brightbox-cli 3.3.0 → 4.1.0

data/lib/brightbox-cli/config/authentication_tokens.rb

@@ -12,11 +12,10 @@ module Brightbox
         if defined?(@access_token) && !@access_token.nil?
           return @access_token
         end
-        if File.exist?(access_token_filename)
-          @access_token = cached_access_token
-        else
-          @access_token = nil
-        end
+
+        @access_token = if File.exist?(access_token_filename)
+                          cached_access_token
+                        end
       end
 
       def refresh_token_filename
@@ -28,11 +27,10 @@ module Brightbox
         if defined?(@refresh_token) && !@refresh_token.nil?
           return @refresh_token
         end
-        if File.exist?(refresh_token_filename)
-          @refresh_token = cached_refresh_token
-        else
-          @refresh_token = nil
-        end
+
+        @refresh_token = if File.exist?(refresh_token_filename)
+                           cached_refresh_token
+                         end
       end
 
       # @deprecation use access_token instead
@@ -70,6 +68,7 @@ module Brightbox
         # through the process.
         #
         password = options[:password] if options[:password]
+        one_time_password = options[:one_time_password] if options[:one_time_password]
 
         # To prevent refreshing tokens for the wrong client (using client_name
         # is pretty random) we set it specially
@@ -82,11 +81,15 @@ module Brightbox
             if refresh_token
               begin
                 service = update_tokens_with_refresh_token
-              rescue Excon::Errors::BadRequest, Excon::Errors::Unauthorized
+              rescue Fog::Brightbox::OAuth2::TwoFactorMissingError, Excon::Errors::BadRequest, Excon::Errors::Unauthorized
                 service = update_tokens_with_user_credentials
               end
             else
-              service = update_tokens_with_user_credentials(password)
+              begin
+                service = update_tokens_with_user_credentials(password: password, one_time_password: one_time_password)
+              rescue Fog::Brightbox::OAuth2::TwoFactorMissingError, Excon::Errors::BadRequest, Excon::Errors::Unauthorized
+                service = update_tokens_with_user_credentials(password: password)
+              end
             end
           else
             service = update_tokens_with_client_credentials
@@ -95,7 +98,6 @@ module Brightbox
           new_access_token = service.access_token
           new_refresh_token = service.refresh_token
           update_stored_tokens(new_access_token, new_refresh_token)
-
         rescue Excon::Errors::BadRequest, Excon::Errors::Unauthorized
           error "ERROR: Unable to reauthenticate!"
         ensure
@@ -115,7 +117,9 @@ module Brightbox
       # authenticate with the API.
       #
       def save_access_token(current_access_token)
-        if access_token != current_access_token
+        if access_token == current_access_token
+          debug "Access token remains #{access_token}"
+        else
           @access_token = current_access_token
           debug "Attempting to save new access token: #{current_access_token}"
           debug "In memory access token: #{@access_token}"
@@ -124,8 +128,6 @@ module Brightbox
           persist_token(access_token_filename, current_access_token)
 
           current_access_token
-        else
-          debug "Access token remains #{access_token}"
         end
       end
 
@@ -133,7 +135,9 @@ module Brightbox
       # request a new access token when current one has expired.
       #
       def save_refresh_token(current_token)
-        if refresh_token != current_token
+        if refresh_token == current_token
+          debug "Refresh token remains #{refresh_token}"
+        else
           @refresh_token = current_token
           debug "Attempting to save new refresh token: #{current_token}"
           debug "In memory refresh token: #{@refresh_token}"
@@ -142,8 +146,6 @@ module Brightbox
           persist_token(refresh_token_filename, current_token)
 
           current_token
-        else
-          debug "Refresh token remains #{refresh_token}"
         end
       end
 
@@ -177,32 +179,30 @@ module Brightbox
         connection
       end
 
-      # This asks the user to input their password
-      def prompt_for_password
-        require "highline"
-        highline = HighLine.new
-        highline.say("Your API credentials have expired, enter your password to update them.")
-        # FIXME: Capture interupts if user aborts
-        highline.ask("Enter your password : ") { |q| q.echo = false }
-      end
-
-      def update_tokens_with_user_credentials(password = nil)
+      def update_tokens_with_user_credentials(password: nil, one_time_password: nil)
         user_application = Brightbox::Config::UserApplication.new(selected_config, client_name)
 
-        password ||= gpg_password
-        password ||= password_helper_password
-        password ||= prompt_for_password
-
-        password = extend_with_two_factor_pin(password)
+        password = discover_password(password: password, expired: true)
 
         # FIXME: options are required to work
         options = {
           :client_id => client_name,
           :email => selected_config["username"],
-          :password => password
+          :password => password,
+          :one_time_password => one_time_password
         }
 
-        user_application.fetch_refresh_token(options)
+        begin
+          user_application.fetch_refresh_token(options)
+        rescue Fog::Brightbox::OAuth2::TwoFactorMissingError
+          options = {
+            :client_id => client_name,
+            :email => selected_config["username"],
+            :password => password,
+            :one_time_password => discover_two_factor_pin
+          }
+          user_application.fetch_refresh_token(options)
+        end
       end
 
       def fetch_refresh_token(options)
@@ -210,7 +210,7 @@ module Brightbox
         client_config = config[client_name]
         user_application = Brightbox::Config::UserApplication.new(client_config, client_name)
         # replace this portion with code that actually fetches a token
-        client_config['refresh_token'] = user_application.fetch_refresh_token(options)
+        client_config["refresh_token"] = user_application.fetch_refresh_token(options)
         save_refresh_token
       end
 
@@ -223,9 +223,7 @@ module Brightbox
       def persist_token(filename, token)
         token = "" if token.nil?
         # Write out a token file for this process
-        File.open(filename + ".#{$PID}", "w") do |f|
-          f.write token
-        end
+        File.write(filename + ".#{$PID}", token)
         # Move process version into place
         debug "Saving #{token} to #{filename}"
         FileUtils.mv filename + ".#{$PID}", filename
@@ -258,10 +256,9 @@ module Brightbox
         FileUtils.rm(refresh_token_filename) if File.exist?(refresh_token_filename)
       end
 
-      private
-
       def base_token_name
         return nil if client_name.nil?
+
         client_name.gsub("/", "_")
       end
     end

data/lib/brightbox-cli/config/cache.rb

@@ -7,6 +7,7 @@ module Brightbox
 
       def cache_id(cid)
         return if cid.nil?
+
         unless File.exist?(cache_path)
           begin
             FileUtils.mkpath(cache_path)

data/lib/brightbox-cli/config/clients.rb

@@ -8,11 +8,9 @@ module Brightbox
 
       # Is the currently selected config using user application details?
       def using_application?
-        if client_name
-          !config[client_name]["username"].nil?
-        else
-          raise NoSelectedClientError, NO_CLIENT_MESSAGE
-        end
+        raise NoSelectedClientError, NO_CLIENT_MESSAGE unless client_name
+
+        !config[client_name]["username"].nil?
       end
 
       # Does this config have multiple clients defined within?
@@ -31,6 +29,7 @@ module Brightbox
       #
       def client_alias
         return nil if selected_config.nil?
+
         # FIXME: The 'alias' field is redundant because we are using the section
         #   heading for the not ID value but we worry about it for now
         selected_config["alias"] || client_name
@@ -61,7 +60,7 @@ module Brightbox
       #
       def default_client
         @default_client ||= core_setting("default_client")
-      rescue
+      rescue StandardError
         nil
       end
 
@@ -76,6 +75,7 @@ module Brightbox
       def determine_client(preferred_client = nil)
         return preferred_client unless preferred_client.nil?
         return default_client unless default_client.nil?
+
         section_names.first unless section_names.empty?
         nil
       end
@@ -85,8 +85,8 @@ module Brightbox
       # If the prefix is in the client ID (identifier not alias) be +true+
       def config_identifier_match_prefix?(prefix)
         client_id = selected_config["client_id"]
-        !! /\A#{prefix}-.*/.match(client_id)
-      rescue
+        !!/\A#{prefix}-.*/.match(client_id)
+      rescue StandardError
         raise NoSelectedClientError, NO_CLIENT_MESSAGE
       end
     end

data/lib/brightbox-cli/config/gpg_encrypted_passwords.rb

@@ -1,7 +1,7 @@
 module Brightbox
   module Config
     module GpgEncryptedPasswords
-      attr_accessor :gpg_password
+      attr_writer :gpg_password
 
       def gpg_encrypted_password_filename
         file_name = "#{client_name}.password.gpg"
@@ -13,11 +13,10 @@ module Brightbox
         if defined?(@gpg_password) && !@gpg_password.nil?
           return @gpg_password
         end
-        if File.exist?(gpg_encrypted_password_filename)
-          @gpg_password = gpg_decrypt_password
-        else
-          @gpg_password = nil
-        end
+
+        @gpg_password = if File.exist?(gpg_encrypted_password_filename)
+                          gpg_decrypt_password
+                        end
       end
 
       private
@@ -26,14 +25,13 @@ module Brightbox
       def gpg_decrypt_password
         info "INFO: Decrypting #{gpg_encrypted_password_filename} to obtain password"
         begin
-          IO::popen(["gpg", "--decrypt", gpg_encrypted_password_filename], "r") do |io|
+          IO.popen(["gpg", "--decrypt", gpg_encrypted_password_filename], "r") do |io|
             io.read.chomp
           end
         rescue Errno::ENOENT
           nil
         end
       end
-
     end
   end
 end

data/lib/brightbox-cli/config/password_helper.rb

@@ -1,7 +1,26 @@
 module Brightbox
   module Config
     module PasswordHelper
-      attr_accessor :password_helper_password
+      ENTER_PASSWORD_PROMPT = "Enter your password : ".freeze
+      EXPIRED_TOKEN_PROMPT = "Your API credentials have expired, enter your password to update them.".freeze
+
+      attr_writer :password_helper_password
+
+      # {discover_password} will return the first password that can be
+      # recovered from either the passed input, encrypted storage, a
+      # helper application (if configured) or finally promping.
+      #
+      # @param password [String] a password given to the method
+      # @param expired [Boolean] should the prompt explain tokens have expired?
+      # @return [String] the password
+      #
+      def discover_password(password: nil, expired: false)
+        password ||= gpg_password
+        password ||= password_helper_password
+        password ||= prompt_for_password(expired)
+      end
+
+      private
 
       def password_helper_command
         return config[client_name]["password_helper_command"] unless client_name.nil?
@@ -13,15 +32,11 @@ module Brightbox
           return @password_helper_password
         end
 
-        if password_helper_command
-          @password_helper_password = password_helper_call
-        else
-          @password_helper_password = nil
-        end
+        @password_helper_password = if password_helper_command
+                                      password_helper_call
+                                    end
       end
 
-      private
-
       def password_helper_call
         info "INFO: Calling password helper to obtain password"
         begin
@@ -33,6 +48,16 @@ module Brightbox
           nil
         end
       end
+
+      # This asks the user to input their password
+      def prompt_for_password(expired)
+        require "highline"
+        highline = HighLine.new
+        highline.say(EXPIRED_TOKEN_PROMPT) if expired
+
+        # FIXME: Capture interupts if user aborts
+        highline.ask(ENTER_PASSWORD_PROMPT) { |q| q.echo = false }
+      end
     end
   end
 end

data/lib/brightbox-cli/config/sections.rb

@@ -43,18 +43,27 @@ module Brightbox
         #
         begin
           remove_cached_tokens!
-          renew_tokens(:client_name => config_alias, :password => password)
-        rescue => e
-          error "Something went wrong trying to refresh new tokens #{e.message}"
-        end
+          begin
+            renew_tokens(client_name: config_alias,
+                         password: password)
+          rescue Fog::Brightbox::OAuth2::TwoFactorMissingError
+            discover_two_factor_pin
+
+            renew_tokens(client_name: client_alias,
+                         password: options[:password],
+                         one_time_password: current_second_factor)
+          end
 
-        # Try to determine a default account
-        unless default_account == find_or_set_default_account
-          info "The default account of #{default_account} has been selected"
-        end
+          # Try to determine a default account
+          unless default_account == find_or_set_default_account
+            info "The default account of #{default_account} has been selected"
+          end
 
-        # If only client then set it as the default
-        set_default_client(client_alias) unless default_client
+          # If only client then set it as the default
+          set_default_client(client_alias) unless default_client
+        rescue StandardError => e
+          error "Something went wrong trying to refresh new tokens #{e.message}"
+        end
 
         # Ensure all our config changes are now saved
         save
@@ -98,18 +107,25 @@ module Brightbox
 
         # Renew tokens via config...
         begin
-          renew_tokens(:client_name => client_alias, :password => options[:password])
-        rescue => e
-          error "Something went wrong trying to refresh new tokens #{e.message}"
-        end
+          begin
+            renew_tokens(client_name: client_alias,
+                         password: options[:password])
+          rescue Fog::Brightbox::OAuth2::TwoFactorMissingError
+            renew_tokens(client_name: client_alias,
+                         password: options[:password],
+                         one_time_password: discover_two_factor_pin)
+          end
 
-        # Try to determine a default account
-        unless default_account == find_or_set_default_account
-          info "The default account of #{default_account} has been selected"
-        end
+          # Try to determine a default account
+          unless default_account == find_or_set_default_account
+            info "The default account of #{default_account} has been selected"
+          end
 
-        # If only client then set it as the default
-        set_default_client(client_alias) unless default_client
+          # If only client then set it as the default
+          set_default_client(client_alias) unless default_client
+        rescue StandardError => e
+          error "Something went wrong trying to refresh new tokens #{e.message}"
+        end
 
         # Ensure all our config changes are now saved
         save
@@ -119,16 +135,16 @@ module Brightbox
       # persisted to disk.
       #
       def delete_section(name)
-        if client_named?(name)
-          if default_client == name
-            clear_default_client
-          end
-          # remove from the Ini object
-          config.delete_section(name)
+        return unless client_named?(name)
 
-          dirty! # to ensure save actually writes to disk
-          save
+        if default_client == name
+          clear_default_client
         end
+        # remove from the Ini object
+        config.delete_section(name)
+
+        dirty! # to ensure save actually writes to disk
+        save
       end
 
       # Config data for a named section
@@ -150,7 +166,7 @@ module Brightbox
       #
       def section_names
         # Exclude the global "core" section
-        config.sections.reject { |s| %w(core alias).include?(s) }
+        config.sections.reject { |s| %w[core alias].include?(s) }
       end
 
       private

data/lib/brightbox-cli/config/two_factor_auth.rb

@@ -1,33 +1,31 @@
 module Brightbox
   module Config
     module TwoFactorAuth
+      ENTER_TWO_FACTOR_PROMPT = "Enter your two factor pin : ".freeze
 
-      def extend_with_two_factor_pin(password)
-        if two_factor_enabled
-          suffix = "+" + two_factor_pin
-          password += suffix unless password.end_with?(suffix)
-        end
-        password
+      attr_accessor :current_second_factor
+
+      def discover_two_factor_pin
+        @two_factor_pin ||= Brightbox.config.two_factor_helper_password
+        @two_factor_pin ||= prompt_for_two_factor_pin
+
+        self.current_second_factor = @two_factor_pin
       end
 
       private
 
       def two_factor_enabled
-        return config[client_name]["two_factor"] == "true" unless client_name.nil?
-      end
+        return false unless client_name.nil?
+        return true if config[client_name]["two_factor"] == "true"
 
-      def two_factor_pin
-        if two_factor_enabled
-          @two_factor_pin ||= Brightbox.config.two_factor_helper_password
-          @two_factor_pin ||= prompt_for_two_factor_pin
-        end
+        false
       end
 
       def prompt_for_two_factor_pin
         require "highline"
         highline = HighLine.new
         # FIXME: Capture interupts if user aborts
-        highline.ask("Enter your two factor pin : ")
+        highline.ask(ENTER_TWO_FACTOR_PROMPT)
       end
     end
   end

data/lib/brightbox-cli/config/two_factor_helper.rb

@@ -1,7 +1,7 @@
 module Brightbox
   module Config
     module TwoFactorHelper
-      attr_accessor :two_factor_helper_password
+      attr_writer :two_factor_helper_password
 
       def two_factor_helper_command
         return config[client_name]["two_factor_helper_command"] unless client_name.nil?
@@ -13,11 +13,9 @@ module Brightbox
           return @two_factor_helper_password
         end
 
-        if two_factor_helper_command
-          @two_factor_helper_password = two_factor_helper_call
-        else
-          @two_factor_helper_password = nil
-        end
+        @two_factor_helper_password = if two_factor_helper_command
+                                        two_factor_helper_call
+                                      end
       end
 
       private
@@ -29,7 +27,7 @@ module Brightbox
           IO.popen(cmd, "r") do |io|
             io.readline.chomp
           end
-        rescue Errno::ENOENT
+        rescue ArgumentError, Errno::ENOENT
           nil
         end
       end

data/lib/brightbox-cli/config/user_application.rb

@@ -3,7 +3,7 @@ module Brightbox
     class UserApplication
       # FIXME: api_url should use fog's underlying default
       #
-      NON_BLANK_KEYS = %w(api_url username)
+      NON_BLANK_KEYS = %w[api_url username].freeze
 
       attr_accessor :selected_config, :client_name
 
@@ -16,11 +16,12 @@ module Brightbox
         check_required_params
         # Note we have to merge in refresh token at the higher level
         {
-          :provider => 'Brightbox',
-          :brightbox_api_url => selected_config['api_url'],
-          :brightbox_auth_url => selected_config['auth_url'] || selected_config['api_url'],
+          :provider => "Brightbox",
+          :brightbox_api_url => selected_config["api_url"],
+          :brightbox_auth_url => selected_config["auth_url"] || selected_config["api_url"],
           :brightbox_client_id => client_id,
           :brightbox_secret => client_secret,
+          :brightbox_support_two_factor => true,
           :persistent => persistent?
         }
       end
@@ -40,7 +41,9 @@ module Brightbox
       #
       def fetch_refresh_token(options)
         password_options = {
-          :brightbox_password => options[:password]
+          :brightbox_password => options[:password],
+          :brightbox_support_two_factor => true,
+          :brightbox_one_time_password => options[:one_time_password]
         }
 
         default_fog_options = password_auth_params.merge(password_options)
@@ -64,31 +67,28 @@ module Brightbox
       end
 
       def persistent?
-        if selected_config["persistent"] == "false"
-          false
-        else
-          true
-        end
+        selected_config["persistent"] != "false"
       end
 
       def password_auth_params
         {
-          :provider => 'Brightbox',
-          :brightbox_api_url => selected_config['api_url'],
-          :brightbox_auth_url => selected_config['auth_url'] || selected_config['api_url'],
+          :provider => "Brightbox",
+          :brightbox_api_url => selected_config["api_url"],
+          :brightbox_auth_url => selected_config["auth_url"] || selected_config["api_url"],
           :brightbox_client_id => client_id,
           :brightbox_secret => client_secret,
           :brightbox_username => selected_config["username"],
+          :brightbox_support_two_factor => true,
           :persistent => persistent?
         }
       end
 
       def check_required_params
-        unless valid?
-          NON_BLANK_KEYS.each do |key|
-            unless selected_config.key?(key) && !selected_config[key].to_s.empty?
-              raise Brightbox::BBConfigError, "#{key} option missing from config in section #{client_name}"
-            end
+        return if valid?
+
+        NON_BLANK_KEYS.each do |key|
+          unless selected_config.key?(key) && !selected_config[key].to_s.empty?
+            raise Brightbox::BBConfigError, "#{key} option missing from config in section #{client_name}"
           end
         end
       end