Tokens

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to the Imperative package will be documented in this file.
 
+## Recent Changes
+
+- Fix tests for interactive prompting.
+- Add the --dd flag to profile creation to allow the profile to be created without the default values specified for that profile.
+- Use a token for authentication if a token is present in the underlying REST session object.
+- Add a new ConnectionPropsForSessCfg.addPropsOrPrompt function that places credentials (including a possible token) into a session configuration object.
+    - Credentials are obtained from the command line, environment variables, or a profile.
+    - If no credentials are available, it will prompt for a user name and password.
+    - Any prompt will timeout after 30 seconds so that it will not hang an automated script.
+- Add base profiles, a new type of profile which can store values shared between profiles of other types.
+    - To use base profiles in an Imperative-based CLI, define a `baseProfile` schema on your Imperative configuration object.
+    - If the `baseProfile` schema is defined, base profile support will be added to any command that uses profiles.
+- Add login and logout commands to get and delete/invalidate tokens
+  - Add showToken flag to display token only, and not save it to the user profile
+  - Add ability to create a user profile on login if no profile of that type existed previously
+
 ## `4.6.4`
 
 - Fix optional secure fields not deleted when overwriting a profile

__tests__/__integration__/cmd/__tests__/integration/cli/auth/Cmd.cli.auth.login.fruit.integration.test.ts

@@ -0,0 +1,164 @@
+/*
+* This program and the accompanying materials are made available under the terms of the
+* Eclipse Public License v2.0 which accompanies this distribution, and is available at
+* https://www.eclipse.org/legal/epl-v20.html
+*
+* SPDX-License-Identifier: EPL-2.0
+*
+* Copyright Contributors to the Zowe Project.
+*
+*/
+
+import { runCliScript } from "../../../../../../src/TestUtil";
+import { ITestEnvironment } from "../../../../../../__src__/environment/doc/response/ITestEnvironment";
+import { SetupTestEnvironment } from "../../../../../../__src__/environment/SetupTestEnvironment";
+import { join } from "path";
+
+// Test Environment populated in the beforeAll();
+let TEST_ENVIRONMENT: ITestEnvironment;
+describe("cmd-cli auth login", () => {
+    // Create the unique test environment
+    beforeAll(async () => {
+        TEST_ENVIRONMENT = await SetupTestEnvironment.createTestEnv({
+            cliHomeEnvVar: "CMD_CLI_CLI_HOME",
+            testName: "cmd_auth_login"
+        });
+    });
+
+    afterEach(() => {
+        // delete profiles between tests so that they can be recreated
+        require("rimraf").sync(join(TEST_ENVIRONMENT.workingDir, "profiles"));
+    });
+
+    it("should load values from base profile and store token in it", () => {
+        const response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).toContain("user:       fakeUser");
+        expect(response.stdout.toString()).toContain("password:   fakePass");
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+    });
+
+    it("should load values from base profile and show token only", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_token.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).toContain("fakeUser:fakePass@fakeToken");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+
+        // the output of the command should not include token value
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).not.toContain("tokenType:");
+        expect(response.stdout.toString()).not.toContain("tokenValue:");
+    });
+
+    it("should load values from base profile and show token in rfj", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_create.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_token_rfj.sh",
+            TEST_ENVIRONMENT.workingDir);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(JSON.parse(response.stdout.toString()).data).toMatchObject({tokenType: "jwtToken", tokenValue: "fakeUser:fakePass@fakeToken"});
+
+        // the output of the command should not include token value
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).not.toContain("tokenType:");
+        expect(response.stdout.toString()).not.toContain("tokenValue:");
+    });
+
+    it("should create a profile, if requested 1", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_create_profile.sh",
+            TEST_ENVIRONMENT.workingDir, ["y", "fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("Login successful.");
+        expect(response.stdout.toString()).toContain("The authentication token is stored in the 'default' base profile");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("host:       fakeHost");
+        expect(response.stdout.toString()).toContain("port:       3000");
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+        expect(response.stdout.toString()).not.toContain("user:");
+        expect(response.stdout.toString()).not.toContain("password:");
+    });
+
+    it("should create a profile, if requested 2", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_create_profile.sh",
+            TEST_ENVIRONMENT.workingDir, ["yes", "fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("Login successful.");
+        expect(response.stdout.toString()).toContain("The authentication token is stored in the 'default' base profile");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("host:       fakeHost");
+        expect(response.stdout.toString()).toContain("port:       3000");
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+        expect(response.stdout.toString()).not.toContain("user:");
+        expect(response.stdout.toString()).not.toContain("password:");
+    });
+
+    it("should not create a profile, if requested", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_create_profile.sh",
+            TEST_ENVIRONMENT.workingDir, ["n", "fakeUser", "fakePass"]);
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("Login successful.");
+        expect(response.stdout.toString()).toContain("will not be stored in your profile");
+        expect(response.stdout.toString()).toContain("fakeUser:fakePass@fakeToken");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).not.toContain("user:");
+        expect(response.stdout.toString()).not.toContain("password:");
+        expect(response.stdout.toString()).not.toContain("host:");
+        expect(response.stdout.toString()).not.toContain("port:");
+        expect(response.stdout.toString()).not.toContain("tokenType:");
+        expect(response.stdout.toString()).not.toContain("tokenValue:");
+    });
+
+    it("should not create a profile, if it times out", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_create_profile_timeout.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).toContain("Login successful.");
+        expect(response.stdout.toString()).toContain("will not be stored in your profile");
+        expect(response.stdout.toString()).toContain("fakeUser:fakePass@fakeToken");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login_show_profiles.sh", TEST_ENVIRONMENT.workingDir);
+
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+        expect(response.stdout.toString()).not.toContain("user:");
+        expect(response.stdout.toString()).not.toContain("password:");
+        expect(response.stdout.toString()).not.toContain("host:");
+        expect(response.stdout.toString()).not.toContain("port:");
+        expect(response.stdout.toString()).not.toContain("tokenType:");
+        expect(response.stdout.toString()).not.toContain("tokenValue:");
+    });
+});

__tests__/__integration__/cmd/__tests__/integration/cli/auth/Cmd.cli.auth.logout.fruit.integration.test.ts

@@ -0,0 +1,72 @@
+/*
+* This program and the accompanying materials are made available under the terms of the
+* Eclipse Public License v2.0 which accompanies this distribution, and is available at
+* https://www.eclipse.org/legal/epl-v20.html
+*
+* SPDX-License-Identifier: EPL-2.0
+*
+* Copyright Contributors to the Zowe Project.
+*
+*/
+
+import { runCliScript } from "../../../../../../src/TestUtil";
+import { ITestEnvironment } from "../../../../../../__src__/environment/doc/response/ITestEnvironment";
+import { SetupTestEnvironment } from "../../../../../../__src__/environment/SetupTestEnvironment";
+import { join } from "path";
+
+// Test Environment populated in the beforeAll();
+let TEST_ENVIRONMENT: ITestEnvironment;
+describe("cmd-cli auth logout", () => {
+    // Create the unique test environment
+    beforeAll(async () => {
+        TEST_ENVIRONMENT = await SetupTestEnvironment.createTestEnv({
+            cliHomeEnvVar: "CMD_CLI_CLI_HOME",
+            testName: "cmd_auth_logout"
+        });
+    });
+
+    afterEach(() => {
+        // delete profiles between tests so that they can be recreated
+        require("rimraf").sync(join(TEST_ENVIRONMENT.workingDir, "profiles"));
+    });
+
+    it("should have auth logout command that loads values from base profile and removes the token", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_logout.sh",
+            TEST_ENVIRONMENT.workingDir);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).not.toContain("tokenType:");
+        expect(response.stdout.toString()).not.toContain("tokenValue:");
+    });
+
+    it("should have auth logout command that invalidates another token", () => {
+        let response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_login.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeUser", "fakePass"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+
+        response = runCliScript(__dirname + "/__scripts__/base_profile_and_auth_logout_specify_token.sh",
+            TEST_ENVIRONMENT.workingDir, ["fakeToken:fakeToken@fakeToken"]);
+        expect(response.stderr.toString()).toBe("");
+        expect(response.status).toBe(0);
+
+        // the output of the command should include token value
+        expect(response.stdout.toString()).toContain("tokenType:  jwtToken");
+        expect(response.stdout.toString()).toContain("tokenValue: fakeUser:fakePass@fakeToken");
+    });
+});

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+baseUser=$1
+basePass=$2
+
+# First create a base profile
+cmd-cli profiles create base-profile "test_base" --user "$baseUser" --password "$basePass"
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Creating a test_base profile of type base failed!" 1>&2
+    exit $CMDRC
+fi
+
+# Next login to fruit auth
+cmd-cli auth login fruit
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging into auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi
+
+# Now show contents of base profile
+cmd-cli profiles list base-profiles --sc
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Listing profiles of type base failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login_create_profile.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+echoVal=$1
+baseUser=$2
+basePass=$3
+
+echo $echoVal | cmd-cli auth login fruit --user "$baseUser" --password "$basePass"
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging into auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login_create_profile_timeout.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+baseUser=$1
+basePass=$2
+
+cmd-cli auth login fruit --user "$baseUser" --password "$basePass"
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging into auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login_show_profiles.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Now show contents of base profile
+cmd-cli profiles list base-profiles --sc
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Listing profiles of type base failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login_show_token.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+baseUser=$1
+basePass=$2
+
+# First create a base profile
+cmd-cli profiles create base-profile "test_base" --user "$baseUser" --password "$basePass"
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Creating a test_base profile of type base failed!" 1>&2
+    exit $CMDRC
+fi
+
+# Next login to fruit auth
+cmd-cli auth login fruit --show-token
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging into auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_login_show_token_rfj.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Next login to fruit auth
+cmd-cli auth login fruit --st --rfj
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging into auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi

__tests__/__integration__/cmd/__tests__/integration/cli/auth/__scripts__/base_profile_and_auth_logout.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Next logout of fruit auth
+cmd-cli auth logout fruit
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Logging out of auth of type fruit failed!" 1>&2
+    exit $CMDRC
+fi
+
+# Now show contents of base profile
+cmd-cli profiles list base-profiles --sc
+CMDRC=$?
+if [ $CMDRC -gt 0 ]
+then
+    echo "Listing profiles of type base failed!" 1>&2
+    exit $CMDRC
+fi