ucb_rails_security 2.0.7

data/rspec/filter_spec.rb

@@ -0,0 +1,37 @@
+require "#{File.dirname(__FILE__)}/_setup.rb"
+
+describe "Controller method_missing() code" do
+  before(:each) do
+    @controller = new_controller()
+  end
+  
+  it "should raise error if called with non-filter method" do
+    lambda{@controller.bogus}.should raise_error(NoMethodError)
+  end
+  
+  it "should always call filter_logged_in before other filters" do
+    @controller.stub!(:filter_logged_in).and_return(false)
+    @controller.filter_ldap_anything.should be_false
+  end
+  
+  def ldap_setup(return_value)
+    @ldap_user = mock("ldap_user")
+    @ldap_user.stub!(:anything)
+    @controller.stub!(:ldap_user).and_return(@ldap_user)
+    @controller.stub!(:filter_logged_in).and_return(true)
+    @controller.stub!(:ldap_boolean).and_return(return_value)    
+  end
+  
+  it "should return true when filter returns true" do
+    ldap_setup(true)
+    @controller.filter_ldap_anything.should be_true    
+  end
+  
+  it "should return false when filter returns false" do
+    ldap_setup(false)
+    @controller.stub!(:redirect_to)
+    @controller.stub!(:not_authorized_url)
+    @controller.filter_ldap_anything.should be_false
+  end
+  
+end

data/rspec/filter_user_spec.rb

@@ -0,0 +1,55 @@
+require "#{File.dirname(__FILE__)}/_setup.rb"
+
+context "The user filter" do
+  setup do
+    @controller = new_controller()
+    UCB::Rails::Security.using_user_table = true
+  end
+
+  specify "should call filter_logged_in when user not logged in" do
+    @controller.should_receive(:filter_logged_in).and_return(false)
+    @controller.filter_user_foo.should be_false
+  end
+  
+  specify "should call filter_in_user_table() when user logged in" do
+    @controller.stub!(:filter_logged_in).and_return(true)
+    @controller.should_receive(:filter_in_user_table).and_return(false)
+    @controller.stub!(:redirect_to)
+    @controller.stub!(:not_authorized_url).and_return("nal")
+    @controller.filter_user_foo.should be_false
+  end
+end
+
+context "For a logged in user in the user table" do
+  setup do
+    @controller = new_controller()
+    @user = mock("user")
+    @controller.stub!(:filter_logged_in).and_return(true)
+    @controller.stub!(:filter_in_user_table).and_return(true)
+    @controller.stub!(:user_table_user).and_return(@user)
+    @controller.stub!(:redirect_to)
+    @controller.stub!(:not_authorized_url).and_return("nal")
+  end
+  
+  specify "filter_user_method returns 'true' if user.method does" do
+    @user.stub!(:true_method).and_return(true)
+    @controller.filter_user_true_method.should be_true
+  end
+
+  specify "filter_user_method returns 'false' if user.method does" do
+    @user.stub!(:false_method).and_return(false)
+    @controller.filter_user_false_method.should be_false
+  end
+  
+  specify "filter_user_column__eq__value returns 'true' if column == 'value'" do
+    @user.stub!(:column).and_return("a")
+    @controller.filter_user_column__eq__a.should be_true
+    @controller.filter_user_column__eq__b.should be_false
+  end
+
+  specify "filter_user_column__ne__value returns 'true' if column != 'value'" do
+    @user.stub!(:column).and_return("a")
+    @controller.filter_user_column__ne__a.should be_false
+    @controller.filter_user_column__ne__b.should be_true
+  end
+end

data/rspec/logged_in_status_spec.rb

@@ -0,0 +1,226 @@
+require "#{File.dirname(__FILE__)}/_setup.rb"
+
+describe "ActiveRecord::User after application login" do
+  before(:all) do
+    RAILS_ENV = "re"
+  end
+  
+  before(:each) do
+    UCB::LDAP::Person.should_receive(:find_by_uid).and_return("ldap_user")
+    @controller = new_controller()
+  end
+
+  it "should not be accessed if not using user table" do
+    UCB::Rails::Security.using_user_table = false
+    User.should_not_receive(:find_by_ldap_uid)
+    @controller.application_login("1")
+  end
+
+  specify "should be accessed if using user table" do
+    UCB::Rails::Security.using_user_table = true
+    User.should_receive(:find_by_ldap_uid)
+    @controller.application_login("1")
+  end
+end
+
+# -----------------------------------------------
+# UserNotLoggedIn Shared Behavior
+# -----------------------------------------------
+
+def user_not_logged_in_setup
+  @ca = reset_cas_authentication_class()
+  @controller = new_controller()
+end
+
+context "UserNotLoggedIn", :shared => true do
+  specify "user should not be logged in" do
+    @controller.should_not be_logged_in
+  end
+  
+  specify "ldap_uid should not be set" do
+    @controller.ldap_uid.should be_nil
+  end
+  
+  specify "ldap user should not be set" do
+    @controller.ldap_user.should be_nil
+  end
+  
+  specify "filter_logged_in should call CASAuthentication.filter" do
+    UCB::Rails::Security::CASAuthentication.should_receive(:filter).and_return(false)
+    @controller.filter_logged_in().should be_false
+  end
+  
+  specify "filter_logged_in should call application_login if CAS auth returns true" do
+    UCB::Rails::Security::CASAuthentication.should_receive(:filter).and_return(true)
+    @controller.should_receive(:application_login)
+    @controller.filter_logged_in().should be_true
+  end
+end
+
+# -----------------------------------------------
+# UserLoggedIn Shared Behavior
+# -----------------------------------------------
+
+def user_logged_in_setup()
+  @ldap_uid = '42'
+  @ldap_user = mock("ldap_user")
+  @ldap_user.stub!(:ldap_uid).and_return(@ldap_uid)
+  UCB::LDAP::Person.stub!(:find_by_uid).and_return(@ldap_user)
+  @controller = new_controller()
+  @controller.session[:cas_user] = @ldap_uid   # CAS::Filter does this
+  @controller.stub!(:update_user_table)
+  @controller.application_login
+end
+
+context "UserLoggedIn", :shared => true do
+  specify "ldap_user() returns LDAP entry for user" do
+    @controller.ldap_user.should be_equal(@ldap_user)
+  end
+  
+  specify "attempt to authenticate should not redirect to CAS" do
+    CAS::Filter.should_not_receive(:filter)
+    @controller.filter_logged_in.should be_true
+  end
+  
+  specify "user should be logged in" do
+    @controller.should be_logged_in
+  end
+  
+  specify "ldap_uid() returns the ldap_uid" do
+    @controller.ldap_uid.should == @ldap_uid
+  end
+  
+end
+
+# -----------------------------------------------
+# UserNotInTable Shared Behavior
+# -----------------------------------------------
+
+def user_not_in_table_setup
+  UCB::Rails::Security.using_user_table  = true
+  User.stub!(:find_by_ldap_uid).and_return(nil)
+end
+
+context "UserNotInTable", :shared => true do
+  specify "should be using user table" do
+    @controller.should be_using_user_table
+  end
+  
+  specify "should not be in user table" do
+    @controller.should_not be_in_user_table
+  end
+  
+  specify "user id should not be set" do
+    @controller.user_table_id.should be_nil
+  end
+  
+  specify "user table user should not be set" do
+    @controller.user_table_user.should be_nil
+  end
+
+end
+
+# -----------------------------------------------
+# UserInTable Shared Behavior
+# -----------------------------------------------
+
+def user_in_table_setup
+  UCB::Rails::Security.using_user_table = true
+  @user_table_id = 42
+  @user = mock("user")
+  @user.stub!(:id).and_return(@user_table_id)
+  User.stub!(:find_by_ldap_uid).and_return(@user)
+  User.stub!(:find).and_return(@user)
+end
+
+context "UserInTable",  :shared => true do
+
+  specify "should be using user table" do
+    @controller.should be_using_user_table
+  end
+  
+  specify "user table user should be user set" do
+    @controller.user_table_user.should be_equal(@user)
+  end
+
+  specify "should be in user table" do
+    @controller.should be_in_user_table
+  end
+  
+  specify "user id should be set" do
+    @controller.user_table_id.should == @user_table_id
+  end
+  
+end
+
+# -----------------------------------------------
+# Not logged in, not in user table
+# -----------------------------------------------
+
+context "Not logged in, not in user table" do
+  setup do
+    user_not_in_table_setup()
+    user_not_logged_in_setup()
+  end
+  
+  it_should_behave_like "UserNotLoggedIn"
+  it_should_behave_like "UserNotInTable"
+end
+
+# -----------------------------------------------
+# Not logged in, in user table
+# -----------------------------------------------
+
+context "Not logged in, in user table" do
+  setup do
+    user_in_table_setup()
+    user_not_logged_in_setup()
+  end
+  
+  it_should_behave_like "UserNotLoggedIn"
+  it_should_behave_like "UserNotInTable"
+end
+
+# -----------------------------------------------
+# Logged in, not in user table
+# -----------------------------------------------
+
+context "Logged in user, not in user table" do
+  setup do
+    user_not_in_table_setup()
+    user_logged_in_setup()
+  end
+  
+  it_should_behave_like "UserLoggedIn"
+  it_should_behave_like "UserNotInTable"
+end
+
+# -----------------------------------------------
+# Logged in, in user table
+# -----------------------------------------------
+
+context "Logged in user, in user table" do
+  setup do
+    user_in_table_setup()
+    user_logged_in_setup()
+  end
+
+  it_should_behave_like "UserLoggedIn"
+  it_should_behave_like "UserInTable"
+end
+
+# -----------------------------------------------
+# After logout, looks like not logged in
+# -----------------------------------------------
+
+context "Logged in user, in user table, after logout" do
+  setup do
+    user_in_table_setup()
+    user_logged_in_setup()
+    @controller.application_logout()
+  end
+
+  it_should_behave_like "UserNotLoggedIn"
+  it_should_behave_like "UserNotInTable"
+end
+

data/rspec/ucb_rails_security_casauthentication_spec.rb

@@ -0,0 +1,83 @@
+require "#{File.dirname(__FILE__)}/_setup.rb"
+
+describe UCB::Rails::Security::CASAuthentication do
+  before(:all) do
+    RAILS_ENV = "re"
+  end
+  
+  before(:each) do
+    @ca = reset_cas_authentication_class()
+  end
+  
+  it "should set test CAS base url constant" do
+    @ca::CAS_BASE_URL_TEST.should be_instance_of(String)
+  end
+  
+  it "should set production CAS base url constant" do
+    @ca::CAS_BASE_URL_PRODUCTION.should be_instance_of(String)
+  end
+
+  it "should default environment to RAILS_ENV" do
+    @ca.environment.should == RAILS_ENV
+  end
+  
+  it "should use the CAS production url for production" do
+    @ca.stub!(:environment).and_return("production")
+    @ca.cas_base_url.should == @ca::CAS_BASE_URL_PRODUCTION
+  end
+  
+  it "should use the CAS test url for every thing else" do
+    %w{development test qa bogus}.each do |environment|
+      @ca.stub!(:environment).and_return(environment)
+      @ca.cas_base_url.should == @ca::CAS_BASE_URL_TEST
+    end
+  end
+  
+  it "should allow application to set CAS url" do
+    @ca.cas_base_url = "x"
+    @ca.cas_base_url.should == "x"
+  end
+  
+  it "should default not allowing test entries for production environment" do
+    @ca.stub!(:environment).and_return(@ca::ENV_PRODUCTION)
+    @ca.allow_test_entries?.should be_false
+  end
+  
+  it "should default to allowing test entries for any environment other than production" do
+    %w{development crap quality_assurance}.each do |env| 
+      @ca.stub!(:environment).and_return(env)
+      @ca.allow_test_entries?.should be_true
+    end
+  end
+  
+  it "should allow allow_test_entries to be set" do
+    @ca.allow_test_entries = true
+    @ca.stub!(:environment).and_return(@ca::ENV_PRODUCTION)
+    @ca.allow_test_entries?.should be_true
+  end
+end
+
+describe "UCB::Rails::Security::CASAuthentication filter" do
+  before(:each) do
+    @ca = reset_cas_authentication_class()
+  end
+
+  it "should succeed when CAS returns true" do
+    CASClient::Frameworks::Rails::Filter.stub!(:filter).and_return(true)
+    @ca.filter(new_controller()).should be_true
+  end
+  
+  it "should fail when CAS returns false" do
+    CASClient::Frameworks::Rails::Filter.stub!(:filter).and_return(false)
+    @ca.filter(new_controller()).should be_false
+  end
+  
+  it "should return true and set ldap_uid on demand in test environment" do
+    @controller = new_controller()
+    CASClient::Frameworks::Rails::Filter.stub!(:filter).and_return(false)
+    @ca.stub!(:environment).and_return(@ca::ENV_TEST)
+    @ca.force_login_filter_true_for = '123'
+    @ca.filter(@controller).should == true
+    @controller.ldap_uid.should == '123'
+  end
+end  

data/rspec/ucb_rails_security_spec.rb

@@ -0,0 +1,34 @@
+require "#{File.dirname(__FILE__)}/_setup.rb"
+
+describe UCB::Rails::Security do
+  before(:each) do
+    @urs = UCB::Rails::Security
+    @urs.reset_instance_variables()
+  end
+
+  it "should load the ruby-cas gem" do
+    lambda { CAS::Filter }.should_not raise_error
+  end
+  
+  it "should load the ucb-ldap gem" do
+    lambda { UCB::LDAP }.should_not raise_error
+  end
+
+  it "should default to not using user table" do
+    @urs.should_not be_using_user_table
+  end
+  
+  it "should allow application to use user table" do
+    @urs.using_user_table = true
+    @urs.should be_using_user_table
+  end
+  
+  it "should default not_authorized_url() to '/not_authorized'" do
+    @urs.not_authorized_url.should == '/not_authorized'
+  end
+  
+  it "should allow application to set its own 'not_authorized_url'" do
+    @urs.not_authorized_url = 'my_nau'
+    @urs.not_authorized_url.should == 'my_nau'
+  end
+end

data/test/test_rails-2.0.x/test/test_helper.rb

@@ -0,0 +1,38 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
+require 'test_help'
+
+class Test::Unit::TestCase
+  # Transactional fixtures accelerate your tests by wrapping each test method
+  # in a transaction that's rolled back on completion.  This ensures that the
+  # test database remains unchanged so your fixtures don't have to be reloaded
+  # between every test method.  Fewer database queries means faster tests.
+  #
+  # Read Mike Clark's excellent walkthrough at
+  #   http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
+  #
+  # Every Active Record database supports transactions except MyISAM tables
+  # in MySQL.  Turn off transactional fixtures in this case; however, if you
+  # don't care one way or the other, switching from MyISAM to InnoDB tables
+  # is recommended.
+  #
+  # The only drawback to using transactional fixtures is when you actually 
+  # need to test transactions.  Since your test is bracketed by a transaction,
+  # any transactions started in your code will be automatically rolled back.
+  self.use_transactional_fixtures = true
+
+  # Instantiated fixtures are slow, but give you @david where otherwise you
+  # would need people(:david).  If you don't want to migrate your existing
+  # test cases which use the @david style and don't mind the speed hit (each
+  # instantiated fixtures translates to a database query per test method),
+  # then set this back to true.
+  self.use_instantiated_fixtures  = false
+
+  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/test/test_rails-2.1.x/test/test_helper.rb

@@ -0,0 +1,38 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
+require 'test_help'
+
+class Test::Unit::TestCase
+  # Transactional fixtures accelerate your tests by wrapping each test method
+  # in a transaction that's rolled back on completion.  This ensures that the
+  # test database remains unchanged so your fixtures don't have to be reloaded
+  # between every test method.  Fewer database queries means faster tests.
+  #
+  # Read Mike Clark's excellent walkthrough at
+  #   http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
+  #
+  # Every Active Record database supports transactions except MyISAM tables
+  # in MySQL.  Turn off transactional fixtures in this case; however, if you
+  # don't care one way or the other, switching from MyISAM to InnoDB tables
+  # is recommended.
+  #
+  # The only drawback to using transactional fixtures is when you actually 
+  # need to test transactions.  Since your test is bracketed by a transaction,
+  # any transactions started in your code will be automatically rolled back.
+  self.use_transactional_fixtures = true
+
+  # Instantiated fixtures are slow, but give you @david where otherwise you
+  # would need people(:david).  If you don't want to migrate your existing
+  # test cases which use the @david style and don't mind the speed hit (each
+  # instantiated fixtures translates to a database query per test method),
+  # then set this back to true.
+  self.use_instantiated_fixtures  = false
+
+  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/ucb_rails_security.gemspec

@@ -0,0 +1,41 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{ucb_rails_security}
+  s.version = "2.0.7"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Steven Hansen, Steven Downey"]
+  s.date = %q{2008-12-14}
+  s.description = %q{Simplifies CAS auth and ldap authz within your rails application}
+  s.email = %q{runner@berkeley.edu}
+  s.extra_rdoc_files = ["CHANGELOG", "README", "lib/helpers/rspec_helpers.rb", "lib/tasks/ucb_rails_security.rake", "lib/ucb_rails_security.rb", "lib/ucb_rails_security_casauthentication.rb", "lib/ucb_rails_security_logger.rb", "lib/ucb_rs_controller_methods.rb", "rdoc_includes/application_controller_rb.txt"]
+  s.files = ["CHANGELOG", "Manifest", "README", "Rakefile", "TODO", "generators/ucb_rails_security/templates/controllers/ucb_security/base_controller.rb", "generators/ucb_rails_security/templates/controllers/ucb_security/ldap_search_controller.rb", "generators/ucb_rails_security/templates/controllers/ucb_security/role_users_controller.rb", "generators/ucb_rails_security/templates/controllers/ucb_security/roles_controller.rb", "generators/ucb_rails_security/templates/controllers/ucb_security/user_roles_controller.rb", "generators/ucb_rails_security/templates/controllers/ucb_security/users_controller.rb", "generators/ucb_rails_security/templates/db/migrate/xxx_create_ucb_rails_security_tables.rb", "generators/ucb_rails_security/templates/helpers/ucb_security/base_helper.rb", "generators/ucb_rails_security/templates/helpers/ucb_security/builder.rb", "generators/ucb_rails_security/templates/helpers/ucb_security/roles_helper.rb", "generators/ucb_rails_security/templates/helpers/ucb_security/users_helper.rb", "generators/ucb_rails_security/templates/initializers/ucb_security_config.rb", "generators/ucb_rails_security/templates/javascripts/ucb_security.js", "generators/ucb_rails_security/templates/models/ldap_search.rb", "generators/ucb_rails_security/templates/models/role.rb", "generators/ucb_rails_security/templates/models/user.rb", "generators/ucb_rails_security/templates/models/user_roles.rb", "generators/ucb_rails_security/templates/stylesheets/ucb_security.css", "generators/ucb_rails_security/templates/views/layouts/ucb_security/_main_navigation.html.erb", "generators/ucb_rails_security/templates/views/layouts/ucb_security/application.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/ldap_search/index.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/role_users/_new.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/role_users/edit.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/roles/_users.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/roles/edit.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/roles/index.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/roles/new.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/roles/show.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/user_roles/edit.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/users/edit.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/users/index.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/users/new.html.erb", "generators/ucb_rails_security/templates/views/ucb_security/users/show.html.erb", "generators/ucb_rails_security/ucb_rails_security_generator.rb", "init.rb", "lib/helpers/rspec_helpers.rb", "lib/tasks/ucb_rails_security.rake", "lib/ucb_rails_security.rb", "lib/ucb_rails_security_casauthentication.rb", "lib/ucb_rails_security_logger.rb", "lib/ucb_rs_controller_methods.rb", "rdoc_includes/application_controller_rb.txt", "rspec/_all_specs.rb", "rspec/_setup.rb", "rspec/filter_ldap_spec.rb", "rspec/filter_role_spec.rb", "rspec/filter_spec.rb", "rspec/filter_user_spec.rb", "rspec/logged_in_status_spec.rb", "rspec/ucb_rails_security_casauthentication_spec.rb", "rspec/ucb_rails_security_spec.rb", "ucb_rails_security.gemspec", "test/test_rails-2.0.x/test/test_helper.rb", "test/test_rails-2.1.x/test/test_helper.rb"]
+  s.has_rdoc = true
+  s.homepage = %q{http://ucbrb.rubyforge.org/ucb_rails_security}
+  s.rdoc_options = ["-o doc --inline-source -T hanna lib/*.rb"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{ucbrb}
+  s.rubygems_version = %q{1.3.0}
+  s.summary = %q{Simplifies CAS auth and ldap authz within your rails application}
+  s.test_files = ["test/test_rails-2.0.x/test/test_helper.rb", "test/test_rails-2.1.x/test/test_helper.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<ucb_ldap>, [">= 0"])
+      s.add_runtime_dependency(%q<>=>, ["= 1.3.0"])
+      s.add_development_dependency(%q<echoe>, [">= 0"])
+    else
+      s.add_dependency(%q<ucb_ldap>, [">= 0"])
+      s.add_dependency(%q<>=>, ["= 1.3.0"])
+      s.add_dependency(%q<echoe>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<ucb_ldap>, [">= 0"])
+    s.add_dependency(%q<>=>, ["= 1.3.0"])
+    s.add_dependency(%q<echoe>, [">= 0"])
+  end
+end