Fixes #29635 - Ask for oauth code only when needed (#517)

theforeman · May 12, 2020 · 0ec70fc · 0ec70fc
1 parent 1089b20
commit 0ec70fc
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/lib/hammer_cli_foreman/api/oauth/authentication_code_grant.rb b/lib/hammer_cli_foreman/api/oauth/authentication_code_grant.rb
@@ -5,19 +5,22 @@ module HammerCLIForeman
   module Api
     module Oauth
       class AuthenticationCodeGrant < ApipieBindings::Authenticators::TokenAuth
-        attr_accessor :oidc_token_endpoint, :oidc_authorization_endpoint, :oidc_client_id, :token, :oidc_redirect_uri
+        attr_accessor :oidc_token_endpoint, :oidc_authorization_endpoint,
+                      :oidc_client_id, :token, :oidc_redirect_uri
 
         def initialize(oidc_token_endpoint, oidc_authorization_endpoint, oidc_client_id, oidc_redirect_uri)
           @oidc_token_endpoint = oidc_token_endpoint
           @oidc_authorization_endpoint = oidc_authorization_endpoint
           @oidc_client_id = oidc_client_id
           @oidc_redirect_uri = oidc_redirect_uri
-          super set_token(oidc_token_endpoint, oidc_authorization_endpoint, oidc_client_id, oidc_redirect_uri)
+          super(nil)
         end
 
         def authenticate(request, token)
           if HammerCLI.interactive?
             set_token_interactively
+          else
+            set_token(oidc_token_endpoint, oidc_authorization_endpoint, oidc_client_id, oidc_redirect_uri)
           end
           super
         end
@@ -35,7 +38,7 @@ def set_token(input_oidc_token_endpoint, input_oidc_authorization_endpoint, inpu
           if @oidc_client_id.to_s.empty? || @oidc_authorization_endpoint.to_s.empty? || @oidc_redirect_uri.to_s.empty? || @oidc_token_endpoint.to_s.empty?
             @token = nil
           else
-            get_code
+            @code ||= get_code
             @token = HammerCLIForeman::OpenidConnect.new(
               @oidc_token_endpoint, @oidc_client_id).get_token_via_2fa(@code, @oidc_redirect_uri)
           end
@@ -68,7 +71,7 @@ def get_code
                         "&redirect_uri=#{@oidc_redirect_uri}"\
                         '&scope=openid'
           HammerCLI.interactive_output.say("Enter URL in browser: #{@token_url}")
-          @code ||= ask_user(_("Code:%s") % " ")
+          ask_user(_("Code:%s") % " ")
         end
 
         def get_oidc_authorization_endpoint

diff --git a/lib/hammer_cli_foreman/auth.rb b/lib/hammer_cli_foreman/auth.rb
@@ -46,16 +46,16 @@ def execute
           if option_two_factor?
             Oauth.execute_with_params(
               AUTH_TYPES[:oauth_authentication_code_grant],
-              option_oidc_token_endpoint,
-              option_oidc_authorization_endpoint,
-              option_oidc_client_id,
-              option_oidc_redirect_uri
+              option_oidc_token_endpoint || HammerCLI::Settings.get(:foreman, :oidc_token_endpoint),
+              option_oidc_authorization_endpoint || HammerCLI::Settings.get(:foreman, :oidc_authorization_endpoint),
+              option_oidc_client_id || HammerCLI::Settings.get(:foreman, :oidc_client_id),
+              option_oidc_redirect_uri || HammerCLI::Settings.get(:foreman, :oidc_redirect_uri)
             )
           else
             Oauth.execute_with_params(
               AUTH_TYPES[:oauth_password_grant],
-              option_oidc_token_endpoint,
-              option_oidc_client_id,
+              option_oidc_token_endpoint || HammerCLI::Settings.get(:foreman, :oidc_token_endpoint),
+              option_oidc_client_id || HammerCLI::Settings.get(:foreman, :oidc_client_id),
               option_username || HammerCLI::Settings.get('_params', 'username'),
               option_password || HammerCLI::Settings.get('_params', 'password')
             )