lib/castronaut/presenters/service_validate.rb spec/castronaut/presenters/service_validate_spec.rb @@ -4,8 +4,7 @@ Autotest.add_hook :initialize do |autotest| # autotest.sleep = 3 # Ignore files with suffix - %w{.svn .log .hg .git .erb .rhtml .png .txt .sh .project .rjs .rake .jpg .css .xml}.each { |exception| autotest.add_exception(exception) } - - # autotest.add_exception(/^\.\/vendor/) + + %w{.svn .log .hg .git .erb .rhtml .png .txt .sh .project .rjs .rake .jpg .css .xml vendor db}.each { |exception| autotest.add_exception(exception) } end .autotest @@ -21,6 +21,9 @@ get '/validate' do end get '/serviceValidate' do + # @presenter = Castronaut::Presenters::ServiceValidate.new(self) + # @presenter.represent! + # @presenter.your_mission.call body 'serviceValidate-Get' end app/controllers/application.rb @@ -9,6 +9,7 @@ require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'authen require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'ticket_result')) require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'login')) require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'process_login')) +require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'service_validate')) require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters')) require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters', 'restful_authentication', 'adapter')) require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters', 'restful_authentication', 'user')) lib/castronaut.rb @@ -8,6 +8,8 @@ module Castronaut include Castronaut::Models::Consumeable include Castronaut::Models::Dispenser + MissingMessage = "Ticket or service parameter was missing in the request." + belongs_to :ticket_granting_ticket before_validation :dispense_ticket, :if => :new_record? @@ -19,6 +21,33 @@ module Castronaut :client_hostname => client_host, :ticket_granting_ticket => ticket_granting_ticket end + + def self.validate_ticket(service, ticket, allow_proxy_tickets = false) + + return Castronaut::TicketResult.new(nil, MissingMessage, "INVALID_REQUEST") unless service && ticket + + service_ticket = find_by_ticket(ticket) + + return Castronaut::TicketResult.new(nil, "Ticket #{ticket} not recognized.", "INVALID_TICKET") unless service_ticket + + return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' has already been used up.", "INVALID_TICKET") if service_ticket.consumed? + + service_ticket.consume! + + # if service_ticket.kind_of?(CASServer::Models::ProxyTicket) && !allow_proxy_tickets + # return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' is a proxy ticket, but only service tickets are allowed here.", "INVALID_TICKET") + # end + + return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' has expired.", "INVALID_TICKET") if service_ticket.expired? + + mismatched_service_message = "The ticket '#{ticket}' belonging to user '#{service_ticket.username}' is valid, but the requested service '#{service}' does not match the service '#{service_ticket.service}' associated with this ticket." + + return Castronaut::TicketResult.new(service_ticket, mismatched_service_message, "INVALID_SERVICE") unless service_ticket.matches_service?(service) + end + + def matches_service?(other_service) + service == other_service + end def service_uri return nil if service.blank? @@ -46,6 +75,10 @@ module Castronaut "ST" end + def expired? + # Time.now - service_ticket.created_on > CASServer::Conf.service_ticket_expiry + end + end end lib/castronaut/models/service_ticket.rb @@ -13,13 +13,13 @@ module Castronaut def self.validate_cookie(ticket_cookie) Castronaut.logger.debug("#{self} - Validating ticket for #{ticket_cookie}") - return Castronaut::TicketResult.new(nil, "No ticket granting ticket given") if ticket_cookie.nil? + return Castronaut::TicketResult.new(nil, "No ticket granting ticket given", 'warn') if ticket_cookie.nil? ticket_granting_ticket = find_by_ticket(ticket_cookie) if ticket_granting_ticket Castronaut.logger.debug("#{self} -[#{ticket_cookie}] for [#{ticket_granting_ticket.username}] successfully validated.") - return Castronaut::TicketResult.new(ticket_granting_ticket, "Your session has expired. Please log in again.") if ticket_granting_ticket.expired? + return Castronaut::TicketResult.new(ticket_granting_ticket, "Your session has expired. Please log in again.", 'warn') if ticket_granting_ticket.expired? else Castronaut.logger.debug("#{self} - [#{ticket_cookie}] was not found in the database.") end lib/castronaut/models/ticket_granting_ticket.rb @@ -48,7 +48,7 @@ module Castronaut ticket_granting_ticket_result = Castronaut::Models::TicketGrantingTicket.validate_cookie(ticket_generating_ticket_cookie) if ticket_granting_ticket_result.valid? - messages << "You are currently logged in as #{ticket_granting_ticket_result.username}. If this is not you, please log in below." + messages << "You are currently logged in as #{ticket_granting_ticket_result.username}. If this is not you, please log in below." end if redirection_loop? lib/castronaut/presenters/login.rb @@ -45,7 +45,7 @@ module Castronaut # POSSIBLE SHARED ABOVE def username - params['username'].strip + params['username'].to_s.strip end def password @@ -58,7 +58,7 @@ module Castronaut login_ticket_validation_result = Castronaut::Models::LoginTicket.validate_ticket(@login_ticket) if login_ticket_validation_result && login_ticket_validation_result.invalid? - messages << login_ticket_validation_result.error_message + messages << login_ticket_validation_result.message @login_ticket = Castronaut::Models::LoginTicket.generate_from(client_host).ticket @your_mission = lambda { controller.erb :login, :locals => { :presenter => self } } # TODO: STATUS 401 return self lib/castronaut/presenters/process_login.rb @@ -1,13 +1,15 @@ module Castronaut class TicketResult - - attr_reader :ticket, :error_message + InvalidMessageCategories = %w{warn error fatal invalid} + + attr_reader :ticket, :message, :message_category - def initialize(ticket, error_message=nil) + def initialize(ticket, message=nil, message_category=nil) @ticket = ticket - @error_message = error_message - Castronaut.logger.info("#{self.class} - #{@error_message} for #{@ticket}") if @error_message && @ticket + @message = message + @message_category = message_category + Castronaut.logger.info("#{self.class} - #{@message_category} #{@message} for #{@ticket}") if @message && @ticket end def username @@ -15,11 +17,11 @@ module Castronaut end def valid? - error_message.nil? + !invalid? end def invalid? - !valid? + InvalidMessageCategories.any?{ |cat| message_category.to_s.downcase.include?(cat) } end end lib/castronaut/ticket_result.rb @@ -76,4 +76,146 @@ describe Castronaut::Models::ServiceTicket do end + describe "matching service?" do + + it "matches if the given service is equal to the ticket's service" do + service_ticket = Castronaut::Models::ServiceTicket.new(:service => 'http://foo') + service_ticket.matches_service?('foo').should be_false + service_ticket.matches_service?('http://foo').should be_true + service_ticket.matches_service?('http://foo/').should be_false + end + + end + + describe "validating ticket" do + + describe "when the service and ticket are missing returns a ticket result" do + + it "with the missing ticket message" do + Castronaut::Models::ServiceTicket.validate_ticket(nil, nil).message.should == Castronaut::Models::ServiceTicket::MissingMessage + end + + it "with the INVALID_REQUEST message category" do + Castronaut::Models::ServiceTicket.validate_ticket(nil, nil).message_category.should == 'INVALID_REQUEST' + end + + it "is marked as invalid" do + Castronaut::Models::ServiceTicket.validate_ticket(nil, nil).should be_invalid + end + + end + + describe "when the service and ticket are given" do + + it "attempts to find the ServiceTicket by the given ticket" do + Castronaut::Models::ServiceTicket.expects(:find_by_ticket).with('ticket').returns(stub_everything) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket') + end + + describe "when it fails to find a service ticket returns a ticket result" do + + it "with the ticket not recognized message" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(nil) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message.should == "Ticket ticket not recognized." + end + + it "with the INVALID_TICKET message category" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(nil) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message_category.should == 'INVALID_TICKET' + end + + it "is marked as invalid" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(nil) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').should be_invalid + end + + end + + describe "when it finds a service ticket" do + + describe "when it is already consumed it returns a ticket result" do + + it "with the ticket used up message" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:consumed? => true)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message.should == "Ticket 'ticket' has already been used up." + end + + it "with the INVALID_TICKET message category" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:consumed? => true)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message_category.should == 'INVALID_TICKET' + end + + it "is marked as invalid" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:consumed? => true)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').should be_invalid + end + + end + + describe "when it has not been consumed" do + + it "consumes the service ticket" do + service_ticket = stub_everything(:consumed? => false) + service_ticket.expects(:consume!) + + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(service_ticket) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket') + end + + describe "when it encounters a proxy ticket it returns a ticket result" do + + it "with the ticket is a proxy ticket message" + + it "with the INVALID_TICKET message category" + + it "is marked as invalid" + + end + + describe "when it is already expired it returns a ticket result" do + + it "with the ticket expired message" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => true, :consumed? => false)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message.should == "Ticket 'ticket' has expired." + end + + it "with the INVALID_TICKET message category" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => true, :consumed? => false)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message_category.should == 'INVALID_TICKET' + end + + it "is marked as invalid" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => true, :consumed? => false)) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').should be_invalid + end + + end + + describe "when it encounters a mismatched service it returns a ticket result" do + + it "with the service mismatch message" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => false, :consumed? => false, :service => 'blah')) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message.should include("does not match the service") + end + + it "with the INVALID_SERVICE message category" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => false, :consumed? => false, :service => 'blah')) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').message_category.should == 'INVALID_SERVICE' + end + + it "is marked as invalid" do + Castronaut::Models::ServiceTicket.stubs(:find_by_ticket).returns(stub_everything(:expired? => false, :consumed? => false, :service => 'blah')) + Castronaut::Models::ServiceTicket.validate_ticket('service', 'ticket').should be_invalid + end + + end + + end + + end + + end + + end + end spec/castronaut/models/service_ticket_spec.rb @@ -10,10 +10,14 @@ describe Castronaut::Models::TicketGrantingTicket do describe "when given no ticket" do - it "has an error message explaining you must give a ticket" do - Castronaut::Models::TicketGrantingTicket.validate_cookie(nil).error_message.should == 'No ticket granting ticket given' + it "has a message explaining you must give a ticket" do + Castronaut::Models::TicketGrantingTicket.validate_cookie(nil).message.should == 'No ticket granting ticket given' end - + + it "is invalid" do + Castronaut::Models::TicketGrantingTicket.validate_cookie(nil).should be_invalid + end + end describe "when given a ticket" do @@ -34,7 +38,7 @@ describe Castronaut::Models::TicketGrantingTicket do it "returns an error message if the ticket granting ticket is expired" do @ticket_granting_ticket.stubs(:expired?).returns(true) - Castronaut::Models::TicketGrantingTicket.validate_cookie('abc').error_message.should == "Your session has expired. Please log in again." + Castronaut::Models::TicketGrantingTicket.validate_cookie('abc').message.should == "Your session has expired. Please log in again." end end @@ -45,7 +49,7 @@ describe Castronaut::Models::TicketGrantingTicket do it "returns a TicketResult with no error message" do Castronaut::Models::TicketGrantingTicket.stubs(:find_by_ticket).returns(nil) - Castronaut::Models::TicketGrantingTicket.validate_cookie('abc').error_message.should be_nil + Castronaut::Models::TicketGrantingTicket.validate_cookie('abc').message.should be_nil end end spec/castronaut/models/ticket_granting_ticket_spec.rb @@ -145,8 +145,11 @@ describe Castronaut::Presenters::Login do describe "login ticket generation" do - it "generates a login ticket at the end" - + it "generates a new login ticket when you call :login_ticket" do + Castronaut::Models::LoginTicket.expects(:generate_from).returns(stub_everything(:ticket => 'ticket')) + Castronaut::Presenters::Login.new(@controller).login_ticket + end + end end spec/castronaut/presenters/login_spec.rb @@ -189,7 +189,6 @@ describe Castronaut::Presenters::ProcessLogin do @controller.expects(:redirect).with(:service_uri_stub, 303) process_login = Castronaut::Presenters::ProcessLogin.new(@controller) process_login.represent! - puts process_login.instance_variables process_login.instance_variable_get("@your_mission").call end spec/castronaut/presenters/process_login_spec.rb @@ -6,12 +6,37 @@ describe Castronaut::TicketResult do Castronaut::TicketResult.new('ticket').ticket.should == 'ticket' end - it "exposes the given message at :error_message" do - Castronaut::TicketResult.new('ticket', 'my error').error_message.should == 'my error' + it "exposes the given message at :message" do + Castronaut::TicketResult.new('ticket', 'my error').message.should == 'my error' end - it "is valid if there is no error message" do - Castronaut::TicketResult.new('ticket', nil).should be_valid + it "exposes the given message category at :message_category" do + Castronaut::TicketResult.new('ticket', 'my error', 'message cat').message_category.should == 'message cat' end + + describe "valid?" do + it "negates invalid? for it's result" do + ticket_result = Castronaut::TicketResult.new('ticket', 'msg', 'cat') + ticket_result.stubs(:invalid?).returns(false) + ticket_result.should be_valid + + ticket_result.stubs(:invalid?).returns(true) + ticket_result.should_not be_valid + end + + end + + describe "invalid?" do + + Castronaut::TicketResult::InvalidMessageCategories.each do |invalid_category| + + it "is invalid if the message category contains #{invalid_category}" do + Castronaut::TicketResult.new('ticket', 'my error', "BlaBlaBla-#{invalid_category}-AlbAlbAlb").should be_invalid + end + + end + + end + end spec/castronaut/ticket_result_spec.rb 4471ae15ceade1b913670ee93c5a6c1e61c89edb Chad Humphries chad@spicycode.com http://github.com/relevance/castronaut/commit/f41176f43351034cd51254b1430afc5b1fa3f7d1 f41176f43351034cd51254b1430afc5b1fa3f7d1 2008-09-09T08:34:34-07:00 2008-09-09T08:34:34-07:00 Service ticket validation complete 244cd70c9441d5ce9a8f949645ded7d3941f70c1 Chad Humphries chad@spicycode.com