rubycas-server/spec/casserver/authenticators/active_resource_spec.rb at d649591ae0d8085d9fa51d9f6a877e9871848bd0 · rubycas/rubycas-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# encoding: UTF-8
require 'spec_helper'

describe "CASServer::Authenticators::ActiveResource" do
  before do
    pending("Skip ActiveResource test due to missing gems") unless gem_available?("activeresource")
    # Trigger autoload to load also Helpers module
    # TODO this helper module should be inside activeresource namespace
    CASServer::Authenticators::ActiveResource
  end
  describe "CASServer::Authenticators::Helpers::Identity" do
    subject { CASServer::Authenticators::Helpers::Identity.new }

    it { should be_an ActiveResource::Base }

    it "class should respond to :authenticate" do
      subject.class.should respond_to :authenticate
    end

    it "class should have a method_name accessor" do
      CASServer::Authenticators::Helpers::Identity.method_name.should == :authenticate
    end

    it "class should have a method_name accessor" do
      CASServer::Authenticators::Helpers::Identity.method_type.should == :post
    end

    it "class method_type accessor should validate type" do
      expect {
        CASServer::Authenticators::Helpers::Identity.method_type = :foo
      }.to raise_error(ArgumentError)
    end

  end

  describe "CASServer::Authenticators::ActiveResource" do

    describe "#setup" do

      it "should configure the identity object" do
        CASServer::Authenticators::Helpers::Identity.should_receive(:user=).with('httpuser').once
        CASServer::Authenticators::ActiveResource.setup :site => 'http://api.example.org', :user => 'httpuser'
      end

      it "should configure the method_type" do
        CASServer::Authenticators::Helpers::Identity.should_receive(:method_type=).with('get').once
        CASServer::Authenticators::ActiveResource.setup :site => 'http://api.example.org', :method_type => 'get'
      end

      it "should raise if site option is missing" do
        expect {
          CASServer::Authenticators::ActiveResource.setup({}).should
        }.to raise_error(CASServer::AuthenticatorError, /site option/)
      end
    end

    describe "#validate" do

      let(:credentials) { {:username => 'validusername',
                           :password => 'validpassword',
                           :service => 'test.service'} }

      let(:auth) { CASServer::Authenticators::ActiveResource.new }

      def mock_authenticate identity = nil
        identity = CASServer::Authenticators::Helpers::Identity.new if identity.nil?
        CASServer::Authenticators::Helpers::Identity.stub(:authenticate).and_return(identity)
      end

      def sample_identity attrs = {}
        identity = CASServer::Authenticators::Helpers::Identity.new
        attrs.each { |k,v| identity.send "#{k}=", v }
        identity
      end

      it "should call Identity#autenticate with the given params" do
        CASServer::Authenticators::Helpers::Identity.should_receive(:authenticate).with(credentials).once
        auth.validate(credentials)
      end

      it "should return identity object attributes as extra attributes" do
        auth.configure({}.with_indifferent_access)
        identity = sample_identity({:email => '[email protected]'})
        mock_authenticate identity
        auth.validate(credentials).should be_true
        auth.extra_attributes.should == identity.attributes
      end

      it "should return false when http raises" do
        CASServer::Authenticators::Helpers::Identity.stub(:authenticate).and_raise(ActiveResource::ForbiddenAccess.new({}))
        auth.validate(credentials).should be_false
      end

      it "should apply extra_attribute filter" do
        auth.configure({ :extra_attributes => 'age'}.with_indifferent_access)
        mock_authenticate sample_identity({ :email => '[email protected]', :age => 28 })
        auth.validate(credentials).should be_true
        auth.extra_attributes.should == { "age" => "28" }
      end

      it "should only extract not filtered attributes" do
        auth.configure({ :filter_attributes => 'age'}.with_indifferent_access)
        mock_authenticate sample_identity({ :email => '[email protected]', :age => 28 })
        auth.validate(credentials).should be_true
        auth.extra_attributes.should == { "email" => '[email protected]' }
      end

      it "should filter password if filter attributes is not given" do
        auth.configure({}.with_indifferent_access)
        mock_authenticate sample_identity({ :email => '[email protected]', :password => 'secret' })
        auth.validate(credentials).should be_true
        auth.extra_attributes.should == { "email" => '[email protected]' }
      end
    end
  end
end