Class: CF::UAA::Misc

Inherits:

Object

• Object
• CF::UAA::Misc

Extended by:

Http

Defined in:

lib/uaa/misc.rb

Overview

Provides interfaces to various UAA endpoints that are not in the context of an overall class of operations like SCIM resources or OAuth2 tokens.

Constant Summary

Constants included from Http

Http::FORM_UTF8, Http::JSON_UTF8

Class Method Summary

• .decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash

  Sends token to the server to validate and decode.

• .discover_uaa(target) ⇒ String

  Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.

• .password_strength(target, password) ⇒ Hash

  Gets information about the given password, including a strength score and an indication of what strength is required.

• .server(target) ⇒ Hash

  Gets basic information about the target server, including version number, commit ID, and links to API endpoints.

• .symbolize_keys=(bool) ⇒ Boolean

  sets whether the keys in returned hashes should be symbols.

• .validation_key(target, client_id = nil, client_secret = nil) ⇒ Hash

  Gets the key from the server that is used to validate token signatures.

• .varz(target, name, pwd) ⇒ Hash

  Gets various monitoring and status variables from the server.

• .whoami(target, auth_header) ⇒ Hash

  Gets information about the user authenticated by the token in the auth_header.

Methods included from Http

basic_auth, logger, logger=, set_request_handler, trace?

Class Method Details

.decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash

Sends token to the server to validate and decode. Authenticates with client_id and client_secret. If audience_ids are specified and the token’s “aud” attribute does not contain one or more of the audience_ids, raises AuthError – meaning the token is not for this audience.

Parameters:

• token (String) —

  an access token as retrieved by TokenIssuer. See also TokenInfo.

• token_type (String) (defaults to: "bearer") —

  as retrieved by TokenIssuer. See TokenInfo.

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash) —

  contents of the token

# File 'lib/uaa/misc.rb', line 100

def self.decode_token(target, client_id, client_secret, token, token_type = "bearer", audience_ids = nil)
  reply = json_get(target, "/check_token?token_type=#{token_type}&token=#{token}",
      @key_style, "authorization" => Http.basic_auth(client_id, client_secret))
  auds = Util.arglist(reply[:aud] || reply['aud'])
  if audience_ids && (!auds || (auds & audience_ids).empty?)
    raise AuthError, "invalid audience: #{auds.join(' ')}"
  end
  reply
end

.discover_uaa(target) ⇒ String

Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (String) —

  url of UAA (or the target itself if it didn’t provide a response)

# File 'lib/uaa/misc.rb', line 69

def self.discover_uaa(target)
  info = server(target)
  if info['links'] && info['links']['uaa']
    info['links']['uaa']
  else
    target
  end
end

.password_strength(target, password) ⇒ Hash

Gets information about the given password, including a strength score and an indication of what strength is required.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash)

# File 'lib/uaa/misc.rb', line 114

def self.password_strength(target, password)
  json_parse_reply(@key_style, *request(target, :post, '/password/score',
      Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8,
      "accept" => Http::JSON_UTF8))
end

.server(target) ⇒ Hash

Gets basic information about the target server, including version number, commit ID, and links to API endpoints.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash)

Raises:

• (BadResponse)

# File 'lib/uaa/misc.rb', line 57

def self.server(target)
  reply = json_get(target, '/login', @key_style)
  return reply if reply && (reply[:prompts] || reply['prompts'])
  raise BadResponse, "Invalid response from target #{target}"
end

.symbolize_keys=(bool) ⇒ Boolean

sets whether the keys in returned hashes should be symbols.

Returns:

• (Boolean) —

  the new state

# File 'lib/uaa/misc.rb', line 28

def self.symbolize_keys=(bool) !!(@key_style = bool ? :sym : nil) end

.validation_key(target, client_id = nil, client_secret = nil) ⇒ Hash

Gets the key from the server that is used to validate token signatures. If the server is configured to use a symetric key, the caller must authenticate by providing a a client_id and client_secret. If the server is configured to sign with a private key, this call will retrieve the public key and client_id must be nil.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash)

# File 'lib/uaa/misc.rb', line 85

def self.validation_key(target, client_id = nil, client_secret = nil)
  hdrs = client_id && client_secret ?
      { "authorization" => Http.basic_auth(client_id, client_secret)} : {}
  json_get(target, "/token_key", @key_style, hdrs)
end

.varz(target, name, pwd) ⇒ Hash

Gets various monitoring and status variables from the server. Authenticates using name and pwd for basic authentication.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash)

# File 'lib/uaa/misc.rb', line 47

def self.varz(target, name, pwd)
  json_get(target, "/varz", @key_style, "authorization" => Http.basic_auth(name, pwd))
end

.whoami(target, auth_header) ⇒ Hash

Gets information about the user authenticated by the token in the auth_header. It GETs from the target‘s /userinfo endpoint and returns user information as specified by OpenID Connect.

Parameters:

• auth_header (String) —

  see TokenInfo#auth_header

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

Returns:

• (Hash)

See Also:

• http://openid.net/connect/
• http://openid.net/specs/openid-connect-standard-1_0.html#userinfo_ep
• http://openid.net/specs/openid-connect-messages-1_0.html#anchor9

# File 'lib/uaa/misc.rb', line 39

def self.whoami(target, auth_header)
  json_get(target, "/userinfo?schema=openid", @key_style, "authorization" => auth_header)
end