265 lines
8.1 KiB
Ruby
265 lines
8.1 KiB
Ruby
require "rest_client"
|
|
require "vagrant_cloud"
|
|
require "vagrant/util/downloader"
|
|
require "vagrant/util/presence"
|
|
require Vagrant.source_root.join("plugins/commands/cloud/errors")
|
|
|
|
module VagrantPlugins
|
|
module CloudCommand
|
|
class Client
|
|
######################################################################
|
|
# Class that deals with managing users 'local' token for Vagrant Cloud
|
|
######################################################################
|
|
APP = "app".freeze
|
|
|
|
include Vagrant::Util::Presence
|
|
|
|
attr_accessor :username_or_email
|
|
attr_accessor :password
|
|
attr_reader :two_factor_default_delivery_method
|
|
attr_reader :two_factor_delivery_methods
|
|
|
|
# Initializes a login client with the given Vagrant::Environment.
|
|
#
|
|
# @param [Vagrant::Environment] env
|
|
def initialize(env)
|
|
@logger = Log4r::Logger.new("vagrant::cloud::client")
|
|
@env = env
|
|
end
|
|
|
|
# Removes the token, effectively logging the user out.
|
|
def clear_token
|
|
@logger.info("Clearing token")
|
|
token_path.delete if token_path.file?
|
|
end
|
|
|
|
# Checks if the user is logged in by verifying their authentication
|
|
# token.
|
|
#
|
|
# @return [Boolean]
|
|
def logged_in?
|
|
token = self.token
|
|
return false if !token
|
|
Vagrant::Util::CredentialScrubber.sensitive(token)
|
|
|
|
with_error_handling do
|
|
url = "#{Vagrant.server_url}/api/v1/authenticate" +
|
|
"?access_token=#{token}"
|
|
RestClient.get(url, content_type: :json)
|
|
true
|
|
end
|
|
rescue Errors::Unauthorized
|
|
false
|
|
end
|
|
|
|
# Login logs a user in and returns the token for that user. The token
|
|
# is _not_ stored unless {#store_token} is called.
|
|
#
|
|
# @param [String] description
|
|
# @param [String] code
|
|
# @return [String] token The access token, or nil if auth failed.
|
|
def login(description: nil, code: nil)
|
|
@logger.info("Logging in '#{username_or_email}'")
|
|
|
|
Vagrant::Util::CredentialScrubber.sensitive(password)
|
|
response = post(
|
|
"/api/v1/authenticate", {
|
|
user: {
|
|
login: username_or_email,
|
|
password: password
|
|
},
|
|
token: {
|
|
description: description
|
|
},
|
|
two_factor: {
|
|
code: code
|
|
}
|
|
}
|
|
)
|
|
|
|
Vagrant::Util::CredentialScrubber.sensitive(response["token"])
|
|
response["token"]
|
|
end
|
|
|
|
# Requests a 2FA code
|
|
# @param [String] delivery_method
|
|
def request_code(delivery_method)
|
|
@env.ui.warn("Requesting 2FA code via #{delivery_method.upcase}...")
|
|
|
|
Vagrant::Util::CredentialScrubber.sensitive(password)
|
|
response = post(
|
|
"/api/v1/two-factor/request-code", {
|
|
user: {
|
|
login: username_or_email,
|
|
password: password
|
|
},
|
|
two_factor: {
|
|
delivery_method: delivery_method.downcase
|
|
}
|
|
}
|
|
)
|
|
|
|
two_factor = response['two_factor']
|
|
obfuscated_destination = two_factor['obfuscated_destination']
|
|
|
|
@env.ui.success("2FA code sent to #{obfuscated_destination}.")
|
|
end
|
|
|
|
# Issues a post to a Vagrant Cloud path with the given payload.
|
|
# @param [String] path
|
|
# @param [Hash] payload
|
|
# @return [Hash] response data
|
|
def post(path, payload)
|
|
with_error_handling do
|
|
url = File.join(Vagrant.server_url, path)
|
|
|
|
proxy = nil
|
|
proxy ||= ENV["HTTPS_PROXY"] || ENV["https_proxy"]
|
|
proxy ||= ENV["HTTP_PROXY"] || ENV["http_proxy"]
|
|
RestClient.proxy = proxy
|
|
|
|
response = RestClient::Request.execute(
|
|
method: :post,
|
|
url: url,
|
|
payload: JSON.dump(payload),
|
|
proxy: proxy,
|
|
headers: {
|
|
accept: :json,
|
|
content_type: :json,
|
|
user_agent: Vagrant::Util::Downloader::USER_AGENT,
|
|
},
|
|
)
|
|
|
|
JSON.load(response.to_s)
|
|
end
|
|
end
|
|
|
|
# Stores the given token locally, removing any previous tokens.
|
|
#
|
|
# @param [String] token
|
|
def store_token(token)
|
|
@logger.info("Storing token in #{token_path}")
|
|
|
|
token_path.open("w") do |f|
|
|
f.write(token)
|
|
end
|
|
|
|
nil
|
|
end
|
|
|
|
# Reads the access token if there is one. This will first read the
|
|
# `VAGRANT_CLOUD_TOKEN` environment variable and then fallback to the stored
|
|
# access token on disk.
|
|
#
|
|
# @return [String]
|
|
def token
|
|
if present?(ENV["VAGRANT_CLOUD_TOKEN"]) && token_path.exist?
|
|
@env.ui.warn <<-EOH.strip
|
|
Vagrant detected both the VAGRANT_CLOUD_TOKEN environment variable and a Vagrant login
|
|
token are present on this system. The VAGRANT_CLOUD_TOKEN environment variable takes
|
|
precedence over the locally stored token. To remove this error, either unset
|
|
the VAGRANT_CLOUD_TOKEN environment variable or remove the login token stored on disk:
|
|
|
|
~/.vagrant.d/data/vagrant_login_token
|
|
|
|
EOH
|
|
end
|
|
|
|
if present?(ENV["VAGRANT_CLOUD_TOKEN"])
|
|
@logger.debug("Using authentication token from environment variable")
|
|
return ENV["VAGRANT_CLOUD_TOKEN"]
|
|
end
|
|
|
|
if token_path.exist?
|
|
@logger.debug("Using authentication token from disk at #{token_path}")
|
|
return token_path.read.strip
|
|
end
|
|
|
|
if present?(ENV["ATLAS_TOKEN"])
|
|
@logger.warn("ATLAS_TOKEN detected within environment. Using ATLAS_TOKEN in place of VAGRANT_CLOUD_TOKEN.")
|
|
return ENV["ATLAS_TOKEN"]
|
|
end
|
|
|
|
@logger.debug("No authentication token in environment or #{token_path}")
|
|
|
|
nil
|
|
end
|
|
|
|
protected
|
|
|
|
def with_error_handling(&block)
|
|
yield
|
|
rescue RestClient::Unauthorized
|
|
@logger.debug("Unauthorized!")
|
|
raise Errors::Unauthorized
|
|
rescue RestClient::BadRequest => e
|
|
@logger.debug("Bad request:")
|
|
@logger.debug(e.message)
|
|
@logger.debug(e.backtrace.join("\n"))
|
|
parsed_response = JSON.parse(e.response)
|
|
errors = parsed_response["errors"].join("\n")
|
|
raise Errors::ServerError, errors: errors
|
|
rescue RestClient::NotAcceptable => e
|
|
@logger.debug("Got unacceptable response:")
|
|
@logger.debug(e.message)
|
|
@logger.debug(e.backtrace.join("\n"))
|
|
|
|
parsed_response = JSON.parse(e.response)
|
|
|
|
if two_factor = parsed_response['two_factor']
|
|
store_two_factor_information two_factor
|
|
|
|
if two_factor_default_delivery_method != APP
|
|
request_code two_factor_default_delivery_method
|
|
end
|
|
|
|
raise Errors::TwoFactorRequired
|
|
end
|
|
|
|
begin
|
|
errors = parsed_response["errors"].join("\n")
|
|
raise Errors::ServerError, errors: errors
|
|
rescue JSON::ParserError; end
|
|
|
|
@logger.debug("Got an unexpected error:")
|
|
@logger.debug(e.inspect)
|
|
raise Errors::Unexpected, error: e.inspect
|
|
rescue SocketError
|
|
@logger.info("Socket error")
|
|
raise Errors::ServerUnreachable, url: Vagrant.server_url.to_s
|
|
end
|
|
|
|
def token_path
|
|
@env.data_dir.join("vagrant_login_token")
|
|
end
|
|
|
|
def store_two_factor_information(two_factor)
|
|
@two_factor_default_delivery_method =
|
|
two_factor['default_delivery_method']
|
|
|
|
@two_factor_delivery_methods =
|
|
two_factor['delivery_methods']
|
|
|
|
@env.ui.warn "2FA is enabled for your account."
|
|
if two_factor_default_delivery_method == APP
|
|
@env.ui.info "Enter the code from your authenticator."
|
|
else
|
|
@env.ui.info "Default method is " \
|
|
"'#{two_factor_default_delivery_method}'."
|
|
end
|
|
|
|
other_delivery_methods =
|
|
two_factor_delivery_methods - [APP]
|
|
|
|
if other_delivery_methods.any?
|
|
other_delivery_methods_sentence = other_delivery_methods
|
|
.map { |word| "'#{word}'" }
|
|
.join(' or ')
|
|
@env.ui.info "You can also type #{other_delivery_methods_sentence} " \
|
|
"to request a new code."
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|