cf-uaac 4.16.0 → 4.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/cf-uaac.gemspec +1 -1
- data/lib/uaa/cli/client_reg.rb +44 -5
- data/lib/uaa/stub/scim.rb +2 -2
- data/lib/uaa/stub/uaa.rb +7 -0
- data/spec/client_reg_spec.rb +20 -1
- data/version.txt +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b470c3d2590a9e00f4481b0d5ac9c611b38f6f14b3d506c3a2c3c4b6eeede7c3
|
|
4
|
+
data.tar.gz: f0838fe08f2a05f001a12d70c093b32f5c209986e271ab3fd0ed71ff12f58699
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40db2b6725b381ad1b516ed64ccf567130e2a9760da0b9555973f7c4b6f0cd8a42fca39203048358117bd067e459492ff03d9978fc6fae994fc8b938730e4ba5
|
|
7
|
+
data.tar.gz: a7c3573b9409e08c22f9629de314c7b4b3f2e89c2359ebce22291bd21cdf7fe85fb471c2042c9ffe29d08fa89515a7affd652029da227bb30a96ed525d8e51cd
|
data/cf-uaac.gemspec
CHANGED
|
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
|
|
|
31
31
|
s.require_paths = ['lib']
|
|
32
32
|
|
|
33
33
|
# dependencies
|
|
34
|
-
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.
|
|
34
|
+
s.add_runtime_dependency 'cf-uaa-lib', '~> 4.0.4'
|
|
35
35
|
s.add_development_dependency 'rake', '~> 13.0'
|
|
36
36
|
s.add_development_dependency 'rspec', '~> 3.12'
|
|
37
37
|
s.add_development_dependency 'simplecov', '~> 0.22.0'
|
data/lib/uaa/cli/client_reg.rb
CHANGED
|
@@ -30,7 +30,8 @@ class ClientCli < CommonCli
|
|
|
30
30
|
:autoapprove => 'list',
|
|
31
31
|
:allowpublic => 'list',
|
|
32
32
|
:allowedproviders => 'list',
|
|
33
|
-
:'signup_redirect_url' => 'url'
|
|
33
|
+
:'signup_redirect_url' => 'url',
|
|
34
|
+
:required_user_groups => 'list'
|
|
34
35
|
}
|
|
35
36
|
CLIENT_SCHEMA.each { |k, v| define_option(k, "--#{k} <#{v}>") }
|
|
36
37
|
|
|
@@ -65,8 +66,18 @@ class ClientCli < CommonCli
|
|
|
65
66
|
|
|
66
67
|
desc "client get [id]", "Get specific client registration", :attrs do |id|
|
|
67
68
|
pp(scim_request do |sr|
|
|
68
|
-
|
|
69
|
-
|
|
69
|
+
if opts[:attrs] == nil
|
|
70
|
+
# return whole object, not search by filter
|
|
71
|
+
begin
|
|
72
|
+
client = sr.get(:client, clientid(id))
|
|
73
|
+
rescue NotFound
|
|
74
|
+
# to raise same error as scim_get_object
|
|
75
|
+
raise NotFound
|
|
76
|
+
end
|
|
77
|
+
else
|
|
78
|
+
client = scim_get_object(sr, :client, clientid(id), opts[:attrs])
|
|
79
|
+
end
|
|
80
|
+
add_meta_fields_to_client(sr, client, id)
|
|
70
81
|
end)
|
|
71
82
|
end
|
|
72
83
|
|
|
@@ -121,6 +132,31 @@ class ClientCli < CommonCli
|
|
|
121
132
|
}
|
|
122
133
|
end
|
|
123
134
|
|
|
135
|
+
define_option :jwks_uri, '--jwks_uri <token_keys endpoint>', 'JWKS token key endpoint'
|
|
136
|
+
define_option :jwks, '--jwks <json token key set>', 'JWKS token key'
|
|
137
|
+
desc 'client jwt add [id]', 'Add client jwt trust', :jwks_uri, :jwks do |id|
|
|
138
|
+
pp scim_request { |cr|
|
|
139
|
+
###change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil)
|
|
140
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'ADD')
|
|
141
|
+
'client jwt successfully added'
|
|
142
|
+
}
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
desc 'client jwt update [id]', 'Update client jwt trust', :jwks_uri, :jwks do |id|
|
|
146
|
+
pp scim_request { |cr|
|
|
147
|
+
cr.change_clientjwt(clientid(id), opts[:jwks_uri], opts[:jwks], nil, 'UPDATE')
|
|
148
|
+
'client jwt successfully set'
|
|
149
|
+
}
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
define_option :kid, '--kid <key id in json token keys>', 'JWKS token key'
|
|
153
|
+
desc 'client jwt delete [id]', 'Delete client jwt trust', :kid do |id|
|
|
154
|
+
pp scim_request { |cr|
|
|
155
|
+
cr.change_clientjwt(clientid(id), '*', nil, opts[:kid], 'DELETE')
|
|
156
|
+
'client jwt successfully deleted'
|
|
157
|
+
}
|
|
158
|
+
end
|
|
159
|
+
|
|
124
160
|
private
|
|
125
161
|
|
|
126
162
|
def update_client(cr, info)
|
|
@@ -128,8 +164,11 @@ class ClientCli < CommonCli
|
|
|
128
164
|
add_meta_fields_to_client(cr, client)
|
|
129
165
|
end
|
|
130
166
|
|
|
131
|
-
def add_meta_fields_to_client(cr, client)
|
|
132
|
-
|
|
167
|
+
def add_meta_fields_to_client(cr, client, id = nil)
|
|
168
|
+
if id == nil
|
|
169
|
+
id = client['client_id']
|
|
170
|
+
end
|
|
171
|
+
meta = cr.get_client_meta(id)
|
|
133
172
|
client.merge({:created_by => meta['createdby']})
|
|
134
173
|
end
|
|
135
174
|
end
|
data/lib/uaa/stub/scim.rb
CHANGED
|
@@ -27,7 +27,7 @@ class StubScim
|
|
|
27
27
|
|
|
28
28
|
private
|
|
29
29
|
|
|
30
|
-
CREATOR = '
|
|
30
|
+
CREATOR = 'Freedom'
|
|
31
31
|
|
|
32
32
|
# attribute types. Anything not listed is case-ignore string
|
|
33
33
|
HIDDEN_ATTRS = [:rtype, :password, :client_secret].to_set
|
|
@@ -66,7 +66,7 @@ class StubScim
|
|
|
66
66
|
client: [*COMMON_ATTRS, :client_id, :name, :client_secret, :authorities,
|
|
67
67
|
:authorized_grant_types, :scope, :autoapprove,
|
|
68
68
|
:access_token_validity, :refresh_token_validity, :redirect_uri, :allowedproviders,
|
|
69
|
-
:'signup_redirect_url'].to_set,
|
|
69
|
+
:'signup_redirect_url', :required_user_groups].to_set,
|
|
70
70
|
group: [*COMMON_ATTRS, :displayname, :members, :writers, :readers, :external_groups].to_set }
|
|
71
71
|
VISIBLE_ATTRS = {user: Set.new(LEGAL_ATTRS[:user] - HIDDEN_ATTRS),
|
|
72
72
|
client: Set.new(LEGAL_ATTRS[:client] - HIDDEN_ATTRS),
|
data/lib/uaa/stub/uaa.rb
CHANGED
|
@@ -414,6 +414,13 @@ class StubUAAConn < Stub::Base
|
|
|
414
414
|
reply.json(status: 'ok', message: 'secret updated')
|
|
415
415
|
end
|
|
416
416
|
|
|
417
|
+
route :put, %r{^/oauth/clients/([^/]+)/clientjwt$}, 'content-type' => %r{application/json} do
|
|
418
|
+
info = Util.json_parse(request.body, :down)
|
|
419
|
+
return not_found(match[1]) unless id = server.scim.id(match[1], :client)
|
|
420
|
+
return bad_request('no client_id given') unless info['client_id']
|
|
421
|
+
reply.json(status: 'ok', message: 'client jwt updated')
|
|
422
|
+
end
|
|
423
|
+
|
|
417
424
|
#----------------------------------------------------------------------------
|
|
418
425
|
# users and groups endpoints
|
|
419
426
|
#
|
data/spec/client_reg_spec.rb
CHANGED
|
@@ -78,16 +78,35 @@ describe ClientCli do
|
|
|
78
78
|
Cli.output.string.should include 'access_denied'
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
it "changes it's client jwt" do
|
|
82
|
+
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
83
|
+
Cli.run('token decode').should be
|
|
84
|
+
Cli.run("client jwt add #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
|
85
|
+
Cli.run("client jwt update #{@test_client} --jwks_uri http://localhost:8080/uaa/token_keys").should be
|
|
86
|
+
Cli.run("client jwt delete #{@test_client} ").should be
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
it "fails to get client" do
|
|
90
|
+
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
91
|
+
Cli.run("context #{@admin_client}").should be
|
|
92
|
+
Cli.run("client get #{@test_client}").should be
|
|
93
|
+
Cli.run("client get #{@test_client} -a id").should be
|
|
94
|
+
Cli.output.string.should include 'id'
|
|
95
|
+
Cli.run("client get not-existing").should be_nil
|
|
96
|
+
Cli.output.string.should include 'NotFound'
|
|
97
|
+
end
|
|
98
|
+
|
|
81
99
|
context 'as updated client' do
|
|
82
100
|
|
|
83
101
|
before :all do
|
|
84
102
|
# update the test client as the admin client
|
|
85
103
|
Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
|
|
86
104
|
Cli.run("context #{@admin_client}").should be
|
|
87
|
-
Cli.run("client update #{@test_client} --authorities scim.write,scim.read").should be
|
|
105
|
+
Cli.run("client update #{@test_client} --authorities scim.write,scim.read --required_user_groups openid").should be
|
|
88
106
|
Cli.output.string.should include 'created_by'
|
|
89
107
|
Cli.run("client get #{@test_client}").should be
|
|
90
108
|
Cli.output.string.should include 'scim.read', 'scim.write'
|
|
109
|
+
Cli.output.string.should include 'required_user_groups'
|
|
91
110
|
end
|
|
92
111
|
|
|
93
112
|
it 'fails to create a user account with old token' do
|
data/version.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
4.
|
|
1
|
+
4.18.0
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Syer
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2023-
|
|
15
|
+
date: 2023-11-21 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: cf-uaa-lib
|
|
@@ -20,14 +20,14 @@ dependencies:
|
|
|
20
20
|
requirements:
|
|
21
21
|
- - "~>"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: 4.0.
|
|
23
|
+
version: 4.0.4
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
27
27
|
requirements:
|
|
28
28
|
- - "~>"
|
|
29
29
|
- !ruby/object:Gem::Version
|
|
30
|
-
version: 4.0.
|
|
30
|
+
version: 4.0.4
|
|
31
31
|
- !ruby/object:Gem::Dependency
|
|
32
32
|
name: rake
|
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|