conjur-api 5.4.0.pre.341 → 5.4.0.pre.404

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebf83cd8d162a64929094a300fa96a7d1a3bac22ef728826d0bb4dd2addf3ad9
-  data.tar.gz: b10ff6b557c5cc16879950f638b0cacf7149a4fa68c752125d54f94bea78b298
+  metadata.gz: d39f007a40ecbf4a9edfd87189801def062b00e4a240bbf405d02d362f7bdd24
+  data.tar.gz: 8f3fd11807b81446e0e35a34220c60eec19fc3e1985d075bb6dc39e6eef16c2f
 SHA512:
-  metadata.gz: 8e72a11c756d9bbf6517f5a6298a73ede7ef4087d74f021808471fe831d06db86bf23c9cf8f7e5efe78da248d032ec577c51813d5f0bbc12a345701f3d89eb61
-  data.tar.gz: 4614348f7e47a4eb1643740e5015512d9b66413331ab8a7e777047811fdf7370fa40e4e4ae455919cf0fa4398dad754718c0ca44fa3e16f80eb55b0a16d44648
+  metadata.gz: 8da8d30687d52bc01d2776c894e5450f7cb9486f32c29919fcffc43e37b198960c9b6f9119b011c1bd65c8bab823cdcdfbf5b93e959d564af4aa7cd25c836224
+  data.tar.gz: e4306d6d8c8ce9ec70492e62a1c6bfb4130af4276d9c3f231525d18ab67d8fc3088a82401a375e09459caffc65ad127d5d0d073fc6fa2ef4bac6f06ba45fdcde

data/VERSION

@@ -1 +1 @@
-5.4.0-341
+5.4.0-404

data/features/authn.feature

@@ -3,8 +3,8 @@ Feature: Authenticate with Conjur
   Background:
     Given I setup a keycloak authenticator
 
-  Scenario: Authenticate with OIDC state and code
-    When I retrieve the login url for OIDC authenticator "keycloak"
+  Scenario: Authenticate with OIDC code
+    When I retrieve the provider details for OIDC authenticator "keycloak"
     And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
     And I run the code:
     """
@@ -12,3 +12,14 @@ Feature: Authenticate with Conjur
     Conjur::API.authenticator_authenticate("authn-oidc", "keycloak", options: @auth_body)
     """
     Then the JSON should have "payload"
+
+  Scenario: Authenticate with OIDC code requesting unparsed result
+    When I retrieve the provider details for OIDC authenticator "keycloak"
+    And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
+    And I run the code:
+    """
+    $conjur.authenticator_enable "authn-oidc", "keycloak"
+    Conjur::API.authenticator_authenticate_get("authn-oidc", "keycloak", options: @auth_body)
+    """
+    Then the response body contains: "payload"
+    And the response includes headers

data/features/step_definitions/api_steps.rb

@@ -17,9 +17,11 @@ Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
   end
 end
 
-Given(/^I retrieve the login url for OIDC authenticator "([^"]+)"$/) do |service_id|
+Given(/^I retrieve the provider details for OIDC authenticator "([^"]+)"$/) do |service_id|
   provider = $conjur.authentication_providers("authn-oidc").select {|provider_details| provider_details["service_id"] == service_id}
   @login_url = provider[0]["redirect_uri"]
+  @nonce = provider[0]["nonce"]
+  @code_verifier = provider[0]["code_verifier"]
   puts @login_url
 end
 
@@ -47,6 +49,14 @@ Given(/^I retrieve auth info for the OIDC provider with username: "([^"]+)" and
 
   if response.is_a?(Net::HTTPRedirection)
     response_details = URI.decode_www_form(URI(response['location']).query)
-    @auth_body = {state: response_details.assoc('state')[1], code: response_details.assoc('code')[1]}
+    @auth_body = {code: response_details.assoc('code')[1], nonce: @nonce, code_verifier: @code_verifier}
   end
 end
+
+Then(/^the response body contains: "([^"]+)"$/) do |element|
+  expect(@result).to include(element)
+end
+
+Then(/^the response includes headers$/) do
+  expect(@result.headers).not_to be_empty
+end

data/lib/conjur/api/authn.rb

@@ -63,10 +63,22 @@ module Conjur
       # @param [Hash] params Additional params to send to authenticator
       # @return [String] A JSON formatted authentication token.
       def authenticator_authenticate authenticator, service_id, account: Conjur.configuration.account, options: {}
+        JSON.parse authenticator_authenticate_get authenticator, service_id, account: account, options: options
+      end
+
+      # Authenticates using a third party authenticator like authn-oidc via GET request.
+      # It will return an response object containing access/refresh token data.
+      #
+      # @param [String] authenticator
+      # @param [String] service_id
+      # @param [String] account The organization account.
+      # @param [Hash] params Additional params to send to authenticator
+      # @return [RestClient::Response] Response object
+      def authenticator_authenticate_get authenticator, service_id, account: Conjur.configuration.account, options: {}
         if Conjur.log
           Conjur.log << "Authenticating to account #{account} using #{authenticator}/#{service_id}\n"
         end
-        JSON.parse url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
+        url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
       end
 
       # Exchanges Conjur the API key (refresh token) for an access token.  The access token can

data/spec/api/host_factories_spec.rb

@@ -13,7 +13,7 @@ describe "Conjur::API.host_factory_create_host", api: :dummy do
         resource = instance_double(RestClient::Resource, "hosts")
       )
 
-    allow(resource).to receive(:post).with(id: id).and_return(
+    allow(resource).to receive(:post).with({id: id}).and_return(
       instance_double(RestClient::Response, "host response", body: '
         {
           "id": "test-host",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 5.4.0.pre.341
+  version: 5.4.0.pre.404
 platform: ruby
 authors:
 - CyberArk Maintainers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-16 00:00:00.000000000 Z
+date: 2022-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client