removed unsupported legacy login and replaced it with the current username/password login option. a bit of refactoring around error checking and error/success output content

2024-11-11 07:34:15 +00:00 · 2016-09-19 15:00:35 +01:00 · 2016-09-19 15:00:35 +01:00 · 624849d418
commit 624849d418
parent b2dfeaeffd
2 changed files with 47 additions and 45 deletions
--- a/lib/bundles/inspec-compliance/api.rb
+++ b/lib/bundles/inspec-compliance/api.rb
@ -9,18 +9,6 @@ module Compliance
  # API Implementation does not hold any state by itself,
  # everything will be stored in local Configuration store
  class API
-    # login method for pre-1.0 compliance server
-    def self.legacy_login_post(url, username, password, insecure)
-      # form request
-      # TODO: reuse post function
-      uri = URI.parse(url)
-      req = Net::HTTP::Post.new(uri.path)
-      req.basic_auth(username, password)
-      req.form_data={}
-
-      send_request(uri, req, insecure)
-    end
-
    # return all compliance profiles available for the user
    def self.profiles(config)
      url = "#{config['server']}/user/compliance"
@ -86,19 +74,19 @@ Please login using `inspec compliance login https://compliance.test --user admin
      [res.is_a?(Net::HTTPSuccess), res.body]
    end

-    def self.post_refresh_token(url, token, insecure)
+    # Use username and refresh_toke to get an API access token
+    def self.get_token_via_refresh_token(url, refresh_token, insecure)
      uri = URI.parse("#{url}/login")
      req = Net::HTTP::Post.new(uri.path)
-      # req['Authorization'] = "Bearer #{token}"
-      req.body = { token: token }.to_json
+      req.body = { token: refresh_token }.to_json
      access_token = nil
      response = Compliance::HTTP.send_request(uri, req, insecure)
      data = response.body
-      if !data.nil?
+      if response.code == '200'
        begin
          tokendata = JSON.parse(data)
          access_token = tokendata['access_token']
-          msg = 'Successfully fetched access token'
+          msg = 'Successfully fetched API access token'
          success = true
        rescue JSON::ParserError => e
          success = false
@ -106,7 +94,29 @@ Please login using `inspec compliance login https://compliance.test --user admin
        end
      else
        success = false
-        msg = 'Invalid refresh_token'
+        msg = "Failed to authenticate to #{url} \n\
+  Response code: #{response.code}\n  Body: #{response.body}"
+      end
+
+      [success, msg, access_token]
+    end
+
+    # Use username and password to get an API access token
+    def self.get_token_via_password(url, username, password, insecure)
+      uri = URI.parse("#{url}/login")
+      req = Net::HTTP::Post.new(uri.path)
+      req.body = { userid: username, password: password }.to_json
+      access_token = nil
+      response = Compliance::HTTP.send_request(uri, req, insecure)
+      data = response.body
+      if response.code == '200'
+        access_token = data
+        msg = 'Successfully fetched an API access token valid for 12 hours'
+        success = true
+      else
+        success = false
+        msg = "Failed to authenticate to #{url} \n\
+  Response code: #{response.code}\n  Body: #{response.body}"
      end

      [success, msg, access_token]
--- a/lib/bundles/inspec-compliance/cli.rb
+++ b/lib/bundles/inspec-compliance/cli.rb
@ -22,9 +22,9 @@ module Compliance
    option :insecure, aliases: :k, type: :boolean,
      desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
    option :user, type: :string, required: false,
-      desc: 'Chef Compliance Username (for legacy auth)'
+      desc: 'Chef Compliance Username'
    option :password, type: :string, required: false,
-      desc: 'Chef Compliance Password (for legacy auth)'
+      desc: 'Chef Compliance Password'
    option :apipath, type: :string, default: '/api',
      desc: 'Set the path to the API, defaults to /api'
    option :token, type: :string, required: false,
@ -38,7 +38,7 @@ module Compliance
      url = options['server'] + options['apipath']
      if !options['user'].nil? && !options['password'].nil?
        # username / password
-        _success, msg = login_legacy(url, options['user'], options['password'], options['insecure'])
+        _success, msg = login_username_password(url, options['user'], options['password'], options['insecure'])
      elsif !options['user'].nil? && !options['token'].nil?
        # access token
        _success, msg = store_access_token(url, options['user'], options['token'], options['insecure'])
@ -199,7 +199,7 @@ module Compliance
    private

    def login_refreshtoken(url, options)
-      success, msg, access_token = Compliance::API.post_refresh_token(url, options['refresh_token'], options['insecure'])
+      success, msg, access_token = Compliance::API.get_token_via_refresh_token(url, options['refresh_token'], options['insecure'])
      if success
        config = Compliance::Configuration.new
        config['server'] = url
@ -212,25 +212,17 @@ module Compliance
      [success, msg]
    end

-    def login_legacy(url, username, password, insecure)
+    def login_username_password(url, username, password, insecure)
      config = Compliance::Configuration.new
-      success, data = Compliance::API.legacy_login_post(url+'/oauth/token', username, password, insecure)
-      if !data.nil?
-        tokendata = JSON.parse(data)
-        if tokendata['access_token']
-          config['server'] = url
-          config['user'] = username
-          config['token'] = tokendata['access_token']
-          config['insecure'] = insecure
-          config['version'] = Compliance::API.version(url, insecure)
-          config.store
-          success = true
-          msg = 'Successfully authenticated'
-        else
-          msg = 'Response does not include a token'
-        end
-      else
-        msg = "Authentication failed for Server: #{url}"
+      success, msg, api_token = Compliance::API.get_token_via_password(url, username, password, insecure)
+      if success
+        config['server'] = url
+        config['user'] = username
+        config['token'] = api_token
+        config['insecure'] = insecure
+        config['version'] = Compliance::API.version(url, insecure)
+        config.store
+        success = true
      end
      [success, msg]
    end
@ -245,10 +237,10 @@ module Compliance
      config['version'] = Compliance::API.version(url, insecure)
      config.store

-      [true, 'access token stored']
+      [true, 'API access token stored']
    end

-    # saves the a user refresh token supplied by the user
+    # saves a refresh token supplied by the user
    def store_refresh_token(url, refresh_token, verify, user, insecure)
      config = Compliance::Configuration.new
      config['server'] = url
@ -260,13 +252,13 @@ module Compliance
      if !verify
        config.store
        success = true
-        msg = 'refresh token stored'
+        msg = 'API refresh token stored'
      else
-        success, msg, access_token = Compliance::API.post_refresh_token(url, refresh_token, insecure)
+        success, msg, access_token = Compliance::API.get_token_via_refresh_token(url, refresh_token, insecure)
        if success
          config['token'] = access_token
          config.store
-          msg = 'token verified and stored'
+          msg = 'API access token verified and stored'
        end
      end