cf-uaa-lib 1.3.1 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/LICENSE.TXT +12737 -0
- data/NOTICE.TXT +10 -0
- data/README.md +3 -1
- data/Rakefile +7 -6
- data/cf-uaa-lib.gemspec +3 -1
- data/lib/uaa/http.rb +37 -32
- data/lib/uaa/misc.rb +59 -30
- data/lib/uaa/scim.rb +150 -110
- data/lib/uaa/token_coder.rb +84 -42
- data/lib/uaa/token_issuer.rb +137 -120
- data/lib/uaa/util.rb +113 -62
- data/lib/uaa/version.rb +2 -1
- data/spec/http_spec.rb +1 -1
- data/spec/integration_spec.rb +149 -0
- data/spec/scim_spec.rb +12 -11
- data/spec/token_coder_spec.rb +6 -6
- data/spec/token_issuer_spec.rb +17 -14
- metadata +42 -6
data/spec/token_coder_spec.rb
CHANGED
@@ -18,7 +18,8 @@ module CF::UAA
|
|
18
18
|
|
19
19
|
describe TokenCoder do
|
20
20
|
|
21
|
-
subject { TokenCoder.new("test_resource",
|
21
|
+
subject { TokenCoder.new(:audience_ids => "test_resource",
|
22
|
+
:skey => "test_secret", :pkey => OpenSSL::PKey::RSA.generate(512) ) }
|
22
23
|
|
23
24
|
before :each do
|
24
25
|
@tkn_body = {'foo' => "bar"}
|
@@ -56,7 +57,7 @@ describe TokenCoder do
|
|
56
57
|
2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
|
57
58
|
-----END RSA PRIVATE KEY-----
|
58
59
|
DATA
|
59
|
-
coder = TokenCoder.new("test_resource",
|
60
|
+
coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
|
60
61
|
tkn = coder.encode(@tkn_body, 'RS256')
|
61
62
|
result = coder.decode("bEaReR #{tkn}")
|
62
63
|
result.should_not be_nil
|
@@ -80,13 +81,13 @@ describe TokenCoder do
|
|
80
81
|
end
|
81
82
|
|
82
83
|
it "raises a decode error if the token is signed by an unknown signing key" do
|
83
|
-
other = TokenCoder.new("test_resource", "other_secret"
|
84
|
+
other = TokenCoder.new(:audience_ids => "test_resource", :skey => "other_secret")
|
84
85
|
tkn = other.encode(@tkn_body)
|
85
86
|
expect { subject.decode("bEaReR #{tkn}") }.to raise_exception(DecodeError)
|
86
87
|
end
|
87
88
|
|
88
89
|
it "raises a decode error if the token is an unknown signing algorithm" do
|
89
|
-
segments = [Util.json_encode64(typ
|
90
|
+
segments = [Util.json_encode64(:typ => "JWT", :alg =>"BADALGO")]
|
90
91
|
segments << Util.json_encode64(@tkn_body)
|
91
92
|
segments << Util.encode64("BADSIG")
|
92
93
|
tkn = segments.join('.')
|
@@ -115,14 +116,13 @@ describe TokenCoder do
|
|
115
116
|
|
116
117
|
it "decodes a token without validation" do
|
117
118
|
token = "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImY1MTgwMjExLWVkYjItNGQ4OS1hNmQwLThmNGVjMTE0NTE4YSIsInJlc291cmNlX2lkcyI6WyJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXSwiZXhwaXJlc19hdCI6MTMzNjU1MTc2Niwic2NvcGUiOlsicmVhZCJdLCJlbWFpbCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9hdXRob3JpdGllcyI6WyJST0xFX1VOVFJVU1RFRCJdLCJleHBpcmVzX2luIjo0MzIwMCwidXNlcl9hdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwidXNlcl9pZCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9pZCI6InZtYyIsInRva2VuX2lkIjoiZWRlYmYzMTctNWU2Yi00YmYwLWFmM2ItMTA0OWRjNmFlYjc1In0.XoirrePfEujnZ9Vm7SRRnj3vZEfRp2tkjkS_OCVz5Bs"
|
118
|
-
info = TokenCoder.decode(token,
|
119
|
+
info = TokenCoder.decode(token, :verify => false)
|
119
120
|
info["id"].should_not be_nil
|
120
121
|
info["email"].should == "olds@vmware.com"
|
121
122
|
#puts Time.at(info[:exp].to_i)
|
122
123
|
#BaseCli.pp info
|
123
124
|
end
|
124
125
|
|
125
|
-
|
126
126
|
end
|
127
127
|
|
128
128
|
end
|
data/spec/token_issuer_spec.rb
CHANGED
@@ -37,11 +37,12 @@ describe TokenIssuer do
|
|
37
37
|
# TODO check basic auth header
|
38
38
|
url.should == "http://test.uaa.target/oauth/token"
|
39
39
|
method.should == :post
|
40
|
-
reply = {access_token
|
40
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
41
|
+
:scope => "logs.read", :expires_in => 98765}
|
41
42
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
42
43
|
end
|
43
44
|
token = subject.client_credentials_grant("logs.read")
|
44
|
-
token.should be_an_instance_of
|
45
|
+
token.should be_an_instance_of TokenInfo
|
45
46
|
token.info["access_token"].should == "test_access_token"
|
46
47
|
token.info["token_type"].should =~ /^bearer$/i
|
47
48
|
token.info["scope"].should == "logs.read"
|
@@ -50,7 +51,8 @@ describe TokenIssuer do
|
|
50
51
|
|
51
52
|
it "gets all granted scopes if none specified" do
|
52
53
|
subject.set_request_handler do |url, method, body, headers|
|
53
|
-
reply = {access_token
|
54
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
55
|
+
:scope => "openid logs.read", :expires_in => 98765}
|
54
56
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
55
57
|
end
|
56
58
|
token = subject.client_credentials_grant
|
@@ -71,7 +73,6 @@ describe TokenIssuer do
|
|
71
73
|
subject.set_request_handler { [400, '{"error":"invalid scope"}', {"content-type" => "application/json"}] }
|
72
74
|
expect {subject.client_credentials_grant("bad.scope")}.to raise_exception TargetError
|
73
75
|
end
|
74
|
-
|
75
76
|
end
|
76
77
|
|
77
78
|
context "with owner password grant" do
|
@@ -83,11 +84,12 @@ describe TokenIssuer do
|
|
83
84
|
# TODO check basic auth header
|
84
85
|
url.should == "http://test.uaa.target/oauth/token"
|
85
86
|
method.should == :post
|
86
|
-
reply = {access_token
|
87
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
88
|
+
:scope => "openid", :expires_in => 98765}
|
87
89
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
88
90
|
end
|
89
91
|
token = subject.owner_password_grant("joe+admin", "?joe's%password$@ ", "openid")
|
90
|
-
token.should be_an_instance_of
|
92
|
+
token.should be_an_instance_of TokenInfo
|
91
93
|
token.info["access_token"].should == "test_access_token"
|
92
94
|
token.info["token_type"].should =~ /^bearer$/i
|
93
95
|
token.info["scope"].should == "openid"
|
@@ -100,7 +102,7 @@ describe TokenIssuer do
|
|
100
102
|
|
101
103
|
it "gets the prompts for credentials used to authenticate implicit grant" do
|
102
104
|
subject.set_request_handler do |url, method, body, headers|
|
103
|
-
info = { prompts
|
105
|
+
info = { :prompts => {:username => ["text", "Username"], :password => ["password","Password"]} }
|
104
106
|
[200, Util.json(info), {"content-type" => "application/json"}]
|
105
107
|
end
|
106
108
|
result = subject.prompts
|
@@ -126,8 +128,8 @@ describe TokenIssuer do
|
|
126
128
|
"expires_in=98765&scope=openid+logs.read&state=#{state}"
|
127
129
|
[302, nil, {"content-type" => "application/json", "location" => location}]
|
128
130
|
end
|
129
|
-
token = subject.implicit_grant_with_creds(username
|
130
|
-
token.should be_an_instance_of
|
131
|
+
token = subject.implicit_grant_with_creds(:username => "joe+admin", :password => "?joe's%password$@ ")
|
132
|
+
token.should be_an_instance_of TokenInfo
|
131
133
|
token.info["access_token"].should == "test_access_token"
|
132
134
|
token.info["token_type"].should =~ /^bearer$/i
|
133
135
|
Util.arglist(token.info["scope"]).to_set.should == Util.arglist("openid logs.read").to_set
|
@@ -141,8 +143,8 @@ describe TokenIssuer do
|
|
141
143
|
"expires_in=98765&scope=openid+logs.read&state=bad_state"
|
142
144
|
[302, nil, {"content-type" => "application/json", "location" => location}]
|
143
145
|
end
|
144
|
-
expect {token = subject.implicit_grant_with_creds(username
|
145
|
-
|
146
|
+
expect {token = subject.implicit_grant_with_creds(:username => "joe+admin",
|
147
|
+
:password => "?joe's%password$@ ")}.to raise_exception BadResponse
|
146
148
|
end
|
147
149
|
|
148
150
|
end
|
@@ -153,7 +155,7 @@ describe TokenIssuer do
|
|
153
155
|
redir_uri = "http://call.back/uri_path"
|
154
156
|
uri_parts = subject.authcode_uri(redir_uri).split('?')
|
155
157
|
uri_parts[0].should == "http://test.uaa.target/oauth/authorize"
|
156
|
-
params = Util.
|
158
|
+
params = Util.decode_form(uri_parts[1])
|
157
159
|
params["response_type"].should == "code"
|
158
160
|
params["client_id"].should == "test_client"
|
159
161
|
params["scope"].should be_nil
|
@@ -168,7 +170,8 @@ describe TokenIssuer do
|
|
168
170
|
# TODO check basic auth header
|
169
171
|
url.should match "http://test.uaa.target/oauth/token"
|
170
172
|
method.should == :post
|
171
|
-
reply = {access_token
|
173
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
174
|
+
:scope => "openid", :expires_in => 98765}
|
172
175
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
173
176
|
end
|
174
177
|
cburi = "http://call.back/uri_path"
|
@@ -176,7 +179,7 @@ describe TokenIssuer do
|
|
176
179
|
state = /state=([^&]+)/.match(redir_uri)[1]
|
177
180
|
reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
|
178
181
|
token = subject.authcode_grant(redir_uri, reply_query)
|
179
|
-
token.should be_an_instance_of
|
182
|
+
token.should be_an_instance_of TokenInfo
|
180
183
|
token.info["access_token"].should == "test_access_token"
|
181
184
|
token.info["token_type"].should =~ /^bearer$/i
|
182
185
|
token.info["scope"].should == "openid"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cf-uaa-lib
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
|
-
date: 2012-12-
|
16
|
+
date: 2012-12-21 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: multi_json
|
@@ -64,7 +64,23 @@ dependencies:
|
|
64
64
|
- !ruby/object:Gem::Version
|
65
65
|
version: '0'
|
66
66
|
- !ruby/object:Gem::Dependency
|
67
|
-
name:
|
67
|
+
name: yard
|
68
|
+
requirement: !ruby/object:Gem::Requirement
|
69
|
+
none: false
|
70
|
+
requirements:
|
71
|
+
- - ! '>='
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: '0'
|
74
|
+
type: :development
|
75
|
+
prerelease: false
|
76
|
+
version_requirements: !ruby/object:Gem::Requirement
|
77
|
+
none: false
|
78
|
+
requirements:
|
79
|
+
- - ! '>='
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
- !ruby/object:Gem::Dependency
|
83
|
+
name: redcarpet
|
68
84
|
requirement: !ruby/object:Gem::Requirement
|
69
85
|
none: false
|
70
86
|
requirements:
|
@@ -143,6 +159,22 @@ dependencies:
|
|
143
159
|
- - ! '>='
|
144
160
|
- !ruby/object:Gem::Version
|
145
161
|
version: '0'
|
162
|
+
- !ruby/object:Gem::Dependency
|
163
|
+
name: json_pure
|
164
|
+
requirement: !ruby/object:Gem::Requirement
|
165
|
+
none: false
|
166
|
+
requirements:
|
167
|
+
- - ! '>='
|
168
|
+
- !ruby/object:Gem::Version
|
169
|
+
version: '0'
|
170
|
+
type: :development
|
171
|
+
prerelease: false
|
172
|
+
version_requirements: !ruby/object:Gem::Requirement
|
173
|
+
none: false
|
174
|
+
requirements:
|
175
|
+
- - ! '>='
|
176
|
+
- !ruby/object:Gem::Version
|
177
|
+
version: '0'
|
146
178
|
description: Client library for interacting with the CloudFoundry User Account and
|
147
179
|
Authorization (UAA) server. The UAA is an OAuth2 Authorization Server so it can
|
148
180
|
be used by webapps and command line apps to obtain access tokens to act on behalf
|
@@ -160,6 +192,8 @@ extra_rdoc_files: []
|
|
160
192
|
files:
|
161
193
|
- .gitignore
|
162
194
|
- Gemfile
|
195
|
+
- LICENSE.TXT
|
196
|
+
- NOTICE.TXT
|
163
197
|
- README.md
|
164
198
|
- Rakefile
|
165
199
|
- cf-uaa-lib.gemspec
|
@@ -172,6 +206,7 @@ files:
|
|
172
206
|
- lib/uaa/util.rb
|
173
207
|
- lib/uaa/version.rb
|
174
208
|
- spec/http_spec.rb
|
209
|
+
- spec/integration_spec.rb
|
175
210
|
- spec/misc_spec.rb
|
176
211
|
- spec/scim_spec.rb
|
177
212
|
- spec/spec_helper.rb
|
@@ -191,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
191
226
|
version: '0'
|
192
227
|
segments:
|
193
228
|
- 0
|
194
|
-
hash: -
|
229
|
+
hash: -1911536519495271904
|
195
230
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
196
231
|
none: false
|
197
232
|
requirements:
|
@@ -200,11 +235,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
200
235
|
version: '0'
|
201
236
|
segments:
|
202
237
|
- 0
|
203
|
-
hash: -
|
238
|
+
hash: -1911536519495271904
|
204
239
|
requirements: []
|
205
240
|
rubyforge_project: cf-uaa-lib
|
206
|
-
rubygems_version: 1.8.
|
241
|
+
rubygems_version: 1.8.23
|
207
242
|
signing_key:
|
208
243
|
specification_version: 3
|
209
244
|
summary: Client library for CloudFoundry UAA
|
210
245
|
test_files: []
|
246
|
+
has_rdoc:
|