ncfoundry 4.9.2

data/lib/cfoundry/concerns/proxy_options.rb

@@ -0,0 +1,14 @@
+module CFoundry
+  module ProxyOptions
+    def proxy_options_for(uri)
+      proxy_uri = uri.find_proxy
+
+      if proxy_uri.nil?
+        []
+      else
+        proxy_user, proxy_password = proxy_uri.userinfo.split(/:/) if proxy_uri.userinfo
+        [proxy_uri.host, proxy_uri.port, proxy_user, proxy_password]
+      end
+    end
+  end
+end

data/lib/cfoundry/errors.rb

@@ -0,0 +1,163 @@
+require "net/https"
+require "multi_json"
+require "yaml"
+
+module CFoundry
+  # Base class for CFoundry errors (not from the server).
+  class Error < RuntimeError
+  end
+
+  class Deprecated < Error
+  end
+
+  class Mismatch < Error
+    def initialize(expected, got)
+      @expected = expected
+      @got = got
+    end
+
+    def to_s
+      "Invalid value type; expected #{@expected.inspect}, got #{@got.inspect}"
+    end
+  end
+
+  class InvalidTarget < Error
+    attr_reader :target
+
+    def initialize(target)
+      @target = target
+    end
+
+    def to_s
+      "Invalid target URI: #{@target}"
+    end
+  end
+
+  class TargetRefused < Error
+    # Error message.
+    attr_reader :message
+
+    # Message varies as this represents various network errors.
+    def initialize(message)
+      @message = message
+    end
+
+    # Exception message.
+    def to_s
+      "target refused connection (#@message)"
+    end
+  end
+
+  class Timeout < Timeout::Error
+    attr_reader :method, :uri, :parent
+
+    def initialize(method, uri, parent = nil)
+      @method = method
+      @uri = uri
+      @parent = parent
+      super(to_s)
+    end
+
+    def to_s
+      "#{method} #{uri} timed out"
+    end
+  end
+
+  # Exception representing errors returned by the API.
+  class APIError < RuntimeError
+    include TraceHelpers
+
+    class << self
+      def error_classes
+        @error_classes ||= {}
+      end
+    end
+
+    attr_reader :error_code, :description, :request, :response
+
+    # Create an APIError with a given request and response.
+    def initialize(description = nil, error_code = nil, request = nil, response = nil)
+      @response = response
+      @request = request
+      @error_code = error_code || (response ? response[:status] : nil)
+      @description = description || parse_description
+    end
+
+    # Exception message.
+    def to_s
+      "#{error_code}: #{description}"
+    end
+
+    def request_trace
+      super(request)
+    end
+
+    def response_trace
+      super(response)
+    end
+
+    private
+
+    def parse_description
+      return unless response
+
+      parse_json(response[:body])[:description]
+    rescue MultiJson::DecodeError
+      response[:body]
+    end
+
+    def parse_json(x)
+      if x.empty?
+        raise MultiJson::DecodeError.new("Empty JSON string", [], "")
+      else
+        MultiJson.load(x, :symbolize_keys => true)
+      end
+    end
+  end
+
+  class NotFound < APIError
+  end
+
+  class Denied < APIError
+  end
+
+  class Unauthorized < APIError
+  end
+
+  class BadResponse < APIError
+  end
+
+  class UAAError < APIError
+  end
+
+  def self.define_error(class_name, code)
+    base =
+      case class_name
+      when /NotFound$/
+        NotFound
+      else
+        APIError
+      end
+
+    klass =
+      if const_defined?(class_name)
+        const_get(class_name)
+      else
+        Class.new(base)
+      end
+
+    APIError.error_classes[code] = klass
+
+    unless const_defined?(class_name)
+      const_set(class_name, klass)
+    end
+  end
+
+  VENDOR_DIR = File.expand_path("../../../vendor", __FILE__)
+
+  %w{errors/v1.yml errors/v2.yml}.each do |errors|
+    YAML.load_file("#{VENDOR_DIR}/#{errors}").each do |code, meta|
+      define_error(meta["name"], code)
+    end
+  end
+end

data/lib/cfoundry/rest_client.rb

@@ -0,0 +1,316 @@
+require "cfoundry/trace_helpers"
+require "net/https"
+require "net/http/post/multipart"
+require "multi_json"
+require "fileutils"
+
+module CFoundry
+  class RestClient
+    class HTTPFactory
+      def self.create(uri, proxy_options = [])
+        http = Net::HTTP.new(uri.host, uri.port, *proxy_options)
+
+        if uri.is_a?(URI::HTTPS)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
+
+        return http
+      end
+    end
+
+    include CFoundry::TraceHelpers
+    include CFoundry::ProxyOptions
+
+    LOG_LENGTH = 10
+
+    HTTP_METHODS = {
+      "GET" => Net::HTTP::Get,
+      "PUT" => Net::HTTP::Put,
+      "POST" => Net::HTTP::Post,
+      "DELETE" => Net::HTTP::Delete,
+      "HEAD" => Net::HTTP::Head,
+    }
+
+    DEFAULT_OPTIONS = {
+      :follow_redirects => true
+    }
+
+    attr_reader :target
+
+    attr_accessor :trace, :backtrace, :log, :request_id, :token
+
+    def initialize(target, token = nil)
+      @target = target
+      @token = token
+      @trace = false
+      @backtrace = false
+      @log = false
+    end
+
+    def target=(target)
+      return if target == @target
+
+      @target = target
+      @token = nil
+    end
+
+    def request(method, path, options = {})
+      request_uri(method, construct_url(path), DEFAULT_OPTIONS.merge(options))
+    end
+
+    def generate_headers(payload, options)
+      headers = {}
+
+      if payload.is_a?(String)
+        headers["Content-Length"] = payload.size
+      elsif !payload
+        headers["Content-Length"] = 0
+      end
+
+      headers["X-Request-Id"] = @request_id if @request_id
+      headers["Authorization"] = @token.auth_header if @token
+
+      if accept_type = mimetype(options[:accept])
+        headers["Accept"] = accept_type
+      end
+
+      if content_type = mimetype(options[:content])
+        headers["Content-Type"] = content_type
+      end
+
+      headers.merge!(options[:headers]) if options[:headers]
+      headers
+    end
+
+    private
+
+    def request_uri(method, uri, options = {})
+      uri = URI.parse(uri)
+
+      unless uri.is_a?(URI::HTTP)
+        raise InvalidTarget.new(@target)
+      end
+
+      # keep original options in case there's a redirect to follow
+      original_options = options.dup
+      payload = options[:payload]
+
+      if options[:params]
+        encoded_params = encode_params(options[:params])
+        if encoded_params.respond_to?(:empty?) ? !encoded_params.empty? : encoded_params
+          if uri.query
+            uri.query += "&" + encoded_params
+          else
+            uri.query = encoded_params
+          end
+        end
+      end
+
+      unless payload.is_a?(String)
+        case options[:content]
+          when :json
+            payload = MultiJson.dump(payload)
+          when :form
+            payload = encode_params(payload)
+        end
+      end
+
+      method_class = get_method_class(method)
+      if payload.is_a?(Hash)
+        multipart = method_class.const_get(:Multipart)
+        request = multipart.new(uri.request_uri, payload)
+      else
+        request = method_class.new(uri.request_uri)
+        request.body = payload if payload
+      end
+
+      headers = generate_headers(payload, options)
+
+      request_hash = {
+        :url => uri.to_s,
+        :method => method,
+        :headers => headers,
+        :body => payload
+      }
+
+      print_request(request_hash) if @trace
+
+      add_headers(request, headers)
+
+      http = HTTPFactory.create(uri, proxy_options_for(uri))
+
+      # TODO remove this when staging returns streaming responses
+      http.read_timeout = 300
+
+      before = Time.now
+      http.start do
+        response = http.request(request)
+        time = Time.now - before
+
+        response_hash = {
+          :headers => sane_headers(response),
+          :status => response.code,
+          :body => response.body
+        }
+
+        print_response(response_hash) if @trace
+        print_backtrace(caller) if @trace
+
+        log_request(time, request, response)
+
+        if response.is_a?(Net::HTTPRedirection) && options[:follow_redirects]
+          request_uri("GET", response["location"], original_options)
+        else
+          return request_hash, response_hash
+        end
+      end
+    rescue ::Timeout::Error => e
+      raise Timeout.new(method, uri, e)
+    rescue SocketError, Errno::ECONNREFUSED => e
+      raise TargetRefused, e.message
+    rescue URI::InvalidURIError
+      raise InvalidTarget.new(@target)
+    end
+
+    def construct_url(path)
+      uri = URI.parse(path)
+      return path if uri.scheme
+
+      path = "/#{path}" unless path[0] == ?\/
+      target + path
+    end
+
+    def get_method_class(method_string)
+      HTTP_METHODS[method_string.upcase]
+    end
+
+    def add_headers(request, headers)
+      headers.each { |key, value| request[key] = value }
+    end
+
+    def mimetype(content)
+      case content
+      when String
+        content
+      when :json
+        "application/json"
+      when :form
+        "application/x-www-form-urlencoded"
+      when nil
+        nil
+      # return request headers (not really Accept)
+      else
+        raise CFoundry::Error, "Unknown mimetype '#{content.inspect}'"
+      end
+    end
+
+    def encode_params(hash, escape = true)
+      hash.keys.map do |k|
+        v = hash[k]
+        v = MultiJson.dump(v) if v.is_a?(Hash)
+        v = URI.escape(v.to_s, /[^#{URI::PATTERN::UNRESERVED}]/) if escape
+        "#{k}=#{v}"
+      end.join("&")
+    end
+
+    def log_data(time, request, response)
+      { :time => time,
+        :request => {
+          :method => request.method,
+          :url => request.path,
+          :headers => sane_headers(request)
+        },
+        :response => {
+          :code => response.code,
+          :headers => sane_headers(response)
+        }
+      }
+    end
+
+    def log_line(io, data)
+      io.printf(
+        "[%s]  %0.3fs  %6s -> %d  %s\n",
+        Time.now.strftime("%F %T"),
+        data[:time],
+        data[:request][:method].to_s.upcase,
+        data[:response][:code],
+        data[:request][:url])
+    end
+
+    def log_request(time, request, response)
+      return unless @log
+
+      data = log_data(time, request, response)
+
+      case @log
+      when IO
+        log_line(@log, data)
+        return
+      when String
+        if File.exists?(@log)
+          log = File.readlines(@log).last(LOG_LENGTH - 1)
+        elsif !File.exists?(File.dirname(@log))
+          FileUtils.mkdir_p(File.dirname(@log))
+        end
+
+        File.open(@log, "w") do |io|
+          log.each { |l| io.print l } if log
+          log_line(io, data)
+        end
+
+        return
+      end
+
+      if @log.respond_to?(:call)
+        @log.call(data)
+        return
+      end
+
+      if @log.respond_to?(:<<)
+        @log << data
+        return
+      end
+    end
+
+    def print_request(request)
+      $stderr.puts ">>>"
+      $stderr.puts request_trace(request)
+    end
+
+    def print_response(response)
+      $stderr.puts response_trace(response)
+      $stderr.puts "<<<"
+    end
+
+    def print_backtrace(locs)
+      return unless @backtrace
+
+      interesting_locs = locs.drop_while { |loc|
+        loc =~ /\/(cfoundry\/|restclient\/|net\/http)/
+      }
+
+      $stderr.puts "--- backtrace:"
+
+      $stderr.puts "... (boring)" unless locs == interesting_locs
+
+      trimmed_locs = interesting_locs[0..5]
+
+      trimmed_locs.each do |loc|
+        $stderr.puts "=== #{loc}"
+      end
+
+      $stderr.puts "... (trimmed)" unless trimmed_locs == interesting_locs
+    end
+
+    def sane_headers(obj)
+      hds = {}
+
+      obj.each_header do |k, v|
+        hds[k] = v
+      end
+
+      hds
+    end
+  end
+end

data/lib/cfoundry/test_support.rb

@@ -0,0 +1,3 @@
+Dir[File.expand_path('../../../spec/{support}/**/*.rb', __FILE__)].each do |file|
+  require file unless file =~ /factory_girl/
+end

data/lib/cfoundry/trace_helpers.rb

@@ -0,0 +1,64 @@
+require "net/https"
+require "multi_json"
+
+module CFoundry
+  module TraceHelpers
+    PROTECTED_ATTRIBUTES = ['Authorization', 'credentials']
+
+    def request_trace(request)
+      return nil unless request
+      info = ["REQUEST: #{request[:method]} #{request[:url]}"]
+      info << "REQUEST_HEADERS:"
+      info << header_trace(request[:headers])
+      info << "REQUEST_BODY: #{request[:body]}" if request[:body]
+      info.join("\n")
+    end
+
+
+    def response_trace(response)
+      return nil unless response
+      info = ["RESPONSE: [#{response[:status]}]"]
+      info << "RESPONSE_HEADERS:"
+      info << header_trace(response[:headers])
+      info << "RESPONSE_BODY:"
+      begin
+        parsed_body = MultiJson.load(response[:body])
+        filter_protected_attributes(parsed_body)
+        info << MultiJson.dump(parsed_body, :pretty => true)
+      rescue
+        info << "#{response[:body]}"
+      end
+      info.join("\n")
+    end
+
+    private
+
+    def header_trace(headers)
+      headers.sort.map do |key, value|
+        unless PROTECTED_ATTRIBUTES.include?(key)
+          "  #{key} : #{value}"
+        else
+          "  #{key} : [PRIVATE DATA HIDDEN]"
+        end
+      end
+    end
+
+    def filter_protected_attributes(hash_or_array)
+      if hash_or_array.is_a? Array
+        hash_or_array.each do |value|
+          filter_protected_attributes(value)
+        end
+      else
+        hash_or_array.each do |key, value|
+          if PROTECTED_ATTRIBUTES.include? key
+            hash_or_array[key] = "[PRIVATE DATA HIDDEN]"
+          else
+            if value.is_a?(Hash) || value.is_a?(Array)
+              filter_protected_attributes(value)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cfoundry/uaaclient.rb

@@ -0,0 +1,151 @@
+require "cfoundry/baseclient"
+require "uaa"
+
+module CFoundry
+  class UAAClient
+    attr_accessor :target, :client_id, :client_secret, :token, :trace
+
+    def initialize(target, client_id = "cf", options = {})
+      @target = target
+      @client_id = client_id
+      @client_secret = options[:client_secret]
+      @uaa_info_client = uaa_info_client_for(target)
+    end
+
+    def prompts
+      wrap_uaa_errors do
+        @uaa_info_client.server[:prompts]
+      end
+    end
+
+    def authorize(credentials)
+      wrap_uaa_errors do
+        authenticate_with_password_grant(credentials) ||
+          authenticate_with_implicit_grant(credentials)
+      end
+    end
+
+    def user(guid)
+      wrap_uaa_errors do
+        scim.get(:user, guid)
+      end
+    end
+
+    def users
+      wrap_uaa_errors do
+        scim.query(:user)
+      end
+    end
+
+    def change_password(guid, new, old)
+      wrap_uaa_errors do
+        scim.change_password(guid, new, old)
+      end
+    end
+
+    def password_score(password)
+      wrap_uaa_errors do
+        response = uaa_info_client_for(uaa_url).password_strength(password)
+
+        required_score = response[:requiredScore] || 0
+        case (response[:score] || 0)
+          when 10 then
+            :strong
+          when required_score..9 then
+            :good
+          else
+            :weak
+        end
+      end
+    end
+
+    def add_user(email, password, options = {})
+      wrap_uaa_errors do
+        scim.add(
+          :user,
+          {:userName => email,
+            :emails => [{:value => email}],
+            :password => password,
+            :name => {:givenName => options[:givenName] || email,
+                      :familyName => options[:familyName] || email}
+          }
+        )
+      end
+    end
+
+    def delete_user(guid)
+      wrap_uaa_errors do
+        scim.delete(:user, guid)
+      end
+    end
+
+    def try_to_refresh_token!
+      wrap_uaa_errors do
+        begin
+          token_info = token_issuer.refresh_token_grant(token.refresh_token)
+          self.token = AuthToken.from_uaa_token_info(token_info)
+        rescue CF::UAA::TargetError
+          self.token
+        end
+      end
+    end
+
+    private
+
+    def uaa_info_client_for(url)
+      CF::UAA::Info.new(url, :symbolize_keys => true)
+    end
+
+    def token_issuer
+      @token_issuer ||= CF::UAA::TokenIssuer.new(target, client_id, client_secret, :symbolize_keys => true)
+      @token_issuer.logger.level = @trace ? Logger::Severity::TRACE : 1
+      @token_issuer
+    end
+
+    def scim
+      auth_header = token && token.auth_header
+      scim = CF::UAA::Scim.new(uaa_url, auth_header, :symbolize_keys => true)
+      scim.logger.level = @trace ? Logger::Severity::TRACE : 1
+      scim
+    end
+
+    def uaa_url
+      @uaa_url ||= @uaa_info_client.discover_uaa
+    end
+
+    def authenticate_with_password_grant(credentials)
+      begin
+        # Currently owner_password_grant method does not allow
+        # non-password based authenticate; so we have cheat a little bit.
+        token_issuer.send(:request_token,
+          {:grant_type => "password", :scope => nil}.merge(credentials))
+      rescue CF::UAA::BadResponse => e
+        status_code = e.message[/\d+/] || 400
+        raise CFoundry::Denied.new("Authorization failed", status_code)
+      rescue CF::UAA::TargetError
+        false
+      end
+    end
+
+    def authenticate_with_implicit_grant(credentials)
+      begin
+        token_issuer.implicit_grant_with_creds(credentials)
+      rescue CF::UAA::BadResponse => e
+        status_code = e.message[/\d+/] || 400
+        raise CFoundry::Denied.new("Authorization failed", status_code)
+      end
+    end
+
+    def wrap_uaa_errors
+      yield
+    rescue CF::UAA::BadResponse
+      raise CFoundry::BadResponse
+    rescue CF::UAA::NotFound
+      raise CFoundry::NotFound
+    rescue CF::UAA::InvalidToken
+      raise CFoundry::Denied
+    rescue CF::UAA::TargetError => e
+      raise CFoundry::UAAError.new(e.info[:error_description], e.info[:error])
+    end
+  end
+end