cf-uaac 3.1.5 → 3.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cli/client_reg.rb +14 -13
- data/lib/cli/common.rb +3 -2
- data/lib/cli/info.rb +2 -2
- data/lib/cli/token.rb +5 -5
- data/lib/cli/version.rb +1 -1
- data/lib/stub/scim.rb +7 -2
- data/spec/spec_helper.rb +3 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 60ae15860d77b0b2f0c132a4c356b244346b438c
|
|
4
|
+
data.tar.gz: 97cb870f7936e8cc67c4bfa4284e7e7281f1870a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52ff8e0adb7e9df5270f557626c6b5e4d996a842bc9736242b836e3a1ebcafe70386053277cabc1df2781e7e09a7c65c03661e2cce8a23ef00bb581e858e27b
|
|
7
|
+
data.tar.gz: 60340d5967d8dab9babdc1d5ba34f2ab300a4e83b2871717d46f32ce3fc2e7a60ecd53e90067a40c723ab27e3e68c7d7035e5ec5ad087463b56b5d46bf28361c
|
data/lib/cli/client_reg.rb
CHANGED
|
@@ -20,6 +20,7 @@ class ClientCli < CommonCli
|
|
|
20
20
|
topic "Client Application Registrations", "reg"
|
|
21
21
|
|
|
22
22
|
CLIENT_SCHEMA = {
|
|
23
|
+
:name => "string",
|
|
23
24
|
:scope => "list",
|
|
24
25
|
:authorized_grant_types => "list",
|
|
25
26
|
:authorities => "list",
|
|
@@ -57,17 +58,17 @@ class ClientCli < CommonCli
|
|
|
57
58
|
scim_common_list(:client, filter)
|
|
58
59
|
end
|
|
59
60
|
|
|
60
|
-
desc "client get [
|
|
61
|
-
pp scim_request { |sr| scim_get_object(sr, :client,
|
|
61
|
+
desc "client get [id]", "Get specific client registration", :attrs do |id|
|
|
62
|
+
pp scim_request { |sr| scim_get_object(sr, :client, clientid(id), opts[:attrs]) }
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
define_option :clone, "--clone <other>", "get default settings from other"
|
|
65
66
|
define_option :interact, "--[no-]interactive", "-i", "interactively verify all values"
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
*CLIENT_SCHEMA.keys, :clone, :secret, :interact do |name|
|
|
67
|
+
desc "client add [id]", "Add client registration",
|
|
68
|
+
*CLIENT_SCHEMA.keys, :clone, :secret, :interact do |id|
|
|
69
69
|
pp scim_request { |cr|
|
|
70
|
-
opts[:client_id] =
|
|
70
|
+
opts[:client_id] = clientid(id)
|
|
71
|
+
opts[:name] = clientname()
|
|
71
72
|
opts[:secret] = verified_pwd("New client secret", opts[:secret])
|
|
72
73
|
defaults = opts[:clone] ? Util.hash_keys!(cr.get(:client, opts[:clone]), :sym) : {}
|
|
73
74
|
defaults.delete(:client_id)
|
|
@@ -75,10 +76,10 @@ class ClientCli < CommonCli
|
|
|
75
76
|
}
|
|
76
77
|
end
|
|
77
78
|
|
|
78
|
-
desc "client update [
|
|
79
|
-
:del_attrs, :interact do |
|
|
79
|
+
desc "client update [id]", "Update client registration", *CLIENT_SCHEMA.keys,
|
|
80
|
+
:del_attrs, :interact do |id|
|
|
80
81
|
pp scim_request { |cr|
|
|
81
|
-
opts[:client_id] =
|
|
82
|
+
opts[:client_id] = clientid(id)
|
|
82
83
|
orig = Util.hash_keys!(cr.get(:client, opts[:client_id]), :sym)
|
|
83
84
|
info = client_info(orig)
|
|
84
85
|
info.any? { |k, v| v != orig[k] } ? cr.put(:client, info) :
|
|
@@ -86,16 +87,16 @@ class ClientCli < CommonCli
|
|
|
86
87
|
}
|
|
87
88
|
end
|
|
88
89
|
|
|
89
|
-
desc "client delete [
|
|
90
|
+
desc "client delete [id]", "Delete client registration" do |id|
|
|
90
91
|
pp scim_request { |cr|
|
|
91
|
-
cr.delete(:client,
|
|
92
|
+
cr.delete(:client, clientid(id))
|
|
92
93
|
"client registration deleted"
|
|
93
94
|
}
|
|
94
95
|
end
|
|
95
96
|
|
|
96
|
-
desc "secret set [
|
|
97
|
+
desc "secret set [id]", "Set client secret", :secret do |id|
|
|
97
98
|
pp scim_request { |cr|
|
|
98
|
-
cr.change_secret(
|
|
99
|
+
cr.change_secret(clientid(id), verified_pwd("New secret", opts[:secret]))
|
|
99
100
|
"client secret successfully set"
|
|
100
101
|
}
|
|
101
102
|
end
|
data/lib/cli/common.rb
CHANGED
|
@@ -31,8 +31,9 @@ class CommonCli < Topic
|
|
|
31
31
|
|
|
32
32
|
def username(name); name || ask("User name") end
|
|
33
33
|
def userpwd(pwd = opts[:password]); pwd || ask_pwd("Password") end
|
|
34
|
-
def
|
|
35
|
-
def clientsecret(
|
|
34
|
+
def clientid(id = opts[:client]); id || ask("Client ID") end
|
|
35
|
+
def clientsecret(secret = opts[:secret]); secret || ask_pwd("Client secret") end
|
|
36
|
+
def clientname(name = opts[:name]); name || ask("Client name") end
|
|
36
37
|
|
|
37
38
|
def verified_pwd(prompt, pwd = nil)
|
|
38
39
|
while pwd.nil?
|
data/lib/cli/info.rb
CHANGED
|
@@ -37,7 +37,7 @@ class InfoCli < CommonCli
|
|
|
37
37
|
desc "signing key", "get the UAA's token signing key(s)", :client, :secret do
|
|
38
38
|
info = misc_request {
|
|
39
39
|
@cli_class.uaa_info_client.validation_key(
|
|
40
|
-
(
|
|
40
|
+
(clientid if opts.key?(:client)),
|
|
41
41
|
(clientsecret if opts.key?(:client))
|
|
42
42
|
)
|
|
43
43
|
}
|
|
@@ -48,7 +48,7 @@ class InfoCli < CommonCli
|
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
desc "stats", "Show UAA's current usage statistics", :client, :secret do
|
|
51
|
-
pp misc_request { @cli_class.uaa_info_client.varz(
|
|
51
|
+
pp misc_request { @cli_class.uaa_info_client.varz(clientid, clientsecret) }
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
desc "password strength [password]", "calculate strength score of a password" do |pwd|
|
data/lib/cli/token.rb
CHANGED
|
@@ -120,9 +120,9 @@ class TokenCli < CommonCli
|
|
|
120
120
|
end
|
|
121
121
|
|
|
122
122
|
define_option :secret, "--secret <secret>", "-s", "client secret"
|
|
123
|
-
desc "token client get [
|
|
123
|
+
desc "token client get [id]",
|
|
124
124
|
"Gets a token with client credentials grant", :secret, :scope do |id|
|
|
125
|
-
reply = issuer_request(
|
|
125
|
+
reply = issuer_request(clientid(id), clientsecret) { |ti|
|
|
126
126
|
ti.client_credentials_grant(opts[:scope]).info
|
|
127
127
|
}
|
|
128
128
|
say_success "client credentials" if set_context(reply)
|
|
@@ -131,7 +131,7 @@ class TokenCli < CommonCli
|
|
|
131
131
|
define_option :password, "-p", "--password <password>", "user password"
|
|
132
132
|
desc "token owner get [client] [user]", "Gets a token with a resource owner password grant",
|
|
133
133
|
:secret, :password, :scope do |client, user|
|
|
134
|
-
reply = issuer_request(
|
|
134
|
+
reply = issuer_request(clientid(client), clientsecret) { |ti|
|
|
135
135
|
ti.owner_password_grant(user = username(user), userpwd, opts[:scope]).info
|
|
136
136
|
}
|
|
137
137
|
say_success "owner password" if set_context(reply)
|
|
@@ -139,7 +139,7 @@ class TokenCli < CommonCli
|
|
|
139
139
|
|
|
140
140
|
desc "token refresh [refreshtoken]", "Gets a new access token from a refresh token", :client, :secret, :scope do |rtok|
|
|
141
141
|
rtok ||= Config.value(:refresh_token)
|
|
142
|
-
reply = issuer_request(
|
|
142
|
+
reply = issuer_request(clientid, clientsecret) { |ti| ti.refresh_token_grant(rtok, opts[:scope]).info }
|
|
143
143
|
say_success "refresh" if set_context(reply)
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -180,7 +180,7 @@ class TokenCli < CommonCli
|
|
|
180
180
|
define_option :port, "--port <number>", "pin internal server to specific port"
|
|
181
181
|
define_option :cf, "--[no-]cf", "save token in the ~/.cf_tokens file"
|
|
182
182
|
desc "token authcode get", "Gets a token using the authcode flow with browser",
|
|
183
|
-
:client, :secret, :scope, :cf, :port do use_browser(
|
|
183
|
+
:client, :secret, :scope, :cf, :port do use_browser(clientid, clientsecret) end
|
|
184
184
|
|
|
185
185
|
desc "token implicit get", "Gets a token using the implicit flow with browser",
|
|
186
186
|
:client, :scope, :cf, :port do use_browser opts[:client] || "cf" end
|
data/lib/cli/version.rb
CHANGED
data/lib/stub/scim.rb
CHANGED
|
@@ -22,6 +22,7 @@ class AlreadyExists < RuntimeError; end
|
|
|
22
22
|
class BadFilter < RuntimeError; end
|
|
23
23
|
class BadVersion < RuntimeError; end
|
|
24
24
|
|
|
25
|
+
# StubScim is the in-memory database of the stubbed out UAA server. Although called StubScim it manages ALL of the objects of the server; users, groups, clients, zones, providers, etc
|
|
25
26
|
class StubScim
|
|
26
27
|
|
|
27
28
|
private
|
|
@@ -39,10 +40,13 @@ class StubScim
|
|
|
39
40
|
GENERAL_MULTI = [:emails, :phonenumbers, :ims, :photos, :entitlements,
|
|
40
41
|
:roles, :x509certificates].to_set
|
|
41
42
|
GENERAL_SUBATTRS = [:value, :display, :primary, :type].to_set
|
|
43
|
+
|
|
44
|
+
# represents the schema of the scimuser name and meta attributes
|
|
42
45
|
EXPLICIT_SINGLE = {
|
|
43
46
|
name: [:formatted, :familyname, :givenname, :middlename,
|
|
44
47
|
:honorificprefix, :honorificsuffix].to_set,
|
|
45
48
|
meta: [:created, :lastmodified, :location, :version].to_set }
|
|
49
|
+
|
|
46
50
|
EXPLICIT_MULTI = {
|
|
47
51
|
addresses: [:formatted, :streetaddress, :locality, :region,
|
|
48
52
|
:postal_code, :country, :primary, :type].to_set,
|
|
@@ -57,7 +61,7 @@ class StubScim
|
|
|
57
61
|
:timezone, :active, :password, :emails, :phonenumbers, :ims, :photos,
|
|
58
62
|
:entitlements, :roles, :x509certificates, :name, :addresses,
|
|
59
63
|
:authorizations, :groups].to_set,
|
|
60
|
-
client: [*COMMON_ATTRS, :client_id, :client_secret, :authorities,
|
|
64
|
+
client: [*COMMON_ATTRS, :client_id, :name, :client_secret, :authorities,
|
|
61
65
|
:authorized_grant_types, :scope, :autoapprove,
|
|
62
66
|
:access_token_validity, :refresh_token_validity, :redirect_uri,
|
|
63
67
|
:'signup_redirect_url'].to_set,
|
|
@@ -127,7 +131,8 @@ class StubScim
|
|
|
127
131
|
when *GROUPS then valid_ids?(v, :group)
|
|
128
132
|
when *MEMBERSHIP then valid_ids?(v)
|
|
129
133
|
when ENUMS[k] then ENUMS[k].include?(v)
|
|
130
|
-
|
|
134
|
+
# not applicable to client objects (only scimuser objects have complex 'name' or 'meta' attributes)
|
|
135
|
+
when *EXPLICIT_SINGLE.keys && rtype.equal?(:client) then valid_complex?(v, EXPLICIT_SINGLE[k])
|
|
131
136
|
when *EXPLICIT_MULTI.keys then valid_multi?(v, EXPLICIT_MULTI[k])
|
|
132
137
|
else k.is_a?(String) || k.is_a?(Symbol)
|
|
133
138
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -49,8 +49,10 @@ module SpecHelper
|
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def setup_target(opts = {})
|
|
52
|
+
test_client = "test_client_#{Time.now.to_i}"
|
|
52
53
|
opts = { authorities: "clients.read,scim.read,scim.write,uaa.resource",
|
|
53
54
|
grant_types: "client_credentials,password,refresh_token",
|
|
55
|
+
name: test_client,
|
|
54
56
|
scope: "openid,password.write,scim.me,scim.read",
|
|
55
57
|
autoapprove: "openid,password.write,scim.me,scim.read",
|
|
56
58
|
signup_redirect_url: "home"}.update(opts)
|
|
@@ -65,11 +67,11 @@ module SpecHelper
|
|
|
65
67
|
Cli.run("target #{@target}").should be
|
|
66
68
|
Cli.run("token client get #{@admin_client} -s #{@admin_secret}")
|
|
67
69
|
Config.yaml.should include("access_token")
|
|
68
|
-
test_client = "test_client_#{Time.now.to_i}"
|
|
69
70
|
@test_secret = Shellwords.escape("+=tEsTsEcRet~!@--")
|
|
70
71
|
Cli.run("client add #{test_client} -s #{@test_secret} " +
|
|
71
72
|
"--authorities #{opts[:authorities]} " +
|
|
72
73
|
"--scope #{opts[:scope]} " +
|
|
74
|
+
"--name #{opts[:name]} " +
|
|
73
75
|
"--authorized_grant_types #{opts[:grant_types]} " +
|
|
74
76
|
"--autoapprove #{opts[:autoapprove]} " +
|
|
75
77
|
"--signup_redirect_url #{opts[:signup_redirect_url]}").should be
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Syer
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date:
|
|
15
|
+
date: 2016-01-12 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: bundler
|