forked from cloudfoundry/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth_command.go
140 lines (116 loc) · 4.64 KB
/
auth_command.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package v6
import (
"fmt"
"code.cloudfoundry.org/cli/actor/v2action"
"code.cloudfoundry.org/cli/api/uaa/constant"
"code.cloudfoundry.org/cli/api/uaa/uaaversion"
"code.cloudfoundry.org/cli/command"
"code.cloudfoundry.org/cli/command/flag"
"code.cloudfoundry.org/cli/command/translatableerror"
"code.cloudfoundry.org/cli/command/v6/shared"
)
//go:generate counterfeiter . AuthActor
type AuthActor interface {
Authenticate(ID string, secret string, origin string, grantType constant.GrantType) error
CloudControllerAPIVersion() string
UAAAPIVersion() string
Revoke() error
}
type AuthCommand struct {
RequiredArgs flag.Authentication `positional-args:"yes"`
ClientCredentials bool `long:"client-credentials" description:"Use (non-user) service account (also called client credentials)"`
Origin string `long:"origin" description:"Indicates the identity provider to be used for authentication"`
usage interface{} `usage:"CF_NAME auth USERNAME PASSWORD\n CF_NAME auth USERNAME PASSWORD --origin ORIGIN\n CF_NAME auth CLIENT_ID CLIENT_SECRET --client-credentials\n\nENVIRONMENT VARIABLES:\n CF_USERNAME=user Authenticating user. Overridden if USERNAME argument is provided.\n CF_PASSWORD=password Password associated with user. Overriden if PASSWORD argument is provided.\n\nWARNING:\n Providing your password as a command line option is highly discouraged\n Your password may be visible to others and may be recorded in your shell history\n Consider using the CF_PASSWORD environment variable instead\n\nEXAMPLES:\n CF_NAME auth name@example.com \"my password\" (use quotes for passwords with a space)\n CF_NAME auth name@example.com \"\\\"password\\\"\" (escape quotes if used in password)"`
relatedCommands interface{} `related_commands:"api, login, target"`
UI command.UI
Config command.Config
Actor AuthActor
}
func (cmd *AuthCommand) Setup(config command.Config, ui command.UI) error {
cmd.UI = ui
cmd.Config = config
ccClient, uaaClient, err := shared.GetNewClientsAndConnectToCF(config, ui)
if err != nil {
return err
}
cmd.Actor = v2action.NewActor(ccClient, uaaClient, config)
return nil
}
func (cmd AuthCommand) Execute(args []string) error {
if len(cmd.Origin) > 0 {
err := command.MinimumUAAAPIVersionCheck(cmd.Actor.UAAAPIVersion(), uaaversion.MinUAAClientVersion, "Option '--origin'")
if err != nil {
return err
}
}
if cmd.ClientCredentials && cmd.Origin != "" {
return translatableerror.ArgumentCombinationError{
Args: []string{"--client-credentials", "--origin"},
}
}
username, password, err := cmd.getUsernamePassword()
if err != nil {
return err
}
if !cmd.ClientCredentials {
if cmd.Config.UAAGrantType() == string(constant.GrantTypeClientCredentials) {
return translatableerror.PasswordGrantTypeLogoutRequiredError{}
} else if cmd.Config.UAAOAuthClient() != "cf" || cmd.Config.UAAOAuthClientSecret() != "" {
cmd.UI.DisplayWarning("Deprecation warning: Manually writing your client credentials to the config.json is deprecated and will be removed in the future. For similar functionality, please use the `cf auth --client-credentials` command instead.")
}
}
err = command.WarnIfCLIVersionBelowAPIDefinedMinimum(cmd.Config, cmd.Actor.CloudControllerAPIVersion(), cmd.UI)
if err != nil {
return err
}
cmd.UI.DisplayTextWithFlavor(
"API endpoint: {{.Endpoint}}",
map[string]interface{}{
"Endpoint": cmd.Config.Target(),
})
cmd.UI.DisplayText("Authenticating...")
grantType := constant.GrantTypePassword
if cmd.ClientCredentials {
grantType = constant.GrantTypeClientCredentials
}
err = cmd.Actor.Authenticate(username, password, cmd.Origin, grantType)
if err != nil {
return err
}
cmd.UI.DisplayOK()
cmd.UI.DisplayTextWithFlavor(
"Use '{{.Command}}' to view or set your target org and space.",
map[string]interface{}{
"Command": fmt.Sprintf("%s target", cmd.Config.BinaryName()),
})
return nil
}
func (cmd AuthCommand) getUsernamePassword() (string, string, error) {
var (
userMissing bool
passwordMissing bool
)
username := cmd.RequiredArgs.Username
if username == "" {
if envUser := cmd.Config.CFUsername(); envUser != "" {
username = envUser
} else {
userMissing = true
}
}
password := cmd.RequiredArgs.Password
if password == "" {
if envPassword := cmd.Config.CFPassword(); envPassword != "" {
password = envPassword
} else {
passwordMissing = true
}
}
if userMissing || passwordMissing {
return "", "", translatableerror.MissingCredentialsError{
MissingUsername: userMissing,
MissingPassword: passwordMissing,
}
}
return username, password, nil
}