ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Soft delete accont authorization configs 

closes CNVS-20947

Allow users to "delete" auth configs without
violating foreign key constraints.
Also means updating all places that use the
association interface to a new method
that strips out inactive AACs

TEST PLAN:
 1) create a new AAC with the IDP of your choice
 2) create some pseudonyms that are attached to the new AAC
 3) try to delete the AAC from the authorization config area
 4) it should not blow up

Change-Id: Iff56fd8aa2ee66a2468191a9c880a99862d83927
Reviewed-on: https://gerrit.instructure.com/55808
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
This commit is contained in:
Ethan Vizitei 2015-06-04 10:42:53 -06:00 committed by Ethan Vizitei
parent c942af7148
commit f7401feb8f
45 changed files with 374 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
app/controllers/account_authorization_configs_controller.rb
View File

@ -170,7 +170,7 @@ class AccountAuthorizationConfigsController < ApplicationController
# @returns [AccountAuthorizationConfig]
def index
if api_request?
render json: aacs_json(@account.account_authorization_configs)
render json: aacs_json(@account.authentication_providers.active)
else
@presenter = AccountAuthorizationConfigsPresenter.new(@account)
end
@ -533,8 +533,7 @@ class AccountAuthorizationConfigsController < ApplicationController
position = aac_data.delete(:position)
data = filter_data(aac_data)
deselect_parent_registration(data)
account_config = @account.account_authorization_configs.build(data)
account_config = @account.authentication_providers.build(data)
update_deprecated_account_settings_data(aac_data, account_config)
if position.present?
@ -564,7 +563,7 @@ class AccountAuthorizationConfigsController < ApplicationController
# @returns AccountAuthorizationConfig
def update
aac_data = strong_params.fetch(:account_authorization_config, strong_params)
aac = @account.account_authorization_configs.find params[:id]
aac = @account.authentication_providers.active.find params[:id]
update_deprecated_account_settings_data(aac_data, aac)
position = aac_data.delete(:position)
data = filter_data(aac_data)
@ -603,7 +602,7 @@ class AccountAuthorizationConfigsController < ApplicationController
# @returns AccountAuthorizationConfig
#
def show
aac = @account.account_authorization_configs.find params[:id]
aac = @account.authentication_providers.active.find params[:id]
render json: aac_json(aac)
end
@ -614,7 +613,7 @@ class AccountAuthorizationConfigsController < ApplicationController
# curl -XDELETE 'https://<canvas>/api/v1/accounts/<account_id>/account_authorization_configs/<id>' \
# -H 'Authorization: Bearer <token>'
def destroy
aac = @account.account_authorization_configs.find params[:id]
aac = @account.authentication_providers.active.find params[:id]
aac.destroy
respond_to do |format|
@ -625,7 +624,7 @@ class AccountAuthorizationConfigsController < ApplicationController
# deprecated version of the AAC API
def update_all
account_configs_to_delete = @account.account_authorization_configs.to_a.dup
account_configs_to_delete = @account.authentication_providers.active.to_a.dup
account_configs = []
(params[:account_authorization_config] || {}).sort_by {|k,_| k }.each do |_idx, data|
id = data.delete :id
@ -635,10 +634,10 @@ class AccountAuthorizationConfigsController < ApplicationController
next if data.empty?
if id.to_i == 0
account_config = @account.account_authorization_configs.build(data)
account_config = @account.authentication_providers.build(data)
account_config.save!
else
account_config = @account.account_authorization_configs.find(id)
account_config = @account.authentication_providers.active.find(id)
account_configs_to_delete.delete(account_config)
account_config.update_attributes!(data)
end
@ -651,14 +650,14 @@ class AccountAuthorizationConfigsController < ApplicationController
@account.reload
if @account.account_authorization_configs.count > 1 && params[:discovery_url] && params[:discovery_url] != ''
if @account.authentication_providers.active.count > 1 && params[:discovery_url] && params[:discovery_url] != ''
@account.auth_discovery_url = params[:discovery_url]
else
@account.auth_discovery_url = nil
end
@account.save!
render :json => aacs_json(@account.account_authorization_configs)
render :json => aacs_json(@account.authentication_providers.active)
end
# @API GET discovery url _Deprecated_[2015-05-08]
@ -793,7 +792,7 @@ class AccountAuthorizationConfigsController < ApplicationController
def test_ldap_connection
results = []
@account.account_authorization_configs.each do |config|
ldap_providers(@account).each do |config|
h = {
:account_authorization_config_id => config.id,
:ldap_connection_test => config.test_ldap_connection
@ -805,7 +804,7 @@ class AccountAuthorizationConfigsController < ApplicationController
def test_ldap_bind
results = []
@account.account_authorization_configs.each do |config|
ldap_providers(@account).each do |config|
h = {
:account_authorization_config_id => config.id,
:ldap_bind_test => config.test_ldap_bind
@ -817,7 +816,7 @@ class AccountAuthorizationConfigsController < ApplicationController
def test_ldap_search
results = []
@account.account_authorization_configs.each do |config|
ldap_providers(@account).each do |config|
res = config.test_ldap_search
h = {
:account_authorization_config_id => config.id,
@ -843,7 +842,7 @@ class AccountAuthorizationConfigsController < ApplicationController
)
end
@account.account_authorization_configs.where(auth_type: 'ldap').each do |config|
ldap_providers(@account).each do |config|
h = {
:account_authorization_config_id => config.id,
:ldap_login_test => config.test_ldap_login(params[:username], params[:password])
@ -865,14 +864,12 @@ class AccountAuthorizationConfigsController < ApplicationController
end
def destroy_all
@account.account_authorization_configs.each do |c|
c.destroy
end
@account.authentication_providers.active.each(&:destroy)
redirect_to :account_account_authorization_configs
end
def saml_testing
@account_config = @account.account_authorization_configs.where(auth_type: 'saml').first
@account_config = @account.authentication_providers.active.where(auth_type: 'saml').first
unless @account_config
render json: {
@ -904,7 +901,7 @@ class AccountAuthorizationConfigsController < ApplicationController
end
def saml_testing_stop
account_config = @account.account_authorization_configs.where(auth_type: "saml").first
account_config = @account.authentication_providers.active.where(auth_type: "saml").first
account_config.finish_debugging if account_config.present?
render json: { status: "ok" }
end
@ -943,7 +940,11 @@ class AccountAuthorizationConfigsController < ApplicationController
def deselect_parent_registration(data)
if data[:parent_registration] == 'true' || data[:parent_registration] == '1'
@account.account_authorization_configs.update_all(parent_registration: false)
@account.authentication_providers.update_all(parent_registration: false)
end
end
def ldap_providers(account)
account.authentication_providers.active.where(auth_type: 'ldap')
end
end

5
app/controllers/login/canvas_controller.rb
View File

@ -27,8 +27,7 @@ class Login::CanvasController < ApplicationController
def new
@pseudonym_session = PseudonymSession.new
@headers = false
@aacs_with_buttons = @domain_root_account.account_authorization_configs.
select(&:login_button?)
@aacs_with_buttons = @domain_root_account.authentication_providers.active.select(&:login_button?)
maybe_render_mobile_login
end
@ -65,7 +64,7 @@ class Login::CanvasController < ApplicationController
# look for LDAP pseudonyms where we get the unique_id back from LDAP
if !found && !@pseudonym_session.attempted_record
found = @domain_root_account.account_authorization_configs.where(auth_type: 'ldap').any? do |aac|
found = @domain_root_account.authentication_providers.active.where(auth_type: 'ldap').any? do |aac|
next unless aac.identifier_format.present?
res = aac.ldap_bind_result(params[:pseudonym_session][:unique_id], params[:pseudonym_session][:password])
unique_id = res.first[aac.identifier_format].first if res

2
app/controllers/login/cas_controller.rb
View File

@ -99,7 +99,7 @@ class Login::CasController < ApplicationController
def aac
@aac ||= begin
scope = @domain_root_account.account_authorization_configs.where(auth_type: 'cas')
scope = @domain_root_account.authentication_providers.active.where(auth_type: 'cas')
params[:id] ? scope.find(params[:id]) : scope.first!
end
end

2
app/controllers/login/oauth_base_controller.rb
View File

@ -27,7 +27,7 @@ class Login::OauthBaseController < ApplicationController
# ActionController::TestCase can't deal with aliased controllers, so we have to
# explicitly specify this
auth_type = params[:auth_type] if Rails.env.test?
scope = @domain_root_account.account_authorization_configs.where(auth_type: auth_type)
scope = @domain_root_account.authentication_providers.active.where(auth_type: auth_type)
if params[:id]
@aac = scope.find(params[:id])
else

2
app/controllers/login/oauth_controller.rb
View File

@ -36,7 +36,7 @@ class Login::OauthController < Login::OauthBaseController
def create
reset_session_for_login
@aac = @domain_root_account.account_authorization_configs.find(params[:id])
@aac = @domain_root_account.authentication_providers.active.find(params[:id])
raise ActiveRecord::RecordNotFound unless @aac.is_a?(AccountAuthorizationConfig::Oauth)
oauth_state = session.delete(:oauth)

10
app/controllers/login/saml_controller.rb
View File

@ -49,8 +49,8 @@ class Login::SamlController < ApplicationController
increment_saml_stat('login_response_received')
response = Onelogin::Saml::Response.new(params[:SAMLResponse])
if @domain_root_account.account_authorization_configs.where(auth_type: 'saml').count > 1
@aac = @domain_root_account.account_authorization_configs.
if @domain_root_account.authentication_providers.active.where(auth_type: 'saml').count > 1
@aac = @domain_root_account.authentication_providers.active.
where(auth_type: 'saml').
where(idp_entity_id: response.issuer).
first
@ -227,7 +227,7 @@ class Login::SamlController < ApplicationController
increment_saml_stat("logout_response_received")
saml_response = Onelogin::Saml::LogoutResponse.parse(params[:SAMLResponse])
aac = @domain_root_account.account_authorization_configs.where(idp_entity_id: saml_response.issuer).first
aac = @domain_root_account.authentication_providers.active.where(idp_entity_id: saml_response.issuer).first
return render status: :bad_request, text: "Could not find SAML Entity" unless aac
settings = aac.saml_settings(request.host_with_port)
@ -245,7 +245,7 @@ class Login::SamlController < ApplicationController
else
increment_saml_stat("logout_request_received")
saml_request = Onelogin::Saml::LogoutRequest.parse(params[:SAMLRequest])
if (aac = @domain_root_account.account_authorization_configs.where(idp_entity_id: saml_request.issuer).first)
if (aac = @domain_root_account.authentication_providers.active.where(idp_entity_id: saml_request.issuer).first)
settings = aac.saml_settings(request.host_with_port)
saml_request.process(settings)
@ -286,7 +286,7 @@ class Login::SamlController < ApplicationController
def aac
@aac ||= begin
scope = @domain_root_account.account_authorization_configs.where(auth_type: 'saml')
scope = @domain_root_account.authentication_providers.active.where(auth_type: 'saml')
params[:id] ? scope.find(params[:id]) : scope.first!
end
end

8
app/controllers/login_controller.rb
View File

@ -69,10 +69,14 @@ class LoginController < ApplicationController
# canvas isn't an actual type, so we have to _not_ look for it
auth_type = 'canvas'
else
auth_type = @domain_root_account.account_authorization_configs.find(params[:authentication_provider]).auth_type
auth_type = @domain_root_account.
authentication_providers.
active.
find(params[:authentication_provider]).
auth_type
end
else
auth_type = @domain_root_account.account_authorization_configs.first.try(:auth_type)
auth_type = @domain_root_account.authentication_providers.active.first.try(:auth_type)
auth_type ||= 'canvas'
end

4
app/controllers/pseudonyms_controller.rb
View File

@ -337,7 +337,9 @@ class PseudonymsController < ApplicationController
def find_authentication_provider
return true unless params[:pseudonym][:authentication_provider_id]
params[:pseudonym][:authentication_provider] = @domain_root_account.account_authorization_configs.find(params[:pseudonym][:authentication_provider_id])
params[:pseudonym][:authentication_provider] = @domain_root_account.
authentication_providers.active.
find(params[:pseudonym][:authentication_provider_id])
end
def update_pseudonym_from_params

24
app/models/account.rb
View File

@ -73,7 +73,17 @@ class Account < ActiveRecord::Base
has_many :active_folders, :class_name => 'Folder', :as => :context, :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :active_folders_with_sub_folders, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :active_folders_detailed, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders, :active_file_attachments], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :account_authorization_configs, order: "position", extend: AccountAuthorizationConfig::FindWithType
has_many :authentication_providers,
order: "position",
extend: AccountAuthorizationConfig::FindWithType,
class_name: "AccountAuthorizationConfig"
# Shim until plugins can be updated to use "authentication_providers"
has_many :account_authorization_configs,
order: "position",
extend: AccountAuthorizationConfig::FindWithType
has_many :account_reports
has_many :grading_standards, :as => :context, :conditions => ['workflow_state != ?', 'deleted']
has_many :assessment_questions, :through => :assessment_question_banks
@ -277,13 +287,19 @@ class Account < ActiveRecord::Base
end
def non_canvas_auth_configured?
account_authorization_configs.exists?
authentication_providers.active.exists?
end
def canvas_authentication?
settings[:canvas_authentication] != false || !non_canvas_auth_configured?
end
def enable_canvas_authentication
return if settings[:canvas_authentication]
settings[:canvas_authentication] = true
self.save!
end
def open_registration?
!!settings[:open_registration] && canvas_authentication?
end
@ -955,7 +971,7 @@ class Account < ActiveRecord::Base
end
def delegated_authentication?
account_authorization_configs.first.is_a?(AccountAuthorizationConfig::Delegated)
authentication_providers.active.first.is_a?(AccountAuthorizationConfig::Delegated)
end
def forgot_password_external_url
@ -963,7 +979,7 @@ class Account < ActiveRecord::Base
end
def multi_auth?
self.account_authorization_configs.count > 1
self.authentication_providers.active.count > 1
end
def auth_discovery_url=(url)

25
app/models/account_authorization_config.rb
View File

@ -20,6 +20,13 @@ require 'net-ldap'
require 'net_ldap_extensions'
class AccountAuthorizationConfig < ActiveRecord::Base
include Workflow
workflow do
state :active
state :deleted
end
self.inheritance_column = :auth_type
# unless Rails.version > '5.0'? (https://github.com/rails/rails/pull/19500)
@ -70,16 +77,15 @@ class AccountAuthorizationConfig < ActiveRecord::Base
name.try(:demodulize)
end
scope :active, ->{ where("workflow_state <> 'deleted'") }
belongs_to :account
has_many :pseudonyms, foreign_key: :authentication_provider_id
acts_as_list scope: :account
acts_as_list scope: { account: self, workflow_state: [nil, 'active'] }
VALID_AUTH_TYPES = %w[cas facebook github google ldap linkedin openid_connect saml twitter].freeze
validates_inclusion_of :auth_type, in: VALID_AUTH_TYPES, message: "invalid auth_type, must be one of #{VALID_AUTH_TYPES.join(',')}"
validates_presence_of :account_id
after_destroy :enable_canvas_authentication
# create associate model find to accept auth types, and just return the first one of that
# type
module FindWithType
@ -108,6 +114,14 @@ class AccountAuthorizationConfig < ActiveRecord::Base
false
end
def destroy
self.send(:remove_from_list_for_destroy)
self.workflow_state = 'deleted'
self.save!
enable_canvas_authentication
end
alias_method :destroy!, :destroy
def auth_password=(password)
return if password.blank?
self.auth_crypted_password, self.auth_password_salt = Canvas::Security.encrypt_password(password, 'instructure_auth')
@ -134,10 +148,7 @@ class AccountAuthorizationConfig < ActiveRecord::Base
def enable_canvas_authentication
return if account.non_canvas_auth_configured?
if self.account.settings[:canvas_authentication] == false
self.account.settings[:canvas_authentication] = true
self.account.save!
end
account.enable_canvas_authentication
end
end

2
app/models/account_authorization_config/saml.rb
View File

@ -107,7 +107,7 @@ class AccountAuthorizationConfig::SAML < AccountAuthorizationConfig::Delegated
settings.tech_contact_name = app_config[:tech_contact_name] || 'Webmaster'
settings.tech_contact_email = app_config[:tech_contact_email] || ''
settings.issuer = account.account_authorization_configs.where(auth_type: 'saml').first.try(:entity_id)
settings.issuer = account.authentication_providers.active.where(auth_type: 'saml').first.try(:entity_id)
settings.issuer ||= saml_default_entity_id_for_account(account)
encryption = app_config[:encryption]

2
app/models/pseudonym.rb
View File

@ -415,7 +415,7 @@ class Pseudonym < ActiveRecord::Base
end
def ldap_bind_result(password_plaintext)
self.account.account_authorization_configs.where(auth_type: 'ldap').each do |config|
account.authentication_providers.active.where(auth_type: 'ldap').find_each do |config|
res = config.ldap_bind_result(self.unique_id, password_plaintext)
return res if res
end

4
app/presenters/account_authorization_configs_presenter.rb
View File

@ -6,7 +6,7 @@ class AccountAuthorizationConfigsPresenter
end
def configs
@configs ||= account.account_authorization_configs.to_a
@configs ||= account.authentication_providers.active.to_a
end
def new_auth_types
@ -116,7 +116,7 @@ class AccountAuthorizationConfigsPresenter
end
def new_config(auth_type)
account.account_authorization_configs.new(auth_type)
account.authentication_providers.new(auth_type)
end
def parent_reg_selected

2
app/views/account_authorization_configs/index.html.erb
View File

@ -11,7 +11,7 @@
<a href="#"
class="test_ldap_link btn button-sidebar-wide"
<%= image_tag "pending_review.png" %>
<%= t(:test_ldap_link, "Test LDAP Authentication")%>
<%= t(:test_ldap_link, "Test LDAP Authentication")%> >
</a>
<% end %>

2
db/migrate/20111121175219_disable_open_registration_for_delegated_auth.rb
View File

@ -1,6 +1,6 @@
class DisableOpenRegistrationForDelegatedAuth < ActiveRecord::Migration
def self.up
scope = Account.root_accounts.joins(:account_authorization_configs).readonly(false)
scope = Account.root_accounts.joins(:authentication_providers).readonly(false)
scope.where('account_authorization_configs.auth_type' => ['cas', 'saml']).each do |account|
account.settings = { :open_registration => false }
account.save!

8
db/migrate/20150604155956_add_workflow_state_to_account_authorization_configs.rb Normal file
View File

@ -0,0 +1,8 @@
class AddWorkflowStateToAccountAuthorizationConfigs < ActiveRecord::Migration
tag :predeploy
def change
add_column :account_authorization_configs, :workflow_state, :string, default: 'active', null: false
add_index :account_authorization_configs, :workflow_state
end
end

4
spec/apis/auth_spec.rb
View File

@ -218,9 +218,9 @@ describe "API Authentication", type: :request do
flow do
account = account_with_cas(:account => Account.default)
# it should *not* redirect to the alternate log_in_url on the config, when doing oauth
account.account_authorization_configs.first.update_attribute(:log_in_url, "https://www.example.com/bogus")
account.authentication_providers.first.update_attribute(:log_in_url, "https://www.example.com/bogus")
cas = CASClient::Client.new(:cas_base_url => account.account_authorization_configs.first.auth_base)
cas = CASClient::Client.new(:cas_base_url => account.authentication_providers.first.auth_base)
cas.instance_variable_set(:@stub_user, @user)
def cas.validate_service_ticket(st)
response = CASClient::ValidationResponse.new("yes\n#{@stub_user.pseudonyms.first.unique_id}\n")

72
spec/apis/v1/account_authorization_configs_api_spec.rb
View File

@ -36,9 +36,9 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should return all aacs in position order" do
config1 = @account.account_authorization_configs.create!(@saml_hash.merge(:idp_entity_id => "a"))
config2 = @account.account_authorization_configs.create!(@saml_hash.merge(:idp_entity_id => "d"))
config3 = @account.account_authorization_configs.create!(@saml_hash.merge(:idp_entity_id => "r"))
@account.authentication_providers.create!(@saml_hash.merge(:idp_entity_id => "a"))
@account.authentication_providers.create!(@saml_hash.merge(:idp_entity_id => "d"))
config3 = @account.authentication_providers.create!(@saml_hash.merge(:idp_entity_id => "r"))
config3.move_to_top
config3.save!
@ -66,7 +66,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
it "should create a saml aac" do
json = call_create(@saml_hash)
aac = @account.account_authorization_configs.first
aac = @account.authentication_providers.first
expect(aac.auth_type).to eq 'saml'
expect(aac.idp_entity_id).to eq 'http://example.com/saml1'
expect(aac.log_in_url).to eq 'http://example.com/saml1/sli'
@ -78,7 +78,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
it "should work with rails form style params" do
call_create({:account_authorization_config => @saml_hash})
aac = @account.account_authorization_configs.first
aac = @account.authentication_providers.first
expect(aac.auth_type).to eq 'saml'
expect(aac.idp_entity_id).to eq 'http://example.com/saml1'
end
@ -87,18 +87,18 @@ describe "AccountAuthorizationConfigs API", type: :request do
call_create(@saml_hash)
call_create(@saml_hash.merge('idp_entity_id' => "secondeh"))
aac1 = @account.account_authorization_configs.first
aac1 = @account.authentication_providers.first
expect(aac1.idp_entity_id).to eq 'http://example.com/saml1'
expect(aac1.position).to eq 1
aac2 = @account.account_authorization_configs.last
aac2 = @account.authentication_providers.last
expect(aac2.idp_entity_id).to eq 'secondeh'
expect(aac2.position).to eq 2
end
it "should create an ldap aac" do
call_create(@ldap_hash)
aac = @account.account_authorization_configs.first
aac = @account.authentication_providers.first
expect(aac.auth_type).to eq 'ldap'
expect(aac.auth_host).to eq '127.0.0.1'
expect(aac.auth_filter).to eq 'filter1'
@ -109,22 +109,22 @@ describe "AccountAuthorizationConfigs API", type: :request do
it "should create multiple ldap aacs" do
call_create(@ldap_hash)
call_create(@ldap_hash.merge('auth_host' => '127.0.0.2'))
aac = @account.account_authorization_configs.first
aac = @account.authentication_providers.first
expect(aac.auth_host).to eq '127.0.0.1'
expect(aac.position).to eq 1
aac2 = @account.account_authorization_configs.last
aac2 = @account.authentication_providers.last
expect(aac2.auth_host).to eq '127.0.0.2'
expect(aac2.position).to eq 2
end
it "should default ldap auth_over_tls to 'start_tls'" do
call_create(@ldap_hash)
expect(@account.account_authorization_configs.first.auth_over_tls).to eq 'start_tls'
expect(@account.authentication_providers.first.auth_over_tls).to eq 'start_tls'
end
it "should create a cas aac" do
call_create(@cas_hash)
aac = @account.account_authorization_configs.first
aac = @account.authentication_providers.first
expect(aac.auth_type).to eq 'cas'
expect(aac.auth_base).to eq '127.0.0.1'
expect(aac.position).to eq 1
@ -139,13 +139,13 @@ describe "AccountAuthorizationConfigs API", type: :request do
call_create(@ldap_hash)
call_create(@ldap_hash.merge('auth_host' => '127.0.0.2', 'position' => 1))
expect(@account.account_authorization_configs.first.auth_host).to eq '127.0.0.2'
expect(@account.authentication_providers.first.auth_host).to eq '127.0.0.2'
call_create(@ldap_hash.merge('auth_host' => '127.0.0.3', 'position' => 2))
expect(@account.account_authorization_configs[0].auth_host).to eq '127.0.0.2'
expect(@account.account_authorization_configs[1].auth_host).to eq '127.0.0.3'
expect(@account.account_authorization_configs[2].auth_host).to eq '127.0.0.1'
expect(@account.authentication_providers[0].auth_host).to eq '127.0.0.2'
expect(@account.authentication_providers[1].auth_host).to eq '127.0.0.3'
expect(@account.authentication_providers[2].auth_host).to eq '127.0.0.1'
end
it "should error if deprecated and new style are used" do
@ -184,7 +184,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should return saml aac" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
json = call_show(aac.id)
@saml_hash['id'] = aac.id
@ -199,7 +199,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should return ldap aac" do
aac = @account.account_authorization_configs.create!(@ldap_hash)
aac = @account.authentication_providers.create!(@ldap_hash)
json = call_show(aac.id)
@ldap_hash.delete 'auth_password'
@ -213,7 +213,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should return cas aac" do
aac = @account.account_authorization_configs.create!(@cas_hash)
aac = @account.authentication_providers.create!(@cas_hash)
json = call_show(aac.id)
@cas_hash['log_in_url'] = nil
@ -243,7 +243,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should update a saml aac" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
@saml_hash['idp_entity_id'] = 'hahahaha'
call_update(aac.id, @saml_hash)
@ -252,7 +252,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should work with rails form style params" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
@saml_hash['idp_entity_id'] = 'hahahaha'
call_update(aac.id, {:account_authorization_config => @saml_hash})
@ -261,7 +261,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should update an ldap aac" do
aac = @account.account_authorization_configs.create!(@ldap_hash)
aac = @account.authentication_providers.create!(@ldap_hash)
@ldap_hash['auth_host'] = '192.168.0.1'
call_update(aac.id, @ldap_hash)
@ -270,7 +270,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should update a cas aac" do
aac = @account.account_authorization_configs.create!(@cas_hash)
aac = @account.authentication_providers.create!(@cas_hash)
@cas_hash['auth_base'] = '192.168.0.1'
call_update(aac.id, @cas_hash)
@ -279,19 +279,19 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should error when mixing auth_types" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
json = call_update(aac.id, @cas_hash, 400)
expect(json['message']).to eq 'Can not change type of authorization config, please delete and create new config.'
end
it "should update positions" do
aac = @account.account_authorization_configs.create!(@ldap_hash)
@account.authentication_providers.create!(@ldap_hash)
@ldap_hash['auth_host'] = '192.168.0.1'
aac2 = @account.account_authorization_configs.create!(@ldap_hash)
aac2 = @account.authentication_providers.create!(@ldap_hash)
@ldap_hash['position'] = 1
call_update(aac2.id, @ldap_hash)
expect(@account.account_authorization_configs.first.id).to eq aac2.id
expect(@account.authentication_providers.first.id).to eq aac2.id
end
it "should 404" do
@ -314,24 +314,24 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should delete" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
call_destroy(aac.id)
expect(@account.non_canvas_auth_configured?).to be_falsey
end
it "should reposition correctly" do
aac = @account.account_authorization_configs.create!(@saml_hash)
aac2 = @account.account_authorization_configs.create!(@saml_hash)
aac3 = @account.account_authorization_configs.create!(@saml_hash)
aac4 = @account.account_authorization_configs.create!(@saml_hash)
aac = @account.authentication_providers.create!(@saml_hash)
aac2 = @account.authentication_providers.create!(@saml_hash)
aac3 = @account.authentication_providers.create!(@saml_hash)
aac4 = @account.authentication_providers.create!(@saml_hash)
call_destroy(aac.id)
aac2.reload
aac3.reload
aac4.reload
expect(@account.account_authorization_configs.count).to eq 3
expect(@account.account_authorization_configs.first.id).to eq aac2.id
expect(@account.authentication_providers.active.count).to eq 3
expect(@account.authentication_providers.active.first.id).to eq aac2.id
expect(aac2.position).to eq 1
expect(aac3.position).to eq 2
expect(aac4.position).to eq 3
@ -339,8 +339,8 @@ describe "AccountAuthorizationConfigs API", type: :request do
call_destroy(aac3.id)
aac2.reload
aac4.reload
expect(@account.account_authorization_configs.count).to eq 2
expect(@account.account_authorization_configs.first.id).to eq aac2.id
expect(@account.authentication_providers.active.count).to eq 2
expect(@account.authentication_providers.active.first.id).to eq aac2.id
expect(aac2.position).to eq 1
expect(aac4.position).to eq 2
end

50
spec/apis/v1/account_authorization_configs_deprecated_api_spec.rb
View File

@ -31,8 +31,8 @@ describe "AccountAuthorizationConfigs API", type: :request do
{ :controller => 'account_authorization_configs', :action => 'create', :account_id => @account.id.to_s, :format => 'json' },
{ :account_authorization_config => {"0" => {"auth_type" => "cas", "auth_base" => "127.0.0.1"}}})
@account.reload
expect(@account.account_authorization_configs.size).to eq 1
config = @account.account_authorization_configs.first
expect(@account.authentication_providers.size).to eq 1
config = @account.authentication_providers.first
expect(config.auth_type).to eq 'cas'
expect(config.auth_base).to eq '127.0.0.1'
end
@ -45,9 +45,9 @@ describe "AccountAuthorizationConfigs API", type: :request do
{ :account_authorization_config => {"0" => ldap1, "1" => ldap2}})
@account.reload
expect(@account.account_authorization_configs.size).to eq 2
config1 = @account.account_authorization_configs.first
config2 = @account.account_authorization_configs.second
expect(@account.authentication_providers.size).to eq 2
config1 = @account.authentication_providers.first
config2 = @account.authentication_providers.second
expect(config1.auth_type).to eq 'ldap'
expect(config1.auth_host).to eq '127.0.0.1'
@ -63,26 +63,26 @@ describe "AccountAuthorizationConfigs API", type: :request do
end
it "should update existing configs" do
config = @account.account_authorization_configs.create!("auth_type" => "cas", "auth_base" => "127.0.0.1")
config = @account.authentication_providers.create!("auth_type" => "cas", "auth_base" => "127.0.0.1")
api_call(:post, "/api/v1/accounts/#{@account.id}/account_authorization_configs",
{ :controller => 'account_authorization_configs', :action => 'create', :account_id => @account.id.to_s, :format => 'json' },
{ :account_authorization_config => {"0" => {"id" => config.id.to_s, "auth_type" => "cas", "auth_base" => "127.0.0.2"}}})
@account.reload
config.reload
expect(@account.account_authorization_configs.size).to eq 1
expect(@account.account_authorization_configs.first).to eq config
expect(@account.authentication_providers.size).to eq 1
expect(@account.authentication_providers.first).to eq config
expect(config.auth_base).to eq '127.0.0.2'
end
it "should delete configs not referenced" do
config = @account.account_authorization_configs.create!("auth_type" => "ldap")
config = @account.account_authorization_configs.create!("auth_type" => "ldap")
@account.authentication_providers.create!("auth_type" => "ldap")
config = @account.authentication_providers.create!("auth_type" => "ldap")
api_call(:post, "/api/v1/accounts/#{@account.id}/account_authorization_configs",
{ :controller => 'account_authorization_configs', :action => 'create', :account_id => @account.id.to_s, :format => 'json' },
{ :account_authorization_config => {"0" => {"id" => config.id.to_s, "auth_type" => "ldap"}}})
@account.reload
expect(@account.account_authorization_configs.count).to eq 1
expect(@account.authentication_providers.active.count).to eq 1
end
it "should discard config parameters not recognized for the given auth_type" do
@ -90,8 +90,8 @@ describe "AccountAuthorizationConfigs API", type: :request do
{ :controller => 'account_authorization_configs', :action => 'create', :account_id => @account.id.to_s, :format => 'json' },
{ :account_authorization_config => {"0" => {"auth_type" => "cas", "auth_base" => "127.0.0.1", "auth_filter" => "discarded"}}})
@account.reload
expect(@account.account_authorization_configs.size).to eq 1
config = @account.account_authorization_configs.first
expect(@account.authentication_providers.size).to eq 1
config = @account.authentication_providers.first
expect(config.auth_type).to eq 'cas'
expect(config.auth_filter).to be_nil
end
@ -112,9 +112,9 @@ describe "AccountAuthorizationConfigs API", type: :request do
it "should set multiple saml configs" do
update_saml
@account.reload
expect(@account.account_authorization_configs.size).to eq 2
config1 = @account.account_authorization_configs.first
config2 = @account.account_authorization_configs.second
expect(@account.authentication_providers.size).to eq 2
config1 = @account.authentication_providers.first
config2 = @account.authentication_providers.second
expect(config1.auth_type).to eq 'saml'
expect(config1.idp_entity_id).to eq 'http://example.com/saml1'
@ -135,8 +135,8 @@ describe "AccountAuthorizationConfigs API", type: :request do
update_saml
@account.reload
config1 = @account.account_authorization_configs.first
config2 = @account.account_authorization_configs.second
config1 = @account.authentication_providers.first
config2 = @account.authentication_providers.second
@saml1['idp_entity_id'] = 'different'
@saml1['id'] = config1.id
@ -146,7 +146,7 @@ describe "AccountAuthorizationConfigs API", type: :request do
update_saml
@account.reload
expect(@account.account_authorization_configs.size).to eq 2
expect(@account.authentication_providers.size).to eq 2
config1.reload
expect(config1.idp_entity_id).to eq 'different'
@ -156,20 +156,20 @@ describe "AccountAuthorizationConfigs API", type: :request do
it "should use the first config as the default" do
update_saml
expect(@account.account_authorization_configs.first.idp_entity_id).to eq 'http://example.com/saml1'
expect(@account.authentication_providers.first.idp_entity_id).to eq 'http://example.com/saml1'
end
it "should create new configs if they are reordered" do
update_saml
config1 = @account.account_authorization_configs.first
config2 = @account.account_authorization_configs.second
config1 = @account.authentication_providers.first
config2 = @account.authentication_providers.second
update_saml(:account_authorization_config => {"0" => @saml2, "1" => @saml1})
@account.reload
expect(@account.account_authorization_configs.count).to eq 2
expect(@account.authentication_providers.active.count).to eq 2
config3 = @account.account_authorization_configs.first
config4 = @account.account_authorization_configs.second
config3 = @account.authentication_providers.active.first
config4 = @account.authentication_providers.active.second
expect(config3.idp_entity_id).to eq 'http://example.com/saml2'
expect(config3.id).not_to eq config2.id
expect(config4.idp_entity_id).to eq 'http://example.com/saml1'

2
spec/controllers/account_authorization_configs_controller_spec.rb
View File

@ -43,7 +43,7 @@ RSpec.describe AccountAuthorizationConfigsController, type: :controller do
context "with an AAC" do
it "renders ok" do
account.account_authorization_configs.create!(saml_hash)
account.authentication_providers.create!(saml_hash)
get 'index', account_id: account.id
expect(response).to be_success
end

2
spec/controllers/communication_channels_controller_spec.rb
View File

@ -514,7 +514,7 @@ describe CommunicationChannelsController do
it "should not show users that can't have a pseudonym created for the correct account" do
Pseudonym.any_instance.stubs(:works_for_account?).returns(false)
@account1.account_authorization_configs.create!(:auth_type => 'cas')
@account1.authentication_providers.create!(:auth_type => 'cas')
user_with_pseudonym(:active_all => 1, :account => @account1, :username => 'jt@instructure.com')
course(:active_all => 1, :account => @account2)

6
spec/controllers/login/canvas_controller_spec.rb
View File

@ -121,11 +121,11 @@ describe Login::CanvasController do
it "should log in a user with a identifier_format" do
user_with_pseudonym(:username => '12345', :active_all => 1)
@pseudonym.update_attribute(:sis_user_id, '12345')
aac = Account.default.account_authorization_configs.create!(:auth_type => 'ldap', :identifier_format => 'uid')
aac = Account.default.authentication_providers.create!(:auth_type => 'ldap', :identifier_format => 'uid')
aac.any_instantiation.expects(:ldap_bind_result).once.
with('username', 'password').
returns([{ 'uid' => ['12345'] }])
Account.default.account_authorization_configs.create!(:auth_type => 'ldap', :identifier_format => 'uid')
Account.default.authentication_providers.create!(:auth_type => 'ldap', :identifier_format => 'uid')
aac.any_instantiation.expects(:ldap_bind_result).never
post 'create', :pseudonym_session => { :unique_id => 'username', :password => 'password'}
expect(response).to be_redirect
@ -135,7 +135,7 @@ describe Login::CanvasController do
it "should only query the LDAP server once, even with a differing identifier_format but a matching pseudonym" do
user_with_pseudonym(:username => 'username', :active_all => 1)
aac = Account.default.account_authorization_configs.create!(:auth_type => 'ldap', :identifier_format => 'uid')
aac = Account.default.authentication_providers.create!(:auth_type => 'ldap', :identifier_format => 'uid')
aac.any_instantiation.expects(:ldap_bind_result).once.with('username', 'password').returns(nil)
post 'create', :pseudonym_session => { :unique_id => 'username', :password => 'password'}
assert_status(400)

2
spec/controllers/login/cas_controller_spec.rb
View File

@ -50,7 +50,7 @@ describe Login::CasController do
request_text.strip!
session[:cas_session] = cas_ticket
session[:login_aac] = Account.default.account_authorization_configs.first
session[:login_aac] = Account.default.authentication_providers.first
@pseudonym.claim_cas_ticket(cas_ticket)
post :destroy, logoutRequest: request_text

2
spec/controllers/login/oauth2_controller_spec.rb
View File

@ -19,7 +19,7 @@
require_relative '../../spec_helper'
describe Login::Oauth2Controller do
let(:aac) { Account.default.account_authorization_configs.create!(auth_type: 'facebook') }
let(:aac) { Account.default.authentication_providers.create!(auth_type: 'facebook') }
before do
aac
Canvas::Plugin.find(:facebook).stubs(:settings).returns({})

12
spec/controllers/login/saml_controller_spec.rb
View File

@ -114,9 +114,9 @@ describe Login::SamlController do
@account = Account.create!
@unique_id = 'foo@example.com'
@user1 = user_with_pseudonym(:active_all => true, :username => @unique_id, :account => @account)
@account.account_authorization_configs.create!(:auth_type => 'saml', :identifier_format => 'uid')
@account.authentication_providers.create!(:auth_type => 'saml', :identifier_format => 'uid')
@aac2 = @account.account_authorization_configs.build(auth_type: 'saml')
@aac2 = @account.authentication_providers.build(auth_type: 'saml')
@aac2.idp_entity_id = "https://example.com/idp1"
@aac2.log_out_url = "https://example.com/idp1/slo"
@aac2.save!
@ -156,7 +156,7 @@ describe Login::SamlController do
@account = account_with_saml(:saml_log_in_url => "https://example.com/idp1/sli")
@unique_id = 'foo@example.com'
@user1 = user_with_pseudonym(:active_all => true, :username => @unique_id, :account => @account)
@aac1 = @account.account_authorization_configs.first
@aac1 = @account.authentication_providers.first
@aac1.idp_entity_id = "https://example.com/idp1"
@aac1.log_out_url = "https://example.com/idp1/slo"
@aac1.save!
@ -310,7 +310,7 @@ describe Login::SamlController do
@pseudonym.account = @account
@pseudonym.save!
@aac = @account.account_authorization_configs.first
@aac = @account.authentication_providers.first
end
it "should use the eduPersonPrincipalName attribute with the domain stripped" do
@ -363,7 +363,7 @@ describe Login::SamlController do
unique_id = 'foo'
account = account_with_saml
@aac = @account.account_authorization_configs.first
@aac = @account.authentication_providers.first
@aac.login_attribute = 'eduPersonPrincipalName_stripped'
@aac.save
@ -421,7 +421,7 @@ describe Login::SamlController do
account_with_saml
@aac = @account.account_authorization_configs.first
@aac = @account.authentication_providers.first
@aac.login_attribute = 'eduPersonPrincipalName'
@aac.certificate_fingerprint = 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9'
@aac.save

10
spec/controllers/login_controller_spec.rb
View File

@ -56,7 +56,7 @@ describe LoginController do
Account.default.save!
account_with_saml(account: Account.default)
aac = Account.default.account_authorization_configs.first
aac = Account.default.authentication_providers.first
get 'new', id: aac
expect(response).to redirect_to(saml_login_url(aac))
end
@ -74,14 +74,14 @@ describe LoginController do
end
it "redirects to Facebook if it's the default" do
Account.default.account_authorization_configs.create!(auth_type: 'facebook')
Account.default.authentication_providers.create!(auth_type: 'facebook')
get 'new'
expect(response).to redirect_to(facebook_login_url)
end
it "redirects based on authentication_provider param" do
Account.default.account_authorization_configs.create!(auth_type: 'facebook')
Account.default.authentication_providers.create!(auth_type: 'facebook')
account_with_cas(account: Account.default)
get 'new', authentication_provider: 'cas'
@ -106,7 +106,7 @@ describe LoginController do
it "follows SAML logout redirect to IdP" do
account_with_saml(account: Account.default, saml_log_out_url: 'https://www.google.com/')
session[:login_aac] = Account.default.account_authorization_configs.last
session[:login_aac] = Account.default.authentication_providers.last
delete 'destroy'
expect(response.status).to eq 302
expect(response.location).to match(%r{^https://www.google.com/\?SAMLRequest=})
@ -114,7 +114,7 @@ describe LoginController do
it "follows CAS logout redirect to CAS server" do
account_with_cas(account: Account.default)
session[:login_aac] = Account.default.account_authorization_configs.last
session[:login_aac] = Account.default.authentication_providers.last
delete 'destroy'
expect(response.status).to eq 302
expect(response.location).to match(%r{localhost/cas/})

2
spec/controllers/pseudonyms_controller_spec.rb
View File

@ -191,7 +191,7 @@ describe PseudonymsController do
@p2 = @user.pseudonyms.build(:unique_id => "another_one@test.com",:password => 'password', :password_confirmation => 'password')
@p2.sis_user_id = 'another_one@test.com'
@p2.save!
@p2.account.account_authorization_configs.create!(:auth_type => 'ldap')
@p2.account.authentication_providers.create!(:auth_type => 'ldap')
delete 'destroy', :user_id => @user.id, :id => @p2.id
assert_status(200)
expect(@pseudonym).to be_active

2
spec/integration/account_spec.rb
View File

@ -36,7 +36,7 @@ describe AccountsController do
it "should use the correct entity_id" do
HostUrl.stubs(:default_host).returns('bob.cody.instructure.com')
@aac = @account.account_authorization_configs.create!(:auth_type => "saml")
@aac = @account.authentication_providers.create!(:auth_type => "saml")
get "/saml_meta_data"
expect(response).to be_success

2
spec/integration/login_spec.rb
View File

@ -38,7 +38,7 @@ describe 'login' do
def stubby(stub_response)
@cas_client = CASClient::Client.new(
cas_base_url: @account.account_authorization_configs.first.auth_base,
cas_base_url: @account.authentication_providers.first.auth_base,
encode_extra_attributes_as: :raw
)
@cas_client.instance_variable_set(:@stub_response, stub_response)

6
spec/migrations/disable_open_registration_for_delegated_auth_spec.rb
View File

@ -27,9 +27,9 @@ describe 'DisableOpenRegistrationForDelegatedAuth' do
@ldap_account = Account.create!
@normal_account = Account.create!
@all_accounts = [@cas_account, @saml_account, @ldap_account, @normal_account]
@cas_account.account_authorization_configs.create!(:auth_type => 'cas')
@saml_account.account_authorization_configs.create!(:auth_type => 'saml')
@ldap_account.account_authorization_configs.create!(:auth_type => 'ldap')
@cas_account.authentication_providers.create!(:auth_type => 'cas')
@saml_account.authentication_providers.create!(:auth_type => 'saml')
@ldap_account.authentication_providers.create!(:auth_type => 'ldap')
@all_accounts.each do |account|
# have to bypass the settings= logic for weeding these out since they don't
# apply

2
spec/migrations/set_saml_entity_id_spec.rb
View File

@ -27,7 +27,7 @@ describe 'SetSamlEntityId' do
HostUrl.stubs(:default_host).returns('bob.cody.instructure.com')
@account = Account.new
@account.save
@aac = @account.account_authorization_configs.create!(:auth_type => "saml")
@aac = @account.authentication_providers.create!(:auth_type => "saml")
AccountAuthorizationConfig.where(:id => @aac).update_all(:entity_id => nil)
end

6
spec/models/account_authorization_config/ldap_spec.rb
View File

@ -21,7 +21,11 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper.rb')
describe AccountAuthorizationConfig::LDAP do
it "should not escape auth_filter" do
@account = Account.new
@account_config = @account.account_authorization_configs.build(auth_type: 'ldap', ldap_filter: '(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={{login}}))')
@account_config = @account.authentication_providers.build(
auth_type: 'ldap',
ldap_filter: '(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={{login}}))'
)
@account_config.save
expect(@account_config.auth_filter).to eql("(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={{login}}))")
end

19
spec/models/account_authorization_config/saml_spec.rb
View File

@ -34,7 +34,7 @@ describe AccountAuthorizationConfig::SAML do
}
})
s = @account.account_authorization_configs.build(:auth_type => 'saml').saml_settings
s = @account.authentication_providers.build(:auth_type => 'saml').saml_settings
expect(s.encryption_configured?).to be_truthy
end
@ -45,7 +45,7 @@ describe AccountAuthorizationConfig::SAML do
:tech_contact_email => 'admindude@example.com',
})
s = @account.account_authorization_configs.build(:auth_type => 'saml').saml_settings
s = @account.authentication_providers.build(:auth_type => 'saml').saml_settings
expect(s.tech_contact_name).to eq 'Admin Dude'
expect(s.tech_contact_email).to eq 'admindude@example.com'
@ -63,7 +63,7 @@ describe AccountAuthorizationConfig::SAML do
}
})
s = @account.account_authorization_configs.build(:auth_type => 'saml').saml_settings
s = @account.authentication_providers.build(:auth_type => 'saml').saml_settings
expect(s.xmlsec_additional_privatekeys).to eq [@file_that_exists]
end
@ -82,29 +82,32 @@ describe AccountAuthorizationConfig::SAML do
}
})
s = @account.account_authorization_configs.build(:auth_type => 'saml').saml_settings
s = @account.authentication_providers.build(:auth_type => 'saml').saml_settings
expect(s.xmlsec_additional_privatekeys).to eq [@file_that_exists]
end
it "should set the entity_id with the current domain" do
HostUrl.stubs(:default_host).returns('bob.cody.instructure.com')
@aac = @account.account_authorization_configs.create!(:auth_type => "saml")
@aac = @account.authentication_providers.create!(:auth_type => "saml")
expect(@aac.entity_id).to eq "http://bob.cody.instructure.com/saml2"
end
it "should not overwrite a specific entity_id" do
@aac = @account.account_authorization_configs.create!(:auth_type => "saml", :entity_id => "http://wtb.instructure.com/saml2")
@aac = @account.authentication_providers.create!(
auth_type: "saml",
entity_id: "http://wtb.instructure.com/saml2"
)
expect(@aac.entity_id).to eq "http://wtb.instructure.com/saml2"
end
it "should set requested_authn_context to nil if empty string" do
@aac = @account.account_authorization_configs.create!(:auth_type => "saml", :requested_authn_context => "")
@aac = @account.authentication_providers.create!(:auth_type => "saml", :requested_authn_context => "")
expect(@aac.requested_authn_context).to eq nil
end
it "should allow requested_authn_context to be set to anything" do
@aac = @account.account_authorization_configs.create!(:auth_type => "saml", :requested_authn_context => "anything")
@aac = @account.authentication_providers.create!(:auth_type => "saml", :requested_authn_context => "anything")
expect(@aac.requested_authn_context).to eq "anything"
end
end

76
spec/models/account_authorization_config_spec.rb
View File

@ -20,6 +20,8 @@ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
describe AccountAuthorizationConfig do
let(:account){ Account.default }
context "password" do
it "should decrypt the password to the original value" do
c = AccountAuthorizationConfig.new
@ -31,44 +33,43 @@ describe AccountAuthorizationConfig do
end
describe "enable_canvas_authentication" do
let(:account){ Account.default }
before do
account.account_authorization_configs.destroy_all
account.authentication_providers.destroy_all
account.settings[:canvas_authentication] = false
account.save!
account.account_authorization_configs.create!(auth_type: 'ldap')
account.account_authorization_configs.create!(auth_type: 'cas')
account.authentication_providers.create!(auth_type: 'ldap')
account.authentication_providers.create!(auth_type: 'cas')
end
it "leaves settings as they are after deleting one of many aacs" do
account.account_authorization_configs.first.destroy
account.authentication_providers.first.destroy
expect(account.reload.settings[:canvas_authentication]).to be_falsey
end
it "enables canvas_authentication if deleting the last aac" do
account.account_authorization_configs.destroy_all
account.authentication_providers.destroy_all
expect(account.reload.settings[:canvas_authentication]).to be_truthy
end
end
it "should disable open registration when created" do
Account.default.settings[:open_registration] = true
Account.default.save!
Account.default.account_authorization_configs.create!(auth_type: 'cas')
expect(Account.default.reload.open_registration?).to be_falsey
account.settings[:open_registration] = true
account.save!
account.authentication_providers.create!(auth_type: 'cas')
expect(account.reload.open_registration?).to be_falsey
end
describe "FindByType module" do
let!(:aac){ Account.default.account_authorization_configs.create!(auth_type: 'facebook') }
let!(:aac){ account.authentication_providers.create!(auth_type: 'facebook') }
it "still reloads ok" do
expect { aac.reload }.to_not raise_error
end
it "works through associations that use the provided module" do
found = Account.default.account_authorization_configs.find('facebook')
found = account.authentication_providers.find('facebook')
expect(found).to eq(aac)
end
end
@ -85,4 +86,55 @@ describe AccountAuthorizationConfig do
end
end
describe '#destroy' do
let!(:aac){ account.authentication_providers.create!(auth_type: 'cas') }
it "retains the database row" do
aac.destroy
found = AccountAuthorizationConfig.find(aac.id)
expect(found).to_not be_nil
end
it "sets workflow_state upon destroy" do
aac.destroy
aac.reload
expect(aac.workflow_state).to eq('deleted')
end
it "is aliased with #destroy!" do
aac.destroy!
found = AccountAuthorizationConfig.find(aac.id)
expect(found).to_not be_nil
end
end
describe ".active" do
let!(:aac){ account.authentication_providers.create!(auth_type: 'cas') }
it "finds an aac that isn't deleted" do
expect(AccountAuthorizationConfig.active).to include(aac)
end
it "ignores aacs which have been deleted" do
aac.destroy
expect(AccountAuthorizationConfig.active).to_not include(aac)
end
end
describe "list-i-ness" do
let!(:aac1){ account.authentication_providers.create!(auth_type: 'facebook') }
let!(:aac2){ account.authentication_providers.create!(auth_type: 'github') }
it "manages positions automatically within an account" do
expect(aac1.reload.position).to eq(1)
expect(aac2.reload.position).to eq(2)
end
it "respects deletions for position management" do
aac3 = account.authentication_providers.create!(auth_type: 'twitter')
expect(aac2.reload.position).to eq(2)
aac2.destroy
expect(aac1.reload.position).to eq(1)
expect(aac3.reload.position).to eq(2)
end
end
end

52
spec/models/account_spec.rb
View File

@ -21,8 +21,7 @@ require File.expand_path(File.dirname(__FILE__) + '/../sharding_spec_helper.rb')
describe Account do
it "should provide a list of courses" do
@account = Account.new
expect{@account.courses}.not_to raise_error
expect{ Account.new.courses }.not_to raise_error
end
context "equella_settings" do
@ -584,15 +583,15 @@ describe Account do
account = Account.default
expect(account.login_handle_name_with_inference).to eq "Email"
config = account.account_authorization_configs.create!(auth_type: 'cas')
config = account.authentication_providers.create!(auth_type: 'cas')
expect(account.login_handle_name_with_inference).to eq "Login"
config.destroy
config = account.account_authorization_configs.create!(auth_type: 'saml')
config = account.authentication_providers.create!(auth_type: 'saml')
expect(account.reload.login_handle_name_with_inference).to eq "Login"
config.destroy
account.account_authorization_configs.create!(auth_type: 'ldap')
account.authentication_providers.create!(auth_type: 'ldap')
expect(account.reload.login_handle_name_with_inference).to eq "Email"
account.login_handle_name = "LDAP Login"
account.save!
@ -869,6 +868,20 @@ describe Account do
end
end
describe "authentication_providers.active" do
let(:account){ Account.default }
let!(:aac){ account.authentication_providers.create!(auth_type: 'facebook') }
it "pulls active AACS" do
expect(account.authentication_providers.active).to include(aac)
end
it "ignores deleted AACs" do
aac.destroy
expect(account.authentication_providers.active).to_not include(aac)
end
end
describe "delegated_authentication?" do
let(:account){ Account.default }
@ -877,23 +890,42 @@ describe Account do
end
it "is false for LDAP" do
account.account_authorization_configs.create!(auth_type: 'ldap')
account.authentication_providers.create!(auth_type: 'ldap')
expect(account.delegated_authentication?).to be_falsey
end
it "is true for CAS" do
account.account_authorization_configs.create!(auth_type: 'cas')
account.authentication_providers.create!(auth_type: 'cas')
expect(account.delegated_authentication?).to be_truthy
end
end
describe "#non_canvas_auth_configured?" do
let(:account) { Account.default }
it "is false for no aacs" do
expect(account.non_canvas_auth_configured?).to be_falsey
end
it "is true for having aacs" do
Account.default.authentication_providers.create!(auth_type: 'ldap')
expect(account.non_canvas_auth_configured?).to be_truthy
end
it "is false after aacs deleted" do
Account.default.authentication_providers.create!(auth_type: 'ldap')
account.authentication_providers.destroy_all
expect(account.non_canvas_auth_configured?).to be_falsey
end
end
describe "canvas_authentication?" do
before do
Account.default.account_authorization_configs.destroy_all
Account.default.authentication_providers.destroy_all
Account.default.settings[:canvas_authentication] = false
Account.default.save!
expect(Account.default.canvas_authentication?).to be_truthy
Account.default.account_authorization_configs.create!(auth_type: 'ldap')
Account.default.authentication_providers.create!(auth_type: 'ldap')
end
it "should be true if there's not an AAC" do
@ -901,7 +933,7 @@ describe Account do
end
it "is true after AACs are destroyed" do
Account.default.account_authorization_configs.destroy_all
Account.default.authentication_providers.destroy_all
expect(Account.default.reload.canvas_authentication?).to be_truthy
end
end

2
spec/models/course_spec.rb
View File

@ -3448,7 +3448,7 @@ describe Course do
it "should be preferred if delegated authentication is configured" do
account = Account.default
account.settings = { :open_registration => true }
account.account_authorization_configs.create!(:auth_type => 'cas')
account.authentication_providers.create!(:auth_type => 'cas')
account.save!
course
expect(@course.user_list_search_mode_for(nil)).to eq :preferred

24
spec/models/pseudonym_spec.rb
View File

@ -143,7 +143,7 @@ describe Pseudonym do
user_with_pseudonym(:active_all => true)
@pseudonym.sis_user_id = 'something_cool'
@pseudonym.save!
@pseudonym.account.account_authorization_configs.create!(:auth_type => 'ldap')
@pseudonym.account.authentication_providers.create!(:auth_type => 'ldap')
expect(@pseudonym.destroy).to eql(true)
expect(@pseudonym).to be_deleted
end
@ -161,7 +161,7 @@ describe Pseudonym do
before :once do
require 'net/ldap'
user_with_pseudonym(:active_all => true)
@aac = @pseudonym.account.account_authorization_configs.create!(
@aac = @pseudonym.account.authentication_providers.create!(
:auth_type => 'ldap',
:auth_base => "ou=people,dc=example,dc=com",
:auth_host => "ldap.example.com",
@ -249,7 +249,7 @@ describe Pseudonym do
p = Pseudonym.create!(unique_id: 'jt@instructure.com', user: u)
p.sis_user_id = 'jt'
expect(p).not_to be_managed_password
p.account.account_authorization_configs.create!(auth_type: 'ldap')
p.account.authentication_providers.create!(auth_type: 'ldap')
expect(p).to be_managed_password
p.sis_user_id = nil
expect(p).not_to be_managed_password
@ -258,27 +258,27 @@ describe Pseudonym do
context "login assertions" do
it "should create a CC if LDAP gave an e-mail we don't have" do
account = Account.create!
account.account_authorization_configs.create!(:auth_type => 'ldap')
account.authentication_providers.create!(:auth_type => 'ldap')
u = User.create!
u.register
p = u.pseudonyms.create!(:unique_id => 'jt', :account => account) { |p| p.sis_user_id = 'jt' }
p.instance_variable_set(:@ldap_result, {:mail => ['jt@instructure.com']})
pseudonym = u.pseudonyms.create!(unique_id: 'jt', account: account) { |p| p.sis_user_id = 'jt' }
pseudonym.instance_variable_set(:@ldap_result, {:mail => ['jt@instructure.com']})
p.add_ldap_channel
pseudonym.add_ldap_channel
u.reload
expect(u.communication_channels.length).to eq 1
expect(u.email_channel.path).to eq 'jt@instructure.com'
expect(u.email_channel).to be_active
u.email_channel.destroy
p.add_ldap_channel
pseudonym.add_ldap_channel
u.reload
expect(u.communication_channels.length).to eq 1
expect(u.email_channel.path).to eq 'jt@instructure.com'
expect(u.email_channel).to be_active
u.email_channel.update_attribute(:workflow_state, 'unconfirmed')
p.add_ldap_channel
pseudonym.add_ldap_channel
u.reload
expect(u.communication_channels.length).to eq 1
expect(u.email_channel.path).to eq 'jt@instructure.com'
@ -292,7 +292,7 @@ describe Pseudonym do
expect(@pseudonym.valid_arbitrary_credentials?('qwerty')).to be_truthy
Account.default.settings = { :canvas_authentication => false }
Account.default.account_authorization_configs.create!(:auth_type => 'ldap')
Account.default.authentication_providers.create!(:auth_type => 'ldap')
Account.default.save!
@pseudonym.reload
@ -633,7 +633,7 @@ describe Pseudonym do
let!(:new_pseud) { Account.default.pseudonyms.create!(user: bob, unique_id: "BobbyRicky") }
context "with legacy auth types" do
let!(:aac){ Account.default.account_authorization_configs.create!(auth_type: 'ldap') }
let!(:aac){ Account.default.authentication_providers.create!(auth_type: 'ldap') }
it "filters down by unique ID" do
pseud = Account.default.pseudonyms.for_auth_configuration("BobbyRicky", aac)
@ -649,7 +649,7 @@ describe Pseudonym do
context "with contemporary auth types" do
let!(:aac){ Account.default.account_authorization_configs.create!(auth_type: 'facebook') }
let!(:aac){ Account.default.authentication_providers.create!(auth_type: 'facebook') }
before do
new_pseud.authentication_provider_id = aac.id

4
spec/models/user_spec.rb
View File

@ -1458,7 +1458,7 @@ describe User do
user2 = User.create!
@account1.pseudonyms.create!(:user => user2, :unique_id => 'preferred@example.com', :password => 'abcdef', :password_confirmation => 'abcdef')
@user.pseudonyms.detect { |p| p.account == Account.site_admin }.update_attribute(:password_auto_generated, true)
Account.default.account_authorization_configs.create!(:auth_type => 'cas')
Account.default.authentication_providers.create!(:auth_type => 'cas')
new_pseudonym = @user.find_or_initialize_pseudonym_for_account(@account1, @account3)
expect(new_pseudonym).not_to be_nil
expect(new_pseudonym).to be_new_record
@ -1477,7 +1477,7 @@ describe User do
expect(@user.find_or_initialize_pseudonym_for_account(@account1)).to be_nil
# delegated auth
@account3.account_authorization_configs.create!(:auth_type => 'cas')
@account3.authentication_providers.create!(:auth_type => 'cas')
expect(@account3).to be_delegated_authentication
@user.pseudonyms.create!(:account => @account3, :unique_id => 'jacob@instructure.com', :password => 'abcdef', :password_confirmation => 'abcdef')
expect(@user.find_or_initialize_pseudonym_for_account(@account1)).to be_nil

51
spec/presenters/account_authorization_configs_presenter_spec.rb
View File

@ -9,11 +9,15 @@ describe AccountAuthorizationConfigsPresenter do
end
end
def stubbed_account(providers=[])
stub(authentication_providers: stub(active: providers))
end
describe "#configs" do
it "pulls configs from account" do
config2 = stub
account = stub(account_authorization_configs: [stub, config2])
account = stubbed_account([stub, config2])
presenter = described_class.new(account)
expect(presenter.configs[1]).to eq(config2)
end
@ -21,14 +25,14 @@ describe AccountAuthorizationConfigsPresenter do
it "wraps them in an array" do
class NotArray < Array
end
account = stub(account_authorization_configs: NotArray.new([]))
account = stubbed_account(NotArray.new([]))
presenter = described_class.new(account)
expect(presenter.configs.class).to eq(Array)
end
it "only pulls from the db connection one time" do
account = stub()
account.expects(:account_authorization_configs).times(1).returns([])
account.expects(:authentication_providers).times(1).returns(stub(active: []))
presenter = described_class.new(account)
5.times{ presenter.configs }
end
@ -84,19 +88,19 @@ describe AccountAuthorizationConfigsPresenter do
describe "#auth?" do
it "is true for one aac" do
account = stub(account_authorization_configs: [stub])
account = stubbed_account([stub])
presenter = described_class.new(account)
expect(presenter.auth?).to be(true)
end
it "is true for many aacs" do
account = stub(account_authorization_configs: [stub, stub])
account = stubbed_account([stub, stub])
presenter = described_class.new(account)
expect(presenter.auth?).to be(true)
end
it "is false for no aacs" do
account = stub(account_authorization_configs: [])
account = stubbed_account
presenter = described_class.new(account)
expect(presenter.auth?).to be(false)
end
@ -104,26 +108,19 @@ describe AccountAuthorizationConfigsPresenter do
describe "#ldap_config?" do
it "is true if theres at least one ldap aac" do
account = stub(
account_authorization_configs: [AccountAuthorizationConfig::LDAP.new]
)
account = stubbed_account([AccountAuthorizationConfig::LDAP.new])
presenter = described_class.new(account)
expect(presenter.ldap_config?).to be(true)
end
it "is false for no aacs" do
account = stub(account_authorization_configs: [])
account = stubbed_account
presenter = described_class.new(account)
expect(presenter.ldap_config?).to be(false)
end
it "is false for aacs which are not ldap" do
account = stub(
account_authorization_configs: [
stub(auth_type: 'saml'),
stub(auth_type: 'cas')
]
)
account = stubbed_account( [ stub(auth_type: 'saml'), stub(auth_type: 'cas') ] )
presenter = described_class.new(account)
expect(presenter.ldap_config?).to be(false)
end
@ -132,7 +129,7 @@ describe AccountAuthorizationConfigsPresenter do
describe "#sso_options" do
it "always has cas and ldap" do
AccountAuthorizationConfig::SAML.stubs(:enabled?).returns(false)
presenter = described_class.new(stub(account_authorization_configs: []))
presenter = described_class.new(stubbed_account)
expect(presenter.sso_options).to eq([['CAS', 'cas'],
['Facebook', 'facebook'],
['GitHub', 'github'],
@ -145,7 +142,7 @@ describe AccountAuthorizationConfigsPresenter do
it "includes saml if saml enabled" do
AccountAuthorizationConfig::SAML.stubs(:enabled?).returns(true)
presenter = described_class.new(stub(account_authorization_configs: []))
presenter = described_class.new(stubbed_account)
expect(presenter.sso_options).to include(['SAML', 'saml'])
end
end
@ -234,7 +231,7 @@ describe AccountAuthorizationConfigsPresenter do
it "selects out all ldap configs" do
config = AccountAuthorizationConfig::LDAP.new
config2 = AccountAuthorizationConfig::LDAP.new
account = stub(account_authorization_configs: [stub, config, stub, config2])
account = stubbed_account([stub, config, stub, config2])
presenter = described_class.new(account)
expect(presenter.ldap_configs).to eq([config, config2])
end
@ -246,7 +243,7 @@ describe AccountAuthorizationConfigsPresenter do
config2 = AccountAuthorizationConfig::SAML.new
pre_configs = [stub, config, stub, config2]
pre_configs.stubs(:scoped).returns(AccountAuthorizationConfig)
account = stub(account_authorization_configs: pre_configs)
account = stubbed_account(pre_configs)
configs = described_class.new(account).saml_configs
expect(configs[0]).to eq(config)
expect(configs[1]).to eq(config2)
@ -257,7 +254,7 @@ describe AccountAuthorizationConfigsPresenter do
describe "#position_options" do
let(:config){ AccountAuthorizationConfig::SAML.new }
let(:configs){ [config, config, config, config] }
let(:account){ stub(account_authorization_configs: configs) }
let(:account){ stubbed_account(configs) }
before do
configs.stubs(:scoped).returns(AccountAuthorizationConfig)
@ -277,8 +274,8 @@ describe AccountAuthorizationConfigsPresenter do
describe "#login_url" do
it "never includes id for LDAP" do
config = Account.default.account_authorization_configs.create!(auth_type: 'ldap')
config2 = Account.default.account_authorization_configs.create!(auth_type: 'ldap')
config = Account.default.authentication_providers.create!(auth_type: 'ldap')
config2 = Account.default.authentication_providers.create!(auth_type: 'ldap')
presenter = described_class.new(Account.default)
expect(presenter.login_url_options(config)).to eq(controller: 'login/ldap',
action: :new)
@ -287,15 +284,15 @@ describe AccountAuthorizationConfigsPresenter do
end
it "doesn't include id if there is only one SAML config" do
config = Account.default.account_authorization_configs.create!(auth_type: 'saml')
config = Account.default.authentication_providers.create!(auth_type: 'saml')
presenter = described_class.new(Account.default)
expect(presenter.login_url_options(config)).to eq(controller: 'login/saml',
action: :new)
end
it "includes id if there are multiple SAML configs" do
config = Account.default.account_authorization_configs.create!(auth_type: 'saml')
config2 = Account.default.account_authorization_configs.create!(auth_type: 'saml')
config = Account.default.authentication_providers.create!(auth_type: 'saml')
config2 = Account.default.authentication_providers.create!(auth_type: 'saml')
presenter = described_class.new(Account.default)
expect(presenter.login_url_options(config)).to eq(controller: 'login/saml',
action: :new,
@ -309,7 +306,7 @@ describe AccountAuthorizationConfigsPresenter do
describe "#new_auth_types" do
it "excludes singletons that have a config" do
AccountAuthorizationConfig::Facebook.stubs(:enabled?).returns(true)
Account.default.account_authorization_configs.create!(auth_type: 'facebook')
Account.default.authentication_providers.create!(auth_type: 'facebook')
presenter = described_class.new(Account.default)
expect(presenter.new_auth_types).to_not be_include(AccountAuthorizationConfig::Facebook)
end

26
spec/selenium/accounts_spec.rb
View File

@ -24,8 +24,8 @@ describe "account" do
ldap_form.find_element(:id, 'account_authorization_config_auth_password').send_keys('primary password')
submit_form(ldap_form)
keep_trying_until { expect(Account.default.account_authorization_configs.length).to eq 1 }
config = Account.default.account_authorization_configs.first
keep_trying_until { expect(Account.default.authentication_providers.length).to eq 1 }
config = Account.default.authentication_providers.first
expect(config.auth_host).to eq 'primary.host.example.com'
expect(config.auth_port).to eq 1
expect(config.auth_over_tls).to eq 'simple_tls'
@ -46,12 +46,12 @@ describe "account" do
ldap_form.find_element(:id, 'account_authorization_config_auth_over_tls_start_tls').click
submit_form(ldap_form)
keep_trying_until { expect(Account.default.account_authorization_configs.length).to eq 2 }
config = Account.default.account_authorization_configs.first
keep_trying_until { expect(Account.default.authentication_providers.length).to eq 2 }
config = Account.default.authentication_providers.first
expect(config.auth_host).to eq 'primary.host.example.com'
expect(config.auth_over_tls).to eq 'simple_tls'
config = Account.default.account_authorization_configs[1]
config = Account.default.authentication_providers[1]
expect(config.auth_host).to eq 'secondary.host.example.com'
expect(config.auth_port).to eq 2
expect(config.auth_over_tls).to eq 'start_tls'
@ -61,7 +61,7 @@ describe "account" do
expect(config.auth_decrypted_password).to eq 'secondary password'
# test removing the secondary config
config = Account.default.account_authorization_configs.last
config = Account.default.authentication_providers.last
scroll_page_to_bottom
delete_id = "#delete-aac-#{config.id}"
keep_trying_until { driver.find_element(css: delete_id).displayed? }
@ -69,14 +69,16 @@ describe "account" do
f(delete_id).click
end
keep_trying_until { expect(Account.default.account_authorization_configs.length).to eq 1 }
keep_trying_until do
expect(Account.default.authentication_providers.active.length).to eq 1
end
# test removing the entire config
expect_new_page_load(true) do
f('.delete_auth_link').click
end
expect(Account.default.account_authorization_configs.length).to eq 0
expect(Account.default.authentication_providers.active.length).to eq 0
end
it "should show Login and Email fields in add user dialog for delegated auth accounts" do
@ -86,7 +88,7 @@ describe "account" do
expect(dialog.find_elements(:id, "pseudonym_path").length).to eq 0
expect(dialog.find_element(:id, "pseudonym_unique_id")).to be_displayed
Account.default.account_authorization_configs.create(:auth_type => 'cas')
Account.default.authentication_providers.create(:auth_type => 'cas')
get "/accounts/#{Account.default.id}/users"
f(".add_user_link").click
dialog = f("#add_user_dialog")
@ -261,7 +263,7 @@ describe "account" do
it "should load/refresh SAML debug info" do
enable_cache do
aac = Account.default.account_authorization_configs.create!(auth_type: 'saml')
aac = Account.default.authentication_providers.create!(auth_type: 'saml')
get "/accounts/#{Account.default.id}/account_authorization_configs"
start = f("#start_saml_debugging")
@ -300,8 +302,8 @@ describe "account" do
it "should configure discovery_url" do
auth_url = "http://example.com"
@account = Account.default
@account.account_authorization_configs.create!(auth_type: 'saml')
@account.account_authorization_configs.create!(auth_type: 'saml')
@account.authentication_providers.create!(auth_type: 'saml')
@account.authentication_providers.create!(auth_type: 'saml')
get "/accounts/#{Account.default.id}/account_authorization_configs"
f("#sso_settings_auth_discovery_url").send_keys(auth_url)
expect_new_page_load { submit_form("#edit_sso_settings") }

2
spec/selenium/admin/site_admin_authorization_configs_spec.rb
View File

@ -6,7 +6,7 @@ describe "Account Authorization Configs" do
it "should show the error message generated by the server" do
site_admin_logged_in
Account.default.account_authorization_configs.create!({
Account.default.authentication_providers.create!({
:auth_host => "blah.blah",
:auth_over_tls => false,
:auth_port => "123",

6
spec/spec_helper.rb
View File

@ -448,7 +448,7 @@ RSpec.configure do |config|
config.auth_type = "cas"
config.auth_base = cas_url
config.log_in_url = opts[:cas_log_in_url] if opts[:cas_log_in_url]
@account.account_authorization_configs << config
@account.authentication_providers << config
@account
end
@ -459,7 +459,7 @@ RSpec.configure do |config|
config.auth_type = "saml"
config.log_in_url = opts[:saml_log_in_url] if opts[:saml_log_in_url]
config.log_out_url = opts[:saml_log_out_url] if opts[:saml_log_out_url]
@account.account_authorization_configs << config
@account.authentication_providers << config
@account
end
@ -598,7 +598,7 @@ RSpec.configure do |config|
def managed_pseudonym(user, opts={})
other_account = opts[:account] || account_with_saml
if other_account.canvas_authentication?
config = other_account.account_authorization_configs.build
config = other_account.authentication_providers.build
config.auth_type = "saml"
config.log_in_url = opts[:saml_log_in_url] if opts[:saml_log_in_url]
config.save!

18
spec/views/account_authorization_configs/index.html.erb_spec.rb
View File

@ -33,7 +33,7 @@ describe "account_authorization_configs/index" do
it "should list the auth ips" do
Setting.set('account_authorization_config_ip_addresses', "192.168.0.1,192.168.0.2")
presenter = AccountAuthorizationConfigsPresenter.new(account)
account.account_authorization_configs = [
account.authentication_providers = [
presenter.new_config(auth_type: 'saml'),
presenter.new_config(auth_type: 'saml')
]
@ -43,21 +43,25 @@ describe "account_authorization_configs/index" do
end
it "should display the last_timeout_failure" do
account.account_authorization_configs = [
account.account_authorization_configs.create!(auth_type: 'ldap'),
timed_out_aac = account.account_authorization_configs.create!(auth_type: 'ldap')
account.authentication_providers = [
timed_out_aac,
account.account_authorization_configs.create!(auth_type: 'ldap')
]
account.account_authorization_configs.first.last_timeout_failure = 1.minute.ago
assigns[:presenter] = AccountAuthorizationConfigsPresenter.new(account)
timed_out_aac.last_timeout_failure = 1.minute.ago
timed_out_aac.save!
presenter = AccountAuthorizationConfigsPresenter.new(account)
expect(presenter.configs).to include(timed_out_aac)
assigns[:presenter] = presenter
render 'account_authorization_configs/index'
doc = Nokogiri::HTML(response.body)
expect(doc.css('.last_timeout_failure').length).to eq 1
end
it "should display more than 2 LDAP configs" do
account.account_authorization_configs.each(&:destroy)
account.authentication_providers.each(&:destroy)
4.times do
account.account_authorization_configs.create!(auth_type: 'ldap')
account.authentication_providers.create!(auth_type: 'ldap')
end
assigns[:presenter] = AccountAuthorizationConfigsPresenter.new(account)
render 'account_authorization_configs/index'

2
spec/views/accounts/settings.html.erb_spec.rb
View File

@ -76,7 +76,7 @@ describe "accounts/settings.html.erb" do
end
it "should show warning dialog when a delegated auth config is around" do
@account.account_authorization_configs.create!(:auth_type => 'cas')
@account.authentication_providers.create!(:auth_type => 'cas')
render
expect(response).to have_tag("input#account_settings_open_registration")
expect(response).to have_tag("div#open_registration_delegated_warning_dialog")

4
spec/views/login/canvas/new.html.erb_spec.rb
View File

@ -32,7 +32,7 @@ describe "login/canvas/new.html.erb" do
end
it "uses ldap route for the ldap 'controller'" do
Account.default.account_authorization_configs.create!(:auth_type => 'ldap')
Account.default.authentication_providers.create!(:auth_type => 'ldap')
controller.request.path_parameters[:controller] = 'login/ldap'
render
@ -49,7 +49,7 @@ describe "login/canvas/new.html.erb" do
context "with external mechanism specified" do
let(:account){ Account.default }
let(:config){ account.account_authorization_configs.build }
let(:config){ account.authentication_providers.build }
before do
config.auth_type = 'ldap'