soar_authentication_token 3.0.5 → 3.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e7996fa1857b1b57684079260f326c2f706a0f78
-  data.tar.gz: 44ccf374373fbc7d6596fd1638e2e4016d0f7cee
+  metadata.gz: 275c14010dd496f6d91233ac79a73fd9755b628a
+  data.tar.gz: 190b1794277f7916ba2cb551946777c5bc98af66
 SHA512:
-  metadata.gz: 64764a63384c843c5bf5c056f2a1f479b72c234f42d2d2ba3daa55690b60627eff2446580910ab007952dd432ec31256b6794af979041977f83f5f733f69315f
-  data.tar.gz: a385a5cf6a96bb4b927b924844417e5551e75a8085fda8fb8fd18670cedbbdf5dcbb550d01a46284fc8e7bb2fa48158745625b5794be9d525681e2435222d6c6
+  metadata.gz: a622e8ab76aae89f5578a0d30051351d2d481d56cbb1804ad2369d45886dbf54fe9c4abe36251225c2f99feffdb09b57d1e36b7451125c7ab5e70790ff474ec7
+  data.tar.gz: fe4d4a1a62f2705632d9e5a1839d5839ddd3552956616533e817761a4b17e1a89190332d1e4ff1dfdd0a777cc61f374a56cfa07b8f55f0e2fd1288da8ac6bc96

data/.gitignore

@@ -1,3 +1,4 @@
 Gemfile.lock
 *.gem
 .byebug_history
+coverage

data/README.md

@@ -1,4 +1,4 @@
-# SoarAuditingProvider
+# SoarAuthenticationToken
 
 [![Gem Version](https://badge.fury.io/rb/soar_authentication_token.png)](https://badge.fury.io/rb/soar_authentication_token)
 
@@ -13,25 +13,28 @@ gem 'soar_authentication_token'
 ```
 
 And then execute:
-
-    $ bundle
+```bash
+bundle
+```
 
 Or install it yourself as:
+```bash
+gem install soar_authentication_token
+```
 
-    $ gem install soar_authentication_token
+## Configuration of generators and validators
 
-## Configuration
+There are three modes of operation: local, remote or static
 
-There are three modes of operation.
 ### Local
-In local mode the tokens are decoded, verified and meta extracted locally using configured key material.
+In local mode the tokens are decoded, verified and meta extracted locally using configured key material. In practice the the token generation and validation services run in this mode since their roles are to generate and validate tokens.
 
 ### Remote
-In remote mode the tokens are passed to a validation service for dynamic validation.  The key material are therefore managed on the validation service.  In this mode you only have to provide the url of the validation service.
+In remote mode the tokens are passed to a token validation service for validation. This allows for a centralized management of tokens. The key material are therefore managed on the validation service and .  In this mode you only have to provide the url of the validation service.
 
 ### Static
-In this mode the validator are configured with a list of preconfigured static tokens.  Incoming tokens are simply checked against this list.  No extraction of meta is performed on the tokens but retrieved from the configuration.  This mode is to be used in only two scenarios:
-* Between the various authentication token services that requires authentication between themselves.  These services do not have such a service to rely on. Circular dependency.
+In this mode the validator is configured with a list of preconfigured static tokens.  Incoming tokens are simply checked against this list.  No extraction of meta is performed on the tokens but retrieved from the configuration.  Rotation of tokens is simple since many tokens can be configured. This mode is to be used in only two scenarios:
+* Between the various authentication token services that requires authentication between themselves.  These services themselves do not the benefit of another centralized authentication service to rely on.
 * In test scenarios where you do not want to pull in the authentication services to perform testing of your services.
 
 
@@ -39,33 +42,123 @@ In this mode the validator are configured with a list of preconfigured static to
 
 Run the rspec test tests using docker compose:
 
-    $ docker-compose build
-    $ docker-compose run --rm soar-authentication-token
-
-Properly clean up containers afterwards:
-
-    $ docker-compose down
-
-Locally run a subset:
-
-    $ bundle exec rspec -cfd spec/rack_middleware_spec.rb
-
+```bash
+docker-compose build
+docker-compose run --rm soar-authentication-token
+docker-compose down
+```
 
 ## Updating
 
-In order to pull the latest from the referenced projects, simply the following command:
+For test purposes this repo relies on various other repos with services.  This is to test the interaction between the generator and validation clients and these services. In order to pull the latest from the referenced projects and build fresh docker images, simply the following commands:
 
 ```bash
 git pull && git submodule foreach 'git fetch origin --tags; git checkout master; git pull'
+docker-compose down
 docker-compose build
 ```
 
 ## Usage
 
+### KeypairGenerator
+
+In support of generating JWT tokens this class is responsible for generating an EC keypairs in PEM format.  Use this when rotating keypairs in production or for testing the generators/validators.
+
+```ruby
+generator = SoarAuthenticationToken::KeypairGenerator.new
+private_key, public_key = generator.generate
+```
+
+### RackMiddleware
+
+The rack middleware allows you to perform validation of all requests before it even hits your resource.  The middleware also populates the 'user' key in the rack session with the authenticated identifier and the 'auth_token_meta' key with meta regarding the authentication that might be useful to more sensitive services.
+
+First step is to configure the middleware. Actually you are not configuring the middleware but the TokenValidator instance that will be used in the validation. Most of the time you will be reaching out to a remote validation service and configure it as such:
+
+```ruby
+@iut_configuration = {
+  'mode' => 'remote',
+  'validator-url' => 'http://authentication-token-validator-service:9393/validate'
+}
+@iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration)
+```
+
+The middleware will look for the authentication token in the HTTP header 'AUTHORIZATION'.
+
+Please refer to the rack middleware spec for detailed examples on how to use the middleware.
 
+### TokenGenerator
 
-## Detailed example
+The class generates tokens or requests a token from a generator service as configured.
 
+For remote token generation, configure as such:
+```ruby
+@configuration_remote = {
+  'mode' => 'remote',
+  'generator-url' => 'http://authentication-token-generator-service:9393/generate',
+  'generator-client-auth-token' => 'xxxx'
+}
+```
+
+For local token generation, configure as such:
+```ruby
+generator = SoarAuthenticationToken::KeypairGenerator.new
+private_key, public_key = generator.generate
+@configuration_local = {
+  'mode' => 'local',
+  'private_key' => private_key
+}
+```
+
+Create storage client. The example here uses a local stub client that uses a in-memory store.
+```ruby
+gem 'auth_token_store_provider', "~> 1.0.1"
+require 'auth_token_store_provider'
+store = AuthTokenStoreProvider::StubClient.new
+```
+
+After configuration you simply generate a token like this:
+```ruby
+generator = SoarAuthenticationToken::TokenGenerator.new(configuration)
+generator.inject_store_provider(store)
+token, token_generator_meta = generator.generate(authenticated_identifier: 'someone@hetzner.co.za', flow_identifier: 'test-flow-id')
+```
+
+### TokenValidator
+
+The class validates tokens or requests validation of a token from a validation service as configured.
+
+For remote token validation, configure as such:
+```ruby
+@configuration_remote = {
+  'mode' => 'remote',
+  'validator-url' => 'http://authentication-token-validator-service:9393/validate',
+}
+```
+
+For local token validation, configure as such:
+```ruby
+generator = SoarAuthenticationToken::KeypairGenerator.new
+private_key, public_key = generator.generate
+@configuration_local = {
+  'mode' => 'local',
+  'public_key' => public_key
+}
+```
+
+Create storage client. The example here uses a local stub client that uses a in-memory store.
+```ruby
+gem 'auth_token_store_provider', "~> 1.0.1"
+require 'auth_token_store_provider'
+store = AuthTokenStoreProvider::StubClient.new
+```
+
+After configuration you simply valiate a token like this:
+```ruby
+validator = SoarAuthenticationToken::TokenValidator.new(configuration)
+validator.inject_store_provider(store)
+token_validity, token_validator_meta, messages = validator.validate(authentication_token: token, flow_identifier: 'test-flow-id')
+```
 
 
 ## Contributing

data/lib/soar_authentication_token/keypair_generator.rb

@@ -2,9 +2,6 @@ require 'openssl'
 
 module SoarAuthenticationToken
   class KeypairGenerator
-    def initialize
-    end
-
     def generate
       private_key = OpenSSL::PKey::EC.new 'secp521r1'
       private_key.generate_key
@@ -12,8 +9,5 @@ module SoarAuthenticationToken
       public_key.private_key = nil
       [private_key.to_pem, public_key.to_pem]
     end
-
-    private
-
   end
 end

data/lib/soar_authentication_token/rack_middleware.rb

@@ -9,21 +9,27 @@ module SoarAuthenticationToken
     end
 
     def call(env)
-      request = Rack::Request.new env
-      session, params = request.session, request.params
-      token_valid, token_meta, message = validate_and_resolve_token(request.env['HTTP_AUTHORIZATION'],params['flow_identifier'])
+      session, params, token, flow_id = get_request_information(env)
+      token_valid, token_meta, message = validate_and_resolve_token(token,flow_id)
       if token_valid
         session['user'] = token_meta['authenticated_identifier']
         session['auth_token_meta'] = token_meta
-        @app.call env
-      else
-        audit_token_rejection("Token rejected due to #{message}",params['flow_identifier'])
-        [401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]]
+        return @app.call env
       end
+      audit_token_rejection("Token rejected due to #{message}",flow_id)
+      rejection
     end
 
     private
 
+    def get_request_information(env)
+      request = Rack::Request.new env
+      [ request.session,
+        request.params,
+        request.env['HTTP_AUTHORIZATION'],
+        request.params['flow_identifier'] ]
+    end
+
     def validate_and_resolve_token(authentication_token,flow_identifier)
       token_validator = SoarAuthenticationToken::TokenValidator.new(@configuration)
       token_validator.validate(authentication_token: authentication_token,flow_identifier: flow_identifier)
@@ -32,5 +38,9 @@ module SoarAuthenticationToken
     def audit_token_rejection(message, flow_id)
       @auditing.warn(message,flow_id) if @auditing
     end
+
+    def rejection
+      [401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]]
+    end
   end
 end

data/lib/soar_authentication_token/token_generator.rb

@@ -31,7 +31,7 @@ module SoarAuthenticationToken
     private
 
     def generate_locally(authenticated_identifier)
-      token_meta = meta(authenticated_identifier)
+      token_meta = generate_meta(authenticated_identifier)
       token = encode(token_meta)
       add_token_to_store(token_meta)
       [token, token_meta]
@@ -60,7 +60,7 @@ module SoarAuthenticationToken
       body['data']['token']
     end
 
-    def meta(authenticated_identifier)
+    def generate_meta(authenticated_identifier)
       current_time = Time.now
       { 'authenticated_identifier' => authenticated_identifier,
         'token_issue_time'         => current_time.utc.iso8601(3),
@@ -76,13 +76,18 @@ module SoarAuthenticationToken
     def validate_configuration
       raise "'mode' must be configured" unless @configuration['mode']
       raise "'mode' must be configured as either 'local' or 'remote'" unless ['local','remote'].include?(@configuration['mode'])
-      if 'remote' == @configuration['mode']
-        raise "'generator-url' must be configured in remote mode" if @configuration['generator-url'].nil?
-      else
-        raise "'private_key' must be configured in local mode" unless @configuration['private_key']
-        raise "'expiry' must be configured in local mode" unless @configuration['expiry']
-        raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
-      end
+      validate_local_mode_configuration if 'local' == @configuration['mode']
+      validate_remote_mode_configuration if 'remote' == @configuration['mode']
+    end
+
+    def validate_remote_mode_configuration
+      raise "'generator-url' must be configured in remote mode" if @configuration['generator-url'].nil?
+    end
+
+    def validate_local_mode_configuration
+      raise "'private_key' must be configured in local mode" unless @configuration['private_key']
+      raise "'expiry' must be configured in local mode" unless @configuration['expiry']
+      raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
     end
 
     def merge_with_default_configuration(configuration)

data/lib/soar_authentication_token/token_validator.rb

@@ -22,7 +22,8 @@ module SoarAuthenticationToken
     def validate(authentication_token:,flow_identifier: nil)
       return validate_locally(authentication_token)    if 'local' == @configuration['mode']
       return validate_statically(authentication_token) if 'static' == @configuration['mode']
-      return validate_remotely(authentication_token,flow_identifier)
+      return validate_remotely(authentication_token,flow_identifier) if 'remote' == @configuration['mode']
+      raise 'invalid validation mode configured'
     end
 
     private
@@ -36,7 +37,6 @@ module SoarAuthenticationToken
                           token_expiry_time:        found_static_token['token_expiry_time'])
       return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
       return success_result(token_meta: meta)
-
     end
 
     def find_configured_static_token(authentication_token)

data/lib/soar_authentication_token/version.rb

@@ -1,3 +1,3 @@
 module SoarAuthenticationToken
-  VERSION = '3.0.5'
+  VERSION = '3.0.6'
 end

data/soar_authentication_token.gemspec

@@ -24,10 +24,12 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rack", '~> 1.6', '>= 1.6.4'
   spec.add_dependency 'authenticated_client', '~> 0.0.2'
 
-  spec.add_development_dependency 'auth_token_store_provider', "~> 1.0.1"
+  spec.add_development_dependency 'auth_token_store_provider', "~> 1.0"
   spec.add_development_dependency 'pry', '~> 0'
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 2.13'
   spec.add_development_dependency "capybara", '~> 2.1', '>= 2.1.0'
+  spec.add_development_dependency "simplecov", '~> 0'
+  spec.add_development_dependency "simplecov-rcov", '~> 0'
 end

data/spec/rack_middleware_spec.rb

@@ -44,7 +44,12 @@ describe SoarAuthenticationToken::RackMiddleware do
     @test_app = lambda do |env|
       request = Rack::Request.new env
       session = request.session
-      [200, {"Content-Type"=>"text/html"}, ["tested with authenticated user #{session['user']}"] ]
+      test_app_response_data = {
+        'message' => "tested with authenticated user #{session['user']}",
+        'user' => session['user'],
+        'auth_token_meta' => session['auth_token_meta']
+      }
+      [200, {"Content-Type"=>"text/html"}, test_app_response_data ]
     end
     @iut_configuration = {
       'mode' => 'remote',
@@ -68,23 +73,41 @@ describe SoarAuthenticationToken::RackMiddleware do
     end
   end
 
-  context "when called with an environment" do
-    it "should return 401 if the request contains no authentication token" do
-      opts = { }
-      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
-      expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
+  context "when called with a request environment" do
+    context 'with no authentication token' do
+      it "return with 401" do
+        opts = { }
+        code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
+        expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
+      end
     end
 
-    it "should return 401 if the request contains an invalid authentication token" do
-      opts = { 'HTTP_AUTHORIZATION' => @local_invalid_generator.generate(authenticated_identifier: 'a@b.com') }
-      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
-      expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
+    context 'with an invalid authentication token' do
+      it "return with 401" do
+        opts = { 'HTTP_AUTHORIZATION' => @local_invalid_generator.generate(authenticated_identifier: 'a@b.com') }
+        code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
+        expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]])
+      end
     end
 
-    it "should pass requests that are authenticated through to the application" do
-      opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
-      code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
-      expect([code, env, body]).to eq([200, {"Content-Type"=>"text/html"}, ["tested with authenticated user a@b.com"] ])
+    context 'with a valid authentiation token' do
+      it "pass requests to the application" do
+        opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
+        expect([code, env, body['message']]).to eq([200, {"Content-Type"=>"text/html"}, "tested with authenticated user a@b.com" ])
+      end
+
+      it "populate the 'user' key in the rack session with the authenticated user" do
+        opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
+        expect(body['user']).to eq('a@b.com')
+      end
+
+      it "populate the 'auth_token_meta' key in the rack session with the hash containing the token meta" do
+        opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
+        expect(body['auth_token_meta']['authenticated_identifier']).to eq('a@b.com')
+      end
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,18 @@
+require 'simplecov'
+require 'simplecov-rcov'
+
+SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
+SimpleCov.start do
+  add_filter "/spec/"
+end
+
 $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
 $LOAD_PATH.unshift File.expand_path('../../spec/support', __FILE__)
 
 require 'soar_authentication_token'
 require 'pry'
 require 'auth_token_store_provider'
+
+def one_year_in_seconds
+  31536000
+end

data/spec/token_validator_spec.rb

@@ -83,51 +83,144 @@ describe SoarAuthenticationToken::TokenValidator do
     expect(SoarAuthenticationToken::VERSION).not_to be nil
   end
 
+  describe "#validate" do
+    context "given that the validator is configured for local validation" do
+      context 'given valid token' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
+          @iut_local.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
 
-  context "when validating a token locally using the configured public key" do
-    it 'should indicate valid if the token is valid' do
-      token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_local.validate(authentication_token: token)
-      expect(token_validity).to eq true
-    end
+        it 'indicate token is valid' do
+          expect(token_validity).to eq true
+        end
+        
+        it 'provide the token meta' do
+          expect(token_meta['authenticated_identifier']).to eq @test_identifier
+        end
 
-    it 'should indicate invalid if the token is not valid' do
-      token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_local.validate(authentication_token: token)
-      expect(token_validity).to eq false
-    end
+        it 'provide a message indicating that the token is valid' do
+          expect(message).to match /Valid token for/
+        end
+      end
 
-    it 'should provide the token meta if the token is valid' do
-      token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_local.validate(authentication_token: token)
-      expect(token_meta['authenticated_identifier']).to eq @test_identifier
-    end
+      context 'given expired token' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
+          allow(Time).to receive(:now).and_return(Time.now+one_year_in_seconds)
+          @iut_local.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
 
-    it 'should not provide the token meta if the token is invalid' do
-      token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_local.validate(authentication_token: token)
-      expect(token_meta).to eq nil
-    end
+        it 'indicate token is invalid' do
+          expect(token_validity).to eq false
+        end
 
-    it 'should provide a message indicating that that token is valid if the token is valid' do
-    end
+        it 'does not provide the token meta' do
+          expect(token_meta).to eq nil
+        end
 
-    it 'should indicate as invalid tokens that are older than the configured expiry time' do
-      #TODO
-      #expect(true).to eq false
-    end
+        it 'provide a message indicating that the token is invalid' do
+          expect(message).to match /Expired token/
+        end
+      end
 
-    it 'should indicate as valid tokens that are not older than the configured expiry time' do
-      #TODO
-      #expect(true).to eq false
-    end
+      context 'given unknown token (not in store)' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
+          @test_store.instance_variable_set("@store", []) #clear store
+          @iut_local.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
+
+        it 'indicate that token is invalid' do
+          expect(token_validity).to eq false
+        end
+
+        it 'does not provide the token meta' do
+          expect(token_meta).to eq nil
+        end
+
+        it 'provide a message indicating that the token is invalid' do
+          expect(message).to match /Unknown token/
+        end
+      end
+
+      context 'given invalid token (garbage or different key)' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
+          @iut_local.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
+
+        it 'indicate token is invalid' do
+          expect(token_validity).to eq false
+        end
+
+        it 'does not provide the token meta' do
+          expect(token_meta).to eq nil
+        end
 
-    it 'should indicate as invalid tokens that are not in the token store' do
+        it 'provide a message indicating that the token is invalid' do
+          expect(message).to match /Token decode\/verification failure/
+        end
+      end
     end
-  end
 
 
-  describe "#validate" do
+
+    context "given that the validator is configured for remote validation" do
+      context 'given valid token' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
+          @iut_remote.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
+
+        it 'should indicate valid if the token is valid' do
+          expect(token_validity).to eq true
+        end
+
+        it 'should provide the authenticated_identifier if the token is valid' do
+          expect(token_meta['authenticated_identifier']).to eq @test_identifier
+        end
+      end
+
+      context 'given invalid (generalized) token' do
+        let!(:token_validation_result) {
+          token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
+          @iut_remote.validate(authentication_token: token)
+        }
+        let!(:token_validity) { token_validation_result[0] }
+        let!(:token_meta)     { token_validation_result[1] }
+        let!(:message)        { token_validation_result[2] }
+
+        it 'indicate token is invalid' do
+          expect(token_validity).to eq false
+        end
+
+        it 'does not provide the token meta' do
+          expect(token_meta).to eq nil
+        end
+
+        it 'provides a message indicating the token is invalid' do
+          expect(message).to match /Token decode\/verification failure/
+        end
+      end
+
+
+    end
     context "given that the validator is configured for static tokens" do
       let(:iut) { subject.new(@static_validator_configuration) }
       context "given a token that is in the list of static tokens and not expired" do
@@ -188,41 +281,4 @@ describe SoarAuthenticationToken::TokenValidator do
       end
     end
   end
-
-
-  context "when validating a token remotely using the configured url" do
-    it 'should indicate valid if the token is valid' do
-      token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_remote.validate(authentication_token: token)
-      expect(token_validity).to eq true
-    end
-
-    it 'should indicate invalid if the token is invalid' do
-      token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_remote.validate(authentication_token: token)
-      expect(token_validity).to eq false
-    end
-
-    it 'should provide the authenticated_identifier if the token is valid' do
-      token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_remote.validate(authentication_token: token)
-      expect(token_meta['authenticated_identifier']).to eq @test_identifier
-    end
-
-    it 'should not provide the authenticated_identifier if the token is invalid' do
-      token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-      token_validity, token_meta, message = @iut_remote.validate(authentication_token: token)
-      expect(token_meta).to eq nil
-    end
-
-    it 'should indicate as invalid tokens that are older than the configured expiry time' do
-      #TODO
-      #expect(true).to eq false
-    end
-
-    it 'should indicate as valid tokens that are not older than the configured expiry time' do
-      #TODO
-      #expect(true).to eq false
-    end
-  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: soar_authentication_token
 version: !ruby/object:Gem::Version
-  version: 3.0.5
+  version: 3.0.6
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-23 00:00:00.000000000 Z
+date: 2017-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: soar_xt
@@ -84,14 +84,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -168,6 +168,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Interface to the authentication token service
 email:
 - barney.de.villiers@hetzner.co.za
@@ -204,7 +232,6 @@ files:
 - sanity/.ruby-version
 - sanity/Gemfile
 - sanity/sanity.rb
-- sanity/sanity_benchmark.rb
 - soar_authentication_token.gemspec
 - spec/keypair_generator_spec.rb
 - spec/rack_middleware_spec.rb

data/sanity/sanity_benchmark.rb

@@ -1,83 +0,0 @@
-require 'soar_auditing_provider'
-require 'log4r_auditor'
-require 'soar_flow'
-require 'benchmark'
-require 'byebug'
-
-class Main
-
-  AUDITING_CONFIGURATION = {
-    'auditing' => {
-      'level' => 'debug',
-      'install_exit_handler' => 'false',
-      'add_caller_source_location' => 'false',
-      'queue_worker' => {
-        'queue_size' => 1000000,
-        'initial_back_off_in_seconds' => 1,
-        'back_off_multiplier' => 2,
-        'back_off_attempts' => 5
-      },
-      'default_nfrs' => {
-        'accessibility' => 'local',
-        'privacy' => 'not encrypted',
-        'reliability' => 'instance',
-        'performance' => 'high'
-      },
-      'auditors' => {
-        'log4r' => {
-          'adaptor' => 'Log4rAuditor::Log4rAuditor',
-          'file_name' => 'soar_sc.log',
-          'standard_stream' => 'none',
-          'nfrs' => {
-            'accessibility' => 'local',
-            'privacy' => 'not encrypted',
-            'reliability' => 'instance',
-            'performance' => 'high'
-          }
-        }
-      }
-    }
-  }
-
-  def test_sanity
-    iterations = 1000000
-
-    #create and configure auditing instance
-    myauditing = SoarAuditingProvider::AuditingProvider.new( AUDITING_CONFIGURATION['auditing'] )
-    myauditing.startup_flow_id = SoarFlow::ID::generate_flow_id
-    myauditing.service_identifier = 'my-test-service.com'
-
-    #associate a set of auditing entries with a flow by generating a flow identifiers
-    flow_id = SoarFlow::ID::generate_flow_id
-
-    Benchmark.bm do |x|
-      myauditing = SoarAuditingProvider::AuditingProvider.new( AUDITING_CONFIGURATION['auditing'].dup.merge("level" => "warn") )
-      myauditing.startup_flow_id = SoarFlow::ID::generate_flow_id
-      myauditing.service_identifier = 'my-test-service.com'
-      x.report ("audit_call_below_audit_threshold:") {
-        iterations.times {
-          myauditing.info("Benchmarking test",flow_id)
-        }
-      }
-      myauditing = SoarAuditingProvider::AuditingProvider.new( AUDITING_CONFIGURATION['auditing'].dup.merge("add_caller_source_location" => "false") )
-      myauditing.startup_flow_id = SoarFlow::ID::generate_flow_id
-      myauditing.service_identifier = 'my-test-service.com'
-      x.report ("audit_call_without_caller_info  :") {
-        iterations.times {
-          myauditing.info("Benchmarking test",flow_id)
-        }
-      }
-      myauditing = SoarAuditingProvider::AuditingProvider.new( AUDITING_CONFIGURATION['auditing'].dup.merge("add_caller_source_location" => "true") )
-      myauditing.startup_flow_id = SoarFlow::ID::generate_flow_id
-      myauditing.service_identifier = 'my-test-service.com'
-      x.report ("audit_call_with_caller_info     :") {
-        iterations.times {
-          myauditing.info("Benchmarking test",flow_id)
-        }
-      }
-    end
-  end
-end
-
-main = Main.new
-main.test_sanity