Create SSO "login" option (#259)

* Use provided tokens for SSO "login" Part of https://aptible.atlassian.net/browse/DP-144 Allow the user to store a given token for later use to enable SSO "logins" via the CLI. The SSO login process involves redirects that must be done in a browser. Therefore, the way to allow users in SSO enforced organizations to use the CLI is to provide a way for them to copy a token from their browser (where they complete their SSO login) and store it via the CLI for use. The command is `aptible login --sso token'. If no token is provided, the user will be prompted for one. This persisted token will overwrite their existing one. Therefore, they will need to issue `aptible login` again to access other orgs beyond the one the SSO "organization" token is valid for. * Bump version
aptible · May 5, 2020 · 4fe5427 · 4fe5427
1 parent 07bb06f
commit 4fe5427
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 1 deletion.
diff --git a/lib/aptible/cli/agent.rb b/lib/aptible/cli/agent.rb
@@ -1,3 +1,4 @@
+require 'base64'
 require 'uri'
 
 require 'aptible/auth'
@@ -84,7 +85,22 @@ def version
       option :lifetime, desc: 'The duration the token should be valid for ' \
                               '(example usage: 24h, 1d, 600s, etc.)'
       option :otp_token, desc: 'A token generated by your second-factor app'
+      option :sso, desc: 'Use a token from a Single Sign On login on the ' \
+                         'dashboard'
       def login
+        if options[:sso]
+          begin
+            token = options[:sso]
+            token = ask('Paste token copied from Dashboard:') if token == 'sso'
+            Base64.urlsafe_decode64(token.split('.').first)
+            save_token(token)
+            CLI.logger.info "Token written to #{token_file}"
+            return
+          rescue StandardError
+            raise Thor::Error, 'Invalid token provided for SSO'
+          end
+        end
+
         email = options[:email] || ask('Email: ')
         password = options[:password] || ask_then_line(
           'Password: ', echo: false

diff --git a/lib/aptible/cli/version.rb b/lib/aptible/cli/version.rb
@@ -1,5 +1,5 @@
 module Aptible
   module CLI
-    VERSION = '0.16.3'.freeze
+    VERSION = '0.16.4'.freeze
   end
 end
diff --git a/spec/aptible/cli/agent_spec.rb b/spec/aptible/cli/agent_spec.rb
@@ -258,6 +258,36 @@ def make_oauth2_error(code, ctx = nil)
           subject.login
         end
       end
+
+      context 'SSO logins' do
+        let(:token) { 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpZCI6I' }
+
+        it 'accepts a token as an argument' do
+          options = { sso: token }
+          allow(subject).to receive(:options).and_return options
+
+          expect(subject).to receive(:save_token).with(token)
+
+          subject.login
+        end
+
+        it 'rejects clearly invalid tokens' do
+          options = { sso: 'blarg' }
+          allow(subject).to receive(:options).and_return options
+
+          expect { subject.login }.to raise_error Thor::Error
+        end
+
+        it 'prompts for a token if none provided' do
+          options = { sso: 'sso' }
+          allow(subject).to receive(:options).and_return options
+
+          expect(subject).to receive(:ask).once.and_return(token)
+          expect(subject).to receive(:save_token).with(token)
+
+          subject.login
+        end
+      end
     end
   end