cf-uaac 3.1.5 → 3.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cli/client_reg.rb +14 -13
- data/lib/cli/common.rb +3 -2
- data/lib/cli/info.rb +2 -2
- data/lib/cli/token.rb +5 -5
- data/lib/cli/version.rb +1 -1
- data/lib/stub/scim.rb +7 -2
- data/spec/spec_helper.rb +3 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 60ae15860d77b0b2f0c132a4c356b244346b438c
|
|
4
|
+
data.tar.gz: 97cb870f7936e8cc67c4bfa4284e7e7281f1870a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52ff8e0adb7e9df5270f557626c6b5e4d996a842bc9736242b836e3a1ebcafe70386053277cabc1df2781e7e09a7c65c03661e2cce8a23ef00bb581e858e27b
|
|
7
|
+
data.tar.gz: 60340d5967d8dab9babdc1d5ba34f2ab300a4e83b2871717d46f32ce3fc2e7a60ecd53e90067a40c723ab27e3e68c7d7035e5ec5ad087463b56b5d46bf28361c
|
data/lib/cli/client_reg.rb
CHANGED
|
@@ -20,6 +20,7 @@ class ClientCli < CommonCli
|
|
|
20
20
|
topic "Client Application Registrations", "reg"
|
|
21
21
|
|
|
22
22
|
CLIENT_SCHEMA = {
|
|
23
|
+
:name => "string",
|
|
23
24
|
:scope => "list",
|
|
24
25
|
:authorized_grant_types => "list",
|
|
25
26
|
:authorities => "list",
|
|
@@ -57,17 +58,17 @@ class ClientCli < CommonCli
|
|
|
57
58
|
scim_common_list(:client, filter)
|
|
58
59
|
end
|
|
59
60
|
|
|
60
|
-
desc "client get [
|
|
61
|
-
pp scim_request { |sr| scim_get_object(sr, :client,
|
|
61
|
+
desc "client get [id]", "Get specific client registration", :attrs do |id|
|
|
62
|
+
pp scim_request { |sr| scim_get_object(sr, :client, clientid(id), opts[:attrs]) }
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
define_option :clone, "--clone <other>", "get default settings from other"
|
|
65
66
|
define_option :interact, "--[no-]interactive", "-i", "interactively verify all values"
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
*CLIENT_SCHEMA.keys, :clone, :secret, :interact do |name|
|
|
67
|
+
desc "client add [id]", "Add client registration",
|
|
68
|
+
*CLIENT_SCHEMA.keys, :clone, :secret, :interact do |id|
|
|
69
69
|
pp scim_request { |cr|
|
|
70
|
-
opts[:client_id] =
|
|
70
|
+
opts[:client_id] = clientid(id)
|
|
71
|
+
opts[:name] = clientname()
|
|
71
72
|
opts[:secret] = verified_pwd("New client secret", opts[:secret])
|
|
72
73
|
defaults = opts[:clone] ? Util.hash_keys!(cr.get(:client, opts[:clone]), :sym) : {}
|
|
73
74
|
defaults.delete(:client_id)
|
|
@@ -75,10 +76,10 @@ class ClientCli < CommonCli
|
|
|
75
76
|
}
|
|
76
77
|
end
|
|
77
78
|
|
|
78
|
-
desc "client update [
|
|
79
|
-
:del_attrs, :interact do |
|
|
79
|
+
desc "client update [id]", "Update client registration", *CLIENT_SCHEMA.keys,
|
|
80
|
+
:del_attrs, :interact do |id|
|
|
80
81
|
pp scim_request { |cr|
|
|
81
|
-
opts[:client_id] =
|
|
82
|
+
opts[:client_id] = clientid(id)
|
|
82
83
|
orig = Util.hash_keys!(cr.get(:client, opts[:client_id]), :sym)
|
|
83
84
|
info = client_info(orig)
|
|
84
85
|
info.any? { |k, v| v != orig[k] } ? cr.put(:client, info) :
|
|
@@ -86,16 +87,16 @@ class ClientCli < CommonCli
|
|
|
86
87
|
}
|
|
87
88
|
end
|
|
88
89
|
|
|
89
|
-
desc "client delete [
|
|
90
|
+
desc "client delete [id]", "Delete client registration" do |id|
|
|
90
91
|
pp scim_request { |cr|
|
|
91
|
-
cr.delete(:client,
|
|
92
|
+
cr.delete(:client, clientid(id))
|
|
92
93
|
"client registration deleted"
|
|
93
94
|
}
|
|
94
95
|
end
|
|
95
96
|
|
|
96
|
-
desc "secret set [
|
|
97
|
+
desc "secret set [id]", "Set client secret", :secret do |id|
|
|
97
98
|
pp scim_request { |cr|
|
|
98
|
-
cr.change_secret(
|
|
99
|
+
cr.change_secret(clientid(id), verified_pwd("New secret", opts[:secret]))
|
|
99
100
|
"client secret successfully set"
|
|
100
101
|
}
|
|
101
102
|
end
|
data/lib/cli/common.rb
CHANGED
|
@@ -31,8 +31,9 @@ class CommonCli < Topic
|
|
|
31
31
|
|
|
32
32
|
def username(name); name || ask("User name") end
|
|
33
33
|
def userpwd(pwd = opts[:password]); pwd || ask_pwd("Password") end
|
|
34
|
-
def
|
|
35
|
-
def clientsecret(
|
|
34
|
+
def clientid(id = opts[:client]); id || ask("Client ID") end
|
|
35
|
+
def clientsecret(secret = opts[:secret]); secret || ask_pwd("Client secret") end
|
|
36
|
+
def clientname(name = opts[:name]); name || ask("Client name") end
|
|
36
37
|
|
|
37
38
|
def verified_pwd(prompt, pwd = nil)
|
|
38
39
|
while pwd.nil?
|
data/lib/cli/info.rb
CHANGED
|
@@ -37,7 +37,7 @@ class InfoCli < CommonCli
|
|
|
37
37
|
desc "signing key", "get the UAA's token signing key(s)", :client, :secret do
|
|
38
38
|
info = misc_request {
|
|
39
39
|
@cli_class.uaa_info_client.validation_key(
|
|
40
|
-
(
|
|
40
|
+
(clientid if opts.key?(:client)),
|
|
41
41
|
(clientsecret if opts.key?(:client))
|
|
42
42
|
)
|
|
43
43
|
}
|
|
@@ -48,7 +48,7 @@ class InfoCli < CommonCli
|
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
desc "stats", "Show UAA's current usage statistics", :client, :secret do
|
|
51
|
-
pp misc_request { @cli_class.uaa_info_client.varz(
|
|
51
|
+
pp misc_request { @cli_class.uaa_info_client.varz(clientid, clientsecret) }
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
desc "password strength [password]", "calculate strength score of a password" do |pwd|
|
data/lib/cli/token.rb
CHANGED
|
@@ -120,9 +120,9 @@ class TokenCli < CommonCli
|
|
|
120
120
|
end
|
|
121
121
|
|
|
122
122
|
define_option :secret, "--secret <secret>", "-s", "client secret"
|
|
123
|
-
desc "token client get [
|
|
123
|
+
desc "token client get [id]",
|
|
124
124
|
"Gets a token with client credentials grant", :secret, :scope do |id|
|
|
125
|
-
reply = issuer_request(
|
|
125
|
+
reply = issuer_request(clientid(id), clientsecret) { |ti|
|
|
126
126
|
ti.client_credentials_grant(opts[:scope]).info
|
|
127
127
|
}
|
|
128
128
|
say_success "client credentials" if set_context(reply)
|
|
@@ -131,7 +131,7 @@ class TokenCli < CommonCli
|
|
|
131
131
|
define_option :password, "-p", "--password <password>", "user password"
|
|
132
132
|
desc "token owner get [client] [user]", "Gets a token with a resource owner password grant",
|
|
133
133
|
:secret, :password, :scope do |client, user|
|
|
134
|
-
reply = issuer_request(
|
|
134
|
+
reply = issuer_request(clientid(client), clientsecret) { |ti|
|
|
135
135
|
ti.owner_password_grant(user = username(user), userpwd, opts[:scope]).info
|
|
136
136
|
}
|
|
137
137
|
say_success "owner password" if set_context(reply)
|
|
@@ -139,7 +139,7 @@ class TokenCli < CommonCli
|
|
|
139
139
|
|
|
140
140
|
desc "token refresh [refreshtoken]", "Gets a new access token from a refresh token", :client, :secret, :scope do |rtok|
|
|
141
141
|
rtok ||= Config.value(:refresh_token)
|
|
142
|
-
reply = issuer_request(
|
|
142
|
+
reply = issuer_request(clientid, clientsecret) { |ti| ti.refresh_token_grant(rtok, opts[:scope]).info }
|
|
143
143
|
say_success "refresh" if set_context(reply)
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -180,7 +180,7 @@ class TokenCli < CommonCli
|
|
|
180
180
|
define_option :port, "--port <number>", "pin internal server to specific port"
|
|
181
181
|
define_option :cf, "--[no-]cf", "save token in the ~/.cf_tokens file"
|
|
182
182
|
desc "token authcode get", "Gets a token using the authcode flow with browser",
|
|
183
|
-
:client, :secret, :scope, :cf, :port do use_browser(
|
|
183
|
+
:client, :secret, :scope, :cf, :port do use_browser(clientid, clientsecret) end
|
|
184
184
|
|
|
185
185
|
desc "token implicit get", "Gets a token using the implicit flow with browser",
|
|
186
186
|
:client, :scope, :cf, :port do use_browser opts[:client] || "cf" end
|
data/lib/cli/version.rb
CHANGED
data/lib/stub/scim.rb
CHANGED
|
@@ -22,6 +22,7 @@ class AlreadyExists < RuntimeError; end
|
|
|
22
22
|
class BadFilter < RuntimeError; end
|
|
23
23
|
class BadVersion < RuntimeError; end
|
|
24
24
|
|
|
25
|
+
# StubScim is the in-memory database of the stubbed out UAA server. Although called StubScim it manages ALL of the objects of the server; users, groups, clients, zones, providers, etc
|
|
25
26
|
class StubScim
|
|
26
27
|
|
|
27
28
|
private
|
|
@@ -39,10 +40,13 @@ class StubScim
|
|
|
39
40
|
GENERAL_MULTI = [:emails, :phonenumbers, :ims, :photos, :entitlements,
|
|
40
41
|
:roles, :x509certificates].to_set
|
|
41
42
|
GENERAL_SUBATTRS = [:value, :display, :primary, :type].to_set
|
|
43
|
+
|
|
44
|
+
# represents the schema of the scimuser name and meta attributes
|
|
42
45
|
EXPLICIT_SINGLE = {
|
|
43
46
|
name: [:formatted, :familyname, :givenname, :middlename,
|
|
44
47
|
:honorificprefix, :honorificsuffix].to_set,
|
|
45
48
|
meta: [:created, :lastmodified, :location, :version].to_set }
|
|
49
|
+
|
|
46
50
|
EXPLICIT_MULTI = {
|
|
47
51
|
addresses: [:formatted, :streetaddress, :locality, :region,
|
|
48
52
|
:postal_code, :country, :primary, :type].to_set,
|
|
@@ -57,7 +61,7 @@ class StubScim
|
|
|
57
61
|
:timezone, :active, :password, :emails, :phonenumbers, :ims, :photos,
|
|
58
62
|
:entitlements, :roles, :x509certificates, :name, :addresses,
|
|
59
63
|
:authorizations, :groups].to_set,
|
|
60
|
-
client: [*COMMON_ATTRS, :client_id, :client_secret, :authorities,
|
|
64
|
+
client: [*COMMON_ATTRS, :client_id, :name, :client_secret, :authorities,
|
|
61
65
|
:authorized_grant_types, :scope, :autoapprove,
|
|
62
66
|
:access_token_validity, :refresh_token_validity, :redirect_uri,
|
|
63
67
|
:'signup_redirect_url'].to_set,
|
|
@@ -127,7 +131,8 @@ class StubScim
|
|
|
127
131
|
when *GROUPS then valid_ids?(v, :group)
|
|
128
132
|
when *MEMBERSHIP then valid_ids?(v)
|
|
129
133
|
when ENUMS[k] then ENUMS[k].include?(v)
|
|
130
|
-
|
|
134
|
+
# not applicable to client objects (only scimuser objects have complex 'name' or 'meta' attributes)
|
|
135
|
+
when *EXPLICIT_SINGLE.keys && rtype.equal?(:client) then valid_complex?(v, EXPLICIT_SINGLE[k])
|
|
131
136
|
when *EXPLICIT_MULTI.keys then valid_multi?(v, EXPLICIT_MULTI[k])
|
|
132
137
|
else k.is_a?(String) || k.is_a?(Symbol)
|
|
133
138
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -49,8 +49,10 @@ module SpecHelper
|
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def setup_target(opts = {})
|
|
52
|
+
test_client = "test_client_#{Time.now.to_i}"
|
|
52
53
|
opts = { authorities: "clients.read,scim.read,scim.write,uaa.resource",
|
|
53
54
|
grant_types: "client_credentials,password,refresh_token",
|
|
55
|
+
name: test_client,
|
|
54
56
|
scope: "openid,password.write,scim.me,scim.read",
|
|
55
57
|
autoapprove: "openid,password.write,scim.me,scim.read",
|
|
56
58
|
signup_redirect_url: "home"}.update(opts)
|
|
@@ -65,11 +67,11 @@ module SpecHelper
|
|
|
65
67
|
Cli.run("target #{@target}").should be
|
|
66
68
|
Cli.run("token client get #{@admin_client} -s #{@admin_secret}")
|
|
67
69
|
Config.yaml.should include("access_token")
|
|
68
|
-
test_client = "test_client_#{Time.now.to_i}"
|
|
69
70
|
@test_secret = Shellwords.escape("+=tEsTsEcRet~!@--")
|
|
70
71
|
Cli.run("client add #{test_client} -s #{@test_secret} " +
|
|
71
72
|
"--authorities #{opts[:authorities]} " +
|
|
72
73
|
"--scope #{opts[:scope]} " +
|
|
74
|
+
"--name #{opts[:name]} " +
|
|
73
75
|
"--authorized_grant_types #{opts[:grant_types]} " +
|
|
74
76
|
"--autoapprove #{opts[:autoapprove]} " +
|
|
75
77
|
"--signup_redirect_url #{opts[:signup_redirect_url]}").should be
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dave Syer
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date:
|
|
15
|
+
date: 2016-01-12 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: bundler
|