diff --git a/app/controllers/management/base_controller.rb b/app/controllers/management/base_controller.rb index 7d6c89b5f..144a28bfe 100644 --- a/app/controllers/management/base_controller.rb +++ b/app/controllers/management/base_controller.rb @@ -12,7 +12,7 @@ class Management::BaseController < ActionController::Base end def current_manager - @current_manager ||= Manager.find(session["manager_id"]) if session["manager_id"] + session["manager"] end def managed_user diff --git a/app/controllers/management/sessions_controller.rb b/app/controllers/management/sessions_controller.rb index 78f5a14c8..72bfdda14 100644 --- a/app/controllers/management/sessions_controller.rb +++ b/app/controllers/management/sessions_controller.rb @@ -1,9 +1,11 @@ +require "manager_authenticator" + class Management::SessionsController < ActionController::Base def create destroy_session - if manager = Manager.valid_manager(params[:login], params[:clave_usuario]) - session["manager_id"] = manager.id + if manager = ManagerAuthenticator.new(params).auth + session["manager"] = manager redirect_to management_root_path else raise ActionController::RoutingError.new('Not Found') @@ -18,7 +20,7 @@ class Management::SessionsController < ActionController::Base private def destroy_session - session["manager_id"] = nil + session["manager"] = nil end end \ No newline at end of file diff --git a/app/models/manager.rb b/app/models/manager.rb deleted file mode 100644 index 6dc5cceea..000000000 --- a/app/models/manager.rb +++ /dev/null @@ -1,12 +0,0 @@ -class Manager < ActiveRecord::Base - validates :username, presence: true, uniqueness: true - validates :password_digest, presence: true - - has_secure_password - - def self.valid_manager(username = nil, password = nil) - return false unless username.present? && password.present? - Manager.find_by(username: username).try(:authenticate, password) - end - -end \ No newline at end of file diff --git a/db/migrate/20151015135154_destroy_manager.rb b/db/migrate/20151015135154_destroy_manager.rb new file mode 100644 index 000000000..41e16f0e3 --- /dev/null +++ b/db/migrate/20151015135154_destroy_manager.rb @@ -0,0 +1,16 @@ +class DestroyManager < ActiveRecord::Migration + def self.up + drop_table :managers + end + + def self.down + create_table :managers do |t| + t.string :username, null: false + t.string :password_digest, null: false + t.timestamp :last_login_at + t.timestamps + end + + add_index :managers, [:username] + end +end diff --git a/db/schema.rb b/db/schema.rb index 3dbea57a8..56d5a4a9f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20151013145757) do +ActiveRecord::Schema.define(version: 20151015135154) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -168,16 +168,6 @@ ActiveRecord::Schema.define(version: 20151013145757) do add_index "locks", ["user_id"], name: "index_locks_on_user_id", using: :btree - create_table "managers", force: :cascade do |t| - t.string "username", null: false - t.string "password_digest", null: false - t.datetime "last_login_at" - t.datetime "created_at" - t.datetime "updated_at" - end - - add_index "managers", ["username"], name: "index_managers_on_username", using: :btree - create_table "moderators", force: :cascade do |t| t.integer "user_id" end diff --git a/lib/manager_authenticator.rb b/lib/manager_authenticator.rb new file mode 100644 index 000000000..3f0d58357 --- /dev/null +++ b/lib/manager_authenticator.rb @@ -0,0 +1,44 @@ +class ManagerAuthenticator + + def initialize(data={}) + @manager = {login: data[:login], user_key: data[:clave_usuario], date: data[:fecha_conexion]} + end + + def auth + return false unless [@manager[:login], @manager[:user_key], @manager[:date]].all? {|_| _.present?} + return @manager if manager_exists? && application_authorized? + false + end + + private + + def manager_exists? + response = client.call(:get_status_user_data, message: { ub: {user_key: @manager[:user_key], date: @manager[:date]} }).body + parsed_response = parser.parse((response[:get_status_user_data_response][:get_status_user_data_return])) + @manager[:login] == parsed_response["USUARIO"]["LOGIN"] + rescue + false + end + + def application_authorized? + response = client.call(:get_applications_user_list, message: { ub: {user_key: @manager[:user_key]} }).body + parsed_response = parser.parse((response[:get_applications_user_list_response][:get_applications_user_list_return])) + aplication_value = parsed_response["APLICACIONES"]["APLICACION"] + # aplication_value from UWEB can be an array of hashes or a hash + aplication_value.include?( {"CLAVE_APLICACION" => application_key}) || aplication_value["CLAVE_APLICACION"] == application_key + rescue + false + end + + def client + @client ||= Savon.client(wsdl: Rails.application.secrets.managers_url) + end + + def parser + @parser ||= Nori.new + end + + def application_key + Rails.application.secrets.managers_application_key.to_s + end +end \ No newline at end of file diff --git a/spec/controllers/management/sessions_controller_spec.rb b/spec/controllers/management/sessions_controller_spec.rb index a1ac98279..f63cd3a56 100644 --- a/spec/controllers/management/sessions_controller_spec.rb +++ b/spec/controllers/management/sessions_controller_spec.rb @@ -2,36 +2,28 @@ require 'rails_helper' describe Management::SessionsController do - before(:all) do - create(:manager, username: "supermanager" , password: "secret") - end - describe 'Sign in' do - it "should return 404 if not username/password" do - expect { get :create }.to raise_error "Not Found" - end - - it "should return 404 if wrong username" do - expect { get :create, login: "nonexistent" , clave_usuario: "secret" }.to raise_error "Not Found" - end - - it "should return 404 if wrong password" do - expect { get :create, login: "supermanager" , clave_usuario: "wrong" }.to raise_error "Not Found" + it "should return 404 if wrong credentials" do + allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false) + expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error "Not Found" end it "should redirect to management root path if right credentials" do - get :create, login: "supermanager" , clave_usuario: "secret" + manager = {login: "JJB033", user_key: "31415926" , date: "20151031135905"} + allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(manager) + + get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905" expect(response).to be_redirect end end describe 'Sign out' do it "should destroy the session and redirect" do - session[:manager_id] = 1 + session[:manager] = {user_key: "31415926" , date: "20151031135905", login: "JJB033"} delete :destroy - expect(session[:manager_id]).to be_nil + expect(session[:manager]).to be_nil expect(response).to be_redirect end end diff --git a/spec/factories.rb b/spec/factories.rb index 6b665e884..83bc79af1 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -223,11 +223,6 @@ FactoryGirl.define do user end - factory :manager do - sequence(:username) { |n| "manager#{n}" } - password 'supersecret' - end - factory :organization do user responsible_name "Johnny Utah" diff --git a/spec/features/management/document_verifications_spec.rb b/spec/features/management/document_verifications_spec.rb index 4a9f8c44e..6e43dc1cf 100644 --- a/spec/features/management/document_verifications_spec.rb +++ b/spec/features/management/document_verifications_spec.rb @@ -3,7 +3,7 @@ require 'rails_helper' feature 'DocumentVerifications' do background do - login_as_manager(create(:manager)) + login_as_manager end scenario 'Verifying a level 3 user shows an "already verified" page' do diff --git a/spec/features/management/email_verifications_spec.rb b/spec/features/management/email_verifications_spec.rb index 96c0c78ed..cb695a0f7 100644 --- a/spec/features/management/email_verifications_spec.rb +++ b/spec/features/management/email_verifications_spec.rb @@ -3,7 +3,7 @@ require 'rails_helper' feature 'EmailVerifications' do scenario 'Verifying a level 1 user via email' do - login_as_manager(create(:manager)) + login_as_manager user = create(:user) diff --git a/spec/features/management/managed_users_spec.rb b/spec/features/management/managed_users_spec.rb index dc0c3f3e0..48b1809af 100644 --- a/spec/features/management/managed_users_spec.rb +++ b/spec/features/management/managed_users_spec.rb @@ -3,7 +3,7 @@ require 'rails_helper' feature 'Managed User' do background do - login_as_manager(create(:manager)) + login_as_manager end context "Currently managed user" do @@ -47,7 +47,7 @@ feature 'Managed User' do end scenario "User becomes verified as level two (pending email confirmation for level three)" do - login_as_manager(create(:manager)) + login_as_manager user = create(:user) @@ -71,7 +71,7 @@ feature 'Managed User' do end scenario "User is created as level three from scratch" do - login_as_manager(create(:manager)) + login_as_manager visit management_document_verifications_path fill_in 'document_verification_document_number', with: '1234' diff --git a/spec/features/management/proposals_spec.rb b/spec/features/management/proposals_spec.rb index 6c54dc04d..a035c600d 100644 --- a/spec/features/management/proposals_spec.rb +++ b/spec/features/management/proposals_spec.rb @@ -3,8 +3,7 @@ require 'rails_helper' feature 'Proposals' do background do - manager = create(:manager) - login_as_manager(manager) + login_as_manager end context "Create" do diff --git a/spec/features/management/users_spec.rb b/spec/features/management/users_spec.rb index bb2ffe7b4..2e2564df8 100644 --- a/spec/features/management/users_spec.rb +++ b/spec/features/management/users_spec.rb @@ -4,7 +4,7 @@ feature 'users' do scenario 'Creating a level 3 user from scratch' do - login_as_manager(create(:manager)) + login_as_manager visit management_document_verifications_path fill_in 'document_verification_document_number', with: '1234' diff --git a/spec/lib/manager_authenticator_spec.rb b/spec/lib/manager_authenticator_spec.rb new file mode 100644 index 000000000..256303fdd --- /dev/null +++ b/spec/lib/manager_authenticator_spec.rb @@ -0,0 +1,65 @@ +require 'rails_helper' + +describe ManagerAuthenticator do + describe 'initialization params' do + it 'should cause auth to return false if blank login' do + authenticator = ManagerAuthenticator.new({login: "", clave_usuario: "31415926", fecha_conexion: "20151031135905"}) + expect(authenticator.auth).to be false + end + + it 'should cause auth to return false if blank user_key' do + authenticator = ManagerAuthenticator.new({login: "JJB033", clave_usuario: "", fecha_conexion: "20151031135905"}) + expect(authenticator.auth).to be false + end + + it 'should cause auth to return false if blank date' do + authenticator = ManagerAuthenticator.new({login: "JJB033", clave_usuario: "31415926", fecha_conexion: ""}) + expect(authenticator.auth).to be false + end + end + + describe '#auth' do + before(:all) do + @authenticator = ManagerAuthenticator.new({login: "JJB033", clave_usuario: "31415926", fecha_conexion: "20151031135905"}) + end + + it 'should return false if not manager_exists' do + allow(@authenticator).to receive(:manager_exists?).and_return(false) + allow(@authenticator).to receive(:application_authorized?).and_return(true) + + expect(@authenticator.auth).to be false + end + + it 'should return false if not application_authorized' do + allow(@authenticator).to receive(:manager_exists?).and_return(true) + allow(@authenticator).to receive(:application_authorized?).and_return(false) + + expect(@authenticator.auth).to be false + end + + it 'should return ok if manager_exists and application_authorized' do + allow(@authenticator).to receive(:manager_exists?).and_return(true) + allow(@authenticator).to receive(:application_authorized?).and_return(true) + + expect(@authenticator.auth).to be_truthy + end + end + + describe 'SOAP' do + before(:all) do + @authenticator = ManagerAuthenticator.new({login: "JJB033", clave_usuario: "31415926", fecha_conexion: "20151031135905"}) + end + + it 'should call the verification user method' do + allow(@authenticator).to receive(:application_authorized?).and_return(true) + expect(@authenticator.send(:client)).to receive(:call).with(:get_status_user_data, message: { ub: {user_key: "31415926", date: "20151031135905"} }) + @authenticator.auth + end + + it 'should call the permissions check method' do + allow(@authenticator).to receive(:manager_exists?).and_return(true) + expect(@authenticator.send(:client)).to receive(:call).with(:get_applications_user_list, message: { ub: {user_key: "31415926"} }) + @authenticator.auth + end + end +end \ No newline at end of file diff --git a/spec/models/manager_spec.rb b/spec/models/manager_spec.rb deleted file mode 100644 index a6a89427c..000000000 --- a/spec/models/manager_spec.rb +++ /dev/null @@ -1,46 +0,0 @@ -require 'rails_helper' - -describe Manager do - - describe "valid?" do - - let(:manager) { create(:manager) } - - it "is false when username is blank" do - manager.username = nil - expect(manager).to_not be_valid - end - it "is false when password is blank" do - manager.password_digest = nil - expect(manager).to_not be_valid - end - - it "is true if username and password present" do - expect(manager).to be_valid - end - end - - describe "self.valid_manager" do - before(:all) { create(:manager, username: "Silvia" ,password: "supersecret") } - - it "is false when username is blank" do - expect(Manager.valid_manager(nil, "supersecret")).to be_blank - end - it "is false when password is blank" do - expect(Manager.valid_manager("Silvia", nil)).to be_blank - end - - it "is false if manager unexistent" do - expect(Manager.valid_manager("Manager", "supersecret")).to be_blank - end - - it "is false if wrong password unexistent" do - expect(Manager.valid_manager("Silvia", "wrong")).to be_blank - end - - it "is true if right username/password combination" do - expect(Manager.valid_manager("Silvia", "supersecret")).to be_present - end - end - -end \ No newline at end of file diff --git a/spec/support/common_actions.rb b/spec/support/common_actions.rb index d57a5eaac..b53ff2816 100644 --- a/spec/support/common_actions.rb +++ b/spec/support/common_actions.rb @@ -24,8 +24,10 @@ module CommonActions click_button 'Log in' end - def login_as_manager(manager) - visit management_sign_in_path(login: manager.username, clave_usuario: manager.password) + def login_as_manager + login, user_key, date = "JJB042", "31415926", Time.now.strftime("%Y%m%d%H%M%S") + allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return({login: login, user_key: user_key, date: date}) + visit management_sign_in_path(login: login, clave_usuario: user_key, fecha_conexion: date) end def login_managed_user(user)