func AuthenticateUser(authorizationEndpoint string, username string, password string) (cookie string) {
loginCsrfUri := fmt.Sprintf("%v/login", authorizationEndpoint)
cookieFile, err := ioutil.TempFile("", random_name.CATSRandomName("CATS-CSRF-COOKIE"))
Expect(err).ToNot(HaveOccurred())
cookiePath := cookieFile.Name()
defer func() {
cookieFile.Close()
os.Remove(cookiePath)
}()
curl := helpers.Curl(Config, loginCsrfUri, `--insecure`, `-i`, `-v`, `-c`, cookiePath).Wait(Config.DefaultTimeoutDuration())
apiResponse := string(curl.Out.Contents())
csrfRegEx, _ := regexp.Compile(`name="X-Uaa-Csrf" value="(.*)"`)
csrfToken := csrfRegEx.FindStringSubmatch(apiResponse)[1]
loginUri := fmt.Sprintf("%v/login.do", authorizationEndpoint)
usernameEncoded := url.QueryEscape(username)
passwordEncoded := url.QueryEscape(password)
csrfTokenEncoded := url.QueryEscape(csrfToken)
loginCredentials := fmt.Sprintf("username=%v&password=%v&X-Uaa-Csrf=%v", usernameEncoded, passwordEncoded, csrfTokenEncoded)
curl = helpers.Curl(Config, loginUri, `--data`, loginCredentials, `--insecure`, `-i`, `-v`, `-b`, cookiePath).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse = string(curl.Out.Contents())
jsessionRegEx, _ := regexp.Compile(`JSESSIONID([^;]*)`)
vcapidRegEx, _ := regexp.Compile(`__VCAP_ID__([^;]*)`)
sessionId := jsessionRegEx.FindString(apiResponse)
vcapId := vcapidRegEx.FindString(apiResponse)
cookie = fmt.Sprintf("%v;%v", sessionId, vcapId)
return
}
func FetchRecentLogs(appGuid, oauthToken string, config config.CatsConfig) *Session {
loggregatorEndpoint := strings.Replace(config.GetApiEndpoint(), "api", "doppler", 1)
logUrl := fmt.Sprintf("%s/apps/%s/recentlogs", loggregatorEndpoint, appGuid)
session := helpers.Curl(Config, logUrl, "-H", fmt.Sprintf("Authorization: %s", oauthToken))
Expect(session.Wait(Config.DefaultTimeoutDuration())).To(Exit(0))
return session
}
func AuthorizeScopes(cookie string, config OAuthConfig) (authCode string) {
authorizedScopes := `scope.0=scope.openid&scope.1=scope.cloud_controller.read&scope.2=scope.cloud_controller.write&user_oauth_approval=true&X-Uaa-Csrf=123456`
authorizeScopesUri := fmt.Sprintf("%v/oauth/authorize", config.AuthorizationEndpoint)
curl := helpers.Curl(Config, authorizeScopesUri, `-i`, `--data`, authorizedScopes, `--cookie`, cookie+`;X-Uaa-Csrf=123456`, `--insecure`, `-v`).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse := string(curl.Out.Contents())
pattern := fmt.Sprintf(`%v\?code=([a-zA-Z0-9]+)`, regexp.QuoteMeta(config.RedirectUri))
regEx, _ := regexp.Compile(pattern)
authCode = regEx.FindStringSubmatch(apiResponse)[1]
return
}
func SetOauthEndpoints(apiEndpoint string, oAuthConfig *OAuthConfig, config cats_config.CatsConfig) {
args := []string{}
if config.GetSkipSSLValidation() {
args = append(args, "--insecure")
}
args = append(args, fmt.Sprintf("%v/info", apiEndpoint))
curl := helpers.Curl(Config, args...).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse := curl.Out.Contents()
jsonResult := ParseJsonResponse(apiResponse)
oAuthConfig.TokenEndpoint = fmt.Sprintf("%v", jsonResult[`token_endpoint`])
oAuthConfig.AuthorizationEndpoint = fmt.Sprintf("%v", jsonResult[`authorization_endpoint`])
return
}
func GetAccessToken(authCode string, config OAuthConfig) (accessToken string) {
clientCredentials := []byte(fmt.Sprintf("%v:%v", config.ClientId, config.ClientSecret))
encodedClientCredentials := base64.StdEncoding.EncodeToString(clientCredentials)
authHeader := fmt.Sprintf("Authorization: Basic %v", encodedClientCredentials)
requestTokenUri := fmt.Sprintf("%v/oauth/token", config.TokenEndpoint)
requestTokenData := fmt.Sprintf("scope=%v&code=%v&grant_type=authorization_code&redirect_uri=%v", config.RequestedScopes, authCode, config.RedirectUri)
curl := helpers.Curl(Config, requestTokenUri, `-H`, authHeader, `--data`, requestTokenData, `--insecure`, `-v`).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse := curl.Out.Contents()
jsonResult := ParseJsonResponse(apiResponse)
accessToken = fmt.Sprintf("%v", jsonResult[`access_token`])
return
}
func QueryServiceInstancePermissionEndpoint(apiEndpoint string, accessToken string, serviceInstanceGuid string) (canManage string, httpCode string) {
canManage = `not populated`
authHeader := fmt.Sprintf("Authorization: bearer %v", accessToken)
permissionsUri := fmt.Sprintf("%v/v2/service_instances/%v/permissions", apiEndpoint, serviceInstanceGuid)
curl := helpers.Curl(Config, permissionsUri, `-H`, authHeader, `-w`, `:TestReponseCode:%{http_code}`, `--insecure`, `-v`).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse := string(curl.Out.Contents())
resultMap := strings.Split(apiResponse, `:TestReponseCode:`)
resultText := resultMap[0]
httpCode = resultMap[1]
if httpCode == `200` {
jsonResult := ParseJsonResponse([]byte(resultText))
canManage = fmt.Sprintf("%v", jsonResult[`manage`])
}
return
}
func RequestScopes(cookie string, config OAuthConfig) (authCode string, httpCode string) {
authCode = `initialized`
requestScopesUri := fmt.Sprintf("%v/oauth/authorize?client_id=%v&response_type=code&redirect_uri=%v&scope=%v",
config.AuthorizationEndpoint,
url.QueryEscape(config.ClientId),
config.RedirectUri,
config.RequestedScopes)
curl := helpers.Curl(Config, requestScopesUri, `-L`, `--cookie`, cookie, `--insecure`, `-w`, `:TestReponseCode:%{http_code}`, `-v`).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
apiResponse := string(curl.Out.Contents())
resultMap := strings.Split(apiResponse, `:TestReponseCode:`)
httpCode = resultMap[1]
if httpCode == `200` {
authCode = AuthorizeScopes(cookie, config)
}
return
}
Expect(out.String()).To(ContainSubstring("./tmp"))
Expect(out.String()).To(ContainSubstring("./logs"))
By("Pushing a different version of the app")
Expect(cf.Cf("push", helloWorldAppName, "-p", assets.NewAssets().Dora).Wait(Config.CfPushTimeoutDuration())).To(Exit(0))
Eventually(func() string {
return helpers.CurlAppRoot(Config, helloWorldAppName)
}, Config.DefaultTimeoutDuration()).Should(ContainSubstring("Hi, I'm Dora!"))
By("Uploading the originally downloaded droplet of the app")
token := v3_helpers.GetAuthToken()
uploadUrl := fmt.Sprintf("%s%s/v2/apps/%s/droplet/upload", Config.Protocol(), Config.GetApiEndpoint(), appGuid)
bits := fmt.Sprintf(`droplet=@%s`, app_droplet_path)
curl := helpers.Curl(Config, "-v", uploadUrl, "-X", "PUT", "-F", bits, "-H", fmt.Sprintf("Authorization: %s", token)).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
var job struct {
Metadata struct {
Url string `json:"url"`
} `json:"metadata"`
}
bytes := curl.Out.Contents()
json.Unmarshal(bytes, &job)
pollingUrl := job.Metadata.Url
Eventually(func() *Session {
return cf.Cf("curl", pollingUrl).Wait(Config.DefaultTimeoutDuration())
}, Config.DefaultTimeoutDuration()).Should(Say("finished"))
func (b ServiceBroker) Configure() {
Expect(helpers.Curl(Config, helpers.AppUri(b.Name, "/config", Config), "-d", b.ToJSON()).Wait(Config.DefaultTimeoutDuration())).To(Exit(0))
}
func UploadPackage(uploadUrl, packageZipPath, token string) {
bits := fmt.Sprintf(`bits=@%s`, packageZipPath)
curl := helpers.Curl(Config, "-v", "-s", uploadUrl, "-F", bits, "-H", fmt.Sprintf("Authorization: %s", token)).Wait(Config.DefaultTimeoutDuration())
Expect(curl).To(Exit(0))
}
Eventually(cf.Cf("logs", appName, "--recent"), Config.DefaultTimeoutDuration()).Should(Say("Successful remote access"))
Eventually(cf.Cf("events", appName), Config.DefaultTimeoutDuration()).Should(Say("audit.app.ssh-authorized"))
})
It("allows local port forwarding", func() {
listenCmd := exec.Command("cf", "ssh", "-v", "-L", "127.0.0.1:61007:localhost:8080", appName)
stdin, err := listenCmd.StdinPipe()
Expect(err).NotTo(HaveOccurred())
err = listenCmd.Start()
Expect(err).NotTo(HaveOccurred())
Eventually(func() string {
curl := helpers.Curl(Config, "http://127.0.0.1:61007/").Wait(Config.DefaultTimeoutDuration())
return string(curl.Out.Contents())
}, Config.DefaultTimeoutDuration()).Should(ContainSubstring("Hi, I'm Dora"))
err = stdin.Close()
Expect(err).NotTo(HaveOccurred())
err = listenCmd.Wait()
Expect(err).NotTo(HaveOccurred())
})
It("records successful ssh attempts", func() {
password := sshAccessCode()
clientConfig := &ssh.ClientConfig{
User: fmt.Sprintf("cf:%s/%d", GuidForAppName(appName), 0),
