#29 Perform OAuth2 Implicit Grant Flow to get access token

- updated to new stups-zign supporting implicit flow - replaced get_named_token calls with get_token_implicit_flow
zalando-stups · Jan 11, 2017 · 4bfd925 · 4bfd925
1 parent 5640704
commit 4bfd925
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 15 deletions.
diff --git a/piu/cli.py b/piu/cli.py
@@ -136,6 +136,13 @@ def tunnel_validation(ctx, param, value):
         return value
 
 
+def get_token():
+    try:
+        return zign.api.get_token_implicit_flow('piu')
+    except zign.api.AuthenticationFailed as e:
+        raise click.ClickException(e)
+
+
 def _request_access(even_url, cacert, username, hostname, reason, remote_host,
                     lifetime, user, password, clip, connect, tunnel):
     data = {'username': username, 'hostname': hostname, 'reason': reason}
@@ -145,12 +152,8 @@ def _request_access(even_url, cacert, username, hostname, reason, remote_host,
         host_via = '{} via {}'.format(remote_host, hostname)
     if lifetime:
         data['lifetime_minutes'] = lifetime
-    try:
-        token = zign.api.get_named_token(['uid'], 'employees', 'piu', user, password, prompt=True)
-    except zign.api.ServerError as e:
-        click.secho('{}'.format(e), fg='red', bold=True)
-        return 500
 
+    token = get_token()
     access_token = token.get('access_token')
     click.secho('Requesting access to host {host_via} for {username}..'.format(host_via=host_via, username=username),
                 bold=True)
@@ -378,7 +381,7 @@ def list_access_requests(obj, user, odd_host, status, limit, offset, output):
     elif odd_host == 'MY-ODD-HOST':
         odd_host = config.get('odd_host')
 
-    access_token = zign.api.get_token('piu', ['piu'])
+    access_token = get_token()
 
     params = {'username': user, 'hostname': odd_host, 'status': status, 'limit': limit, 'offset': offset}
     r = requests.get(config.get('even_url').rstrip('/') + '/access-requests',

diff --git a/requirements.txt b/requirements.txt
@@ -2,6 +2,6 @@ clickclick>=0.10
 PyYAML
 requests
 pyperclip
-stups-zign>=0.16
+stups-zign>=1.0.24
 boto3>=1.3.0
 botocore>=1.4.10
diff --git a/tests/test_cli.py b/tests/test_cli.py
@@ -16,7 +16,7 @@ def test_missing_reason():
 
 def test_success(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow', MagicMock(return_value={'access_token': '123'}))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
@@ -36,7 +36,7 @@ def test_success(monkeypatch):
 
 def test_bad_request(monkeypatch):
     response = MagicMock(status_code=400, text='**MAGIC-BAD-REQUEST**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow', MagicMock(return_value={'access_token': '123'}))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
@@ -57,7 +57,7 @@ def test_bad_request(monkeypatch):
 
 def test_auth_failure(monkeypatch):
     response = MagicMock(status_code=403, text='**MAGIC-AUTH-FAILED**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow', MagicMock(return_value={'access_token': '123'}))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
@@ -77,7 +77,7 @@ def test_auth_failure(monkeypatch):
 
 def test_dialog(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow', MagicMock(return_value={'access_token': '123'}))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
@@ -95,7 +95,8 @@ def test_dialog(monkeypatch):
 
 def test_oauth_failure(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(side_effect=zign.api.ServerError('**MAGIC-FAIL**')))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow',
+                        MagicMock(side_effect=zign.api.AuthenticationFailed('fail')))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
@@ -107,8 +108,8 @@ def test_oauth_failure(monkeypatch):
         result = runner.invoke(cli, ['--config-file=config.yaml', 'req', 'myuser@172.31.0.1',
                                      'my reason'], catch_exceptions=False, input='even\nodd\npassword\n\n')
 
-    assert result.exit_code == 500
-    assert 'Server error: **MAGIC-FAIL**' in result.output
+    assert result.exit_code == 1
+    assert 'Authentication failed' in result.output
 
 
 def test_login_arg_user(monkeypatch, tmpdir):
@@ -305,7 +306,7 @@ def test_tunnel_success(monkeypatch):
 
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
 
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token_implicit_flow', MagicMock(return_value={'access_token': '123'}))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('subprocess.call', MagicMock())