From c0797709fcc3c4b6bda313203253329f22e31877 Mon Sep 17 00:00:00 2001 From: Sagar Wani Date: Tue, 12 Nov 2024 07:14:57 -0500 Subject: [PATCH 1/2] Changed the token retrieval endpoint for the platform --- server/server.go | 143 +++++------------------------------------------ 1 file changed, 14 insertions(+), 129 deletions(-) diff --git a/server/server.go b/server/server.go index fc21aca..501b0d6 100644 --- a/server/server.go +++ b/server/server.go @@ -316,63 +316,29 @@ func (s *Server) checkPlatformDetails() (string, error) { } else { isHealthy := checkJSONResponse(platformHelthCheckUrl) if isHealthy { - requestData := map[string]string{ - "User": s.Credentials.Username, - "Version": "1.0", - } - jsonData, err := json.Marshal(requestData) - if err != nil { - log.Print("Error marshaling JSON:", err) - return "", err - } + requestData := url.Values{} + requestData.Set("grant_type", "client_credentials") + requestData.Set("client_id", s.Credentials.Username) + requestData.Set("client_secret", s.Credentials.Password) + requestData.Set("scope", "xpmheadless") - req, err := http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/Security/StartAuthentication"), bytes.NewBuffer(jsonData)) + req, err := http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/api/oauth2/token/xpmplatform"), bytes.NewBufferString(requestData.Encode())) if err != nil { log.Print("Error creating HTTP request:", err) return "", err } - data, _, err := handleResponse((&http.Client{}).Do(req)) - if err != nil { - log.Print("[ERROR] start authetication response error:", err) - return "", err - } - - var startAuthjsonResponse StartAuthResponse - if err = json.Unmarshal(data, &startAuthjsonResponse); err != nil { - log.Print("[ERROR] parsing start auth response:", err) - return "", err - } - - requestData = map[string]string{ - "Answer": s.Credentials.Password, - "MechanismId": findMechanismId(startAuthjsonResponse), - "Action": "Answer", - "SessionId": startAuthjsonResponse.Result.SessionId, - "TenantId": startAuthjsonResponse.Result.TenantId, - } - - jsonData, err = json.Marshal(requestData) - if err != nil { - log.Print("Error marshaling JSON:", err) - return "", err - } - - req, err = http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/Security/AdvanceAuthentication"), bytes.NewBuffer(jsonData)) - if err != nil { - log.Print("Error creating HTTP request:", err) - return "", err - } + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - data, _, err = handleResponse((&http.Client{}).Do(req)) + data, _, err := handleResponse((&http.Client{}).Do(req)) if err != nil { - log.Print("[ERROR] advance authetication response error:", err) + log.Print("[ERROR] get token response error:", err) return "", err } - var advanceAuthJsonResponse AdvanceAuthResponse - if err = json.Unmarshal(data, &advanceAuthJsonResponse); err != nil { - log.Print("[ERROR] parsing advance auth response:", err) + var tokenjsonResponse OAuthTokens + if err = json.Unmarshal(data, &tokenjsonResponse); err != nil { + log.Print("[ERROR] parsing get token response:", err) return "", err } @@ -381,7 +347,7 @@ func (s *Server) checkPlatformDetails() (string, error) { log.Print("Error creating HTTP request:", err) return "", err } - req.Header.Add("Authorization", "Bearer "+advanceAuthJsonResponse.Result.OAuthTokens.AccessToken) + req.Header.Add("Authorization", "Bearer "+tokenjsonResponse.AccessToken) data, _, err = handleResponse((&http.Client{}).Do(req)) if err != nil { @@ -408,7 +374,7 @@ func (s *Server) checkPlatformDetails() (string, error) { return "", fmt.Errorf("no configured vault found") } - return advanceAuthJsonResponse.Result.OAuthTokens.AccessToken, nil + return tokenjsonResponse.AccessToken, nil } } return "", fmt.Errorf("invalid URL") @@ -437,17 +403,6 @@ func checkJSONResponse(url string) bool { } } -func findMechanismId(saResponse StartAuthResponse) string { - for _, challenge := range saResponse.Result.Challenges { - for _, mechanism := range challenge.Mechanisms { - if mechanism.PromptSelectMech == "Password" { - return mechanism.MechanismId - } - } - } - return "" -} - type Response struct { Healthy bool `json:"healthy"` DatabaseHealthy bool `json:"databaseHealthy"` @@ -456,48 +411,6 @@ type Response struct { ScheduledForDeletion bool `json:"scheduledForDeletion"` } -type ClientHints struct { - PersistDefault bool `json:"PersistDefault"` - AllowPersist bool `json:"AllowPersist"` - AllowForgotPassword bool `json:"AllowForgotPassword"` - StartingPoint string `json:"StartingPoint"` - RequestedUsername string `json:"RequestedUsername"` -} - -type Mechanism struct { - AnswerType string `json:"AnswerType"` - Name string `json:"Name"` - PromptMechChosen string `json:"PromptMechChosen"` - PromptSelectMech string `json:"PromptSelectMech"` - MechanismId string `json:"MechanismId"` -} - -type Challenge struct { - Mechanisms []Mechanism `json:"Mechanisms"` -} - -type Result struct { - ClientHints ClientHints `json:"ClientHints"` - Version string `json:"Version"` - SessionId string `json:"SessionId"` - AllowLoginMfaCache bool `json:"AllowLoginMfaCache"` - Challenges []Challenge `json:"Challenges"` - Summary string `json:"Summary"` - TenantId string `json:"TenantId"` -} - -type StartAuthResponse struct { - Success bool `json:"success"` - Result Result `json:"Result"` - Message interface{} `json:"Message"` - MessageID interface{} `json:"MessageID"` - Exception interface{} `json:"Exception"` - ErrorID interface{} `json:"ErrorID"` - ErrorCode interface{} `json:"ErrorCode"` - IsSoftError bool `json:"IsSoftError"` - InnerExceptions interface{} `json:"InnerExceptions"` -} - type OAuthTokens struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` @@ -508,34 +421,6 @@ type OAuthTokens struct { Scope string `json:"scope"` } -type AdvanceAuthResult struct { - AuthLevel string `json:"AuthLevel"` - DisplayName string `json:"DisplayName"` - OAuthTokens OAuthTokens `json:"OAuthTokens"` - UserId string `json:"UserId"` - EmailAddress string `json:"EmailAddress"` - UserDirectory string `json:"UserDirectory"` - StartingPoint string `json:"StartingPoint"` - PodFqdn string `json:"PodFqdn"` - User string `json:"User"` - CustomerID string `json:"CustomerID"` - SystemID string `json:"SystemID"` - SourceDsType string `json:"SourceDsType"` - Summary string `json:"Summary"` -} - -type AdvanceAuthResponse struct { - Success bool `json:"success"` - Result AdvanceAuthResult `json:"Result"` - Message interface{} `json:"Message"` - MessageID interface{} `json:"MessageID"` - Exception interface{} `json:"Exception"` - ErrorID interface{} `json:"ErrorID"` - ErrorCode interface{} `json:"ErrorCode"` - IsSoftError bool `json:"IsSoftError"` - InnerExceptions interface{} `json:"InnerExceptions"` -} - type Connection struct { Url string `json:"url"` OAuthProfileId string `json:"oAuthProfileId"` From 6359cfc4f5d8e8460aa0d5ddd72027c432f96397 Mon Sep 17 00:00:00 2001 From: Sagar Wani Date: Wed, 13 Nov 2024 06:21:26 -0500 Subject: [PATCH 2/2] Updated test case for platform login --- server/secret_template_test.go | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/server/secret_template_test.go b/server/secret_template_test.go index ef7738f..1f90325 100644 --- a/server/secret_template_test.go +++ b/server/secret_template_test.go @@ -7,12 +7,26 @@ import ( // TestSecretTemplate tests SecretTemplate. Referred to as // "Test #6" in the README. func TestSecretTemplate(t *testing.T) { - tss, err := initServer() - if err != nil { - t.Error("configuring the Server:", err) - return - } + t.Run("SecretServer_TestSecretTemplate", func(t *testing.T) { + tss, err := initServer() + if err != nil { + t.Error("configuring the Server:", err) + return + } + VerifySecretTemplate(t, tss) + }) + + t.Run("Platform_TestSecretTemplate", func(t *testing.T) { + tss, err := initPlatformServer() + if err != nil { + t.Error("configuring the Platform Server:", err) + return + } + VerifySecretTemplate(t, tss) + }) +} +func VerifySecretTemplate(t *testing.T, tss *Server) { id := initIntegerFromEnv("TSS_TEMPLATE_ID", t) if id < 0 { return