diff options
Diffstat (limited to 'vendor/gems/omniauth_crowd')
4 files changed, 34 insertions, 75 deletions
diff --git a/vendor/gems/omniauth_crowd/Gemfile.lock b/vendor/gems/omniauth_crowd/Gemfile.lock index 56c9bd4cc7e..43518582535 100644 --- a/vendor/gems/omniauth_crowd/Gemfile.lock +++ b/vendor/gems/omniauth_crowd/Gemfile.lock @@ -4,7 +4,7 @@ PATH omniauth_crowd (2.4.0) activesupport nokogiri (>= 1.4.4) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) GEM remote: http://rubygems.org/ @@ -29,12 +29,15 @@ GEM nokogiri (1.13.8) mini_portile2 (~> 2.8.0) racc (~> 1.4) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection public_suffix (4.0.7) racc (1.6.0) rack (2.2.4) + rack-protection (2.2.2) + rack rack-test (2.0.2) rack (>= 1.3) rake (13.0.6) diff --git a/vendor/gems/omniauth_crowd/lib/omniauth/strategies/crowd.rb b/vendor/gems/omniauth_crowd/lib/omniauth/strategies/crowd.rb index 7e3829b9b95..7126d8328e0 100755 --- a/vendor/gems/omniauth_crowd/lib/omniauth/strategies/crowd.rb +++ b/vendor/gems/omniauth_crowd/lib/omniauth/strategies/crowd.rb @@ -17,15 +17,7 @@ module OmniAuth protected def request_phase - if env['REQUEST_METHOD'] == 'GET' - - if @configuration.use_sessions? && request.cookies[@configuration.session_cookie] - redirect callback_url - else - get_credentials - end - - elsif (env['REQUEST_METHOD'] == 'POST') && (not request.params['username']) + if (env['REQUEST_METHOD'] == 'POST') && (not request.params['username']) get_credentials else session['omniauth.crowd'] = {'username' => request['username'], 'password' => request['password']} diff --git a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec index 1707c7f3f10..dcbf403419f 100644 --- a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec +++ b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec @@ -15,7 +15,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = OmniAuth::Crowd::VERSION - gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3' + gem.add_runtime_dependency 'omniauth', '~> 2.0' gem.add_runtime_dependency 'nokogiri', '>= 1.4.4' gem.add_runtime_dependency 'activesupport', '>= 0' gem.add_development_dependency(%q<rack>, [">= 0"]) diff --git a/vendor/gems/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb b/vendor/gems/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb index f234ef82e76..000b3901f86 100755 --- a/vendor/gems/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb +++ b/vendor/gems/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb @@ -20,9 +20,21 @@ describe OmniAuth::Strategies::Crowd, :type=>:strategy do @sso_url_image = nil let(:config) { OmniAuth::Strategies::Crowd::Configuration.new(strategy[1]) } let(:validator) { OmniAuth::Strategies::Crowd::CrowdValidator.new(config, 'foo', 'bar', nil, nil) } + let(:csrf_token) { SecureRandom.base64(32) } + let(:base_env) { { 'rack.session' => { csrf: csrf_token }, 'rack.input' => StringIO.new("authenticity_token=#{escaped_token}") } } + let(:post_env) { make_env('/auth/crowd', base_env) } + let(:escaped_token) { URI.encode_www_form_component(csrf_token, Encoding::UTF_8) } + + def make_env(path = '/auth/crowd', props = {}) + { + 'REQUEST_METHOD' => 'POST', + 'PATH_INFO' => path, + 'rack.session' => {}, + 'rack.input' => StringIO.new('test=true') + }.merge(props) + end describe 'Authentication Request Body' do - it 'should send password in session request' do body = <<-BODY.strip <password> @@ -42,21 +54,13 @@ BODY end end - describe 'GET /auth/crowd' do + describe 'POST /auth/crowd' do it 'should show the login form' do - get '/auth/crowd' + post '/auth/crowd', nil, post_env expect(last_response).to be_ok end end - describe 'POST /auth/crowd' do - it 'should redirect to callback' do - post '/auth/crowd', :username=>'foo', :password=>'bar' - expect(last_response).to be_redirect - expect(last_response.headers['Location']).to eq('http://example.org/auth/crowd/callback') - end - end - describe 'GET /auth/crowd/callback without any credentials' do it 'should fail' do get '/auth/crowd/callback' @@ -79,13 +83,16 @@ BODY to_return(:status => [415, "Unsupported Media Type"]) get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} end + it 'should call through to the master app' do expect(last_response.body).to eq('true') end + it 'should have an auth hash' do auth = last_request.env['omniauth.auth'] expect(auth).to be_kind_of(Hash) end + it 'should have good data' do auth = last_request.env['omniauth.auth'] expect(auth['provider']).to eq(:crowd) @@ -142,8 +149,7 @@ BODY end end - describe 'GET /auth/crowd without credentials will redirect to login form' do - + describe 'POST /auth/crowd without credentials will redirect to login form' do sso_url = 'https://foo.bar' before do @@ -152,10 +158,9 @@ BODY end it 'should have the SSO button in the response body' do - found_legend = found_anchor = nil - get '/auth/crowd' + post '/auth/crowd', nil, post_env Nokogiri::HTML(last_response.body).xpath('//html/body/form/fieldset/*').each do |element| @@ -163,26 +168,23 @@ BODY found_legend = true elsif element.name === 'a' && element.attr('href') === "#{sso_url}/users/auth/crowd/callback" found_anchor = true - end + end end expect(found_legend).to(be(true)) expect(found_anchor).to(be(true)) - end after do @using_sessions = false @sso_url = nil end - end - - describe 'GET /auth/crowd without credentials will redirect to login form which has custom image in the SSO link' do - + + describe 'POST /auth/crowd without credentials will redirect to login form which has custom image in the SSO link' do sso_url = 'https://foo.bar' sso_url_image = 'https://foo.bar/image.png' - + before do @using_sessions = true @sso_url = sso_url @@ -190,10 +192,9 @@ BODY end it 'should have the SSO button with a custom image in the response body' do - found_legend = found_anchor = found_image = false - get '/auth/crowd' + post '/auth/crowd', nil, post_env Nokogiri::HTML(last_response.body).xpath('//html/body/form/fieldset/*').each do |element| @@ -206,14 +207,12 @@ BODY if element.children.length === 1 && element.children.first.name === 'img' && element.children.first.attr('src') === sso_url_image found_image = true end - end end expect(found_legend).to(be(true)) expect(found_anchor).to(be(true)) expect(found_image).to(be(true)) - end after do @@ -221,46 +220,13 @@ BODY @sso_url = nil @sso_url_image = nil end - end - describe 'GET /auth/crowd without credentials but with SSO cookie will redirect to callback' do - - sso_url = 'https://foo.bar' - - before do - - @using_sessions = true - @sso_url = sso_url - - set_cookie('crowd.token_key=foobar') - - end - - it 'should redirect to callback' do - get '/auth/crowd' - expect(last_response).to be_redirect - expect(last_response.headers['Location']).to eq('http://example.org/auth/crowd/callback') - end - - after do - - @using_sessions = false - @sso_url = nil - - clear_cookies() - - end - - end - describe 'POST /auth/crowd/callback without credentials but with SSO cookie will redirect to login form because session is invalid' do - sso_url = 'https://foo.bar' token = 'foobar' - + before do - @using_sessions = true @sso_url = sso_url @@ -268,7 +234,6 @@ BODY to_return(:status => [404]) set_cookie("crowd.token_key=#{token}") - end it 'should redirect to login form' do @@ -360,7 +325,6 @@ BODY end it 'should return user data' do - auth = nil get '/auth/crowd/callback' |