vagrant/plugins/commands/login/middleware/add_authentication.rb

require "cgi"
require "uri"

require_relative "../client"

module VagrantPlugins
  module LoginCommand
    class AddAuthentication
      REPLACEMENT_HOSTS = [
        "app.vagrantup.com".freeze,
        "atlas.hashicorp.com".freeze
      ].freeze
      TARGET_HOST = "vagrantcloud.com".freeze
      CUSTOM_HOST_NOTIFY_WAIT = 5

      def initialize(app, env)
        @app = app
        LoginCommand::Plugin.init!
      end

      def call(env)
        client = Client.new(env[:env])
        token  = client.token

        env[:box_urls].map! do |url|
          u = URI.parse(url)
          if u.host != TARGET_HOST && REPLACEMENT_HOSTS.include?(u.host)
            u.host = TARGET_HOST
          end
          u.to_s
        end

        server_uri = URI.parse(Vagrant.server_url.to_s)

        if token && !server_uri.host.to_s.empty?
          if server_uri.host != TARGET_HOST
            env[:ui].warn(I18n.t("login_command.middleware.authentication.different_target",
              custom_host: server_uri.host, known_host: TARGET_HOST) + "\n")
            sleep CUSTOM_HOST_NOTIFY_WAIT
          end

          env[:box_urls].map! do |url|
            u = URI.parse(url)

            if u.host == server_uri.host
              q = CGI.parse(u.query || "")

              current = q["access_token"]
              if current && current.empty?
                q["access_token"] = token
              end

              u.query = URI.encode_www_form(q)
            end

            u.to_s
          end
        end

        @app.call(env)
      end.freeze
    end
  end
end
Only append access_token the first time This fixes GH-6395 by only appending the access_token once. It also fixes a bug that was never reported. If a user supplied an access_token for a box URL, Vagrant would silently overwrite it. After this commit, Vagrant only appends an access_token to the URL if no value exists at the key. 2015-11-18 18:43:29 +00:00			`require "cgi"`
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00			`require "uri"`

			`require_relative "../client"`

			`module VagrantPlugins`
			`module LoginCommand`
			`class AddAuthentication`
Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`REPLACEMENT_HOSTS = [`
			`"app.vagrantup.com".freeze,`
			`"atlas.hashicorp.com".freeze`
Change allowed auth hosts to list 2017-11-07 15:32:33 +00:00			`].freeze`
Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`TARGET_HOST = "vagrantcloud.com".freeze`
			`CUSTOM_HOST_NOTIFY_WAIT = 5`
Only append access_token the first time This fixes GH-6395 by only appending the access_token once. It also fixes a bug that was never reported. If a user supplied an access_token for a box URL, Vagrant would silently overwrite it. After this commit, Vagrant only appends an access_token to the URL if no value exists at the key. 2015-11-18 18:43:29 +00:00
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00			`def initialize(app, env)`
			`@app = app`
Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`LoginCommand::Plugin.init!`
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00			`end`

			`def call(env)`
			`client = Client.new(env[:env])`
			`token = client.token`

Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`env[:box_urls].map! do \|url\|`
			`u = URI.parse(url)`
			`if u.host != TARGET_HOST && REPLACEMENT_HOSTS.include?(u.host)`
			`u.host = TARGET_HOST`
			`end`
			`u.to_s`
			`end`

			`server_uri = URI.parse(Vagrant.server_url.to_s)`

			`if token && !server_uri.host.to_s.empty?`
			`if server_uri.host != TARGET_HOST`
			`env[:ui].warn(I18n.t("login_command.middleware.authentication.different_target",`
			`custom_host: server_uri.host, known_host: TARGET_HOST) + "\n")`
			`sleep CUSTOM_HOST_NOTIFY_WAIT`
			`end`
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00
			`env[:box_urls].map! do \|url\|`
			`u = URI.parse(url)`
Only append access_token the first time This fixes GH-6395 by only appending the access_token once. It also fixes a bug that was never reported. If a user supplied an access_token for a box URL, Vagrant would silently overwrite it. After this commit, Vagrant only appends an access_token to the URL if no value exists at the key. 2015-11-18 18:43:29 +00:00
Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`if u.host == server_uri.host`
Only append access_token the first time This fixes GH-6395 by only appending the access_token once. It also fixes a bug that was never reported. If a user supplied an access_token for a box URL, Vagrant would silently overwrite it. After this commit, Vagrant only appends an access_token to the URL if no value exists at the key. 2015-11-18 18:43:29 +00:00			`q = CGI.parse(u.query \|\| "")`

			`current = q["access_token"]`
			`if current && current.empty?`
			`q["access_token"] = token`
			`end`

			`u.query = URI.encode_www_form(q)`
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00			`end`

			`u.to_s`
			`end`
			`end`

			`@app.call(env)`
Update behavior of the authentication middleware Always remap old hosts to target host when encountered. When custom vagrant server is defined, warn when tokens may be attached and allow time for user to cancel. Fixes #9442 2018-02-22 01:00:58 +00:00			`end.freeze`
Add vagrant-login to core ;) 2014-12-09 01:42:00 +00:00			`end`
			`end`
			`end`