super-identity 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 8014580c6c6ecc998030ccf73fcaa0cf9a71cf39
4
+ data.tar.gz: c24dd3635bb7b9e3e2d67c1a5d9983b601c79ea9
5
+ SHA512:
6
+ metadata.gz: 26c13ad7eabae99636f42b36816db1e6d8261df11e16a2d09f1fc8a8b80d44ec07d9f7b028776a68ebad943f167c071d1e9ef9c9e7419c8eff5448affb4558d7
7
+ data.tar.gz: 3bbb8994a3813b97b1167307e360457e3d4b8f48f5a4246bb824c6107d32941a9aa56f8f103a2183d0e8bf0ebf72442920ec672c9cb8fa5a809fd37e188424bd
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
@@ -0,0 +1,6 @@
1
+ AllCops:
2
+ TargetRubyVersion: 2.3
3
+
4
+ Style/FileName:
5
+ Exclude:
6
+ - lib/super-identity.rb
@@ -0,0 +1,7 @@
1
+ require 'codeclimate-test-reporter'
2
+ CodeClimate::TestReporter.start
3
+
4
+ SimpleCov.start do
5
+ add_filter('spec')
6
+ minimum_coverage 100
7
+ end
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+ source 'https://rubygems.org'
3
+ gemspec
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+ guard :bundler do
3
+ watch('Gemfile')
4
+ watch('super-identity.gemspec')
5
+ end
6
+
7
+ guard :rspec, cmd: 'bundle exec rspec' do
8
+ require 'guard/rspec/dsl'
9
+ dsl = Guard::RSpec::Dsl.new(self)
10
+
11
+ rspec = dsl.rspec
12
+ watch(rspec.spec_helper) { rspec.spec_dir }
13
+ watch(rspec.spec_support) { rspec.spec_dir }
14
+ watch(rspec.spec_files)
15
+
16
+ ruby = dsl.ruby
17
+ dsl.watch_spec_files_for(ruby.lib_files)
18
+ end
19
+
20
+ guard :rubocop do
21
+ watch(/.+\.rb$/)
22
+ watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
23
+ end
data/LICENSE ADDED
@@ -0,0 +1,202 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
@@ -0,0 +1,202 @@
1
+ # Super Identity
2
+
3
+ [![Gem Version][GV img]][Gem Version]
4
+ [![Build Status][BS img]][Build Status]
5
+ [![Dependency Status][DS img]][Dependency Status]
6
+ [![Code Climate][CC img]][Code Climate]
7
+ [![Coverage Status][CS img]][Code Climate]
8
+
9
+ [Gem Version]: https://rubygems.org/gems/super-identity
10
+ [Build Status]: https://codeship.com/projects/152151
11
+ [Dependency Status]: https://gemnasium.com/ausaccessfed/super-identity
12
+ [Code Climate]: https://codeclimate.com/github/ausaccessfed/super-identity
13
+
14
+ [GV img]: https://img.shields.io/gem/v/super-identity.svg
15
+ [BS img]: https://img.shields.io/codeship/5e340b30-fd4e-0133-ed5c-7e176884dbc2/develop.svg
16
+ [DS img]: https://img.shields.io/gemnasium/ausaccessfed/super-identity.svg
17
+ [CC img]: https://img.shields.io/codeclimate/github/ausaccessfed/super-identity.svg
18
+ [CS img]: https://img.shields.io/codeclimate/coverage/github/ausaccessfed/super-identity.svg
19
+
20
+ [AAF Identity Enhancement](https://github.com/ausaccessfed/identity-enhancement-service.git)
21
+ (IdE) client library for Ruby applications.
22
+
23
+ ![](http://i.imgur.com/oYfImQj.png)
24
+
25
+ ```
26
+ Copyright 2016, Australian Access Federation
27
+
28
+ Licensed under the Apache License, Version 2.0 (the "License");
29
+ you may not use this file except in compliance with the License.
30
+ You may obtain a copy of the License at
31
+
32
+ http://www.apache.org/licenses/LICENSE-2.0
33
+
34
+ Unless required by applicable law or agreed to in writing, software
35
+ distributed under the License is distributed on an "AS IS" BASIS,
36
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
37
+ See the License for the specific language governing permissions and
38
+ limitations under the License.
39
+ ```
40
+
41
+ ## Installation
42
+
43
+ Add the `super-identity` dependency to your application's `Gemfile`:
44
+
45
+ ```
46
+ gem 'super-identity'
47
+ ```
48
+
49
+ Use Bundler to install the dependency:
50
+
51
+ ```
52
+ bundle install
53
+ ```
54
+
55
+ ## Querying IdE from your application
56
+
57
+ AAF typically uses this library along with [rapid-rack][] or [shib-rack][],
58
+ although it can be used anywhere that you have access to a user's
59
+ `auEduPersonSharedToken`. This example shows a simple `SubjectReceiver`
60
+ class for rapid-rack which is using `SuperIdentity::Client` to query IdE:
61
+
62
+ [rapid-rack]: https://github.com/ausaccessfed/rapid-rack
63
+ [shib-rack]: https://github.com/ausaccessfed/shib-rack
64
+
65
+ ```ruby
66
+ class SubjectReceiver
67
+ # Include the client mixin, which provides the `identity_enhancements` and
68
+ # `entitlements` methods. We'll be using `entitlements`.
69
+ include SuperIdentity::Client
70
+
71
+ # Map attributes from the attribute claim, as normal. In particular note we
72
+ # have the 'auedupersonsharedtoken' here, which is needed when querying IdE.
73
+ def map_attributes(_env, attrs)
74
+ {
75
+ shared_token: attrs['auedupersonsharedtoken'],
76
+ display_name: attrs['displayname'],
77
+ mail: attrs['mail']
78
+ }
79
+ end
80
+
81
+ # Provision a Subject based on the attributes, and call the `assign_roles`
82
+ # method defined below.
83
+ def subject(_env, attrs)
84
+ subject = Subject.find_or_initialize_by(shared_token: attrs[:shared_token])
85
+ assign_roles(subject)
86
+ subject.update!(attrs)
87
+ end
88
+
89
+ # Query IdE, and set the admin flag on the Subject based on the presence of
90
+ # the entitlement we're using for authorization.
91
+ def assign_roles(subject)
92
+ # Here, `values` is an Array of String values which represent the
93
+ # entitlements that were returned from IdE.
94
+ values = entitlements(subject.shared_token)
95
+
96
+ # Usually you'd do something more sophisticated, but boolean access control
97
+ # works fine in a README :)
98
+ subject.admin = values.include?('urn:mace:aaf.edu.au:ide:test-only')
99
+ end
100
+
101
+ # SuperIdentity::Client requires that this method be defined on the including
102
+ # class. To access IdE, it needs the hostname and an client keypair. The
103
+ # certificate must be issued by https://certs.aaf.edu.au and granted access to
104
+ # the ide[.test].aaf.edu.au, otherwise requests will fail.
105
+ def ide_config
106
+ {
107
+ host: 'ide.test.aaf.edu.au',
108
+ cert: 'config/api-client.crt',
109
+ key: 'config/api-client.key'
110
+ }
111
+ end
112
+ end
113
+ ```
114
+
115
+ ## Testing code which queries IdE
116
+
117
+ A test helper is provided which uses [webmock][] to return a set of entitlements
118
+ which are provided by the test cases.
119
+
120
+ [webmock]: https://github.com/bblimke/webmock
121
+
122
+ Example setup in RSpec:
123
+
124
+ ```ruby
125
+ # spec/spec_helper.rb
126
+
127
+ require 'webmock/rspec'
128
+
129
+ RSpec.configure do |config|
130
+ # Include the `TestStub` mixin, which provides the `stub_ide` method for use
131
+ # by your test cases.
132
+ config.include SuperIdentity::TestStub
133
+ end
134
+ ```
135
+
136
+ The complete test code:
137
+
138
+ ```ruby
139
+ # spec/lib/subject_receiver_spec.rb
140
+
141
+ RSpec.describe SubjectReceiver do
142
+ # The `cert` and `key` files provided here should actually exist in your
143
+ # project, though they shouldn't be a real keypair, since you'd typically
144
+ # commit these to source control. A self-signed certificate is recommended
145
+ # here (see below for more information).
146
+ let(:ide_config) do
147
+ { host: 'ide.example.edu', cert: 'spec/api.crt', key: 'spec/api.key' }
148
+ end
149
+
150
+ # Override the real `ide_config` in the class under test.
151
+ before { allow(subject).to receive(:ide_config).and_return(ide_config) }
152
+
153
+ # Empty Rack env, because the code under test isn't using it.
154
+ let(:env) { {} }
155
+
156
+ # User attributes
157
+ let(:attrs) do
158
+ {
159
+ shared_token: shared_token,
160
+ display_name: 'Super Identity Test',
161
+ mail: 'superidentity@example.edu'
162
+ }
163
+ end
164
+
165
+ context 'when the expected entitlement is present' do
166
+ # Define the shared_token and entitlements which will be returned from the
167
+ # stubbed web request.
168
+ let(:shared_token) { SecureRandom.urlsafe_base64(20) }
169
+ let(:entitlements) { ['urn:mace:aaf.edu.au:ide:test-only'] }
170
+
171
+ before do
172
+ # This `stub_ide` method is provided by the `SuperIdentity::TestStub`
173
+ # mixin. It takes `shared_token` and `entitlements` keyword arguments, and
174
+ # sets up the response payload in webmock.
175
+ stub_ide(shared_token: shared_token, entitlements: entitlements)
176
+ end
177
+
178
+ it 'assigns an administrator' do
179
+ # Call the `SubjectReceiver`
180
+ new_subject = subject.subject(env, attrs)
181
+
182
+ # The `admin?` predicate will be true if the expected entitlement was
183
+ # returned from IdE.
184
+ expect(new_subject).to be_admin
185
+ end
186
+ end
187
+ end
188
+ ```
189
+
190
+ If you aren't familiar with generating certiicates, here's a suggested method of
191
+ creating the `spec/api.crt` and `spec/api.key` files required for this test
192
+ case.
193
+
194
+ ```
195
+ openssl genrsa -out spec/api.key 512
196
+ openssl req -new -x509 -key spec/api.key -out spec/api.crt -subj '/CN=test_api_client/'
197
+ ```
198
+
199
+ ## Contributing
200
+
201
+ Refer to [GitHub Flow](https://guides.github.com/introduction/flow/) for
202
+ help contributing to this project.
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+ require 'rubocop/rake_task'
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+ RuboCop::RakeTask.new
9
+
10
+ task default: [:spec, :rubocop]
data/bin/ide ADDED
@@ -0,0 +1,45 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ $LOAD_PATH << File.expand_path('../../lib', __FILE__)
5
+ require 'super_identity'
6
+
7
+ # Sample client using this gem
8
+ class IdentityEnhancement
9
+ include SuperIdentity::Client
10
+
11
+ attr_reader :ide_config
12
+
13
+ def initialize(opts)
14
+ @ide_config = opts
15
+ end
16
+
17
+ def run(shared_token)
18
+ puts "Enhancements for shared_token: #{shared_token}"
19
+ puts '------------'
20
+
21
+ identity_enhancements(shared_token).each do |attr|
22
+ puts "name: #{attr[:name]}"
23
+ puts "value: #{attr[:value]}"
24
+ puts '------------'
25
+ end
26
+ end
27
+ end
28
+
29
+ host, shared_token, cert, key = ARGV
30
+
31
+ if shared_token.nil?
32
+ puts "usage: #{$PROGRAM_NAME} host shared_token [cert] [key]"
33
+ exit 1
34
+ end
35
+
36
+ cert ||= File.expand_path('~/.aaf/api-client.crt')
37
+ key ||= File.expand_path('~/.aaf/api-client.key')
38
+
39
+ opts = {
40
+ host: host,
41
+ cert: cert,
42
+ key: key
43
+ }
44
+
45
+ IdentityEnhancement.new(opts).run(shared_token)
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'super_identity'
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'uri'
5
+ require 'json'
6
+ require 'openssl'
7
+
8
+ # Top-level module for the Super Identity library.
9
+ module SuperIdentity
10
+ end
11
+
12
+ require_relative 'super_identity/client'
13
+ require_relative 'super_identity/test_stub'
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ module SuperIdentity
4
+ # Mixin which implements an AAF Identity Enhancement client.
5
+ module Client
6
+ def entitlements(shared_token)
7
+ attrs = identity_enhancements(shared_token)
8
+ attrs.select { |a| a[:name] == 'eduPersonEntitlement' }
9
+ .map { |a| a[:value] }
10
+ end
11
+
12
+ def identity_enhancements(shared_token)
13
+ ide_data(shared_token)[:attributes]
14
+ end
15
+
16
+ private
17
+
18
+ def ide_data(shared_token)
19
+ uri = ide_uri(shared_token)
20
+ req = Net::HTTP::Get.new(uri)
21
+
22
+ with_ide_client(uri) do |http|
23
+ response = http.request(req)
24
+ response.value # Raise exception on HTTP error
25
+ JSON.parse(response.body, symbolize_names: true)
26
+ end
27
+ rescue Net::HTTPServerException => e
28
+ raise unless e.data.is_a?(Net::HTTPNotFound)
29
+ { attributes: [] }
30
+ end
31
+
32
+ def ide_uri(shared_token)
33
+ host = ide_config[:host]
34
+ URI.parse("https://#{host}/api/subjects/#{shared_token}/attributes")
35
+ end
36
+
37
+ def with_ide_client(uri)
38
+ client = Net::HTTP.new(uri.host, uri.port)
39
+ client.use_ssl = true
40
+ client.verify_mode = OpenSSL::SSL::VERIFY_PEER
41
+ client.cert = ide_cert
42
+ client.key = ide_key
43
+
44
+ client.start { |http| yield http }
45
+ end
46
+
47
+ def ide_cert
48
+ OpenSSL::X509::Certificate.new(File.read(ide_config[:cert]))
49
+ end
50
+
51
+ def ide_key
52
+ OpenSSL::PKey::RSA.new(File.read(ide_config[:key]))
53
+ end
54
+ end
55
+ end
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ module SuperIdentity
4
+ # Mixin for stubbing IdE during test suites
5
+ module TestStub
6
+ def stub_ide(shared_token:, entitlements: [], **)
7
+ host = ide_config[:host]
8
+ url = "https://#{host}/api/subjects/#{shared_token}/attributes"
9
+
10
+ attrs = entitlements.map do |v|
11
+ { name: 'eduPersonEntitlement', value: v }
12
+ end
13
+
14
+ json = JSON.generate(attributes: attrs)
15
+ WebMock::API.stub_request(:get, url).to_return(status: 200, body: json)
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module SuperIdentity
4
+ VERSION = '0.1.0'
5
+ end
@@ -0,0 +1,33 @@
1
+ # coding: utf-8
2
+ # frozen_string_literal: true
3
+ lib = File.expand_path('../lib', __FILE__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'super_identity/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'super-identity'
9
+ spec.version = SuperIdentity::VERSION
10
+ spec.authors = ['Shaun Mangelsdorf']
11
+ spec.email = ['s.mangelsdorf@gmail.com']
12
+
13
+ spec.summary = 'Client library for AAF Identity Enhancement'
14
+ spec.homepage = 'https://github.com/ausaccessfed/super-identity.git'
15
+
16
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^spec/}) }
17
+ spec.bindir = 'exe'
18
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
+ spec.require_paths = ['lib']
20
+
21
+ spec.add_development_dependency 'bundler', '~> 1.12'
22
+ spec.add_development_dependency 'rake', '~> 10.0'
23
+ spec.add_development_dependency 'rspec', '~> 3.0'
24
+ spec.add_development_dependency 'webmock'
25
+ spec.add_development_dependency 'faker'
26
+
27
+ spec.add_development_dependency 'guard'
28
+ spec.add_development_dependency 'guard-rspec'
29
+ spec.add_development_dependency 'guard-bundler'
30
+ spec.add_development_dependency 'guard-rubocop'
31
+ spec.add_development_dependency 'simplecov'
32
+ spec.add_development_dependency 'codeclimate-test-reporter'
33
+ end
metadata ADDED
@@ -0,0 +1,213 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: super-identity
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Shaun Mangelsdorf
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2016-05-19 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.12'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.12'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: webmock
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: faker
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: guard
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: guard-rspec
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: guard-bundler
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: guard-rubocop
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: simplecov
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ - !ruby/object:Gem::Dependency
154
+ name: codeclimate-test-reporter
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
167
+ description:
168
+ email:
169
+ - s.mangelsdorf@gmail.com
170
+ executables: []
171
+ extensions: []
172
+ extra_rdoc_files: []
173
+ files:
174
+ - ".gitignore"
175
+ - ".rspec"
176
+ - ".rubocop.yml"
177
+ - ".simplecov"
178
+ - Gemfile
179
+ - Guardfile
180
+ - LICENSE
181
+ - README.md
182
+ - Rakefile
183
+ - bin/ide
184
+ - lib/super-identity.rb
185
+ - lib/super_identity.rb
186
+ - lib/super_identity/client.rb
187
+ - lib/super_identity/test_stub.rb
188
+ - lib/super_identity/version.rb
189
+ - super-identity.gemspec
190
+ homepage: https://github.com/ausaccessfed/super-identity.git
191
+ licenses: []
192
+ metadata: {}
193
+ post_install_message:
194
+ rdoc_options: []
195
+ require_paths:
196
+ - lib
197
+ required_ruby_version: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - ">="
200
+ - !ruby/object:Gem::Version
201
+ version: '0'
202
+ required_rubygems_version: !ruby/object:Gem::Requirement
203
+ requirements:
204
+ - - ">="
205
+ - !ruby/object:Gem::Version
206
+ version: '0'
207
+ requirements: []
208
+ rubyforge_project:
209
+ rubygems_version: 2.5.1
210
+ signing_key:
211
+ specification_version: 4
212
+ summary: Client library for AAF Identity Enhancement
213
+ test_files: []