forked from cloudfoundry/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth_command.go
129 lines (108 loc) · 4.21 KB
/
auth_command.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package v7
import (
"fmt"
"code.cloudfoundry.org/cli/api/uaa/constant"
"code.cloudfoundry.org/cli/api/uaa/uaaversion"
"code.cloudfoundry.org/cli/command"
"code.cloudfoundry.org/cli/command/flag"
"code.cloudfoundry.org/cli/command/translatableerror"
"code.cloudfoundry.org/cli/command/v7/shared"
)
type AuthCommand struct {
BaseCommand
RequiredArgs flag.Authentication `positional-args:"yes"`
ClientCredentials bool `long:"client-credentials" description:"Use (non-user) service account (also called client credentials)"`
Origin string `long:"origin" description:"Indicates the identity provider to be used for authentication"`
usage interface{} `usage:"CF_NAME auth USERNAME PASSWORD\n CF_NAME auth USERNAME PASSWORD --origin ORIGIN\n CF_NAME auth CLIENT_ID CLIENT_SECRET --client-credentials\n\nENVIRONMENT VARIABLES:\n CF_USERNAME=user Authenticating user. Overridden if USERNAME argument is provided.\n CF_PASSWORD=password Password associated with user. Overriden if PASSWORD argument is provided.\n\nWARNING:\n Providing your password as a command line option is highly discouraged\n Your password may be visible to others and may be recorded in your shell history\n Consider using the CF_PASSWORD environment variable instead\n\nEXAMPLES:\n CF_NAME auth name@example.com \"my password\" (use quotes for passwords with a space)\n CF_NAME auth name@example.com \"\\\"password\\\"\" (escape quotes if used in password)"`
relatedCommands interface{} `related_commands:"api, login, target"`
}
func (cmd AuthCommand) Execute(args []string) error {
if len(cmd.Origin) > 0 {
err := command.MinimumUAAAPIVersionCheck(cmd.Actor.UAAAPIVersion(), uaaversion.MinUAAClientVersion, "Option '--origin'")
if err != nil {
return err
}
}
if cmd.ClientCredentials && cmd.Origin != "" {
return translatableerror.ArgumentCombinationError{
Args: []string{"--client-credentials", "--origin"},
}
}
username, password, err := cmd.getUsernamePassword()
if err != nil {
return err
}
cmd.UI.DisplayTextWithFlavor(
"API endpoint: {{.Endpoint}}",
map[string]interface{}{
"Endpoint": cmd.Config.Target(),
})
versionWarning, err := shared.CheckCCAPIVersion(cmd.Config.APIVersion())
if err != nil {
cmd.UI.DisplayWarning("Warning: unable to determine whether targeted API's version meets minimum supported.")
}
if versionWarning != "" {
cmd.UI.DisplayWarning(versionWarning)
}
if !cmd.ClientCredentials {
if cmd.Config.UAAGrantType() == string(constant.GrantTypeClientCredentials) {
return translatableerror.PasswordGrantTypeLogoutRequiredError{}
} else if cmd.Config.UAAOAuthClient() != "cf" || cmd.Config.UAAOAuthClientSecret() != "" {
return translatableerror.ManualClientCredentialsError{}
}
}
cmd.UI.DisplayNewline()
cmd.UI.DisplayText("Authenticating...")
credentials := make(map[string]string)
grantType := constant.GrantTypePassword
if cmd.ClientCredentials {
grantType = constant.GrantTypeClientCredentials
credentials["client_id"] = username
credentials["client_secret"] = password
} else {
credentials = map[string]string{
"username": username,
"password": password,
}
}
err = cmd.Actor.Authenticate(credentials, cmd.Origin, grantType)
if err != nil {
return err
}
cmd.UI.DisplayOK()
cmd.UI.DisplayTextWithFlavor(
"Use '{{.Command}}' to view or set your target org and space.",
map[string]interface{}{
"Command": fmt.Sprintf("%s target", cmd.Config.BinaryName()),
})
return nil
}
func (cmd AuthCommand) getUsernamePassword() (string, string, error) {
var (
userMissing bool
passwordMissing bool
)
username := cmd.RequiredArgs.Username
if username == "" {
if envUser := cmd.Config.CFUsername(); envUser != "" {
username = envUser
} else {
userMissing = true
}
}
password := cmd.RequiredArgs.Password
if password == "" {
if envPassword := cmd.Config.CFPassword(); envPassword != "" {
password = envPassword
} else {
passwordMissing = true
}
}
if userMissing || passwordMissing {
return "", "", translatableerror.MissingCredentialsError{
MissingUsername: userMissing,
MissingPassword: passwordMissing,
}
}
return username, password, nil
}