cf-uaa-lib 3.6.0 → 3.14.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -4
- data/NOTICE +12 -0
- data/README.md +1 -1
- data/cf-uaa-lib.gemspec +16 -15
- data/lib/uaa/http.rb +62 -42
- data/lib/uaa/info.rb +6 -7
- data/lib/uaa/scim.rb +79 -25
- data/lib/uaa/token_coder.rb +19 -1
- data/lib/uaa/token_issuer.rb +1 -5
- data/lib/uaa/version.rb +1 -1
- data/spec/http_spec.rb +99 -54
- data/spec/info_spec.rb +36 -38
- data/spec/integration_spec.rb +197 -106
- data/spec/scim_spec.rb +89 -81
- data/spec/token_issuer_spec.rb +130 -135
- metadata +61 -12
- data/NOTICE.TXT +0 -10
- data/lib/uaa/proxy_options.rb +0 -30
- /data/{LICENSE.TXT → LICENSE} +0 -0
data/spec/scim_spec.rb
CHANGED
|
@@ -23,99 +23,107 @@ describe Scim do
|
|
|
23
23
|
|
|
24
24
|
before do
|
|
25
25
|
#Util.default_logger(:trace)
|
|
26
|
-
@authheader, @target =
|
|
26
|
+
@authheader, @target = 'bEareR xyz', 'https://test.target'
|
|
27
27
|
@scim = Scim.new(@target, @authheader, options)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
subject { @scim }
|
|
31
31
|
|
|
32
32
|
def check_headers(headers, content, accept, zone)
|
|
33
|
-
headers[
|
|
34
|
-
headers[
|
|
35
|
-
headers[
|
|
36
|
-
headers[
|
|
37
|
-
headers[
|
|
38
|
-
headers[
|
|
33
|
+
headers['content-type'].should =~ /application\/json/ if content == :json
|
|
34
|
+
headers['content-type'].should be_nil unless content
|
|
35
|
+
headers['accept'].should =~ /application\/json/ if accept == :json
|
|
36
|
+
headers['accept'].should be_nil unless accept
|
|
37
|
+
headers['authorization'].should =~ /^(?i:bearer)\s+xyz$/
|
|
38
|
+
headers['X-Identity-Zone-Subdomain'].should eq zone
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
describe
|
|
41
|
+
describe 'initialize' do
|
|
42
42
|
let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true} }
|
|
43
43
|
|
|
44
|
-
it
|
|
45
|
-
subject.http_proxy.should == 'http-proxy.com'
|
|
46
|
-
subject.https_proxy.should == 'https-proxy.com'
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
it "sets skip_ssl_validation" do
|
|
44
|
+
it 'sets skip_ssl_validation' do
|
|
50
45
|
subject.skip_ssl_validation == true
|
|
51
46
|
end
|
|
52
47
|
end
|
|
53
48
|
|
|
54
|
-
it
|
|
49
|
+
it 'adds an object' do
|
|
55
50
|
subject.set_request_handler do |url, method, body, headers|
|
|
56
51
|
url.should == "#{@target}/Users"
|
|
57
52
|
method.should == :post
|
|
58
53
|
check_headers(headers, :json, :json, nil)
|
|
59
|
-
[200, '{"ID":"id12345"}', {
|
|
54
|
+
[200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
|
|
55
|
+
end
|
|
56
|
+
result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
|
|
57
|
+
:eye_color => ['blue', 'green'], :name => 'fred')
|
|
58
|
+
result['id'].should == 'id12345'
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
it 'gets client meta' do
|
|
62
|
+
subject.set_request_handler do |url, method, body, headers|
|
|
63
|
+
url.should == "#{@target}/oauth/clients/id12345/meta"
|
|
64
|
+
method.should == :get
|
|
65
|
+
check_headers(headers, nil, :json, nil)
|
|
66
|
+
[200, '{"id":"id12345", "created_by": "Marissa"}', {'content-type' => 'application/json'}]
|
|
60
67
|
end
|
|
61
|
-
result = subject.
|
|
62
|
-
|
|
63
|
-
result[
|
|
68
|
+
result = subject.get_client_meta('id12345')
|
|
69
|
+
result['id'].should == 'id12345'
|
|
70
|
+
result['created_by'].should == 'Marissa'
|
|
64
71
|
end
|
|
65
72
|
|
|
66
|
-
it
|
|
67
|
-
obj = {:hair =>
|
|
68
|
-
:name =>
|
|
73
|
+
it 'replaces an object' do
|
|
74
|
+
obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
|
|
75
|
+
:name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
|
|
69
76
|
subject.set_request_handler do |url, method, body, headers|
|
|
70
77
|
url.should == "#{@target}/Users/id12345"
|
|
71
78
|
method.should == :put
|
|
72
79
|
check_headers(headers, :json, :json, nil)
|
|
73
|
-
headers[
|
|
74
|
-
[200, '{"ID":"id12345"}', {
|
|
80
|
+
headers['if-match'].should == 'v567'
|
|
81
|
+
[200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
|
|
75
82
|
end
|
|
76
83
|
result = subject.put(:user, obj)
|
|
77
|
-
result[
|
|
84
|
+
result['id'].should == 'id12345'
|
|
78
85
|
end
|
|
79
86
|
|
|
80
|
-
it
|
|
81
|
-
obj = {:hair =>
|
|
82
|
-
:name =>
|
|
87
|
+
it 'modifies an object' do
|
|
88
|
+
obj = {:hair => 'black', :shoe_size => 'medium', :eye_color => ['hazel', 'brown'],
|
|
89
|
+
:name => 'fredrick', :meta => {:version => 'v567'}, :id => 'id12345'}
|
|
83
90
|
subject.set_request_handler do |url, method, body, headers|
|
|
84
91
|
url.should == "#{@target}/Users/id12345"
|
|
85
92
|
method.should == :patch
|
|
86
93
|
check_headers(headers, :json, :json, nil)
|
|
87
|
-
headers[
|
|
88
|
-
[200, '{"ID":"id12345"}', {
|
|
94
|
+
headers['if-match'].should == 'v567'
|
|
95
|
+
[200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
|
|
89
96
|
end
|
|
90
97
|
result = subject.patch(:user, obj)
|
|
91
|
-
result[
|
|
98
|
+
result['id'].should == 'id12345'
|
|
92
99
|
end
|
|
93
100
|
|
|
94
|
-
it
|
|
101
|
+
it 'gets an object' do
|
|
95
102
|
subject.set_request_handler do |url, method, body, headers|
|
|
96
103
|
url.should == "#{@target}/Users/id12345"
|
|
97
104
|
method.should == :get
|
|
98
105
|
check_headers(headers, nil, :json, nil)
|
|
99
|
-
[200, '{"id":"id12345"}', {
|
|
106
|
+
[200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
|
|
100
107
|
end
|
|
101
|
-
result = subject.get(:user,
|
|
102
|
-
result['id'].should ==
|
|
108
|
+
result = subject.get(:user, 'id12345')
|
|
109
|
+
result['id'].should == 'id12345'
|
|
103
110
|
end
|
|
104
111
|
|
|
105
|
-
it
|
|
112
|
+
it 'pages through all objects' do
|
|
106
113
|
subject.set_request_handler do |url, method, body, headers|
|
|
107
114
|
url.should =~ %r{^#{@target}/Users\?}
|
|
108
115
|
url.should =~ %r{[\?&]attributes=id(&|$)}
|
|
116
|
+
url.should =~ %r{[\?&]includeInactive=true(&|$)}
|
|
109
117
|
url.should =~ %r{[\?&]startIndex=[12](&|$)}
|
|
110
118
|
method.should == :get
|
|
111
119
|
check_headers(headers, nil, :json, nil)
|
|
112
120
|
reply = url =~ /startIndex=1/ ?
|
|
113
121
|
'{"TotalResults":2,"ItemsPerPage":1,"StartIndex":1,"RESOURCES":[{"id":"id12345"}]}' :
|
|
114
122
|
'{"TotalResults":2,"ItemsPerPage":1,"StartIndex":2,"RESOURCES":[{"id":"id67890"}]}'
|
|
115
|
-
[200, reply, {
|
|
123
|
+
[200, reply, {'content-type' => 'application/json'}]
|
|
116
124
|
end
|
|
117
|
-
result = subject.all_pages(:user, :attributes => 'id')
|
|
118
|
-
[result[0]['id'], result[1]['id']].to_set.should == [
|
|
125
|
+
result = subject.all_pages(:user, :attributes => 'id', :includeInactive => true)
|
|
126
|
+
[result[0]['id'], result[1]['id']].to_set.should == ['id12345', 'id67890'].to_set
|
|
119
127
|
end
|
|
120
128
|
|
|
121
129
|
it "changes a user's password" do
|
|
@@ -124,10 +132,10 @@ describe Scim do
|
|
|
124
132
|
method.should == :put
|
|
125
133
|
check_headers(headers, :json, :json, nil)
|
|
126
134
|
body.should include('"password":"newpwd"', '"oldPassword":"oldpwd"')
|
|
127
|
-
[200, '{"id":"id12345"}', {
|
|
135
|
+
[200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
|
|
128
136
|
end
|
|
129
|
-
result = subject.change_password(
|
|
130
|
-
result['id'].should ==
|
|
137
|
+
result = subject.change_password('id12345', 'newpwd', 'oldpwd')
|
|
138
|
+
result['id'].should == 'id12345'
|
|
131
139
|
end
|
|
132
140
|
|
|
133
141
|
it "tries to change the user's password to be the same as the old one" do
|
|
@@ -135,9 +143,9 @@ describe Scim do
|
|
|
135
143
|
url.should == "#{@target}/Users/id12345/password"
|
|
136
144
|
method.should == :put
|
|
137
145
|
check_headers(headers, :json, :json, nil)
|
|
138
|
-
[400, '{"error":"invalid_password","message":"Your new password cannot be the same as the old password."}', {
|
|
146
|
+
[400, '{"error":"invalid_password","message":"Your new password cannot be the same as the old password."}', {'content-type' => 'application/json'}]
|
|
139
147
|
end
|
|
140
|
-
expect {subject.change_password(
|
|
148
|
+
expect {subject.change_password('id12345', 'oldpwd', 'oldpwd')}.to raise_error(error=TargetError)
|
|
141
149
|
end
|
|
142
150
|
|
|
143
151
|
it "changes a client's secret" do
|
|
@@ -146,90 +154,90 @@ describe Scim do
|
|
|
146
154
|
method.should == :put
|
|
147
155
|
check_headers(headers, :json, :json, nil)
|
|
148
156
|
body.should include('"secret":"newpwd"', '"oldSecret":"oldpwd"')
|
|
149
|
-
[200, '{"id":"id12345"}', {
|
|
157
|
+
[200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
|
|
150
158
|
end
|
|
151
|
-
result = subject.change_secret(
|
|
152
|
-
result['id'].should ==
|
|
159
|
+
result = subject.change_secret('id12345', 'newpwd', 'oldpwd')
|
|
160
|
+
result['id'].should == 'id12345'
|
|
153
161
|
end
|
|
154
162
|
|
|
155
|
-
it
|
|
163
|
+
it 'unlocks a user' do
|
|
156
164
|
subject.set_request_handler do |url, method, body, headers|
|
|
157
165
|
url.should == "#{@target}/Users/id12345/status"
|
|
158
166
|
method.should == :patch
|
|
159
167
|
check_headers(headers, :json, :json, nil)
|
|
160
168
|
body.should include('"locked":false')
|
|
161
|
-
[200, '{"locked":false}', {
|
|
169
|
+
[200, '{"locked":false}', {'content-type' => 'application/json'}]
|
|
162
170
|
end
|
|
163
|
-
result = subject.unlock_user(
|
|
171
|
+
result = subject.unlock_user('id12345')
|
|
164
172
|
result['locked'].should == false
|
|
165
173
|
end
|
|
166
174
|
|
|
167
|
-
it
|
|
175
|
+
it 'adds a mapping from uaa groups to external group' do
|
|
168
176
|
subject.set_request_handler do |url, method, body, headers|
|
|
169
177
|
url.should == "#{@target}/Groups/External"
|
|
170
178
|
method.should == :post
|
|
171
179
|
check_headers(headers, :json, :json, nil)
|
|
172
180
|
body.should include('"displayName":"uaa-scope-name"', '"externalGroup":"external-group-name"', '"schemas":["urn:scim:schemas:core:1.0"]', '"origin":"test-origin"')
|
|
173
|
-
[201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {
|
|
181
|
+
[201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
|
|
174
182
|
end
|
|
175
|
-
result = subject.map_group(
|
|
176
|
-
result['displayname'].should ==
|
|
177
|
-
result['externalgroup'].should ==
|
|
183
|
+
result = subject.map_group('uaa-scope-name', false, 'external-group-name', 'test-origin')
|
|
184
|
+
result['displayname'].should == 'uaa-scope-name'
|
|
185
|
+
result['externalgroup'].should == 'external-group-name'
|
|
178
186
|
end
|
|
179
187
|
|
|
180
|
-
it
|
|
188
|
+
it 'defaults to ldap origin when mapping a uaa group from an external group' do
|
|
181
189
|
subject.set_request_handler do |url, method, body, headers|
|
|
182
190
|
url.should == "#{@target}/Groups/External"
|
|
183
191
|
method.should == :post
|
|
184
192
|
check_headers(headers, :json, :json, nil)
|
|
185
193
|
body.should include('"displayName":"uaa-scope-name"', '"externalGroup":"external-group-name"', '"schemas":["urn:scim:schemas:core:1.0"]', '"origin":"ldap"')
|
|
186
|
-
[201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {
|
|
194
|
+
[201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
|
|
187
195
|
end
|
|
188
|
-
result = subject.map_group(
|
|
189
|
-
result['displayname'].should ==
|
|
190
|
-
result['externalgroup'].should ==
|
|
196
|
+
result = subject.map_group('uaa-scope-name', false, 'external-group-name')
|
|
197
|
+
result['displayname'].should == 'uaa-scope-name'
|
|
198
|
+
result['externalgroup'].should == 'external-group-name'
|
|
191
199
|
end
|
|
192
200
|
|
|
193
|
-
it
|
|
201
|
+
it 'unmaps a uaa group from an external group' do
|
|
194
202
|
subject.set_request_handler do |url, method, body, headers|
|
|
195
203
|
url.should == "#{@target}/Groups/External/groupId/uaa-group-id/externalGroup/external%20group%20name/origin/test-origin"
|
|
196
204
|
method.should == :delete
|
|
197
205
|
check_headers(headers, nil, nil, nil)
|
|
198
206
|
|
|
199
|
-
[200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {
|
|
207
|
+
[200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
|
|
200
208
|
end
|
|
201
|
-
subject.unmap_group(
|
|
209
|
+
subject.unmap_group('uaa-group-id', 'external group name', 'test-origin')
|
|
202
210
|
end
|
|
203
211
|
|
|
204
|
-
it
|
|
212
|
+
it 'defaults to ldap origin when unmapping a uaa group from an external group' do
|
|
205
213
|
subject.set_request_handler do |url, method, body, headers|
|
|
206
214
|
url.should == "#{@target}/Groups/External/groupId/uaa-group-id/externalGroup/external%20group%20name/origin/ldap"
|
|
207
215
|
method.should == :delete
|
|
208
216
|
check_headers(headers, nil, nil, nil)
|
|
209
217
|
|
|
210
|
-
[200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {
|
|
218
|
+
[200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {'content-type' => 'application/json'}]
|
|
211
219
|
end
|
|
212
|
-
subject.unmap_group(
|
|
220
|
+
subject.unmap_group('uaa-group-id', 'external group name')
|
|
213
221
|
end
|
|
214
222
|
|
|
215
|
-
describe
|
|
223
|
+
describe 'users in a zone' do
|
|
216
224
|
let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true, :zone => 'derpzone'} }
|
|
217
225
|
|
|
218
|
-
it
|
|
226
|
+
it 'sends zone header' do
|
|
219
227
|
subject.set_request_handler do |url, method, body, headers|
|
|
220
228
|
url.should == "#{@target}/Users"
|
|
221
229
|
method.should == :post
|
|
222
230
|
check_headers(headers, :json, :json, 'derpzone')
|
|
223
|
-
[200, '{"ID":"id12345"}', {
|
|
231
|
+
[200, '{"ID":"id12345"}', {'content-type' => 'application/json'}]
|
|
224
232
|
end
|
|
225
|
-
result = subject.add(:user, :hair =>
|
|
226
|
-
:eye_color => [
|
|
227
|
-
result[
|
|
233
|
+
result = subject.add(:user, :hair => 'brown', :shoe_size => 'large',
|
|
234
|
+
:eye_color => ['blue', 'green'], :name => 'fred')
|
|
235
|
+
result['id'].should == 'id12345'
|
|
228
236
|
end
|
|
229
237
|
end
|
|
230
238
|
|
|
231
|
-
describe
|
|
232
|
-
it
|
|
239
|
+
describe '#list_group_mappings' do
|
|
240
|
+
it 'lists all the external group mappings with default pagination' do
|
|
233
241
|
subject.set_request_handler do |url, method, body, headers|
|
|
234
242
|
url.should start_with("#{@target}/Groups/External/list")
|
|
235
243
|
method.should == :get
|
|
@@ -238,7 +246,7 @@ describe Scim do
|
|
|
238
246
|
[
|
|
239
247
|
200,
|
|
240
248
|
'{"resources": [{"groupId": "group-id", "displayName": "group-name", "externalGroup": "external-group-name"}], "totalResults": 1 }',
|
|
241
|
-
{
|
|
249
|
+
{'content-type' => 'application/json'}
|
|
242
250
|
]
|
|
243
251
|
end
|
|
244
252
|
|
|
@@ -247,23 +255,23 @@ describe Scim do
|
|
|
247
255
|
result['totalresults'].should == 1
|
|
248
256
|
end
|
|
249
257
|
|
|
250
|
-
it
|
|
258
|
+
it 'lists a page of external group mappings starting from an index' do
|
|
251
259
|
subject.set_request_handler do |url, method, body, headers|
|
|
252
260
|
url.should start_with("#{@target}/Groups/External/list")
|
|
253
261
|
method.should == :get
|
|
254
262
|
check_headers(headers, nil, :json, nil)
|
|
255
263
|
|
|
256
264
|
query_params = CGI::parse(URI.parse(url).query)
|
|
257
|
-
start_index = query_params[
|
|
258
|
-
count = query_params[
|
|
265
|
+
start_index = query_params['startIndex'].first
|
|
266
|
+
count = query_params['count'].first
|
|
259
267
|
|
|
260
|
-
start_index.should ==
|
|
261
|
-
count.should ==
|
|
268
|
+
start_index.should == '3'
|
|
269
|
+
count.should == '10'
|
|
262
270
|
|
|
263
271
|
[
|
|
264
272
|
200,
|
|
265
273
|
'{"resources": [{"groupId": "group-id", "displayName": "group-name", "externalGroup": "external-group-name"}], "totalResults": 1 }',
|
|
266
|
-
{
|
|
274
|
+
{'content-type' => 'application/json'}
|
|
267
275
|
]
|
|
268
276
|
end
|
|
269
277
|
|