Class: CF::UAA::Info

Inherits:

Object

• Object
• CF::UAA::Info

Includes:

Http

Defined in:

lib/uaa/info.rb

Overview

Provides interfaces to various UAA endpoints that are not in the context of an overall class of operations like SCIM resources or OAuth2 tokens.

Constant Summary

Constants included from Http

Http::FORM_UTF8, Http::JSON_UTF8

Instance Attribute Summary

• #key_style ⇒ Object readonly

  Returns the value of attribute key_style.

• #target ⇒ Object

  Returns the value of attribute target.

Instance Method Summary

• #decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash

  Sends token to the server to validate and decode.

• #discover_uaa ⇒ String

  Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.

• #initialize(target, options = {}) ⇒ Info constructor

  A new instance of Info.

• #password_strength(password) ⇒ Hash

  Gets information about the given password, including a strength score and an indication of what strength is required.

• #server ⇒ Hash

  Gets basic information about the target server, including version number, commit ID, and links to API endpoints.

• #symbolize_keys=(bool) ⇒ Boolean

  sets whether the keys in returned hashes should be symbols.

• #validation_key(client_id = nil, client_secret = nil) ⇒ Hash

  Gets the key from the server that is used to validate token signatures.

• #varz(name, pwd) ⇒ Hash

  Gets various monitoring and status variables from the server.

• #whoami(auth_header) ⇒ Hash

  Gets information about the user authenticated by the token in the auth_header.

Methods included from Http

basic_auth, #logger, #logger=, #set_request_handler, #trace?

Methods included from ProxyOptions

#proxy_options_for

Constructor Details

#initialize(target, options = {}) ⇒ Info

Returns a new instance of Info.

Parameters:

• target (String) —

  The base URL of the server. For example the target could be https://login.cloudfoundry.com, https://uaa.cloudfoundry.com, or http://localhost:8080/uaa.

• options (Hash) (defaults to: {}) —

  can be

  • :symbolize_keys, If set to true, response hashes will have symbols for their keys, otherwise string keys are returned.

# File 'lib/uaa/info.rb', line 32

def initialize(target, options = {})
  self.target = target
  self.skip_ssl_validation = options[:skip_ssl_validation]
  self.ssl_ca_file = options[:ssl_ca_file]
  self.ssl_cert_store = options[:ssl_cert_store]
  self.symbolize_keys = options[:symbolize_keys]
  self.http_proxy = options[:http_proxy]
  self.https_proxy = options[:https_proxy]
end

Instance Attribute Details

#key_style ⇒ Object (readonly)

Returns the value of attribute key_style.

# File 'lib/uaa/info.rb', line 24

def key_style
  @key_style
end

#target ⇒ Object

Returns the value of attribute target.

# File 'lib/uaa/info.rb', line 23

def target
  @target
end

Instance Method Details

#decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) ⇒ Hash

Sends token to the server to validate and decode. Authenticates with client_id and client_secret. If audience_ids are specified and the token’s “aud” attribute does not contain one or more of the audience_ids, raises AuthError – meaning the token is not for this audience.

Parameters:

• token (String) —

  an access token as retrieved by TokenIssuer. See also TokenInfo.

• token_type (String) (defaults to: "bearer") —

  as retrieved by TokenIssuer. See TokenInfo.

Returns:

• (Hash) —

  contents of the token

# File 'lib/uaa/info.rb', line 111

def decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil)
  reply = json_get(target, "/check_token?token_type=#{token_type}&token=#{token}",
      key_style, "authorization" => Http.basic_auth(client_id, client_secret))
  auds = Util.arglist(reply[:aud] || reply['aud'])
  if audience_ids && (!auds || (auds & audience_ids).empty?)
    raise AuthError, "invalid audience: #{auds.join(' ')}"
  end
  reply
end

#discover_uaa ⇒ String

Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint.

Returns:

• (String) —

  url of UAA (or the target itself if it didn’t provide a response)

# File 'lib/uaa/info.rb', line 81

def discover_uaa
  info = server
  links = info['links'] || info[:links]
  uaa = links && (links['uaa'] || links[:uaa])

  uaa || target
end

#password_strength(password) ⇒ Hash

Gets information about the given password, including a strength score and an indication of what strength is required.

Returns:

• (Hash)

# File 'lib/uaa/info.rb', line 125

def password_strength(password)
  json_parse_reply(key_style, *request(target, :post, '/password/score',
      Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8,
      "accept" => Http::JSON_UTF8))
end

#server ⇒ Hash

Gets basic information about the target server, including version number, commit ID, and links to API endpoints.

Returns:

• (Hash)

Raises:

• (BadResponse)

# File 'lib/uaa/info.rb', line 72

def server
  reply = json_get(target, '/login', key_style)
  return reply if reply && (reply[:prompts] || reply['prompts'])
  raise BadResponse, "Invalid response from target #{target}"
end

#symbolize_keys=(bool) ⇒ Boolean

sets whether the keys in returned hashes should be symbols.

Returns:

• (Boolean) —

  the new state

# File 'lib/uaa/info.rb', line 44

def symbolize_keys=(bool)
  @key_style = bool ? :sym : nil
end

#validation_key(client_id = nil, client_secret = nil) ⇒ Hash

Gets the key from the server that is used to validate token signatures. If the server is configured to use a symetric key, the caller must authenticate by providing a a client_id and client_secret. If the server is configured to sign with a private key, this call will retrieve the public key and client_id must be nil.

Returns:

• (Hash)

# File 'lib/uaa/info.rb', line 96

def validation_key(client_id = nil, client_secret = nil)
  hdrs = client_id && client_secret ?
      { "authorization" => Http.basic_auth(client_id, client_secret)} : {}
  json_get(target, "/token_key", key_style, hdrs)
end

#varz(name, pwd) ⇒ Hash

Gets various monitoring and status variables from the server. Authenticates using name and pwd for basic authentication.

Returns:

• (Hash)

# File 'lib/uaa/info.rb', line 65

def varz(name, pwd)
  json_get(target, "/varz", key_style, "authorization" => Http.basic_auth(name, pwd))
end

#whoami(auth_header) ⇒ Hash

Gets information about the user authenticated by the token in the auth_header. It GETs from the target‘s /userinfo endpoint and returns user information as specified by OpenID Connect.

Parameters:

• auth_header (String) —

  see TokenInfo#auth_header

Returns:

• (Hash)

See Also:

• http://openid.net/connect/
• http://openid.net/specs/openid-connect-standard-1_0.html#userinfo_ep
• http://openid.net/specs/openid-connect-messages-1_0.html#anchor9

# File 'lib/uaa/info.rb', line 57

def whoami(auth_header)
  json_get(target, "/userinfo?schema=openid", key_style, "authorization" => auth_header)
end