cf-uaa-lib 3.6.0 → 3.14.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -4
- data/NOTICE +12 -0
- data/README.md +1 -1
- data/cf-uaa-lib.gemspec +16 -15
- data/lib/uaa/http.rb +62 -42
- data/lib/uaa/info.rb +6 -7
- data/lib/uaa/scim.rb +79 -25
- data/lib/uaa/token_coder.rb +19 -1
- data/lib/uaa/token_issuer.rb +1 -5
- data/lib/uaa/version.rb +1 -1
- data/spec/http_spec.rb +99 -54
- data/spec/info_spec.rb +36 -38
- data/spec/integration_spec.rb +197 -106
- data/spec/scim_spec.rb +89 -81
- data/spec/token_issuer_spec.rb +130 -135
- metadata +61 -12
- data/NOTICE.TXT +0 -10
- data/lib/uaa/proxy_options.rb +0 -30
- /data/{LICENSE.TXT → LICENSE} +0 -0
data/spec/integration_spec.rb
CHANGED
@@ -15,135 +15,226 @@ require 'spec_helper'
|
|
15
15
|
require 'uaa'
|
16
16
|
require 'pp'
|
17
17
|
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
18
|
+
# ENV['UAA_CLIENT_ID'] = 'admin'
|
19
|
+
# ENV['UAA_CLIENT_SECRET'] = 'admin_secret'
|
20
|
+
# ENV['UAA_CLIENT_TARGET'] = 'https://login.identity.cf-app.com'
|
21
|
+
# ENV['UAA_CLIENT_TARGET'] = 'http://localhost:8080/uaa'
|
22
22
|
|
23
|
-
|
23
|
+
#Set this variable if you want to test skip_ssl_validation option.
|
24
|
+
#Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
|
25
|
+
#It will run all the tests with ssl validation set to false
|
26
|
+
# ENV['SKIP_SSL_VALIDATION'] = 'yes'
|
24
27
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
def create_test_client
|
30
|
-
toki = TokenIssuer.new(@target, @admin_client, @admin_secret)
|
31
|
-
cr = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
|
32
|
-
@test_client = "test_client_#{Time.now.to_i}"
|
33
|
-
@test_secret = "+=tEsTsEcRet~!@"
|
34
|
-
gids = ["clients.read", "scim.read", "scim.write", "uaa.resource", "password.write"]
|
35
|
-
new_client = cr.add(:client, :client_id => @test_client, :client_secret => @test_secret,
|
36
|
-
:authorities => gids, :authorized_grant_types => ["client_credentials", "password"],
|
37
|
-
:scope => ["openid", "password.write"])
|
38
|
-
new_client[:client_id].should == @test_client
|
39
|
-
@username = "sam_#{Time.now.to_i}"
|
40
|
-
end
|
28
|
+
#Set this variable to test ssl_ca_file option.
|
29
|
+
#Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
|
30
|
+
# ENV['SSL_CA_FILE'] = '~/workspace/identity-cf.cert'
|
41
31
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
@admin_secret = ENV["UAA_CLIENT_SECRET"] || "adminsecret"
|
46
|
-
@target = ENV["UAA_CLIENT_TARGET"]
|
47
|
-
@username = "sam_#{Time.now.to_i}"
|
48
|
-
end
|
32
|
+
#Set this variable to test cert_store option.
|
33
|
+
#Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
|
34
|
+
# ENV['CERT_STORE'] = '~/workspace/identity-cf.cert'
|
49
35
|
|
50
|
-
|
51
|
-
VERSION.should =~ /\d.\d.\d/
|
52
|
-
end
|
36
|
+
module CF::UAA
|
53
37
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
38
|
+
def self.admin_scim(options)
|
39
|
+
admin_client = ENV['UAA_CLIENT_ID'] || 'admin'
|
40
|
+
admin_secret = ENV['UAA_CLIENT_SECRET'] || 'adminsecret'
|
41
|
+
target = ENV['UAA_CLIENT_TARGET']
|
58
42
|
|
59
|
-
|
60
|
-
|
61
|
-
tkn.auth_header.should =~ /^bearer\s/i
|
62
|
-
info = TokenCoder.decode(tkn.info["access_token"], :verify => false, :symbolize_keys => true)
|
63
|
-
info[:exp].should be
|
64
|
-
info[:jti].should be
|
43
|
+
admin_token_issuer = TokenIssuer.new(target, admin_client, admin_secret, options)
|
44
|
+
Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true))
|
65
45
|
end
|
66
46
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
@user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
|
74
|
-
usr = @scim.add(:user, :username => @username, :password => @user_pwd,
|
75
|
-
:emails => [{:value => "sam@example.com"}],
|
76
|
-
:name => {:givenname => "none", :familyname => "none"})
|
77
|
-
@user_id = usr[:id]
|
78
|
-
end
|
47
|
+
describe 'when UAA does not respond' do
|
48
|
+
let(:http_timeout) { 0.01 }
|
49
|
+
let(:default_http_client_timeout) { 60 }
|
50
|
+
let(:scim) { Scim.new(@target, "", {:http_timeout => http_timeout}) }
|
51
|
+
let(:token_issuer) { TokenIssuer.new(@target, "", "", {:http_timeout => http_timeout}) }
|
52
|
+
let(:blackhole_ip) { '10.255.255.1'}
|
79
53
|
|
80
|
-
|
81
|
-
|
54
|
+
before do
|
55
|
+
@target = "http://#{blackhole_ip}"
|
82
56
|
end
|
83
57
|
|
84
|
-
it
|
85
|
-
|
58
|
+
it 'times out the connection at the configured time for the scim' do
|
59
|
+
expect {
|
60
|
+
Timeout.timeout(default_http_client_timeout - 1) do
|
61
|
+
scim.get(:user, "admin")
|
62
|
+
end
|
63
|
+
}.to raise_error HTTPException
|
86
64
|
end
|
87
65
|
|
88
|
-
it
|
89
|
-
|
66
|
+
it 'times out the connection at the configured time for the token issuer' do
|
67
|
+
expect {
|
68
|
+
Timeout.timeout(default_http_client_timeout - 1) do
|
69
|
+
token_issuer.client_credentials_grant
|
70
|
+
end
|
71
|
+
}.to raise_error HTTPException
|
90
72
|
end
|
73
|
+
end
|
91
74
|
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
75
|
+
if ENV['UAA_CLIENT_TARGET']
|
76
|
+
describe 'UAA Integration:' do
|
77
|
+
|
78
|
+
let(:options) { @options }
|
79
|
+
let(:token_issuer) { TokenIssuer.new(@target, @test_client, @test_secret, options) }
|
80
|
+
let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true)) }
|
81
|
+
|
82
|
+
before :all do
|
83
|
+
@options = {}
|
84
|
+
if ENV['SKIP_SSL_VALIDATION']
|
85
|
+
@options = {:skip_ssl_validation => true}
|
86
|
+
end
|
87
|
+
@target = ENV['UAA_CLIENT_TARGET']
|
88
|
+
@test_client = "test_client_#{Time.now.to_i}"
|
89
|
+
@test_secret = '+=tEsTsEcRet~!@'
|
90
|
+
gids = ['clients.read', 'scim.read', 'scim.write', 'uaa.resource', 'password.write']
|
91
|
+
test_client = CF::UAA::admin_scim(@options).add(:client, :client_id => @test_client, :client_secret => @test_secret,
|
92
|
+
:authorities => gids, :authorized_grant_types => ['client_credentials', 'password'],
|
93
|
+
:scope => ['openid', 'password.write'])
|
94
|
+
expect(test_client[:client_id]).to eq(@test_client)
|
95
|
+
end
|
97
96
|
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
info["user_name"].should == @username
|
104
|
-
contents = TokenCoder.decode(token.info["access_token"], :verify => false)
|
105
|
-
contents["user_name"].should == @username
|
106
|
-
end
|
97
|
+
after :all do
|
98
|
+
admin_scim = CF::UAA::admin_scim(@options)
|
99
|
+
admin_scim.delete(:client, @test_client)
|
100
|
+
expect { admin_scim.id(:client, @test_client) }.to raise_exception(NotFound)
|
101
|
+
end
|
107
102
|
|
108
|
-
|
109
|
-
|
110
|
-
|
103
|
+
if ENV['SKIP_SSL_VALIDATION']
|
104
|
+
context 'when ssl certificate is self-signed' do
|
105
|
+
let(:options) { {:skip_ssl_validation => false} }
|
111
106
|
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
107
|
+
it 'fails if skip_ssl_validation is false' do
|
108
|
+
expect{ scim }.to raise_exception(CF::UAA::SSLException)
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
if ENV['SSL_CA_FILE']
|
114
|
+
context 'when you do not skip SSL validation' do
|
115
|
+
context 'when you provide cert' do
|
116
|
+
let(:options) { {:ssl_ca_file => ENV['SSL_CA_FILE']} }
|
116
117
|
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
:
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
params[:state].should_not be_nil
|
131
|
-
params[:code].should_not be_nil
|
118
|
+
it 'works' do
|
119
|
+
expect(token_issuer.prompts).to_not be_nil
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
context 'if you do not provide cert file' do
|
124
|
+
let(:options) { {} }
|
125
|
+
|
126
|
+
it 'fails' do
|
127
|
+
expect{ scim }.to raise_exception(CF::UAA::SSLException)
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
132
131
|
end
|
133
|
-
end
|
134
132
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
133
|
+
if ENV['CERT_STORE']
|
134
|
+
context 'when you do not skip SSL validation' do
|
135
|
+
context 'when you provide cert store' do
|
136
|
+
let(:cert_store) do
|
137
|
+
cert_store = OpenSSL::X509::Store.new
|
138
|
+
cert_store.add_file File.expand_path(ENV['CERT_STORE'])
|
139
|
+
cert_store
|
140
|
+
end
|
141
|
+
|
142
|
+
let(:options) { {:ssl_cert_store => cert_store} }
|
143
|
+
it 'works' do
|
144
|
+
expect(token_issuer.prompts).to_not be_nil
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
context 'when you do not provide cert store' do
|
149
|
+
let(:options) { {} }
|
150
|
+
|
151
|
+
it 'fails' do
|
152
|
+
expect{ scim }.to raise_exception(CF::UAA::SSLException)
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
140
157
|
|
141
|
-
|
142
|
-
|
143
|
-
|
158
|
+
it 'should report the uaa client version' do
|
159
|
+
expect(VERSION).to match(/\d+.\d+.\d+/)
|
160
|
+
end
|
144
161
|
|
145
|
-
|
162
|
+
it 'makes sure the server is there by getting the prompts for an implicit grant' do
|
163
|
+
expect(token_issuer.prompts).to_not be_nil
|
164
|
+
end
|
165
|
+
|
166
|
+
it 'gets a token with client credentials' do
|
167
|
+
tkn = token_issuer.client_credentials_grant
|
168
|
+
expect(tkn.auth_header).to match(/^bearer\s/i)
|
169
|
+
info = TokenCoder.decode(tkn.info['access_token'], :verify => false, :symbolize_keys => true)
|
170
|
+
expect(info[:exp]).to be
|
171
|
+
expect(info[:jti]).to be
|
172
|
+
end
|
146
173
|
|
147
|
-
|
174
|
+
it 'complains about an attempt to delete a non-existent user' do
|
175
|
+
expect { scim.delete(:user, 'non-existent-user') }.to raise_exception(NotFound)
|
176
|
+
end
|
148
177
|
|
178
|
+
context 'as a client' do
|
179
|
+
before :each do
|
180
|
+
@username = "sam_#{Time.now.to_i}"
|
181
|
+
@user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
|
182
|
+
usr = scim.add(:user, :username => @username, :password => @user_pwd,
|
183
|
+
:emails => [{:value => 'sam@example.com'}],
|
184
|
+
:name => {:givenname => 'none', :familyname => 'none'})
|
185
|
+
@user_id = usr[:id]
|
186
|
+
end
|
187
|
+
|
188
|
+
it 'deletes the user' do
|
189
|
+
scim.delete(:user, @user_id)
|
190
|
+
expect { scim.id(:user, @username) }.to raise_exception(NotFound)
|
191
|
+
expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
|
192
|
+
end
|
193
|
+
|
194
|
+
context 'when user exists' do
|
195
|
+
after :each do
|
196
|
+
scim.delete(:user, @user_id)
|
197
|
+
expect { scim.id(:user, @username) }.to raise_exception(NotFound)
|
198
|
+
expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
|
199
|
+
end
|
200
|
+
|
201
|
+
it 'creates a user' do
|
202
|
+
expect(@user_id).to be
|
203
|
+
end
|
204
|
+
|
205
|
+
it 'finds the user by name' do
|
206
|
+
expect(scim.id(:user, @username)).to eq(@user_id)
|
207
|
+
end
|
208
|
+
|
209
|
+
it 'gets the user by id' do
|
210
|
+
user_info = scim.get(:user, @user_id)
|
211
|
+
expect(user_info[:id]).to eq(@user_id)
|
212
|
+
expect(user_info[:username]).to eq(@username)
|
213
|
+
end
|
214
|
+
|
215
|
+
it 'lists all users' do
|
216
|
+
expect(scim.query(:user)).to be
|
217
|
+
end
|
218
|
+
|
219
|
+
it "changes the user's password by name" do
|
220
|
+
expect(scim.change_password(scim.id(:user, @username), 'newpassword')[:status]).to eq('ok')
|
221
|
+
end
|
222
|
+
|
223
|
+
it 'should get a uri to be sent to the user agent to initiate autologin' do
|
224
|
+
redir_uri = 'http://call.back/uri_path'
|
225
|
+
uri_parts = token_issuer.autologin_uri(redir_uri, :username => @username,
|
226
|
+
:password =>@user_pwd ).split('?')
|
227
|
+
expect(uri_parts[0]).to eq("#{ENV['UAA_CLIENT_TARGET']}/oauth/authorize")
|
228
|
+
params = Util.decode_form(uri_parts[1], :sym)
|
229
|
+
expect(params[:response_type]).to eq('code')
|
230
|
+
expect(params[:client_id]).to eq(@test_client)
|
231
|
+
expect(params[:scope]).to be_nil
|
232
|
+
expect(params[:redirect_uri]).to eq(redir_uri)
|
233
|
+
expect(params[:state]).to be
|
234
|
+
expect(params[:code]).to be
|
235
|
+
end
|
236
|
+
end
|
237
|
+
end
|
238
|
+
end
|
239
|
+
end
|
149
240
|
end
|