Merge CASinoCore into CASino

See also:
* https://github.com/rbCAS/CASinoCore/issues/18

.gitignore

@@ -19,6 +19,9 @@
 
 /pkg
 
+# http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
+/Gemfile.lock
+
 # Dummy application crap
 /spec/dummy/log/*.log
 /spec/dummy/tmp

Gemfile.lock

@@ -1,43 +1,47 @@
 PATH
   remote: .
   specs:
-    casino (1.3.1)
-      casino_core (~> 1.4.0)
+    casino (1.3.2)
+      addressable (~> 2.3)
+      faraday (~> 0.8)
       http_accept_language (~> 2.0.0.pre)
       jquery-rails (~> 2.1)
       rails (~> 3.2.9)
+      rotp (~> 1.4)
+      terminal-table (~> 1.4)
+      useragent (~> 0.4)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.13)
-      actionpack (= 3.2.13)
-      mail (~> 2.5.3)
-    actionpack (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
+    actionmailer (3.2.14)
+      actionpack (= 3.2.14)
+      mail (~> 2.5.4)
+    actionpack (3.2.14)
+      activemodel (= 3.2.14)
+      activesupport (= 3.2.14)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
       rack (~> 1.4.5)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.2.1)
-    activemodel (3.2.13)
-      activesupport (= 3.2.13)
+    activemodel (3.2.14)
+      activesupport (= 3.2.14)
       builder (~> 3.0.0)
-    activerecord (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
+    activerecord (3.2.14)
+      activemodel (= 3.2.14)
+      activesupport (= 3.2.14)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-    activesupport (3.2.13)
-      i18n (= 0.6.1)
+    activeresource (3.2.14)
+      activemodel (= 3.2.14)
+      activesupport (= 3.2.14)
+    activesupport (3.2.14)
+      i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    addressable (2.3.4)
+    addressable (2.3.5)
     arel (3.0.2)
     builder (3.0.4)
     capybara (2.1.0)
@@ -46,33 +50,31 @@ GEM
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       xpath (~> 2.0)
-    casino_core (1.4.3)
-      activerecord (~> 3.2.9)
-      addressable (~> 2.3)
-      faraday (~> 0.8)
-      rotp (~> 1.4)
-      terminal-table (~> 1.4)
-      useragent (~> 0.4)
+    crack (0.4.1)
+      safe_yaml (~> 0.9.0)
     diff-lcs (1.2.4)
     erubis (2.7.0)
-    faraday (0.8.7)
-      multipart-post (~> 1.1)
-    hike (1.2.2)
+    factory_girl (4.2.0)
+      activesupport (>= 3.0.0)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
+    hike (1.2.3)
     http_accept_language (2.0.0.pre)
-    i18n (0.6.1)
+    i18n (0.6.5)
     journey (1.0.4)
-    jquery-rails (2.2.1)
+    jquery-rails (2.3.0)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
-    json (1.7.7)
-    mail (2.5.3)
-      i18n (>= 0.4.0)
+    json (1.8.0)
+    mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     mime-types (1.23)
-    multi_json (1.7.2)
+    mini_portile (0.5.1)
+    multi_json (1.7.9)
     multipart-post (1.2.0)
-    nokogiri (1.5.9)
+    nokogiri (1.6.0)
+      mini_portile (~> 0.5.0)
     polyglot (0.3.3)
     rack (1.4.5)
     rack-cache (1.2)
@@ -81,40 +83,41 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.13)
-      actionmailer (= 3.2.13)
-      actionpack (= 3.2.13)
-      activerecord (= 3.2.13)
-      activeresource (= 3.2.13)
-      activesupport (= 3.2.13)
+    rails (3.2.14)
+      actionmailer (= 3.2.14)
+      actionpack (= 3.2.14)
+      activerecord (= 3.2.14)
+      activeresource (= 3.2.14)
+      activesupport (= 3.2.14)
       bundler (~> 1.0)
-      railties (= 3.2.13)
-    railties (3.2.13)
-      actionpack (= 3.2.13)
-      activesupport (= 3.2.13)
+      railties (= 3.2.14)
+    railties (3.2.14)
+      actionpack (= 3.2.14)
+      activesupport (= 3.2.14)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
-    rake (10.0.4)
+    rake (10.1.0)
     rdoc (3.12.2)
       json (~> 1.4)
     rotp (1.4.1)
-    rspec (2.13.0)
-      rspec-core (~> 2.13.0)
-      rspec-expectations (~> 2.13.0)
-      rspec-mocks (~> 2.13.0)
-    rspec-core (2.13.1)
-    rspec-expectations (2.13.0)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.5)
+    rspec-expectations (2.14.1)
       diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.13.1)
-    rspec-rails (2.13.0)
+    rspec-mocks (2.14.3)
+    rspec-rails (2.14.0)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 2.13.0)
-      rspec-expectations (~> 2.13.0)
-      rspec-mocks (~> 2.13.0)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    safe_yaml (0.9.5)
     simplecov (0.7.1)
       multi_json (~> 1.0)
       simplecov-html (~> 0.7.1)
@@ -127,12 +130,15 @@ GEM
     sqlite3 (1.3.7)
     terminal-table (1.4.5)
     thor (0.18.1)
-    tilt (1.3.7)
-    treetop (1.4.12)
+    tilt (1.4.1)
+    treetop (1.4.14)
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.37)
-    useragent (0.5.0)
+    useragent (0.6.0)
+    webmock (1.13.0)
+      addressable (>= 2.2.7)
+      crack (>= 0.3.2)
     xpath (2.0.0)
       nokogiri (~> 1.3)
 
@@ -142,8 +148,10 @@ PLATFORMS
 DEPENDENCIES
   capybara (~> 2.1)
   casino!
+  factory_girl (~> 4.1)
   rake (~> 10.0)
   rspec (~> 2.12)
   rspec-rails (~> 2.0)
   simplecov (~> 0.7)
   sqlite3 (~> 1.3)
+  webmock (~> 1.9)

UPGRADE.md

@@ -0,0 +1,41 @@
+# Upgrade CASinoCore
+
+Here is a list of backward-incompatible changes that were introduced.
+
+## 1.4.0
+
+This release changed some database structure. Be sure to advise users to migrate the database using `bundle exec rake casino_core:db:migrate`.
+
+API changes:
+
+* `LoginCredentialAcceptor`: `user_logged_in` may receive a third argument (`Time`, optional, default = `nil`) which represents the expiry date of the cookie. If it is `nil`, the cookie should be a session cookie.
+* `Logout`: `user_logged_out` may receive a second argument (`boolean`, optional, default = `false`). When it is `true`, the user should be redirected immediately.
+
+## 1.3.0
+
+This release adds support for two-factor authentication using a [TOTP](http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) (time-based one-time password) which can be generated with applications like [Google Authenticator](http://support.google.com/a/bin/answer.py?hl=en&answer=1037451) (iPhone, Android, BlackBerry) or gadgets such as the [YubiKey](http://www.yubico.com/products/yubikey-hardware/yubikey/).
+
+If you would like to support two-factor authentication in your web application, please have a look at the corresponding processors: `SecondFactorAuthenticationAcceptor`, `TwoFactorAuthenticatorActivator`, `TwoFactorAuthenticatorDestroyer`, `TwoFactorAuthenticatorOverview`, `TwoFactorAuthenticatorRegistrator`
+
+New callbacks:
+
+* `LoginCredentialAcceptor`: calls `#two_factor_authentication_pending` on the listener, when two-factor authentication is enabled for this user.
+
+If you don't want to support two-factor authentication, nothing has to be changed.
+
+## 1.2.0
+
+API changes:
+
+* We extracted user data into an entity. Because of this, attributes such as `username` are no longer accessible directly on a `ticket_granting_ticket`. Use `ticket_granting_ticket.user.username` instead.
+
+## 1.1.0
+
+API changes:
+
+* `LoginCredentialAcceptor`: The parameters of `#process` changed from `params, cookies, user_agent` to just `params, user_agent`
+
+New callbacks:
+
+* `LoginCredentialRequestor` and `LoginCredentialAcceptor` call `#service_not_allowed` on the listener, when a service is not in the service whitelist.
+* `API::ServiceTicketProvider` calls `#service_not_allowed_via_api` on the listener, when a service is not in the service whitelist.

casino.gemspec

@@ -29,9 +29,15 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec-rails', '~> 2.0'
   s.add_development_dependency 'simplecov', '~> 0.7'
   s.add_development_dependency 'sqlite3', '~> 1.3'
+  s.add_development_dependency 'factory_girl', '~> 4.1'
+  s.add_development_dependency 'webmock', '~> 1.9'
 
   s.add_runtime_dependency 'rails', '~> 3.2.9'
   s.add_runtime_dependency 'jquery-rails', '~> 2.1'
   s.add_runtime_dependency 'http_accept_language', '~> 2.0.0.pre'
-  s.add_runtime_dependency 'casino_core', '~> 1.4.0'
+  s.add_runtime_dependency 'addressable', '~> 2.3'
+  s.add_runtime_dependency 'terminal-table', '~> 1.4'
+  s.add_runtime_dependency 'useragent', '~> 0.4'
+  s.add_runtime_dependency 'faraday', '~> 0.8'
+  s.add_runtime_dependency 'rotp', '~> 1.4'
 end

config/cas.yml

@@ -0,0 +1,24 @@
+defaults: &defaults
+  service_ticket:
+    lifetime_unconsumed: 299
+  authenticators:
+    static_1:
+      class: "CASinoCore::Authenticator::Static"
+      options:
+        users:
+          testuser:
+            password: "foobar123"
+            name: "Test User"
+    static_2:
+      class: "CASinoCore::Authenticator::Static"
+      options:
+        users:
+          example:
+            password: "dito123"
+            name: "Test User"
+
+development:
+  <<: *defaults
+
+test:
+  <<: *defaults

config/database.yml

@@ -0,0 +1,19 @@
+# this configuration is only needed to setup the database for the tests
+
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+test:
+  adapter: sqlite3
+  database: ':memory:'
+  pool: 5
+  timeout: 5000
+  verbosity: quiet

db/migrate/20121112154930_create_ticket_granting_tickets.rb

@@ -0,0 +1,11 @@
+class CreateTicketGrantingTickets < ActiveRecord::Migration
+  def change
+    create_table :ticket_granting_tickets do |t|
+      t.string :ticket, null: false, unique: true
+      t.string :username, null: false
+      t.text :extra_attributes
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20121112160009_create_login_tickets.rb

@@ -0,0 +1,9 @@
+class CreateLoginTickets < ActiveRecord::Migration
+  def change
+    create_table :login_tickets do |t|
+      t.string :ticket
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20121112165804_ticket_should_not_be_null.rb

@@ -0,0 +1,5 @@
+class TicketShouldNotBeNull < ActiveRecord::Migration
+  def change
+    change_column :login_tickets, :ticket, :string, null: false, unique: true
+  end
+end

db/migrate/20121122180310_add_user_agent_to_ticket_granting_tickets.rb

@@ -0,0 +1,5 @@
+class AddUserAgentToTicketGrantingTickets < ActiveRecord::Migration
+  def change
+    add_column :ticket_granting_tickets, :user_agent, :string
+  end
+end

db/migrate/20121124170004_add_index_for_username_to_ticket_granting_tickets.rb

@@ -0,0 +1,5 @@
+class AddIndexForUsernameToTicketGrantingTickets < ActiveRecord::Migration
+  def change
+    add_index :ticket_granting_tickets, :username
+  end
+end

db/migrate/20121124183542_create_service_tickets.rb

@@ -0,0 +1,13 @@
+class CreateServiceTickets < ActiveRecord::Migration
+  def change
+    create_table :service_tickets do |t|
+      t.string :ticket, null: false, unique: true
+      t.string :service, null: false
+      t.integer :ticket_granting_ticket_id, null: false
+
+      t.timestamps
+    end
+    add_index :service_tickets, :ticket
+    add_index :service_tickets, :ticket_granting_ticket_id
+  end
+end

db/migrate/20121124183732_add_ticket_indexes.rb

@@ -0,0 +1,6 @@
+class AddTicketIndexes < ActiveRecord::Migration
+  def change
+    add_index :ticket_granting_tickets, :ticket
+    add_index :login_tickets, :ticket
+  end
+end

db/migrate/20121124195013_add_consumed_to_service_tickets.rb

@@ -0,0 +1,5 @@
+class AddConsumedToServiceTickets < ActiveRecord::Migration
+  def change
+    add_column :service_tickets, :consumed, :boolean, null: false, default: false
+  end
+end

db/migrate/20121125091934_add_issued_from_credentials_to_service_tickets.rb

@@ -0,0 +1,5 @@
+class AddIssuedFromCredentialsToServiceTickets < ActiveRecord::Migration
+  def change
+    add_column :service_tickets, :issued_from_credentials, :boolean, null: false, default: false
+  end
+end