Service ticket validation complete

.autotest

@@ -4,8 +4,7 @@ Autotest.add_hook :initialize do |autotest|
  # autotest.sleep = 3  
 
  # Ignore files with suffix  
- %w{.svn .log .hg .git .erb .rhtml .png .txt .sh .project .rjs .rake .jpg .css .xml}.each { |exception| autotest.add_exception(exception) }  
-
- # autotest.add_exception(/^\.\/vendor/)
+
+ %w{.svn .log .hg .git .erb .rhtml .png .txt .sh .project .rjs .rake .jpg .css .xml vendor db}.each { |exception| autotest.add_exception(exception) }  
 
 end

app/controllers/application.rb

@@ -21,6 +21,9 @@
 end
 
 get '/serviceValidate' do
+  # @presenter = Castronaut::Presenters::ServiceValidate.new(self)
+  # @presenter.represent!
+  # @presenter.your_mission.call
   body 'serviceValidate-Get'
 end
 

lib/castronaut.rb

@@ -9,6 +9,7 @@
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'ticket_result'))
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'login'))
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'process_login'))
+require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'presenters', 'service_validate'))
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters'))
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters', 'restful_authentication', 'adapter'))
 require File.expand_path(File.join(File.dirname(__FILE__), 'castronaut', 'adapters', 'restful_authentication', 'user'))

lib/castronaut/models/service_ticket.rb

@@ -8,6 +8,8 @@ class ServiceTicket < ActiveRecord::Base
       include Castronaut::Models::Consumeable
       include Castronaut::Models::Dispenser
 
+      MissingMessage = "Ticket or service parameter was missing in the request."
+
       belongs_to :ticket_granting_ticket
 
       before_validation :dispense_ticket, :if => :new_record?
@@ -19,6 +21,33 @@ def self.generate_ticket_for(service, client_host, ticket_granting_ticket)
                 :client_hostname => client_host,
                 :ticket_granting_ticket => ticket_granting_ticket
       end
+
+      def self.validate_ticket(service, ticket, allow_proxy_tickets = false)
+
+        return Castronaut::TicketResult.new(nil, MissingMessage, "INVALID_REQUEST") unless service && ticket
+
+        service_ticket = find_by_ticket(ticket)
+
+        return Castronaut::TicketResult.new(nil, "Ticket #{ticket} not recognized.", "INVALID_TICKET") unless service_ticket
+
+        return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' has already been used up.", "INVALID_TICKET") if service_ticket.consumed?
+
+        service_ticket.consume!
+
+        # if service_ticket.kind_of?(CASServer::Models::ProxyTicket) && !allow_proxy_tickets
+        #   return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' is a proxy ticket, but only service tickets are allowed here.", "INVALID_TICKET") 
+        # end
+
+        return Castronaut::TicketResult.new(service_ticket, "Ticket '#{ticket}' has expired.", "INVALID_TICKET") if service_ticket.expired?
+
+        mismatched_service_message = "The ticket '#{ticket}' belonging to user '#{service_ticket.username}' is valid, but the requested service '#{service}' does not match the service '#{service_ticket.service}' associated with this ticket."
+
+        return Castronaut::TicketResult.new(service_ticket, mismatched_service_message, "INVALID_SERVICE") unless service_ticket.matches_service?(service)
+      end
+
+      def matches_service?(other_service)
+        service == other_service
+      end
 
       def service_uri
         return nil if service.blank?
@@ -46,6 +75,10 @@ def ticket_prefix
         "ST"
       end
 
+      def expired?
+        # Time.now - service_ticket.created_on > CASServer::Conf.service_ticket_expiry
+      end
+
     end
 
   end

lib/castronaut/models/ticket_granting_ticket.rb

@@ -13,13 +13,13 @@ class TicketGrantingTicket < ActiveRecord::Base
       def self.validate_cookie(ticket_cookie)
         Castronaut.logger.debug("#{self} - Validating ticket for #{ticket_cookie}")
 
-        return Castronaut::TicketResult.new(nil, "No ticket granting ticket given") if ticket_cookie.nil?
+        return Castronaut::TicketResult.new(nil, "No ticket granting ticket given", 'warn') if ticket_cookie.nil?
 
         ticket_granting_ticket = find_by_ticket(ticket_cookie)
 
         if ticket_granting_ticket
           Castronaut.logger.debug("#{self} -[#{ticket_cookie}] for [#{ticket_granting_ticket.username}] successfully validated.")
-          return Castronaut::TicketResult.new(ticket_granting_ticket, "Your session has expired. Please log in again.") if ticket_granting_ticket.expired?
+          return Castronaut::TicketResult.new(ticket_granting_ticket, "Your session has expired. Please log in again.", 'warn') if ticket_granting_ticket.expired?
         else
           Castronaut.logger.debug("#{self} - [#{ticket_cookie}] was not found in the database.")
         end

lib/castronaut/presenters/login.rb

@@ -48,7 +48,7 @@ def represent!
         ticket_granting_ticket_result = Castronaut::Models::TicketGrantingTicket.validate_cookie(ticket_generating_ticket_cookie)
 
         if ticket_granting_ticket_result.valid?
-          messages << "You are currently logged in as #{ticket_granting_ticket_result.username}.  If this is not you, please log in below."
+        messages << "You are currently logged in as #{ticket_granting_ticket_result.username}.  If this is not you, please log in below."
         end
 
         if redirection_loop?

lib/castronaut/presenters/process_login.rb

@@ -45,7 +45,7 @@ def client_host
       # POSSIBLE SHARED ABOVE
 
       def username
-        params['username'].strip
+        params['username'].to_s.strip
       end
 
       def password
@@ -58,7 +58,7 @@ def represent!
         login_ticket_validation_result = Castronaut::Models::LoginTicket.validate_ticket(@login_ticket)
 
         if login_ticket_validation_result && login_ticket_validation_result.invalid?
-          messages << login_ticket_validation_result.error_message
+          messages << login_ticket_validation_result.message
           @login_ticket = Castronaut::Models::LoginTicket.generate_from(client_host).ticket
           @your_mission = lambda { controller.erb :login, :locals => { :presenter => self } } # TODO: STATUS 401
           return self

lib/castronaut/presenters/service_validate.rb

@@ -0,0 +1,94 @@
+module Castronaut
+  module Presenters
+
+    class ServiceValidate
+      MissingCredentialsMessage = "Please supply a username and password to login."
+
+      attr_reader :controller, :your_mission
+      attr_accessor :messages, :login_ticket
+
+      delegate :params, :request, :to => :controller
+      delegate :cookies, :env, :to => :request
+
+      def initialize(controller)
+        @controller = controller
+        @messages = []
+        @your_mission = nil
+      end
+
+      def service
+        params['service']
+      end
+
+      def renewal
+        params['renew']
+      end
+
+      def service_ticket
+        params['ticket']
+      end
+
+      def proxy_callback_url
+        params['pgtUrl']
+      end
+
+      def represent!
+
+
+
+        @login_ticket = params['lt']
+
+        login_ticket_validation_result = Castronaut::Models::LoginTicket.validate_ticket(@login_ticket)
+
+        if login_ticket_validation_result && login_ticket_validation_result.invalid?
+          messages << login_ticket_validation_result.message
+          @login_ticket = Castronaut::Models::LoginTicket.generate_from(client_host).ticket
+          @your_mission = lambda { controller.erb :login, :locals => { :presenter => self } } # TODO: STATUS 401
+          return self
+        end
+
+        if username.blank? || password.blank?
+          messages << MissingCredentialsMessage
+          @login_ticket = Castronaut::Models::LoginTicket.generate_from(client_host).ticket
+          @your_mission = lambda { controller.erb :login, :locals => { :presenter => self } } # TODO: STATUS 401
+          return self
+        end
+
+        @login_ticket = Castronaut::Models::LoginTicket.generate_from(client_host).ticket
+
+        Castronaut.logger.info("#{self.class} - Logging in with username: #{username}, login ticket: #{login_ticket}, service: #{service}")
+
+        authentication_result = Castronaut::Adapters.selected_adapter.authenticate(username, password)
+
+        if authentication_result.valid?
+          ticket_granting_ticket = Castronaut::Models::TicketGrantingTicket.generate_for(username, client_host)
+          cookies[:tgt] = ticket_granting_ticket.to_cookie
+
+          if service.blank?
+            messages << "You have successfully logged in."
+          else
+            service_ticket = Castronaut::Models::ServiceTicket.generate_ticket_for(service, client_host, ticket_granting_ticket)
+
+            if service_ticket && service_ticket.service_uri
+              @your_mission = lambda { controller.redirect(service_ticket.service_uri, 303) }
+              return self
+            else
+              messages << "The target service your browser supplied appears to be invalid. Please contact your system administrator for help."
+            end
+          end
+
+        else
+          messages << authentication_result.message
+        end
+
+        if messages.any?
+          @your_mission = lambda { controller.erb :login, :locals => { :presenter => self } }
+        end
+
+        self
+      end
+
+    end
+
+  end
+end

lib/castronaut/ticket_result.rb

@@ -1,25 +1,27 @@
 module Castronaut
 
   class TicketResult
-
-    attr_reader :ticket, :error_message
+    InvalidMessageCategories = %w{warn error fatal invalid} 
+
+    attr_reader :ticket, :message, :message_category
 
-    def initialize(ticket, error_message=nil)
+    def initialize(ticket, message=nil, message_category=nil)
       @ticket = ticket
-      @error_message = error_message
-      Castronaut.logger.info("#{self.class} - #{@error_message} for #{@ticket}") if @error_message && @ticket
+      @message = message
+      @message_category = message_category
+      Castronaut.logger.info("#{self.class} - #{@message_category} #{@message} for #{@ticket}") if @message && @ticket
     end
 
     def username
       ticket.username if ticket && ticket.respond_to?(:username)
     end
 
     def valid?
-      error_message.nil?
+      !invalid?
     end
 
     def invalid?
-      !valid?
+      InvalidMessageCategories.any?{ |cat| message_category.to_s.downcase.include?(cat) }
     end
 
   end