MuranoCLI 3.1.0 → 3.2.0.beta.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e90d2b8f700e2d6622118f28d8e1a1759706205cb35affe3e0aee7d742961644
-  data.tar.gz: 6a8ea0aa65cb39d5312ae0451337173d3a38b735867860868cf54bcfe7a144ca
+  metadata.gz: cb061c736e0642412756d2b964e8dc05a5955863beaa0c94cd5b9cd1f77fd7a6
+  data.tar.gz: d94b914a08a3679c09332d9ade3533d6e9bc350ba9b84656f50890834cf34dcf
 SHA512:
-  metadata.gz: b41ce85c7df8e2ffb269d4322be5e0e97b1b944325eab6a852ffda53368a2c51b6a1a4ac8e2485ddbbe45e47c80ed6520d89a85b488f91a0293015a2b93957fd
-  data.tar.gz: 1d44b6f3dcb5f3c84685f1fcf1bf1de47bf1d2a5b6496212487bbd843a13f8779515ea0a8d2eda65d1ef5fe4c783510d0491d2670eb62ff89be08a47259f17d7
+  metadata.gz: ccfa0f6a460dd6510919cc82d5482485dc16c88ccf0feb9af2f06408dd07ab6b22526f215aa4f63445264a866f08cad15c4ded3c7b75d8e179ce7d2a60e4900e
+  data.tar.gz: c684535687d90509380929e5e5f014d7e2e1706f20b25560d077e8e58e19c457d7ff027de9c3d0b4ebb72a1e4d5646d2abb3c5e3c9ac477ae6828a0a6c25c9ce

data/.rubocop.yml

@@ -119,6 +119,7 @@ Style/FileName:
     - 'lib/MrMurano.rb'
     - 'lib/MrMurano/makePretty.rb'
     - 'lib/MrMurano/Account.rb'
+    - 'lib/MrMurano/AccountBase.rb'
     - 'lib/MrMurano/Business.rb'
     - 'lib/MrMurano/Commander-Entry.rb'
     - 'lib/MrMurano/Config-Migrate.rb'
@@ -127,6 +128,7 @@ Style/FileName:
     - 'lib/MrMurano/Exchange.rb'
     - 'lib/MrMurano/Exchange-Element.rb'
     - 'lib/MrMurano/Gateway.rb'
+    - 'lib/MrMurano/HttpAuthed.rb'
     - 'lib/MrMurano/Keystore.rb'
     - 'lib/MrMurano/Logs.rb'
     - 'lib/MrMurano/Mock.rb'

data/.trustme.sh

@@ -32,7 +32,7 @@
 #       to open them, the BufEnter event doesn't trigger properly.
 #       E.g.,
 #
-#         MURANO_CLI=/exo/clients/exosite/MuranoCLI filter=".* *" in=".trustme.vim" {
+#         MURANO_CLI=/exo/clients/exosite/MuranoCLIs/active+MuranoCLI filter=".* *" in=".trustme.vim" {
 #           .agignore
 #           # ...
 #         }
@@ -217,9 +217,13 @@ build_it() {
   echo "- rubocop -v: $(rubocop -v)" >> ${OUT_FILE}
   #echo "- cmd rubocop: $(command -v rubocop)" >> ${OUT_FILE}
 
+  local projpath="/exo/clients/exosite/MuranoCLIs"
   rake build &>> ${OUT_FILE} && \
       gem install -i $(ruby -rubygems -e 'puts Gem.dir') \
-          pkg/MuranoCLI-$(ruby -e 'require "/exo/clients/exosite/MuranoCLI/lib/MrMurano/version.rb"; puts MrMurano::VERSION').gem \
+          pkg/MuranoCLI-$( \
+            ruby -e "require \"${projpath}/active+MuranoCLI/lib/MrMurano/version.rb\"; \
+            puts MrMurano::VERSION"\
+          ).gem \
       &>> ${OUT_FILE}
 }
 

data/lib/MrMurano/Account.rb

@@ -5,273 +5,17 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
-require 'json'
-require 'net/http'
-require 'uri'
-require 'yaml'
 require 'MrMurano/hash'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/Business'
-require 'MrMurano/Config'
-require 'MrMurano/Passwords'
-require 'MrMurano/Solution'
+require 'MrMurano/HttpAuthed'
 
 module MrMurano
   class Account
-    # The tool only works for a single user. To avoid fetching the
-    # token multiple times (and to avoid having to pass an Account
-    # object around), we make the class a singleton.
-    include Singleton
-
-    include Http
+    include AccountBase
     include Verbose
 
-    def initialize
-      @token = nil
-      @twofactor_token = nil
-    end
-
-    def host
-      $cfg['net.host'].to_s
-    end
-
-    def user
-      $cfg['user.name'].to_s
-    end
-
-    def endpoint(path)
-      URI($cfg['net.protocol'] + '://' + host + '/api:1/' + path.to_s)
-    end
-
-    # ---------------------------------------------------------------------
-
-    LOGIN_ADVICE = %(
-Please login using `murano login` or `murano init`.
-Or set your password with `murano password set <username>`.
-    ).strip
-    LOGIN_NOTICE = 'Please login.'
-
-    def login_info
-      warned_once = false
-
-      if user.empty?
-        prologue = 'No Murano user account found.'
-        unless $cfg.prompt_if_logged_off
-          MrMurano::Verbose.whirly_stop
-          error("#{prologue}\n#{LOGIN_ADVICE}")
-          exit 2
-        end
-        MrMurano::Verbose.whirly_pause
-        error("#{prologue} #{LOGIN_NOTICE}")
-        warned_once = true
-        username = ask('User name: ')
-        $cfg.set('user.name', username, :user)
-        $project.refresh_user_name
-        MrMurano::Verbose.whirly_unpause
-      end
-
-      pwd_file = pwd_file_load
-      user_pass = pwd_file.get(host, user)
-      if user_pass.nil?
-        prologue = "No Murano password found for #{user}."
-        unless $cfg.prompt_if_logged_off
-          MrMurano::Verbose.whirly_stop
-          error("#{prologue}\n#{LOGIN_ADVICE}")
-          exit 2
-        end
-        MrMurano::Verbose.whirly_pause
-        error(%(#{prologue} #{LOGIN_NOTICE}).strip) unless warned_once
-        user_pass = ask('Password: ') { |q| q.echo = '*' }
-        pwd_file.set(host, user, user_pass)
-        pwd_file.set(host, user + '/twofactor', nil)
-        pwd_file.save
-        MrMurano::Verbose.whirly_unpause
-      else
-        @twofactor_token = token_twofactor_lookup(pwd_file)
-      end
-
-      {
-        email: user,
-        password: user_pass,
-      }
-    end
-
-    def pwd_file_load
-      pwd_path = $cfg.file_at('passwords', :user)
-      pwd_file = MrMurano::Passwords.new(pwd_path)
-      pwd_file.load
-      pwd_file
-    end
-
-    def token_twofactor_lookup(pwd_file)
-      twoftoken = pwd_file.lookup(host, user + '/twofactor')
-      if twoftoken.to_s.empty?
-        nil
-      elsif twoftoken !~ /^[a-fA-F0-9]+$/
-        warning "Malformed twofactor token: #{twoftoken}"
-        nil
-      else
-        twoftoken
-      end
-    end
-
-    # ---------------------------------------------------------------------
-
-    def token
-      return '' if defined?(@logging_on) && @logging_on
-      token_fetch if @token.to_s.empty?
-      @token
-    end
-
-    def token_reset(value=nil)
-      @token = value
-    end
-
-    def token_fetch
-      @logging_on = true
-      creds = login_info
-      @token = nil
-
-      # If 2fa token found, verify it works.
-      unless @twofactor_token.nil?
-        get('token/' + @twofactor_token) do |request, http|
-          http.request(request) do |response|
-            if response.is_a?(Net::HTTPSuccess)
-              # response.body is, e.g., "{\"email\":\"xxx@yyy.zzz\",\"ttl\":172800}"
-              @token = @twofactor_token
-            end
-          end
-        end
-        unless @token.nil?
-          @logging_on = false
-          return
-        end
-        @twofactor_token = nil
-      end
-
-      MrMurano::Verbose.whirly_start('Logging in...')
-      post('token/', creds) do |request, http|
-        http.request(request) do |response|
-          reply = JSON.parse(response.body, json_opts)
-          if response.is_a?(Net::HTTPSuccess)
-            @token = reply[:token]
-          elsif response.is_a?(Net::HTTPConflict) && reply[:message] == 'twofactor'
-            MrMurano::Verbose.whirly_interject do
-              # Prompt user for emailed code.
-              token_twofactor_fetch(creds)
-            end
-          else
-            showHttpError(request, response)
-            error 'Check to see if username and password are correct.'
-            unless ENV['MURANO_PASSWORD'].to_s.empty?
-              pwd_path = $cfg.file_at('passwords', :user)
-              warning "NOTE: MURANO_PASSWORD specifies the password; it was not read from #{pwd_path}"
-            end
-          end
-        end
-      end
-      MrMurano::Verbose.whirly_stop
-      @logging_on = false
-    end
-
-    def token_twofactor_fetch(creds)
-      error 'Two-factor Authentication'
-      warning 'A verification code has been sent to your email.'
-      code = ask('Please enter the code here to continue: ').strip
-      unless code =~ /^[a-fA-F0-9]+$/
-        error 'Expected token to contain only numbers and hexadecimal letters.'
-        exit 1
-      end
-      MrMurano::Verbose.whirly_start('Verifying code...')
-
-      path = 'key/' + code
-
-      response = get(path)
-      # Response is, e.g., {
-      #   purpose: "twofactor",
-      #   status: "exists",
-      #   email: "xxx@yyy.zzz",
-      #   bizid: null,
-      #   businessName: null, }
-      return if response.nil?
-
-      response = post(path, password: creds[:password])
-      # Response is, e.g., { "token": "..." }
-      return if response.nil?
-
-      @twofactor_token = response[:token]
-      pwd_file = pwd_file_load
-      pwd_file.set(host, user + '/twofactor', @twofactor_token)
-      pwd_file.save
-      @token = @twofactor_token
-      MrMurano::Verbose.whirly_stop
-
-      warning 'Please run `murano logout --token` to clear your two-factor token when finished.'
-    end
-
-    def logout(token_delete_only)
-      @logging_on = true
-
-      pwd_file = pwd_file_load
-      twoftoken = token_twofactor_lookup(pwd_file)
-
-      # First, delete/invalidate the remote token.
-      unless twoftoken.to_s.empty?
-        verbose 'Removing two-factor token.'
-        @suppress_error = true
-        delete('token/' + twoftoken)
-        # The response is nil if the token was not recognized, otherwise it's
-        # {}. We don't really care, since we're going to forget our copy of
-        # the token, anyway.
-        @suppress_error = false
-      end
-
-      net_host = verify_set('net.host')
-      user_name = verify_set('user.name')
-      if net_host && user_name
-        pwd_file = MrMurano::Passwords.new
-        pwd_file.load
-        pwd_file.remove(net_host, user_name) unless token_delete_only
-        pwd_file.remove(net_host, user_name + '/twofactor')
-        pwd_file.save
-      else
-        verbose 'Skipping password scrub: need both net.host and user.name to remove.'
-      end
-
-      clear_from_config(net_host, user_name) unless token_delete_only
-
-      @logging_on = false
-    end
-
-    def clear_from_config(net_host, user_name)
-      user_net_host = $cfg.get('net.host', :user)
-      user_net_host = $cfg.get('net.host', :defaults) if user_net_host.nil?
-      user_user_name = $cfg.get('user.name', :user)
-      # Only clear user name from the user config if the net.host
-      # or user.name did not come from a different config, like the
-      # --project config.
-      unless (user_net_host == net_host) && (user_user_name == user_name)
-        verbose 'Skipping config scrub: net.host and/or user.name do not match.'
-        return
-      end
-      $cfg.set('user.name', nil, :user)
-      $cfg.set('business.id', nil, :user)
-      $cfg.set('business.name', nil, :user)
-    end
-
-    def verify_set(cfg_key)
-      cfg_val = $cfg.get(cfg_key)
-      if cfg_val.to_s.empty?
-        cfg_val = nil
-        cfg_key_q = MrMurano::Verbose.fancy_ticks(cfg_key)
-        MrMurano::Verbose.warning("No config key #{cfg_key_q}: no password to delete")
-      end
-      cfg_val
-    end
-
-    # ---------------------------------------------------------------------
-
     def businesses(bid: nil, name: nil, fuzzy: nil)
       # Ask user for name and password, if not saved to config and password files.
       login_info if user.empty?
@@ -294,7 +38,9 @@ Or set your password with `murano password set <username>`.
             match_bid.include?(biz[:bizid]) ||
             match_name.include?(biz[:name]) ||
             match_fuzzy.any? do |term|
-              biz[:name] =~ /#{Regexp.escape(term)}/i || biz[:bizid] =~ /#{Regexp.escape(term)}/i
+              biz[:name] =~ (
+                /#{Regexp.escape(term)}/i || biz[:bizid] =~ /#{Regexp.escape(term)}/i
+              )
             end
           )
         end
@@ -313,7 +59,7 @@ Or set your password with `murano password set <username>`.
 
     def new_account(email, name, company='')
       # this is a kludge.  If we're gonna support this, do it better.
-      @token = ''
+      token_reset
       post('key/', email: email, name: name, company: company, source: 'signup')
     end
 
@@ -323,7 +69,7 @@ Or set your password with `murano password set <username>`.
 
     def accept_account(token, password)
       # this is a kludge.  If we're gonna support this, do it better.
-      @token = ''
+      token_reset
       post("key/#{token}", password: password)
     end
 

data/lib/MrMurano/AccountBase.rb

@@ -0,0 +1,214 @@
+# Copyright © 2016-2017 Exosite LLC. All Rights Reserved
+# License: PROPRIETARY. See LICENSE.txt.
+# frozen_string_literal: true
+
+# vim:tw=0:ts=2:sw=2:et:ai
+# Unauthorized copying of this file is strictly prohibited.
+
+require 'json'
+require 'net/http'
+require 'uri'
+require 'MrMurano/http'
+require 'MrMurano/verbosing'
+require 'MrMurano/HttpAuthed'
+
+module MrMurano
+  module AccountBase
+    include Http
+    include Verbose
+
+    def initialize(authless: false)
+      super()
+      # Set up the HttpAuthed instance. If 'authless', caller wants an
+      # Account object but does not want to ask user for name and password,
+      # nor does caller want credentials added to any HTTP requests. This
+      # is so far only useful for the `murano token delete` command.
+      login_info unless authless
+      @authless = false
+    end
+
+    def add_headers(request)
+      super
+      MrMurano::HttpAuthed.instance.add_headers(request) unless @authless
+      request
+    end
+
+    def token
+      token_biz = MrMurano::HttpAuthed.instance.token_biz
+      return token_biz unless token_biz.to_s.empty?
+      MrMurano::HttpAuthed.instance.ensure_token!
+    end
+
+    def token_reset
+      MrMurano::HttpAuthed.instance.token_reset
+    end
+
+    # ---------------------------------------------------------------------
+
+    LOGIN_NOTICE = 'Please login.'
+
+    LOGIN_ADVICE = %(
+      Please login using `murano login` or `murano init`.
+      Or set your password with `murano password set <username>`.
+    ).strip.gsub(/^\s+/, '')
+
+    def login_info
+      # (lb): This is a little hokey, but someone has to init the Singleton,
+      # so we make sure it's ready anytime a new AccountBase instance is created.
+      email_pwd = MrMurano::HttpAuthed.instance.login_info
+      return email_pwd unless email_pwd.nil?
+      verify_cfg_auth!
+      @warned_once = false
+      ask_for_user! if user.empty?
+      # Do not prompt for password if using token.
+      if !@logging_on && $cfg['auth.scheme-token']
+        token = MrMurano::HttpAuthed.instance.token_resolve
+        return unless token.to_s.empty?
+      end
+      password = MrMurano::HttpAuthed.instance.password_get_or_ask(
+        host, user
+      ) { ask_for_password! }
+      email_pwd = { email: user, password: password }
+      email_pwd['ttl'] = $cfg.get('auth.ttl') unless $cfg.get('auth.ttl').to_s.empty?
+      MrMurano::HttpAuthed.instance.login_info = email_pwd
+    end
+
+    def ask_for_user!
+      prologue = 'No Murano user account found.'
+      must_prompt_if_logged_off!(prologue)
+      MrMurano::Verbose.whirly_pause
+      error("#{prologue} #{LOGIN_NOTICE}")
+      @warned_once = true
+      username = ask('User name: ')
+      $cfg.set('user.name', username, :user)
+      $project.refresh_user_name
+      MrMurano::Verbose.whirly_unpause
+      username
+    end
+
+    def ask_for_password!
+      prologue = "No Murano password found for #{user}."
+      must_prompt_if_logged_off!(prologue)
+      MrMurano::Verbose.whirly_pause
+      error(%(#{prologue} #{LOGIN_NOTICE}).strip) unless @warned_once
+      password = ask('Password: ') { |q| q.echo = '*' }
+      MrMurano::Verbose.whirly_unpause
+      password
+    end
+
+    def must_prompt_if_logged_off!(prologue)
+      return if $cfg.prompt_if_logged_off
+      MrMurano::Verbose.whirly_stop
+      error("#{prologue}\n#{LOGIN_ADVICE}")
+      exit 2
+    end
+
+    def verify_cfg_auth!
+      verify_cfg_auth_scheme!
+      verify_cfg_auth_persist
+      verify_cfg_auth_ttl
+    end
+
+    def verify_cfg_auth_scheme!
+      if $cfg['auth.scheme-token'] && $cfg['auth.scheme-basic']
+        error(%(Please only specify 'token' or 'basic' authentication))
+        exit 1
+      elsif !($cfg['auth.scheme-token'] || $cfg['auth.scheme-basic'])
+        if $cfg['auth.scheme-token'].nil?
+          # Default to token auth.
+          # E.g., user ran `murano cmd`, or `murano cmd --no-basic`.
+          $cfg['auth.scheme-token'] = true
+        else
+          # $cfg['auth.scheme-token'] is false(y), so use basic auth.
+          # E.g., user ran `cmd --no-token`, or `cmd --no-token --basic`.
+          $cfg['auth.scheme-basic'] = true
+        end
+      end
+    end
+
+    def verify_cfg_auth_persist
+      return unless $cfg['auth.persist-token'].nil? && $cfg['auth.persist-basic'].nil?
+      # User did not specify either --[no-]login or --[no-]cache.
+      # Default to caching the token.
+      $cfg['auth.persist-token'] = true
+    end
+
+    def verify_cfg_auth_ttl
+      return unless $cfg['auth.ttl'].nil? && !$cfg['auth.persist-token']
+      # User did not specify TTL, and token *not* being cached,
+      # so set a low time-to-live (2018-03-07: currently 60 secs).
+      $cfg['auth.ttl'] = MrMurano::Config::CFG_AUTH_DEFAULT_TTL
+      # Otherwise, user overrode the value; or
+      # token being persisted, so leave nil and let BizAPI set default.
+    end
+
+    # ---------------------------------------------------------------------
+
+    def logout(keep_user: false, keep_password: false, no_invalidate: false)
+      @logging_on = true
+
+      token = MrMurano::HttpAuthed.instance.token_lookup
+      invalidate_token(token) unless no_invalidate
+
+      net_host = verify_set('net.host')
+      user_name = verify_set('user.name')
+      if net_host && user_name
+        MrMurano::HttpAuthed.instance.token_forget(
+          net_host, user_name, keep_password: keep_password,
+        )
+      else
+        verbose 'Skipping password scrub: need both host and username to remove.'
+      end
+
+      cfg_clear_user_and_business(net_host, user_name) unless keep_user
+
+      @logging_on = false
+    end
+
+    def invalidate_token(tok)
+      # Delete/invalidate the remote tok.
+      return if tok.to_s.empty?
+      verbose 'Removing token.'
+      @suppress_error = true
+      # (lb): This is a bit of a kludge. The DELETE token/ call does not need
+      # authentication creds (like username and password). So tell our
+      # add_headers method not to call HttpAuthed.add_headers, which would
+      # otherwise add Authentication headers to the HTTP request.
+      @authless = true
+      delete('token/' + tok)
+      @authless = false
+      # The response is nil if token was not recognized, else it's {}.
+      # We don't care, because we'll forget our copy of the token.
+      @suppress_error = false
+    end
+
+    def cfg_clear_user_and_business(net_host, user_name)
+      user_net_host = $cfg.get('net.host', :user)
+      user_net_host = $cfg.get('net.host', :defaults) if user_net_host.nil?
+      user_user_name = $cfg.get('user.name', :user)
+      # Only clear user name from the user config if the net.host
+      # or user.name did not come from a different config, like the
+      # --project config.
+      unless (user_net_host == net_host) && (user_user_name == user_name)
+        verbose 'Skipping config scrub: net.host and/or user.name do not match.'
+        return
+      end
+      $cfg.set('user.name', nil, :user)
+      $cfg.set('business.id', nil, :user)
+      $cfg.set('business.name', nil, :user)
+    end
+
+    # ---------------------------------------------------------------------
+
+    def verify_set(cfg_key)
+      cfg_val = $cfg.get(cfg_key)
+      if cfg_val.to_s.empty?
+        cfg_val = nil
+        cfg_key_q = MrMurano::Verbose.fancy_ticks(cfg_key)
+        MrMurano::Verbose.warning("No config key #{cfg_key_q}: no password to delete")
+      end
+      cfg_val
+    end
+  end
+end
+

data/lib/MrMurano/Business.rb

@@ -12,16 +12,15 @@ require 'rainbow'
 require 'uri'
 require 'yaml'
 require 'MrMurano/hash'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/Config'
 require 'MrMurano/Solution'
-require 'MrMurano/Passwords'
 
 module MrMurano
   # The Business class represents an end user's solutions.
   class Business
-    include Http
+    include AccountBase
     include Verbose
 
     attr_writer :bid
@@ -31,6 +30,7 @@ module MrMurano
     attr_reader :ometa
 
     def initialize(data=nil)
+      super()
       @bid = nil
       @name = nil
       @valid = false
@@ -85,22 +85,6 @@ module MrMurano
       self
     end
 
-    # MAYBE: Check that ADC is enabled on the business. If not, tell
-    #   user to run Murano 2.x. [lb] is not sure which value from
-    #   Murano to check. Is it :enableMurano or :enableProjects?
-    #   See the overview method.
-    #def adc_compat_check
-    #  unless $cfg['business.id'].nil?
-    #    unless projects?($cfg['business.id'])
-    #      # This is 3.x which does not support projects!
-    #      warning('!'*80)
-    #      warning "Your business requires Murano CLI 2.x"
-    #      warning "Some features may not work correctly."
-    #      warning('!'*80)
-    #    end
-    #  end
-    #end
-
     def must_business_id!
       raise MrMurano::ConfigError.new(Business.missing_business_id_msg) if bid.to_s.empty?
     end

data/lib/MrMurano/Config-Migrate.rb

@@ -5,12 +5,8 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
-require 'fileutils'
 require 'pathname'
 require 'yaml'
-require 'MrMurano/verbosing'
-require 'MrMurano/Account'
-require 'MrMurano/Config'
 
 module MrMurano
   class ConfigMigrate