Class: CF::UAA::Misc
Overview
Provides interfaces to various UAA endpoints that are not in the context of an overall class of operations like SCIM resources or OAuth2 tokens.
Constant Summary
Constants included from Http
Http::FORM_UTF8, Http::JSON_UTF8
Class Method Summary collapse
-
.decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash
Sends
token
to the server to validate and decode. -
.password_strength(target, password) ⇒ Hash
Gets information about the given password, including a strength score and an indication of what strength is required.
-
.server(target) ⇒ Hash
Gets basic information about the target server, including version number, commit ID, and links to API endpoints.
-
.symbolize_keys=(bool) ⇒ Boolean
sets whether the keys in returned hashes should be symbols.
-
.validation_key(target, client_id = nil, client_secret = nil) ⇒ Hash
Gets the key from the server that is used to validate token signatures.
-
.varz(target, name, pwd) ⇒ Hash
Gets various monitoring and status variables from the server.
-
.whoami(target, auth_header) ⇒ Hash
Gets information about the user authenticated by the token in the
auth_header
.
Methods included from Http
basic_auth, logger, logger=, set_request_handler, trace?
Class Method Details
.decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash
Sends token
to the server to validate and decode. Authenticates with client_id
and client_secret
. If audience_ids
are specified and the token’s “aud” attribute does not contain one or more of the audience_ids, raises AuthError – meaning the token is not for this audience.
85 86 87 88 89 90 91 92 93 |
# File 'lib/uaa/misc.rb', line 85 def self.decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil) reply = json_get(target, "/check_token?token_type=#{token_type}&token=#{token}", @key_style, "authorization" => Http.basic_auth(client_id, client_secret)) auds = Util.arglist(reply[:aud] || reply['aud']) if audience_ids && (!auds || (auds & audience_ids).empty?) raise AuthError, "invalid audience: #{auds.join(' ')}" end reply end |
.password_strength(target, password) ⇒ Hash
Gets information about the given password, including a strength score and an indication of what strength is required.
99 100 101 102 103 |
# File 'lib/uaa/misc.rb', line 99 def self.password_strength(target, password) json_parse_reply(@key_style, *request(target, :post, '/password/score', Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8, "accept" => Http::JSON_UTF8)) end |
.server(target) ⇒ Hash
Gets basic information about the target server, including version number, commit ID, and links to API endpoints.
57 58 59 60 61 |
# File 'lib/uaa/misc.rb', line 57 def self.server(target) reply = json_get(target, '/login', @key_style) return reply if reply && (reply[:prompts] || reply['prompts']) raise BadResponse, "Invalid response from target #{target}" end |
.symbolize_keys=(bool) ⇒ Boolean
sets whether the keys in returned hashes should be symbols.
28 |
# File 'lib/uaa/misc.rb', line 28 def self.symbolize_keys=(bool) !!(@key_style = bool ? :sym : nil) end |
.validation_key(target, client_id = nil, client_secret = nil) ⇒ Hash
Gets the key from the server that is used to validate token signatures. If the server is configured to use a symetric key, the caller must authenticate by providing a a client_id
and client_secret
. If the server is configured to sign with a private key, this call will retrieve the public key and client_id
must be nil.
70 71 72 73 74 |
# File 'lib/uaa/misc.rb', line 70 def self.validation_key(target, client_id = nil, client_secret = nil) hdrs = client_id && client_secret ? { "authorization" => Http.basic_auth(client_id, client_secret)} : {} json_get(target, "/token_key", @key_style, hdrs) end |
.varz(target, name, pwd) ⇒ Hash
Gets various monitoring and status variables from the server. Authenticates using name
and pwd
for basic authentication.
47 48 49 |
# File 'lib/uaa/misc.rb', line 47 def self.varz(target, name, pwd) json_get(target, "/varz", @key_style, "authorization" => Http.basic_auth(name, pwd)) end |
.whoami(target, auth_header) ⇒ Hash
Gets information about the user authenticated by the token in the auth_header
. It GETs from the target
‘s /userinfo
endpoint and returns user information as specified by OpenID Connect.
39 40 41 |
# File 'lib/uaa/misc.rb', line 39 def self.whoami(target, auth_header) json_get(target, "/userinfo?schema=openid", @key_style, "authorization" => auth_header) end |