new_cfoundry 4.8.2

data/spec/cfoundry/uaaclient_spec.rb

@@ -0,0 +1,435 @@
+require "spec_helper"
+
+describe CFoundry::UAAClient do
+  let(:target) { "https://uaa.example.com" }
+  let(:uaa) { CFoundry::UAAClient.new(target) }
+  let(:auth_header) { "bearer access-token" }
+
+  before do
+    uaa.token = CFoundry::AuthToken.new(auth_header)
+    CF::UAA::Util.default_logger.level = 1
+    stub_request(:get, "#{target}/login").
+      to_return :status => 200, :headers => {'Content-Type' => 'application/json'},
+        :body => <<EOF
+          {
+            "timestamp": "2012-11-08T13:32:18+0000",
+            "commit_id": "ebbf817", "prompts": {}
+          }
+EOF
+  end
+
+  shared_examples "UAA wrapper" do
+    it "converts UAA errors to CFoundry equivalents" do
+      expect(uaa).to receive(:wrap_uaa_errors) { nil }
+      subject
+    end
+  end
+
+  describe '#initialize' do
+    it "passes proxy info to the UAA info client" do
+      allow(CF::UAA::Info).to receive(:new)
+      CFoundry::UAAClient.new(target, 'cf', http_proxy: 'http-proxy.example.com', https_proxy: 'https-proxy.example.com')
+      expect(CF::UAA::Info).to have_received(:new).with(anything, hash_including(
+          http_proxy: 'http-proxy.example.com',
+          https_proxy: 'https-proxy.example.com'
+      ))
+    end
+  end
+
+  describe '#prompts' do
+    subject { uaa.prompts }
+
+    include_examples "UAA wrapper"
+
+    # GET (target)/login
+    it "receives the prompts from /login" do
+      stub_request(:get, "#{target}/login").to_return :status => 200,
+        :headers => {'Content-Type' => 'application/json'},
+        :body => <<EOF
+          {
+            "timestamp": "2012-11-08T13:32:18+0000",
+            "commit_id": "ebbf817",
+            "app": {
+              "version": "1.2.6",
+              "artifact": "cloudfoundry-identity-uaa",
+              "description": "User Account and Authentication Service",
+              "name": "UAA"
+            },
+            "prompts": {
+              "username": [
+                "text",
+                "Email"
+              ],
+              "password": [
+                "password",
+                "Password"
+              ]
+            }
+          }
+EOF
+
+      expect(subject).to eq(
+        :username => ["text", "Email"],
+        :password => ["password", "Password"])
+    end
+  end
+
+  describe '#authorize' do
+    let(:username) { "foo@bar.com" }
+    let(:password) { "test" }
+    let(:creds) { {:username => username, :password => password} }
+    let(:state) { 'somestate' }
+    let(:redirect_uri) { 'https://uaa.example.com/redirect/cf' }
+    let(:auth) { Object.new }
+    let(:issuer) { Object.new }
+
+    subject { uaa.authorize(creds) }
+
+    before do
+      allow(issuer).to receive(:request_token) { auth }
+      allow(uaa).to receive(:token_issuer) { issuer }
+    end
+
+    include_examples "UAA wrapper"
+
+    it 'returns the token on successful authentication' do
+      expect(issuer)
+        .to receive(:request_token)
+        .with(:grant_type => "password",
+              :scope => nil,
+              :username => username,
+              :password => password) { auth }
+      expect(subject).to eq auth
+    end
+
+    context 'when authorization fails' do
+      context 'in the expected way' do
+        it 'raises a CFoundry::Denied error' do
+          expect(issuer).to receive(:request_token) { raise CF::UAA::BadResponse.new("401: FooBar") }
+          expect { subject }.to raise_error(CFoundry::Denied, "401: Authorization failed")
+        end
+      end
+
+
+      context 'in an unexpected way' do
+        it 'raises a CFoundry::Denied error' do
+          expect(issuer).to receive(:request_token) { raise CF::UAA::BadResponse.new("no_status_code") }
+          expect { subject }.to raise_error(CFoundry::Denied, "400: Authorization failed")
+        end
+      end
+
+      context "with a CF::UAA::TargetError" do
+        before { allow(issuer).to receive(:request_token) { raise CF::UAA::TargetError.new("useless info") } }
+
+        it "retries with implicit grant" do
+          expect(issuer).to receive(:implicit_grant_with_creds).with(:username => username, :password => password)
+          expect { subject }.to_not raise_error
+        end
+
+        it "fails with Denied when given a 401" do
+          allow(issuer).to receive(:implicit_grant_with_creds) { raise CF::UAA::BadResponse.new("status 401") }
+          expect { subject }.to raise_error(CFoundry::Denied, "401: Authorization failed")
+        end
+
+        it "fails with Denied when given any other status code" do
+          allow(issuer).to receive(:implicit_grant_with_creds) { raise CF::UAA::BadResponse.new("no status code") }
+          expect { subject }.to raise_error(CFoundry::Denied, "400: Authorization failed")
+        end
+      end
+    end
+  end
+
+  describe '#users' do
+    subject { uaa.users }
+
+    it 'requests /Users' do
+      stub_request(:get, "#{target}/Users").with(
+        :headers => { "authorization" => auth_header }
+      ).to_return(
+        :headers => {'Content-Type' => 'application/json'},
+        :body => '{ "resources": [] }'
+      )
+      expect(subject).to eq({:resources => []})
+    end
+
+    context "when there is no token" do
+      before { uaa.token = nil }
+
+      it "doesn't blow up" do
+        stub_request(:get, "#{target}/Users").to_return(
+          :headers => {'Content-Type' => 'application/json'},
+          :body => '{ "resources": [] }'
+        )
+        expect(subject).to eq({:resources => []})
+      end
+    end
+  end
+
+  describe '#change_password' do
+    let(:guid) { "foo-bar-baz" }
+    let(:old) { "old-pass" }
+    let(:new) { "new-pass" }
+
+    subject { uaa.change_password(guid, new, old) }
+
+    include_examples "UAA wrapper"
+
+    it 'sends a password change request' do
+      req = stub_request(:put, "#{target}/Users/#{guid}/password").with(
+        :headers => {
+          "Content-Type" => "application/json;charset=utf-8",
+          "Accept" => "application/json;charset=utf-8",
+          "Authorization" => auth_header
+        }
+      ).to_return(
+        :status => 200,
+        :headers => {'Content-Type' => 'application/json'},
+        :body => '{ "status": "ok", "message": "password_updated" }'
+      )
+
+      subject
+
+      expect(req).to have_been_requested
+    end
+  end
+
+  describe '#password_score' do
+    let(:password) { "password" }
+    let(:response) { MultiJson.encode({}) }
+
+    subject { uaa.password_score(password) }
+
+    include_examples "UAA wrapper"
+
+    before do
+      stub_request(:post, "#{target}/password/score").with(
+        :body => 'password=password',
+        :headers => {
+          'Accept' => 'application/json;charset=utf-8',
+          'Content-Type' => 'application/x-www-form-urlencoded;charset=utf-8',
+        }
+      ).to_return(
+        :status => 200,
+        :headers => {'Content-Type' => 'application/json'},
+        :body => response
+      )
+    end
+
+    context 'when the score is 0 and the required is 0' do
+      let(:response) { MultiJson.encode "score" => 0, "requiredScore" => 0 }
+      it { should == :good }
+    end
+
+    context 'when the score is less than the required score' do
+      let(:response) { MultiJson.encode "score" => 1, "requiredScore" => 5 }
+      it { should == :weak }
+    end
+
+    context 'and the score is equal to the required score' do
+      let(:response) { MultiJson.encode "score" => 5, "requiredScore" => 5 }
+      it { should == :good }
+    end
+
+    context 'and the score is greater than the required score' do
+      let(:response) { MultiJson.encode "score" => 6, "requiredScore" => 5 }
+      it { should == :good }
+    end
+
+    context 'and the score is 10' do
+      let(:response) { MultiJson.encode "score" => 10, "requiredScore" => 5 }
+      it { should == :strong }
+    end
+
+    context 'and the score is 10' do
+      let(:response) { MultiJson.encode "score" => 10, "requiredScore" => 10 }
+      it { should == :strong }
+    end
+
+    context 'and the score is invalid' do
+      let(:response) { MultiJson.encode "score" => 11, "requiredScore" => 5 }
+      it { should == :weak }
+    end
+  end
+
+  describe "#add_user" do
+    let(:email) { 'test@test.com' }
+    let(:password) { 'secret' }
+
+    context "without given/family name" do
+      subject { uaa.add_user(email, password) }
+
+      context 'with valid data' do
+        it "should add a user" do
+          req =
+          stub_request(:post, "https://uaa.example.com/Users").with(
+            :body =>
+              { :userName => email,
+                :emails => [{ :value => email }],
+                :password => password,
+                :name => { :givenName => email, :familyName => email }
+              }
+            ).to_return(
+              :status => 200,
+              :body => '{ "id" : "id" }',
+              :headers => { "Content-Type" => 'application/json' }
+            )
+
+          expect(subject).to eq({:id => "id"})
+          expect(req).to have_been_requested
+        end
+      end
+    end
+
+    context "with given/family name" do
+      let(:givenName) { 'givenName' }
+      let(:familyName) { 'familyName' }
+      subject { uaa.add_user(email, password, givenName: givenName, familyName: familyName) }
+
+      context 'with valid data' do
+        it "should add a user" do
+          req =
+            stub_request(:post, "https://uaa.example.com/Users").with(
+              :body =>
+                { :userName => email,
+                  :emails => [{ :value => email }],
+                  :password => password,
+                  :name => { :givenName => givenName, :familyName => familyName }
+                }
+            ).to_return(
+              :status => 200,
+              :body => '{ "id" : "id" }',
+              :headers => { "Content-Type" => 'application/json' }
+            )
+
+          expect(subject).to eq({:id => "id"})
+          expect(req).to have_been_requested
+        end
+      end
+    end
+
+  end
+
+  describe "#delete_user" do
+    let(:guid) { "123" }
+    let!(:req) {
+      stub_request(
+        :delete,
+        "https://uaa.example.com/Users/123"
+      ).to_return(:status => 200, :body => '{ "foo": "bar" }')
+    }
+
+    subject { uaa }
+
+    it "wraps uaa errors" do
+      expect(uaa).to receive(:wrap_uaa_errors)
+      subject.delete_user(guid)
+    end
+
+    context 'with valid data' do
+      it "should add a user" do
+        subject.delete_user(guid)
+        expect(req).to have_been_requested
+      end
+    end
+  end
+
+  describe "#wrap_uaa_errors" do
+    subject { uaa.send(:wrap_uaa_errors) { raise error } }
+
+    context "when the block raises CF::UAA::BadResponse" do
+      let(:error) { CF::UAA::BadResponse }
+
+      it "raises CFoundry::BadResponse" do
+        expect { subject }.to raise_exception(CFoundry::BadResponse)
+      end
+    end
+
+    context "when the block raises CF::UAA::NotFound" do
+      let(:error) { CF::UAA::NotFound }
+
+      it "raises CFoundry::NotFound" do
+        expect { subject }.to raise_exception(CFoundry::NotFound)
+      end
+    end
+
+    context "when the block raises CF::UAA::InvalidToken" do
+      let(:error) { CF::UAA::InvalidToken }
+
+      it "raises CFoundry::Denied" do
+        expect { subject }.to raise_exception(CFoundry::Denied)
+      end
+    end
+
+    context "when the block raises CF::UAA::TargetError" do
+      let(:error) { CF::UAA::TargetError.new({ :error => "foo", :error_description => "bar" }) }
+
+      it "raises CFoundry::UAAError" do
+        expect { subject }.to raise_exception(CFoundry::UAAError, "foo: bar")
+      end
+    end
+  end
+
+  describe "#token_issuer" do
+    it "has logging level 0 if #trace is true" do
+      uaa.trace = true
+      expect(uaa.send(:token_issuer).logger.level).to eq -1
+    end
+
+    it "has logging level 1 if #trace is false" do
+      uaa.trace = false
+      expect(uaa.send(:token_issuer).logger.level).to eq 1
+    end
+
+    it "passes proxy info to the token issuer" do
+      allow(CF::UAA::TokenIssuer).to receive(:new).and_call_original
+      uaa.http_proxy = 'http-proxy.example.com'
+      uaa.https_proxy = 'https-proxy.example.com'
+
+      uaa.send(:token_issuer)
+
+      expect(CF::UAA::TokenIssuer).to have_received(:new).with(anything, anything, anything, hash_including(
+          http_proxy: 'http-proxy.example.com',
+          https_proxy: 'https-proxy.example.com'
+      ))
+    end
+  end
+
+  describe "#scim" do
+    it "has logging level 0 if #trace is true" do
+      uaa.trace = true
+      expect(uaa.send(:scim).logger.level).to eq -1
+    end
+
+    it "has logging level 1 if #trace is false" do
+      uaa.trace = false
+      expect(uaa.send(:scim).logger.level).to eq 1
+    end
+  end
+
+  describe "#try_to_refresh_token!" do
+    it "uses the refresh token to get a new access token" do
+      expect(uaa.send(:token_issuer)).to receive(:refresh_token_grant).with(uaa.token.refresh_token) do
+        CF::UAA::TokenInfo.new(
+          :token_type => "bearer",
+          :access_token => "refreshed-token",
+          :refresh_token => "some-refresh-token")
+      end
+
+      uaa.try_to_refresh_token!
+      expect(uaa.token.auth_header).to eq "bearer refreshed-token"
+      expect(uaa.token.refresh_token).to eq "some-refresh-token"
+    end
+
+    context "when the refresh token has expired" do
+      it "returns the current token" do
+        expect(uaa.send(:token_issuer)).to receive(:refresh_token_grant) do
+          raise CF::UAA::TargetError.new
+        end
+
+        expect {
+          uaa.try_to_refresh_token!
+        }.to_not change { uaa.token }
+      end
+    end
+  end
+end

data/spec/cfoundry/upload_helpers_spec.rb

@@ -0,0 +1,182 @@
+require "spec_helper"
+
+class TestModelWithUploadHelpers < CFoundry::V2::Model
+  include CFoundry::UploadHelpers
+end
+
+module CFoundry
+  describe UploadHelpers do
+    describe "#upload" do
+      def relative_glob(dir)
+        base_pathname = Pathname.new(dir)
+        Dir["#{dir}/**/{*,.[^\.]*}"].map do |file|
+          Pathname.new(file).relative_path_from(base_pathname).to_s
+        end
+      end
+
+      def mock_zip(*args, &block)
+        if args.empty?
+          expect(CFoundry::Zip).to receive(:pack, &block)
+        else
+          expect(CFoundry::Zip).to receive(:pack).with(*args, &block)
+        end
+      end
+
+      let(:base) { Object.new }
+      let(:guid) { "123" }
+      let(:path) { "#{SPEC_ROOT}/fixtures/apps/with_cfignore" }
+      let(:check_resources) { false }
+      let(:tmpdir) { "#{SPEC_ROOT}/tmp/fake_tmpdir" }
+
+      let(:client) { build(:client) }
+
+      let(:model) { TestModelWithUploadHelpers.new(guid, client) }
+
+      before do
+        allow(client).to receive(:base) { base }
+        allow(base).to receive(:upload_app)
+
+        FileUtils.rm_rf tmpdir
+        allow(Dir).to receive(:tmpdir) do
+          FileUtils.mkdir_p tmpdir
+          tmpdir
+        end
+      end
+
+      it "zips the app and uploads the zip file" do
+        zip_path = "#{tmpdir}/#{guid}.zip"
+        mock_zip(anything, zip_path) { true }
+        allow(base).to receive(:upload_app).with(guid, zip_path, [])
+        model.upload(path, check_resources)
+      end
+
+      it "uploads an app with the right guid" do
+        mock_zip
+        expect(base).to receive(:upload_app).with(guid, anything, anything)
+        model.upload(path, check_resources)
+      end
+
+      it "uses a unique directory name when it copies the app" do
+        mock_zip(/#{tmpdir}.*#{guid}.*/, anything)
+        model.upload(path, check_resources)
+      end
+
+      it "cleans up after itself correctly" do
+        model.upload(path, check_resources)
+        expect(relative_glob(tmpdir)).to be_empty
+      end
+
+      it "includes the source files of the app in the zip file" do
+        mock_zip do |src, _|
+          files = relative_glob(src)
+          expect(files).to include "non_ignored_dir"
+          expect(files).to include "non_ignored_file.txt"
+          expect(files).to include "non_ignored_dir/file_in_non_ignored_dir.txt"
+        end
+        model.upload(path, check_resources)
+      end
+
+      it "includes hidden files (though stager ignores them currently)" do
+        mock_zip do |src, _|
+          expect(relative_glob(src)).to include ".hidden_file"
+        end
+        model.upload(path, check_resources)
+      end
+
+      it "does not include files and directories specified in the cfignore" do
+        mock_zip do |src, _|
+          files = relative_glob(src)
+          expect(files).to match_array(%w[
+          .hidden_file .cfignore non_ignored_dir ambiguous_ignored
+          non_ignored_dir/file_in_non_ignored_dir.txt non_ignored_file.txt
+          non_ignored_dir/toplevel_ignored.txt
+        ])
+        end
+        model.upload(path, check_resources)
+      end
+
+      %w(.git _darcs .svn).each do |source_control_dir_name|
+        context "when there is a #{source_control_dir_name} directory in the app" do
+          before { FileUtils.mkdir_p("#{path}/#{source_control_dir_name}") }
+
+          it "ignores that directory" do
+            mock_zip do |src, _|
+              expect(relative_glob(src)).not_to include source_control_dir_name
+            end
+            model.upload(path, check_resources)
+          end
+        end
+      end
+
+      context "when there are no files to zip" do
+        before { mock_zip { false } }
+
+        it "passes `false` to #upload_app" do
+          expect(base).to receive(:upload_app).with(guid, false, [])
+          model.upload(path, check_resources)
+        end
+      end
+
+      context "when all files match existing resources" do
+        context "and there are directories" do
+          let(:path) { "#{SPEC_ROOT}/fixtures/apps/with_nested_directories" }
+
+          it "prunes them before zipping" do
+            allow(model).to receive(:make_fingerprints).with(anything) do
+              [[], CFoundry::UploadHelpers::RESOURCE_CHECK_LIMIT + 1]
+            end
+
+            allow(base).to receive(:resource_match).with(anything) do
+              %w{ xyz foo/bar/baz/fizz }.map do |path|
+                {:fn => "#{tmpdir}/.cf_#{guid}_files/#{path}"}
+              end
+            end
+
+            expect(base).to receive(:upload_app).with(anything, false, anything)
+            model.upload(path)
+          end
+        end
+      end
+
+      context "when only dotfiles don't match existing resources" do
+        let(:path) { "#{SPEC_ROOT}/fixtures/apps/with_dotfiles" }
+
+        it "does not prune them" do
+          allow(model).to receive(:make_fingerprints).with(anything) do
+            [[], CFoundry::UploadHelpers::RESOURCE_CHECK_LIMIT + 1]
+          end
+
+          allow(base).to receive(:resource_match).with(anything) do
+            %w{ xyz }.map do |path|
+              {:fn => "#{tmpdir}/.cf_#{guid}_files/#{path}"}
+            end
+          end
+
+          expect(base).to receive(:upload_app).with(anything, anything, anything) do |_, zip, _|
+            expect(zip).to be_a(String)
+          end
+
+          model.upload(path)
+        end
+      end
+
+      context "when there is a symlink pointing outside of the root" do
+        let(:path) { "#{SPEC_ROOT}/fixtures/apps/with_external_symlink" }
+
+        it "blows up" do
+          expect {
+            model.upload(path)
+          }.to raise_error(CFoundry::Error, /contains links.*that point outside/)
+        end
+
+        context "and it is cfignored" do
+          let(:path) { "#{SPEC_ROOT}/fixtures/apps/with_ignored_external_symlink" }
+
+          it "ignores it" do
+            expect { model.upload(path) }.to_not raise_error
+          end
+        end
+      end
+    end
+  end
+end