-
Notifications
You must be signed in to change notification settings - Fork 2
feat(clients): implement all the commands #4
Conversation
password: password, | ||
error.assert(program.fxa, '--fxa or --env'); | ||
error.assert(program.url, '--url or --env'); | ||
if (program.token) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need to add some sort of program.option('--token <token')
declaration in the option-parsing logic to accommodate this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fear that this command-line-parsing lib doesn't like having both a --token
option and a token
sub-command.
When I try to run it like this to generate an oauth token:
./bin/fxa-oauth.js --env=latest --user=rfkelly@mozilla.com token 24bdbfa45cd300c5 oauth
It fails out complaining about a "missing email". Tracing it through, I can see that it's taking this if (program.token)
branch even though I haven't specified a --token
command-line option. And logging the contents of program.token
show that it's some sort of object with the command-line args etc in it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually this is better as it's a valid canGrant
clientId:
./bin/fxa-oauth.js --env=latest --user=rfkelly@mozilla.com token 5882386c6d801776 oauth
This works on master but fails out with "missing email" on this branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It also works if I rename the --token
option to --tok
.
@rfk forgot to mention last week that i'd pushed an update. |
@@ -40,6 +43,15 @@ const URLS = { | |||
] | |||
}; | |||
|
|||
function yesno(val) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The name suggests this should handle strings like "no" and "false" as well, but it doesn't. Should it?
I'd also prefer a clearer name e.g. toBoolean
, but don't feel strongly about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should handle strings like "no" and "false" as well
Uh, my bad, of course it handles this as part of the "anything that's not explicitly true" default case.
Code looks good, I'm going to try taking it for a spin. |
const Client = require('../'); | ||
const log = require('npmlog'); | ||
const read = P.promisify(require('read')); | ||
|
||
const CLI_CLIENT_ID = '66041b7ec3991ec0'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a newly-provisioned ID that we need to add to all our envs?
3b18e88
to
e079ebe
Compare
@@ -3,3 +3,26 @@ | |||
A command line tool to ease interacting with the OAuth implementation of | |||
Firefox Accounts. | |||
|
|||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ckolos How's this usage look?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gimme a sample usage and lgtm...
@rfk ok, so I removed the |
method: 'post', | ||
url: this._baseUrl + '/v1/destroy', | ||
json: { | ||
token: token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This depends on mozilla/fxa-oauth-server#198
Code looks good, will take it for a spin this afternoon |
-u, --user <email> Env: FXA_USER | ||
--url <url> The base url of the OAuth server | ||
--fxa <url> The base url of the Auth server | ||
-v, --verbose Receive verbose output. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might consider a matching -q, --quiet
option as well; the default logging verbosity seems to log all requests and responses, which is nice for trying it out but may be too verbose for e.g. scripted use.
Running the
I guess this is because of mozilla/fxa-oauth-server#198 which hasn't propagated out to the dev servers yet? |
name: {}, | ||
redirectUri: {}, | ||
imageUri: {}, | ||
canGrant: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These all need to be snake_case rather than camelCase, to match the form expected by the API per https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1client
After the above-mentioned tweaks to get the
I guess this is due to not providing a value for |
.command('update <clientId> <property> <value>') | ||
.description('Update a property of a client.') | ||
.action(function(id, prop, value) { | ||
//TODO: validate id,prop,value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried update CLIENTID canGrant true
and it reported success, despite the property name being invalid. I guess this is partly missing client-side validation, and partly the server not rejecting unknown fields.
Doing update CLIENTID can_grant true
seems to work correctly, with the modified value reflecting in a subsequent client listing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thinking that the leniency allowed in the server to ease using the OAuth endpoints should only be enabled for those specific endpoints (POST /v1/authorization). Otherwise, tossing 400s seems better.
- `list`: provides a list of all registered clients - `register`: prompts for details to register a new client - `update`: updates a single property on a registered client - `delete`: deletes a client! boom! The commands will delete the token after usage, or blow up with an error if the token couldn't be deleted.
Addressed comments. |
@rfk, after @seanmonstar's most recent updates, are we ready to merge? |
I am literally trying this out again right now :-) |
.action(function(id, prop, value) { | ||
//TODO: validate id,prop,value | ||
withTempToken(function(oauth) { | ||
var client = { id: id }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The oauth server doesn't take "id" in the request body when updating a client record. This used to be silently ignored but it's now failing. We need to either accept a matching "id" in the request body on the server, or stop sending it in the client.
There's something weird going on with the temp-token cleanup and the
AFAICT what's happening is, it stops to prompt me and confirm the client deletion, but the cleanup code executes without waiting for my reply. The token gets deleted, then a enter "yes", and it gets a 401 trying to use the now-deleted token. |
(I've also been getting sporadic 401s with other commands, which might be the same issue, but not surfacing regularly because they don't stop and prompt for any input) |
With the client-id-field and switch-done-to-then fixes mentioned above, all commands run successfully for me; r+ with those fixes |
@rfk your thorough reviewing has been invaluable. I've addressed the latest comments, in a new commit to make it easier to see what changed. |
nice work @seanmonstar, 👍 |
feat(clients): implement all the commands
This command will return a list of clients registered with the server.
The command can be passed a --token option to skip fetching a new token.