cf-uaac 3.1.7 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c7d94b0c99e65a95ea8973d615886e3c34f53726
-  data.tar.gz: fb96fbcfe4e8e5a65f2ff631b87289b82561b802
+  metadata.gz: 99547295a5faebfa3f711aca3078f7b09af3c0c5
+  data.tar.gz: 4edaa8921ff9e37db2b03e335dc99f7788f2726c
 SHA512:
-  metadata.gz: 97d98de132132cbbb5e227e232cce7959edbf3917e776983ec8007e2221ad825fc74c50001c3e7570c00be253fbfdd2960be5cb489412f95cd7a1c57d163961a
-  data.tar.gz: 01dd3c1946a31587b5d149d7b4d2b80b6ecad0d19194cc176373d407b9fe43d9663dda7036ddc48c9e80ec4e6d4781e99f3091085259add4ea5d7272663c34d5
+  metadata.gz: b5f26510821f4815e381e765ad71970dba95a9b11cb023b1a5f1f390dddedaa7cbc2b544cb291f40cea71368794430c2d7d9ec9ef6118e41eed31d9dcd208681
+  data.tar.gz: 7bdccc0fb5a696ca07d34a38351a1017a32e6ebb3ecd415ddc8424ac034a11deeda0b5fdc76312173bf6329d3b74b9f2e9deaade94d551cf21ef30572cf0b892

data/cf-uaac.gemspec

@@ -39,7 +39,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "simplecov", "~> 0.8.2"
   s.add_development_dependency "simplecov-rcov", "~> 0.2.3"
   s.add_development_dependency "ci_reporter", "~> 1.9.2"
-  s.add_runtime_dependency "cf-uaa-lib", "~> 3.2.5"
+  s.add_runtime_dependency "cf-uaa-lib", "~> 3.4.0"
   s.add_runtime_dependency "highline", "~> 1.6.21"
   s.add_runtime_dependency "eventmachine", "~> 1.0.3"
   s.add_runtime_dependency "launchy", "~> 2.4.2"

data/lib/cli/common.rb

@@ -31,6 +31,7 @@ class CommonCli < Topic
 
   def username(name); name || ask("User name") end
   def userpwd(pwd = opts[:password]); pwd || ask_pwd("Password") end
+  def passcode(passcode = opts[:passcode]); passcode || ask("Passcode (from #{Config.target}/passcode)") end
   def clientid(id = opts[:client]); id || ask("Client ID") end
   def clientsecret(secret = opts[:secret]); secret || ask_pwd("Client secret") end
   def clientname(name = opts[:name]); name end

data/lib/cli/group.rb

@@ -63,23 +63,26 @@ class GroupCli < CommonCli
 
   define_option :id, "--id <id>", "map uaa group using group id"
   define_option :name, "--name <name>", "map uaa scope using group name"
-  desc "group map [external_group]", "Map uaa groups to external groups", :id, :name do |external_group|
+  define_option :origin, "--origin <origin>", "map uaa scope to external group for this origin. Defaults to ldap."
+  desc "group map [external_group]", "Map uaa groups to external groups", :id, :name, :origin do |external_group|
     return gripe "Please provide a group name or id" unless opts[:id] || opts[:name]
     return gripe "Please provide an external group" unless external_group
 
     group = opts[:id] ? opts[:id] : opts[:name]
     is_id = opts[:id] ? true : false
+    origin = opts[:origin] ? opts[:origin] : 'ldap'
     pp scim_request { |ua|
-      response = ua.map_group(group, is_id, external_group)
+      response = ua.map_group(group, is_id, external_group, origin)
       raise BadResponse, "no  group id found in response of external group mapping" unless response["groupid"]
-      "Successfully mapped #{response["displayname"]} to #{external_group}"
+      "Successfully mapped #{response["displayname"]} to #{external_group} for origin #{origin}"
     }
   end
 
-  desc "group unmap [group_name] [external_group]", "Unmaps an external group from a uaa group" do |group_name, external_group|
+  desc "group unmap [group_name] [external_group]", "Unmaps an external group from a uaa group", :origin do |group_name, external_group|
     return gripe "Please provide a group name and external group" unless group_name && external_group
 
-    group_id = nil
+    origin = opts[:origin] ? opts[:origin] : 'ldap'
+
     response = Cli.run("group get #{group_name}")
     if response
       group_id = response['id']
@@ -87,9 +90,10 @@ class GroupCli < CommonCli
       return gripe "Group #{group_name} not found"
     end
 
+
     pp scim_request { |ua|
-      ua.unmap_group(group_id, external_group)
-      "Successfully unmapped #{external_group} from #{group_name}"
+      ua.unmap_group(group_id, external_group, origin)
+      "Successfully unmapped #{external_group} from #{group_name} for origin #{origin}"
     }
   end
 

data/lib/cli/token.rb

@@ -137,6 +137,15 @@ class TokenCli < CommonCli
     say_success "owner password" if set_context(reply)
   end
 
+  define_option :passcode, "--passcode <passcode>"
+  desc "token sso get [client]", "Gets a token based on a one time passcode after successful SSO via browser",
+       :secret,:passcode,:scope do |client|
+    reply = issuer_request(clientid(client), clientsecret) { |ti|
+      ti.passcode_grant(passcode, opts[:scope]).info
+    }
+    say_success "owner passcode" if set_context(reply)
+  end
+
   desc "token refresh [refreshtoken]", "Gets a new access token from a refresh token", :client, :secret, :scope do |rtok|
     rtok ||= Config.value(:refresh_token)
     reply = issuer_request(clientid, clientsecret) { |ti| ti.refresh_token_grant(rtok, opts[:scope]).info }

data/lib/cli/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    CLI_VERSION = "3.1.7"
+    CLI_VERSION = "3.2.0"
   end
 end

data/lib/stub/scim.rb

@@ -284,25 +284,26 @@ class StubScim
     [objs, total]
   end
 
-  def add_group_mapping(external_group, group_id, group_name)
+  def add_group_mapping(external_group, group_id, group_name, origin)
     group = group_id ? ref_by_id(group_id, :group) : ref_by_name(group_name, :group)
     return unless group
-    (group[:external_groups] ||= Set.new) << external_group
+    (group[:external_groups] ||= Hash.new)
+    group[:external_groups][external_group] = 'ldap'
     group
   end
 
-  def delete_group_mapping(group_id, external_group)
+  def delete_group_mapping(group_id, external_group, origin)
     raise NotFound unless group = ref_by_id(group_id, :group)
     raise NotFound unless group[:external_groups] && group[:external_groups].include?(external_group)
-    group[:external_groups].delete(external_group)
+    group[:external_groups][external_group].delete(origin)
   end
 
   def get_group_mappings
     group_mappings = []
     @things_by_id.each do |id, thing|
       if thing[:rtype] == :group
-        thing[:external_groups].each do |external_group|
-          group_mappings << { groupid: thing[:id], displayname: thing[:displayname], externalgroup: external_group }
+        thing[:external_groups].each do |key, value|
+          group_mappings << { groupid: thing[:id], displayname: thing[:displayname], externalgroup: key }
         end if thing[:external_groups]
       end
     end unless @things_by_id.empty?

data/lib/stub/uaa.rb

@@ -305,12 +305,21 @@ class StubUAAConn < Stub::Base
       user = server.scim.get(user, :user, :id, :emails, :username)
       reply.json(token_reply_info(client, scope, user, nil, true))
     when "password"
-      return if bad_params?(params, ['username', 'password'], ['scope'])
-      user = find_user(params['username'], params['password'])
+      notPassword = bad_params?(params, ['username', 'password'], ['scope'])
+      notPasscode = bad_params?(params, ['passcode'], ['scope'])
+      return if notPasscode && notPassword
+      unless notPassword
+        username = params['username']
+        password = params['password']
+      end
+      unless notPasscode
+        username, password = Base64::urlsafe_decode64(params['passcode']).split
+      end
+      user = find_user(username, password)
       return reply.json(400, error: "invalid_grant") unless user
       scope = calc_scope(client, user, params['scope'])
       return reply.json(400, error: "invalid_scope") unless scope
-      reply.json(token_reply_info(client, scope, user))
+      reply.json(200, token_reply_info(client, scope, user))
     when "client_credentials"
       return if bad_params?(params, [], ['scope'])
       scope = calc_scope(client, nil, params['scope'])
@@ -434,8 +443,9 @@ class StubUAAConn < Stub::Base
     external_group = json["externalgroup"]
     group_name = json["displayname"]
     group_id = json["groupid"]
-    group = server.scim.add_group_mapping(external_group, group_id, group_name)
-    reply_in_kind(displayName: group[:displayname], externalGroup: external_group, groupId: group[:id])
+    origin = json["origin"]
+    group = server.scim.add_group_mapping(external_group, group_id, group_name, origin)
+    reply_in_kind(displayName: group[:displayname], externalGroup: external_group, groupId: group[:id], origin: origin)
   end
 
   route :get, %r{^/Groups/External/list(\?|$)(.*)} do
@@ -455,13 +465,14 @@ class StubUAAConn < Stub::Base
     reply_in_kind(resources: paginated_group_mappings, itemsPerPage: count, startIndex: start_index, totalResults: group_mappings.length)
   end
 
-  route :delete, %r{^/Groups/External/id/([^/]+)/([^/]+)$} do
+  route :delete, %r{^/Groups/External/groupId/([^/]+)/externalGroup/([^/]+)/origin/([^/]+)$} do
     return unless valid_token("scim.write")
 
     group_id = match[1]
     external_group = match[2]
+    origin = match[3]
     begin
-      server.scim.delete_group_mapping(group_id, external_group)
+      server.scim.delete_group_mapping(group_id, external_group, origin)
     rescue NotFound
       not_found("Mapping for group ID #{match[1]} and external group #{match[2]}")
     end

data/spec/group_spec.rb

@@ -230,7 +230,10 @@ describe GroupCli do
     Cli.output.string.should include "Please provide an external group"
 
     Cli.run "group map ldap-id --name #{@test_group}"
-    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id"
+    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id for origin ldap"
+
+    Cli.run "group map ldap-id --name #{@test_group} --origin ldap2"
+    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id for origin ldap2"
 
     Cli.run("group get #{@test_group}")
     test_group_id = Cli.output.string.match(/id: ([\S]+)/)[1]
@@ -242,7 +245,10 @@ describe GroupCli do
     Cli.run "context #{@test_client}"
 
     Cli.run "group map ldap-id --name #{@test_group}"
-    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id"
+    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id for origin ldap"
+
+    Cli.run "group map ldap-id --name #{@test_group} --origin ldap2"
+    Cli.output.string.should include "Successfully mapped #{@test_group} to ldap-id for origin ldap2"
 
     Cli.run("group get #{@test_group}")
 
@@ -253,11 +259,14 @@ describe GroupCli do
     Cli.output.string.should include "Please provide a group name and external group"
 
     Cli.run "group unmap #{@test_group} ldap-id"
-    Cli.output.string.should include "Successfully unmapped ldap-id from #{@test_group}"
+    Cli.output.string.should include "Successfully unmapped ldap-id from #{@test_group} for origin ldap"
 
     Cli.run "group unmap nonexistent_group unmapped_ldap-id"
     Cli.output.string.should include "Group nonexistent_group not found"
 
+    Cli.run "group unmap #{@test_group} ldap-id --origin ldap2"
+    Cli.output.string.should include "Successfully unmapped ldap-id from #{@test_group} for origin ldap2"
+
     Cli.run "group unmap #{@test_group} unmapped_ldap-id"
     Cli.output.string.should include "NotFound"
   end

data/spec/token_spec.rb

@@ -26,7 +26,8 @@ describe TokenCli do
     setup_target(authorities: "clients.read,scim.read,scim.write,uaa.resource")
     Cli.run("token client get #{@test_client} -s #{@test_secret}").should be
     Config.yaml.should include("access_token")
-    @test_pwd = Shellwords.escape("@~`!$@%#%^$^&*)(|}{[]\":';?><,./")
+    @test_pwd_unescaped = "@~`!$@%#%^$^&*)(|}{[]\":';?><,./"
+    @test_pwd = Shellwords.escape(@test_pwd_unescaped)
     @test_user = "test_user_#{Time.now.to_i}"
     Cli.run("user add #{@test_user} -p #{@test_pwd} " +
         "--emails sam@example.com,joNES@sample.com --given_name SamueL " +
@@ -107,6 +108,13 @@ describe TokenCli do
     Cli.output.string.should include "Successfully fetched token"
   end
 
+  it "logs in with sso passcode grant" do
+    fakePasscode = Base64::urlsafe_encode64("#{@test_user} #{@test_pwd_unescaped}")
+    cli_run = Cli.run("token sso get #{@test_client} -s #{@test_secret} --passcode #{fakePasscode}")
+    cli_run.should be
+    Cli.output.string.should include "Successfully fetched token"
+  end
+
   it "decodes the owner token" do
     Cli.run("token decode").should be
     ["user_name", "exp", "aud", "scope", "client_id", "email", "user_id", "openid", "password.write"].each do |a|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaac
 version: !ruby/object:Gem::Version
-  version: 3.1.7
+  version: 3.2.0
 platform: ruby
 authors:
 - Dave Syer
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-12 00:00:00.000000000 Z
+date: 2016-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -104,14 +104,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.5
+        version: 3.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.5
+        version: 3.4.0
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement