omniauth_crowd 2.1.2 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,25 +1,28 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth_crowd (2.1.2)
4
+ omniauth_crowd (2.1.3)
5
5
  nokogiri (>= 1.4.4)
6
6
  omniauth (~> 1.0)
7
7
 
8
8
  GEM
9
9
  remote: http://rubygems.org/
10
10
  specs:
11
- addressable (2.2.7)
12
- crack (0.3.1)
11
+ addressable (2.3.5)
12
+ crack (0.4.1)
13
+ safe_yaml (~> 0.9.0)
13
14
  diff-lcs (1.1.3)
14
- hashie (1.2.0)
15
- nokogiri (1.5.2)
16
- omniauth (1.1.1)
17
- hashie (~> 1.2)
15
+ hashie (2.0.5)
16
+ mini_portile (0.5.1)
17
+ nokogiri (1.6.0)
18
+ mini_portile (~> 0.5.0)
19
+ omniauth (1.1.4)
20
+ hashie (>= 1.2, < 3)
18
21
  rack
19
- rack (1.4.1)
20
- rack-test (0.6.1)
22
+ rack (1.5.2)
23
+ rack-test (0.6.2)
21
24
  rack (>= 1.0)
22
- rake (0.9.2.2)
25
+ rake (10.1.0)
23
26
  rspec (2.5.0)
24
27
  rspec-core (~> 2.5.0)
25
28
  rspec-expectations (~> 2.5.0)
@@ -28,6 +31,7 @@ GEM
28
31
  rspec-expectations (2.5.0)
29
32
  diff-lcs (~> 1.1.2)
30
33
  rspec-mocks (2.5.0)
34
+ safe_yaml (0.9.5)
31
35
  webmock (1.3.5)
32
36
  addressable (>= 2.1.1)
33
37
  crack (>= 0.1.7)
@@ -1,16 +1,17 @@
1
1
  require 'nokogiri'
2
2
  require 'net/http'
3
3
  require 'net/https'
4
- require 'rexml/text'
5
4
 
6
5
  module OmniAuth
7
6
  module Strategies
8
7
  class Crowd
9
8
  class CrowdValidator
10
- SESSION_REQUEST_BODY = "<authentication-context>
11
- <username>%s</username>
12
- <password>%s</password>
13
- </authentication-context>"
9
+ SESSION_REQUEST_BODY = <<-BODY.strip
10
+ <authentication-context>
11
+ <username>%s</username>
12
+ <password>%s</password>
13
+ </authentication-context>
14
+ BODY
14
15
  AUTHENTICATION_REQUEST_BODY = "<password><value>%s</value></password>"
15
16
  def initialize(configuration, username, password)
16
17
  @configuration, @username, @password = configuration, username, password
@@ -49,16 +50,16 @@ module OmniAuth
49
50
 
50
51
  def add_user_groups!(user_info_hash)
51
52
  response = make_user_group_request
52
- unless response.code.to_i != 200 || response.body.nil? || response.body == ''
53
+ unless response.code.to_i != 200 || response.body.nil? || response.body == ''
53
54
  doc = Nokogiri::XML(response.body)
54
55
  user_info_hash["groups"] = doc.xpath("//groups/group/@name").map(&:to_s)
55
56
  end
56
57
  user_info_hash
57
58
  end
58
-
59
+
59
60
  def retrieve_user_info!
60
61
  response = make_authorization_request
61
- unless response.code.to_i != 200 || response.body.nil? || response.body == ''
62
+ unless response.code.to_i != 200 || response.body.nil? || response.body == ''
62
63
  doc = Nokogiri::XML(response.body)
63
64
  {
64
65
  "user" => doc.xpath("//user/@name").to_s,
@@ -87,12 +88,12 @@ module OmniAuth
87
88
  http.request(req)
88
89
  end
89
90
  end
90
-
91
+
91
92
  def make_user_group_request
92
93
  make_request(@user_group_uri)
93
94
  end
94
95
 
95
- def make_authorization_request
96
+ def make_authorization_request
96
97
  make_request(@authentiction_uri, make_authentication_request_body(@password))
97
98
  end
98
99
 
@@ -104,14 +105,14 @@ module OmniAuth
104
105
  def make_authentication_request_body(password)
105
106
  request_body = Nokogiri::XML(AUTHENTICATION_REQUEST_BODY)
106
107
  password_value = request_body.at_css "value"
107
- password_value.content = REXML::Text.normalize(password)
108
+ password_value.content = password
108
109
  return request_body.root.to_s # return the body without the xml header
109
110
  end
110
111
 
111
112
  def make_session_request_body(username,password)
112
113
  request_body = Nokogiri::XML(SESSION_REQUEST_BODY)
113
- request_body.at_css("username").content = REXML::Text.normalize(username)
114
- request_body.at_css("password").content = REXML::Text.normalize(password)
114
+ request_body.at_css("username").content = username
115
+ request_body.at_css("password").content = password
115
116
  return request_body.root.to_s
116
117
  end
117
118
  end
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Crowd
3
- VERSION = "2.1.2"
3
+ VERSION = "2.1.3"
4
4
  end
5
5
  end
@@ -1,5 +1,4 @@
1
1
  require File.dirname(__FILE__) + '/../../spec_helper'
2
- require 'nokogiri'
3
2
 
4
3
  describe OmniAuth::Strategies::Crowd, :type=>:strategy do
5
4
  include OmniAuth::Test::StrategyTestCase
@@ -8,12 +7,60 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
8
7
  @crowd_server_url ||= 'https://crowd.example.org'
9
8
  @application_name ||= 'bogus_app'
10
9
  @application_password ||= 'bogus_app_password'
11
- [OmniAuth::Strategies::Crowd, {:crowd_server_url => @crowd_server_url,
10
+ [OmniAuth::Strategies::Crowd, {:crowd_server_url => @crowd_server_url,
12
11
  :application_name => @application_name,
13
12
  :application_password => @application_password,
14
13
  :use_sessions => @use_sessions}]
15
14
  end
16
15
 
16
+ describe 'Authentication Request Body' do
17
+ before do
18
+ config = OmniAuth::Strategies::Crowd::Configuration.new(strategy[1])
19
+ @validator = OmniAuth::Strategies::Crowd::CrowdValidator.new(config, 'foo', 'bar')
20
+ end
21
+
22
+ it 'should send password in session request' do
23
+ @validator.send(:make_authentication_request_body, 'bar').should == <<-BODY.strip
24
+ <password>
25
+ <value>bar</value>
26
+ </password>
27
+ BODY
28
+ end
29
+
30
+ it 'should escape special characters username and password in session request' do
31
+ @validator.send(:make_authentication_request_body, 'bar<').should == <<-BODY.strip
32
+ <password>
33
+ <value>bar&lt;</value>
34
+ </password>
35
+ BODY
36
+ end
37
+ end
38
+
39
+ describe 'Session Request Body' do
40
+ before do
41
+ config = OmniAuth::Strategies::Crowd::Configuration.new(strategy[1])
42
+ @validator = OmniAuth::Strategies::Crowd::CrowdValidator.new(config, 'foo', 'bar')
43
+ end
44
+
45
+ it 'should send username and password in session request' do
46
+ @validator.send(:make_session_request_body, 'foo', 'bar').should == <<-BODY.strip
47
+ <authentication-context>
48
+ <username>foo</username>
49
+ <password>bar</password>
50
+ </authentication-context>
51
+ BODY
52
+ end
53
+
54
+ it 'should escape special characters username and password in session request' do
55
+ @validator.send(:make_session_request_body, 'foo', 'bar<').should == <<-BODY.strip
56
+ <authentication-context>
57
+ <username>foo</username>
58
+ <password>bar&lt;</password>
59
+ </authentication-context>
60
+ BODY
61
+ end
62
+ end
63
+
17
64
  describe 'GET /auth/crowd' do
18
65
  before do
19
66
  get '/auth/crowd'
@@ -69,18 +116,6 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
69
116
  end
70
117
  end
71
118
 
72
- context "when using authentication endpoint with special characters" do
73
- before do
74
- stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo")
75
- get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"bar&<xml>"}}
76
- end
77
-
78
- it 'should escape special characters' do
79
- WebMock.should have_requested(:post, 'https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo').
80
- with { |req| Nokogiri::XML(req.body).at_css("value").content == 'bar&amp;&lt;xml&gt;' }
81
- end
82
- end
83
-
84
119
  context "when using session endpoint" do
85
120
  before do
86
121
  @use_sessions = true
@@ -100,12 +135,12 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
100
135
  it 'should call through to the master app' do
101
136
  last_response.body.should == 'true'
102
137
  end
103
-
138
+
104
139
  it 'should have an auth hash' do
105
140
  auth = last_request.env['omniauth.auth']
106
141
  auth.should be_kind_of(Hash)
107
142
  end
108
-
143
+
109
144
  it 'should have good data' do
110
145
  auth = last_request.env['omniauth.auth']['provider'].should == :crowd
111
146
  auth = last_request.env['omniauth.auth']['uid'].should == 'foo'
@@ -116,23 +151,6 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do
116
151
  end
117
152
  end
118
153
 
119
- context "when using session endpoint with special characters" do
120
- before do
121
- @use_sessions = true
122
- stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo%26%3Cxml%3E").
123
- to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'success.xml')))
124
- stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/session").
125
- to_return(:status => 201, :body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'session.xml')))
126
- stub_request(:get, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/user/group/direct?username=foo%26%3Cxml%3E").
127
- to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'groups.xml')))
128
- get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo&<xml>", "password"=>"bar&<xml>"}}
129
- end
130
- it 'should escape special characters' do
131
- WebMock.should have_requested(:post, 'https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/session').
132
- with { |req| Nokogiri::XML(req.body).at_css("username").content == 'foo&amp;&lt;xml&gt;' and Nokogiri::XML(req.body).at_css("password").content == 'bar&amp;&lt;xml&gt;' }
133
- end
134
- end
135
-
136
154
  describe 'GET /auth/crowd/callback with credentials will fail' do
137
155
  before do
138
156
  stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo").
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_crowd
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.2
4
+ version: 2.1.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-08-13 00:00:00.000000000 Z
12
+ date: 2013-08-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -179,7 +179,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
179
179
  version: '0'
180
180
  segments:
181
181
  - 0
182
- hash: 4515462234693520699
182
+ hash: -1757168840233326872
183
183
  required_rubygems_version: !ruby/object:Gem::Requirement
184
184
  none: false
185
185
  requirements:
@@ -188,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
188
188
  version: '0'
189
189
  segments:
190
190
  - 0
191
- hash: 4515462234693520699
191
+ hash: -1757168840233326872
192
192
  requirements: []
193
193
  rubyforge_project:
194
194
  rubygems_version: 1.8.25