cf-uaa-lib 3.6.0 → 3.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -15,135 +15,226 @@ require 'spec_helper'
15
15
  require 'uaa'
16
16
  require 'pp'
17
17
 
18
- # Example config for integration tests with defaults:
19
- # ENV["UAA_CLIENT_ID"] = "admin"
20
- # ENV["UAA_CLIENT_SECRET"] = "adminsecret"
21
- # ENV["UAA_CLIENT_TARGET"] = "http://localhost:8080/uaa"
18
+ # ENV['UAA_CLIENT_ID'] = 'admin'
19
+ # ENV['UAA_CLIENT_SECRET'] = 'admin_secret'
20
+ # ENV['UAA_CLIENT_TARGET'] = 'https://login.identity.cf-app.com'
21
+ # ENV['UAA_CLIENT_TARGET'] = 'http://localhost:8080/uaa'
22
22
 
23
- module CF::UAA
23
+ #Set this variable if you want to test skip_ssl_validation option.
24
+ #Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
25
+ #It will run all the tests with ssl validation set to false
26
+ # ENV['SKIP_SSL_VALIDATION'] = 'yes'
24
27
 
25
- if ENV["UAA_CLIENT_TARGET"]
26
-
27
- describe "UAA Integration:" do
28
-
29
- def create_test_client
30
- toki = TokenIssuer.new(@target, @admin_client, @admin_secret)
31
- cr = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
32
- @test_client = "test_client_#{Time.now.to_i}"
33
- @test_secret = "+=tEsTsEcRet~!@"
34
- gids = ["clients.read", "scim.read", "scim.write", "uaa.resource", "password.write"]
35
- new_client = cr.add(:client, :client_id => @test_client, :client_secret => @test_secret,
36
- :authorities => gids, :authorized_grant_types => ["client_credentials", "password"],
37
- :scope => ["openid", "password.write"])
38
- new_client[:client_id].should == @test_client
39
- @username = "sam_#{Time.now.to_i}"
40
- end
28
+ #Set this variable to test ssl_ca_file option.
29
+ #Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
30
+ # ENV['SSL_CA_FILE'] = '~/workspace/identity-cf.cert'
41
31
 
42
- before :all do
43
- #Util.default_logger(:trace)
44
- @admin_client = ENV["UAA_CLIENT_ID"] || "admin"
45
- @admin_secret = ENV["UAA_CLIENT_SECRET"] || "adminsecret"
46
- @target = ENV["UAA_CLIENT_TARGET"]
47
- @username = "sam_#{Time.now.to_i}"
48
- end
32
+ #Set this variable to test cert_store option.
33
+ #Make sure that UAA_CLIENT_TARGET points to https endpoint with self-signed certificate.
34
+ # ENV['CERT_STORE'] = '~/workspace/identity-cf.cert'
49
35
 
50
- it "should report the uaa client version" do
51
- VERSION.should =~ /\d.\d.\d/
52
- end
36
+ module CF::UAA
53
37
 
54
- it "makes sure the server is there by getting the prompts for an implicit grant" do
55
- prompts = TokenIssuer.new(@target, @admin_client, @admin_secret).prompts
56
- prompts.should_not be_nil
57
- end
38
+ def self.admin_scim(options)
39
+ admin_client = ENV['UAA_CLIENT_ID'] || 'admin'
40
+ admin_secret = ENV['UAA_CLIENT_SECRET'] || 'adminsecret'
41
+ target = ENV['UAA_CLIENT_TARGET']
58
42
 
59
- it "gets a token with client credentials" do
60
- tkn = TokenIssuer.new(@target, @admin_client, @admin_secret).client_credentials_grant
61
- tkn.auth_header.should =~ /^bearer\s/i
62
- info = TokenCoder.decode(tkn.info["access_token"], :verify => false, :symbolize_keys => true)
63
- info[:exp].should be
64
- info[:jti].should be
43
+ admin_token_issuer = TokenIssuer.new(target, admin_client, admin_secret, options)
44
+ Scim.new(target, admin_token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true))
65
45
  end
66
46
 
67
- context "as a client," do
68
-
69
- before :all do
70
- create_test_client
71
- toki = TokenIssuer.new(@target, @test_client, @test_secret)
72
- @scim = Scim.new(@target, toki.client_credentials_grant.auth_header, :symbolize_keys => true)
73
- @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
74
- usr = @scim.add(:user, :username => @username, :password => @user_pwd,
75
- :emails => [{:value => "sam@example.com"}],
76
- :name => {:givenname => "none", :familyname => "none"})
77
- @user_id = usr[:id]
78
- end
47
+ describe 'when UAA does not respond' do
48
+ let(:http_timeout) { 0.01 }
49
+ let(:default_http_client_timeout) { 60 }
50
+ let(:scim) { Scim.new(@target, "", {:http_timeout => http_timeout}) }
51
+ let(:token_issuer) { TokenIssuer.new(@target, "", "", {:http_timeout => http_timeout}) }
52
+ let(:blackhole_ip) { '10.255.255.1'}
79
53
 
80
- after :all do
81
- # TODO: delete user, delete test client
54
+ before do
55
+ @target = "http://#{blackhole_ip}"
82
56
  end
83
57
 
84
- it "creates a user" do
85
- @user_id.should be
58
+ it 'times out the connection at the configured time for the scim' do
59
+ expect {
60
+ Timeout.timeout(default_http_client_timeout - 1) do
61
+ scim.get(:user, "admin")
62
+ end
63
+ }.to raise_error HTTPException
86
64
  end
87
65
 
88
- it "finds the user by name" do
89
- @scim.id(:user, @username).should == @user_id
66
+ it 'times out the connection at the configured time for the token issuer' do
67
+ expect {
68
+ Timeout.timeout(default_http_client_timeout - 1) do
69
+ token_issuer.client_credentials_grant
70
+ end
71
+ }.to raise_error HTTPException
90
72
  end
73
+ end
91
74
 
92
- it "gets the user by id" do
93
- user_info = @scim.get(:user, @user_id)
94
- user_info[:id].should == @user_id
95
- user_info[:username].should == @username
96
- end
75
+ if ENV['UAA_CLIENT_TARGET']
76
+ describe 'UAA Integration:' do
77
+
78
+ let(:options) { @options }
79
+ let(:token_issuer) { TokenIssuer.new(@target, @test_client, @test_secret, options) }
80
+ let(:scim) { Scim.new(@target, token_issuer.client_credentials_grant.auth_header, options.merge(:symbolize_keys => true)) }
81
+
82
+ before :all do
83
+ @options = {}
84
+ if ENV['SKIP_SSL_VALIDATION']
85
+ @options = {:skip_ssl_validation => true}
86
+ end
87
+ @target = ENV['UAA_CLIENT_TARGET']
88
+ @test_client = "test_client_#{Time.now.to_i}"
89
+ @test_secret = '+=tEsTsEcRet~!@'
90
+ gids = ['clients.read', 'scim.read', 'scim.write', 'uaa.resource', 'password.write']
91
+ test_client = CF::UAA::admin_scim(@options).add(:client, :client_id => @test_client, :client_secret => @test_secret,
92
+ :authorities => gids, :authorized_grant_types => ['client_credentials', 'password'],
93
+ :scope => ['openid', 'password.write'])
94
+ expect(test_client[:client_id]).to eq(@test_client)
95
+ end
97
96
 
98
- it "gets a user token by an implicit grant" do
99
- @toki = TokenIssuer.new(@target, "vmc")
100
- token = @toki.implicit_grant_with_creds(:username => @username, :password => @user_pwd)
101
- token.info["access_token"].should be
102
- info = Misc.whoami(@target, token.auth_header)
103
- info["user_name"].should == @username
104
- contents = TokenCoder.decode(token.info["access_token"], :verify => false)
105
- contents["user_name"].should == @username
106
- end
97
+ after :all do
98
+ admin_scim = CF::UAA::admin_scim(@options)
99
+ admin_scim.delete(:client, @test_client)
100
+ expect { admin_scim.id(:client, @test_client) }.to raise_exception(NotFound)
101
+ end
107
102
 
108
- it "changes the user's password by name" do
109
- @scim.change_password(@scim.id(:user, @username), "newpassword")[:status].should == "ok"
110
- end
103
+ if ENV['SKIP_SSL_VALIDATION']
104
+ context 'when ssl certificate is self-signed' do
105
+ let(:options) { {:skip_ssl_validation => false} }
111
106
 
112
- it "lists all users" do
113
- user_info = @scim.query(:user)
114
- user_info.should_not be_nil
115
- end
107
+ it 'fails if skip_ssl_validation is false' do
108
+ expect{ scim }.to raise_exception(CF::UAA::SSLException)
109
+ end
110
+ end
111
+ end
112
+
113
+ if ENV['SSL_CA_FILE']
114
+ context 'when you do not skip SSL validation' do
115
+ context 'when you provide cert' do
116
+ let(:options) { {:ssl_ca_file => ENV['SSL_CA_FILE']} }
116
117
 
117
- if ENV["UAA_CLIENT_LOGIN"]
118
- it "should get a uri to be sent to the user agent to initiate autologin" do
119
- logn = ENV["UAA_CLIENT_LOGIN"]
120
- toki = TokenIssuer.new(logn, @test_client, @test_secret)
121
- redir_uri = "http://call.back/uri_path"
122
- uri_parts = toki.autologin_uri(redir_uri, :username => @username,
123
- :password => "newpassword").split('?')
124
- uri_parts[0].should == "#{logn}/oauth/authorize"
125
- params = Util.decode_form(uri_parts[1], :sym)
126
- params[:response_type].should == "code"
127
- params[:client_id].should == @client_id
128
- params[:scope].should be_nil
129
- params[:redirect_uri].should == redir_uri
130
- params[:state].should_not be_nil
131
- params[:code].should_not be_nil
118
+ it 'works' do
119
+ expect(token_issuer.prompts).to_not be_nil
120
+ end
121
+ end
122
+
123
+ context 'if you do not provide cert file' do
124
+ let(:options) { {} }
125
+
126
+ it 'fails' do
127
+ expect{ scim }.to raise_exception(CF::UAA::SSLException)
128
+ end
129
+ end
130
+ end
132
131
  end
133
- end
134
132
 
135
- it "deletes the user" do
136
- @scim.delete(:user, @user_id)
137
- expect { @scim.id(:user, @username) }.to raise_exception(NotFound)
138
- expect { @scim.get(:user, @user_id) }.to raise_exception(NotFound)
139
- end
133
+ if ENV['CERT_STORE']
134
+ context 'when you do not skip SSL validation' do
135
+ context 'when you provide cert store' do
136
+ let(:cert_store) do
137
+ cert_store = OpenSSL::X509::Store.new
138
+ cert_store.add_file File.expand_path(ENV['CERT_STORE'])
139
+ cert_store
140
+ end
141
+
142
+ let(:options) { {:ssl_cert_store => cert_store} }
143
+ it 'works' do
144
+ expect(token_issuer.prompts).to_not be_nil
145
+ end
146
+ end
147
+
148
+ context 'when you do not provide cert store' do
149
+ let(:options) { {} }
150
+
151
+ it 'fails' do
152
+ expect{ scim }.to raise_exception(CF::UAA::SSLException)
153
+ end
154
+ end
155
+ end
156
+ end
140
157
 
141
- it "complains about an attempt to delete a non-existent user" do
142
- expect { @scim.delete(:user, "non-existent-user") }.to raise_exception(NotFound)
143
- end
158
+ it 'should report the uaa client version' do
159
+ expect(VERSION).to match(/\d+.\d+.\d+/)
160
+ end
144
161
 
145
- end
162
+ it 'makes sure the server is there by getting the prompts for an implicit grant' do
163
+ expect(token_issuer.prompts).to_not be_nil
164
+ end
165
+
166
+ it 'gets a token with client credentials' do
167
+ tkn = token_issuer.client_credentials_grant
168
+ expect(tkn.auth_header).to match(/^bearer\s/i)
169
+ info = TokenCoder.decode(tkn.info['access_token'], :verify => false, :symbolize_keys => true)
170
+ expect(info[:exp]).to be
171
+ expect(info[:jti]).to be
172
+ end
146
173
 
147
- end end
174
+ it 'complains about an attempt to delete a non-existent user' do
175
+ expect { scim.delete(:user, 'non-existent-user') }.to raise_exception(NotFound)
176
+ end
148
177
 
178
+ context 'as a client' do
179
+ before :each do
180
+ @username = "sam_#{Time.now.to_i}"
181
+ @user_pwd = "sam's P@55w0rd~!`@\#\$%^&*()_/{}[]\\|:\";',.<>?/"
182
+ usr = scim.add(:user, :username => @username, :password => @user_pwd,
183
+ :emails => [{:value => 'sam@example.com'}],
184
+ :name => {:givenname => 'none', :familyname => 'none'})
185
+ @user_id = usr[:id]
186
+ end
187
+
188
+ it 'deletes the user' do
189
+ scim.delete(:user, @user_id)
190
+ expect { scim.id(:user, @username) }.to raise_exception(NotFound)
191
+ expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
192
+ end
193
+
194
+ context 'when user exists' do
195
+ after :each do
196
+ scim.delete(:user, @user_id)
197
+ expect { scim.id(:user, @username) }.to raise_exception(NotFound)
198
+ expect { scim.get(:user, @user_id) }.to raise_exception(NotFound)
199
+ end
200
+
201
+ it 'creates a user' do
202
+ expect(@user_id).to be
203
+ end
204
+
205
+ it 'finds the user by name' do
206
+ expect(scim.id(:user, @username)).to eq(@user_id)
207
+ end
208
+
209
+ it 'gets the user by id' do
210
+ user_info = scim.get(:user, @user_id)
211
+ expect(user_info[:id]).to eq(@user_id)
212
+ expect(user_info[:username]).to eq(@username)
213
+ end
214
+
215
+ it 'lists all users' do
216
+ expect(scim.query(:user)).to be
217
+ end
218
+
219
+ it "changes the user's password by name" do
220
+ expect(scim.change_password(scim.id(:user, @username), 'newpassword')[:status]).to eq('ok')
221
+ end
222
+
223
+ it 'should get a uri to be sent to the user agent to initiate autologin' do
224
+ redir_uri = 'http://call.back/uri_path'
225
+ uri_parts = token_issuer.autologin_uri(redir_uri, :username => @username,
226
+ :password =>@user_pwd ).split('?')
227
+ expect(uri_parts[0]).to eq("#{ENV['UAA_CLIENT_TARGET']}/oauth/authorize")
228
+ params = Util.decode_form(uri_parts[1], :sym)
229
+ expect(params[:response_type]).to eq('code')
230
+ expect(params[:client_id]).to eq(@test_client)
231
+ expect(params[:scope]).to be_nil
232
+ expect(params[:redirect_uri]).to eq(redir_uri)
233
+ expect(params[:state]).to be
234
+ expect(params[:code]).to be
235
+ end
236
+ end
237
+ end
238
+ end
239
+ end
149
240
  end