chef-zero 15.0.17 → 15.0.21

data/lib/chef_zero/endpoints/actor_key_endpoint.rb

@@ -1,62 +1,62 @@
-require_relative "../rest_base"
-
-module ChefZero
-  module Endpoints
-    # ActorKeyEndpoint
-    #
-    # This class handles DELETE/GET/PUT requests for all client/user keys
-    # **except** default public keys, i.e. requests with identity key
-    # "default". Those are handled by ActorDefaultKeyEndpoint. See that class
-    # for more information.
-    #
-    # /users/USER/keys/NAME
-    # /organizations/ORG/clients/CLIENT/keys/NAME
-    class ActorKeyEndpoint < RestBase
-      def get(request)
-        validate_actor!(request)
-        key_path = data_path(request)
-        already_json_response(200, get_data(request, key_path))
-      end
-
-      def delete(request)
-        validate_actor!(request) # 404 if actor doesn't exist
-
-        key_path = data_path(request)
-        data = get_data(request, key_path)
-        delete_data(request, key_path)
-
-        already_json_response(200, data)
-      end
-
-      def put(request)
-        validate_actor!(request) # 404 if actor doesn't exist
-        set_data(request, data_path(request), request.body)
-      end
-
-      private
-
-      # Returns the keys data store path, which is the same as
-      # `request.rest_path` except with "client_keys" instead of "clients" or
-      # "user_keys" instead of "users."
-      def data_path(request)
-        request.rest_path.dup.tap do |path|
-          if client?(request)
-            path[2] = "client_keys"
-          else
-            path[0] = "user_keys"
-          end
-        end
-      end
-
-      # Raises RestErrorResponse (404) if actor doesn't exist
-      def validate_actor!(request)
-        actor_path = request.rest_path[ client?(request) ? 0..3 : 0..1 ]
-        get_data(request, actor_path)
-      end
-
-      def client?(request)
-        request.rest_path[2] == "clients"
-      end
-    end
-  end
-end
+require_relative "../rest_base"
+
+module ChefZero
+  module Endpoints
+    # ActorKeyEndpoint
+    #
+    # This class handles DELETE/GET/PUT requests for all client/user keys
+    # **except** default public keys, i.e. requests with identity key
+    # "default". Those are handled by ActorDefaultKeyEndpoint. See that class
+    # for more information.
+    #
+    # /users/USER/keys/NAME
+    # /organizations/ORG/clients/CLIENT/keys/NAME
+    class ActorKeyEndpoint < RestBase
+      def get(request)
+        validate_actor!(request)
+        key_path = data_path(request)
+        already_json_response(200, get_data(request, key_path))
+      end
+
+      def delete(request)
+        validate_actor!(request) # 404 if actor doesn't exist
+
+        key_path = data_path(request)
+        data = get_data(request, key_path)
+        delete_data(request, key_path)
+
+        already_json_response(200, data)
+      end
+
+      def put(request)
+        validate_actor!(request) # 404 if actor doesn't exist
+        set_data(request, data_path(request), request.body)
+      end
+
+      private
+
+      # Returns the keys data store path, which is the same as
+      # `request.rest_path` except with "client_keys" instead of "clients" or
+      # "user_keys" instead of "users."
+      def data_path(request)
+        request.rest_path.dup.tap do |path|
+          if client?(request)
+            path[2] = "client_keys"
+          else
+            path[0] = "user_keys"
+          end
+        end
+      end
+
+      # Raises RestErrorResponse (404) if actor doesn't exist
+      def validate_actor!(request)
+        actor_path = request.rest_path[ client?(request) ? 0..3 : 0..1 ]
+        get_data(request, actor_path)
+      end
+
+      def client?(request)
+        request.rest_path[2] == "clients"
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/actor_keys_endpoint.rb

@@ -1,129 +1,129 @@
-require_relative "../rest_base"
-
-module ChefZero
-  module Endpoints
-    # /users/USER/keys
-    # /organizations/ORG/clients/CLIENT/keys
-    class ActorKeysEndpoint < RestBase
-      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
-      DATE_FORMAT = "%FT%TZ".freeze # e.g. 2015-12-24T21:00:00Z
-
-      def get(request, alt_uri_root = nil)
-        path = data_path(request)
-
-        # Get actor or 404 if it doesn't exist
-        actor_json = get_data(request, actor_path(request))
-
-        key_names = list_data_or_else(request, path, [])
-        key_names.unshift(DEFAULT_PUBLIC_KEY_NAME) if actor_has_default_public_key?(actor_json)
-
-        result = key_names.map do |key_name|
-          list_key(request, [ *path, key_name ], alt_uri_root)
-        end
-
-        json_response(200, result)
-      end
-
-      def post(request)
-        request_body = parse_json(request.body)
-
-        # Try loading the client or user so a 404 is returned if it doesn't exist
-        actor_json = get_data(request, actor_path(request))
-
-        generate_keys = request_body["public_key"].nil?
-
-        if generate_keys
-          private_key, public_key = server.gen_key_pair
-        else
-          public_key = request_body["public_key"]
-        end
-
-        key_name = request_body["name"]
-
-        if key_name == DEFAULT_PUBLIC_KEY_NAME
-          store_actor_default_public_key!(request, actor_json, public_key)
-        else
-          store_actor_public_key!(request, key_name, public_key, request_body["expiration_date"])
-        end
-
-        response_body = { "uri" => key_uri(request, key_name) }
-        response_body["private_key"] = private_key if generate_keys
-
-        json_response(201, response_body,
-          headers: { "Location" => response_body["uri"] })
-      end
-
-      private
-
-      def store_actor_public_key!(request, name, public_key, expiration_date)
-        data = to_json(
-          "name" => name,
-          "public_key" => public_key,
-          "expiration_date" => expiration_date
-        )
-
-        create_data(request, data_path(request), name, data, :create_dir)
-      end
-
-      def store_actor_default_public_key!(request, actor_json, public_key)
-        actor_data = parse_json(actor_json)
-
-        if actor_data["public_key"]
-          raise RestErrorResponse.new(409, "Object already exists: #{key_uri(request, DEFAULT_PUBLIC_KEY_NAME)}")
-        end
-
-        actor_data["public_key"] = public_key
-        set_data(request, actor_path(request), to_json(actor_data))
-      end
-
-      # Returns the keys data store path, which is the same as
-      # `request.rest_path` except with "user_keys" instead of "users" or
-      # "client_keys" instead of "clients."
-      def data_path(request)
-        request.rest_path.dup.tap do |path|
-          if client?(request)
-            path[2] = "client_keys"
-          else
-            path[0] = "user_keys"
-          end
-        end
-      end
-
-      def list_key(request, data_path, alt_uri_root = nil)
-        key_name, expiration_date =
-          if data_path[-1] == DEFAULT_PUBLIC_KEY_NAME
-            [ DEFAULT_PUBLIC_KEY_NAME, "infinity" ]
-          else
-            parse_json(get_data(request, data_path))
-              .values_at("name", "expiration_date")
-          end
-
-        expired = expiration_date != "infinity" &&
-          DateTime.now > DateTime.strptime(expiration_date, DATE_FORMAT)
-
-        { "name" => key_name,
-          "uri" => key_uri(request, key_name, alt_uri_root),
-          "expired" => expired }
-      end
-
-      def client?(request)
-        request.rest_path[2] == "clients"
-      end
-
-      def key_uri(request, key_name, alt_uri_root = nil)
-        uri_root = alt_uri_root.nil? ? request.rest_path : alt_uri_root
-        build_uri(request.base_uri, [ *uri_root, key_name ])
-      end
-
-      def actor_path(request)
-        return request.rest_path[0..3] if client?(request)
-
-        request.rest_path[0..1]
-      end
-
-      def actor_has_default_public_key?(actor_json)
-        !!parse_json(actor_json)["public_key"]
-      end
-    end
-  end
-end
+require_relative "../rest_base"
+
+module ChefZero
+  module Endpoints
+    # /users/USER/keys
+    # /organizations/ORG/clients/CLIENT/keys
+    class ActorKeysEndpoint < RestBase
+      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
+      DATE_FORMAT = "%FT%TZ".freeze # e.g. 2015-12-24T21:00:00Z
+
+      def get(request, alt_uri_root = nil)
+        path = data_path(request)
+
+        # Get actor or 404 if it doesn't exist
+        actor_json = get_data(request, actor_path(request))
+
+        key_names = list_data_or_else(request, path, [])
+        key_names.unshift(DEFAULT_PUBLIC_KEY_NAME) if actor_has_default_public_key?(actor_json)
+
+        result = key_names.map do |key_name|
+          list_key(request, [ *path, key_name ], alt_uri_root)
+        end
+
+        json_response(200, result)
+      end
+
+      def post(request)
+        request_body = parse_json(request.body)
+
+        # Try loading the client or user so a 404 is returned if it doesn't exist
+        actor_json = get_data(request, actor_path(request))
+
+        generate_keys = request_body["public_key"].nil?
+
+        if generate_keys
+          private_key, public_key = server.gen_key_pair
+        else
+          public_key = request_body["public_key"]
+        end
+
+        key_name = request_body["name"]
+
+        if key_name == DEFAULT_PUBLIC_KEY_NAME
+          store_actor_default_public_key!(request, actor_json, public_key)
+        else
+          store_actor_public_key!(request, key_name, public_key, request_body["expiration_date"])
+        end
+
+        response_body = { "uri" => key_uri(request, key_name) }
+        response_body["private_key"] = private_key if generate_keys
+
+        json_response(201, response_body,
+          headers: { "Location" => response_body["uri"] })
+      end
+
+      private
+
+      def store_actor_public_key!(request, name, public_key, expiration_date)
+        data = to_json(
+          "name" => name,
+          "public_key" => public_key,
+          "expiration_date" => expiration_date
+        )
+
+        create_data(request, data_path(request), name, data, :create_dir)
+      end
+
+      def store_actor_default_public_key!(request, actor_json, public_key)
+        actor_data = parse_json(actor_json)
+
+        if actor_data["public_key"]
+          raise RestErrorResponse.new(409, "Object already exists: #{key_uri(request, DEFAULT_PUBLIC_KEY_NAME)}")
+        end
+
+        actor_data["public_key"] = public_key
+        set_data(request, actor_path(request), to_json(actor_data))
+      end
+
+      # Returns the keys data store path, which is the same as
+      # `request.rest_path` except with "user_keys" instead of "users" or
+      # "client_keys" instead of "clients."
+      def data_path(request)
+        request.rest_path.dup.tap do |path|
+          if client?(request)
+            path[2] = "client_keys"
+          else
+            path[0] = "user_keys"
+          end
+        end
+      end
+
+      def list_key(request, data_path, alt_uri_root = nil)
+        key_name, expiration_date =
+          if data_path[-1] == DEFAULT_PUBLIC_KEY_NAME
+            [ DEFAULT_PUBLIC_KEY_NAME, "infinity" ]
+          else
+            parse_json(get_data(request, data_path))
+              .values_at("name", "expiration_date")
+          end
+
+        expired = expiration_date != "infinity" &&
+          DateTime.now > DateTime.strptime(expiration_date, DATE_FORMAT)
+
+        { "name" => key_name,
+          "uri" => key_uri(request, key_name, alt_uri_root),
+          "expired" => expired }
+      end
+
+      def client?(request)
+        request.rest_path[2] == "clients"
+      end
+
+      def key_uri(request, key_name, alt_uri_root = nil)
+        uri_root = alt_uri_root.nil? ? request.rest_path : alt_uri_root
+        build_uri(request.base_uri, [ *uri_root, key_name ])
+      end
+
+      def actor_path(request)
+        return request.rest_path[0..3] if client?(request)
+
+        request.rest_path[0..1]
+      end
+
+      def actor_has_default_public_key?(actor_json)
+        !!parse_json(actor_json)["public_key"]
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/actors_endpoint.rb

@@ -1,104 +1,104 @@
-require "ffi_yajl" unless defined?(FFI_Yajl)
-require_relative "rest_list_endpoint"
-
-module ChefZero
-  module Endpoints
-    # /users, /organizations/ORG/clients or /organizations/ORG/users
-    class ActorsEndpoint < RestListEndpoint
-      def get(request)
-        response = super(request)
-
-        # apply query filters: if one applies, stop processing rest
-        # (precendence matches chef-server: https://github.com/chef/chef-server/blob/268a0c9/src/oc_erchef/apps/chef_objects/src/chef_user.erl#L554-L559)
-        if (value = request.query_params["external_authentication_uid"])
-          response[2] = filter("external_authentication_uid", value, request, response[2])
-        elsif (value = request.query_params["email"])
-          response[2] = filter("email", value, request, response[2], insensitive: true)
-        end
-
-        if request.query_params["verbose"]
-          results = parse_json(response[2])
-          results.each do |name, url|
-            record = get_data(request, request.rest_path + [ name ], :nil)
-            if record
-              record = parse_json(record)
-              record = ChefData::DataNormalizer.normalize_user(record, name, identity_keys, server.options[:osc_compat])
-              results[name] = record
-            end
-          end
-          response[2] = to_json(results)
-        end
-        response
-      end
-
-      def post(request)
-        # First, find out if the user actually posted a public key.  If not, make
-        # one.
-        request_body = parse_json(request.body)
-        public_key = request_body["public_key"]
-
-        skip_key_create = !request.api_v0? && !request_body["create_key"]
-
-        if !public_key && !skip_key_create
-          private_key, public_key = server.gen_key_pair
-          request_body["public_key"] = public_key
-          request.body = to_json(request_body)
-        elsif skip_key_create
-          request_body["public_key"] = nil
-          request.body = to_json(request_body)
-        end
-
-        result = super(request)
-
-        if result[0] == 201
-          # If we generated a key, stuff it in the response.
-          user_data = parse_json(result[2])
-
-          key_data = {}
-          key_data["private_key"] = private_key if private_key
-          key_data["public_key"] = public_key unless request.rest_path[0] == "users"
-
-          response =
-            if request.api_v0?
-              user_data.merge!(key_data)
-            elsif skip_key_create && !public_key
-              user_data
-            else
-              actor_name = request_body["name"] || request_body["username"] || request_body["clientname"]
-
-              relpath_to_default_key = [ actor_name, "keys", "default" ]
-              key_data["uri"] = build_uri(request.base_uri, request.rest_path + relpath_to_default_key)
-              key_data["public_key"] = public_key
-              key_data["name"] = "default"
-              key_data["expiration_date"] = "infinity"
-              user_data["chef_key"] = key_data
-              user_data
-            end
-
-          json_response(201, response)
-        else
-          result
-        end
-      end
-
-      private
-
-      def filter(key, value, request, resp, opts = {})
-        results = parse_json(resp)
-        new_results = {}
-        results.each do |name, url|
-          record = get_data(request, request.rest_path + [ name ], :nil)
-          if record
-            record = parse_json(record)
-            new_results[name] = url if record[key] && is_equal(record[key], value, opts[:insensitive])
-          end
-        end
-        to_json(new_results)
-      end
-
-      def is_equal(a, b, ignore_case)
-        ignore_case ? a.casecmp(b) == 0 : a == b
-      end
-    end
-  end
-end
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require_relative "rest_list_endpoint"
+
+module ChefZero
+  module Endpoints
+    # /users, /organizations/ORG/clients or /organizations/ORG/users
+    class ActorsEndpoint < RestListEndpoint
+      def get(request)
+        response = super(request)
+
+        # apply query filters: if one applies, stop processing rest
+        # (precendence matches chef-server: https://github.com/chef/chef-server/blob/268a0c9/src/oc_erchef/apps/chef_objects/src/chef_user.erl#L554-L559)
+        if (value = request.query_params["external_authentication_uid"])
+          response[2] = filter("external_authentication_uid", value, request, response[2])
+        elsif (value = request.query_params["email"])
+          response[2] = filter("email", value, request, response[2], insensitive: true)
+        end
+
+        if request.query_params["verbose"]
+          results = parse_json(response[2])
+          results.each do |name, url|
+            record = get_data(request, request.rest_path + [ name ], :nil)
+            if record
+              record = parse_json(record)
+              record = ChefData::DataNormalizer.normalize_user(record, name, identity_keys, server.options[:osc_compat])
+              results[name] = record
+            end
+          end
+          response[2] = to_json(results)
+        end
+        response
+      end
+
+      def post(request)
+        # First, find out if the user actually posted a public key.  If not, make
+        # one.
+        request_body = parse_json(request.body)
+        public_key = request_body["public_key"]
+
+        skip_key_create = !request.api_v0? && !request_body["create_key"]
+
+        if !public_key && !skip_key_create
+          private_key, public_key = server.gen_key_pair
+          request_body["public_key"] = public_key
+          request.body = to_json(request_body)
+        elsif skip_key_create
+          request_body["public_key"] = nil
+          request.body = to_json(request_body)
+        end
+
+        result = super(request)
+
+        if result[0] == 201
+          # If we generated a key, stuff it in the response.
+          user_data = parse_json(result[2])
+
+          key_data = {}
+          key_data["private_key"] = private_key if private_key
+          key_data["public_key"] = public_key unless request.rest_path[0] == "users"
+
+          response =
+            if request.api_v0?
+              user_data.merge!(key_data)
+            elsif skip_key_create && !public_key
+              user_data
+            else
+              actor_name = request_body["name"] || request_body["username"] || request_body["clientname"]
+
+              relpath_to_default_key = [ actor_name, "keys", "default" ]
+              key_data["uri"] = build_uri(request.base_uri, request.rest_path + relpath_to_default_key)
+              key_data["public_key"] = public_key
+              key_data["name"] = "default"
+              key_data["expiration_date"] = "infinity"
+              user_data["chef_key"] = key_data
+              user_data
+            end
+
+          json_response(201, response)
+        else
+          result
+        end
+      end
+
+      private
+
+      def filter(key, value, request, resp, opts = {})
+        results = parse_json(resp)
+        new_results = {}
+        results.each do |name, url|
+          record = get_data(request, request.rest_path + [ name ], :nil)
+          if record
+            record = parse_json(record)
+            new_results[name] = url if record[key] && is_equal(record[key], value, opts[:insensitive])
+          end
+        end
+        to_json(new_results)
+      end
+
+      def is_equal(a, b, ignore_case)
+        ignore_case ? a.casecmp(b) == 0 : a == b
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/authenticate_user_endpoint.rb

@@ -1,32 +1,32 @@
-require "ffi_yajl" unless defined?(FFI_Yajl)
-require_relative "../rest_base"
-
-module ChefZero
-  module Endpoints
-    # /authenticate_user
-    class AuthenticateUserEndpoint < RestBase
-      def post(request)
-        request_json = FFI_Yajl::Parser.parse(request.body)
-        name = request_json["username"]
-        password = request_json["password"]
-        begin
-          user = data_store.get(["users", name])
-        rescue ChefZero::DataStore::DataNotFoundError
-          raise RestErrorResponse.new(401, "Bad username or password")
-        end
-        user = FFI_Yajl::Parser.parse(user)
-        user = ChefData::DataNormalizer.normalize_user(user, name, [ "username" ], server.options[:osc_compat])
-        if user["password"] != password
-          raise RestErrorResponse.new(401, "Bad username or password")
-        end
-
-        # Include only particular user data in the response
-        user.keep_if { |key, value| %w{first_name last_name display_name email username}.include?(key) }
-        json_response(200, {
-          "status" => "linked",
-          "user" => user,
-        })
-      end
-    end
-  end
-end
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require_relative "../rest_base"
+
+module ChefZero
+  module Endpoints
+    # /authenticate_user
+    class AuthenticateUserEndpoint < RestBase
+      def post(request)
+        request_json = FFI_Yajl::Parser.parse(request.body)
+        name = request_json["username"]
+        password = request_json["password"]
+        begin
+          user = data_store.get(["users", name])
+        rescue ChefZero::DataStore::DataNotFoundError
+          raise RestErrorResponse.new(401, "Bad username or password")
+        end
+        user = FFI_Yajl::Parser.parse(user)
+        user = ChefData::DataNormalizer.normalize_user(user, name, [ "username" ], server.options[:osc_compat])
+        if user["password"] != password
+          raise RestErrorResponse.new(401, "Bad username or password")
+        end
+
+        # Include only particular user data in the response
+        user.keep_if { |key, value| %w{first_name last_name display_name email username}.include?(key) }
+        json_response(200, {
+          "status" => "linked",
+          "user" => user,
+        })
+      end
+    end
+  end
+end