cf-uaac 4.16.0 → 4.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cf-uaac.gemspec +1 -1
- data/lib/uaa/cli/client_reg.rb +44 -5
- data/lib/uaa/stub/scim.rb +2 -2
- data/lib/uaa/stub/uaa.rb +7 -0
- data/spec/client_reg_spec.rb +20 -1
- data/version.txt +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b470c3d2590a9e00f4481b0d5ac9c611b38f6f14b3d506c3a2c3c4b6eeede7c3
|
|
4
|
+
data.tar.gz: f0838fe08f2a05f001a12d70c093b32f5c209986e271ab3fd0ed71ff12f58699
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40db2b6725b381ad1b516ed64ccf567130e2a9760da0b9555973f7c4b6f0cd8a42fca39203048358117bd067e459492ff03d9978fc6fae994fc8b938730e4ba5
|
|
7
|
+
data.tar.gz: a7c3573b9409e08c22f9629de314c7b4b3f2e89c2359ebce22291bd21cdf7fe85fb471c2042c9ffe29d08fa89515a7affd652029da227bb30a96ed525d8e51cd
|
data/cf-uaac.gemspec
CHANGED
|
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
|
|
|
31
31
|
s.require_paths = ['lib']
|
|
32
32
|
|
|
33
33
|
# dependencies
|
|
34
|
-
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.
|
|
34
|
+
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.4'
|
|
35
35
|
s.add_development_dependency 'rake', '~> 13.0'
|
|
36
36
|
s.add_development_dependency 'rspec', '~> 3.12'
|
|
37
37
|
s.add_development_dependency 'simplecov', '~> 0.22.0'
|
data/lib/uaa/cli/client_reg.rb
CHANGED
|
@@ -30,7 +30,8 @@ class ClientCli < CommonCli
|
|
|
30
30
|
:autoapprove => 'list',
|
|
31
31
|
:allowpublic => 'list',
|
|
32
32
|
:allowedproviders => 'list',
|
|
33
|
-
:'signup_redirect_url' => 'url'
|
|
33
|
+
:'signup_redirect_url' => 'url',
|
|
34
|
+
:required_user_groups => 'list'
|
|
34
35
|
}
|
|
35
36
|
CLIENT_SCHEMA.each { |k, v| define_option(k, "--#{k} <#{v}>") }
|
|
36
37
|
|
|
@@ -65,8 +66,18 @@ class ClientCli < CommonCli
|
|
|
65
66
|
|
|
66
67
|
desc "client get [id]", "Get specific client registration", :attrs do |id|
|
|
67
68
|
pp(scim_request do |sr|
|
|
68
|
-
|
|
69
|
-
|
|
69
|
+
if opts[:attrs] == nil
|
|
70
|
+
# return whole object, not search by filter
|
|
71
|
+
begin
|
|
72
|
+
client = sr.get(:client, clientid(id))
|
|
73
|
+
rescue NotFound
|
|
74
|
+
# to raise same error as scim_get_object
|
|
75
|
+
raise NotFound
|
|
76
|
+
end
|
|
77
|
+
else
|
|
78
|
+
client = scim_get_object(sr, :client, clientid(id), opts[:attrs])
|
|
79
|
+
end
|
|
80
|
+
add_meta_fields_to_client(sr, client, id)
|
|
70
81
|
end)
|
|
71
82
|
end
|
|
72
83
|
|
|
@@ -121,6 +132,31 @@ class ClientCli < CommonCli
|
|
|
121
132
|
}
|
|
122
133
|
end
|
|
123
134
|
|
|
135
|
+
define_option :jwks_uri, '--jwks_uri <token_keys endpoint>', 'JWKS token key endpoint'
|
|
136
|
+
define_option :jwks, '--jwks <json token key set>', 'JWKS token key'
|
|
137
|
+
desc 'client jwt add [id]', 'Add client jwt trust', :jwks_uri, :jwks do |id|
|
|
138
|
+
pp scim_request { |cr|
|
|
139
|
+
###change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil)
|
|
140
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'ADD')
|
|
141
|
+
'client jwt successfully added'
|
|
142
|
+
}
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
desc 'client jwt update [id]', 'Update client jwt trust', :jwks_uri, :jwks do |id|
|
|
146
|
+
pp scim_request { |cr|
|
|
147
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'UPDATE')
|
|
148
|
+
'client jwt successfully set'
|
|
149
|
+
}
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
define_option :kid, '--kid <key id in json token keys>', 'JWKS token key'
|
|
153
|
+
desc 'client jwt delete [id]', 'Delete client jwt trust', :kid do |id|
|
|
154
|
+
pp scim_request { |cr|
|
|
155
|
+
cr.change_clientjwt(clientid(id), '*', nil, opts[:kid], 'DELETE')
|
|
156
|
+
'client jwt successfully deleted'
|
|
157
|
+
}
|
|
158
|
+
end
|
|
159
|
+
|
|
124
160
|
private
|
|
125
161
|
|
|
126
162
|
def update_client(cr, info)
|
|
@@ -128,8 +164,11 @@ class ClientCli < CommonCli
|
|
|
128
164
|
add_meta_fields_to_client(cr, client)
|
|
129
165
|
end
|
|
130
166
|
|
|
131
|
-
def add_meta_fields_to_client(cr, client)
|
|
132
|
-
|
|
167
|
+
def add_meta_fields_to_client(cr, client, id = nil)
|
|
168
|
+
if id == nil
|
|
169
|
+
id = client['client_id']
|
|
170
|
+
end
|
|
171
|
+
meta = cr.get_client_meta(id)
|
|
133
172
|
client.merge({:created_by => meta['createdby']})
|
|
134
173
|
end
|
|
135
174
|
end
|
data/lib/uaa/stub/scim.rb
CHANGED
|
@@ -27,7 +27,7 @@ class StubScim
|
|
|
27
27
|
|
|
28
28
|
private
|
|
29
29
|
|
|
30
|
-
CREATOR = '
|
|
30
|
+
CREATOR = 'Freedom'
|
|
31
31
|
|
|
32
32
|
# attribute types. Anything not listed is case-ignore string
|
|
33
33
|
HIDDEN_ATTRS = [:rtype, :password, :client_secret].to_set
|
|
@@ -66,7 +66,7 @@ class StubScim
|
|
|
66
66
|
client: [*COMMON_ATTRS, :client_id, :name, :client_secret, :authorities,
|
|
67
67
|
:authorized_grant_types, :scope, :autoapprove,
|
|
68
68
|
:access_token_validity, :refresh_token_validity, :redirect_uri, :allowedproviders,
|
|
69
|
-
:'signup_redirect_url'].to_set,
|
|
69
|
+
:'signup_redirect_url', :required_user_groups].to_set,
|
|
70
70
|
group: [*COMMON_ATTRS, :displayname, :members, :writers, :readers, :external_groups].to_set }
|
|
71
71
|
VISIBLE_ATTRS = {user: Set.new(LEGAL_ATTRS[:user] - HIDDEN_ATTRS),
|
|
72
72
|
client: Set.new(LEGAL_ATTRS[:client] - HIDDEN_ATTRS),
|
data/lib/uaa/stub/uaa.rb
CHANGED
|
@@ -414,6 +414,13 @@ class StubUAAConn < Stub::Base
|
|
|
414
414
|
reply.json(status: 'ok', message: 'secret updated')
|
|
415
415
|
end
|
|
416
416
|
|
|
417
|
+
route :put, %r{^/oauth/clients/([^/]+)/clientjwt$}, 'content-type' => %r{application/json} do
|
|
418
|
+
info = Util.json_parse(request.body, :down)
|
|
419
|
+
return not_found(match[1]) unless id = server.scim.id(match[1], :client)
|
|
420
|
+
return bad_request('no client_id given') unless info['client_id']
|
|
421
|
+
reply.json(status: 'ok', message: 'client jwt updated')
|
|
422
|
+
end
|
|
423
|
+
|
|
417
424
|
#----------------------------------------------------------------------------
|
|
418
425
|
# users and groups endpoints
|
|
419
426
|
#
|
data/spec/client_reg_spec.rb
CHANGED
|
@@ -78,16 +78,35 @@ describe ClientCli do
|
|
|
78
78
|
Cli.output.string.should include 'access_denied'
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
it "changes it's client jwt" do
|
|
82
|
+
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
83
|
+
Cli.run('token decode').should be
|
|
84
|
+
Cli.run("client jwt add #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
|
85
|
+
Cli.run("client jwt update #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
|
86
|
+
Cli.run("client jwt delete #{@test_client} ").should be
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
it "fails to get client" do
|
|
90
|
+
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
91
|
+
Cli.run("context #{@admin_client}").should be
|
|
92
|
+
Cli.run("client get #{@test_client}").should be
|
|
93
|
+
Cli.run("client get #{@test_client} -a id").should be
|
|
94
|
+
Cli.output.string.should include 'id'
|
|
95
|
+
Cli.run("client get not-existing").should be_nil
|
|
96
|
+
Cli.output.string.should include 'NotFound'
|
|
97
|
+
end
|
|
98
|
+
|
|
81
99
|
context 'as updated client' do
|
|
82
100
|
|
|
83
101
|
before :all do
|
|
84
102
|
# update the test client as the admin client
|
|
85
103
|
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
86
104
|
Cli.run("context #{@admin_client}").should be
|
|
87
|
-
Cli.run("client update #{@test_client} --authorities scim.write,scim.read").should be
|
|
105
|
+
Cli.run("client update #{@test_client} --authorities scim.write,scim.read --required_user_groups openid").should be
|
|
88
106
|
Cli.output.string.should include 'created_by'
|
|
89
107
|
Cli.run("client get #{@test_client}").should be
|
|
90
108
|
Cli.output.string.should include 'scim.read', 'scim.write'
|
|
109
|
+
Cli.output.string.should include 'required_user_groups'
|
|
91
110
|
end
|
|
92
111
|
|
|
93
112
|
it 'fails to create a user account with old token' do
|
data/version.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
4.
|
|
1
|
+
4.18.0
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Syer
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2023-
|
|
15
|
+
date: 2023-11-21 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: cf-uaa-lib
|
|
@@ -20,14 +20,14 @@ dependencies:
|
|
|
20
20
|
requirements:
|
|
21
21
|
- - "~>"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: 4.0.
|
|
23
|
+
version: 4.0.4
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
27
27
|
requirements:
|
|
28
28
|
- - "~>"
|
|
29
29
|
- !ruby/object:Gem::Version
|
|
30
|
-
version: 4.0.
|
|
30
|
+
version: 4.0.4
|
|
31
31
|
- !ruby/object:Gem::Dependency
|
|
32
32
|
name: rake
|
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|