rhc 1.4.8 → 1.5.13

data/lib/rhc/rest.rb

@@ -4,14 +4,15 @@ module RHC
     autoload :Base,        'rhc/rest/base'
     autoload :Attributes,  'rhc/rest/attributes'
 
-    autoload :Api,         'rhc/rest/api'
-    autoload :Application, 'rhc/rest/application'
-    autoload :Cartridge,   'rhc/rest/cartridge'
-    autoload :Client,      'rhc/rest/client'
-    autoload :Domain,      'rhc/rest/domain'
-    autoload :Key,         'rhc/rest/key'
-    autoload :User,        'rhc/rest/user'
-    autoload :GearGroup,   'rhc/rest/gear_group'
+    autoload :Api,           'rhc/rest/api'
+    autoload :Application,   'rhc/rest/application'
+    autoload :Authorization, 'rhc/rest/authorization'
+    autoload :Cartridge,     'rhc/rest/cartridge'
+    autoload :Client,        'rhc/rest/client'
+    autoload :Domain,        'rhc/rest/domain'
+    autoload :Key,           'rhc/rest/key'
+    autoload :User,          'rhc/rest/user'
+    autoload :GearGroup,     'rhc/rest/gear_group'
 
     class Exception < RuntimeError
       attr_reader :code
@@ -51,6 +52,18 @@ module RHC
     class ResourceNotFoundException < ClientErrorException; end
     class ApiEndpointNotFound < ResourceNotFoundException; end
 
+    # 404 errors for specific resource types
+    class DomainNotFoundException < ResourceNotFoundException
+      def initialize(msg)
+        super(msg,127)
+      end
+    end
+    class ApplicationNotFoundException < ResourceNotFoundException
+      def initialize(msg)
+        super(msg,101)
+      end
+    end
+
     #Exceptions thrown in case of an HTTP 422 is received.
     class ValidationException < ClientErrorException
       attr_reader :field
@@ -76,6 +89,7 @@ module RHC
     #included Authorization credentials, then the 401 response indicates 
     #that authorization has been refused for those credentials. 
     class UnAuthorizedException < ClientErrorException; end
+    class TokenExpiredOrInvalid < UnAuthorizedException; end
 
     # DEPRECATED Unreachable host, SSL Exception
     class ResourceAccessException < Exception; end
@@ -97,5 +111,11 @@ module RHC
     class SSLVersionRejected < SSLConnectionFailed; end
 
     class MultipleCartridgeCreationNotSupported < Exception; end
+
+    class AuthorizationsNotSupported < Exception
+      def initialize(message="The server does not support setting, retrieving, or authenticating with authorization tokens.")
+        super(message, 1)
+      end
+    end
   end
 end

data/lib/rhc/ssh_helpers.rb

@@ -117,10 +117,13 @@ module RHC
       Net::SSH::KeyFactory.load_public_key(key).fingerprint
     rescue NoMethodError, NotImplementedError => e
       ssh_keygen_fallback key
-      return nil
+      nil
     rescue OpenSSL::PKey::PKeyError, Net::SSH::Exception => e
       error e.message
-      return nil
+      nil
+    rescue => e
+      error e.message
+      nil
     end
 
     def fingerprint_for_default_key

data/lib/rhc/tar_gz.rb

@@ -1,5 +1,4 @@
 require 'stringio'
-require 'rhc/vendor/zliby'
 require 'archive/tar/minitar'
 include Archive::Tar
 
@@ -16,7 +15,7 @@ module RHC
       regex = Regexp.new search
       if RHC::Helpers.windows? or force_ruby
         begin
-          RHC::Vendor::Zlib::GzipReader.open(filename) do |gz|
+          zlib::GzipReader.open(filename) do |gz|
             Minitar::Reader.open gz do |tar|
               tar.each_entry do |entry|
                 if entry.full_name =~ regex
@@ -25,16 +24,28 @@ module RHC
               end
             end
           end
-        rescue RHC::Vendor::Zlib::GzipFile::Error
-          return false
+        rescue zlib::GzipFile::Error, zlib::GzipFile::Error
+          false
         end
       else
         # combining STDOUT and STDERR (i.e., 2>&1) does not suppress output
         # when the specs run via 'bundle exec rake spec'
-        return system "#{TAR_BIN} --wildcards -tf #{filename} #{regex.source} 2>/dev/null >/dev/null"
+        system "#{TAR_BIN} --wildcards -tf #{filename} #{regex.source} 2>/dev/null >/dev/null"
       end
     end
 
+    private
+      def self.zlib
+        #:nocov:
+        require 'zlib' rescue nil
+        if defined? Zlib::GzipReader 
+          Zlib
+        else
+          require 'rhc/vendor/zliby'
+          RHC::Vendor::Zlib
+        end
+        #:nocov:
+      end
   end
 
 end

data/lib/rhc/usage_templates/help.erb

@@ -4,7 +4,7 @@ Usage: rhc [--help] [--version] [--debug] <command> [<args>]
 
 <%
 remaining = Hash[@commands.dup.select{ |name, command| not alias?(name) and not command.summary.blank? }]
-basic = remaining.slice!('setup', 'app create', 'apps', 'cartridge list', 'cartridge add', 'server')
+basic = remaining.slice!('setup', 'app create', 'apps', 'cartridge list', 'cartridge add', 'server', 'account logout')
 begin -%>
 Getting started:
 <% for name, command in basic -%>

data/lib/rhc/wizard.rb

@@ -7,6 +7,10 @@ module RHC
   class Wizard
     include HighLine::SystemExtensions
 
+    def self.has_configuration?
+      File.exists? RHC::Config.local_config_path
+    end
+
     DEFAULT_MAX_LENGTH = 16
 
     STAGES = [:greeting_stage,
@@ -71,15 +75,31 @@ module RHC
         })
       end
 
-      def auth
-        @auth ||= RHC::Auth::Basic.new(options)
+      def core_auth
+        @core_auth ||= RHC::Auth::Basic.new(options)
       end
 
-      def username
-        auth.send(:username)
+      def token_auth
+        RHC::Auth::Token.new(options, core_auth, token_store)
       end
-      def password
-        auth.send(:password)
+
+      def auth(reset=false)
+        @auth = nil if reset
+        @auth ||= begin
+            if options.token
+              token_auth
+            else
+              core_auth
+            end
+          end
+      end
+
+      def token_store
+        @token_store ||= RHC::Auth::TokenStore.new(config.home_conf_path)
+      end
+
+      def username
+        auth.username if auth.respond_to?(:username)
       end
 
       def print_dot
@@ -109,7 +129,11 @@ module RHC
     end
 
     def login_stage
-      say "Using #{options.rhlogin} to login to #{openshift_server}" if options.rhlogin
+      if options.token
+        say "Using an existing token for #{options.rhlogin} to login to #{openshift_server}"
+      elsif options.rhlogin
+        say "Using #{options.rhlogin} to login to #{openshift_server}"
+      end
 
       self.rest_client = new_client_for_options
 
@@ -137,6 +161,22 @@ module RHC
       end
 
       self.user = rest_client.user
+
+      if rest_client.supports_sessions? && !options.token && options.create_token != false
+        paragraph do
+          info "OpenShift can create and store a token on disk which allows to you to access the server without using your password. The key is stored in your home directory and should be kept secret.  You can delete the key at any time by running 'rhc logout'."
+          if options.create_token or agree "Generate a token now? (yes|no) "
+            say "Generating an authorization token for this client ... "
+            token = rest_client.new_session
+            options.token = token.token
+            self.auth(true).save(token.token)
+            self.rest_client = new_client_for_options
+            self.user = rest_client.user
+
+            success "lasts #{distance_of_time_in_words(token.expires_in_seconds)}"
+          end
+        end
+      end
       true
     end
 
@@ -152,7 +192,8 @@ module RHC
 
         changed = Commander::Command::Options.new(options)
         changed.rhlogin = username
-        changed.password = password
+        changed.password = nil
+        changed.use_authorization_tokens = options.create_token != false && !changed.token.nil?
 
         FileUtils.mkdir_p File.dirname(config.path)
         config.save!(changed)
@@ -211,9 +252,8 @@ module RHC
           return nil
         end
 
-        hostname = Socket.gethostname.gsub(/\..*\z/,'')
         userkey = username ? username.gsub(/@.*/, '') : ''
-        pubkey_base_name = "#{userkey}#{hostname}".gsub(/[^A-Za-z0-9]/,'').slice(0,16)
+        pubkey_base_name = "#{userkey}#{hostname.gsub(/\..*\z/,'')}".gsub(/[^A-Za-z0-9]/,'').slice(0,16)
         default_name = find_unique_key_name(
           :keys => ssh_keys,
           :base => pubkey_base_name,
@@ -519,6 +559,10 @@ EOF
       @debug
     end
 
+    def hostname
+      Socket.gethostname
+    end
+
     protected
       attr_writer :rest_client
   end

data/spec/coverage_helper.rb

@@ -12,12 +12,21 @@ unless RUBY_VERSION < '1.9'
       end
       @missed_lines
     end
+
+    def print_missed_lines
+      @files.each do |file|
+        file.missed_lines.each do |line|
+          puts "MISSED #{file.filename}:#{line.number}"
+        end
+      end
+    end
   end
 
   original_stderr = $stderr # in case helpers don't properly cleanup
   SimpleCov.at_exit do
     SimpleCov.result.format!
     if SimpleCov.result.covered_percent < 100.0
+      SimpleCov.result.print_missed_lines if SimpleCov.result.covered_percent > 98.0
       original_stderr.puts "Coverage not 100%, build failed."
       exit 1
     end

data/spec/rhc/auth_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'base64'
 require 'rhc/commands'
 
 describe RHC::Auth::Basic do
@@ -7,11 +8,13 @@ describe RHC::Auth::Basic do
   let(:auth_hash){ {:user => user, :password => password} }
   let(:options){ (o = Commander::Command::Options.new).default(default_options); o }
   let(:default_options){ {} }
+  let(:client){ mock(:supports_sessions? => false) }
 
   its(:username){ should be_nil }
   its(:username?){ should be_false }
   its(:password){ should be_nil }
-  its(:options){ should be_nil }
+  its(:options){ should_not be_nil }
+  its(:can_authenticate?){ should be_false }
   its(:openshift_server){ should == 'openshift.redhat.com' }
 
   context "with user options" do
@@ -28,6 +31,7 @@ describe RHC::Auth::Basic do
       its(:username){ should == user }
       its(:username?){ should be_true }
       its(:password){ should == password }
+      its(:can_authenticate?){ should be_true }
     end
 
     context "that includes server" do
@@ -48,7 +52,7 @@ describe RHC::Auth::Basic do
       its(:username?){ should be_false }
       it("should not retry") do 
         subject.should_not_receive(:ask_username)
-        subject.retry_auth?(mock(:status => 401)).should be_false
+        subject.retry_auth?(mock(:status => 401), client).should be_false
       end
     end
   end
@@ -111,11 +115,6 @@ describe RHC::Auth::Basic do
       it { subject.to_request(request).should equal(request) }
       it { subject.to_request(request).should == auth_hash }
 
-      context "it should remember cookies" do
-        let(:response){ mock(:cookies => [mock(:name => 'rh_sso', :value => '1')], :status => 200) }
-        it{ subject.retry_auth?(response); subject.to_request(request)[:cookies].should == {:rh_sso => '1'} }
-      end
-
       context "when the request is lazy" do
         let(:request){ {:lazy_auth => true} }
 
@@ -172,24 +171,21 @@ describe RHC::Auth::Basic do
     context "when the response succeeds" do
       let(:response){ mock(:cookies => {}, :status => 200) }
 
-      it{ subject.retry_auth?(response).should be_false }
-      after{ subject.cookie.should be_nil }
+      it{ subject.retry_auth?(response, client).should be_false }
     end
     context "when the response succeeds with a cookie" do
       let(:response){ mock(:cookies => [mock(:name => 'rh_sso', :value => '1')], :status => 200) }
-      it{ subject.retry_auth?(response).should be_false }
-      after{ subject.cookie.should == '1' }
+      it{ subject.retry_auth?(response, client).should be_false }
     end
     context "when the response requires authentication" do
       let(:response){ mock(:status => 401) }
-      after{ subject.cookie.should be_nil }
 
       context "with no user and no password" do
         subject{ described_class.new(nil, nil) }
         it("should ask for user and password") do
           subject.should_receive(:ask_username).and_return(user)
           subject.should_receive(:ask_password).and_return(password)
-          subject.retry_auth?(response).should be_true
+          subject.retry_auth?(response, client).should be_true
         end
       end
 
@@ -197,12 +193,12 @@ describe RHC::Auth::Basic do
         subject{ described_class.new(user, nil) }
         it("should ask for password only") do
           subject.should_receive(:ask_password).and_return(password)
-          subject.retry_auth?(response).should be_true
+          subject.retry_auth?(response, client).should be_true
         end
         it("should ask for password twice") do
           subject.should_receive(:ask_password).twice.and_return(password)
-          subject.retry_auth?(response).should be_true
-          subject.retry_auth?(response).should be_true
+          subject.retry_auth?(response, client).should be_true
+          subject.retry_auth?(response, client).should be_true
         end
       end
 
@@ -211,16 +207,227 @@ describe RHC::Auth::Basic do
         it("should not prompt for reauthentication") do
           subject.should_not_receive(:ask_password)
           subject.should_receive(:error).with("Username or password is not correct")
-          subject.retry_auth?(response).should be_false
+          subject.retry_auth?(response, client).should be_false
         end
+      end
+    end
+  end
+end
 
-        it "should forget a saved cookie" do
-          subject.instance_variable_set(:@cookie, '1')
-          subject.should_not_receive(:ask_password)
-          subject.should_receive(:error).with("Username or password is not correct")
-          subject.retry_auth?(response).should be_false
+describe RHC::Auth::Token do
+  subject{ described_class.new(options) }
+
+  let(:token){ 'a_token' }
+  let(:options){ (o = Commander::Command::Options.new).default(default_options); o }
+  let(:default_options){ {} }
+  let(:client){ mock(:supports_sessions? => false) }
+  let(:auth){ nil }
+  let(:store){ nil }
+
+  its(:username){ should be_nil }
+  its(:options){ should_not be_nil }
+  its(:can_authenticate?){ should be_false }
+  its(:openshift_server){ should == 'openshift.redhat.com' }
+
+  context "with user options" do
+    its(:username){ should be_nil }
+    its(:options){ should equal(options) }
+
+    context "that include token" do
+      let(:default_options){ {:token => token} }
+      its(:can_authenticate?){ should be_true }
+    end
+
+    context "that includes server" do
+      let(:default_options){ {:server => 'test.com'} }
+      its(:openshift_server){ should == 'test.com' }
+    end
+
+    context "with --noprompt" do
+      let(:default_options){ {:noprompt => true} }
+
+      its(:username){ should be_nil }
+      it("should not retry") do 
+      end
+    end
+  end
+
+  context "when initialized with a hash" do
+    subject{ described_class.new({:token => token}) }
+    its(:token){ should == token }
+  end
+
+  context "when initialized with a string" do
+    subject{ described_class.new(token) }
+    its(:token){ should == token }
+  end
+
+  context "when initialized with an auth object" do
+    subject{ described_class.new(nil, auth) }
+    let(:auth){ mock(:username => 'foo') }
+    its(:username){ should == 'foo' }
+  end
+
+  context "when initialized with a store" do
+    subject{ described_class.new(nil, nil, store) }
+    let(:store){ mock }
+    before{ store.should_receive(:get).with(nil, 'openshift.redhat.com').and_return(token) }
+    it("should read the token for the user") do
+      subject.send(:token).should == token
+    end
+  end
+
+  describe "#save" do
+    subject{ described_class.new(nil, nil, store) }
+    context "when store is set" do
+      let(:store){ mock(:get => nil) }
+      it("should call put on store") do
+        subject.should_receive(:username).and_return('foo')
+        subject.should_receive(:openshift_server).and_return('bar')
+        store.should_receive(:put).with('foo', 'bar', token)
+        subject.save(token)
+      end
+    end
+    context "when store is nil" do
+      it("should skip calling store"){ subject.save(token) }
+    end
+    after{ subject.instance_variable_get(:@token).should == token }
+  end
+
+  describe "#to_request" do
+    let(:request){ {} }
+    subject{ described_class.new(token, auth) }
+
+    context "when token is provided" do
+      it("should pass bearer token to the server"){ subject.to_request(request).should == {:headers => {'authorization' => "Bearer #{token}"}} }
+
+      context "when the request is lazy" do
+        let(:request){ {:lazy_auth => true} }
+        it("should pass bearer token to the server"){ subject.to_request(request).should == {:lazy_auth => true, :headers => {'authorization' => "Bearer #{token}"}} }
+      end
+    end
+
+    context "when token is not provided" do
+      subject{ described_class.new(nil) }
+
+      it("should pass not bearer token to the server"){ subject.to_request(request).should == {} }
+    end
+
+    context "when a parent auth class is passed" do
+      subject{ described_class.new(nil, auth) }
+      let(:auth){ mock }
+      it("should invoke the parent") do
+        auth.should_receive(:to_request).with(request).and_return(request)
+        subject.to_request(request).should == request
+      end
+    end
+  end
+
+  describe "#retry_auth?" do
+    subject{ described_class.new(token, auth) }
+
+    context "when the response succeeds" do
+      let(:response){ mock(:cookies => {}, :status => 200) }
+      it{ subject.retry_auth?(response, client).should be_false }
+    end
+
+    context "when the response requires authentication" do
+      let(:response){ mock(:status => 401) }
+
+      context "with no token" do
+        subject{ described_class.new(nil, nil) }
+        it("should return false"){ subject.retry_auth?(response, client).should be_false }
+      end
+
+      context "when a nested auth object can't authenticate" do
+        let(:auth){ mock(:can_authenticate? => false) }
+        it("should raise an error"){ expect{ subject.retry_auth?(response, client) }.to raise_error(RHC::Rest::TokenExpiredOrInvalid) }
+      end
+
+      context "with a nested auth object" do
+        let(:auth){ mock('nested_auth', :can_authenticate? => true) }
+        subject{ described_class.new(options, auth) }
+
+        it("should not use token auth") do 
+          auth.should_receive(:retry_auth?).with(response, client).and_return true
+          subject.retry_auth?(response, client).should be_true
+        end
+
+        context "when noprompt is requested" do
+          let(:default_options){ {:token => token, :noprompt => true} }
+          it("should raise an error"){ expect{ subject.retry_auth?(response, client) }.to raise_error(RHC::Rest::TokenExpiredOrInvalid) }
+        end
+
+        context "when authorization tokens are enabled locally" do
+          let(:default_options){ {:use_authorization_tokens => true} }
+
+          context "without session support" do
+            let(:default_options){ {:use_authorization_tokens => true, :token => 'foo'} }
+            let(:client){ mock('client', :supports_sessions? => false) }
+
+            it("should invoke raise an error on retry because sessions are not supported") do
+              expect{ subject.retry_auth?(response, client) }.to raise_error RHC::Rest::AuthorizationsNotSupported
+            end
+          end
+
+          context "we expect a warning and a call to client" do
+            let(:auth_token){ nil }
+            let(:client){ mock('client', :supports_sessions? => true) }
+            before{ client.should_receive(:new_session).with(:auth => auth).and_return(auth_token) }
+
+            it("should print a message") do 
+              subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.")
+              auth.should_receive(:retry_auth?).with(response, client).and_return true
+              subject.retry_auth?(response, client).should be_true
+            end
+
+            context "with a token" do
+              let(:default_options){ {:use_authorization_tokens => true, :token => 'foo'} }
+              it("should invoke raise an error on retry because sessions are not supported") do
+                subject.should_receive(:warn).with("Your authorization token has expired. Please sign in now to continue.")
+                auth.should_receive(:retry_auth?).with(response, client).and_return true
+                subject.retry_auth?(response, client).should be_true
+                #expect{ subject.retry_auth?(response, client) }.to raise_error RHC::Rest::AuthorizationsNotSupported
+              end
+            end
+
+            context "when the token request fails" do
+              before{ subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.") }
+              it("should invoke retry on the parent") do
+                auth.should_receive(:retry_auth?).with(response, client).and_return false
+                subject.retry_auth?(response, client).should be_false
+              end
+            end
+
+            context "when the token request succeeds" do
+              let(:auth_token){ mock('auth_token', :token => 'bar') }
+              before{ subject.should_receive(:info).with("Please sign in to start a new session to #{subject.openshift_server}.") }
+              it("should save the token and return true") do
+                subject.should_receive(:save).with(auth_token.token).and_return true
+                subject.retry_auth?(response, client).should be_true
+              end
+            end
+          end
         end
       end
     end
   end
 end
+
+describe RHC::Auth::TokenStore do
+  subject{ described_class.new(dir) }
+  let(:dir){ Dir.mktmpdir }
+
+  context "when a key is stored" do
+    before{ subject.put('foo', 'bar', 'token') }
+    it("can be retrieved"){ subject.get('foo', 'bar').should == 'token' }
+  end
+  it("should put a file on disk"){ expect{ subject.put('test', 'server', 'value') }.to change{ Dir.entries(dir).length }.by(1) }
+
+  describe "#clear" do
+    before{ subject.put('test', 'server2', 'value2') }
+    it("should return true"){ subject.clear.should be_true }
+    it("should empty the directory"){ expect{ subject.clear }.to change{ Dir.entries(dir).length }.by_at_least(-1) }
+    after{ Dir.entries(dir).length.should == 2 }
+  end
+end

data/spec/rhc/cli_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'rhc/wizard'
 
 describe RHC::CLI do
 
@@ -11,6 +12,13 @@ describe RHC::CLI do
     it('should mention the help options command') { run_output.should =~ /rhc help options/ }
   end
 
+  shared_examples_for 'a first run wizard' do
+    let(:arguments) { @arguments or raise "no arguments" }
+    let!(:wizard){ RHC::Wizard.new }
+    before{ RHC::Wizard.should_receive(:new).and_return(wizard) }
+    it('should create and run a new wizard') { expect{ run }.to call(:run).on(wizard) }
+  end
+
   shared_examples_for 'a help page' do
     let(:arguments) { @arguments or raise "no arguments" }
     it('should contain the program description') { run_output.should =~ /Command line interface for OpenShift/ }
@@ -52,9 +60,16 @@ describe RHC::CLI do
   end
 
   describe '#start' do
+    before{ RHC::Wizard.stub(:has_configuration?).and_return(true) }
+
     context 'with no arguments' do
       before(:each) { @arguments = [] }
       it_should_behave_like 'a global help page'
+
+      context "without a config file" do
+        before{ RHC::Wizard.stub(:has_configuration?).and_return(false) }
+        it_should_behave_like 'a first run wizard'
+      end
     end
 
     context 'with an ambiguous option' do