cf-uaa-lib 3.2.3 → 3.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 35d3170905100aa7d8173c6872eda69152cfa2f2
4
- data.tar.gz: c17587b9299da1daf876632e70f0b41cba3ff257
3
+ metadata.gz: f1a44d84d9da8b6a573137d39cff8f0a8272f21d
4
+ data.tar.gz: 50590e8f0a93d17739478de139c72a744ce1417a
5
5
  SHA512:
6
- metadata.gz: 5713ce58de47d5132a6d6c3698f236891b8822d492d4752a5e5ad7fcf5fe2e20e03361cceb669cc9a467eb37105c6a8a028398276fb663233879dfbc5c64de11
7
- data.tar.gz: 82cf478b0291782c8650988cbc49dc392a17e697b96817ca1cedab4728b10107d2c915c176d6d0d278bad8f18a84208f70da8646324d780553bc52a737ae9f06
6
+ metadata.gz: 01b0f6577fad7197cd957c55f4f7b7cf781a6d79f160de5cba31a523708da721396cbf48261f9d8da61e59b704672f4b3d3fa0c7f08ccc349c3171ec98478e1f
7
+ data.tar.gz: 723f1a40f353d5b70bf8ee778dc1ec32f7c1e10729a82444281fa96e7f17a5b5eb0c0a10ff160ef149f9017f2bd2aae236ffb7a72accf016664788d8c947e17f
@@ -84,7 +84,7 @@ class TokenIssuer
84
84
  params = args.merge(:client_id => @client_id, :response_type => response_type,
85
85
  :redirect_uri => redirect_uri, :state => state)
86
86
  params[:scope] = scope = Util.strlist(scope) if scope = Util.arglist(scope)
87
- params[:nonce], params[:response_type] = state, "#{response_type} id_token" if scope && scope.include?('openid')
87
+ params[:nonce] = state
88
88
  "/oauth/authorize?#{Util.encode_form(params)}"
89
89
  end
90
90
 
@@ -134,7 +134,9 @@ class TokenIssuer
134
134
  def implicit_grant_with_creds(credentials, scope = nil)
135
135
  # this manufactured redirect_uri is a convention here, not part of OAuth2
136
136
  redir_uri = "https://uaa.cloudfoundry.com/redirect/#{@client_id}"
137
- uri = authorize_path_args("token", redir_uri, scope, state = random_state)
137
+ response_type = "token"
138
+ response_type = "#{response_type} id_token" if scope && (scope.include? "openid")
139
+ uri = authorize_path_args(response_type, redir_uri, scope, state = random_state)
138
140
 
139
141
  # the accept header is only here so the uaa will issue error replies in json to aid debugging
140
142
  headers = {'content-type' => FORM_UTF8, 'accept' => JSON_UTF8 }
@@ -154,7 +156,9 @@ class TokenIssuer
154
156
  # @param [String] redirect_uri (see #authcode_uri)
155
157
  # @return [String]
156
158
  def implicit_uri(redirect_uri, scope = nil)
157
- @target + authorize_path_args("token", redirect_uri, scope)
159
+ response_type = "token"
160
+ response_type = "#{response_type} id_token" if scope && (scope.include? "openid")
161
+ @target + authorize_path_args(response_type, redirect_uri, scope)
158
162
  end
159
163
 
160
164
  # Gets a token via an implicit grant.
@@ -14,6 +14,6 @@
14
14
  # Cloud Foundry namespace
15
15
  module CF
16
16
  module UAA
17
- VERSION = "3.2.3"
17
+ VERSION = "3.2.4"
18
18
  end
19
19
  end
@@ -151,24 +151,44 @@ describe TokenIssuer do
151
151
  expect { subject.prompts }.to raise_exception BadResponse
152
152
  end
153
153
 
154
- it "gets an access token" do
155
- subject.set_request_handler do |url, method, body, headers|
156
- headers["content-type"].should =~ /application\/x-www-form-urlencoded/
157
- headers["accept"].should =~ /application\/json/
158
- url.should match "http://test.uaa.target/oauth/authorize"
159
- (state = /state=([^&]+)/.match(url)[1]).should_not be_nil
160
- method.should == :post
161
- location = "https://uaa.cloudfoundry.com/redirect/test_client#" +
162
- "access_token=test_access_token&token_type=bearer&" +
163
- "expires_in=98765&scope=openid+logs.read&state=#{state}"
164
- [302, nil, {"content-type" => "application/json", "location" => location}]
154
+ context "#implicit_grant_with_creds" do
155
+ it "gets only an access token, no openid in scope" do
156
+ subject.set_request_handler do |url, method, body, headers|
157
+ headers["content-type"].should =~ /application\/x-www-form-urlencoded/
158
+ headers["accept"].should =~ /application\/json/
159
+ url.should match "http://test.uaa.target/oauth/authorize"
160
+ (state = /state=([^&]+)/.match(url)[1]).should_not be_nil
161
+ method.should == :post
162
+ location = "https://uaa.cloudfoundry.com/redirect/test_client#" +
163
+ "access_token=test_access_token&token_type=bearer&" +
164
+ "expires_in=98765&scope=logs.read&state=#{state}"
165
+ [302, nil, {"content-type" => "application/json", "location" => location}]
166
+ end
167
+
168
+ expect(subject).to receive(:authorize_path_args).with("token", "https://uaa.cloudfoundry.com/redirect/test_client", "logs.read", anything)
169
+ subject.stub(:random_state).and_return("1234")
170
+ subject.stub(:authorize_path_args).and_return("/oauth/authorize?state=1234&scope=logs.read")
171
+
172
+ token = subject.implicit_grant_with_creds({:username => "joe+admin", :password => "?joe's%password$@ "}, "logs.read")
173
+ token.should be_an_instance_of TokenInfo
174
+ token.info["access_token"].should == "test_access_token"
175
+ token.info["token_type"].should =~ /^bearer$/i
176
+ Util.arglist(token.info["scope"]).to_set.should == Util.arglist("logs.read").to_set
177
+ token.info["expires_in"].should == 98765
178
+ end
179
+
180
+ it "also asks for an id_token if scope contains openid" do
181
+ subject.set_request_handler do |url, method, body, headers|
182
+ location = "https://uaa.cloudfoundry.com/redirect/test_client#" +
183
+ "access_token=test_access_token&id_token=test-id_token&token_type=bearer&" +
184
+ "expires_in=98765&scope=openid+logs.read&state=1234"
185
+ [302, nil, {"content-type" => "application/json", "location" => location}]
186
+ end
187
+
188
+ expect(subject).to receive(:authorize_path_args).with("token id_token", "https://uaa.cloudfoundry.com/redirect/test_client", "openid logs.read", anything)
189
+ subject.stub(:random_state).and_return("1234")
190
+ subject.implicit_grant_with_creds({:username => "joe+admin", :password => "?joe's%password$@ "}, "openid logs.read")
165
191
  end
166
- token = subject.implicit_grant_with_creds(:username => "joe+admin", :password => "?joe's%password$@ ")
167
- token.should be_an_instance_of TokenInfo
168
- token.info["access_token"].should == "test_access_token"
169
- token.info["token_type"].should =~ /^bearer$/i
170
- Util.arglist(token.info["scope"]).to_set.should == Util.arglist("openid logs.read").to_set
171
- token.info["expires_in"].should == 98765
172
192
  end
173
193
 
174
194
  it "rejects an access token with wrong state" do
@@ -182,18 +202,30 @@ describe TokenIssuer do
182
202
  :password => "?joe's%password$@ ")}.to raise_exception BadResponse
183
203
  end
184
204
 
205
+ it "asks for an id_token with openid scope" do
206
+ uri_parts = subject.implicit_uri("http://call.back/uri_path", "openid logs.read").split('?')
207
+ params = Util.decode_form(uri_parts[1])
208
+ params["response_type"].should == "token id_token"
209
+ end
210
+
211
+ it "only asks for token if scope isn't openid" do
212
+ uri_parts = subject.implicit_uri("http://call.back/uri_path").split('?')
213
+ params = Util.decode_form(uri_parts[1])
214
+ params["response_type"].should == "token"
215
+ end
216
+
185
217
  end
186
218
 
187
219
  context "with auth code grant" do
188
220
 
189
221
  it "gets the authcode uri to be sent to the user agent for an authcode" do
190
222
  redir_uri = "http://call.back/uri_path"
191
- uri_parts = subject.authcode_uri(redir_uri).split('?')
223
+ uri_parts = subject.authcode_uri(redir_uri, "openid").split('?')
192
224
  uri_parts[0].should == "http://test.uaa.target/oauth/authorize"
193
225
  params = Util.decode_form(uri_parts[1])
194
226
  params["response_type"].should == "code"
195
227
  params["client_id"].should == "test_client"
196
- params["scope"].should be_nil
228
+ params["scope"].should == "openid"
197
229
  params["redirect_uri"].should == redir_uri
198
230
  params["state"].should_not be_nil
199
231
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cf-uaa-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.3
4
+ version: 3.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Syer
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2015-08-28 00:00:00.000000000 Z
15
+ date: 2015-09-22 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: multi_json