github.com/DaAlbrecht/cf-cli@v0.0.0-20231128151943-1fe19bb400b9/actor/v7action/auth.go

github.com/DaAlbrecht/cf-cli@v0.0.0-20231128151943-1fe19bb400b9/actor/v7action/auth.go (about)

     1  package v7action
     2  
     3  import (
     4  	"encoding/base64"
     5  	"encoding/json"
     6  	"fmt"
     7  	"strings"
     8  
     9  	"code.cloudfoundry.org/cli/actor/actionerror"
    10  	"code.cloudfoundry.org/cli/api/uaa/constant"
    11  	"code.cloudfoundry.org/cli/cf/configuration/coreconfig"
    12  	"code.cloudfoundry.org/cli/util/configv3"
    13  )
    14  
    15  type defaultAuthActor struct {
    16  	config    Config
    17  	uaaClient UAAClient
    18  }
    19  
    20  func NewDefaultAuthActor(config Config, uaaClient UAAClient) AuthActor {
    21  	return &defaultAuthActor{
    22  		config:    config,
    23  		uaaClient: uaaClient,
    24  	}
    25  }
    26  
    27  func (actor defaultAuthActor) Authenticate(credentials map[string]string, origin string, grantType constant.GrantType) error {
    28  	if grantType == constant.GrantTypePassword && actor.config.UAAGrantType() == string(constant.GrantTypeClientCredentials) {
    29  		return actionerror.PasswordGrantTypeLogoutRequiredError{}
    30  	}
    31  
    32  	actor.config.UnsetOrganizationAndSpaceInformation()
    33  	accessToken, refreshToken, err := actor.uaaClient.Authenticate(credentials, origin, grantType)
    34  	if err != nil {
    35  		actor.config.SetTokenInformation("", "", "")
    36  		return err
    37  	}
    38  
    39  	accessToken = fmt.Sprintf("bearer %s", accessToken)
    40  	actor.config.SetTokenInformation(accessToken, refreshToken, "")
    41  
    42  	if grantType == constant.GrantTypePassword {
    43  		actor.config.SetUAAGrantType("")
    44  	} else {
    45  		actor.config.SetUAAGrantType(string(grantType))
    46  	}
    47  
    48  	if grantType == constant.GrantTypeClientCredentials {
    49  		actor.config.SetUAAClientCredentials(credentials["client_id"], "")
    50  	}
    51  
    52  	return nil
    53  }
    54  
    55  func (actor defaultAuthActor) GetLoginPrompts() (map[string]coreconfig.AuthPrompt, error) {
    56  	rawPrompts, err := actor.uaaClient.GetLoginPrompts()
    57  	if err != nil {
    58  		return nil, err
    59  	}
    60  
    61  	prompts := make(map[string]coreconfig.AuthPrompt)
    62  	for key, val := range rawPrompts {
    63  		prompts[key] = coreconfig.AuthPrompt{
    64  			Type:        knownAuthPromptTypes[val[0]],
    65  			DisplayName: val[1],
    66  		}
    67  	}
    68  
    69  	return prompts, nil
    70  }
    71  
    72  func (actor defaultAuthActor) GetCurrentUser() (configv3.User, error) {
    73  	return actor.config.CurrentUser()
    74  }
    75  
    76  // TODO: error check this in future stories
    77  func (actor Actor) RevokeAccessAndRefreshTokens() error {
    78  	accessToken := actor.Config.AccessToken()
    79  	if actor.isTokenRevocable(accessToken) {
    80  		refreshToken := actor.Config.RefreshToken()
    81  		_ = actor.UAAClient.Revoke(refreshToken)
    82  		_ = actor.UAAClient.Revoke(accessToken)
    83  	}
    84  	return nil
    85  }
    86  
    87  func (actor Actor) isTokenRevocable(token string) bool {
    88  	segments := strings.Split(token, ".")
    89  
    90  	if len(segments) < 2 {
    91  		return false
    92  	}
    93  
    94  	jsonPayload, err := base64.RawURLEncoding.DecodeString(segments[1])
    95  	if err != nil {
    96  		return false
    97  	}
    98  
    99  	payload := make(map[string]interface{})
   100  	json.Unmarshal(jsonPayload, &payload)
   101  	revocable, ok := payload["revocable"].(bool)
   102  
   103  	if !ok {
   104  		return false
   105  	}
   106  
   107  	return revocable
   108  }
   109  
   110  var knownAuthPromptTypes = map[string]coreconfig.AuthPromptType{
   111  	"text":     coreconfig.AuthPromptTypeText,
   112  	"password": coreconfig.AuthPromptTypePassword,
   113  }