class CF::UAA::Info

Provides interfaces to various UAA endpoints that are not in the context of an overall class of operations like SCIM resources or OAuth2 tokens.

Attributes

key_style[R]
target[RW]

Public Class Methods

new(target, options = {}) click to toggle source

@param [String] target The base URL of the server. For example the target could

be {https://login.cloudfoundry.com}, {https://uaa.cloudfoundry.com}, or
{http://localhost:8080/uaa}.

@param [Hash] options can be

* +:symbolize_keys+, If set to true, response hashes will have symbols for their keys, otherwise
  string keys are returned.
# File lib/uaa/info.rb, line 32
def initialize(target, options = {})
  self.target = target
  self.skip_ssl_validation = options[:skip_ssl_validation]
  self.ssl_ca_file = options[:ssl_ca_file]
  self.ssl_cert_store = options[:ssl_cert_store]
  self.symbolize_keys = options[:symbolize_keys]
  self.http_proxy = options[:http_proxy]
  self.https_proxy = options[:https_proxy]
end

Public Instance Methods

decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil) click to toggle source

Sends token to the server to validate and decode. Authenticates with client_id and client_secret. If audience_ids are specified and the token's “aud” attribute does not contain one or more of the audience_ids, raises AuthError – meaning the token is not for this audience. @param (see Misc.server) @param [String] token an access token as retrieved by {TokenIssuer}. See

also {TokenInfo}.

@param [String] token_type as retrieved by {TokenIssuer}. See {TokenInfo}. @return [Hash] contents of the token

# File lib/uaa/info.rb, line 111
def decode_token(client_id, client_secret, token, token_type = "bearer", audience_ids = nil)
  reply = json_get(target, "/check_token?token_type=#{token_type}&token=#{token}",
      key_style, "authorization" => Http.basic_auth(client_id, client_secret))
  auds = Util.arglist(reply[:aud] || reply['aud'])
  if audience_ids && (!auds || (auds & audience_ids).empty?)
    raise AuthError, "invalid audience: #{auds.join(' ')}"
  end
  reply
end
discover_uaa() click to toggle source

Gets a base url for the associated UAA from the target server by inspecting the links returned from its info endpoint. @return [String] url of UAA (or the target itself if it didn't provide a response)

# File lib/uaa/info.rb, line 81
def discover_uaa
  info = server
  links = info['links'] || info[:links]
  uaa = links && (links['uaa'] || links[:uaa])

  uaa || target
end
password_strength(password) click to toggle source

Gets information about the given password, including a strength score and an indication of what strength is required. @param (see Misc.server) @return [Hash]

# File lib/uaa/info.rb, line 125
def password_strength(password)
  json_parse_reply(key_style, *request(target, :post, '/password/score',
      Util.encode_form(:password => password), "content-type" => Http::FORM_UTF8,
      "accept" => Http::JSON_UTF8))
end
server() click to toggle source

Gets basic information about the target server, including version number, commit ID, and links to API endpoints. @return [Hash]

# File lib/uaa/info.rb, line 72
def server
  reply = json_get(target, '/login', key_style)
  return reply if reply && (reply[:prompts] || reply['prompts'])
  raise BadResponse, "Invalid response from target #{target}"
end
symbolize_keys=(bool) click to toggle source

sets whether the keys in returned hashes should be symbols. @return [Boolean] the new state

# File lib/uaa/info.rb, line 44
def symbolize_keys=(bool)
  @key_style = bool ? :sym : nil
end
validation_key(client_id = nil, client_secret = nil) click to toggle source

Gets the key from the server that is used to validate token signatures. If the server is configured to use a symetric key, the caller must authenticate by providing a a client_id and client_secret. If the server is configured to sign with a private key, this call will retrieve the public key and client_id must be nil. @param (see Misc.server) @return [Hash]

# File lib/uaa/info.rb, line 96
def validation_key(client_id = nil, client_secret = nil)
  hdrs = client_id && client_secret ?
      { "authorization" => Http.basic_auth(client_id, client_secret)} : {}
  json_get(target, "/token_key", key_style, hdrs)
end
varz(name, pwd) click to toggle source

Gets various monitoring and status variables from the server. Authenticates using name and pwd for basic authentication. @param (see Misc.server) @return [Hash]

# File lib/uaa/info.rb, line 65
def varz(name, pwd)
  json_get(target, "/varz", key_style, "authorization" => Http.basic_auth(name, pwd))
end
whoami(auth_header) click to toggle source

Gets information about the user authenticated by the token in the auth_header. It GETs from the target's /userinfo endpoint and returns user information as specified by OpenID Connect. @see openid.net/connect/ @see openid.net/specs/openid-connect-standard-1_0.html#userinfo_ep @see openid.net/specs/openid-connect-messages-1_0.html#anchor9 @param (see Misc.server) @param [String] auth_header see {TokenInfo#auth_header} @return [Hash]

# File lib/uaa/info.rb, line 57
def whoami(auth_header)
  json_get(target, "/userinfo?schema=openid", key_style, "authorization" => auth_header)
end