should throw an exception' do
+        lambda { @validator.validate_token_expiration! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                                            OmniAuth::Strategies::WSFed::AuthCallbackValidator::TOKEN_EXPIRED
+      end
 
-        lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
-                                                          OmniAuth::Strategies::WSFed::AuthCallbackValidator::TOKEN_EXPIRED
+      it 'validate! should throw an exception' do
+        lambda { @validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                           OmniAuth::Strategies::WSFed::AuthCallbackValidator::TOKEN_EXPIRED
       end
 
-      it 'should throw an exception when claims are empty or nil' do
+    end
+
+    context 'having a nil or empty claims hash' do
+
+      it 'validate_claims! and validate! should each throw an exception' do
         [nil, {}].each do |val|
           auth_callback.stub(:claims).and_return(val)
 
           validator = described_class.new(auth_callback, @wsfed_settings)
 
+          lambda { validator.validate_claims! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                                   OmniAuth::Strategies::WSFed::AuthCallbackValidator::NO_CLAIMS
+
           lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
                                                             OmniAuth::Strategies::WSFed::AuthCallbackValidator::NO_CLAIMS
         end
       end
+    end
+
+    context 'having a nil or empty uid value' do
 
       it 'should throw an exception when the name_id is empty or nil' do
         [nil, ""].each do |val|
@@ -88,6 +119,9 @@ describe OmniAuth::Strategies::WSFed::AuthCallbackValidator do
 
           validator = described_class.new(auth_callback, @wsfed_settings)
 
+          lambda { validator.validate_uid! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
+                                                                OmniAuth::Strategies::WSFed::AuthCallbackValidator::NO_USER_IDENTIFIER
+
           lambda { validator.validate! }.should raise_error OmniAuth::Strategies::WSFed::ValidationError,
                                                             OmniAuth::Strategies::WSFed::AuthCallbackValidator::NO_USER_IDENTIFIER
         end
@@ -96,5 +130,4 @@ describe OmniAuth::Strategies::WSFed::AuthCallbackValidator do
     end
 
   end
-
 end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-wsfed
 version: !ruby/object:Gem::Version
-  version: 0.2.0
-  prerelease: 
+  version: 0.2.1
 platform: ruby
 authors:
 - Keith Beckman
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-22 00:00:00.000000000 Z
+date: 2013-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: xmlcanonicalizer
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -78,7 +69,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -86,7 +76,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -102,6 +91,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -124,27 +114,26 @@ files:
 - spec/support/acs_example.xml
 homepage: https://github.com/kbeckman/omniauth-wsfed
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.0.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A WS-Federation + WS-Trust strategy for OmniAuth.
 test_files:
 - spec/omniauth/strategies/wsfed/auth_callback_spec.rb