cf-uaa-lib 1.3.1 → 1.3.2
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE.TXT +12737 -0
- data/NOTICE.TXT +10 -0
- data/README.md +3 -1
- data/Rakefile +7 -6
- data/cf-uaa-lib.gemspec +3 -1
- data/lib/uaa/http.rb +37 -32
- data/lib/uaa/misc.rb +59 -30
- data/lib/uaa/scim.rb +150 -110
- data/lib/uaa/token_coder.rb +84 -42
- data/lib/uaa/token_issuer.rb +137 -120
- data/lib/uaa/util.rb +113 -62
- data/lib/uaa/version.rb +2 -1
- data/spec/http_spec.rb +1 -1
- data/spec/integration_spec.rb +149 -0
- data/spec/scim_spec.rb +12 -11
- data/spec/token_coder_spec.rb +6 -6
- data/spec/token_issuer_spec.rb +17 -14
- metadata +42 -6
data/spec/token_coder_spec.rb
CHANGED
@@ -18,7 +18,8 @@ module CF::UAA
|
|
18
18
|
|
19
19
|
describe TokenCoder do
|
20
20
|
|
21
|
-
subject { TokenCoder.new("test_resource",
|
21
|
+
subject { TokenCoder.new(:audience_ids => "test_resource",
|
22
|
+
:skey => "test_secret", :pkey => OpenSSL::PKey::RSA.generate(512) ) }
|
22
23
|
|
23
24
|
before :each do
|
24
25
|
@tkn_body = {'foo' => "bar"}
|
@@ -56,7 +57,7 @@ describe TokenCoder do
|
|
56
57
|
2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
|
57
58
|
-----END RSA PRIVATE KEY-----
|
58
59
|
DATA
|
59
|
-
coder = TokenCoder.new("test_resource",
|
60
|
+
coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
|
60
61
|
tkn = coder.encode(@tkn_body, 'RS256')
|
61
62
|
result = coder.decode("bEaReR #{tkn}")
|
62
63
|
result.should_not be_nil
|
@@ -80,13 +81,13 @@ describe TokenCoder do
|
|
80
81
|
end
|
81
82
|
|
82
83
|
it "raises a decode error if the token is signed by an unknown signing key" do
|
83
|
-
other = TokenCoder.new("test_resource", "other_secret"
|
84
|
+
other = TokenCoder.new(:audience_ids => "test_resource", :skey => "other_secret")
|
84
85
|
tkn = other.encode(@tkn_body)
|
85
86
|
expect { subject.decode("bEaReR #{tkn}") }.to raise_exception(DecodeError)
|
86
87
|
end
|
87
88
|
|
88
89
|
it "raises a decode error if the token is an unknown signing algorithm" do
|
89
|
-
segments = [Util.json_encode64(typ
|
90
|
+
segments = [Util.json_encode64(:typ => "JWT", :alg =>"BADALGO")]
|
90
91
|
segments << Util.json_encode64(@tkn_body)
|
91
92
|
segments << Util.encode64("BADSIG")
|
92
93
|
tkn = segments.join('.')
|
@@ -115,14 +116,13 @@ describe TokenCoder do
|
|
115
116
|
|
116
117
|
it "decodes a token without validation" do
|
117
118
|
token = "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImY1MTgwMjExLWVkYjItNGQ4OS1hNmQwLThmNGVjMTE0NTE4YSIsInJlc291cmNlX2lkcyI6WyJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXSwiZXhwaXJlc19hdCI6MTMzNjU1MTc2Niwic2NvcGUiOlsicmVhZCJdLCJlbWFpbCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9hdXRob3JpdGllcyI6WyJST0xFX1VOVFJVU1RFRCJdLCJleHBpcmVzX2luIjo0MzIwMCwidXNlcl9hdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwidXNlcl9pZCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9pZCI6InZtYyIsInRva2VuX2lkIjoiZWRlYmYzMTctNWU2Yi00YmYwLWFmM2ItMTA0OWRjNmFlYjc1In0.XoirrePfEujnZ9Vm7SRRnj3vZEfRp2tkjkS_OCVz5Bs"
|
118
|
-
info = TokenCoder.decode(token,
|
119
|
+
info = TokenCoder.decode(token, :verify => false)
|
119
120
|
info["id"].should_not be_nil
|
120
121
|
info["email"].should == "olds@vmware.com"
|
121
122
|
#puts Time.at(info[:exp].to_i)
|
122
123
|
#BaseCli.pp info
|
123
124
|
end
|
124
125
|
|
125
|
-
|
126
126
|
end
|
127
127
|
|
128
128
|
end
|
data/spec/token_issuer_spec.rb
CHANGED
@@ -37,11 +37,12 @@ describe TokenIssuer do
|
|
37
37
|
# TODO check basic auth header
|
38
38
|
url.should == "http://test.uaa.target/oauth/token"
|
39
39
|
method.should == :post
|
40
|
-
reply = {access_token
|
40
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
41
|
+
:scope => "logs.read", :expires_in => 98765}
|
41
42
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
42
43
|
end
|
43
44
|
token = subject.client_credentials_grant("logs.read")
|
44
|
-
token.should be_an_instance_of
|
45
|
+
token.should be_an_instance_of TokenInfo
|
45
46
|
token.info["access_token"].should == "test_access_token"
|
46
47
|
token.info["token_type"].should =~ /^bearer$/i
|
47
48
|
token.info["scope"].should == "logs.read"
|
@@ -50,7 +51,8 @@ describe TokenIssuer do
|
|
50
51
|
|
51
52
|
it "gets all granted scopes if none specified" do
|
52
53
|
subject.set_request_handler do |url, method, body, headers|
|
53
|
-
reply = {access_token
|
54
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
55
|
+
:scope => "openid logs.read", :expires_in => 98765}
|
54
56
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
55
57
|
end
|
56
58
|
token = subject.client_credentials_grant
|
@@ -71,7 +73,6 @@ describe TokenIssuer do
|
|
71
73
|
subject.set_request_handler { [400, '{"error":"invalid scope"}', {"content-type" => "application/json"}] }
|
72
74
|
expect {subject.client_credentials_grant("bad.scope")}.to raise_exception TargetError
|
73
75
|
end
|
74
|
-
|
75
76
|
end
|
76
77
|
|
77
78
|
context "with owner password grant" do
|
@@ -83,11 +84,12 @@ describe TokenIssuer do
|
|
83
84
|
# TODO check basic auth header
|
84
85
|
url.should == "http://test.uaa.target/oauth/token"
|
85
86
|
method.should == :post
|
86
|
-
reply = {access_token
|
87
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
88
|
+
:scope => "openid", :expires_in => 98765}
|
87
89
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
88
90
|
end
|
89
91
|
token = subject.owner_password_grant("joe+admin", "?joe's%password$@ ", "openid")
|
90
|
-
token.should be_an_instance_of
|
92
|
+
token.should be_an_instance_of TokenInfo
|
91
93
|
token.info["access_token"].should == "test_access_token"
|
92
94
|
token.info["token_type"].should =~ /^bearer$/i
|
93
95
|
token.info["scope"].should == "openid"
|
@@ -100,7 +102,7 @@ describe TokenIssuer do
|
|
100
102
|
|
101
103
|
it "gets the prompts for credentials used to authenticate implicit grant" do
|
102
104
|
subject.set_request_handler do |url, method, body, headers|
|
103
|
-
info = { prompts
|
105
|
+
info = { :prompts => {:username => ["text", "Username"], :password => ["password","Password"]} }
|
104
106
|
[200, Util.json(info), {"content-type" => "application/json"}]
|
105
107
|
end
|
106
108
|
result = subject.prompts
|
@@ -126,8 +128,8 @@ describe TokenIssuer do
|
|
126
128
|
"expires_in=98765&scope=openid+logs.read&state=#{state}"
|
127
129
|
[302, nil, {"content-type" => "application/json", "location" => location}]
|
128
130
|
end
|
129
|
-
token = subject.implicit_grant_with_creds(username
|
130
|
-
token.should be_an_instance_of
|
131
|
+
token = subject.implicit_grant_with_creds(:username => "joe+admin", :password => "?joe's%password$@ ")
|
132
|
+
token.should be_an_instance_of TokenInfo
|
131
133
|
token.info["access_token"].should == "test_access_token"
|
132
134
|
token.info["token_type"].should =~ /^bearer$/i
|
133
135
|
Util.arglist(token.info["scope"]).to_set.should == Util.arglist("openid logs.read").to_set
|
@@ -141,8 +143,8 @@ describe TokenIssuer do
|
|
141
143
|
"expires_in=98765&scope=openid+logs.read&state=bad_state"
|
142
144
|
[302, nil, {"content-type" => "application/json", "location" => location}]
|
143
145
|
end
|
144
|
-
expect {token = subject.implicit_grant_with_creds(username
|
145
|
-
|
146
|
+
expect {token = subject.implicit_grant_with_creds(:username => "joe+admin",
|
147
|
+
:password => "?joe's%password$@ ")}.to raise_exception BadResponse
|
146
148
|
end
|
147
149
|
|
148
150
|
end
|
@@ -153,7 +155,7 @@ describe TokenIssuer do
|
|
153
155
|
redir_uri = "http://call.back/uri_path"
|
154
156
|
uri_parts = subject.authcode_uri(redir_uri).split('?')
|
155
157
|
uri_parts[0].should == "http://test.uaa.target/oauth/authorize"
|
156
|
-
params = Util.
|
158
|
+
params = Util.decode_form(uri_parts[1])
|
157
159
|
params["response_type"].should == "code"
|
158
160
|
params["client_id"].should == "test_client"
|
159
161
|
params["scope"].should be_nil
|
@@ -168,7 +170,8 @@ describe TokenIssuer do
|
|
168
170
|
# TODO check basic auth header
|
169
171
|
url.should match "http://test.uaa.target/oauth/token"
|
170
172
|
method.should == :post
|
171
|
-
reply = {access_token
|
173
|
+
reply = {:access_token => "test_access_token", :token_type => "BEARER",
|
174
|
+
:scope => "openid", :expires_in => 98765}
|
172
175
|
[200, Util.json(reply), {"content-type" => "application/json"}]
|
173
176
|
end
|
174
177
|
cburi = "http://call.back/uri_path"
|
@@ -176,7 +179,7 @@ describe TokenIssuer do
|
|
176
179
|
state = /state=([^&]+)/.match(redir_uri)[1]
|
177
180
|
reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
|
178
181
|
token = subject.authcode_grant(redir_uri, reply_query)
|
179
|
-
token.should be_an_instance_of
|
182
|
+
token.should be_an_instance_of TokenInfo
|
180
183
|
token.info["access_token"].should == "test_access_token"
|
181
184
|
token.info["token_type"].should =~ /^bearer$/i
|
182
185
|
token.info["scope"].should == "openid"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cf-uaa-lib
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
|
-
date: 2012-12-
|
16
|
+
date: 2012-12-21 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: multi_json
|
@@ -64,7 +64,23 @@ dependencies:
|
|
64
64
|
- !ruby/object:Gem::Version
|
65
65
|
version: '0'
|
66
66
|
- !ruby/object:Gem::Dependency
|
67
|
-
name:
|
67
|
+
name: yard
|
68
|
+
requirement: !ruby/object:Gem::Requirement
|
69
|
+
none: false
|
70
|
+
requirements:
|
71
|
+
- - ! '>='
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: '0'
|
74
|
+
type: :development
|
75
|
+
prerelease: false
|
76
|
+
version_requirements: !ruby/object:Gem::Requirement
|
77
|
+
none: false
|
78
|
+
requirements:
|
79
|
+
- - ! '>='
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
- !ruby/object:Gem::Dependency
|
83
|
+
name: redcarpet
|
68
84
|
requirement: !ruby/object:Gem::Requirement
|
69
85
|
none: false
|
70
86
|
requirements:
|
@@ -143,6 +159,22 @@ dependencies:
|
|
143
159
|
- - ! '>='
|
144
160
|
- !ruby/object:Gem::Version
|
145
161
|
version: '0'
|
162
|
+
- !ruby/object:Gem::Dependency
|
163
|
+
name: json_pure
|
164
|
+
requirement: !ruby/object:Gem::Requirement
|
165
|
+
none: false
|
166
|
+
requirements:
|
167
|
+
- - ! '>='
|
168
|
+
- !ruby/object:Gem::Version
|
169
|
+
version: '0'
|
170
|
+
type: :development
|
171
|
+
prerelease: false
|
172
|
+
version_requirements: !ruby/object:Gem::Requirement
|
173
|
+
none: false
|
174
|
+
requirements:
|
175
|
+
- - ! '>='
|
176
|
+
- !ruby/object:Gem::Version
|
177
|
+
version: '0'
|
146
178
|
description: Client library for interacting with the CloudFoundry User Account and
|
147
179
|
Authorization (UAA) server. The UAA is an OAuth2 Authorization Server so it can
|
148
180
|
be used by webapps and command line apps to obtain access tokens to act on behalf
|
@@ -160,6 +192,8 @@ extra_rdoc_files: []
|
|
160
192
|
files:
|
161
193
|
- .gitignore
|
162
194
|
- Gemfile
|
195
|
+
- LICENSE.TXT
|
196
|
+
- NOTICE.TXT
|
163
197
|
- README.md
|
164
198
|
- Rakefile
|
165
199
|
- cf-uaa-lib.gemspec
|
@@ -172,6 +206,7 @@ files:
|
|
172
206
|
- lib/uaa/util.rb
|
173
207
|
- lib/uaa/version.rb
|
174
208
|
- spec/http_spec.rb
|
209
|
+
- spec/integration_spec.rb
|
175
210
|
- spec/misc_spec.rb
|
176
211
|
- spec/scim_spec.rb
|
177
212
|
- spec/spec_helper.rb
|
@@ -191,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
191
226
|
version: '0'
|
192
227
|
segments:
|
193
228
|
- 0
|
194
|
-
hash: -
|
229
|
+
hash: -1911536519495271904
|
195
230
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
196
231
|
none: false
|
197
232
|
requirements:
|
@@ -200,11 +235,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
200
235
|
version: '0'
|
201
236
|
segments:
|
202
237
|
- 0
|
203
|
-
hash: -
|
238
|
+
hash: -1911536519495271904
|
204
239
|
requirements: []
|
205
240
|
rubyforge_project: cf-uaa-lib
|
206
|
-
rubygems_version: 1.8.
|
241
|
+
rubygems_version: 1.8.23
|
207
242
|
signing_key:
|
208
243
|
specification_version: 3
|
209
244
|
summary: Client library for CloudFoundry UAA
|
210
245
|
test_files: []
|
246
|
+
has_rdoc:
|