require 'erb' module Soaspec # Handles working with OAuth2 class OAuth2 # How often to refresh access token @refresh_token = :always # List of access tokens. They are mapped according to the OAuth parameters used @access_tokens = {} class << self # Default token url used across entire suite attr_accessor :token_url # @attr [Symbol] refresh_token How often to refresh access token # Values are: # * :always - (Default) Request token from token url every time it is needed # * :once - Request token once for the entire execution of the suite attr_accessor :refresh_token # @attr [Hash] access_tokens List of access tokens. They are mapped according to the OAuth parameters used attr_accessor :access_tokens end # @attr [Hash] OAuth parameters attr_accessor :params # @attr [Integer] Count of tries to obtain access token attr_accessor :retry_count # @param [Hash] params_sent Parameters to make OAuth request # @param_value [token_url] URL to retrieve OAuth token from. @Note this can be set globally instead of here # @param_value [client_id] Client ID # @param_value [client_secret] Client Secret # @param_value [username] Username used in password grant # @param_value [password] Password used in password grant # @param_value [security_token] Security Token used in password grant # @param [String] api_username Username to use which can be set by Soaspec::ExchangeHandler def initialize(params_sent, api_username = nil) params = params_sent.transform_keys_to_symbols params[:token_url] ||= Soaspec::OAuth2.token_url raise 'client_id and client_secret not set' unless params[:client_id] && params[:client_secret] raise ArgumentError, 'token_url mandatory' unless params[:token_url] self.params = params params[:username] = api_username || ERB.new(params[:username]).result(binding) if params[:username] params[:security_token] = ERB.new(params[:security_token]).result(binding) if params[:security_token] params[:token_url] = ERB.new(params[:token_url]).result(binding) if params[:token_url] params[:password] = ERB.new(params[:password]).result(binding) if params[:password] Soaspec::SpecLogger.info request_message end # @return [String] Existing or new access token, dependent on refresh_token attribute def access_token case Soaspec::OAuth2.refresh_token when :once Soaspec::OAuth2.access_tokens[params] ||= response['access_token'] else # Default is :always response['access_token'] end end # @return [Hash] Hash containing access token parameters def response Soaspec::SpecLogger.info "using oauth_params: #{params}" if Soaspec.debug_oauth? response = RestClient.post(params[:token_url], payload, cache_control: 'no_cache', verify_ssl: false) rescue RestClient::Exception => error Soaspec::SpecLogger.info(["oauth_error: #{error.message}", "oauth_response: #{error.response}"]) self.retry_count += 1 sleep 0.1 # Wait if a bit before retying obtaining access token retry if retry_count < 3 raise error else Soaspec::SpecLogger.info(["response_headers: #{response.headers}", "response_body: #{response.body}"]) if Soaspec.debug_oauth? JSON.parse(response) end # @return [String] String to represent OAuth for logging logs def request_message if Soaspec.debug_oauth? "request_params: #{payload}" else params[:username] ? "User '#{params[:username]}'" : 'client_credentials' end end # @return [String] Password to use in OAuth request def password params[:security_token] ? (params[:password] + params[:security_token]) : params[:password] end # Payload to add to o-auth request dependent on params provided # @return [Hash] Payload for retrieving OAuth access token def payload payload = { client_id: params[:client_id], client_secret: params[:client_secret] } payload.merge(if params[:password] && params[:username] { grant_type: 'password', username: params[:username], password: password, multipart: true } else { grant_type: 'client_credentials' } end) end end end