sso 0.1.0.beta2 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c53a1e9c7573ea3d6e97727aa00e435c485b3d7
-  data.tar.gz: ff596d704a4e53c462d45251d64108cb85918d0f
+  metadata.gz: 3427c7a74fc824e4a590aae4dedb206cd0c3f89c
+  data.tar.gz: 13355ce7e47c5088774fc5608b453dee91578136
 SHA512:
-  metadata.gz: 4399983b1f108c80f30c497f5db66d406c95168271fcaa5c559e6b8b22f4ae99772b721db7b4e325694b896b29ef16e48a8cbc6a17e7df06d00df62ad5c87393
-  data.tar.gz: 2895cdf553890ae507ca160e5f40afc6b5c098ac461a1cf458bd1e7d73befcd4232c476fa5570e2e9e369fdadcbc2fd8737a9cb64eb66f9af995e9a2727a8191
+  metadata.gz: 976e470dbb0a78ac0184a6a5d4381af04008cf158516d4b9106b08ad3eb2865257e6da196ba4affdd4e2318e50bb1f4aeed67e5b8fd6c47c4b2a8bfe1c96b5ff
+  data.tar.gz: c4cf08a461736d1df4ff3ff88a69fa6c424354cfe1739d6e561839b3f7f9798484cc75b86e20e48f0d7556441e4bb71757c033efd0deb0dbafcdb7868392fd18

data/lib/sso/benchmarking.rb

@@ -1,4 +1,5 @@
 module SSO
+  # Helper to log results of benchmarks.
   module Benchmarking
     include ::SSO::Logging
 

data/lib/sso/client/authentications/passport.rb

@@ -1,6 +1,7 @@
 module SSO
   module Client
     module Authentications
+      # Logic to authenticate a Passport provided by an outsider app to an insider app.
       class Passport
         include ::SSO::Logging
         include ::SSO::Benchmarking
@@ -12,11 +13,11 @@ module SSO
         end
 
         def authenticate
-          debug { "Performing authentication..." }
+          debug { 'Performing authentication...' }
           result = authenticate!
 
           if result.success?
-            debug { "Authentication succeeded." }
+            debug { 'Authentication succeeded.' }
             return result
           end
 
@@ -65,7 +66,18 @@ module SSO
         end
 
         def verifier
-          ::SSO::Client::PassportVerifier.new passport_id: passport_id, passport_state: 'refresh', passport_secret: chip_passport_secret, user_ip: ip, user_agent: agent, device_id: device_id
+          ::SSO::Client::PassportVerifier.new verifier_options
+        end
+
+        def verifier_options
+          {
+            passport_id: passport_id,
+            passport_state: 'refresh',
+            passport_secret: chip_passport_secret,
+            user_ip: ip,
+            user_agent: agent,
+            device_id: device_id,
+          }
         end
 
         def verification
@@ -78,7 +90,7 @@ module SSO
         end
 
         def signature_request
-          debug { "Verifying signature of #{request.request_method.inspect} #{request.path.inspect} #{request.params.inspect}"}
+          debug { "Verifying signature of #{request.request_method.inspect} #{request.path.inspect} #{request.params.inspect}" }
           ::Signature::Request.new request.request_method, request.path, request.params
         end
 
@@ -93,7 +105,7 @@ module SSO
         end
 
         def chip_decryption
-          debug { "Validating chip decryptability of raw chip #{chip.inspect}"}
+          debug { "Validating chip decryptability of raw chip #{chip.inspect}" }
           yield Operations.failure(:missing_chip, object: params) if chip.blank?
           yield Operations.failure(:missing_chip_key) unless chip_key
           yield Operations.failure(:missing_chip_iv) unless chip_iv
@@ -115,7 +127,7 @@ module SSO
             decipher.key = chip_key
             decipher.iv = chip_iv
             plaintext = decipher.update(chip_ciphertext) + decipher.final
-            logger.debug { "Decryptied chip plaintext #{plaintext.inspect} using key #{chip_key.inspect} and iv #{chip_iv.inspect} and ciphertext #{chip_ciphertext.inspect}"}
+            logger.debug { "Decryptied chip plaintext #{plaintext.inspect} using key #{chip_key.inspect} and iv #{chip_iv.inspect} and ciphertext #{chip_ciphertext.inspect}" }
             plaintext
           end
         end
@@ -130,12 +142,12 @@ module SSO
 
         def chip_belongs_to_passport?
           unless passport_id
-            debug { "Unknown passport_id" }
+            debug { 'Unknown passport_id' }
             return false
           end
 
           unless chip_passport_id
-            debug { "Unknown passport_id" }
+            debug { 'Unknown passport_id' }
             return false
           end
 
@@ -180,15 +192,11 @@ module SSO
           params['passport_chip']
         end
 
-        #def warden
-        #  request.env['warden']
-        #end
-
         def chip_digest
           ::OpenSSL::Cipher::AES256.new :CBC
         end
 
-        # TODO Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(
+        # TODO: Use ActionDispatch::Request#remote_ip
         def ip
           request.ip
         end

data/lib/sso/client/passport_verifier.rb

@@ -15,7 +15,7 @@ module SSO
       end
 
       def call
-        get_response { |failure| return failure }
+        fetch_response { |failure| return failure }
         interpret_response
 
       rescue JSON::ParserError
@@ -25,7 +25,7 @@ module SSO
 
       private
 
-      def get_response
+      def fetch_response
         yield Operations.failure(:server_unreachable, object: response)                   unless response.code == 200
         yield Operations.failure(:server_response_not_parseable, object: response)        unless parsed_response
         yield Operations.failure(:server_response_missing_success_flag, object: response) unless response_has_success_flag?

data/lib/sso/server.rb

@@ -10,7 +10,6 @@ require 'sso'
 require 'sso/server/errors'
 require 'sso/server/passport'
 require 'sso/server/passports'
-require 'sso/server/geolocations'
 require 'sso/server/engine'
 
 require 'sso/server/authentications/passport'

data/lib/sso/server/configuration.rb

@@ -57,7 +57,10 @@ module SSO
     def environment
       @environment ||= default_environment
     end
-    attr_writer :environment
+
+    def environment=(new_environment)
+      @environment = new_environment.to_s
+    end
 
     private
 
@@ -92,14 +95,13 @@ module SSO
     end
 
     def default_human_readable_location_for_ip
-      proc do
+      proc do |ip|
         'Unknown'
       end
     end
 
     def default_session_backend
       fail('You need to configure session_backend, see SSO::Configuration for more info.') unless %w(developmen test).include?(environment)
-     # Moneta.new :Memory
     end
 
     def default_passport_verification_timeout_ms

data/lib/sso/server/middleware/passport_destruction.rb

@@ -23,7 +23,7 @@ module SSO
           payload = { success: true, code: revocation.code }
           debug { "Revoked Passport with ID #{passport_id.inspect}" }
 
-          return [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
+          [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
         end
 
         def json_code(code)

data/lib/sso/server/middleware/passport_exchange.rb

@@ -46,9 +46,9 @@ module SSO
           passport.create_chip!
 
           payload = { success: true, code: :here_is_your_passport, passport: passport.export }
-          debug { "Created Passport #{passport.id}, sending it including user #{passport.user.inspect}}"}
+          debug { "Created Passport #{passport.id}, sending it including user #{passport.user.inspect}}" }
 
-          return [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
+          [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
         end
 
         def json_code(code)

data/lib/sso/server/passport.rb

@@ -54,7 +54,7 @@ module SSO
       end
 
       def load_user!
-        @user = SSO.config.find_user_for_passport.call passport: self.reload
+        @user = SSO.config.find_user_for_passport.call passport: reload
       end
 
       def create_chip!
@@ -113,7 +113,7 @@ module SSO
       end
 
       def update_location
-        location_name = ::SSO::Server::Geolocations.human_readable_location_for_ip ip
+        location_name = ::SSO.config.human_readable_location_for_ip.call(ip)
         debug { "Updating geolocation for #{ip} which is #{location_name}" }
         self.location = location_name
       end

data/lib/sso/server/warden/hooks/before_logout.rb

@@ -16,6 +16,7 @@ module SSO
                 new(user: user, warden: warden, options: options).call
               rescue => exception
                 ::SSO.config.exception_handler.call exception
+                nil
               end
             end
           end
@@ -30,6 +31,7 @@ module SSO
 
             error { 'Could not revoke the Passports.' } if revoking.failure?
             debug { 'Finished.' }
+            nil
           end
         end
       end

data/spec/dummy/config/initializers/warden.rb

@@ -24,7 +24,6 @@
   end
 end
 
-
 # POI
 Warden::Manager.after_authentication(&::SSO::Server::Warden::Hooks::AfterAuthentication.to_proc)
 Warden::Manager.before_logout(&::SSO::Server::Warden::Hooks::BeforeLogout.to_proc)

data/spec/lib/sso/client/warden/hooks/after_fetch_spec.rb

@@ -29,6 +29,22 @@ RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true
     allow(server_user).to receive(:tags).and_return %w(wears_glasses is_working_from_home never_gives_up)
   end
 
+  context 'invalid passport' do
+    let(:passport_secret) { SecureRandom.uuid }
+
+    it 'does not verify the passport' do
+      expect(client_passport).to_not be_verified
+      hook.call
+      expect(client_passport).to_not be_verified
+    end
+
+    it 'does not modify the passport' do
+      expect(client_passport).to_not be_modified
+      hook.call
+      expect(client_passport).to_not be_modified
+    end
+  end
+
   context 'user does not change' do
     it 'verifies the passport' do
       expect(client_passport).to_not be_verified

data/spec/lib/sso/client/warden/strategies/passport_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+
+RSpec.describe SSO::Client::Warden::Strategies::Passport do
+
+  let(:env)      { env_with_params }
+  let(:strategy) { described_class.new env }
+
+  describe '#valid?' do
+    context 'with :auth_version and :state' do
+      let(:env) { env_with_params '/', auth_version: '4.2', state: 'abc' }
+
+      it 'is true' do
+        expect(strategy).to be_valid
+      end
+    end
+
+    context 'blank :auth_version' do
+      let(:env) { env_with_params '/', auth_version: '', state: 'abc' }
+
+      it 'is false' do
+        expect(strategy).not_to be_valid
+      end
+    end
+
+    context 'blank :state' do
+      let(:env) { env_with_params '/', auth_version: '5.5', state: '' }
+
+      it 'is false' do
+        expect(strategy).not_to be_valid
+      end
+    end
+
+    context 'nil :auth_version' do
+      let(:env) { env_with_params '/', state: 'xzy' }
+
+      it 'is false' do
+        expect(strategy).not_to be_valid
+      end
+    end
+  end
+
+  describe '#authenticate!' do
+
+    context 'invalid passport' do
+      it 'is a custom response' do
+        expect(strategy.authenticate!).to eq :custom
+      end
+    end
+
+    it 'fails' do
+      expect(strategy).to receive(:custom!) do |rack_array|
+        expect(rack_array.size).to eq 3
+        expect(rack_array[0]).to eq 200
+        expect(rack_array[1]).to eq 'Content-Type' => 'application/json'
+        expect(rack_array[2]).to eq ['{"success":true,"code":"passport_verification_failed"}']
+      end
+      strategy.authenticate!
+    end
+
+    context 'valid passport' do
+      let(:operation)      { Operations.success :some_code, object: :authentication_object }
+      let(:authentication) { double :authentication, authenticate: operation }
+
+      before do
+        allow(::SSO::Client::Authentications::Passport).to receive(:new).and_return authentication
+        allow(authentication).to receive(:success?).and_return true
+      end
+
+      it 'is a success response' do
+        expect(strategy.authenticate!).to eq :success
+      end
+
+      it 'succeeds' do
+        expect(strategy).to receive(:success!).with :authentication_object
+        strategy.authenticate!
+      end
+    end
+
+  end
+
+end

data/spec/lib/sso/server/configuration_spec.rb

@@ -0,0 +1,156 @@
+require 'spec_helper'
+
+RSpec.describe SSO::Configuration do
+
+  let(:config) { described_class.new }
+
+  describe '#human_readable_location_for_ip' do
+    let(:lookup) { SSO.config.human_readable_location_for_ip }
+
+    context 'default' do
+      it 'is a proc' do
+        expect(lookup).to be_instance_of Proc
+      end
+
+      it 'is a String' do
+        expect(lookup.call('198.51.100.88')).to eq 'Unknown'
+      end
+    end
+
+    context 'customized' do
+      before do
+        SSO.config.human_readable_location_for_ip = proc { |ip| "Location of #{ip}" }
+      end
+
+      it 'is a custom String' do
+        expect(lookup.call('198.51.100.89')).to eq 'Location of 198.51.100.89'
+      end
+    end
+  end
+
+  describe '#environment' do
+    context 'with Rails' do
+      it 'is the Rails environment' do
+        expect(config.environment).to be ::Rails.env
+      end
+    end
+
+    context 'without Rails' do
+      before do
+        hide_const 'Rails'
+        stub_const 'ENV', 'RACK_ENV' => 'rackish'
+      end
+
+      it 'is the RACK_ENV' do
+        expect(config.environment).to eq 'rackish'
+      end
+
+      context 'without RACK_ENV' do
+        before do
+          stub_const 'ENV', {}
+        end
+
+        it 'is unknown' do
+          expect(config.environment).to eq 'unknown'
+        end
+      end
+    end
+  end
+
+  context 'test environment' do
+
+    describe '#logger' do
+      context 'with Rails' do
+        it 'is the Rails logger' do
+          expect(config.logger).to be ::Rails.logger
+        end
+
+        it 'is on the Rails logger level' do
+          expect(config.logger.level).to be ::Rails.logger.level
+        end
+      end
+
+      context 'without Rails' do
+        before do
+          hide_const 'Rails'
+        end
+
+        it 'is a Logger' do
+          expect(config.logger).to be_instance_of ::Logger
+        end
+
+        it 'is on UNKNOWN level' do
+          expect(config.logger.level).to eq ::Logger::UNKNOWN
+        end
+      end
+    end
+
+  end
+
+  context 'development environment' do
+    before do
+      config.environment = :development
+    end
+
+    describe '#logger' do
+      context 'with Rails' do
+        it 'is the Rails logger' do
+          expect(config.logger).to be ::Rails.logger
+        end
+
+        it 'is on the Rails logger level' do
+          expect(config.logger.level).to be ::Rails.logger.level
+        end
+      end
+
+      context 'without Rails' do
+        before do
+          hide_const 'Rails'
+        end
+
+        it 'is a Logger' do
+          expect(config.logger).to be_instance_of ::Logger
+        end
+
+        it 'is on DEBUG level' do
+          expect(config.logger.level).to eq ::Logger::DEBUG
+        end
+      end
+    end
+
+  end
+
+  context 'production environment' do
+    before do
+      config.environment = :production
+    end
+
+    describe '#logger' do
+      context 'with Rails' do
+        it 'is the Rails logger' do
+          expect(config.logger).to be ::Rails.logger
+        end
+
+        it 'is on the Rails logger level' do
+          expect(config.logger.level).to be ::Rails.logger.level
+        end
+      end
+
+      context 'without Rails' do
+        before do
+          hide_const 'Rails'
+        end
+
+        it 'is a Logger' do
+          expect(config.logger).to be_instance_of ::Logger
+        end
+
+        it 'is on WARN level' do
+          expect(config.logger.level).to eq ::Logger::WARN
+        end
+      end
+    end
+
+  end
+
+end

data/spec/lib/sso/server/warden/hooks/before_logout_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+RSpec.describe SSO::Server::Warden::Hooks::BeforeLogout do
+
+  let(:proc)     { described_class.to_proc }
+  let(:calling)  { proc.call(user, warden, options) }
+  let(:user)     { double :user }
+  let(:request)  { double :request, params: params.stringify_keys }
+  let(:params)   { { passport_id: passport.id } }
+  let(:warden)   { double :warden, request: request }
+  let(:options)  { double :options }
+  let(:passport) { create :passport }
+
+  before do
+    Timecop.freeze
+  end
+
+  describe '.to_proc' do
+    it 'is a proc' do
+      expect(proc).to be_instance_of Proc
+    end
+  end
+
+  describe '#call' do
+    it 'accepts the three warden arguments and returns nothing' do
+      expect(calling).to be_nil
+    end
+
+    it 'revokes the passport' do
+      calling
+      passport.reload
+      expect(passport.revoked_at.to_i).to eq Time.now.to_i
+      expect(passport.revoke_reason).to eq 'logout'
+    end
+
+    it 'survives an exception' do
+      allow(described_class).to receive(:new).and_raise NoMethodError, 'I am a problem'
+      expect(::SSO.config.logger).to receive(:error)
+      expect(calling).to be_nil
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -2,6 +2,7 @@ ENV['RACK_ENV'] = 'test'
 
 unless ENV['TRAVIS']
   require 'simplecov'
+  SimpleCov.add_filter '/spec/'
   SimpleCov.start
 end
 

data/spec/support/sso/test/helpers.rb

@@ -4,6 +4,13 @@ module SSO
   module Test
     module Helpers
 
+      # Inspired by Warden::Spec::Helpers
+      def env_with_params(path = "/", params = {}, env = {})
+        method = params.delete(:method) || "GET"
+        env = { 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => "#{method}" }.merge(env)
+        Rack::MockRequest.env_for "#{path}?#{Rack::Utils.build_query(params)}", env
+      end
+
       def redirect_httparty_to_rails_stack
         redirect_httparty :get
         redirect_httparty :post

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sso
 version: !ruby/object:Gem::Version
-  version: 0.1.0.beta2
+  version: 0.1.1
 platform: ruby
 authors:
 - halo
@@ -276,7 +276,6 @@ files:
 - lib/sso/server/doorkeeper/resource_owner_authenticator.rb
 - lib/sso/server/engine.rb
 - lib/sso/server/errors.rb
-- lib/sso/server/geolocations.rb
 - lib/sso/server/middleware/passport_destruction.rb
 - lib/sso/server/middleware/passport_exchange.rb
 - lib/sso/server/middleware/passport_verification.rb
@@ -326,9 +325,12 @@ files:
 - spec/integration/oauth/password_spec.rb
 - spec/lib/sso/client/authentications/passport_spec.rb
 - spec/lib/sso/client/warden/hooks/after_fetch_spec.rb
+- spec/lib/sso/client/warden/strategies/passport_spec.rb
 - spec/lib/sso/logging_spec.rb
+- spec/lib/sso/server/configuration_spec.rb
 - spec/lib/sso/server/middleware/passport_destruction_spec.rb
 - spec/lib/sso/server/passports_spec.rb
+- spec/lib/sso/server/warden/hooks/before_logout_spec.rb
 - spec/spec_helper.rb
 - spec/support/factories/doorkeeper/application.rb
 - spec/support/factories/server/passport.rb
@@ -351,9 +353,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.4.5
@@ -402,9 +404,12 @@ test_files:
 - spec/integration/oauth/password_spec.rb
 - spec/lib/sso/client/authentications/passport_spec.rb
 - spec/lib/sso/client/warden/hooks/after_fetch_spec.rb
+- spec/lib/sso/client/warden/strategies/passport_spec.rb
 - spec/lib/sso/logging_spec.rb
+- spec/lib/sso/server/configuration_spec.rb
 - spec/lib/sso/server/middleware/passport_destruction_spec.rb
 - spec/lib/sso/server/passports_spec.rb
+- spec/lib/sso/server/warden/hooks/before_logout_spec.rb
 - spec/spec_helper.rb
 - spec/support/factories/doorkeeper/application.rb
 - spec/support/factories/server/passport.rb

data/lib/sso/server/geolocations.rb

@@ -1,10 +0,0 @@
-module SSO
-  module Server
-    module Geolocations
-      def self.human_readable_location_for_ip(_)
-        # Implement your favorite GeoIP lookup here
-        'New York'
-      end
-    end
-  end
-end