cf-uaac 3.9.0 → 3.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a2c47fc2a63912509e7a7f93db88dabf44977723
-  data.tar.gz: 46c51d49fd1eed01bf3422f1dd1a796845327b84
+  metadata.gz: bfd5454d263e6da7b3bfd4a4af5aadc6025a7960
+  data.tar.gz: f6874a63ac34a6e68fd39d31a0deeb69fbaa6b91
 SHA512:
-  metadata.gz: 5be63a794cae0457dd1071f6cc1250d6fe6949f0752f646737ee0998639d2e0161dca12cd92cc7a5bef4fb5f762e76fd5fde4fa680193cb6d9b95ebb97a1e75c
-  data.tar.gz: 7e1e37f6ac860ac099e974eb11fa5b9d489ff977f382d5b8af1c1826549a4a19dc55bd8ba8f7f5f5d430ca8dfada8a3e839c5707f72c0bb59ad8196b2f10f146
+  metadata.gz: c0ebc2c42d29ccff07ae37d8905b26421954e404b5462ce1faa802fe66b6f4f7cc26e0f0d5c388b139983315ef5dc2114509b46750d3a06f6ae248278c3a89e4
+  data.tar.gz: 5b077bab9d8f4f001e15b25ac3e030d7154eb41b3daf7470574c90cc9ea10961950ec4bf0c89727149ddb38a971b4165d0bda97fe0d71edf23e08d92379e31b1

data/lib/uaa/cli/config.rb

@@ -97,7 +97,10 @@ class Config
 
   def self.delete(tgt = nil, ctx = nil)
     if tgt && ctx
-      @config[tgt][:contexts].delete(ctx = valid_context(ctx))
+      unless @config[tgt][:contexts].nil?
+        ctx = ctx.downcase.to_sym
+        @config[tgt][:contexts].delete(ctx)
+      end
       @context = nil if tgt == @target && ctx == @context
     elsif tgt
       @config.delete(tgt)

data/lib/uaa/cli/token.rb

@@ -73,7 +73,9 @@ class TokenCli < CommonCli
   def set_context(token_info)
     return gripe "attempt to get token failed\n" unless token_info && token_info["access_token"]
     contents = TokenCoder.decode(token_info["access_token"], verify: false)
-    Config.context = contents["user_name"] || contents["client_id"] || "bad_token"
+    new_context = contents["user_name"] || contents["client_id"] || "bad_token"
+    Config.delete(Config.target, new_context)
+    Config.context = new_context
     did_save = true
     (did_save &= Config.add_opts(user_id: contents["user_id"])) if contents["user_id"]
     (did_save &= Config.add_opts(client_id: contents["client_id"])) if contents["client_id"]

data/lib/uaa/cli/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    CLI_VERSION = '3.9.0'
+    CLI_VERSION = '3.10.0'
   end
 end

data/lib/uaa/stub/uaa.rb

@@ -298,45 +298,45 @@ class StubUAAConn < Stub::Base
       return reply.json(400, error: 'unauthorized_client')
     end
     case params.delete('grant_type')
-    when 'authorization_code'
-       # TODO: need authcode store with requested scope, redir_uri must match
-      return if bad_params?(params, ['code', 'redirect_uri'], [])
-      user_id, scope = redeem_auth_code(client[:id], params['redirect_uri'], params['code'])
-      return reply.json(400, error: 'invalid_grant') unless user_id && scope
-      user = server.scim.get(user, :user, :id, :emails, :username)
-      reply.json(token_reply_info(client, scope, user, nil, true))
-    when 'password'
-      notPassword = bad_params?(params, ['username', 'password'], ['scope'])
-      notPasscode = bad_params?(params, ['passcode'], ['scope'])
-      return if notPasscode && notPassword
-      unless notPassword
-        username = params['username']
-        password = params['password']
-      end
-      unless notPasscode
-        username, password = Base64::urlsafe_decode64(params['passcode']).split
-      end
-      user = find_user(username, password)
-      return reply.json(400, error: 'invalid_grant') unless user
-      scope = calc_scope(client, user, params['scope'])
-      return reply.json(400, error: 'invalid_scope') unless scope
-      reply.json(200, token_reply_info(client, scope, user))
-    when 'client_credentials'
-      return if bad_params?(params, [], ['scope'])
-      scope = calc_scope(client, nil, params['scope'])
-      return reply.json(400, error: 'invalid_scope') unless scope
-      reply.json(token_reply_info(client, scope))
-    when 'refresh_token'
-      return if bad_params?(params, ['refresh_token'], ['scope'])
-      return reply.json(400, error: 'invalid_grant') unless params['refresh_token'] == 'universal_refresh_token'
-      # TODO: max scope should come from refresh token, or user from refresh token
-      # this should use calc_scope when we know the user
-      scope = ids_to_names(client[:scope])
-      scope = Util.strlist(Util.arglist(params['scope'], scope) & scope)
-      return reply.json(400, error: 'invalid_scope') if scope.empty?
-      reply.json(token_reply_info(client, scope))
-    else
-      reply.json(400, error: 'unsupported_grant_type')
+      when 'authorization_code'
+         # TODO: need authcode store with requested scope, redir_uri must match
+        return if bad_params?(params, ['code', 'redirect_uri'], [])
+        user_id, scope = redeem_auth_code(client[:id], params['redirect_uri'], params['code'])
+        return reply.json(400, error: 'invalid_grant') unless user_id && scope
+        user = server.scim.get(user, :user, :id, :emails, :username)
+        reply.json(token_reply_info(client, scope, user, nil, true))
+      when 'password'
+        notPassword = bad_params?(params, ['username', 'password'], ['scope'])
+        notPasscode = bad_params?(params, ['passcode'], ['scope'])
+        return if notPasscode && notPassword
+        unless notPassword
+          username = params['username']
+          password = params['password']
+        end
+        unless notPasscode
+          username, password = Base64::urlsafe_decode64(params['passcode']).split
+        end
+        user = find_user(username, password)
+        return reply.json(400, error: 'invalid_grant') unless user
+        scope = calc_scope(client, user, params['scope'])
+        return reply.json(400, error: 'invalid_scope') unless scope
+        reply.json(200, token_reply_info(client, scope, user, nil, true))
+      when 'client_credentials'
+        return if bad_params?(params, [], ['scope'])
+        scope = calc_scope(client, nil, params['scope'])
+        return reply.json(400, error: 'invalid_scope') unless scope
+        reply.json(token_reply_info(client, scope))
+      when 'refresh_token'
+        return if bad_params?(params, ['refresh_token'], ['scope'])
+        return reply.json(400, error: 'invalid_grant') unless params['refresh_token'] == 'universal_refresh_token'
+        # TODO: max scope should come from refresh token, or user from refresh token
+        # this should use calc_scope when we know the user
+        scope = ids_to_names(client[:scope])
+        scope = Util.strlist(Util.arglist(params['scope'], scope) & scope)
+        return reply.json(400, error: 'invalid_scope') if scope.empty?
+        reply.json(token_reply_info(client, scope))
+      else
+        reply.json(400, error: 'unsupported_grant_type')
     end
     inject_error
   end

data/spec/token_spec.rb

@@ -22,16 +22,16 @@ describe TokenCli do
 
   before :all do
     #Util.default_logger(:trace)
-    Cli.configure("", nil, StringIO.new, true)
-    setup_target(authorities: "clients.read,scim.read,scim.write,uaa.resource")
+    Cli.configure('', nil, StringIO.new, true)
+    setup_target(authorities: 'clients.read,scim.read,scim.write,uaa.resource')
     Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
-    Config.yaml.should include("access_token")
+    Config.yaml.should include('access_token')
     @test_pwd_unescaped = "@~`!$@%#%^$^&*)(|}{[]\":';?><,./"
     @test_pwd = Shellwords.escape(@test_pwd_unescaped)
     @test_user = "test_user_#{Time.now.to_i}"
     Cli.run("user add #{@test_user} -p #{@test_pwd} " +
-        "--emails sam@example.com,joNES@sample.com --given_name SamueL " +
-        "--phones 801-555-1212 --family_name jonES").should be
+                '--emails sam@example.com,joNES@sample.com --given_name SamueL ' +
+                '--phones 801-555-1212 --family_name jonES').should be
   end
 
   after :all do
@@ -41,100 +41,123 @@ describe TokenCli do
     cleanup_target
   end
 
-  it "logs in with implicit grant & posted credentials as a user" do
+  it 'logs in with implicit grant & posted credentials as a user' do
     Cli.run("token get #{@test_user} #{@test_pwd}").should be
-    Cli.output.string.should include("Successfully fetched token")
-    Cli.run("context")
+    Cli.output.string.should include('Successfully fetched token')
+    Cli.run('context')
     Cli.output.string.should match /scope:.+password\.write openid.*$/
   end
 
-  it "can request a specific scope" do
-    Cli.run("token delete")
+  it 'can request a specific scope' do
+    Cli.run('token delete')
     Cli.output.truncate 0
     Cli.run("token get --scope password.write #{@test_user} #{@test_pwd}").should be
-    Cli.output.string.should include("Successfully fetched token")
-    Cli.run("context")
+    Cli.output.string.should include('Successfully fetched token')
+    Cli.run('context')
     Cli.output.string.should match /scope: password\.write$/
   end
 
-  it "decodes the token" do
-    Cli.run("token decode").should be
-    ["user_name", "exp", "aud", "scope", "client_id", "email", "user_id"].each do |a|
+  it 'decodes the token' do
+    Cli.run('token decode').should be
+    ['user_name', 'exp', 'aud', 'scope', 'client_id', 'email', 'user_id'].each do |a|
       Cli.output.string.should include(a)
     end
-    Cli.output.string.should include("email: sam@example.com")
+    Cli.output.string.should include('email: sam@example.com')
     Cli.output.string.should include("user_name: #{@test_user}")
   end
 
-  it "gets authenticated user information" do
+  it 'gets authenticated user information' do
     Cli.run("token get #{@test_user} #{@test_pwd}").should be
-    Cli.run("me").should be
+    Cli.run('me').should be
     Cli.output.string.should include(@test_user)
   end
 
-  it "updates the user" do
+  it 'updates the user' do
     Cli.run "context #{@test_client}"
     Cli.run("user update #{@test_user} --emails #{@test_user}+1@example.com --phones 123-456-7890").should be
     Cli.run("user get #{@test_user}").should be
-    Cli.output.string.should include(@test_user, "#{@test_user}+1@example.com", "123-456-7890")
+    Cli.output.string.should include(@test_user, "#{@test_user}+1@example.com", '123-456-7890')
   end
 
-  it "gets updated information in the token" do
+  it 'gets updated information in the token' do
     Cli.run("token get #{@test_user} #{@test_pwd}").should be
-    Cli.output.string.should include("Successfully fetched token")
-    Cli.run("token decode").should be
+    Cli.output.string.should include('Successfully fetched token')
+    Cli.run('token decode').should be
     Cli.output.string.should include("email: #{@test_user}+1@example.com")
   end
 
-  it "gets ids for a username" do
+  it 'gets ids for a username' do
     Cli.run("user ids #{@test_user.downcase}").should be
-    Cli.output.string.should include(@test_user, "id")
+    Cli.output.string.should include(@test_user, 'id')
   end
 
-  it "has multiple distinct authentication contexts" do
-    Cli.run("contexts").should be
-    Cli.output.string.should include "[admin]", "[#{@test_client}]", "[#{@test_user.downcase}]"
+  it 'has multiple distinct authentication contexts' do
+    Cli.run('contexts').should be
+    Cli.output.string.should include '[admin]', "[#{@test_client}]", "[#{@test_user.downcase}]"
   end
 
-  it "removes the user context" do
+  it 'removes the user context' do
     Cli.run("token delete #{@test_user}").should be
-    Cli.run "contexts"
-    Cli.output.string.should include "[admin]", "[#{@test_client}]"
+    Cli.run 'contexts'
+    Cli.output.string.should include '[admin]', "[#{@test_client}]"
     Cli.output.string.should_not include "#{@test_user}"
   end
 
-  it "logs in with owner password grant" do
+  it 'logs in with owner password grant' do
     Cli.run("token owner get #{@test_client} -s #{@test_secret} #{@test_user} -p #{@test_pwd}" ).should be
-    Cli.output.string.should include "Successfully fetched token"
+    Cli.output.string.should include 'Successfully fetched token'
   end
 
-  it "logs in with sso passcode grant" do
+  it 'logs in with sso passcode grant' do
     fakePasscode = Base64::urlsafe_encode64("#{@test_user} #{@test_pwd_unescaped}")
     cli_run = Cli.run("token sso get #{@test_client} -s #{@test_secret} --passcode #{fakePasscode}")
     cli_run.should be
-    Cli.output.string.should include "Successfully fetched token"
+    Cli.output.string.should include 'Successfully fetched token'
   end
 
-  it "decodes the owner token" do
-    Cli.run("token decode").should be
-    ["user_name", "exp", "aud", "scope", "client_id", "email", "user_id", "openid", "password.write"].each do |a|
+  it 'decodes the owner token' do
+    Cli.run('token decode').should be
+    ['user_name', 'exp', 'aud', 'scope', 'client_id', 'email', 'user_id', 'openid', 'password.write'].each do |a|
       Cli.output.string.should include a
     end
   end
 
-  it "gets the server signing key" do
+  describe 'when client_id is same as user_name'  do
+    before :each do
+      Cli.run("token client get #{@admin_client} -s #{@admin_secret}").should be
+      Cli.run("client add #{@test_user} -s #{@test_secret} " +
+                  "--authorities uaa.resource " +
+                  "--scope openid " +
+                  "--authorized_grant_types client_credentials " +
+                  "--autoapprove uaa.resource " +
+                  "--signup_redirect_url home")
+      Cli.output.string.should include 'created_by'
+    end
+
+    it 'does not contain refresh token for client-credentials token' do
+      Cli.run("token owner get #{@test_client} -s #{@test_secret} #{@test_user} -p #{@test_pwd}" ).should be
+      Cli.run('context')
+      Cli.output.string.should include 'refresh_token'
+
+      Cli.run("token client get #{@test_user} -s #{@test_secret}" ).should be
+      Cli.run('context')
+      Cli.output.string.should_not include 'refresh_token'
+    end
+  end
+
+  it 'gets the server signing key' do
     Cli.run("signing key -c #{@test_client} -s #{@test_secret}").should be
     Cli.output.string.should include 'alg:', 'value:'
   end
 
-  it "uses the token endpoint given by the login server" do
-    pending "only saml login server returns token endpoint" if ENV["UAA_CLIENT_TARGET"]
+  it 'uses the token endpoint given by the login server' do
+    pending 'only saml login server returns token endpoint' if ENV['UAA_CLIENT_TARGET']
     @stub_uaa.info[:token_endpoint] = te = "#{@stub_uaa.url}/alternate"
     Cli.run("target #{@target} --config")
     Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
-    Config.yaml.should include("access_token", "token_endpoint", te)
+    Config.yaml.should include('access_token', 'token_endpoint', te)
     @stub_uaa.info[:token_endpoint].should be_nil
-    Cli.configure("", nil, StringIO.new) # clean up
+    Cli.configure('', nil, StringIO.new) # clean up
     Cli.run("target #{@target}").should be
     Cli.run("token client get #{@admin_client} -s #{@admin_secret}").should be
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaac
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.10.0
 platform: ruby
 authors:
 - Dave Syer
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-21 00:00:00.000000000 Z
+date: 2017-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cf-uaa-lib
@@ -347,4 +347,15 @@ rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Command line interface for CloudFoundry UAA
-test_files: []
+test_files:
+- spec/client_reg_spec.rb
+- spec/common_spec.rb
+- spec/curl_spec.rb
+- spec/group_spec.rb
+- spec/http_spec.rb
+- spec/info_spec.rb
+- spec/setup_helper.rb
+- spec/spec_helper.rb
+- spec/ssl_integration_spec.rb
+- spec/token_spec.rb
+- spec/user_spec.rb