cf-uaa-lib 3.13.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 4d3d4edc855be886efe312cfb0665894dffaf332
-  data.tar.gz: 6d07a2957fc5efbfa31f810a1b693dca77abf871
+SHA256:
+  metadata.gz: e8a741ef102742885eff043d198628e3bc05f0bcc98c752a57ce5f6b3c18bf43
+  data.tar.gz: 6ffc61520e49b04d65bd0404f577727986e3f625e6ef095fc8a0d361c50be5ab
 SHA512:
-  metadata.gz: 546a2c90f033dd94bee5dd3fd8fa0db9d6877bc32e6e3eed25f967a0d8dafa80f27ac4ff9008a6cbd90bfb62c1e3df15cf4e9a90c5329da830ca379fb06436c0
-  data.tar.gz: e172dbce6c01966def32c6a2cf8cad737a43b61a94b97abfbc500ee38859689a02fec76f8d8ec4ada5c001ff11d40c2d32476e3ee72725633cad701427211693
+  metadata.gz: 75d8062f4bdc94bc7375a18124f72b3664a2d4074a63699c4e55f52ae085375ae587e7c113859b345bd7476878d744ceb66320cd42ccc9ef3e02f0315e591f78
+  data.tar.gz: 223a89a483dfe638062240e4326e8c8e485b62a1e07108ed87feb5fff67ce1f5a705923939f23d6135bd4eeb6f8638cd60ae7638cc62ff2e1376aafe94720051

data/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+  allow:
+  - dependency-type: direct
+  - dependency-type: indirect

data/.github/workflows/gem-push.yml

@@ -0,0 +1,29 @@
+name: Ruby Gem
+
+on: workflow_dispatch
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{ secrets.RUBYGEMS_AUTH_TOKEN }}"

data/.github/workflows/ruby.yml

@@ -0,0 +1,27 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.5', '2.7', '3.0', '3.1']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake
+    - name: Run coverage
+      run: bundle exec rake cov

data/README.md

@@ -1,5 +1,5 @@
 # CloudFoundry UAA Gem
-[![Build Status](https://travis-ci.org/cloudfoundry/cf-uaa-lib.png)](https://travis-ci.org/cloudfoundry/cf-uaa-lib)
+![Build status](https://github.com/cloudfoundry/cf-uaa-lib/actions/workflows/ruby.yml/badge.svg?branch=master)
 [![Gem Version](https://badge.fury.io/rb/cf-uaa-lib.png)](http://badge.fury.io/rb/cf-uaa-lib)
 
 Client gem for interacting with the [CloudFoundry UAA server](https://github.com/cloudfoundry/uaa)

data/cf-uaa-lib.gemspec

@@ -24,8 +24,6 @@ Gem::Specification.new do |s|
   s.summary     = %q{Client library for CloudFoundry UAA}
   s.description = %q{Client library for interacting with the CloudFoundry User Account and Authorization (UAA) server.  The UAA is an OAuth2 Authorization Server so it can be used by webapps and command line apps to obtain access tokens to act on behalf of users.  The tokens can then be used to access protected resources in a Resource Server.  This library is for use by UAA client applications or resource servers.}
 
-  s.rubyforge_project = "cf-uaa-lib"
-
   s.license       = "Apache-2.0"
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
@@ -33,15 +31,17 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   # dependencies
-  s.add_dependency 'multi_json', '~> 1.12.0', '>= 1.12.1'
+  s.add_dependency 'multi_json', '>= 1.12.1', '< 1.16'
   s.add_dependency 'httpclient', '~> 2.8', '>= 2.8.2.4'
+  s.add_dependency 'addressable', '~> 2.8', '>= 2.8.0'
 
-  s.add_development_dependency 'bundler', '~> 1.14'
-  s.add_development_dependency 'rake', '~> 10.3', '>= 10.3.2'
-  s.add_development_dependency 'rspec', '~> 2.14', '>= 2.14.1'
-  s.add_development_dependency 'simplecov', '~> 0.8.2'
+  s.add_development_dependency 'bundler', '~> 2.2'
+  s.add_development_dependency 'rake', '>= 10.3.2', '~> 13.0'
+  s.add_development_dependency 'rspec', '>= 2.14.1', '~> 3.9'
+  s.add_development_dependency 'simplecov', '~> 0.21.2'
   s.add_development_dependency 'simplecov-rcov', '~> 0.2.3'
-  s.add_development_dependency 'ci_reporter', '~> 1.9', '>= 1.9.2'
-  s.add_development_dependency 'json_pure', '~> 1.8', '>= 1.8.1'
+  s.add_development_dependency 'ci_reporter', '>= 1.9.2', '~> 2.0'
+  s.add_development_dependency 'json_pure', '>= 1.8.1', '~> 2.5'
+  s.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
 
 end

data/lib/uaa/http.rb

@@ -48,10 +48,17 @@ module Http
 
   def self.included(base)
     base.class_eval do
-      attr_accessor :skip_ssl_validation, :ssl_ca_file, :ssl_cert_store, :zone
+      attr_reader :skip_ssl_validation, :ssl_ca_file, :ssl_cert_store, :http_timeout
     end
   end
 
+  def initialize_http_options(options)
+    @skip_ssl_validation = options[:skip_ssl_validation]
+    @ssl_ca_file = options[:ssl_ca_file]
+    @ssl_cert_store = options[:ssl_cert_store]
+    @http_timeout = options[:http_timeout]
+  end
+
   # Sets the current logger instance to recieve error messages.
   # @param [Logger] logr
   # @return [Logger]
@@ -176,6 +183,8 @@ module Http
     raise SSLException, "Invalid SSL Cert for #{url}. Use '--skip-ssl-validation' to continue with an insecure target"
   rescue URI::Error, SocketError, SystemCallError => e
     raise BadTarget, "error: #{e.message}"
+  rescue HTTPClient::ConnectTimeoutError => e
+    raise HTTPException.new "http timeout"
   end
 
   def http_request(uri)
@@ -201,6 +210,12 @@ module Http
       http = HTTPClient.new
     end
 
+    if http_timeout
+      http.connect_timeout = http_timeout
+      http.send_timeout = http_timeout
+      http.receive_timeout = http_timeout
+    end
+
     @http_cache[cache_key] = http
   end
 

data/lib/uaa/info.rb

@@ -31,10 +31,8 @@ class Info
   #     string keys are returned.
   def initialize(target, options = {})
     self.target = target
-    self.skip_ssl_validation = options[:skip_ssl_validation]
-    self.ssl_ca_file = options[:ssl_ca_file]
-    self.ssl_cert_store = options[:ssl_cert_store]
     self.symbolize_keys = options[:symbolize_keys]
+    initialize_http_options(options)
   end
 
   # sets whether the keys in returned hashes should be symbols.
@@ -56,14 +54,6 @@ class Info
     json_get(target, "/userinfo?schema=openid", key_style, "authorization" => auth_header)
   end
 
-  # Gets various monitoring and status variables from the server.
-  # Authenticates using +name+ and +pwd+ for basic authentication.
-  # @param (see Misc.server)
-  # @return [Hash]
-  def varz(name, pwd)
-    json_get(target, "/varz", key_style, "authorization" => Http.basic_auth(name, pwd))
-  end
-
   # Gets basic information about the target server, including version number,
   # commit ID, and links to API endpoints.
   # @return [Hash]
@@ -131,7 +121,7 @@ class Info
   # @return [Hash] contents of the token
   def decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil)
     reply = json_parse_reply(key_style, *request(target, :post, '/check_token',
-                                                 Util.encode_form(:token => token),
+                                                 Util.encode_form(token: token),
                                                  "authorization" => Http.basic_auth(client_id, client_secret),
                                                  "content-type" => Http::FORM_UTF8,"accept" => Http::JSON_UTF8))
 
@@ -148,7 +138,7 @@ class Info
   # @return [Hash]
   def password_strength(password)
     json_parse_reply(key_style, *request(target, :post, '/password/score',
-        Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8,
+        Util.encode_form(password: password), "content-type" => Http::FORM_UTF8,
         "accept" => Http::JSON_UTF8))
   end
 

data/lib/uaa/scim.rb

@@ -12,7 +12,7 @@
 #++
 
 require 'uaa/http'
-require 'uri'
+require 'addressable/uri'
 
 module CF::UAA
 
@@ -149,10 +149,8 @@ class Scim
   def initialize(target, auth_header, options = {})
     @target, @auth_header = target, auth_header
     @key_style = options[:symbolize_keys] ? :downsym : :down
-    self.skip_ssl_validation = options[:skip_ssl_validation]
-    self.ssl_ca_file = options[:ssl_ca_file]
-    self.ssl_cert_store = options[:ssl_cert_store]
     @zone = options[:zone]
+    initialize_http_options(options)
   end
 
   # Convenience method to get the naming attribute, e.g. userName for user,
@@ -179,7 +177,7 @@ class Scim
   # @param [String] id the id attribute of the SCIM object
   # @return [nil]
   def delete(type, id)
-    http_delete @target, "#{type_info(type, :path)}/#{URI.encode(id)}", @auth_header, @zone
+    http_delete @target, "#{type_info(type, :path)}/#{Addressable::URI.encode(id)}", @auth_header, @zone
   end
 
   # Replaces the contents of a SCIM object.
@@ -194,7 +192,7 @@ class Scim
       hdrs.merge!('if-match' => etag)
     end
     reply = json_parse_reply(@key_style,
-        *json_put(@target, "#{path}/#{URI.encode(id)}", info, hdrs))
+        *json_put(@target, "#{path}/#{Addressable::URI.encode(id)}", info, hdrs))
 
     # hide client endpoints that are not quite scim compatible
     type == :client && !reply ? get(type, info['client_id']): reply
@@ -212,7 +210,7 @@ class Scim
       hdrs.merge!('if-match' => etag)
     end
     reply = json_parse_reply(@key_style,
-        *json_patch(@target, "#{path}/#{URI.encode(id)}", info, hdrs))
+        *json_patch(@target, "#{path}/#{Addressable::URI.encode(id)}", info, hdrs))
 
     # hide client endpoints that are not quite scim compatible
     type == :client && !reply ? get(type, info['client_id']): reply
@@ -260,7 +258,7 @@ class Scim
   # @param (see #delete)
   # @return (see #add)
   def get(type, id)
-    info = json_get(@target, "#{type_info(type, :path)}/#{URI.encode(id)}",
+    info = json_get(@target, "#{type_info(type, :path)}/#{Addressable::URI.encode(id)}",
         @key_style, headers)
 
     fake_client_id(info) if type == :client # hide client reply, not quite scim
@@ -272,7 +270,7 @@ class Scim
   # @return (client meta)
   def get_client_meta(client_id)
     path = type_info(:client, :path)
-    json_get(@target, "#{path}/#{URI.encode(client_id)}/meta", @key_style, headers)
+    json_get(@target, "#{path}/#{Addressable::URI.encode(client_id)}/meta", @key_style, headers)
   end
 
   # Collects all pages of entries from a query
@@ -352,7 +350,7 @@ class Scim
     req = {"password" => new_password}
     req["oldPassword"] = old_password if old_password
     json_parse_reply(@key_style, *json_put(@target,
-        "#{type_info(:user, :path)}/#{URI.encode(user_id)}/password", req, headers))
+        "#{type_info(:user, :path)}/#{Addressable::URI.encode(user_id)}/password", req, headers))
   end
 
   # Change client secret.
@@ -368,18 +366,18 @@ class Scim
     req = {"secret" => new_secret }
     req["oldSecret"] = old_secret if old_secret
     json_parse_reply(@key_style, *json_put(@target,
-        "#{type_info(:client, :path)}/#{URI.encode(client_id)}/secret", req, headers))
+        "#{type_info(:client, :path)}/#{Addressable::URI.encode(client_id)}/secret", req, headers))
   end
 
   def unlock_user(user_id)
     req = {"locked" => false}
     json_parse_reply(@key_style, *json_patch(@target,
-        "#{type_info(:user, :path)}/#{URI.encode(user_id)}/status", req, headers))
+        "#{type_info(:user, :path)}/#{Addressable::URI.encode(user_id)}/status", req, headers))
   end
 
   def map_group(group, is_id, external_group, origin = "ldap")
     key_name = is_id ? :groupId : :displayName
-    request = {key_name => group, :externalGroup => external_group, :schemas => ["urn:scim:schemas:core:1.0"], :origin => origin }
+    request = {key_name => group, externalGroup: external_group, schemas: ["urn:scim:schemas:core:1.0"], origin: origin }
     result = json_parse_reply(@key_style, *json_post(@target,
                                                      "#{type_info(:group_mapping, :path)}", request,
                                                      headers))
@@ -387,7 +385,7 @@ class Scim
   end
 
   def unmap_group(group_id, external_group, origin = "ldap")
-    http_delete(@target, "#{type_info(:group_mapping, :path)}/groupId/#{group_id}/externalGroup/#{URI.encode(external_group)}/origin/#{origin}",
+    http_delete(@target, "#{type_info(:group_mapping, :path)}/groupId/#{group_id}/externalGroup/#{Addressable::URI.encode(external_group)}/origin/#{origin}",
                           @auth_header, @zone)
   end
 

data/lib/uaa/token_coder.rb

@@ -65,7 +65,7 @@ class TokenCoder
     unless options.is_a?(Hash) && obsolete1.nil? && obsolete2.nil?
       # deprecated: def self.encode(token_body, skey, pkey = nil, algo = 'HS256')
       warn "#{self.class}##{__method__} is deprecated with these parameters. Please use options hash."
-      options = {:skey => options }
+      options = {skey: options }
       options[:pkey], options[:algorithm] = obsolete1, obsolete2
     end
     options = normalize_options(options)
@@ -96,7 +96,7 @@ class TokenCoder
     unless options.is_a?(Hash) && obsolete1.nil? && obsolete2.nil?
       # deprecated: def self.decode(token, skey = nil, pkey = nil, verify = true)
       warn "#{self.class}##{__method__} is deprecated with these parameters. Please use options hash."
-      options = {:skey => options }
+      options = {skey: options }
       options[:pkey], options[:verify] = obsolete1, obsolete2
     end
     options = normalize_options(options)
@@ -170,7 +170,7 @@ class TokenCoder
     unless options.is_a?(Hash) && obsolete1.nil? && obsolete2.nil?
       # deprecated: def initialize(audience_ids, skey, pkey = nil)
       warn "#{self.class}##{__method__} is deprecated with these parameters. Please use options hash."
-      options = {:audience_ids => options }
+      options = {audience_ids: options }
       options[:skey], options[:pkey] = obsolete1, obsolete2
     end
     @options = self.class.normalize_options(options)
@@ -184,7 +184,7 @@ class TokenCoder
   def encode(token_body = {}, algorithm = nil)
     token_body[:aud] = @options[:audience_ids] if @options[:audience_ids] && !token_body[:aud] && !token_body['aud']
     token_body[:exp] = Time.now.to_i + 7 * 24 * 60 * 60 unless token_body[:exp] || token_body['exp']
-    self.class.encode(token_body, algorithm ? @options.merge(:algorithm => algorithm) : @options)
+    self.class.encode(token_body, algorithm ? @options.merge(algorithm: algorithm) : @options)
   end
 
   # Returns hash of values decoded from the token contents. If the

data/lib/uaa/token_issuer.rb

@@ -13,6 +13,7 @@
 
 require 'securerandom'
 require 'uaa/http'
+require 'cgi'
 
 module CF::UAA
 
@@ -72,8 +73,13 @@ class TokenIssuer
     if scope = Util.arglist(params.delete(:scope))
       params[:scope] = Util.strlist(scope)
     end
-    headers = {'content-type' => FORM_UTF8, 'accept' => JSON_UTF8,
-        'authorization' => Http.basic_auth(@client_id, @client_secret) }
+    headers = {'content-type' => FORM_UTF8, 'accept' => JSON_UTF8}
+    if @basic_auth
+      headers['authorization'] = Http.basic_auth(@client_id, @client_secret)
+    else
+      headers['X-CF-ENCODED-CREDENTIALS'] = 'true'
+      headers['authorization'] = Http.basic_auth(CGI.escape(@client_id), CGI.escape(@client_secret))
+    end
     reply = json_parse_reply(@key_style, *request(@token_target, :post,
         '/oauth/token', Util.encode_form(params), headers))
     raise BadResponse unless reply[jkey :token_type] && reply[jkey :access_token]
@@ -81,8 +87,8 @@ class TokenIssuer
   end
 
   def authorize_path_args(response_type, redirect_uri, scope, state = random_state, args = {})
-    params = args.merge(:client_id => @client_id, :response_type => response_type,
-        :redirect_uri => redirect_uri, :state => state)
+    params = args.merge(client_id: @client_id, response_type: response_type,
+        redirect_uri: redirect_uri, state: state)
     params[:scope] = scope = Util.strlist(scope) if scope = Util.arglist(scope)
     params[:nonce] = state
     "/oauth/authorize?#{Util.encode_form(params)}"
@@ -109,9 +115,8 @@ class TokenIssuer
     @target, @client_id, @client_secret = target, client_id, client_secret
     @token_target = options[:token_target] || target
     @key_style = options[:symbolize_keys] ? :sym : nil
-    self.skip_ssl_validation = options[:skip_ssl_validation]
-    self.ssl_ca_file = options[:ssl_ca_file]
-    self.ssl_cert_store = options[:ssl_cert_store]
+    @basic_auth = options[:basic_auth] == true ? true : false
+    initialize_http_options(options)
   end
 
   # Allows an app to discover what credentials are required for
@@ -139,7 +144,7 @@ class TokenIssuer
 
     # the accept header is only here so the uaa will issue error replies in json to aid debugging
     headers = {'content-type' => FORM_UTF8, 'accept' => JSON_UTF8 }
-    body = Util.encode_form(credentials.merge(:source => 'credentials'))
+    body = Util.encode_form(credentials.merge(source: 'credentials'))
     status, body, headers = request(@target, :post, uri, body, headers)
     raise BadResponse, "status #{status}" unless status == 302
     req_uri, reply_uri = URI.parse(redir_uri), URI.parse(headers['location'])
@@ -196,7 +201,7 @@ class TokenIssuer
     reply = json_parse_reply(nil, *request(@target, :post, "/autologin", body, headers))
     raise BadResponse, "no autologin code in reply" unless reply['code']
     @target + authorize_path_args('code', redirect_uri, scope,
-        random_state, :code => reply['code'])
+        random_state, code: reply['code'])
   end
 
   # Constructs a uri that the client is to return to the browser to direct
@@ -230,8 +235,8 @@ class TokenIssuer
     rescue URI::InvalidURIError, ArgumentError, BadResponse
       raise BadResponse, "received invalid response from target #{@target}"
     end
-    request_token(:grant_type => 'authorization_code', :code => authcode,
-        :redirect_uri => ac_params['redirect_uri'])
+    request_token(grant_type: 'authorization_code', code: authcode,
+        redirect_uri: ac_params['redirect_uri'])
   end
 
   # Uses the instance client credentials in addition to the +username+
@@ -239,15 +244,15 @@ class TokenIssuer
   # See {http://tools.ietf.org/html/rfc6749#section-4.3}.
   # @return [TokenInfo]
   def owner_password_grant(username, password, scope = nil)
-    request_token(:grant_type => 'password', :username => username,
-        :password => password, :scope => scope)
+    request_token(grant_type: 'password', username: username,
+        password: password, scope: scope)
   end
 
   # Uses a one-time passcode obtained from the UAA to get a
   # token.
   # @return [TokenInfo]
   def passcode_grant(passcode, scope = nil)
-    request_token(:grant_type => 'password', :passcode => passcode, :scope => scope)
+    request_token(grant_type: 'password', passcode: passcode, scope: scope)
   end
 
   # Gets an access token with the user credentials used for authentication
@@ -266,14 +271,14 @@ class TokenIssuer
   # credentials grant. See http://tools.ietf.org/html/rfc6749#section-4.4
   # @return [TokenInfo]
   def client_credentials_grant(scope = nil)
-    request_token(:grant_type => 'client_credentials', :scope => scope)
+    request_token(grant_type: 'client_credentials', scope: scope)
   end
 
   # Uses the instance client credentials and the given +refresh_token+ to get
   # a new access token. See http://tools.ietf.org/html/rfc6749#section-6
   # @return [TokenInfo] which may include a new refresh token as well as an access token.
   def refresh_token_grant(refresh_token, scope = nil)
-    request_token(:grant_type => 'refresh_token', :refresh_token => refresh_token, :scope => scope)
+    request_token(grant_type: 'refresh_token', refresh_token: refresh_token, scope: scope)
   end
 
 end

data/lib/uaa/util.rb

@@ -145,7 +145,7 @@ class Util
 
   # Converts +obj+ to nicely formatted JSON
   # @return [String] obj in formatted json
-  def self.json_pretty(obj) MultiJson.dump(obj, :pretty => true) end
+  def self.json_pretty(obj) MultiJson.dump(obj, pretty: true) end
 
   # Converts +obj+ to a URL-safe base 64 encoded string
   # @return [String]

data/lib/uaa/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = '3.13.0'
+    VERSION = '4.0.0'
   end
 end

data/spec/http_spec.rb

@@ -69,7 +69,7 @@ describe CF::UAA::Http do
       let(:ssl_config) { double('ssl_config') }
 
       it 'sets verify mode to VERIFY_NONE' do
-        http_instance.skip_ssl_validation = true
+        http_instance.initialize_http_options({skip_ssl_validation: true})
 
         expect(http_double).to receive(:ssl_config).and_return(ssl_config)
         expect(ssl_config).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
@@ -91,7 +91,7 @@ describe CF::UAA::Http do
       let(:ssl_config) { double('ssl_config') }
 
       it 'passes it' do
-        http_instance.ssl_ca_file = '/fake-ca-file'
+        http_instance.initialize_http_options({ssl_ca_file: '/fake-ca-file'})
 
         expect(http_double).to receive(:ssl_config).and_return(ssl_config).twice
         expect(ssl_config).to receive(:set_trust_ca).with('/fake-ca-file')
@@ -105,7 +105,7 @@ describe CF::UAA::Http do
       let(:ssl_config) { double('ssl_config') }
 
       it 'passes it' do
-        http_instance.ssl_cert_store = cert_store
+        http_instance.initialize_http_options({ssl_cert_store: cert_store})
 
         expect(http_double).to receive(:ssl_config).and_return(ssl_config).twice
         expect(ssl_config).to receive(:cert_store=).with(cert_store)
@@ -114,5 +114,29 @@ describe CF::UAA::Http do
         http_instance.http_get('https://uncached.example.com')
       end
     end
+
+    context 'when an http request timeout is provided' do
+      it 'sets all timeouts on the http clien to the http_timeout' do
+        http_instance.initialize_http_options({http_timeout: 10})
+
+        expect(http_double).to receive(:connect_timeout=).with(10)
+        expect(http_double).to receive(:send_timeout=).with(10)
+        expect(http_double).to receive(:receive_timeout=).with(10)
+
+        http_instance.http_get('https://uncached.example.com')
+      end
+    end
+
+    context 'when an http request timeout is not provided' do
+      it 'does not override the default' do
+        http_instance.initialize_http_options({})
+
+        expect(http_double).not_to receive(:connect_timeout=)
+        expect(http_double).not_to receive(:send_timeout=)
+        expect(http_double).not_to receive(:receive_timeout=)
+
+        http_instance.http_get('https://uncached.example.com')
+      end
+    end
   end
-end
+end

data/spec/info_spec.rb

@@ -34,7 +34,7 @@ module CF::UAA
     end
 
     describe 'initialize' do
-      let(:options) { {:skip_ssl_validation => true} }
+      let(:options) { {skip_ssl_validation: true} }
 
       it 'sets proxy information' do
         uaa_info.skip_ssl_validation == true
@@ -52,7 +52,7 @@ module CF::UAA
       end
 
       context 'with symbolize_keys keys true' do
-        let(:options) { {:symbolize_keys => true} }
+        let(:options) { {symbolize_keys: true} }
 
         it 'gets server info' do
           result = uaa_info.server
@@ -84,7 +84,7 @@ module CF::UAA
       end
 
       context 'with symbolize_keys keys true' do
-        let(:options) { {:symbolize_keys => true} }
+        let(:options) { {symbolize_keys: true} }
 
         it 'gets UAA target' do
           result = uaa_info.discover_uaa

data/spec/integration_spec.rb

@@ -41,7 +41,35 @@ module CF::UAA
     target = ENV['UAA_CLIENT_TARGET']
 
     admin_token_issuer = TokenIssuer.new(target, admin_client, admin_secret, options)
-    Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true))
+    Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(symbolize_keys: true))
+  end
+
+  describe 'when UAA does not respond' do
+    let(:http_timeout) { 0.01 }
+    let(:default_http_client_timeout) { 60 }
+    let(:scim) { Scim.new(@target, "", {http_timeout: http_timeout}) }
+    let(:token_issuer) { TokenIssuer.new(@target, "", "", {http_timeout: http_timeout}) }
+    let(:blackhole_ip) { '10.255.255.1'}
+
+    before do
+      @target = "http://#{blackhole_ip}"
+    end
+
+    it 'times out the connection at the configured time for the scim' do
+      expect {
+        Timeout.timeout(default_http_client_timeout - 1) do
+          scim.get(:user, "admin")
+        end
+      }.to raise_error HTTPException
+    end
+
+    it 'times out the connection at the configured time for the token issuer' do
+      expect {
+        Timeout.timeout(default_http_client_timeout - 1) do
+          token_issuer.client_credentials_grant
+        end
+      }.to raise_error HTTPException
+    end
   end
 
   if ENV['UAA_CLIENT_TARGET']
@@ -49,20 +77,20 @@ module CF::UAA
 
       let(:options)  { @options }
       let(:token_issuer) { TokenIssuer.new(@target, @test_client, @test_secret, options) }
-      let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true)) }
+      let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(symbolize_keys: true)) }
 
       before :all do
         @options = {}
         if ENV['SKIP_SSL_VALIDATION']
-          @options = {:skip_ssl_validation => true}
+          @options = {skip_ssl_validation: true}
         end
         @target = ENV['UAA_CLIENT_TARGET']
         @test_client = "test_client_#{Time.now.to_i}"
         @test_secret = '+=tEsTsEcRet~!@'
         gids = ['clients.read', 'scim.read', 'scim.write', 'uaa.resource', 'password.write']
-        test_client = CF::UAA::admin_scim(@options).add(:client, :client_id => @test_client, :client_secret => @test_secret,
-                                     :authorities => gids, :authorized_grant_types => ['client_credentials', 'password'],
-                                     :scope => ['openid', 'password.write'])
+        test_client = CF::UAA::admin_scim(@options).add(:client, client_id: @test_client, client_secret: @test_secret,
+                                     authorities: gids, authorized_grant_types: ['client_credentials', 'password'],
+                                     scope: ['openid', 'password.write'])
         expect(test_client[:client_id]).to eq(@test_client)
       end
 
@@ -74,7 +102,7 @@ module CF::UAA
 
       if ENV['SKIP_SSL_VALIDATION']
         context 'when ssl certificate is self-signed' do
-          let(:options)  { {:skip_ssl_validation => false} }
+          let(:options)  { {skip_ssl_validation: false} }
 
           it 'fails if skip_ssl_validation is false' do
             expect{ scim }.to raise_exception(CF::UAA::SSLException)
@@ -85,7 +113,7 @@ module CF::UAA
       if ENV['SSL_CA_FILE']
         context 'when you do not skip SSL validation' do
           context 'when you provide cert' do
-            let(:options)  { {:ssl_ca_file => ENV['SSL_CA_FILE']} }
+            let(:options)  { {ssl_ca_file: ENV['SSL_CA_FILE']} }
 
             it 'works' do
               expect(token_issuer.prompts).to_not be_nil
@@ -111,7 +139,7 @@ module CF::UAA
               cert_store
             end
 
-            let(:options)  { {:ssl_cert_store => cert_store} }
+            let(:options)  { {ssl_cert_store: cert_store} }
             it 'works' do
               expect(token_issuer.prompts).to_not be_nil
             end
@@ -128,7 +156,7 @@ module CF::UAA
       end
 
       it 'should report the uaa client version' do
-        expect(VERSION).to match(/\d.\d.\d/)
+        expect(VERSION).to match(/\d+.\d+.\d+/)
       end
 
       it 'makes sure the server is there by getting the prompts for an implicit grant' do
@@ -138,7 +166,7 @@ module CF::UAA
       it 'gets a token with client credentials' do
         tkn = token_issuer.client_credentials_grant
         expect(tkn.auth_header).to match(/^bearer\s/i)
-        info = TokenCoder.decode(tkn.info['access_token'], :verify => false, :symbolize_keys => true)
+        info = TokenCoder.decode(tkn.info['access_token'], verify: false, symbolize_keys: true)
         expect(info[:exp]).to be
         expect(info[:jti]).to be
       end
@@ -151,9 +179,9 @@ module CF::UAA
         before :each do
           @username = "sam_#{Time.now.to_i}"
           @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
-          usr = scim.add(:user, :username => @username, :password => @user_pwd,
-                         :emails => [{:value => 'sam@example.com'}],
-                         :name => {:givenname => 'none', :familyname => 'none'})
+          usr = scim.add(:user, username: @username, password: @user_pwd,
+                         emails: [{value: 'sam@example.com'}],
+                         name: {givenname: 'none', familyname: 'none'})
           @user_id = usr[:id]
         end
 
@@ -194,8 +222,8 @@ module CF::UAA
 
           it 'should get a uri to be sent to the user agent to initiate autologin' do
             redir_uri = 'http://call.back/uri_path'
-            uri_parts = token_issuer.autologin_uri(redir_uri, :username => @username,
-                                                   :password =>@user_pwd ).split('?')
+            uri_parts = token_issuer.autologin_uri(redir_uri, username: @username,
+                                                   password: @user_pwd ).split('?')
             expect(uri_parts[0]).to eq("#{ENV['UAA_CLIENT_TARGET']}/oauth/authorize")
             params = Util.decode_form(uri_parts[1], :sym)
             expect(params[:response_type]).to eq('code')
@@ -209,4 +237,4 @@ module CF::UAA
       end
     end
   end
-end
+end

data/spec/scim_spec.rb

@@ -39,7 +39,7 @@ describe Scim do
   end
 
   describe 'initialize' do
-    let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true} }
+    let(:options) { {http_proxy: 'http-proxy.com', https_proxy: 'https-proxy.com', skip_ssl_validation: true} }
 
     it 'sets skip_ssl_validation' do
       subject.skip_ssl_validation == true
@@ -53,8 +53,8 @@ describe Scim do
       check_headers(headers, :json, :json, nil)
       [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
     end
-    result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
-        :eye_color => ['blue', 'green'], :name => 'fred')
+    result = subject.add(:user, hair: 'brown', shoe_size: 'large',
+        eye_color: ['blue', 'green'], name: 'fred')
     result['id'].should == 'id12345'
   end
 
@@ -71,8 +71,8 @@ describe Scim do
   end
 
   it 'replaces an object' do
-    obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
-          :name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
+    obj = {hair: 'black', shoe_size: 'medium', eye_color: ['hazel', 'brown'],
+          name: 'fredrick', meta: {version: 'v567'}, id: 'id12345'}
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :put
@@ -85,8 +85,8 @@ describe Scim do
   end
 
   it 'modifies an object' do
-    obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
-          :name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
+    obj = {hair: 'black', shoe_size: 'medium', eye_color: ['hazel', 'brown'],
+          name: 'fredrick', meta: {version: 'v567'}, id: 'id12345'}
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :patch
@@ -122,7 +122,7 @@ describe Scim do
         '{"TotalResults":2,"ItemsPerPage":1,"StartIndex":2,"RESOURCES":[{"id":"id67890"}]}'
       [200, reply, {'content-type' => 'application/json'}]
     end
-    result = subject.all_pages(:user, :attributes => 'id', :includeInactive => true)
+    result = subject.all_pages(:user, attributes: 'id', includeInactive: true)
     [result[0]['id'], result[1]['id']].to_set.should == ['id12345', 'id67890'].to_set
   end
 
@@ -221,7 +221,7 @@ describe Scim do
   end
 
   describe 'users in a zone' do
-    let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true, :zone => 'derpzone'} }
+    let(:options) { {http_proxy: 'http-proxy.com', https_proxy: 'https-proxy.com', skip_ssl_validation: true, zone: 'derpzone'} }
 
     it 'sends zone header' do
         subject.set_request_handler do |url, method, body, headers|
@@ -230,8 +230,8 @@ describe Scim do
           check_headers(headers, :json, :json, 'derpzone')
           [200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
         end
-        result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
-                             :eye_color => ['blue', 'green'], :name => 'fred')
+        result = subject.add(:user, hair: 'brown', shoe_size: 'large',
+                             eye_color: ['blue', 'green'], name: 'fred')
         result['id'].should == 'id12345'
       end
   end

data/spec/spec_helper.rb

@@ -22,4 +22,10 @@ if ENV['COVERAGE']
   SimpleCov.start
 end
 
-require 'rspec'
+require 'rspec'
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |expectations|
+    expectations.syntax = [:expect, :should]
+  end
+end

data/spec/token_coder_spec.rb

@@ -18,8 +18,8 @@ module CF::UAA
 
 describe TokenCoder do
 
-  subject { TokenCoder.new(:audience_ids => "test_resource",
-      :skey => "test_secret", :pkey => OpenSSL::PKey::RSA.generate(512) ) }
+  subject { TokenCoder.new(audience_ids: "test_resource",
+      skey: "test_secret", pkey: OpenSSL::PKey::RSA.generate(512) ) }
 
   before :each do
     @tkn_body = {'foo' => "bar"}
@@ -57,7 +57,7 @@ describe TokenCoder do
       2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
       -----END RSA PRIVATE KEY-----
     DATA
-    coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
+    coder = TokenCoder.new(audience_ids: "test_resource", pkey: pem)
     tkn = coder.encode(@tkn_body, 'RS256')
     result = coder.decode("bEaReR #{tkn}")
     result.should_not be_nil
@@ -66,7 +66,7 @@ describe TokenCoder do
 
   it "encodes/decodes with 'none' signature if explicitly accepted" do
     tkn = subject.encode(@tkn_body, 'none')
-    result = TokenCoder.decode(tkn, :accept_algorithms => "none")
+    result = TokenCoder.decode(tkn, accept_algorithms: "none")
     result.should_not be_nil
     result["foo"].should == "bar"
   end
@@ -86,7 +86,7 @@ describe TokenCoder do
   end
 
   it "raises an error if the token is signed by an unknown signing key" do
-    other = TokenCoder.new(:audience_ids => "test_resource", :skey => "other_secret")
+    other = TokenCoder.new(audience_ids: "test_resource", skey: "other_secret")
     tkn = other.encode(@tkn_body)
     expect { subject.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
   end
@@ -103,8 +103,8 @@ describe TokenCoder do
       2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
       -----END RSA PRIVATE KEY-----
     DATA
-    coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
-    coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
+    coder = TokenCoder.new(audience_ids: "test_resource", pkey: pem)
+    coder2 = TokenCoder.new(audience_ids: "test_resource", skey: 'randomness')
 
     tkn = coder.encode(@tkn_body, 'RS256')
 
@@ -123,21 +123,21 @@ describe TokenCoder do
       2yrlT5h164jGCxqe7++1kIl4ollFCgz6QJ8lcmb/2Q==
       -----END RSA PRIVATE KEY-----
     DATA
-    coder = TokenCoder.new(:audience_ids => "test_resource", :pkey => pem)
-    coder2 = TokenCoder.new(:audience_ids => "test_resource", :skey => 'randomness')
+    coder = TokenCoder.new(audience_ids: "test_resource", pkey: pem)
+    coder2 = TokenCoder.new(audience_ids: "test_resource", skey: 'randomness')
     tkn = coder2.encode(@tkn_body)
 
     expect { coder.decode("bEaReR #{tkn}") }.to raise_exception(InvalidSignature)
   end
 
   it "raises an error if the token is an unknown signing algorithm" do
-    segments = [Util.json_encode64(:typ => "JWT", :alg =>"BADALGO")]
+    segments = [Util.json_encode64(typ: "JWT", alg:"BADALGO")]
     segments << Util.json_encode64(@tkn_body)
     segments << Util.encode64("BADSIG")
     tkn = segments.join('.')
-    tc = TokenCoder.new(:audience_ids => "test_resource",
-        :skey => "test_secret", :pkey => OpenSSL::PKey::RSA.generate(512),
-        :accept_algorithms => "BADALGO")
+    tc = TokenCoder.new(audience_ids: "test_resource",
+        skey: "test_secret", pkey: OpenSSL::PKey::RSA.generate(512),
+        accept_algorithms: "BADALGO")
     expect { tc.decode("bEaReR #{tkn}") }.to raise_exception(SignatureNotSupported)
   end
 
@@ -179,7 +179,7 @@ describe TokenCoder do
 
   it "decodes a token without validation" do
     token = "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImY1MTgwMjExLWVkYjItNGQ4OS1hNmQwLThmNGVjMTE0NTE4YSIsInJlc291cmNlX2lkcyI6WyJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXSwiZXhwaXJlc19hdCI6MTMzNjU1MTc2Niwic2NvcGUiOlsicmVhZCJdLCJlbWFpbCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9hdXRob3JpdGllcyI6WyJST0xFX1VOVFJVU1RFRCJdLCJleHBpcmVzX2luIjo0MzIwMCwidXNlcl9hdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwidXNlcl9pZCI6Im9sZHNAdm13YXJlLmNvbSIsImNsaWVudF9pZCI6InZtYyIsInRva2VuX2lkIjoiZWRlYmYzMTctNWU2Yi00YmYwLWFmM2ItMTA0OWRjNmFlYjc1In0.XoirrePfEujnZ9Vm7SRRnj3vZEfRp2tkjkS_OCVz5Bs"
-    info = TokenCoder.decode(token, :verify => false)
+    info = TokenCoder.decode(token, verify: false)
     info["id"].should_not be_nil
     info["email"].should == "olds@vmware.com"
   end

data/spec/token_issuer_spec.rb

@@ -23,13 +23,13 @@ describe TokenIssuer do
 
   before do
     #Util.default_logger(:trace)
-    @issuer = TokenIssuer.new('http://test.uaa.target', 'test_client', 'test_secret', options)
+    @issuer = TokenIssuer.new('http://test.uaa.target', 'test_client', 'test!secret', options)
   end
 
   subject { @issuer }
 
   describe 'initialize' do
-    let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true} }
+    let(:options) { {http_proxy: 'http-proxy.com', https_proxy: 'https-proxy.com', skip_ssl_validation: true, basic_auth: false} }
 
     it 'sets skip_ssl_validation' do
       subject.skip_ssl_validation == true
@@ -42,11 +42,12 @@ describe TokenIssuer do
       subject.set_request_handler do |url, method, body, headers|
         headers['content-type'].should =~ /application\/x-www-form-urlencoded/
         headers['accept'].should =~ /application\/json/
-        # TODO check basic auth header
+        headers['X-CF-ENCODED-CREDENTIALS'].should == 'true'
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCUyMXNlY3JldA=='
         url.should == 'http://test.uaa.target/oauth/token'
         method.should == :post
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-            :scope => 'logs.read', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+            scope: 'logs.read', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       token = subject.client_credentials_grant('logs.read')
@@ -59,8 +60,8 @@ describe TokenIssuer do
 
     it 'gets all granted scopes if none specified' do
       subject.set_request_handler do |url, method, body, headers|
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-            :scope => 'openid logs.read', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+            scope: 'openid logs.read', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       token = subject.client_credentials_grant
@@ -89,11 +90,12 @@ describe TokenIssuer do
       subject.set_request_handler do |url, method, body, headers|
         headers['content-type'].should =~ /application\/x-www-form-urlencoded/
         headers['accept'].should =~ /application\/json/
-        # TODO check basic auth header
+        headers['X-CF-ENCODED-CREDENTIALS'].should == 'true'
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCUyMXNlY3JldA=='
         url.should == 'http://test.uaa.target/oauth/token'
         method.should == :post
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-            :scope => 'openid', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+            scope: 'openid', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       token = subject.owner_password_grant('joe+admin', "?joe's%password$@ ", 'openid')
@@ -108,13 +110,14 @@ describe TokenIssuer do
       subject.set_request_handler do |url, method, body, headers|
         headers['content-type'].should =~ /application\/x-www-form-urlencoded/
         headers['accept'].should =~ /application\/json/
-        # TODO check basic auth header
+        headers['X-CF-ENCODED-CREDENTIALS'].should == 'true'
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCUyMXNlY3JldA=='
         url.should == 'http://test.uaa.target/oauth/token'
         body.should =~ /(^|&)passcode=12345($|&)/
         body.should =~ /(^|&)grant_type=password($|&)/
         method.should == :post
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-                 :scope => 'openid', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       token = subject.passcode_grant('12345')
@@ -135,8 +138,8 @@ describe TokenIssuer do
         url.should == 'http://test.uaa.target/oauth/token'
         method.should == :post
         body.split('&').should =~ ['passcode=fake-passcode', 'grant_type=password']
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-          :scope => 'openid', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+          scope: 'openid', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       token = subject.owner_password_credentials_grant({passcode: 'fake-passcode'})
@@ -153,7 +156,7 @@ describe TokenIssuer do
 
     it 'gets the prompts for credentials used to authenticate implicit grant' do
       subject.set_request_handler do |url, method, body, headers|
-        info = { :prompts => {:username => ['text', 'Username'], :password => ['password', 'Password']} }
+        info = { prompts: {username: ['text', 'Username'], password: ['password', 'Password']} }
         [200, Util.json(info), {'content-type' => 'application/json'}]
       end
       result = subject.prompts
@@ -182,10 +185,10 @@ describe TokenIssuer do
         end
 
         expect(subject).to receive(:authorize_path_args).with('token', 'https://uaa.cloudfoundry.com/redirect/test_client', 'logs.read', anything)
-        subject.stub(:random_state).and_return('1234')
-        subject.stub(:authorize_path_args).and_return('/oauth/authorize?state=1234&scope=logs.read')
+        allow(subject).to receive(:random_state).and_return('1234')
+        allow(subject).to receive(:authorize_path_args).and_return('/oauth/authorize?state=1234&scope=logs.read')
 
-        token = subject.implicit_grant_with_creds({:username => 'joe+admin', :password => "?joe's%password$@ "}, 'logs.read')
+        token = subject.implicit_grant_with_creds({username: 'joe+admin', password: "?joe's%password$@ "}, 'logs.read')
         token.should be_an_instance_of TokenInfo
         token.info['access_token'].should == 'test_access_token'
         token.info['token_type'].should =~ /^bearer$/i
@@ -202,7 +205,7 @@ describe TokenIssuer do
         end
 
         expect(subject).to receive(:authorize_path_args).with('token id_token', 'https://uaa.cloudfoundry.com/redirect/test_client', 'openid logs.read', anything)
-        subject.stub(:random_state).and_return('1234')
+        allow(subject).to receive(:random_state).and_return('1234')
         subject.implicit_grant_with_creds({:username => 'joe+admin', :password => "?joe's%password$@ "}, 'openid logs.read')
       end
     end
@@ -214,8 +217,8 @@ describe TokenIssuer do
             'expires_in=98765&scope=openid+logs.read&state=bad_state'
         [302, nil, {'content-type' => 'application/json', 'location' => location}]
       end
-      expect {token = subject.implicit_grant_with_creds(:username => 'joe+admin',
-          :password => "?joe's%password$@ ")}.to raise_exception BadResponse
+      expect {token = subject.implicit_grant_with_creds(username: 'joe+admin',
+          password: "?joe's%password$@ ")}.to raise_exception BadResponse
     end
 
     it 'asks for an id_token with openid scope' do
@@ -250,11 +253,12 @@ describe TokenIssuer do
       subject.set_request_handler do |url, method, body, headers|
         headers['content-type'].should =~ /application\/x-www-form-urlencoded/
         headers['accept'].should =~ /application\/json/
-        # TODO check basic auth header
+        headers['X-CF-ENCODED-CREDENTIALS'].should == 'true'
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCUyMXNlY3JldA=='
         url.should match 'http://test.uaa.target/oauth/token'
         method.should == :post
-        reply = {:access_token => 'test_access_token', :token_type => 'BEARER',
-            :scope => 'openid', :expires_in => 98765}
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+            scope: 'openid', expires_in: 98765}
         [200, Util.json(reply), {'content-type' => 'application/json'}]
       end
       cburi = 'http://call.back/uri_path'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaa-lib
 version: !ruby/object:Gem::Version
-  version: 3.13.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Dave Syer
@@ -12,28 +12,28 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-26 00:00:00.000000000 Z
+date: 2022-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.12.0
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.12.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.12.0
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.12.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.16'
 - !ruby/object:Gem::Dependency
   name: httpclient
   requirement: !ruby/object:Gem::Requirement
@@ -54,74 +54,94 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.8.2.4
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.8.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.3'
     - - ">="
       - !ruby/object:Gem::Version
         version: 10.3.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.3'
     - - ">="
       - !ruby/object:Gem::Version
         version: 10.3.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.14'
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.14.1
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.14'
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.14.1
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
   name: simplecov-rcov
   requirement: !ruby/object:Gem::Requirement
@@ -140,42 +160,56 @@ dependencies:
   name: ci_reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.9.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.9.2
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: json_pure
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.1
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.1
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: ci_reporter_rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: '1.0'
 description: Client library for interacting with the CloudFoundry User Account and
   Authorization (UAA) server.  The UAA is an OAuth2 Authorization Server so it can
   be used by webapps and command line apps to obtain access tokens to act on behalf
@@ -191,8 +225,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
+- ".github/workflows/gem-push.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
-- ".travis.yml"
 - ".yardopts"
 - CHANGELOG.md
 - Gemfile
@@ -235,16 +271,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: cf-uaa-lib
-rubygems_version: 2.6.13
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Client library for CloudFoundry UAA
-test_files:
-- spec/http_spec.rb
-- spec/info_spec.rb
-- spec/integration_spec.rb
-- spec/scim_spec.rb
-- spec/spec_helper.rb
-- spec/token_coder_spec.rb
-- spec/token_issuer_spec.rb
+test_files: []

data/.travis.yml

@@ -1,10 +0,0 @@
-language: ruby
-
-before_install:
-  - gem update
-  - gem install bundler
-
-rvm:
-  - 2.2.7
-  - 2.3.4
-  - 2.4.1