github.com/wanddynosios/cli@v7.1.0+incompatible/integration/v6/isolated/token_refresh_test.go (about) 1 package isolated 2 3 import ( 4 "fmt" 5 6 "code.cloudfoundry.org/cli/integration/helpers" 7 "code.cloudfoundry.org/cli/util/configv3" 8 9 . "github.com/onsi/ginkgo" 10 . "github.com/onsi/gomega" 11 . "github.com/onsi/gomega/gbytes" 12 . "github.com/onsi/gomega/gexec" 13 ) 14 15 var _ = Describe("Token Refreshing", func() { 16 BeforeEach(func() { 17 helpers.SkipIfClientCredentialsTestMode() 18 }) 19 20 Describe("password grant type", func() { 21 BeforeEach(func() { 22 helpers.LoginCF() 23 }) 24 25 Describe("config file backwards compatibility", func() { 26 // If we write "password" as the grant type, versions of the CLI before 6.44.0 will not be 27 // able to use their refresh token correctly. 28 When("logging in with rewritten cf auth", func() { 29 BeforeEach(func() { 30 helpers.LoginCF() 31 }) 32 33 It("persists an empty string as the grant type in config.json", func() { 34 c := helpers.GetConfig() 35 Expect(c.UAAGrantType()).To(Equal("")) 36 }) 37 }) 38 39 When("logging in with un-rewritten cf login", func() { 40 BeforeEach(func() { 41 u, p := helpers.GetCredentials() 42 session := helpers.CF("login", "-u", u, "-p", p) 43 Eventually(session).Should(Exit(0)) 44 }) 45 46 It("persists an empty string as the grant type in config.json", func() { 47 c := helpers.GetConfig() 48 Expect(c.UAAGrantType()).To(Equal("")) 49 }) 50 }) 51 52 When("logging in with rewritten cf login", func() { 53 BeforeEach(func() { 54 u, p := helpers.GetCredentials() 55 session := helpers.CF("login", "-u", u, "-p", p) 56 Eventually(session).Should(Exit(0)) 57 }) 58 It("persists an empty string as the grant type in config.json", func() { 59 c := helpers.GetConfig() 60 Expect(c.UAAGrantType()).To(Equal("")) 61 }) 62 }) 63 }) 64 65 When("the token is invalid", func() { 66 When("password is explicitly stored as the grant type", func() { 67 BeforeEach(func() { 68 helpers.SetConfig(func(config *configv3.Config) { 69 config.ConfigFile.AccessToken = helpers.ExpiredAccessToken() 70 config.ConfigFile.TargetedOrganization.GUID = "fake-org" 71 config.ConfigFile.TargetedSpace.GUID = "fake-space" 72 config.ConfigFile.UAAGrantType = "password" 73 }) 74 }) 75 76 When("running a v6 command", func() { 77 When("the cloud controller client encounters an invalid token response", func() { 78 It("refreshes the token", func() { 79 session := helpers.CF("unbind-service", "app", "service") 80 Eventually(session.Err).Should(Say("App 'app' not found")) 81 Eventually(session).Should(Exit(1)) 82 }) 83 }) 84 85 When("the UAA client encounters an invalid token response", func() { 86 It("refreshes the token", func() { 87 username, _ := helpers.GetCredentials() 88 session := helpers.CF("create-user", username, helpers.NewPassword()) 89 Eventually(session.Err).Should(Say(fmt.Sprintf("user %s already exists", username))) 90 Eventually(session).Should(Exit(0)) 91 }) 92 }) 93 }) 94 95 When("running an unrefactored v6 command", func() { 96 It("refreshes the token", func() { 97 session := helpers.CF("stack", "some-stack") 98 Eventually(session).Should(Say("Stack some-stack not found")) 99 Eventually(session).Should(Exit(1)) 100 }) 101 }) 102 }) 103 104 When("no grant type is explicitly stored", func() { 105 BeforeEach(func() { 106 helpers.SetConfig(func(config *configv3.Config) { 107 config.ConfigFile.AccessToken = helpers.ExpiredAccessToken() 108 config.ConfigFile.TargetedOrganization.GUID = "fake-org" 109 config.ConfigFile.TargetedSpace.GUID = "fake-space" 110 config.ConfigFile.UAAGrantType = "" 111 }) 112 }) 113 114 When("running a v6 command", func() { 115 When("the cloud controller client encounters an invalid token response", func() { 116 It("refreshes the token", func() { 117 session := helpers.CF("unbind-service", "app", "service") 118 Eventually(session.Err).Should(Say("App 'app' not found")) 119 Eventually(session).Should(Exit(1)) 120 }) 121 }) 122 123 When("the UAA client encounters an invalid token response", func() { 124 It("refreshes the token", func() { 125 username, _ := helpers.GetCredentials() 126 session := helpers.CF("create-user", username, helpers.NewPassword()) 127 Eventually(session.Err).Should(Say(fmt.Sprintf("user %s already exists", username))) 128 Eventually(session).Should(Exit(0)) 129 }) 130 }) 131 }) 132 133 When("running an unrefactored v6 command", func() { 134 It("refreshes the token", func() { 135 session := helpers.CF("stack", "some-stack") 136 Eventually(session).Should(Say("Stack some-stack not found")) 137 Eventually(session).Should(Exit(1)) 138 }) 139 }) 140 }) 141 }) 142 }) 143 144 Describe("client grant type", func() { 145 BeforeEach(func() { 146 helpers.LoginCFWithClientCredentials() 147 }) 148 149 When("the token is invalid", func() { 150 BeforeEach(func() { 151 helpers.SetConfig(func(config *configv3.Config) { 152 config.ConfigFile.AccessToken = helpers.ExpiredAccessToken() 153 config.ConfigFile.TargetedOrganization.GUID = "fake-org" 154 config.ConfigFile.TargetedSpace.GUID = "fake-space" 155 }) 156 }) 157 158 When("running a v6 refactored command", func() { 159 When("the cloud controller client encounters an invalid token response", func() { 160 It("displays an error and exits 1", func() { 161 session := helpers.CF("unbind-service", "app", "service") 162 Eventually(session.Err).Should(Say(`Credentials were rejected, please try again\.`)) 163 Eventually(session).Should(Exit(1)) 164 }) 165 }) 166 167 When("the UAA client encounters an invalid token response", func() { 168 It("displays an error and exits 1", func() { 169 username := helpers.NewUsername() 170 session := helpers.CF("create-user", username, helpers.NewPassword()) 171 Eventually(session.Err).Should(Say(`Credentials were rejected, please try again\.`)) 172 Eventually(session).Should(Exit(1)) 173 }) 174 }) 175 }) 176 177 When("running a v6 unrefactored command", func() { 178 When("the cloud controller client encounters an invalid token response", func() { 179 It("displays an error and exits 1", func() { 180 username, _ := helpers.GetCredentials() 181 session := helpers.CF("quotas") 182 Eventually(session).Should(Say("Getting quotas as %s", username)) 183 Eventually(session).Should(Say("Bad credentials")) 184 Eventually(session).Should(Exit(1)) 185 }) 186 }) 187 }) 188 }) 189 190 When("the CLI has authenticated with --client-credentials", func() { 191 When("the user has manually stored the client credentials in the config file and the token is expired", func() { 192 BeforeEach(func() { 193 clientID, clientSecret := helpers.SkipIfClientCredentialsNotSet() 194 195 helpers.SetConfig(func(config *configv3.Config) { 196 config.ConfigFile.UAAGrantType = "client_credentials" 197 config.ConfigFile.UAAOAuthClient = clientID 198 config.ConfigFile.UAAOAuthClientSecret = clientSecret 199 }) 200 201 helpers.SetConfig(func(config *configv3.Config) { 202 config.ConfigFile.AccessToken = helpers.ExpiredAccessToken() 203 }) 204 }) 205 206 It("automatically gets a new access token", func() { 207 Eventually(helpers.CF("orgs")).Should(Exit(0)) 208 }) 209 }) 210 }) 211 }) 212 })