cf-uaa-lib 3.6.0 → 3.14.3

data/spec/integration_spec.rb

@@ -15,135 +15,226 @@ require 'spec_helper'
 require 'uaa'
 require 'pp'
 
-# Example config for integration tests with defaults:
-#    ENV["UAA_CLIENT_ID"] = "admin"
-#    ENV["UAA_CLIENT_SECRET"] = "adminsecret"
-#    ENV["UAA_CLIENT_TARGET"] = "http://localhost:8080/uaa"
+# ENV['UAA_CLIENT_ID'] = 'admin'
+# ENV['UAA_CLIENT_SECRET'] = 'admin_secret'
+# ENV['UAA_CLIENT_TARGET'] = 'https://login.identity.cf-app.com'
+# ENV['UAA_CLIENT_TARGET'] = 'http://localhost:8080/uaa'
 
-module CF::UAA
+#Set this variable if you want to test skip_ssl_validation option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+#It will run  all the tests with ssl validation set to false
+# ENV['SKIP_SSL_VALIDATION'] = 'yes'
 
-if ENV["UAA_CLIENT_TARGET"]
-
-describe "UAA Integration:" do
-
-  def create_test_client
-    toki = TokenIssuer.new(@target, @admin_client, @admin_secret)
-    cr = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
-    @test_client = "test_client_#{Time.now.to_i}"
-    @test_secret = "+=tEsTsEcRet~!@"
-    gids = ["clients.read", "scim.read", "scim.write", "uaa.resource", "password.write"]
-    new_client = cr.add(:client, :client_id => @test_client, :client_secret => @test_secret,
-          :authorities => gids, :authorized_grant_types => ["client_credentials", "password"],
-          :scope => ["openid", "password.write"])
-    new_client[:client_id].should == @test_client
-    @username = "sam_#{Time.now.to_i}"
-  end
+#Set this variable to test ssl_ca_file option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+# ENV['SSL_CA_FILE'] = '~/workspace/identity-cf.cert'
 
-  before :all do
-    #Util.default_logger(:trace)
-    @admin_client = ENV["UAA_CLIENT_ID"] || "admin"
-    @admin_secret = ENV["UAA_CLIENT_SECRET"] || "adminsecret"
-    @target = ENV["UAA_CLIENT_TARGET"]
-    @username = "sam_#{Time.now.to_i}"
-  end
+#Set this variable to test cert_store option.
+#Make sure that  UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
+# ENV['CERT_STORE'] = '~/workspace/identity-cf.cert'
 
-  it "should report the uaa client version" do
-    VERSION.should =~ /\d.\d.\d/
-  end
+module CF::UAA
 
-  it "makes sure the server is there by getting the prompts for an implicit grant" do
-    prompts = TokenIssuer.new(@target, @admin_client, @admin_secret).prompts
-    prompts.should_not be_nil
-  end
+  def self.admin_scim(options)
+    admin_client = ENV['UAA_CLIENT_ID'] || 'admin'
+    admin_secret = ENV['UAA_CLIENT_SECRET'] || 'adminsecret'
+    target = ENV['UAA_CLIENT_TARGET']
 
-  it "gets a token with client credentials" do
-    tkn = TokenIssuer.new(@target, @admin_client, @admin_secret).client_credentials_grant
-    tkn.auth_header.should =~ /^bearer\s/i
-    info = TokenCoder.decode(tkn.info["access_token"], :verify => false, :symbolize_keys => true)
-    info[:exp].should be
-    info[:jti].should be
+    admin_token_issuer = TokenIssuer.new(target, admin_client, admin_secret, options)
+    Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true))
   end
 
-  context "as a client," do
-
-    before :all do
-      create_test_client
-      toki = TokenIssuer.new(@target, @test_client, @test_secret)
-      @scim = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
-      @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
-      usr = @scim.add(:user, :username => @username, :password => @user_pwd,
-          :emails => [{:value => "sam@example.com"}],
-          :name => {:givenname => "none", :familyname => "none"})
-      @user_id = usr[:id]
-    end
+  describe 'when UAA does not respond' do
+    let(:http_timeout) { 0.01 }
+    let(:default_http_client_timeout) { 60 }
+    let(:scim) { Scim.new(@target, "", {:http_timeout => http_timeout}) }
+    let(:token_issuer) { TokenIssuer.new(@target, "", "", {:http_timeout => http_timeout}) }
+    let(:blackhole_ip) { '10.255.255.1'}
 
-    after :all do
-      # TODO: delete user, delete test client
+    before do
+      @target = "http://#{blackhole_ip}"
     end
 
-    it "creates a user" do
-      @user_id.should be
+    it 'times out the connection at the configured time for the scim' do
+      expect {
+        Timeout.timeout(default_http_client_timeout - 1) do
+          scim.get(:user, "admin")
+        end
+      }.to raise_error HTTPException
     end
 
-    it "finds the user by name" do
-      @scim.id(:user, @username).should == @user_id
+    it 'times out the connection at the configured time for the token issuer' do
+      expect {
+        Timeout.timeout(default_http_client_timeout - 1) do
+          token_issuer.client_credentials_grant
+        end
+      }.to raise_error HTTPException
     end
+  end
 
-    it "gets the user by id" do
-      user_info = @scim.get(:user, @user_id)
-      user_info[:id].should == @user_id
-      user_info[:username].should == @username
-    end
+  if ENV['UAA_CLIENT_TARGET']
+    describe 'UAA Integration:' do
+
+      let(:options)  { @options }
+      let(:token_issuer) { TokenIssuer.new(@target, @test_client, @test_secret, options) }
+      let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true)) }
+
+      before :all do
+        @options = {}
+        if ENV['SKIP_SSL_VALIDATION']
+          @options = {:skip_ssl_validation => true}
+        end
+        @target = ENV['UAA_CLIENT_TARGET']
+        @test_client = "test_client_#{Time.now.to_i}"
+        @test_secret = '+=tEsTsEcRet~!@'
+        gids = ['clients.read', 'scim.read', 'scim.write', 'uaa.resource', 'password.write']
+        test_client = CF::UAA::admin_scim(@options).add(:client, :client_id => @test_client, :client_secret => @test_secret,
+                                     :authorities => gids, :authorized_grant_types => ['client_credentials', 'password'],
+                                     :scope => ['openid', 'password.write'])
+        expect(test_client[:client_id]).to eq(@test_client)
+      end
 
-    it "gets a user token by an implicit grant" do
-      @toki = TokenIssuer.new(@target, "vmc")
-      token = @toki.implicit_grant_with_creds(:username => @username, :password => @user_pwd)
-      token.info["access_token"].should be
-      info = Misc.whoami(@target, token.auth_header)
-      info["user_name"].should == @username
-      contents = TokenCoder.decode(token.info["access_token"], :verify => false)
-      contents["user_name"].should == @username
-    end
+      after :all do
+        admin_scim = CF::UAA::admin_scim(@options)
+        admin_scim.delete(:client, @test_client)
+        expect { admin_scim.id(:client, @test_client) }.to raise_exception(NotFound)
+      end
 
-    it "changes the user's password by name" do
-      @scim.change_password(@scim.id(:user, @username), "newpassword")[:status].should == "ok"
-    end
+      if ENV['SKIP_SSL_VALIDATION']
+        context 'when ssl certificate is self-signed' do
+          let(:options)  { {:skip_ssl_validation => false} }
 
-    it "lists all users" do
-      user_info = @scim.query(:user)
-      user_info.should_not be_nil
-    end
+          it 'fails if skip_ssl_validation is false' do
+            expect{ scim }.to raise_exception(CF::UAA::SSLException)
+          end
+        end
+      end
+
+      if ENV['SSL_CA_FILE']
+        context 'when you do not skip SSL validation' do
+          context 'when you provide cert' do
+            let(:options)  { {:ssl_ca_file => ENV['SSL_CA_FILE']} }
 
-    if ENV["UAA_CLIENT_LOGIN"]
-      it "should get a uri to be sent to the user agent to initiate autologin" do
-        logn = ENV["UAA_CLIENT_LOGIN"]
-        toki = TokenIssuer.new(logn, @test_client, @test_secret)
-        redir_uri = "http://call.back/uri_path"
-        uri_parts = toki.autologin_uri(redir_uri, :username => @username,
-            :password => "newpassword").split('?')
-        uri_parts[0].should == "#{logn}/oauth/authorize"
-        params = Util.decode_form(uri_parts[1], :sym)
-        params[:response_type].should == "code"
-        params[:client_id].should == @client_id
-        params[:scope].should be_nil
-        params[:redirect_uri].should == redir_uri
-        params[:state].should_not be_nil
-        params[:code].should_not be_nil
+            it 'works' do
+              expect(token_issuer.prompts).to_not be_nil
+            end
+          end
+
+          context 'if you do not provide cert file' do
+            let(:options)  { {} }
+
+            it 'fails' do
+              expect{ scim }.to raise_exception(CF::UAA::SSLException)
+            end
+          end
+        end
       end
-    end
 
-    it "deletes the user" do
-      @scim.delete(:user, @user_id)
-      expect { @scim.id(:user, @username) }.to raise_exception(NotFound)
-      expect { @scim.get(:user, @user_id) }.to raise_exception(NotFound)
-    end
+      if ENV['CERT_STORE']
+        context 'when you do not skip SSL validation' do
+          context 'when you provide cert store' do
+            let(:cert_store) do
+              cert_store = OpenSSL::X509::Store.new
+              cert_store.add_file File.expand_path(ENV['CERT_STORE'])
+              cert_store
+            end
+
+            let(:options)  { {:ssl_cert_store => cert_store} }
+            it 'works' do
+              expect(token_issuer.prompts).to_not be_nil
+            end
+          end
+
+          context 'when you do not provide cert store' do
+            let(:options)  { {} }
+
+            it 'fails' do
+              expect{ scim }.to raise_exception(CF::UAA::SSLException)
+            end
+          end
+        end
+      end
 
-    it "complains about an attempt to delete a non-existent user" do
-      expect { @scim.delete(:user, "non-existent-user") }.to raise_exception(NotFound)
-    end
+      it 'should report the uaa client version' do
+        expect(VERSION).to match(/\d+.\d+.\d+/)
+      end
 
-  end
+      it 'makes sure the server is there by getting the prompts for an implicit grant' do
+        expect(token_issuer.prompts).to_not be_nil
+      end
+
+      it 'gets a token with client credentials' do
+        tkn = token_issuer.client_credentials_grant
+        expect(tkn.auth_header).to match(/^bearer\s/i)
+        info = TokenCoder.decode(tkn.info['access_token'], :verify => false, :symbolize_keys => true)
+        expect(info[:exp]).to be
+        expect(info[:jti]).to be
+      end
 
-end end
+      it 'complains about an attempt to delete a non-existent user' do
+        expect { scim.delete(:user, 'non-existent-user') }.to raise_exception(NotFound)
+      end
 
+      context 'as a client' do
+        before :each do
+          @username = "sam_#{Time.now.to_i}"
+          @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
+          usr = scim.add(:user, :username => @username, :password => @user_pwd,
+                         :emails => [{:value => 'sam@example.com'}],
+                         :name => {:givenname => 'none', :familyname => 'none'})
+          @user_id = usr[:id]
+        end
+
+        it 'deletes the user' do
+          scim.delete(:user, @user_id)
+          expect { scim.id(:user, @username) }.to raise_exception(NotFound)
+          expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
+        end
+
+        context 'when user exists' do
+          after :each do
+            scim.delete(:user, @user_id)
+            expect { scim.id(:user, @username) }.to raise_exception(NotFound)
+            expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
+          end
+
+          it 'creates a user' do
+            expect(@user_id).to be
+          end
+
+          it 'finds the user by name' do
+            expect(scim.id(:user, @username)).to eq(@user_id)
+          end
+
+          it 'gets the user by id' do
+            user_info = scim.get(:user, @user_id)
+            expect(user_info[:id]).to eq(@user_id)
+            expect(user_info[:username]).to eq(@username)
+          end
+
+          it 'lists all users' do
+            expect(scim.query(:user)).to be
+          end
+
+          it "changes the user's password by name" do
+            expect(scim.change_password(scim.id(:user, @username), 'newpassword')[:status]).to eq('ok')
+          end
+
+          it 'should get a uri to be sent to the user agent to initiate autologin' do
+            redir_uri = 'http://call.back/uri_path'
+            uri_parts = token_issuer.autologin_uri(redir_uri, :username => @username,
+                                                   :password =>@user_pwd ).split('?')
+            expect(uri_parts[0]).to eq("#{ENV['UAA_CLIENT_TARGET']}/oauth/authorize")
+            params = Util.decode_form(uri_parts[1], :sym)
+            expect(params[:response_type]).to eq('code')
+            expect(params[:client_id]).to eq(@test_client)
+            expect(params[:scope]).to be_nil
+            expect(params[:redirect_uri]).to eq(redir_uri)
+            expect(params[:state]).to be
+            expect(params[:code]).to be
+          end
+        end
+      end
+    end
+  end
 end