require 'spec_helper' describe OmniAuth::Strategies::Crowd, :type=>:strategy do include OmniAuth::Test::StrategyTestCase def strategy @crowd_server_url ||= 'https://crowd.example.org' @application_name ||= 'bogus_app' @application_password ||= 'bogus_app_password' [OmniAuth::Strategies::Crowd, {:crowd_server_url => @crowd_server_url, :application_name => @application_name, :application_password => @application_password, :use_sessions => @using_sessions}] end @using_sessions = false let(:config) { OmniAuth::Strategies::Crowd::Configuration.new(strategy[1]) } let(:validator) { OmniAuth::Strategies::Crowd::CrowdValidator.new(config, 'foo', 'bar') } describe 'Authentication Request Body' do it 'should send password in session request' do body = <<-BODY.strip bar BODY expect(validator.send(:make_authentication_request_body, 'bar')).to eq(body) end it 'should escape special characters username and password in session request' do body = <<-BODY.strip bar< BODY expect(validator.send(:make_authentication_request_body, 'bar<')).to eq(body) end end describe 'Session Request Body' do it 'should send username and password in session request' do body = <<-BODY.strip foo bar BODY expect(validator.send(:make_session_request_body, 'foo', 'bar')).to eq(body) end it 'should escape special characters username and password in session request' do body = <<-BODY.strip foo bar< BODY expect(validator.send(:make_session_request_body, 'foo', 'bar<')).to eq(body) end end describe 'GET /auth/crowd' do it 'should show the login form' do get '/auth/crowd' expect(last_response).to be_ok end end describe 'POST /auth/crowd' do it 'should redirect to callback' do post '/auth/crowd', :username=>'foo', :password=>'bar' expect(last_response).to be_redirect expect(last_response.headers['Location']).to eq('http://example.org/auth/crowd/callback') end end describe 'GET /auth/crowd/callback without any credentials' do it 'should fail' do get '/auth/crowd/callback' expect(last_response).to be_redirect expect(last_response.headers['Location']).to match(/no_credentials/) end end describe 'GET /auth/crowd/callback with credentials can be successful' do context "when using authentication endpoint" do before do stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo"). to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'success.xml'))) stub_request(:get, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/user/group/direct?username=foo"). to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'groups.xml'))) #Adding this to prevent Content-Type text/xml from being added back in the future stub_request(:get, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/user/group/direct?username=foo").with(:headers => {"Content-Type" => "text/xml"}). to_return(:status => [415, "Unsupported Media Type"]) get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} end it 'should call through to the master app' do expect(last_response.body).to eq('true') end it 'should have an auth hash' do auth = last_request.env['omniauth.auth'] expect(auth).to be_kind_of(Hash) end it 'should have good data' do auth = last_request.env['omniauth.auth'] expect(auth['provider']).to eq(:crowd) expect(auth['uid']).to eq('foo') expect(auth['info']).to be_kind_of(Hash) expect(auth['info']['groups'].sort).to eq(["Developers", "jira-users"].sort) end end describe "when using session endpoint" do before do @using_sessions = true stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo"). to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'success.xml'))) stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/session"). to_return(:status => 201, :body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'session.xml'))) stub_request(:get, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/user/group/direct?username=foo"). to_return(:body => File.read(File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'groups.xml'))) end after { @using_sessions = false } it 'should call through to the master app' do get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} expect(last_response.body).to eq('true') end it 'should have an auth hash' do get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} expect(last_request.env['omniauth.auth']).to be_kind_of(Hash) end it 'should have good data' do get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} auth = last_request.env['omniauth.auth'] expect(auth['provider']).to eq(:crowd) expect(auth['uid']).to eq('foo') expect(auth['info']).to be_kind_of(Hash) expect(auth['info']['sso_token']).to eq('rtk8eMvqq00EiGn5iJCMZQ00') expect(auth['info']['groups'].sort).to eq(["Developers", "jira-users"].sort) end end end describe 'GET /auth/crowd/callback with credentials will fail' do before do stub_request(:post, "https://bogus_app:bogus_app_password@crowd.example.org/rest/usermanagement/latest/authentication?username=foo"). to_return(:code=>400) get '/auth/crowd/callback', nil, 'rack.session'=>{'omniauth.crowd'=> {"username"=>"foo", "password"=>"ba"}} end it 'should fail' do expect(last_response).to be_redirect expect(last_response.headers['Location']).to match(/invalid_credentials/) end end end