Skip to content

Commit

Permalink
Merge pull request #32 from DelineaXPM/update.platformAuth.endpoint
Browse files Browse the repository at this point in the history 
Changed the token retrieval endpoint for the platform
  • Loading branch information
@gaurava-delinea
gaurava-delinea authored Nov 19, 2024
2 parents 028579f + 6359cfc commit 680813d
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 134 deletions.
24 changes: 19 additions & 5 deletions server/secret_template_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,26 @@ import (
// TestSecretTemplate tests SecretTemplate. Referred to as
// "Test #6" in the README.
func TestSecretTemplate(t *testing.T) {
tss, err := initServer()
if err != nil {
t.Error("configuring the Server:", err)
return
}
t.Run("SecretServer_TestSecretTemplate", func(t *testing.T) {
tss, err := initServer()
if err != nil {
t.Error("configuring the Server:", err)
return
}
VerifySecretTemplate(t, tss)
})

t.Run("Platform_TestSecretTemplate", func(t *testing.T) {
tss, err := initPlatformServer()
if err != nil {
t.Error("configuring the Platform Server:", err)
return
}
VerifySecretTemplate(t, tss)
})
}

func VerifySecretTemplate(t *testing.T, tss *Server) {
id := initIntegerFromEnv("TSS_TEMPLATE_ID", t)
if id < 0 {
return
Expand Down
143 changes: 14 additions & 129 deletions server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,63 +316,29 @@ func (s *Server) checkPlatformDetails() (string, error) {
} else {
isHealthy := checkJSONResponse(platformHelthCheckUrl)
if isHealthy {
requestData := map[string]string{
"User": s.Credentials.Username,
"Version": "1.0",
}
jsonData, err := json.Marshal(requestData)
if err != nil {
log.Print("Error marshaling JSON:", err)
return "", err
}
requestData := url.Values{}
requestData.Set("grant_type", "client_credentials")
requestData.Set("client_id", s.Credentials.Username)
requestData.Set("client_secret", s.Credentials.Password)
requestData.Set("scope", "xpmheadless")

req, err := http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/Security/StartAuthentication"), bytes.NewBuffer(jsonData))
req, err := http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/api/oauth2/token/xpmplatform"), bytes.NewBufferString(requestData.Encode()))
if err != nil {
log.Print("Error creating HTTP request:", err)
return "", err
}

data, _, err := handleResponse((&http.Client{}).Do(req))
if err != nil {
log.Print("[ERROR] start authetication response error:", err)
return "", err
}

var startAuthjsonResponse StartAuthResponse
if err = json.Unmarshal(data, &startAuthjsonResponse); err != nil {
log.Print("[ERROR] parsing start auth response:", err)
return "", err
}

requestData = map[string]string{
"Answer": s.Credentials.Password,
"MechanismId": findMechanismId(startAuthjsonResponse),
"Action": "Answer",
"SessionId": startAuthjsonResponse.Result.SessionId,
"TenantId": startAuthjsonResponse.Result.TenantId,
}

jsonData, err = json.Marshal(requestData)
if err != nil {
log.Print("Error marshaling JSON:", err)
return "", err
}

req, err = http.NewRequest("POST", fmt.Sprintf("%s/%s", strings.Trim(baseURL, "/"), "identity/Security/AdvanceAuthentication"), bytes.NewBuffer(jsonData))
if err != nil {
log.Print("Error creating HTTP request:", err)
return "", err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

data, _, err = handleResponse((&http.Client{}).Do(req))
data, _, err := handleResponse((&http.Client{}).Do(req))
if err != nil {
log.Print("[ERROR] advance authetication response error:", err)
log.Print("[ERROR] get token response error:", err)
return "", err
}

var advanceAuthJsonResponse AdvanceAuthResponse
if err = json.Unmarshal(data, &advanceAuthJsonResponse); err != nil {
log.Print("[ERROR] parsing advance auth response:", err)
var tokenjsonResponse OAuthTokens
if err = json.Unmarshal(data, &tokenjsonResponse); err != nil {
log.Print("[ERROR] parsing get token response:", err)
return "", err
}

Expand All @@ -381,7 +347,7 @@ func (s *Server) checkPlatformDetails() (string, error) {
log.Print("Error creating HTTP request:", err)
return "", err
}
req.Header.Add("Authorization", "Bearer "+advanceAuthJsonResponse.Result.OAuthTokens.AccessToken)
req.Header.Add("Authorization", "Bearer "+tokenjsonResponse.AccessToken)

data, _, err = handleResponse((&http.Client{}).Do(req))
if err != nil {
Expand All @@ -408,7 +374,7 @@ func (s *Server) checkPlatformDetails() (string, error) {
return "", fmt.Errorf("no configured vault found")
}

return advanceAuthJsonResponse.Result.OAuthTokens.AccessToken, nil
return tokenjsonResponse.AccessToken, nil
}
}
return "", fmt.Errorf("invalid URL")
Expand Down Expand Up @@ -437,17 +403,6 @@ func checkJSONResponse(url string) bool {
}
}

func findMechanismId(saResponse StartAuthResponse) string {
for _, challenge := range saResponse.Result.Challenges {
for _, mechanism := range challenge.Mechanisms {
if mechanism.PromptSelectMech == "Password" {
return mechanism.MechanismId
}
}
}
return ""
}

type Response struct {
Healthy bool `json:"healthy"`
DatabaseHealthy bool `json:"databaseHealthy"`
Expand All @@ -456,48 +411,6 @@ type Response struct {
ScheduledForDeletion bool `json:"scheduledForDeletion"`
}

type ClientHints struct {
PersistDefault bool `json:"PersistDefault"`
AllowPersist bool `json:"AllowPersist"`
AllowForgotPassword bool `json:"AllowForgotPassword"`
StartingPoint string `json:"StartingPoint"`
RequestedUsername string `json:"RequestedUsername"`
}

type Mechanism struct {
AnswerType string `json:"AnswerType"`
Name string `json:"Name"`
PromptMechChosen string `json:"PromptMechChosen"`
PromptSelectMech string `json:"PromptSelectMech"`
MechanismId string `json:"MechanismId"`
}

type Challenge struct {
Mechanisms []Mechanism `json:"Mechanisms"`
}

type Result struct {
ClientHints ClientHints `json:"ClientHints"`
Version string `json:"Version"`
SessionId string `json:"SessionId"`
AllowLoginMfaCache bool `json:"AllowLoginMfaCache"`
Challenges []Challenge `json:"Challenges"`
Summary string `json:"Summary"`
TenantId string `json:"TenantId"`
}

type StartAuthResponse struct {
Success bool `json:"success"`
Result Result `json:"Result"`
Message interface{} `json:"Message"`
MessageID interface{} `json:"MessageID"`
Exception interface{} `json:"Exception"`
ErrorID interface{} `json:"ErrorID"`
ErrorCode interface{} `json:"ErrorCode"`
IsSoftError bool `json:"IsSoftError"`
InnerExceptions interface{} `json:"InnerExceptions"`
}

type OAuthTokens struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
Expand All @@ -508,34 +421,6 @@ type OAuthTokens struct {
Scope string `json:"scope"`
}

type AdvanceAuthResult struct {
AuthLevel string `json:"AuthLevel"`
DisplayName string `json:"DisplayName"`
OAuthTokens OAuthTokens `json:"OAuthTokens"`
UserId string `json:"UserId"`
EmailAddress string `json:"EmailAddress"`
UserDirectory string `json:"UserDirectory"`
StartingPoint string `json:"StartingPoint"`
PodFqdn string `json:"PodFqdn"`
User string `json:"User"`
CustomerID string `json:"CustomerID"`
SystemID string `json:"SystemID"`
SourceDsType string `json:"SourceDsType"`
Summary string `json:"Summary"`
}

type AdvanceAuthResponse struct {
Success bool `json:"success"`
Result AdvanceAuthResult `json:"Result"`
Message interface{} `json:"Message"`
MessageID interface{} `json:"MessageID"`
Exception interface{} `json:"Exception"`
ErrorID interface{} `json:"ErrorID"`
ErrorCode interface{} `json:"ErrorCode"`
IsSoftError bool `json:"IsSoftError"`
InnerExceptions interface{} `json:"InnerExceptions"`
}

type Connection struct {
Url string `json:"url"`
OAuthProfileId string `json:"oAuthProfileId"`
Expand Down

0 comments on commit 680813d

Please sign in to comment.