omniauth-uaa-oauth2 0.0.3 → 0.0.7

data/NOTICE

@@ -1,10 +1,11 @@
-omniauth-uaa-oauth2 09012012
+Copyright (c) 2015-Present CloudFoundry.org Foundation, Inc. All Rights Reserved.
 
-Copyright (c) 2012 VMware, Inc. All Rights Reserved. 
+This project contains software that is Copyright (c) 2013-2015 Pivotal Software, Inc.
 
-This product is licensed to you under the Apache License, Version 2.0 (the "License").  
-You may not use this product except in compliance with the License.  
+This project is licensed to you under the Apache License, Version 2.0 (the "License").
 
-This product may include a number of subcomponents with separate copyright notices 
+You may not use this project except in compliance with the License.
+
+This project may include a number of subcomponents with separate copyright notices
 and license terms. Your use of these subcomponents is subject to the terms and 
-conditions of the subcomponent's license, as noted in the LICENSE file.
+conditions of the subcomponent's license, as noted in the LICENSE file.

data/lib/omniauth/strategies/cloudfoundry.rb

@@ -18,6 +18,25 @@ require 'securerandom'
 
 module OmniAuth
   module Strategies
+    class CFAccessToken
+      EMPTY_INFO = {
+        'access_token' => '',
+        'refresh_token' => '',
+        'scope' => ''
+      }
+
+      attr_reader :info, :auth_header
+
+      def initialize(info=EMPTY_INFO, auth_header='')
+        @info = info
+        @auth_header = auth_header
+      end
+
+      def empty?
+        @info == EMPTY_INFO
+      end
+    end
+
     class Cloudfoundry
       include OmniAuth::Strategy
 
@@ -28,13 +47,14 @@ module OmniAuth
       option :token_server_url, nil
       option :scope, nil
       option :async_calls, false
+      option :skip_ssl_validation, false
 
       attr_accessor :access_token
       attr_reader :token_issuer
+      attr_writer :uaa_info
       attr_reader :auth_server_url
       attr_reader :token_server_url
 
-
       def client
 
         unless @token_issuer
@@ -53,10 +73,14 @@ module OmniAuth
             end
           end
 
-          @token_issuer ||= CF::UAA::TokenIssuer.new(@auth_server_url,
-                                                     options.client_id,
-                                                     options.client_secret,
-                                                     {:token_target => @token_server_url})
+          @token_issuer ||= CF::UAA::TokenIssuer.new(
+              @auth_server_url,
+              options.client_id,
+              options.client_secret,
+              {
+                 :token_target => @token_server_url,
+                 :skip_ssl_validation => options.skip_ssl_validation
+              })
           log :info, "Client: #{options.client_id} auth_server: #{@auth_server_url} token_server: #{@token_server_url}"
           @token_issuer.logger = OmniAuth.logger
         end
@@ -64,6 +88,13 @@ module OmniAuth
         @token_issuer
       end
 
+      def uaa_info
+        @uaa_info ||= CF::UAA::Info.new(
+            @token_server_url,
+            :skip_ssl_validation => options.skip_ssl_validation
+        )
+      end
+
       def callback_url
         full_host + script_name + callback_path
       end
@@ -89,12 +120,16 @@ module OmniAuth
       end
 
       def callback_phase
-        log :info, "In callback phase #{request.query_string}"
-        self.access_token = build_access_token(request.query_string)
-        self.access_token = refresh(access_token) if expired?(access_token)
-        log :info, "Got access token #{access_token.inspect}"
-
-        super
+        if error = request.params['error_reason'] || request.params['error']
+          fail!(error, CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri']))
+        else
+          log :info, "In callback phase #{request.query_string}"
+          self.access_token = build_access_token(request.query_string)
+          self.access_token = refresh(access_token) if !access_token.empty? && expired?(access_token)
+          log :info, "Got access token #{access_token.inspect}"
+
+          super
+        end
       end
 
       credentials do
@@ -123,7 +158,10 @@ module OmniAuth
       end
 
       def raw_info
-        @raw_info ||= CF::UAA::Misc.whoami(@token_server_url, self.access_token.auth_header)
+        @raw_info ||= uaa_info.whoami(self.access_token.auth_header)
+      rescue CF::UAA::TargetError => e
+        log :error, "#{e.message}: #{e.info}"
+        {}
       end
 
       def prune!(hash)
@@ -135,7 +173,11 @@ module OmniAuth
 
       def build_access_token(query_string)
         log :info, "Fetching access token"
-        client.authcode_grant(session.delete('redir_uri'), query_string)
+        token = client.authcode_grant(session.delete('redir_uri'), query_string)
+        CFAccessToken.new(token.info, token.auth_header)
+      rescue CF::UAA::InvalidToken => e
+        log :error, "Invalid token: #{e.message}"
+        CFAccessToken.new
       end
 
       def refresh(access_token)
@@ -148,6 +190,20 @@ module OmniAuth
         expiry = CF::UAA::TokenCoder.decode(access_token.split()[1], nil, nil, false)[:expires_at]		
         expiry.is_a?(Integer) && expiry <= Time.now.to_i
       end
+
+      class CallbackError < StandardError
+        attr_accessor :error, :error_reason, :error_uri
+
+        def initialize(error, error_reason = nil, error_uri = nil)
+          self.error = error
+          self.error_reason = error_reason
+          self.error_uri = error_uri
+        end
+
+        def message
+          [error, error_reason, error_uri].compact.join(' | ')
+        end
+      end
     end
   end
 end

data/lib/omniauth/uaa_oauth2/version.rb

@@ -13,6 +13,6 @@
 
 module OmniAuth
   module Cloudfoundry
-    VERSION = "0.0.3"
+    VERSION = "0.0.7"
   end
 end

data/omniauth-uaa-oauth2.gemspec

@@ -15,9 +15,6 @@
 require File.expand_path('../lib/omniauth/uaa_oauth2/version', __FILE__)
 
 Gem::Specification.new do |gem|
-  gem.add_dependency 'omniauth', '~> 1.0'
-  gem.add_dependency 'cf-uaa-lib', ['>= 1.3.1', '< 2.0']
-
   gem.authors       = ["Joel D'sa", "Dave Syer", "Dale Olds", "Vidya Valmikinathan", "Luke Taylor"]
   gem.email         = ["jdsa@vmware.com", "olds@vmware.com", "dsyer@vmware.com", "vidya@vmware.com", "ltaylor@vmware.com"]
   gem.description   = %q{An OmniAuth strategy for the Cloudfoundry UAA}
@@ -31,7 +28,8 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = OmniAuth::Cloudfoundry::VERSION
 
-  gem.add_runtime_dependency 'cf-uaa-lib', ['>= 1.3.1', '< 2.0']
+  gem.add_runtime_dependency 'omniauth', '~> 1.0'
+  gem.add_runtime_dependency 'cf-uaa-lib', ['>= 3.2', '< 4.0']
 
   gem.add_development_dependency 'rspec', '~> 2.6.0'
   gem.add_development_dependency 'rake'

data/spec/omniauth/strategies/uaa_oauth2_spec.rb

@@ -52,6 +52,63 @@ describe OmniAuth::Strategies::Cloudfoundry do
     end
   end
 
+  describe '#callback_phase' do
+    let(:token_issuer) { CF::UAA::TokenIssuer.new('target', 'client_id') }
+    let(:uaa_info) do
+      info = double("UAA_INFO")
+      info.stub(:whoami) { { "omniauth.auth" => "something" } }
+      info
+    end
+
+    before do
+      subject.stub(:client).and_return(token_issuer)
+      subject.uaa_info = uaa_info
+      subject.stub(:session).and_return({})
+      subject.stub(:env).and_return({})
+      subject.stub(:expired?) { true }
+      @request.stub(:query_string)
+    end
+
+    context 'when the callback request contains an error message' do
+      it 'makes a call to #fail! with the error and a CallbackError' do
+        @request.stub(:params) do
+          {
+            'error'             => 'access_denied',
+            'error_description' => 'User denied access',
+            'state'             => 'some-state-value'
+          }
+        end
+
+        subject.should_receive(:fail!).with('access_denied', instance_of(OmniAuth::Strategies::Cloudfoundry::CallbackError))
+        subject.callback_phase
+      end
+    end
+
+    context 'when the access token is not empty and expired' do
+      let(:refresh_access_token) { OmniAuth::Strategies::CFAccessToken.new({
+                                     'access_token' => 'some-refreshed-token'
+                                   },
+                                   'auth-header'
+                                 )}
+
+      it 'should call refresh on the access token' do
+        token_issuer.stub(:authcode_grant).and_return(CF::UAA::TokenInfo.new({}))
+
+        subject.should_receive(:refresh).with(anything).and_return(refresh_access_token)
+        subject.callback_phase
+      end
+    end
+
+    context 'when the access token is empty and expired' do
+      it 'should not call refresh on the access token' do
+        token_issuer.stub(:authcode_grant).and_raise(CF::UAA::InvalidToken)
+
+        subject.should_not_receive(:refresh)
+        subject.callback_phase
+      end
+    end
+  end
+
   describe 'set scopes' do
     it 'should set the right scopes if requested' do
       @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com', :scope => "openid cloud_controller.read"}
@@ -66,4 +123,92 @@ describe OmniAuth::Strategies::Cloudfoundry do
     end
   end
 
+  describe 'empty?' do
+    it 'is empty when initialized without info' do
+      token = OmniAuth::Strategies::CFAccessToken.new
+      token.empty?.should be_true
+    end
+
+    it 'is not empty when initialized with info' do
+      token = OmniAuth::Strategies::CFAccessToken.new({
+        'access_token' => 'some-token',
+      })
+      token.empty?.should be_false
+    end
+  end
+
+  describe 'raw_info' do
+    let(:uaa_info) do
+      info = double("UAA_INFO")
+      info.stub(:whoami) { "something" }
+      info
+    end
+
+    before do
+      subject.uaa_info = uaa_info
+      @omni_logger = OmniAuth.config.logger
+    end
+
+    after do
+      OmniAuth.config.logger = @omni_logger
+    end
+
+    it 'should return raw info' do
+      subject.access_token = OmniAuth::Strategies::CFAccessToken.new
+
+      subject.raw_info.should_not be_empty
+    end
+
+    context 'when whoami returns an error' do
+      let(:uaa_info) do
+        info = double("UAA_INFO")
+        info.stub(:whoami).and_raise(CF::UAA::TargetError)
+        info
+      end
+
+      before do
+        subject.uaa_info = uaa_info
+      end
+
+      it 'should rescue, log, and return empty hash on target error' do
+        logger = double("logger")
+        logger.should_receive(:error).once
+        OmniAuth.config.logger = logger
+
+        subject.access_token = OmniAuth::Strategies::CFAccessToken.new
+        subject.raw_info.should be_empty
+      end
+    end
+  end
+
+  describe 'build_access_token' do
+    let(:token_issuer) { CF::UAA::TokenIssuer.new('target', 'client_id') }
+    let(:logger) { double("logger") }
+    let!(:omni_logger) { OmniAuth.config.logger }
+
+    before do
+      OmniAuth.config.logger = logger
+      logger.should_receive(:info).once
+
+      subject.stub(:client).and_return(token_issuer)
+      subject.stub(:session).and_return({})
+    end
+
+    after do
+      OmniAuth.config.logger = omni_logger
+    end
+
+    it 'should return an access token' do
+      token_issuer.stub(:authcode_grant).and_return(CF::UAA::TokenInfo.new({}))
+
+      subject.build_access_token('query-string').should_not be_empty
+    end
+
+    it 'should rescue, log, and return empty token on invalid token error' do
+      token_issuer.stub(:authcode_grant).and_raise(CF::UAA::InvalidToken)
+      logger.should_receive(:error).once
+
+      subject.build_access_token('query-string').should be_empty
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-uaa-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.7
 platform: ruby
 authors:
 - Joel D'sa
@@ -12,88 +12,68 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-07 00:00:00.000000000 Z
+date: 2018-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: cf-uaa-lib
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
-    - - <
+        version: '3.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
-    - - <
+        version: '3.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: cf-uaa-lib
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 1.3.1
-    - - <
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 1.3.1
-    - - <
-      - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.6.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: An OmniAuth strategy for the Cloudfoundry UAA
@@ -107,8 +87,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -132,18 +112,20 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: An OmniAuth strategy for the Cloudfoundry UAA
-test_files: []
+test_files:
+- spec/omniauth/strategies/uaa_oauth2_spec.rb
+- spec/spec_helper.rb