Merge cas_client into master

11 files changed, 147 insertions, 52 deletions

diff --git a/Gemfile b/Gemfile
index fafb2e9c1..2ceb971c3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -57,6 +57,7 @@ gem 'polylines'
 
 # Authentication
 gem 'devise', '~> 3.4.0'
+gem 'devise_cas_authenticatable'
 gem 'devise-encryptable'
 gem 'devise_invitable'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 3b97d82ae..ac7bb968f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -116,6 +116,9 @@ GEM
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
     devise-i18n (0.11.4)
+    devise_cas_authenticatable (1.9.0)
+      devise (>= 1.2.0)
+      rubycas-client (>= 2.2.1)
     devise_invitable (1.4.1)
       actionmailer (>= 3.2.6, < 5)
       devise (>= 3.2.0)
@@ -372,6 +375,8 @@ GEM
     rspec-support (3.1.2)
     ruby-graphviz (1.0.9)
     ruby-ole (1.2.11.8)
+    rubycas-client (2.3.9)
+      activesupport
     rubyzip (1.1.7)
     sass (3.2.19)
     sass-rails (4.0.5)
@@ -491,6 +496,7 @@ DEPENDENCIES
   devise-async
   devise-encryptable
   devise-i18n
+  devise_cas_authenticatable
   devise_invitable
   enumerize (~> 0.10.0)
   factory_girl_rails (~> 4.0)
diff --git a/app/models/user.rb b/app/models/user.rb
index bbde7d0d9..019249699 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,13 +1,16 @@
 class User < ActiveRecord::Base
   # Include default devise modules. Others available are:
-  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
-  devise :invitable, :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable,
-         :confirmable, :async
+  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable, :database_authenticatable
+  devise :invitable, :registerable, :validatable,
+         :recoverable, :rememberable, :trackable,
+         :confirmable, :async, :cas_authenticatable
+
+  # FIXME https://github.com/nbudin/devise_cas_authenticatable/issues/53
+  # Work around :validatable, when database_authenticatable is diabled.
+  attr_accessor :password
 
   # Setup accessible (or protected) attributes for your model
   # attr_accessible :email, :password, :current_password, :password_confirmation, :remember_me, :name, :organisation_attributes
-
   belongs_to :organisation
 
   accepts_nested_attributes_for :organisation
@@ -20,9 +23,20 @@ class User < ActiveRecord::Base
     self.password ||= Devise.friendly_token.first(6)
     self.password_confirmation ||= self.password
   end
-
   after_destroy :check_destroy_organisation
 
+  def cas_extra_attributes=(extra_attributes)
+    extra_attributes.each do |name, value|
+      # case name.to_sym
+      # Extra attributes
+      # when :fullname
+      #   self.fullname = value
+      # when :email
+      #   self.email = value
+      # end
+    end
+  end
+
   private
 
   # remove organisation and referentials if last user of it
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index b91fa3c19..aacc8ad0b 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -276,6 +276,53 @@ Devise.setup do |config|
   # When using omniauth, Devise cannot automatically set Omniauth path,
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+  config.cas_base_url = "http://stif-portail-dev.af83.priv/sessions"
+
+  # you can override these if you need to, but cas_base_url is usually enough
+  # config.cas_login_url = "https://cas.myorganization.com/login"
+  # config.cas_logout_url = "https://cas.myorganization.com/logout"
+  # config.cas_validate_url = "https://cas.myorganization.com/serviceValidate"
+
+  # The CAS specification allows for the passing of a follow URL to be displayed when
+  # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
+  # URL via the destination param. Set either of these urls and specify either nil,
+  # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
+  # logout_url_param is set, a default will be detected for the service.
+  # config.cas_destination_url = 'https://cas.myorganization.com'
+  # config.cas_follow_url = 'https://cas.myorganization.com'
+  # config.cas_logout_url_param = nil
+
+  # You can specify the name of the destination argument with the following option.
+  # e.g. the following option will change it from 'destination' to 'url'
+  # config.cas_destination_logout_param_name = 'url'
+
+  # By default, devise_cas_authenticatable will create users.  If you would rather
+  # require user records to already exist locally before they can authenticate via
+  # CAS, uncomment the following line.
+  config.cas_create_user = false
+
+  # You can enable Single Sign Out, which by default is disabled.
+  # config.cas_enable_single_sign_out = true
+
+  # If you don't want to use the username returned from your CAS server as the unique
+  # identifier, but some other field passed in cas_extra_attributes, you can specify
+  # the field name here.
+  # config.cas_user_identifier = nil
+
+  # If you want to use the Devise Timeoutable module with single sign out,
+  # uncommenting this will redirect timeouts to the logout url, so that the CAS can
+  # take care of signing out the other serviced applocations. Note that each
+  # application manages timeouts independently, so one application timing out will
+  # kill the session on all applications serviced by the CAS.
+  # config.warden do |manager|
+  #   manager.failure_app = DeviseCasAuthenticatable::SingleSignOut::WardenFailureApp
+  # end
+
+  # If you need to specify some extra configs for rubycas-client, you can do this via:
+  # config.cas_client_config_options = {
+  #     logger: Rails.logger
+  # }
 end
 
 Rails.application.config.to_prepare do
diff --git a/config/routes.rb b/config/routes.rb
index f7719b9af..d43309096 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,7 +11,7 @@ ChouetteIhm::Application.routes.draw do
       root :to => 'referentials#index', as: :authenticated_root
     end
     unauthenticated :user do
-      root :to => 'devise/sessions#new', as: :unauthenticated_root
+      root :to => 'devise/cas_sessions#new', as: :unauthenticated_root
     end
   end
 
diff --git a/db/migrate/20160511134824_add_username_to_users.rb b/db/migrate/20160511134824_add_username_to_users.rb
new file mode 100644
index 000000000..50dfda864
--- /dev/null
+++ b/db/migrate/20160511134824_add_username_to_users.rb
@@ -0,0 +1,15 @@
+class AddUsernameToUsers < ActiveRecord::Migration
+  def up
+    add_column :users, :username, :string, :null => false
+    add_index :users, :username, :unique => true
+    User.all.each do |u|
+      u.username = u.email
+      u.save
+    end
+  end
+
+  def down
+    remove_column :users, :username, :string, :null => false
+    remove_index :users, :username, :unique => true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 28e06266c..ac4a8fd10 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -372,10 +372,10 @@ ActiveRecord::Schema.define(version: 20160512110510) do
     t.integer  "object_version"
     t.datetime "creation_time"
     t.string   "creator_id"
-    t.float    "distance"
-    t.boolean  "no_processing"
     t.spatial  "input_geometry",     limit: {:srid=>4326, :type=>"line_string"}
     t.spatial  "processed_geometry", limit: {:srid=>4326, :type=>"line_string"}
+    t.float    "distance"
+    t.boolean  "no_processing"
   end
 
   create_table "routes", force: true do |t|
@@ -573,11 +573,13 @@ ActiveRecord::Schema.define(version: 20160512110510) do
     t.integer  "invited_by_id"
     t.string   "invited_by_type"
     t.datetime "invitation_created_at"
+    t.string   "username",                            null: false
   end
 
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
   add_index "users", ["invitation_token"], :name => "index_users_on_invitation_token", :unique => true
   add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
+  add_index "users", ["username"], :name => "index_users_on_username", :unique => true
 
   create_table "vehicle_journey_at_stops", force: true do |t|
     t.integer "vehicle_journey_id",             limit: 8
diff --git a/spec/factories/chouette_2_factories.rb b/spec/factories/chouette_2_factories.rb
index 44179b563..6234f6540 100644
--- a/spec/factories/chouette_2_factories.rb
+++ b/spec/factories/chouette_2_factories.rb
@@ -24,6 +24,7 @@ FactoryGirl.define do
   factory :user do
     association :organisation
     sequence(:name) { |n| "chouette#{n}" }
+    sequence(:username) { |n| "chouette#{n}" }
     sequence(:email) { |n| "chouette#{n}@dryade.priv" }
     password "secret"
     password_confirmation "secret"
diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index f6cd1caf4..20440a134 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -10,45 +10,51 @@ feature 'Sign in', :devise do
   #   Given I do not exist as a user
   #   When I sign in with valid credentials
   #   Then I see an invalid credentials message
-  scenario 'user cannot sign in if not registered' do   
-    signin('test@example.com', 'please123')    
-    expect(page).to have_content I18n.t 'devise.failure.not_found_in_database', authentication_keys: 'email'
-  end
+  # FIXME #816
+  # scenario 'user cannot sign in if not registered' do
+  #   signin('test@example.com', 'please123')
+  #   expect(page).to have_content I18n.t 'devise.failure.not_found_in_database', authentication_keys: 'email'
+  # end
 
   # Scenario: User can sign in with valid credentials
   #   Given I exist as a user
   #   And I am not signed in
   #   When I sign in with valid credentials
   #   Then I see a success message
-  scenario 'user can sign in with valid credentials' do
-    user = create(:user)
-    user.confirm!
-    signin(user.email, user.password)
-    expect(page).to have_content I18n.t 'devise.sessions.signed_in'
-  end
+
+  # FIXME #816
+  # scenario 'user can sign in with valid credentials' do
+  #   user = create(:user)
+  #   user.confirm!
+  #   signin(user.email, user.password)
+  #   expect(page).to have_content I18n.t 'devise.sessions.signed_in'
+  # end
 
   # Scenario: User cannot sign in with wrong email
   #   Given I exist as a user
   #   And I am not signed in
   #   When I sign in with a wrong email
   #   Then I see an invalid email message
-  scenario 'user cannot sign in with wrong email' do
-    user = create(:user)
-    user.confirm!
-    signin('invalid@email.com', user.password)
-    expect(page).to have_content I18n.t 'devise.failure.not_found_in_database', authentication_keys: 'email'
-  end
+
+  # scenario 'user cannot sign in with wrong email' do
+  #   user = create(:user)
+  #   user.confirm!
+  #   signin('invalid@email.com', user.password)
+  #   expect(page).to have_content I18n.t 'devise.failure.not_found_in_database', authentication_keys: 'email'
+  # end
 
   # Scenario: User cannot sign in with wrong password
   #   Given I exist as a user
   #   And I am not signed in
   #   When I sign in with a wrong password
   #   Then I see an invalid password message
-  scenario 'user cannot sign in with wrong password' do
-    user = create(:user)
-    user.confirm!
-    signin(user.email, 'invalidpass')
-    expect(page).to have_content I18n.t 'devise.failure.invalid', authentication_keys: 'email'
-  end
+
+  # FIXME #816
+  # scenario 'user cannot sign in with wrong password' do
+  #   user = create(:user)
+  #   user.confirm!
+  #   signin(user.email, 'invalidpass')
+  #   expect(page).to have_content I18n.t 'devise.failure.invalid', authentication_keys: 'email'
+  # end
 
 end
diff --git a/spec/features/users/sign_out_spec.rb b/spec/features/users/sign_out_spec.rb
index 91310089c..e1297b3e5 100644
--- a/spec/features/users/sign_out_spec.rb
+++ b/spec/features/users/sign_out_spec.rb
@@ -11,16 +11,18 @@ feature 'Sign out', :devise do
   #   Given I am signed in
   #   When I sign out
   #   Then I see a signed out message
-  scenario 'user signs out successfully' do
-    user = FactoryGirl.create(:user)
-    user.confirm!
-    signin(user.email, user.password)
-    expect(page).to have_content I18n.t 'devise.sessions.signed_in'
-    click_link user.name
-    click_link 'Déconnexion'
-    expect(page).to have_content I18n.t 'devise.sessions.signed_out'
-  end
-  
+
+  # FIXME #816
+  # scenario 'user signs out successfully' do
+  #   user = FactoryGirl.create(:user)
+  #   user.confirm!
+  #   login_as(user, :scope => "user")
+  #   expect(page).to have_content I18n.t 'devise.sessions.signed_in'
+  #   click_link user.name
+  #   click_link 'Déconnexion'
+  #   expect(page).to have_content I18n.t 'devise.sessions.signed_out'
+  # end
+
 end
 
 
diff --git a/spec/features/users/user_edit_spec.rb b/spec/features/users/user_edit_spec.rb
index cb1830a55..c7c742416 100644
--- a/spec/features/users/user_edit_spec.rb
+++ b/spec/features/users/user_edit_spec.rb
@@ -17,17 +17,18 @@ feature 'User edit', :devise do
   #   Given I am signed in
   #   When I change my email address
   #   Then I see an account updated message
-  scenario 'user changes email address' do
-    user = FactoryGirl.create(:user)
-    user.confirm!
-    login_as(user, :scope => :user)
-    visit edit_user_registration_path(user)
-    fill_in 'user_email', :with => 'newemail@example.com'
-    fill_in 'user_current_password', :with => user.password
-    click_button 'Modifier'
-    txts = [I18n.t( 'devise.registrations.updated'), I18n.t( 'devise.registrations.update_needs_confirmation')]
-    expect(page).to have_content(/.*#{txts[0]}.*|.*#{txts[1]}.*/)
-  end
+  # FIXME #816
+  # scenario 'user changes email address' do
+  #   user = FactoryGirl.create(:user)
+  #   user.confirm!
+  #   login_as(user, :scope => :user)
+  #   visit edit_user_registration_path(user)
+  #   fill_in 'user_email', :with => 'newemail@example.com'
+  #   fill_in 'user_current_password', :with => user.password
+  #   click_button 'Modifier'
+  #   txts = [I18n.t( 'devise.registrations.updated'), I18n.t( 'devise.registrations.update_needs_confirmation')]
+  #   expect(page).to have_content(/.*#{txts[0]}.*|.*#{txts[1]}.*/)
+  # end
 
   # Scenario: User cannot edit another user's profile
   #   Given I am signed in