reclaim-oidc 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/bin/reclaim-oidc +154 -0
  3. data/lib/reclaim_oidc.rb +104 -0
  4. metadata +46 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 8457ee899a43a473780d2e48d89d8f5d91448749c1f1d12426ce1f37170db612
4
+ data.tar.gz: '08e4e088fe5d3e5cab0ae7ac176863721fe8e32e8f6135d5e8233aa824ac52bb'
5
+ SHA512:
6
+ metadata.gz: aeb2aea87d30407080a8220c8d733070c44e624c02c502d8fe73ec26c60b3703c485d0f7292a107ee9340567917c092988bd635aeb1eab6cf7cb1fb002c6ffd5
7
+ data.tar.gz: a6da4bb73e033ca1508b516c7c03fdbe55148c3f9483579b5436e5456473b740e724b4e748ed25aa4550bbb29087307d30e545737814b43274d11f4cc7fe673f
data/bin/reclaim-oidc ADDED
@@ -0,0 +1,154 @@
1
+ #!/usr/bin/env ruby
2
+ require 'optparse'
3
+ require 'reclaim_oidc'
4
+
5
+ class OptParser
6
+ class ScriptOptions
7
+ attr_accessor :name, :add, :delete, :list, :description, :redirect_uri,
8
+ :verbose
9
+
10
+ def initialize
11
+ self.delete = false
12
+ self.add = false
13
+ self.list = false
14
+ self.verbose = false
15
+ end
16
+
17
+ def define_options(parser)
18
+ parser.banner = "Usage: reclaim-oidc [options]"
19
+ parser.separator ""
20
+ parser.separator "Specific options:"
21
+
22
+ # add additional options
23
+ add_option(parser)
24
+ delete_option(parser)
25
+ list_option(parser)
26
+ client_name_option(parser)
27
+ client_redirect_option(parser)
28
+ client_description_option(parser)
29
+ boolean_verbose_option(parser)
30
+
31
+ parser.separator ""
32
+ parser.separator "Common options:"
33
+ # No argument, shows at tail. This will print an options summary.
34
+ parser.on_tail("-h", "--help", "Show this message") do
35
+ puts parser
36
+ exit
37
+ end
38
+ # Another typical switch to print the version.
39
+ parser.on_tail("--version", "Show version") do
40
+ puts ReclaimOidc.version
41
+ exit
42
+ end
43
+ end
44
+
45
+ def client_name_option(parser)
46
+ parser.on("-n", "--client-name [NAME]",
47
+ "Name of the OIDC client") do |n|
48
+ self.name = n
49
+ end
50
+ end
51
+
52
+ def client_redirect_option(parser)
53
+ parser.on("-r", "--redirect-uri [URI]",
54
+ "The OIDC redirect_uri parameter") do |n|
55
+ self.redirect_uri = n
56
+ end
57
+ end
58
+
59
+ def client_description_option(parser)
60
+ parser.on("-D", "--description [DESCRIPTION]",
61
+ "The OIDC client description") do |n|
62
+ self.description = n
63
+ end
64
+ end
65
+
66
+ def add_option(parser)
67
+ parser.on("-a", "--add", "Add a client") do |v|
68
+ self.add = v
69
+ end
70
+ end
71
+
72
+ def delete_option(parser)
73
+ parser.on("-d", "--delete", "Delete a client") do |v|
74
+ self.delete = v
75
+ end
76
+ end
77
+
78
+ def list_option(parser)
79
+ parser.on("-l", "--list", "List clients") do |v|
80
+ self.list = v
81
+ end
82
+ end
83
+
84
+ def boolean_verbose_option(parser)
85
+ # Boolean switch.
86
+ parser.on("-v", "--[no-]verbose", "Run verbosely") do |v|
87
+ self.verbose = v
88
+ end
89
+ end
90
+ end
91
+
92
+ #
93
+ # Return a structure describing the options.
94
+ #
95
+ def parse(args)
96
+ # The options specified on the command line will be collected in
97
+ # *options*.
98
+
99
+ @options = ScriptOptions.new
100
+ @args = OptionParser.new do |parser|
101
+ @options.define_options(parser)
102
+ parser.parse!(args)
103
+ end
104
+ @options
105
+ end
106
+
107
+ attr_reader :parser, :options
108
+ end # class OptparseExample
109
+
110
+ op = OptParser.new
111
+ options = op.parse(ARGV)
112
+ #pp options
113
+ #pp ARGV
114
+
115
+ roidc = ReclaimOidc.new(options.verbose)
116
+
117
+ if (options.list)
118
+ op = roidc.get_op_info
119
+ puts "OpenID Connect Provider Information:"
120
+ puts "------------------------------------"
121
+ puts "Authorize Endpoint: #{op['authz_endpoint']}"
122
+ puts "Token Endpoint: #{op['token_endpoint']}"
123
+ puts "JSON-Web-Token Algorithm: #{op['jwt_algo']}"
124
+ puts "JSON-Web-Token key: #{op['jwt_key']}"
125
+ puts "Example Authorization Redirect:"
126
+ puts "https://api.reclaim/openid/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=email%20full_name&nonce=1234"
127
+ puts ""
128
+ puts "Registered Clients:"
129
+ puts "-------------------"
130
+ clients = roidc.get_clients
131
+ clients.each do |client|
132
+ puts "name: #{client.name}"
133
+ puts "client_id: #{client.key}"
134
+ puts "client_secret: #{client.secret}"
135
+ puts "description: #{client.description}"
136
+ puts "redirect_uri: #{client.redirect_uri}"
137
+ puts "---"
138
+ end
139
+ exit
140
+ end
141
+ if (options.add)
142
+ if options.name.nil? or options.redirect_uri.nil?
143
+ puts "ERROR: Missing options"
144
+ exit
145
+ end
146
+ roidc.add_client(options.name,options.redirect_uri,options.description)
147
+ puts "OK"
148
+ exit
149
+ end
150
+ if (options.delete)
151
+ roidc.delete_client(options.name)
152
+ puts "OK"
153
+ end
154
+
data/lib/reclaim_oidc.rb ADDED
@@ -0,0 +1,104 @@
1
+ require 'net/http'
2
+ require 'json'
3
+
4
+ class ReclaimOidc
5
+ def initialize(verbose=false, url='http://localhost:7776')
6
+ @verbose = verbose
7
+ @url = url
8
+ @client_secret = get_client_secret()
9
+ end
10
+ def self.hello
11
+ puts "Hello World!"
12
+ end
13
+ def parse_identities_from_http(body)
14
+ arr = JSON.parse(body)
15
+ ids = []
16
+ arr.each do |obj|
17
+ obj["secret"] = @client_secret
18
+ ids << ReclaimOidc::Client.from_json(obj)
19
+ end
20
+ ids
21
+ end
22
+
23
+ def get_client_secret
24
+ uri = URI(@url + '/config/reclaim-rest-plugin')
25
+ resp = JSON.parse Net::HTTP.get(uri)
26
+ return resp["PSW"]
27
+ end
28
+
29
+ def get_clients
30
+ uri = URI(@url + '/identity/all')
31
+ ids = parse_identities_from_http(Net::HTTP.get(uri))
32
+ result = []
33
+ ids.each do |id|
34
+ uri = URI(@url + "/namestore/#{id.name}")
35
+ id.parse_client_info(JSON.parse(Net::HTTP.get(uri)))
36
+ next if id.redirect_uri.nil?
37
+ result << id
38
+ end
39
+ result
40
+ end
41
+ def add_client(name,redirect_uri,description)
42
+ raise if redirect_uri.nil? or description.nil? or name.nil?
43
+ uri = URI(@url + '/identity')
44
+ payload = {'name' => "#{name}"}.to_json
45
+ resp = Net::HTTP.post(uri, payload)
46
+ uri = URI(@url + "/namestore/#{name}")
47
+ record = {'record_type' => "RECLAIM_OIDC_CLIENT",
48
+ 'value' => description,
49
+ 'record_name' => "@",
50
+ 'expiration_time' => "1d",
51
+ 'flag' => 8}
52
+ resp = Net::HTTP.post(uri,record.to_json)
53
+ record = {'record_type' => "RECLAIM_OIDC_REDIRECT",
54
+ 'value' => redirect_uri,
55
+ 'record_name' => "@",
56
+ 'expiration_time' => "1d",
57
+ 'flag' => 8}
58
+ resp = Net::HTTP.post(uri,record.to_json)
59
+ end
60
+ def delete_client(name)
61
+ raise if name.nil?
62
+ uri = URI(@url + "/identity/name/#{name}")
63
+ Net::HTTP.start(uri.host, uri.port) do |http|
64
+ request = Net::HTTP::Delete.new uri
65
+ resp = http.request request # Net::HTTPResponse object
66
+ end
67
+ end
68
+ def get_op_info
69
+ uri = URI(@url + '/config/reclaim-rest-plugin')
70
+ resp = JSON.parse Net::HTTP.get(uri)
71
+ op = {}
72
+ op['jwt_key'] = resp["JWT_SECRET"]
73
+ op['jwt_algo'] = 'HS512' # FIXME
74
+ host = 'http://localhost:7776'
75
+ op['authz_endpoint'] = host + '/openid/authorize'
76
+ op['token_endpoint'] = host + '/openid/token'
77
+ op
78
+ end
79
+ def set_jwt_secret
80
+ raise
81
+ end
82
+
83
+ class Client
84
+ attr_reader :name, :key, :description, :redirect_uri, :secret
85
+ def initialize(name, key, secret)
86
+ @name = name
87
+ @key = key
88
+ @secret = secret
89
+ end
90
+ def self.from_json(obj)
91
+ id = Client.new(obj['name'], obj['pubkey'], obj['secret'])
92
+ end
93
+ def parse_client_info(obj)
94
+ obj.each do |record|
95
+ if (record['record_type'] == 'RECLAIM_OIDC_CLIENT')
96
+ @description = record['value']
97
+ end
98
+ if (record['record_type'] == 'RECLAIM_OIDC_REDIRECT')
99
+ @redirect_uri = record['value']
100
+ end
101
+ end
102
+ end
103
+ end
104
+ end
metadata ADDED
@@ -0,0 +1,46 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: reclaim-oidc
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Martin Schanzenbach
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-04-25 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Used to manage re:claimID OpenID Connect clients and OpenID Connect Provider
14
+ configuration(s)
15
+ email: mschanzenbach@posteo.de
16
+ executables:
17
+ - reclaim-oidc
18
+ extensions: []
19
+ extra_rdoc_files: []
20
+ files:
21
+ - bin/reclaim-oidc
22
+ - lib/reclaim_oidc.rb
23
+ homepage: https://gitlab.com/reclaimid/reclaim-oidc
24
+ licenses:
25
+ - AGPL-3.0
26
+ metadata: {}
27
+ post_install_message:
28
+ rdoc_options: []
29
+ require_paths:
30
+ - lib
31
+ required_ruby_version: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - ">="
34
+ - !ruby/object:Gem::Version
35
+ version: '0'
36
+ required_rubygems_version: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ requirements: []
42
+ rubygems_version: 3.0.3
43
+ signing_key:
44
+ specification_version: 4
45
+ summary: re:claimID OpenID Connect CLI
46
+ test_files: []