cf-uaac 4.15.0 → 4.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -1
- data/cf-uaac.gemspec +1 -1
- data/lib/uaa/cli/client_reg.rb +25 -0
- data/lib/uaa/cli/token.rb +17 -10
- data/lib/uaa/stub/uaa.rb +7 -0
- data/spec/client_reg_spec.rb +8 -0
- data/version.txt +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 59c20844fe851fa5ee2b6a2cfaee7841a362044e647a98abe417616549bebee9
|
4
|
+
data.tar.gz: be7dc84aadceee22588768f956c717cdc6073b534366d90b1778deb882bcfb6a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 12a1f968a42a661efe5a9e695ce3ea2914c9f36f17343981594b4336b919d818d5d01d6b77ffe7d5a35eb2b78d3c5cbc21dda516cd6aa5fbfba4f7113a5457c7
|
7
|
+
data.tar.gz: 8fc709d8d477a19969e60b2b550a75987dee6cdd97d4f5c1f0b8e57e826a56ed5ea909e9019c437fedc22336d85d622560179970ca3ca0da2221c72b0327f072
|
data/.github/workflows/ruby.yml
CHANGED
data/cf-uaac.gemspec
CHANGED
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
|
|
31
31
|
s.require_paths = ['lib']
|
32
32
|
|
33
33
|
# dependencies
|
34
|
-
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0'
|
34
|
+
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.4'
|
35
35
|
s.add_development_dependency 'rake', '~> 13.0'
|
36
36
|
s.add_development_dependency 'rspec', '~> 3.12'
|
37
37
|
s.add_development_dependency 'simplecov', '~> 0.22.0'
|
data/lib/uaa/cli/client_reg.rb
CHANGED
@@ -121,6 +121,31 @@ class ClientCli < CommonCli
|
|
121
121
|
}
|
122
122
|
end
|
123
123
|
|
124
|
+
define_option :jwks_uri, '--jwks_uri <token_keys endpoint>', 'JWKS token key endpoint'
|
125
|
+
define_option :jwks, '--jwks <json token key set>', 'JWKS token key'
|
126
|
+
desc 'client jwt add [id]', 'Add client jwt trust', :jwks_uri, :jwks do |id|
|
127
|
+
pp scim_request { |cr|
|
128
|
+
###change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil)
|
129
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'ADD')
|
130
|
+
'client jwt successfully added'
|
131
|
+
}
|
132
|
+
end
|
133
|
+
|
134
|
+
desc 'client jwt update [id]', 'Update client jwt trust', :jwks_uri, :jwks do |id|
|
135
|
+
pp scim_request { |cr|
|
136
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'UPDATE')
|
137
|
+
'client jwt successfully set'
|
138
|
+
}
|
139
|
+
end
|
140
|
+
|
141
|
+
define_option :kid, '--kid <key id in json token keys>', 'JWKS token key'
|
142
|
+
desc 'client jwt delete [id]', 'Delete client jwt trust', :kid do |id|
|
143
|
+
pp scim_request { |cr|
|
144
|
+
cr.change_clientjwt(clientid(id), '*', nil, opts[:kid], 'DELETE')
|
145
|
+
'client jwt successfully deleted'
|
146
|
+
}
|
147
|
+
end
|
148
|
+
|
124
149
|
private
|
125
150
|
|
126
151
|
def update_client(cr, info)
|
data/lib/uaa/cli/token.rb
CHANGED
@@ -23,11 +23,14 @@ class TokenCatcher < Stub::Base
|
|
23
23
|
def process_grant(data)
|
24
24
|
server.logger.debug "processing grant for path #{request.path}"
|
25
25
|
secret = server.info.delete(:client_secret)
|
26
|
+
do_authcode = server.info.delete(:do_authcode)
|
26
27
|
ti = TokenIssuer.new(Config.target, server.info.delete(:client_id), secret,
|
27
28
|
{ token_target: Config.target_value(:token_target),
|
28
29
|
basic_auth: Config.target_value(:basic_auth),
|
30
|
+
use_pkce: true,
|
31
|
+
code_verifier: server.info.delete(:code_verifier),
|
29
32
|
skip_ssl_validation: Config.target_value(:skip_ssl_validation)})
|
30
|
-
tkn =
|
33
|
+
tkn = do_authcode ? ti.authcode_grant(server.info.delete(:uri), data) :
|
31
34
|
ti.implicit_grant(server.info.delete(:uri), data)
|
32
35
|
server.info.update(token_info: tkn.info)
|
33
36
|
reply.text "you are now logged in and can close this window"
|
@@ -87,11 +90,13 @@ class TokenCli < CommonCli
|
|
87
90
|
did_save
|
88
91
|
end
|
89
92
|
|
90
|
-
def issuer_request(client_id, secret = nil)
|
93
|
+
def issuer_request(client_id, secret = nil, code_verifier = nil)
|
91
94
|
update_target_info
|
92
95
|
yield TokenIssuer.new(Config.target.to_s, client_id, secret,
|
93
96
|
{ token_target: Config.target_value(:token_endpoint),
|
94
97
|
basic_auth: Config.target_value(:basic_auth),
|
98
|
+
use_pkce: true,
|
99
|
+
code_verifier: code_verifier,
|
95
100
|
skip_ssl_validation: Config.target_value(:skip_ssl_validation),
|
96
101
|
ssl_ca_file: Config.target_value(:ca_cert) })
|
97
102
|
rescue Exception => e
|
@@ -159,24 +164,26 @@ class TokenCli < CommonCli
|
|
159
164
|
CF_TOKEN_FILE = File.join ENV["HOME"], ".cf_token"
|
160
165
|
CF_TARGET_FILE = File.join ENV["HOME"], ".cf_target"
|
161
166
|
|
162
|
-
def use_browser(client_id, secret = nil)
|
167
|
+
def use_browser(client_id, secret = nil, grant = nil)
|
168
|
+
do_authcode = (not grant.nil?) && (grant == 'authcode')
|
169
|
+
code_verifier = SecureRandom.base64(96).tr("+/", "-_").tr("=", "")
|
163
170
|
catcher = Stub::Server.new(TokenCatcher,
|
164
171
|
logger: Util.default_logger(debug? ? :debug : trace? ? :trace : :info),
|
165
|
-
info: {client_id: client_id, client_secret: secret},
|
172
|
+
info: {client_id: client_id, client_secret: secret, code_verifier: code_verifier, do_authcode: do_authcode},
|
166
173
|
port: opts[:port]).run_on_thread
|
167
|
-
uri = issuer_request(client_id, secret) { |ti|
|
168
|
-
|
174
|
+
uri = issuer_request(client_id, secret, code_verifier) { |ti|
|
175
|
+
do_authcode ? ti.authcode_uri("#{catcher.url}/authcode", opts[:scope]) :
|
169
176
|
ti.implicit_uri("#{catcher.url}/callback", opts[:scope])
|
170
177
|
}
|
171
178
|
return unless catcher.info[:uri] = uri
|
172
|
-
say "launching browser with #{uri}"
|
173
|
-
Launchy.open(uri, debug:
|
179
|
+
say " and launching browser with #{uri}"
|
180
|
+
Launchy.open(uri, debug: false, dry_run: false)
|
174
181
|
print "waiting for token "
|
175
182
|
while catcher.info[:uri] || !catcher.info[:token_info]
|
176
183
|
sleep 5
|
177
184
|
print "."
|
178
185
|
end
|
179
|
-
say_success(
|
186
|
+
say_success(do_authcode ? "authorization code" : "implicit") if set_context(catcher.info[:token_info])
|
180
187
|
return unless opts[:cf]
|
181
188
|
begin
|
182
189
|
cf_target = File.open(CF_TARGET_FILE, 'r') { |f| f.read.strip }
|
@@ -193,7 +200,7 @@ class TokenCli < CommonCli
|
|
193
200
|
define_option :port, "--port <number>", "pin internal server to specific port"
|
194
201
|
define_option :cf, "--[no-]cf", "save token in the ~/.cf_tokens file"
|
195
202
|
desc "token authcode get", "Gets a token using the authcode flow with browser",
|
196
|
-
:client, :secret, :scope, :cf, :port do use_browser(clientid,
|
203
|
+
:client, :secret, :scope, :cf, :port do use_browser(clientid, opts[:secret], 'authcode') end
|
197
204
|
|
198
205
|
desc "token implicit get", "Gets a token using the implicit flow with browser",
|
199
206
|
:client, :scope, :cf, :port do use_browser opts[:client] || "cf" end
|
data/lib/uaa/stub/uaa.rb
CHANGED
@@ -414,6 +414,13 @@ class StubUAAConn < Stub::Base
|
|
414
414
|
reply.json(status: 'ok', message: 'secret updated')
|
415
415
|
end
|
416
416
|
|
417
|
+
route :put, %r{^/oauth/clients/([^/]+)/clientjwt$}, 'content-type' => %r{application/json} do
|
418
|
+
info = Util.json_parse(request.body, :down)
|
419
|
+
return not_found(match[1]) unless id = server.scim.id(match[1], :client)
|
420
|
+
return bad_request('no client_id given') unless info['client_id']
|
421
|
+
reply.json(status: 'ok', message: 'client jwt updated')
|
422
|
+
end
|
423
|
+
|
417
424
|
#----------------------------------------------------------------------------
|
418
425
|
# users and groups endpoints
|
419
426
|
#
|
data/spec/client_reg_spec.rb
CHANGED
@@ -78,6 +78,14 @@ describe ClientCli do
|
|
78
78
|
Cli.output.string.should include 'access_denied'
|
79
79
|
end
|
80
80
|
|
81
|
+
it "changes it's client jwt" do
|
82
|
+
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
83
|
+
Cli.run('token decode').should be
|
84
|
+
Cli.run("client jwt add #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
85
|
+
Cli.run("client jwt update #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
86
|
+
Cli.run("client jwt delete #{@test_client} ").should be
|
87
|
+
end
|
88
|
+
|
81
89
|
context 'as updated client' do
|
82
90
|
|
83
91
|
before :all do
|
data/version.txt
CHANGED
@@ -1 +1 @@
|
|
1
|
-
4.
|
1
|
+
4.17.0
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cf-uaac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.17.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Syer
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2023-
|
15
|
+
date: 2023-10-19 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: cf-uaa-lib
|
@@ -20,14 +20,14 @@ dependencies:
|
|
20
20
|
requirements:
|
21
21
|
- - "~>"
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version:
|
23
|
+
version: 4.0.4
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
27
27
|
requirements:
|
28
28
|
- - "~>"
|
29
29
|
- !ruby/object:Gem::Version
|
30
|
-
version:
|
30
|
+
version: 4.0.4
|
31
31
|
- !ruby/object:Gem::Dependency
|
32
32
|
name: rake
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|