cf-uaac 4.15.0 → 4.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +1 -1
  3. data/cf-uaac.gemspec +1 -1
  4. data/lib/uaa/cli/client_reg.rb +25 -0
  5. data/lib/uaa/cli/token.rb +17 -10
  6. data/lib/uaa/stub/uaa.rb +7 -0
  7. data/spec/client_reg_spec.rb +8 -0
  8. data/version.txt +1 -1
  9. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d94ad3cb51d11a269c37db22e0192eb3ad33beb11413994650db7a1eee96704
4
- data.tar.gz: c6a9d43f901ef43e146ae5ba1237b93c1e25cbc7c5e4df690afe37dba4f276b5
3
+ metadata.gz: 59c20844fe851fa5ee2b6a2cfaee7841a362044e647a98abe417616549bebee9
4
+ data.tar.gz: be7dc84aadceee22588768f956c717cdc6073b534366d90b1778deb882bcfb6a
5
5
  SHA512:
6
- metadata.gz: 90dc3285e451dd7d435d7eada8edce46449dce10cea09415b58e80d37269867f265bd3b10485093e1e44604c5ab187633b7b4c9b561748a22f2b0ea8e1d036b8
7
- data.tar.gz: b8088a02f28b76a828df8e2a4a898b69dbce15db166a97fba76d3d881b7b378a0eceb19bbd378173db90e4f2267b6e3b465502d4d75fc83586df05a74e8ca338
6
+ metadata.gz: 12a1f968a42a661efe5a9e695ce3ea2914c9f36f17343981594b4336b919d818d5d01d6b77ffe7d5a35eb2b78d3c5cbc21dda516cd6aa5fbfba4f7113a5457c7
7
+ data.tar.gz: 8fc709d8d477a19969e60b2b550a75987dee6cdd97d4f5c1f0b8e57e826a56ed5ea909e9019c437fedc22336d85d622560179970ca3ca0da2221c72b0327f072
data/.github/workflows/ruby.yml CHANGED
@@ -16,7 +16,7 @@ jobs:
16
16
  ruby-version: ['2.5', '2.7', '3.0', '3.1', '3.2']
17
17
 
18
18
  steps:
19
- - uses: actions/checkout@v3
19
+ - uses: actions/checkout@v4
20
20
  - name: Set up Ruby
21
21
  uses: ruby/setup-ruby@v1
22
22
  with:
data/cf-uaac.gemspec CHANGED
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
31
31
  s.require_paths = ['lib']
32
32
 
33
33
  # dependencies
34
- s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0'
34
+ s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.4'
35
35
  s.add_development_dependency 'rake', '~> 13.0'
36
36
  s.add_development_dependency 'rspec', '~> 3.12'
37
37
  s.add_development_dependency 'simplecov', '~> 0.22.0'
data/lib/uaa/cli/client_reg.rb CHANGED
@@ -121,6 +121,31 @@ class ClientCli < CommonCli
121
121
  }
122
122
  end
123
123
 
124
+ define_option :jwks_uri, '--jwks_uri <token_keys endpoint>', 'JWKS token key endpoint'
125
+ define_option :jwks, '--jwks <json token key set>', 'JWKS token key'
126
+ desc 'client jwt add [id]', 'Add client jwt trust', :jwks_uri, :jwks do |id|
127
+ pp scim_request { |cr|
128
+ ###change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil)
129
+ cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'ADD')
130
+ 'client jwt successfully added'
131
+ }
132
+ end
133
+
134
+ desc 'client jwt update [id]', 'Update client jwt trust', :jwks_uri, :jwks do |id|
135
+ pp scim_request { |cr|
136
+ cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'UPDATE')
137
+ 'client jwt successfully set'
138
+ }
139
+ end
140
+
141
+ define_option :kid, '--kid <key id in json token keys>', 'JWKS token key'
142
+ desc 'client jwt delete [id]', 'Delete client jwt trust', :kid do |id|
143
+ pp scim_request { |cr|
144
+ cr.change_clientjwt(clientid(id), '*', nil, opts[:kid], 'DELETE')
145
+ 'client jwt successfully deleted'
146
+ }
147
+ end
148
+
124
149
  private
125
150
 
126
151
  def update_client(cr, info)
data/lib/uaa/cli/token.rb CHANGED
@@ -23,11 +23,14 @@ class TokenCatcher < Stub::Base
23
23
  def process_grant(data)
24
24
  server.logger.debug "processing grant for path #{request.path}"
25
25
  secret = server.info.delete(:client_secret)
26
+ do_authcode = server.info.delete(:do_authcode)
26
27
  ti = TokenIssuer.new(Config.target, server.info.delete(:client_id), secret,
27
28
  { token_target: Config.target_value(:token_target),
28
29
  basic_auth: Config.target_value(:basic_auth),
30
+ use_pkce: true,
31
+ code_verifier: server.info.delete(:code_verifier),
29
32
  skip_ssl_validation: Config.target_value(:skip_ssl_validation)})
30
- tkn = secret ? ti.authcode_grant(server.info.delete(:uri), data) :
33
+ tkn = do_authcode ? ti.authcode_grant(server.info.delete(:uri), data) :
31
34
  ti.implicit_grant(server.info.delete(:uri), data)
32
35
  server.info.update(token_info: tkn.info)
33
36
  reply.text "you are now logged in and can close this window"
@@ -87,11 +90,13 @@ class TokenCli < CommonCli
87
90
  did_save
88
91
  end
89
92
 
90
- def issuer_request(client_id, secret = nil)
93
+ def issuer_request(client_id, secret = nil, code_verifier = nil)
91
94
  update_target_info
92
95
  yield TokenIssuer.new(Config.target.to_s, client_id, secret,
93
96
  { token_target: Config.target_value(:token_endpoint),
94
97
  basic_auth: Config.target_value(:basic_auth),
98
+ use_pkce: true,
99
+ code_verifier: code_verifier,
95
100
  skip_ssl_validation: Config.target_value(:skip_ssl_validation),
96
101
  ssl_ca_file: Config.target_value(:ca_cert) })
97
102
  rescue Exception => e
@@ -159,24 +164,26 @@ class TokenCli < CommonCli
159
164
  CF_TOKEN_FILE = File.join ENV["HOME"], ".cf_token"
160
165
  CF_TARGET_FILE = File.join ENV["HOME"], ".cf_target"
161
166
 
162
- def use_browser(client_id, secret = nil)
167
+ def use_browser(client_id, secret = nil, grant = nil)
168
+ do_authcode = (not grant.nil?) && (grant == 'authcode')
169
+ code_verifier = SecureRandom.base64(96).tr("+/", "-_").tr("=", "")
163
170
  catcher = Stub::Server.new(TokenCatcher,
164
171
  logger: Util.default_logger(debug? ? :debug : trace? ? :trace : :info),
165
- info: {client_id: client_id, client_secret: secret},
172
+ info: {client_id: client_id, client_secret: secret, code_verifier: code_verifier, do_authcode: do_authcode},
166
173
  port: opts[:port]).run_on_thread
167
- uri = issuer_request(client_id, secret) { |ti|
168
- secret ? ti.authcode_uri("#{catcher.url}/authcode", opts[:scope]) :
174
+ uri = issuer_request(client_id, secret, code_verifier) { |ti|
175
+ do_authcode ? ti.authcode_uri("#{catcher.url}/authcode", opts[:scope]) :
169
176
  ti.implicit_uri("#{catcher.url}/callback", opts[:scope])
170
177
  }
171
178
  return unless catcher.info[:uri] = uri
172
- say "launching browser with #{uri}" if trace?
173
- Launchy.open(uri, debug: true, dry_run: false)
179
+ say " and launching browser with #{uri}"
180
+ Launchy.open(uri, debug: false, dry_run: false)
174
181
  print "waiting for token "
175
182
  while catcher.info[:uri] || !catcher.info[:token_info]
176
183
  sleep 5
177
184
  print "."
178
185
  end
179
- say_success(secret ? "authorization code" : "implicit") if set_context(catcher.info[:token_info])
186
+ say_success(do_authcode ? "authorization code" : "implicit") if set_context(catcher.info[:token_info])
180
187
  return unless opts[:cf]
181
188
  begin
182
189
  cf_target = File.open(CF_TARGET_FILE, 'r') { |f| f.read.strip }
@@ -193,7 +200,7 @@ class TokenCli < CommonCli
193
200
  define_option :port, "--port <number>", "pin internal server to specific port"
194
201
  define_option :cf, "--[no-]cf", "save token in the ~/.cf_tokens file"
195
202
  desc "token authcode get", "Gets a token using the authcode flow with browser",
196
- :client, :secret, :scope, :cf, :port do use_browser(clientid, clientsecret) end
203
+ :client, :secret, :scope, :cf, :port do use_browser(clientid, opts[:secret], 'authcode') end
197
204
 
198
205
  desc "token implicit get", "Gets a token using the implicit flow with browser",
199
206
  :client, :scope, :cf, :port do use_browser opts[:client] || "cf" end
data/lib/uaa/stub/uaa.rb CHANGED
@@ -414,6 +414,13 @@ class StubUAAConn < Stub::Base
414
414
  reply.json(status: 'ok', message: 'secret updated')
415
415
  end
416
416
 
417
+ route :put, %r{^/oauth/clients/([^/]+)/clientjwt$}, 'content-type' => %r{application/json} do
418
+ info = Util.json_parse(request.body, :down)
419
+ return not_found(match[1]) unless id = server.scim.id(match[1], :client)
420
+ return bad_request('no client_id given') unless info['client_id']
421
+ reply.json(status: 'ok', message: 'client jwt updated')
422
+ end
423
+
417
424
  #----------------------------------------------------------------------------
418
425
  # users and groups endpoints
419
426
  #
data/spec/client_reg_spec.rb CHANGED
@@ -78,6 +78,14 @@ describe ClientCli do
78
78
  Cli.output.string.should include 'access_denied'
79
79
  end
80
80
 
81
+ it "changes it's client jwt" do
82
+ Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
83
+ Cli.run('token decode').should be
84
+ Cli.run("client jwt add #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
85
+ Cli.run("client jwt update #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
86
+ Cli.run("client jwt delete #{@test_client} ").should be
87
+ end
88
+
81
89
  context 'as updated client' do
82
90
 
83
91
  before :all do
data/version.txt CHANGED
@@ -1 +1 @@
1
- 4.15.0
1
+ 4.17.0
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cf-uaac
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.15.0
4
+ version: 4.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Syer
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2023-08-09 00:00:00.000000000 Z
15
+ date: 2023-10-19 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: cf-uaa-lib
@@ -20,14 +20,14 @@ dependencies:
20
20
  requirements:
21
21
  - - "~>"
22
22
  - !ruby/object:Gem::Version
23
- version: '4.0'
23
+ version: 4.0.4
24
24
  type: :runtime
25
25
  prerelease: false
26
26
  version_requirements: !ruby/object:Gem::Requirement
27
27
  requirements:
28
28
  - - "~>"
29
29
  - !ruby/object:Gem::Version
30
- version: '4.0'
30
+ version: 4.0.4
31
31
  - !ruby/object:Gem::Dependency
32
32
  name: rake
33
33
  requirement: !ruby/object:Gem::Requirement