MuranoCLI 3.1.0 → 3.2.0.beta.1

data/lib/MrMurano/Config.rb

@@ -79,29 +79,44 @@ module MrMurano
 
     CFG_SOLUTION_ID_KEYS = %w[application.id product.id].freeze
 
+    CFG_NET_PROTOCOLS = %w[https http].freeze
+
+    # If token not cached, set a very short timeout, to avoid database pollution.
+    CFG_AUTH_DEFAULT_TTL = 10
+
     def migrate_old_env
       return if ENV[CFG_OLD_ENV_NAME].nil?
-      warning %(ENV "#{CFG_OLD_ENV_NAME}" is no longer supported. Rename it to "#{CFG_ENV_NAME}")
+      warning %(
+        ENV "#{CFG_OLD_ENV_NAME}" is no longer supported. Rename it to "#{CFG_ENV_NAME}"
+      ).strip
       unless ENV[CFG_ENV_NAME].nil?
-        warning %(Both "#{CFG_ENV_NAME}" and "#{CFG_OLD_ENV_NAME}" defined, please remove "#{CFG_OLD_ENV_NAME}".)
+        warning %(
+          Both "#{CFG_ENV_NAME}" and "#{CFG_OLD_ENV_NAME}" defined, please remove "#{CFG_OLD_ENV_NAME}".
+        ).strip
       end
       ENV[CFG_ENV_NAME] = ENV[CFG_OLD_ENV_NAME]
     end
 
     def migrate_old_config(where)
+      migrate_warn_old_dir(where)
+      migrate_warn_old_cfg(where)
+    end
+
+    def migrate_warn_old_dir(where)
       # Check for dir.
-      if (where + CFG_OLD_DIR_NAME).exist?
-        warning %(Moving old directory "#{CFG_OLD_DIR_NAME}" to "#{CFG_DIR_NAME}" in "#{where}")
-        (where + CFG_OLD_DIR_NAME).rename(where + CFG_DIR_NAME)
-      end
+      return unless (where + CFG_OLD_DIR_NAME).exist?
+      warning %(Moving old directory "#{CFG_OLD_DIR_NAME}" to "#{CFG_DIR_NAME}" in "#{where}")
+      (where + CFG_OLD_DIR_NAME).rename(where + CFG_DIR_NAME)
+    end
 
+    def migrate_warn_old_cfg(where)
       # Check for cfg.
-      # rubocop:disable Style/GuardClause
-      if (where + CFG_OLD_FILE_NAME).exist?
-        warning %(Moving old config "#{CFG_OLD_FILE_NAME}" to "#{CFG_FILE_NAME}" in "#{where}")
-        (where + CFG_DIR_NAME).mkpath
-        (where + CFG_OLD_FILE_NAME).rename(where + CFG_FILE_NAME)
-      end
+      return unless (where + CFG_OLD_FILE_NAME).exist?
+      warning %(
+        Moving old config "#{CFG_OLD_FILE_NAME}" to "#{CFG_FILE_NAME}" in "#{where}"
+      ).strip
+      (where + CFG_DIR_NAME).mkpath
+      (where + CFG_OLD_FILE_NAME).rename(where + CFG_FILE_NAME)
     end
 
     def initialize(cmd_runner=nil)
@@ -138,6 +153,10 @@ module MrMurano
       # The user can exclude certain scopes.
       @exclude_scopes = []
 
+      # Poor man's input validator, for string 'choice's.
+      @value_options = {}
+      @value_errors = 0
+
       set_defaults
     end
 
@@ -154,6 +173,15 @@ module MrMurano
 
       set('net.host', CFG_HOST_BIZAPI, :defaults)
       set('net.protocol', 'https', :defaults)
+      @value_options['net.protocol'] = CFG_NET_PROTOCOLS
+
+      set('auth.ttl', nil, :defaults)
+      # See global options --[no-]token and --[no-]basic.
+      set('auth.scheme-token', nil, :defaults)
+      set('auth.scheme-basic', nil, :defaults)
+      # See global options --[no-]login and --[no-]cache.
+      set('auth.persist-token', nil, :defaults)
+      set('auth.persist-basic', nil, :defaults)
 
       set('location.base', @project_dir, :defaults) unless @project_dir.nil?
       set('location.files', 'files', :defaults)
@@ -163,7 +191,9 @@ module MrMurano
       set('location.resources', 'specs/resources.yaml', :defaults)
       set('location.cors', 'cors.yaml', :defaults)
 
-      set('sync.bydefault', SyncRoot.instance.bydefault.join(' '), :defaults) if defined? SyncRoot
+      if defined? SyncRoot
+        set('sync.bydefault', SyncRoot.instance.bydefault.join(' '), :defaults)
+      end
 
       set('files.default_page', 'index.html', :defaults)
       set('files.searchFor', '**/*', :defaults)
@@ -382,6 +412,8 @@ module MrMurano
       init_curl_file
       # If user doesn't want paging, disable it.
       program :help_paging, !$cfg['tool.no-page'] unless $cfg['tool.no-page'].nil?
+      # Check for errors.
+      must_be_valid_values!
     end
 
     ## Load specified file into the config stack
@@ -480,6 +512,7 @@ module MrMurano
         # If key isn't dotted, then assume the tool section.
         ikey = section
         section = 'tool'
+        key = "#{section}.#{ikey}"
       end
 
       paths = @paths.select { |p| scope == p.kind }
@@ -493,8 +526,11 @@ module MrMurano
       cfg = paths.first
       data = cfg.data
       tomod = data[section]
-      tomod[ikey] = value unless value.nil?
-      tomod.delete(ikey) if value.nil?
+      if !value.nil?
+        change_value(key, tomod, ikey, value)
+      else
+        tomod.delete(ikey)
+      end
       data[section] = tomod
       # Remove empty sections to make test results more predictable.
       # Interesting: IniFile.each only returns sections with key-vals,
@@ -509,6 +545,24 @@ module MrMurano
       cfg.write
     end
 
+    def change_value(key, section, ikey, value)
+      choices = @value_options[key]
+      if !choices.nil? && !choices.include?(value)
+        warning %(Invalid value #{fancy_ticks(value)} for key #{fancy_ticks(key)})
+        warning %( Choose from: #{choices.join(', ')})
+        @value_errors += 1
+      else
+        section[ikey] = value
+      end
+    end
+
+    def must_be_valid_values!
+      return unless @value_errors > 0
+      error('You must correct the errors in your config (listed above) to continue.')
+      @runner.command_exit = 1
+      exit 1
+    end
+
     # key is <section>.<key>
     def [](key)
       get(key)
@@ -537,74 +591,101 @@ module MrMurano
       CFG_SCOPES.each do |scope|
         locats += "\n" unless first
         first = false
+        locats += location_of_scope(scope)
+      end
+      locats
+    end
 
-        cfg_paths = @paths.select { |p| p.kind == scope }
+    def location_of_scope(scope)
+      locat = ''
 
-        scope_q = fancy_ticks(scope)
-        msg = "Scope: #{scope_q}\n\n"
-        locats += Rainbow(msg).bright.underline
+      scope_q = fancy_ticks(scope)
+      scope_l = "Scope: #{scope_l}\n\n"
+      locat += Rainbow(scope_l).bright.underline
 
-        if !cfg_paths.empty?
-          cfg = cfg_paths.first
+      cfg_paths = @paths.select { |p| p.kind == scope }
+      if !cfg_paths.empty?
+        cfg = cfg_paths.first
+        locat += location_of_cfg(scope, cfg)
+      else
+        locat += location_not_found(scope, scope_q)
+      end
+      locat
+    end
 
-          if !cfg.path.nil? && cfg.path.exist?
-            path = "Path: #{cfg.path}\n"
-          elsif %i[internal defaults].include? cfg.kind
-            # cfg.path is nil.
-            path = "Path: #{scope_q} config is not saved.\n"
-          else
-            path = "Path: #{scope_q} config does not exist.\n"
-          end
-          #locats += Rainbow(path).bright
-          locats += path
-          locats += "\n"
-
-          skip_content = false
-          if scope == :env
-            locats += "Use the environment variable, MURANO_CONFIGFILE, to specify this config file.\n"
-            locats += "\n"
-            if ENV['MURANO_PASSWORD'].to_s.empty?
-              locats += "The MURANO_PASSWORD environ is not set.\n"
-            else
-              locats += "The MURANO_PASSWORD environ is set and will be used.\n"
-            end
-            skip_content = !cfg.path.exist?
-          end
-          next if skip_content
-          locats += "\n" if scope == :env
-
-          base = IniFile.new
-          base.merge! cfg.data
-          content = base.to_s
-          if !content.empty?
-            locats += "Config:\n\n"
-            #locats += base.to_s
-            base.to_s.split("\n").each do |line|
-              locats += '  ' + line + "\n"
-            end
-          else
-            msg = "Config: Empty INI file.\n"
-            #locats += Rainbow(msg).aqua.bright
-            locats += msg
-          end
+    def location_of_cfg(scope, cfg)
+      locat = ''
+
+      locat += location_path(scope, cfg)
+      locat += "\n"
+
+      locat_env, skip_content = location_env_and_skip?(scope, cfg)
+      locat += locat_env
+      return '' if skip_content
+      locat += "\n" if scope == :env
+
+      base = IniFile.new
+      base.merge! cfg.data
+      content = base.to_s
+      if !content.empty?
+        locat += "Config:\n\n"
+        base.to_s.split("\n").each do |line|
+          locat += '  ' + line + "\n"
+        end
+      else
+        config_l = "Config: Empty INI file.\n"
+        locat += config_l
+      end
+
+      locat
+    end
+
+    def location_path(scope, cfg)
+      scope_q = fancy_ticks(scope)
+      if !cfg.path.nil? && cfg.path.exist?
+        "Path: #{cfg.path}\n"
+      elsif %i[internal defaults].include? cfg.kind
+        # cfg.path is nil.
+        "Path: #{scope_q} config is not saved.\n"
+      else
+        "Path: #{scope_q} config does not exist.\n"
+      end
+    end
+
+    def location_env_and_skip?(scope, cfg)
+      locat_env = ''
+      skip_content = false
+      if scope == :env
+        locat_env += "Use the environment variable, MURANO_CONFIGFILE, to specify this config file.\n"
+        locat_env += "\n"
+        if ENV['MURANO_PASSWORD'].to_s.empty?
+          locat_env += "The MURANO_PASSWORD environ is not set.\n"
         else
-          msg = "No config found for #{scope_q}.\n"
-          if scope != :specified
-            locats += Rainbow(msg).red.bright
-          else
-            locats += "Path: #{scope_q} config does not exist.\n\n"
-            locats += "Use --configfile to specify this config file.\n"
-          end
+          locat_env += "The MURANO_PASSWORD environ is set and will be used.\n"
         end
+        skip_content = !cfg.path.exist?
       end
-      locats
+      [locat_env, skip_content]
+    end
+
+    def location_not_found(scope, scope_q)
+      locat = ''
+      config_l = "No config found for #{scope_q}.\n"
+      if scope != :specified
+        locat += Rainbow(config_l).red.bright
+      else
+        locat += "Path: #{scope_q} config does not exist.\n\n"
+        locat += "Use --configfile to specify this config file.\n"
+      end
+      locat
     end
 
     # To capture curl calls when running rspec, write to a file.
     def init_curl_file
       if self['tool.curldebug'] && !self['tool.curlfile'].to_s.strip.empty?
         if @curlfile_f.nil?
-          @curlfile_f = File.open(self['tool.curlfile'], 'a')
+          open_curl_file
+          return if @curlfile_f.nil?
           # MEH: Call @curlfile_f.close() at some point? Or let Ruby do on exit.
           @curlfile_f << Time.now.to_s + "\n"
           @curlfile_f << "murano #{ARGV.join(' ')}\n"
@@ -616,6 +697,14 @@ module MrMurano
       end
     end
 
+    def open_curl_file
+      @curlfile_f = File.open(self['tool.curlfile'], 'a')
+    rescue Errno::ENOENT => err
+      @curlfile_f = nil
+      warning("Unable to create curlfile at: #{self['tool.curlfile']}")
+      error(err.message)
+    end
+
     # To set a different protocol://host, i.e., for local developing.
     def set_net_host(url_or_host, scope=:internal)
       return if url_or_host.nil?

data/lib/MrMurano/Content.rb

@@ -12,8 +12,8 @@ require 'mime/types'
 require 'digest'
 require 'http/form_data'
 require 'MrMurano/Config'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/SolutionId'
 require 'MrMurano/SyncAllowed'
 require 'MrMurano/SyncUpDown'
@@ -22,12 +22,13 @@ module MrMurano
   ## The details of talking to the Content service.
   module Content
     class Base
-      include Http
+      include AccountBase
       include Verbose
       include SolutionId
       include SyncAllowed
 
       def initialize
+        super
         @solntype = 'product.id'
         @uriparts_apidex = 1
         init_api_id!

data/lib/MrMurano/Exchange.rb

@@ -5,12 +5,14 @@
 # vim:tw=0:ts=2:sw=2:et:ai
 # Unauthorized copying of this file is strictly prohibited.
 
+require 'MrMurano/AccountBase'
 require 'MrMurano/Exchange-Element'
+require 'MrMurano/verbosing'
 
 module MrMurano
   # The Exchange class represents an end user's Murano IoT Exchange Elements.
   class Exchange < Business
-    include Http
+    include AccountBase
     include Verbose
 
     def get(path='', query=nil, &block)

data/lib/MrMurano/Gateway.rb

@@ -11,8 +11,8 @@ require 'net/http'
 require 'pathname'
 require 'uri'
 require 'MrMurano/hash'
-require 'MrMurano/http'
 require 'MrMurano/verbosing'
+require 'MrMurano/AccountBase'
 require 'MrMurano/Config'
 require 'MrMurano/SolutionId'
 require 'MrMurano/SyncRoot'
@@ -23,12 +23,13 @@ module MrMurano
   # This is where interfacing to real hardware happens.
   module Gateway
     class GweBase
-      include Http
+      include AccountBase
       include Verbose
       include SolutionId
       include SyncAllowed
 
       def initialize
+        super
         @solntype = 'product.id'
         @uriparts_apidex = 1
         init_api_id!

data/lib/MrMurano/HttpAuthed.rb

@@ -0,0 +1,287 @@
+# Copyright © 2016-2017 Exosite LLC. All Rights Reserved
+# License: PROPRIETARY. See LICENSE.txt.
+# frozen_string_literal: true
+
+# vim:tw=0:ts=2:sw=2:et:ai
+# Unauthorized copying of this file is strictly prohibited.
+
+require 'base64'
+require 'singleton'
+require 'MrMurano/http'
+require 'MrMurano/verbosing'
+require 'MrMurano/Config'
+require 'MrMurano/Passwords'
+
+module MrMurano
+  class HttpAuthed
+    # The tool only works for a single user. To avoid fetching the
+    # token multiple times (and to avoid having to pass an Account
+    # object around), we use a singleton [i.e., a nasty global!].
+    include Singleton
+
+    include Http
+    include Verbose
+
+    attr_accessor :login_info
+    attr_reader :token_biz
+
+    def initialize
+      @login_info = nil
+      @pass_file = nil
+      @token_file = nil
+      token_reset
+    end
+
+    def add_headers(request)
+      # Note that calling super (Http.add_headers) is redundant,
+      # as AccountBase will have done it before calling us here.
+      super
+      return request if @logging_on
+      if $cfg['auth.scheme-basic']
+        ensure_password!
+        # encode64 adds newlines every 60 encoded characters.
+        encoded = Base64.encode64("#{user}:#{password}").delete("\n")
+        request['Authorization'] = "basic #{encoded}"
+      elsif $cfg['auth.scheme-token']
+        ensure_token!
+        request['Authorization'] = 'token ' + token unless token.to_s.empty?
+      else
+        # DEVS: If this happens, you may need to use 'authless'.
+        raise 'No authentication specified'
+      end
+      request
+    end
+
+    # ---------------------------------------------------------------------
+
+    def pass_file
+      return @pass_file unless @pass_file.nil?
+      pwd_path = $cfg.file_at(MrMurano::Passwords::FILENAME, :user)
+      @pass_file = MrMurano::Passwords.new(pwd_path)
+      @pass_file.load
+      @pass_file
+    end
+
+    def password_save(net_host, user_name, user_pass)
+      @password_user = user_pass
+      return unless $cfg['auth.persist-basic']
+      pass_file.set(net_host, user_name, user_pass)
+      pass_file.save
+    end
+
+    def password_get_or_ask(net_host, user_name)
+      user_pass = password(net_host, user_name)
+      if user_pass.nil?
+        user_pass = yield
+        password_save(net_host, user_name, user_pass)
+      end
+      user_pass
+    end
+
+    def password_remove(net_host, user_name)
+      pass_file.remove(net_host, user_name)
+      pass_file.save
+    end
+
+    def token_file
+      return @token_file unless @token_file.nil?
+      tok_path = $cfg.file_at(MrMurano::Tokens::FILENAME, :user)
+      @token_file = MrMurano::Tokens.new(tok_path)
+      @token_file.load
+      @token_file
+    end
+
+    # ---------------------------------------------------------------------
+
+    def get_host_user_pair(net_host, user_name)
+      net_host = host if net_host.to_s.empty?
+      user_name = user if user_name.to_s.empty?
+      [net_host, user_name]
+    end
+
+    def password(net_host=nil, user_name=nil)
+      return @password_user unless @password_user.to_s.empty?
+      net_host, user_name = get_host_user_pair(net_host, user_name)
+      @password_user = pass_file.get(net_host, user_name)
+    end
+
+    def ensure_password!
+      pwd = password(host, user)
+      return pwd unless pwd.to_s.empty?
+      error 'Missing password!'
+      exit 1
+    end
+
+    def token
+      return '' if defined?(@logging_on) && @logging_on
+      token_fetch_biz if @token_biz.to_s.empty?
+      @token_biz
+    end
+
+    def token_reset
+      @token_biz = ''
+    end
+
+    def ensure_token!
+      return token unless token.to_s.empty?
+      error 'Not logged in!'
+      exit 1
+    end
+
+    # ---------------------------------------------------------------------
+
+    def token_lookup
+      return @token_biz unless @token_biz.to_s.empty?
+      @token_biz = token_from_file
+    end
+
+    def token_from_file(net_host=nil, user_name=nil)
+      net_host, user_name = get_host_user_pair(net_host, user_name)
+      acc_token = token_file.lookup(net_host, user_name)
+      if acc_token.to_s.empty?
+        nil
+      elsif acc_token !~ /^[a-fA-F0-9]+$/
+        warning "Malformed '#{net_host}:#{user_name}' token: #{acc_token}"
+        nil
+      else
+        acc_token
+      end
+    end
+
+    def token_save(net_host=nil, user_name=nil)
+      net_host, user_name = get_host_user_pair(net_host, user_name)
+      return unless $cfg['auth.persist-token']
+      token_file.set(net_host, user_name, @token_biz)
+      token_file.save
+    end
+
+    def token_remove(net_host=nil, user_name=nil)
+      net_host, user_name = get_host_user_pair(net_host, user_name)
+      token_file.remove(net_host, user_name)
+      token_file.save
+    end
+
+    def token_forget(net_host=nil, user_name=nil, keep_password: false)
+      net_host, user_name = get_host_user_pair(net_host, user_name)
+      password_remove(net_host, user_name) unless keep_password
+      token_remove(net_host, user_name)
+    end
+
+    def token_resolve
+      token_old = @token_biz
+      token_old = ENV['MURANO_TOKEN'] if token_old.to_s.empty?
+      token_old = token_from_file if token_old.to_s.empty?
+      token_old
+    end
+
+    # ---------------------------------------------------------------------
+
+    def token_fetch_biz
+      @logging_on = true
+
+      token_old = token_resolve
+      token_reset
+
+      # If token found, verify it works.
+      unless token_old.to_s.empty?
+        get('token/' + token_old) do |request, http|
+          http.request(request) do |response|
+            if response.is_a?(Net::HTTPSuccess)
+              # response.body is, e.g., "{\"email\":\"xxx@yyy.zzz\",\"ttl\":172800}"
+              @token_biz = token_old
+            elsif response.is_a?(Net::HTTPNotFound)
+              # Token expired!
+              token_filed = token_from_file
+              token_remove if token_filed == token_old
+            end
+          end
+        end
+        unless @token_biz.to_s.empty?
+          # Token should already be saved.
+          @logging_on = false
+          return
+        end
+        # else, token was rejected.
+      end
+
+      creds = @login_info
+      if @login_info.nil?
+        if $cfg['auth.scheme-token']
+          # Using token auth, but no creds, so user probably needs to logon.
+          @logging_on = false
+          return
+        end
+        # This would be a developer error.
+        raise 'No @login_info'
+      end
+
+      MrMurano::Verbose.whirly_start('Logging in...')
+      post('token/', creds) do |request, http|
+        http.request(request) do |response|
+          reply = JSON.parse(response.body, json_opts)
+          if response.is_a?(Net::HTTPSuccess)
+            @token_biz = reply[:token]
+          elsif response.is_a?(Net::HTTPConflict) && reply[:message] == 'twofactor'
+            MrMurano::Verbose.whirly_interject do
+              # Prompt user for emailed code.
+              token_fetch_2fa(creds)
+            end
+          else
+            showHttpError(request, response)
+            error 'Check to see if username and password are correct.'
+            unless ENV['MURANO_PASSWORD'].to_s.empty?
+              pwd_path = $cfg.file_at('passwords', :user)
+              warning %(
+                NOTE: MURANO_PASSWORD specifies password; it was not read from #{pwd_path}
+              ).strip
+            end
+          end
+        end
+      end
+
+      if @token_biz.to_s.empty?
+        keep_password = true
+        token_forget(keep_password: keep_password)
+      else
+        token_save
+      end
+      MrMurano::Verbose.whirly_stop
+      @logging_on = false
+    end
+
+    def token_fetch_2fa(creds)
+      error 'Two-factor Authentication'
+      warning 'A verification code has been sent to your email.'
+      code = ask('Please enter the code here to continue: ').strip
+      unless code =~ /^[a-fA-F0-9]+$/
+        error 'Expected token to contain only numbers and hexadecimal letters.'
+        exit 1
+      end
+      MrMurano::Verbose.whirly_start('Verifying code...')
+
+      path = 'key/' + code
+
+      response = get(path)
+      # Response is, e.g., {
+      #   purpose: "twofactor",
+      #   status: "exists",
+      #   email: "xxx@yyy.zzz",
+      #   bizid: null,
+      #   businessName: null, }
+      return if response.nil?
+
+      response = post(path, password: creds[:password])
+      # Response is, e.g., { "token": "..." }
+      return if response.nil?
+
+      @token_biz = response[:token]
+
+      MrMurano::Verbose.whirly_stop
+
+      warning %(
+        When finished, run `murano token delete` or `murano logout` to clear your token.
+      ).strip
+    end
+  end
+end
+