soar_authentication_token 6.1.1 → 7.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 92fc0e5a387e08484ae5b0c48a466d46bed16244
-  data.tar.gz: 9b1cbc9f2f41572daf9ed0a917f996f11bf4f141
+  metadata.gz: 92c8dc7a3dbedcf217cd7573c32d50c5d38d2c0c
+  data.tar.gz: de77e06ab5a8a930c88aa713a8e32ccfcc63373c
 SHA512:
-  metadata.gz: af46ea8e47641f8efde6130ed715b2332e47dc15fdf7203d282859fe70759079df9d721b1e43273a7584482d3d76f7664f4ffbd197cd80e37ee15c0a9d42d9b7
-  data.tar.gz: 611a3f9db6afe3e9e1d00fafab33cc7eaad33bba69e695a083cdecf3b43abedc8cafafd83660461f30354b5ce229aea1a57b8b2e6184aa8098d045288ef858c7
+  metadata.gz: 57a51e1c0ea4fda47b35f1fa3988d3717efd106dfdbab932010d0255abb1f31c3d8b82947997abb85d51fb42c8ae4773d0220b8de479d7170aab3637458751c1
+  data.tar.gz: f97c53ba7e18ca910c5468a4f7ed5c83059e5cb50b08ed8f31daa48ade8387bf38713ff204966345a2c88f03792418ded04a1026dac0f961bc3b1bcc5856a12d

data/docker-compose.yml

@@ -1,56 +1,9 @@
 version: '2.0'
 services:
   soar-authentication-token:
-    command: /bin/bash -c 'sleep 30; bundle exec rspec -cfd ./spec/'
+    command: /bin/bash -c 'bundle exec rspec -cfd ./spec/'
     user: $UID:$UID
     build: .
     image: soar-authentication-token
     volumes:
       - .:/usr/local/src/
-    links:
-      - authentication-token-generator-service
-      - authentication-token-validator-service
-  authentication-token-generator-service:
-    build: authentication-token-generator-service
-    image: authentication-token-generator-service
-    command: soaring start -e production
-    user: $UID:$UID
-    expose:
-      - "9393"
-    volumes:
-      - ./authentication-token-generator-service:/usr/local/src/
-    environment:
-      - RACK_ENV=production
-      - ENVIRONMENT_FILE=environment_local_ecosystem.yml
-    links:
-      - authentication-token-store
-  authentication-token-validator-service:
-    build: authentication-token-validator-service
-    image: authentication-token-validator-service
-    command: soaring start -e production
-    user: $UID:$UID
-    expose:
-      - "9393"
-    volumes:
-      - ./authentication-token-validator-service:/usr/local/src/
-    environment:
-      - RACK_ENV=production
-      - ENVIRONMENT_FILE=environment_local_ecosystem.yml
-    links:
-      - authentication-token-store
-  authentication-token-store:
-    build: authentication-token-store
-    image: authentication-token-store
-    command: soaring start -e production
-    user: $UID:$UID
-    expose:
-      - "9393"
-    volumes:
-      - ./authentication-token-store:/usr/local/src/
-    environment:
-      - RACK_ENV=production
-      - ENVIRONMENT_FILE=environment_local_ecosystem.yml
-    links:
-      - authentication-token-redis-store
-  authentication-token-redis-store:
-    image: redis

data/lib/soar_authentication_token.rb

@@ -6,6 +6,10 @@ require 'soar_authentication_token/providers/jwt_token_validator'
 require 'soar_authentication_token/providers/remote_token_generator'
 require 'soar_authentication_token/providers/remote_token_validator'
 require 'soar_authentication_token/providers/static_token_validator'
+require 'soar_authentication_token/token_provider'
+require 'soar_authentication_token/providers/cookie_provider'
+require 'soar_authentication_token/providers/authorization_header_provider'
+require 'soar_authentication_token/providers/cascade_provider'
 require 'soar_authentication_token/keypair_generator'
 require 'soar_authentication_token/config_rotator'
 require 'soar_authentication_token/token_generator'

data/lib/soar_authentication_token/providers/authorization_header_provider.rb

@@ -0,0 +1,18 @@
+module SoarAuthenticationToken
+  class AuthorizationHeaderProvider
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def fetch(request)
+      return false unless request.env[@configuration['header_name']]
+
+      request.env[@configuration['header_name']]
+    end
+
+    def validate_configuration
+      raise "'cookie_name' must be configured" unless @configuration['header_name']
+    end
+  end
+end

data/lib/soar_authentication_token/providers/cascade_provider.rb

@@ -0,0 +1,34 @@
+module SoarAuthenticationToken
+  class CascadeProvider
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def fetch(request)
+      # TODO: refactor this functionality into modules - DON'T DUPLICATE!
+      fetch_by_cookie(request) || fetch_by_auth_header(request)
+    end
+
+    private
+    def fetch_by_cookie(request)
+      return false unless request.env.has_key?('HTTP_COOKIE')
+
+      cookies = HTTP::CookieJar.new.parse(request.env['HTTP_COOKIE'], 'http://irrelevant')
+      auth_cookie = cookies.find { |cookie| cookie.name == @configuration['cookie_name'] }
+      return false unless auth_cookie.is_a?(HTTP::Cookie)
+
+      auth_cookie.value
+    end
+
+    def fetch_by_auth_header(request)
+      return false unless request.env[@configuration['header_name']]
+
+      request.env[@configuration['header_name']]
+    end
+
+    def validate_configuration
+      raise "'cookie_name' must be configured" unless @configuration['header_name']
+    end
+  end
+end

data/lib/soar_authentication_token/providers/cookie_provider.rb

@@ -0,0 +1,24 @@
+require 'http-cookie'
+
+module SoarAuthenticationToken
+  class CookieProvider
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def fetch(request)
+      return false unless request.env.has_key?('HTTP_COOKIE')
+
+      cookies = HTTP::CookieJar.new.parse(request.env['HTTP_COOKIE'], 'http://irrelevant')
+      auth_cookie = cookies.find { |cookie| cookie.name == @configuration['cookie_name'] }
+      return false unless auth_cookie.is_a?(HTTP::Cookie)
+
+      auth_cookie.value
+    end
+
+    def validate_configuration
+      raise "'cookie_name' must be configured" unless @configuration['cookie_name']
+    end
+  end
+end

data/lib/soar_authentication_token/rack_middleware.rb

@@ -26,9 +26,11 @@ module SoarAuthenticationToken
 
     def get_request_information(env)
       request = Rack::Request.new env
+      auth_token = SoarAuthenticationToken::TokenProvider.new(@configuration).fetch(request)
+
       [ request.session,
         request.params,
-        request.env['HTTP_AUTHORIZATION'],
+        auth_token,
         request.params['flow_identifier'],
         { 'source_address'    => request.ip,
           'user_agent'        => request.user_agent,
@@ -42,6 +44,8 @@ module SoarAuthenticationToken
     end
 
     def validate_and_resolve_token(authentication_token, request_information, flow_identifier)
+      return false, nil, 'No token provided or retrievable from request' unless authentication_token
+
       token_validator = SoarAuthenticationToken::TokenValidator.new(@configuration)
       token_validator.validate(authentication_token: authentication_token,
                                request_information: request_information,

data/lib/soar_authentication_token/token_provider.rb

@@ -0,0 +1,25 @@
+module SoarAuthenticationToken
+  class TokenProvider
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+      instantiate_provider
+    end
+
+    def fetch(request)
+      @provider.fetch(request)
+    end
+
+    private
+
+    def instantiate_provider
+      @provider = Object::const_get(@configuration['authentication_token']['provider'])
+                      .new(@configuration['authentication_token'])
+    end
+
+    def validate_configuration
+      raise 'authentication_token provider must be configured' if @configuration['authentication_token'].nil? or
+                                                                  @configuration['authentication_token']['provider'].nil?
+    end
+  end
+end

data/lib/soar_authentication_token/version.rb

@@ -1,3 +1,3 @@
 module SoarAuthenticationToken
-  VERSION = '6.1.1'
+  VERSION = '7.0.0'
 end

data/soar_authentication_token.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'jwt', '~> 1.5', '>= 1.5.6'
   spec.add_dependency "rack", '>= 1.6.4', '< 3.0.0'
   spec.add_dependency 'authenticated_client', '~> 0.0.2'
+  spec.add_dependency 'http-cookie', '~> 1.0', '>= 1.0.3'
 
   spec.add_development_dependency 'auth_token_store_provider', "~> 1.0"
   spec.add_development_dependency 'pry', '~> 0'
@@ -32,4 +33,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "capybara", '~> 2.1', '>= 2.1.0'
   spec.add_development_dependency "simplecov", '~> 0'
   spec.add_development_dependency "simplecov-rcov", '~> 0'
+  spec.add_development_dependency 'webmock', '~> 3.0'
+  spec.add_development_dependency 'byebug'
 end

data/spec/jwt_token_validator_spec.rb

@@ -149,7 +149,7 @@ describe SoarAuthenticationToken::JwtTokenValidator do
 
       context 'given invalid token (garbage or different key)' do
         let!(:token_validation_result) {
-          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
+          token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
           iut.validate(authentication_token: token)
         }
         let!(:token_validity) { token_validation_result[0] }

data/spec/{rack_middleware_spec.rb → rack_middleware/authorization_header_spec.rb}

@@ -1,6 +1,7 @@
 require 'spec_helper'
 require 'rack'
 require 'rack/test'
+require 'webmock/rspec'
 
 describe SoarAuthenticationToken::RackMiddleware do
   include Rack::Test::Methods
@@ -38,7 +39,7 @@ describe SoarAuthenticationToken::RackMiddleware do
 
   before :all do
     @local_valid_generator,   @valid_private_key,   @valid_public_key   = create_valid_token_generator
-    @local_invalid_generator, @imvalid_private_key, @invalid_public_key = create_invalid_token_generator
+    @local_invalid_generator, @invalid_private_key, @invalid_public_key = create_invalid_token_generator
     @failure_response_json = [ { 'status' => 'fail', 'data' => {
                                  'notifications' => ['Not authenticated']
                                }
@@ -58,7 +59,11 @@ describe SoarAuthenticationToken::RackMiddleware do
     end
     @iut_configuration = {
       'provider' => 'SoarAuthenticationToken::RemoteTokenValidator',
-      'validator-url' => 'http://authentication-token-validator-service:9393/validate'
+      'validator-url' => 'http://authentication-token-validator-service:9393/validate',
+      'authentication_token' => {
+          'provider' => 'SoarAuthenticationToken::AuthorizationHeaderProvider',
+          'header_name' => 'HTTP_AUTHORIZATION'
+      }
     }
     @iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration, "test-service", nil)
   end
@@ -80,7 +85,13 @@ describe SoarAuthenticationToken::RackMiddleware do
   context "when called with a request environment" do
     context 'with no authentication token' do
       it "return with 401" do
-        opts = { 'REMOTE_ADDR' => '1.1.1.1' }
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":null,\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"7.0.0\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => nil }
         code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
         expect([code, env, body]).to eq([401, {"Content-Type" => "application/json"}, @failure_response_json])
       end
@@ -88,7 +99,13 @@ describe SoarAuthenticationToken::RackMiddleware do
 
     context 'with an invalid authentication token' do
       it "return with 401" do
-        opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => @local_invalid_generator.generate(authenticated_identifier: 'a@b.com') }
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"bad_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"7.0.0\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        opts = { 'REMOTE_ADDR' => '1.1.1.1', 'HTTP_AUTHORIZATION' => 'bad_token' }
         code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
         expect([code, env, body]).to eq([401, {"Content-Type" => "application/json"}, @failure_response_json])
       end
@@ -96,19 +113,37 @@ describe SoarAuthenticationToken::RackMiddleware do
 
     context 'with a valid authentiation token' do
       it "pass requests to the application" do
-        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+           with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"7.0.0\"}}",
+                headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+           to_return(status: 200, body: stub_response_body, headers: {})
+
+        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => 'valid_token' }
         code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
         expect([code, env, body['message']]).to eq([200, {"Content-Type"=>"application/json"}, "tested with authenticated user a@b.com" ])
       end
 
       it "populate the 'user' key in the rack session with the authenticated user" do
-        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+           with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"7.0.0\"}}",
+                headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+           to_return(status: 200, body: stub_response_body, headers: {})
+
+        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => 'valid_token' }
         code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
         expect(body['user']).to eq('a@b.com')
       end
 
       it "populate the 'auth_token_meta' key in the rack session with the hash containing the token meta" do
-        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') }
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => 'a@b.com' }, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+           with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":null,\"service\":\"test-service\",\"resource\":\"/\",\"method\":\"GET\",\"base_url\":\"http://service\",\"version\":\"7.0.0\"}}",
+                headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+           to_return(status: 200, body: stub_response_body, headers: {})
+
+        opts = { 'REMOTE_ADDR' => '1.1.1.1',  'HTTP_AUTHORIZATION' => 'valid_token' }
         code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
         expect(body['auth_token_meta']['authenticated_identifier']).to eq('a@b.com')
       end

data/spec/remote_token_validator_spec.rb

@@ -1,5 +1,6 @@
 require 'spec_helper'
 require 'yaml'
+require 'webmock/rspec'
 
 describe SoarAuthenticationToken::RemoteTokenValidator do
   subject { SoarAuthenticationToken::RemoteTokenValidator }
@@ -36,67 +37,92 @@ describe SoarAuthenticationToken::RemoteTokenValidator do
   describe "#validate" do
     let!(:iut) { subject.new(@remote_validator_configuration) }
     context 'given valid token' do
-      let!(:token_validation_result) {
-        token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-        iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
-      }
-      let!(:token_validity) { token_validation_result[0] }
-      let!(:token_meta)     { token_validation_result[1] }
-      let!(:message)        { token_validation_result[2] }
-
       it 'should indicate valid if the token is valid' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => @test_identifier }, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":\"some shiny browser\",\"service\":\"test-service\",\"resource\":\"/\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        token = 'valid_token'
+        token_validity, token_meta, message = iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
+
         expect(token_validity).to eq true
       end
 
       it 'should provide the authenticated_identifier if the token is valid' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => true, 'token_meta' => { 'authenticated_identifier' => @test_identifier }, 'notifications' => ['none'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"valid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":\"some shiny browser\",\"service\":\"test-service\",\"resource\":\"/\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        token = 'valid_token'
+        token_validity, token_meta, message = iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
+
         expect(token_meta['authenticated_identifier']).to eq @test_identifier
       end
     end
 
     context 'given invalid (generalized) token' do
-      let!(:token_validation_result) {
-        token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-        iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
-      }
-      let!(:token_validity) { token_validation_result[0] }
-      let!(:token_meta)     { token_validation_result[1] }
-      let!(:message)        { token_validation_result[2] }
-
       it 'indicate token is invalid' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['Token decode/verification failure'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"invalid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":\"some shiny browser\",\"service\":\"test-service\",\"resource\":\"/\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        token = 'invalid_token'
+        token_validity, token_meta, message = iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
+
         expect(token_validity).to eq false
       end
 
       it 'does not provide the token meta' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['Token decode/verification failure'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"invalid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":\"some shiny browser\",\"service\":\"test-service\",\"resource\":\"/\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        token = 'invalid_token'
+        token_validity, token_meta, message = iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
+
         expect(token_meta).to eq nil
       end
 
       it 'provides a message indicating the token is invalid' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['Token decode/verification failure'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         with(body: "{\"authentication_token\":\"invalid_token\",\"request_information\":{\"source_address\":\"1.1.1.1\",\"user_agent\":\"some shiny browser\",\"service\":\"test-service\",\"resource\":\"/\"}}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'User-Agent'=>'Ruby'}).
+         to_return(status: 200, body: stub_response_body, headers: {})
+
+        token = 'invalid_token'
+        token_validity, token_meta, message = iut.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: nil)
+
         expect(message).to match /Token decode\/verification failure/
       end
     end
 
     context 'given invalid token validator url that will result in timeouts' do
-      let!(:invalid_validator_configuration) {{
-        'provider' => 'SoarAuthenticationToken::RemoteTokenValidator',
-        'validator-url' => 'http://auth-token-validator.auto-h.net/validate',
-        'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
-      }}
-      let!(:iut) { subject.new(invalid_validator_configuration) }
-      let!(:valid_token) {
-        token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-        token
-      }
       it 'raise error after attempt that timeout has occured' do
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['Token decode/verification failure'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         to_timeout.times(2)
+
         expect{
-          iut.validate(authentication_token: valid_token, request_information: request_information_from_valid_source, flow_identifier: nil)
+          iut.validate(authentication_token: 'some_token', request_information: {}, flow_identifier: nil)
         }.to raise_error Timeout::Error
       end
       it 'by default attempts 2 times with 3 second timeout' do
-        start_time = Time.now
+        stub_response_body = {'status' => 'success', 'data' => { 'token_validity' => false, 'token_meta' => nil, 'notifications' => ['Token decode/verification failure'] }}.to_json
+        stub_request(:post, "http://authentication-token-validator-service:9393/validate?flow_identifier").
+         to_timeout.times(2)
+
         expect{
-          iut.validate(authentication_token: valid_token, request_information: request_information_from_valid_source, flow_identifier: nil)
+          iut.validate(authentication_token: 'some_token', request_information: {}, flow_identifier: nil)
         }.to raise_error Timeout::Error
-        expect(Time.now - start_time).to be_within(1).of 6
       end
     end
   end

data/spec/token_generator_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'webmock/rspec'
 
 describe SoarAuthenticationToken::TokenGenerator do
   before :all do
@@ -59,18 +60,16 @@ describe SoarAuthenticationToken::TokenGenerator do
 
   context "when generating a new token remotely" do
     it 'should request the token from the configured remote service' do
+      stub_response_body = {'status' => 'success', 'data' => { 'token' => 'abc' }}.to_json
+      stub_request(:post, "http://authentication-token-generator-service:9393/generate?flow_identifier=test-flow-id").
+        with(body: "{\"authenticated_identifier\":\"a@b.co.za\"}",
+             headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Authorization'=>'test_ecosystem_token_for_auth_token_aaapi_authenticator_service', 'User-Agent'=>'Ruby'}).
+        to_return(status: 200, body: stub_response_body, headers: {})
+
       @iut = SoarAuthenticationToken::TokenGenerator.new(@configuration_remote_generator)
       @iut.inject_store_provider(@test_store)
-
       token, token_generator_meta = @iut.generate(authenticated_identifier: @test_authenticated_identifier, flow_identifier: 'test-flow-id')
-
-      @validator = SoarAuthenticationToken::TokenValidator.new(@configuration_remote_validator)
-      @iut.inject_store_provider(@test_store)
-      token_validity, token_validator_meta, messages = @validator.validate(authentication_token: token, request_information: request_information_from_valid_source, flow_identifier: 'test-flow-id')
-
-      expect(token_validity).to eq(true)
-      expect(token_validator_meta['authenticated_identifier']).to eq(@test_authenticated_identifier)
-      expect(messages).to match(/Valid token/)
+      expect(token).to eq('abc')
     end
   end
 
@@ -82,16 +81,22 @@ describe SoarAuthenticationToken::TokenGenerator do
     }}
     let!(:iut) { SoarAuthenticationToken::TokenGenerator.new(invalid_generator_configuration) }
     it 'raise error after attempt that timeout has occured' do
+      stub_request(:post, "http://auth-token-generator.auto-h.net/generate?flow_identifier=test-flow-id").
+        with(body: "{\"authenticated_identifier\":\"a@b.co.za\"}",
+             headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Authorization'=>'test_ecosystem_token_for_auth_token_aaapi_authenticator_service', 'User-Agent'=>'Ruby'}).
+        to_timeout.times(2)
       expect{
         iut.generate(authenticated_identifier: @test_authenticated_identifier, flow_identifier: 'test-flow-id')
       }.to raise_error Timeout::Error
     end
     it 'by default attempts 2 times with 3 second timeout' do
-      start_time = Time.now
+       stub_request(:post, "http://auth-token-generator.auto-h.net/generate?flow_identifier=test-flow-id").
+         with(body: "{\"authenticated_identifier\":\"a@b.co.za\"}",
+              headers: {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Authorization'=>'test_ecosystem_token_for_auth_token_aaapi_authenticator_service', 'User-Agent'=>'Ruby'}).
+         to_timeout.times(2)
       expect{
         iut.generate(authenticated_identifier: @test_authenticated_identifier, flow_identifier: 'test-flow-id')
       }.to raise_error Timeout::Error
-      expect(Time.now - start_time).to be_within(1).of 6
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: soar_authentication_token
 version: !ruby/object:Gem::Version
-  version: 6.1.1
+  version: 7.0.0
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-12 00:00:00.000000000 Z
+date: 2017-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: soar_xt
@@ -78,6 +78,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.0.2
+- !ruby/object:Gem::Dependency
+  name: http-cookie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: auth_token_store_provider
   requirement: !ruby/object:Gem::Requirement
@@ -196,6 +216,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Interface to the authentication token service
 email:
 - barney.de.villiers@hetzner.co.za
@@ -208,7 +256,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".gitmodules"
 - ".rspec"
 - ".ruby-gemset"
 - ".ruby-version"
@@ -225,6 +272,9 @@ files:
 - lib/soar_authentication_token.rb
 - lib/soar_authentication_token/config_rotator.rb
 - lib/soar_authentication_token/keypair_generator.rb
+- lib/soar_authentication_token/providers/authorization_header_provider.rb
+- lib/soar_authentication_token/providers/cascade_provider.rb
+- lib/soar_authentication_token/providers/cookie_provider.rb
 - lib/soar_authentication_token/providers/jwt_token_generator.rb
 - lib/soar_authentication_token/providers/jwt_token_validator.rb
 - lib/soar_authentication_token/providers/remote_token_generator.rb
@@ -232,6 +282,7 @@ files:
 - lib/soar_authentication_token/providers/static_token_validator.rb
 - lib/soar_authentication_token/rack_middleware.rb
 - lib/soar_authentication_token/token_generator.rb
+- lib/soar_authentication_token/token_provider.rb
 - lib/soar_authentication_token/token_validator.rb
 - lib/soar_authentication_token/version.rb
 - retry.sh
@@ -244,7 +295,7 @@ files:
 - spec/config_rotator_spec.rb
 - spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
-- spec/rack_middleware_spec.rb
+- spec/rack_middleware/authorization_header_spec.rb
 - spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
 - spec/static_token_validator_spec.rb
@@ -278,7 +329,7 @@ test_files:
 - spec/config_rotator_spec.rb
 - spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
-- spec/rack_middleware_spec.rb
+- spec/rack_middleware/authorization_header_spec.rb
 - spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
 - spec/static_token_validator_spec.rb

data/.gitmodules

@@ -1,12 +0,0 @@
-[submodule "authentication-token-generator-service"]
-	path = authentication-token-generator-service
-	url = git@gitlab.host-h.net:hetznerZA/authentication-token-generator-service.git
-	branch = master
-[submodule "authentication-token-validator-service"]
-	path = authentication-token-validator-service
-	url = git@gitlab.host-h.net:hetznerZA/authentication-token-validator-service.git
-	branch = master
-[submodule "authentication-token-store"]
-	path = authentication-token-store
-	url = git@gitlab.host-h.net:hetznerZA/authentication-token-store.git
-	branch = master