cf-uaa-lib 3.2.4 → 3.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f1a44d84d9da8b6a573137d39cff8f0a8272f21d
-  data.tar.gz: 50590e8f0a93d17739478de139c72a744ce1417a
+  metadata.gz: 22244230c33436d1113ddefaa82fd4e8f68f611b
+  data.tar.gz: 67c4faa41e5dabcd57944e634dc1d7689ff63402
 SHA512:
-  metadata.gz: 01b0f6577fad7197cd957c55f4f7b7cf781a6d79f160de5cba31a523708da721396cbf48261f9d8da61e59b704672f4b3d3fa0c7f08ccc349c3171ec98478e1f
-  data.tar.gz: 723f1a40f353d5b70bf8ee778dc1ec32f7c1e10729a82444281fa96e7f17a5b5eb0c0a10ff160ef149f9017f2bd2aae236ffb7a72accf016664788d8c947e17f
+  metadata.gz: 08a6c3960dfd815606d99b477450068c1350f8ecfca4617f2bd9401faa594565290aa4c1c191fc48254a25b27b629701525bee4192cc23df8a1c835b791257b5
+  data.tar.gz: be6448d4cc5dddb693a122b7cf86062c62f950163dbb648cb0c03cee05899f74b47081e7b1e85aef9f95973fa995c5b52f004bd152c401050713ee2a44eb12b1

data/lib/uaa/http.rb

@@ -50,7 +50,7 @@ module Http
 
   def self.included(base)
     base.class_eval do
-      attr_accessor :http_proxy, :https_proxy, :skip_ssl_validation, :ssl_ca_file
+      attr_accessor :http_proxy, :https_proxy, :skip_ssl_validation, :ssl_ca_file, :ssl_cert_store, :zone
     end
   end
 
@@ -128,8 +128,10 @@ module Http
   def http_put(target, path, body, headers = {}) request(target, :put, path, body, headers) end
   def http_patch(target, path, body, headers = {}) request(target, :patch, path, body, headers) end
 
-  def http_delete(target, path, authorization)
-    status = request(target, :delete, path, nil, "authorization" => authorization)[0]
+  def http_delete(target, path, authorization, zone = nil)
+    hdrs = { "authorization" => authorization }
+    hdrs['X-Identity-Zone-Subdomain'] = zone if zone
+    status = request(target, :delete, path, nil, hdrs)[0]
     unless [200, 204].include?(status)
       raise (status == 404 ? NotFound : BadResponse), "invalid response from #{path}: #{status}"
     end
@@ -188,6 +190,9 @@ module Http
       elsif ssl_ca_file
         http.ca_file = File.expand_path(ssl_ca_file)
         http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      elsif ssl_cert_store
+        http.cert_store = ssl_cert_store
+        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
       end
     end
 

data/lib/uaa/info.rb

@@ -33,6 +33,7 @@ class Info
     self.target = target
     self.skip_ssl_validation = options[:skip_ssl_validation]
     self.ssl_ca_file = options[:ssl_ca_file]
+    self.ssl_cert_store = options[:ssl_cert_store]
     self.symbolize_keys = options[:symbolize_keys]
     self.http_proxy = options[:http_proxy]
     self.https_proxy = options[:https_proxy]

data/lib/uaa/scim.rb

@@ -55,6 +55,12 @@ class Scim
     kc || kd
   end
 
+  def headers()
+    hdrs = { 'authorization' => @auth_header }
+    hdrs['X-Identity-Zone-Subdomain'] = @zone if @zone
+    hdrs
+  end
+
   # This is very inefficient and should be unnecessary. SCIM (1.1 and early
   # 2.0 drafts) specify that attribute names are case insensitive. However
   # in the UAA attribute names are currently case sensitive. This hack takes
@@ -102,8 +108,10 @@ class Scim
     @key_style = options[:symbolize_keys] ? :downsym : :down
     self.skip_ssl_validation = options[:skip_ssl_validation]
     self.ssl_ca_file = options[:ssl_ca_file]
+    self.ssl_cert_store = options[:ssl_cert_store]
     self.http_proxy = options[:http_proxy]
     self.https_proxy = options[:https_proxy]
+    @zone = options[:zone]
   end
 
   # Convenience method to get the naming attribute, e.g. userName for user,
@@ -120,7 +128,7 @@ class Scim
   def add(type, info)
     path, info = type_info(type, :path), force_case(info)
     reply = json_parse_reply(@key_style, *json_post(@target, path, info,
-        "authorization" => @auth_header))
+        headers))
     fake_client_id(reply) if type == :client # hide client reply, not quite scim
     reply
   end
@@ -130,7 +138,7 @@ class Scim
   # @param [String] id the id attribute of the SCIM object
   # @return [nil]
   def delete(type, id)
-    http_delete @target, "#{type_info(type, :path)}/#{URI.encode(id)}", @auth_header
+    http_delete @target, "#{type_info(type, :path)}/#{URI.encode(id)}", @auth_header, @zone
   end
 
   # Replaces the contents of a SCIM object.
@@ -140,7 +148,7 @@ class Scim
     path, info = type_info(type, :path), force_case(info)
     ida = type == :client ? 'client_id' : 'id'
     raise ArgumentError, "info must include #{ida}" unless id = info[ida]
-    hdrs = {'authorization' => @auth_header}
+   hdrs = headers
     if info && info['meta'] && (etag = info['meta']['version'])
       hdrs.merge!('if-match' => etag)
     end
@@ -158,7 +166,7 @@ class Scim
     path, info = type_info(type, :path), force_case(info)
     ida = type == :client ? 'client_id' : 'id'
     raise ArgumentError, "info must include #{ida}" unless id = info[ida]
-    hdrs = {'authorization' => @auth_header}
+    hdrs = headers
     if info && info['meta'] && (etag = info['meta']['version'])
       hdrs.merge!('if-match' => etag)
     end
@@ -189,7 +197,7 @@ class Scim
     end
     qstr = query.empty?? '': "?#{Util.encode_form(query)}"
     info = json_get(@target, "#{type_info(type, :path)}#{qstr}",
-        @key_style,  'authorization' => @auth_header)
+        @key_style,  headers)
     unless info.is_a?(Hash) && info[rk = jkey(:resources)].is_a?(Array)
 
       # hide client endpoints that are not yet scim compatible
@@ -212,7 +220,7 @@ class Scim
   # @return (see #add)
   def get(type, id)
     info = json_get(@target, "#{type_info(type, :path)}/#{URI.encode(id)}",
-        @key_style, 'authorization' => @auth_header)
+        @key_style, headers)
 
     fake_client_id(info) if type == :client # hide client reply, not quite scim
     info
@@ -288,8 +296,7 @@ class Scim
     req = {"password" => new_password}
     req["oldPassword"] = old_password if old_password
     json_parse_reply(@key_style, *json_put(@target,
-        "#{type_info(:user, :path)}/#{URI.encode(user_id)}/password", req,
-        'authorization' => @auth_header))
+        "#{type_info(:user, :path)}/#{URI.encode(user_id)}/password", req, headers))
   end
 
   # Change client secret.
@@ -305,8 +312,7 @@ class Scim
     req = {"secret" => new_secret }
     req["oldSecret"] = old_secret if old_secret
     json_parse_reply(@key_style, *json_put(@target,
-        "#{type_info(:client, :path)}/#{URI.encode(client_id)}/secret", req,
-        'authorization' => @auth_header))
+        "#{type_info(:client, :path)}/#{URI.encode(client_id)}/secret", req, headers))
   end
 
   def map_group(group, is_id, external_group)
@@ -314,19 +320,18 @@ class Scim
     request = {key_name => group, :externalGroup => external_group, :schemas => ["urn:scim:schemas:core:1.0"] }
     result = json_parse_reply(@key_style, *json_post(@target,
                                                      "#{type_info(:group_mapping, :path)}", request,
-                                                     'authorization' => @auth_header))
+                                                     headers))
     result
   end
 
   def unmap_group(group_id, external_group)
     http_delete(@target, "#{type_info(:group_mapping, :path)}/id/#{group_id}/#{URI.encode(external_group)}",
-                          @auth_header)
+                          @auth_header, @zone)
   end
 
   def list_group_mappings(start = nil, count = nil)
-    json_get(@target, "#{type_info(:group_mapping, :path)}/list?startIndex=#{start}&count=#{count}", @key_style, 'authorization' => @auth_header)
+    json_get(@target, "#{type_info(:group_mapping, :path)}/list?startIndex=#{start}&count=#{count}", @key_style, headers)
   end
 end
 
 end
-

data/lib/uaa/token_issuer.rb

@@ -111,6 +111,7 @@ class TokenIssuer
     @key_style = options[:symbolize_keys] ? :sym : nil
     self.skip_ssl_validation = options[:skip_ssl_validation]
     self.ssl_ca_file = options[:ssl_ca_file]
+    self.ssl_cert_store = options[:ssl_cert_store]
     self.http_proxy = options[:http_proxy]
     self.https_proxy = options[:https_proxy]
   end

data/lib/uaa/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = "3.2.4"
+    VERSION = "3.2.5"
   end
 end

data/spec/http_spec.rb

@@ -80,6 +80,18 @@ describe Http do
     expect(http_double).to have_received(:ca_file=).with("/fake-ca-file")
     expect(http_double).to have_received(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
   end
+
+  it "passes ssl cert store if provided" do
+    http_double = double('http').as_null_object
+    cert_store = double('OpenSSL::X509::Store')
+    Net::HTTP.stub(:new).and_return(http_double)
+
+    http_instance.ssl_cert_store = cert_store
+    http_instance.http_get("https://uncached.example.com")
+
+    expect(http_double).to have_received(:cert_store=).with(cert_store)
+    expect(http_double).to have_received(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+  end
 end
 
 end

data/spec/scim_spec.rb

@@ -29,12 +29,13 @@ describe Scim do
 
   subject { @scim }
 
-  def check_headers(headers, content, accept)
+  def check_headers(headers, content, accept, zone)
     headers["content-type"].should =~ /application\/json/ if content == :json
     headers["content-type"].should be_nil unless content
     headers["accept"].should =~ /application\/json/ if accept == :json
     headers["accept"].should be_nil unless accept
     headers["authorization"].should =~ /^(?i:bearer)\s+xyz$/
+    headers["X-Identity-Zone-Subdomain"].should eq zone
   end
 
   describe "initialize" do
@@ -54,7 +55,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users"
       method.should == :post
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
     end
     result = subject.add(:user, :hair => "brown", :shoe_size => "large",
@@ -68,7 +69,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :put
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       headers["if-match"].should == "v567"
       [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
     end
@@ -82,7 +83,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :patch
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       headers["if-match"].should == "v567"
       [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
     end
@@ -94,7 +95,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345"
       method.should == :get
-      check_headers(headers, nil, :json)
+      check_headers(headers, nil, :json, nil)
       [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
     end
     result = subject.get(:user, "id12345")
@@ -107,7 +108,7 @@ describe Scim do
       url.should =~ %r{[\?&]attributes=id(&|$)}
       url.should =~ %r{[\?&]startIndex=[12](&|$)}
       method.should == :get
-      check_headers(headers, nil, :json)
+      check_headers(headers, nil, :json, nil)
       reply = url =~ /startIndex=1/ ?
         '{"TotalResults":2,"ItemsPerPage":1,"StartIndex":1,"RESOURCES":[{"id":"id12345"}]}' :
         '{"TotalResults":2,"ItemsPerPage":1,"StartIndex":2,"RESOURCES":[{"id":"id67890"}]}'
@@ -121,7 +122,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345/password"
       method.should == :put
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       body.should include('"password":"newpwd"', '"oldPassword":"oldpwd"')
       [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
     end
@@ -133,7 +134,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Users/id12345/password"
       method.should == :put
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       [400, '{"error":"invalid_password","message":"Your new password cannot be the same as the old password."}', {"content-type" => "application/json"}]
     end
     expect {subject.change_password("id12345", "oldpwd", "oldpwd")}.to raise_error(error=TargetError)
@@ -143,7 +144,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/oauth/clients/id12345/secret"
       method.should == :put
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       body.should include('"secret":"newpwd"', '"oldSecret":"oldpwd"')
       [200, '{"id":"id12345"}', {"content-type" => "application/json"}]
     end
@@ -155,7 +156,7 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External"
       method.should == :post
-      check_headers(headers, :json, :json)
+      check_headers(headers, :json, :json, nil)
       body.should include('"displayName":"uaa-scope-name"', '"externalGroup":"external-group-name"', '"schemas":["urn:scim:schemas:core:1.0"]')
       [201, '{"displayName":"uaa-scope-name", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
     end
@@ -168,19 +169,35 @@ describe Scim do
     subject.set_request_handler do |url, method, body, headers|
       url.should == "#{@target}/Groups/External/id/uaa-group-id/external%20group%20name"
       method.should == :delete
-      check_headers(headers, nil, nil)
+      check_headers(headers, nil, nil, nil)
 
       [200, '{"displayName":"uaa-scope-name", "groupId": "uaa-group-id", "externalGroup": "external-group-name"}', {"content-type" => "application/json"}]
     end
     subject.unmap_group("uaa-group-id", "external group name")
   end
 
+  describe "users in a zone" do
+    let(:options) { {:http_proxy => 'http-proxy.com', :https_proxy => 'https-proxy.com', :skip_ssl_validation => true, :zone => 'derpzone'} }
+
+    it "sends zone header" do
+        subject.set_request_handler do |url, method, body, headers|
+          url.should == "#{@target}/Users"
+          method.should == :post
+          check_headers(headers, :json, :json, 'derpzone')
+          [200, '{"ID":"id12345"}', {"content-type" => "application/json"}]
+        end
+        result = subject.add(:user, :hair => "brown", :shoe_size => "large",
+                             :eye_color => ["blue", "green"], :name => "fred")
+        result["id"].should == "id12345"
+      end
+  end
+
   describe "#list_group_mappings" do
     it "lists all the external group mappings with default pagination" do
       subject.set_request_handler do |url, method, body, headers|
         url.should start_with("#{@target}/Groups/External/list")
         method.should == :get
-        check_headers(headers, nil, :json)
+        check_headers(headers, nil, :json, nil)
 
         [
             200,
@@ -198,7 +215,7 @@ describe Scim do
       subject.set_request_handler do |url, method, body, headers|
         url.should start_with("#{@target}/Groups/External/list")
         method.should == :get
-        check_headers(headers, nil, :json)
+        check_headers(headers, nil, :json, nil)
 
         query_params = CGI::parse(URI.parse(url).query)
         start_index = query_params["startIndex"].first
@@ -216,6 +233,8 @@ describe Scim do
 
       subject.list_group_mappings(3, 10)
     end
+
+
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaa-lib
 version: !ruby/object:Gem::Version
-  version: 3.2.4
+  version: 3.2.5
 platform: ruby
 authors:
 - Dave Syer
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-22 00:00:00.000000000 Z
+date: 2015-12-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json