Fix invalid tokens

Author: IvanBorislavovDimitrov

.gitignore

@@ -4,6 +4,7 @@ cf-cli-plugin
 mta-op-*/
 .DS_Store
 */.DS_Store
+.idea
 mta_plugin_darwin_amd64
 mta_plugin_linux_amd64
 mta_plugin_windows_amd64.exe

clients/baseclient/client_util.go

@@ -23,8 +23,7 @@ func shouldRetry(err error) bool {
 	if err == nil {
 		return false
 	}
-	isMatching, _ := regexp.MatchString(" EOF$", err.Error())
-	if isMatching {
+	if isMatching(err) {
 		return true
 	}
 	ae, ok := err.(*ClientError)
@@ -38,6 +37,16 @@ func shouldRetry(err error) bool {
 	return false
 }
 
+func isMatching(err error) bool {
+	return strings.Contains(err.Error(), "retry is needed") || isErrorEOF(err)
+}
+
+func isErrorEOF(err error) bool {
+	isMatching, _ := regexp.MatchString(" EOF$", err.Error())
+
+	return isMatching
+}
+
 func EncodeArg(arg string) string {
 	return strings.Replace(url.QueryEscape(arg), "+", "%20", -1)
 }

clients/csrf/csrf_paramters/csrf_request_header.go

@@ -0,0 +1,6 @@
+package csrf_paramters
+
+type CsrfRequestHeader struct {
+	CsrfTokenHeader string
+	CsrfTokenValue  string
+}

clients/csrf/csrf_suite_test.go

@@ -0,0 +1,13 @@
+package csrf_test
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+
+	"testing"
+)
+
+func TestRestclient(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Csrf suite")
+}

clients/csrf/csrf_token_fetcher.go

@@ -0,0 +1,10 @@
+package csrf
+
+import (
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_paramters"
+	"net/http"
+)
+
+type CsrfTokenFetcher interface {
+	FetchCsrfToken(url string, currentRequest *http.Request) (*csrf_paramters.CsrfRequestHeader, error)
+}

clients/csrf/csrf_token_updater.go

@@ -0,0 +1,11 @@
+package csrf
+
+import "net/http"
+
+type CsrfTokenUpdater interface {
+	checkAndUpdateCsrfToken() error
+	initializeToken(forceInitializing bool, url string) error
+	isRetryNeeded(response *http.Response) (bool, error)
+	updateCurrentCsrfToken(request *http.Request, t *Transport)
+	isProtectionRequired(req *http.Request, t *Transport) bool
+}

clients/csrf/csrf_token_updater_test.go

@@ -0,0 +1,169 @@
+package csrf
+
+import (
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/fakes"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"net/http"
+	"net/url"
+)
+
+const testUrl = "http://localhost:1000"
+
+const csrfTokenNotSet = ""
+
+var _ = Describe("DefaultCsrfTokenUpdater", func() {
+	Context("", func() {
+		It("protection not needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodGet)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isProtectionRequired(request, transport)).To(BeFalse())
+		})
+		It("protection not needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodOptions)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isProtectionRequired(request, transport)).To(BeFalse())
+		})
+		It("protection not needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodHead)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isProtectionRequired(request, transport)).To(BeFalse())
+		})
+		It("protection needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isProtectionRequired(request, transport)).To(BeTrue())
+		})
+		It("retry is not needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isRetryNeeded(createResponse(http.StatusOK, ""))).To(BeFalse())
+		})
+		It("retry is not needed", func() {
+			transport, request := createTransport(), createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, NewDefaultCsrfTokenFetcher(transport))
+			Expect(csrfTokenManager.isRetryNeeded(createResponse(http.StatusForbidden, CsrfTokenHeaderRequiredValue))).To(BeFalse())
+		})
+		It("retry is needed", func() {
+			transport := createTransport()
+			transport.Csrf.IsInitialized = true
+			request := createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			isRetryNeeded, err := csrfTokenManager.isRetryNeeded(createResponse(http.StatusForbidden, CsrfTokenHeaderRequiredValue))
+			Ω(err).ShouldNot(HaveOccurred())
+			Expect(isRetryNeeded).To(BeTrue())
+		})
+		It("initialize new token", func() {
+			transport := createTransport()
+			transport.Csrf.IsInitialized = true
+			request := createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.initializeToken(true, testUrl)
+			Ω(err).ShouldNot(HaveOccurred())
+			Expect(transport.Csrf.Header).To(Equal(fakes.FakeCsrfTokenHeader))
+			Expect(transport.Csrf.Token).To(Equal(fakes.FakeCsrfTokenValue))
+			Expect(transport.Csrf.IsInitialized).To(BeTrue())
+		})
+		It("update current csrf tokens", func() {
+			transport := createTransport()
+			request := createRequest(http.MethodGet)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.initializeToken(true, testUrl)
+			Ω(err).ShouldNot(HaveOccurred())
+			csrfTokenManager.updateCurrentCsrfToken(request, transport)
+			expectCsrfTokenIsProperlySet(request, fakes.FakeCsrfTokenHeader, fakes.FakeCsrfTokenValue)
+		})
+		It("should not update csrf tokens", func() {
+			transport, request := createTransport(), createRequest(http.MethodGet)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.updateCsrfToken()
+			Ω(err).ShouldNot(HaveOccurred())
+			expectCsrfTokenIsProperlySet(request, csrfTokenNotSet, csrfTokenNotSet)
+		})
+		It("should not update csrf tokens", func() {
+			transport, request := createTransport(), createRequest(http.MethodPost)
+			transport.Csrf.IsInitialized = true
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.updateCsrfToken()
+			Ω(err).ShouldNot(HaveOccurred())
+			expectCsrfTokenIsProperlySet(request, csrfTokenNotSet, csrfTokenNotSet)
+		})
+		It("should not update csrf tokens", func() {
+			transport, request := createTransport(), createRequest(http.MethodGet)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.updateCsrfToken()
+			Ω(err).ShouldNot(HaveOccurred())
+			expectCsrfTokenIsProperlySet(request, csrfTokenNotSet, csrfTokenNotSet)
+		})
+		It("should update csrf tokens", func() {
+			transport, request := createTransport(), createRequest(http.MethodPost)
+			csrfTokenManager := NewDefaultCsrfTokenUpdater(transport, request, fakes.NewFakeCsrfTokenFetcher())
+			err := csrfTokenManager.updateCsrfToken()
+			Ω(err).ShouldNot(HaveOccurred())
+			expectCsrfTokenIsProperlySet(request, fakes.FakeCsrfTokenHeader, fakes.FakeCsrfTokenValue)
+		})
+		Context("set cookies in the request, valid cookies", func() {
+			It("should be equal", func() {
+				request := createRequest(http.MethodGet)
+				cookies := createValidCookies()
+				UpdateCookiesIfNeeded(cookies, request)
+				Expect(cookies).To(Equal(request.Cookies()))
+			})
+		})
+	})
+})
+
+func expectCsrfTokenIsProperlySet(request *http.Request, csrfTokenHeader, csrfTokenValue string) {
+	Expect(request.Header.Get(XCsrfHeader)).To(Equal(csrfTokenHeader))
+	Expect(request.Header.Get(XCsrfToken)).To(Equal(csrfTokenValue))
+}
+
+func createResponse(httpStatusCode int, csrfToken string) *http.Response {
+	response := &http.Response{}
+	response.Header = make(http.Header)
+	response.StatusCode = httpStatusCode
+	response.Header.Set(XCsrfToken, csrfToken)
+
+	return response
+}
+
+func createTransport() *Transport {
+	return &Transport{http.DefaultTransport.(*http.Transport),
+		&Csrf{"", "", false, getNonProtectedMethods()}, &Cookies{[]*http.Cookie{}}}
+}
+
+func getNonProtectedMethods() map[string]bool {
+	nonProtectedMethods := make(map[string]bool)
+
+	nonProtectedMethods[http.MethodGet] = true
+	nonProtectedMethods[http.MethodHead] = true
+	nonProtectedMethods[http.MethodOptions] = true
+
+	return nonProtectedMethods
+}
+
+func createValidCookies() []*http.Cookie {
+	var cookies []*http.Cookie
+	cookie1 := &http.Cookie{}
+	cookie1.Name = "JSESSION"
+	cookie1.Value = "123"
+	cookie2 := &http.Cookie{}
+	cookie2.Name = "__V_CAP__"
+	cookie2.Value = "321"
+	cookies = append(cookies, cookie1)
+	cookies = append(cookies, cookie2)
+
+	return cookies
+}
+
+func createRequest(method string) *http.Request {
+	request := &http.Request{}
+	requestUrl := &url.URL{}
+	requestUrl.Scheme = "http"
+	requestUrl.Host = "localhost:1000"
+	request.URL = requestUrl
+	request.Header = make(http.Header)
+	request.Method = method
+
+	return request
+}

clients/csrf/default_csrf_token_fetcher.go

@@ -0,0 +1,72 @@
+package csrf
+
+import (
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_paramters"
+	"github.com/cloudfoundry/cli/plugin"
+	"net/http"
+	"os"
+)
+
+const CsrfTokenHeaderFetchValue = "Fetch"
+const CsrfTokensApi = "/api/v1/csrf-token"
+const ContentTypeHeader = "Content-Type"
+const AuthorizationHeader = "Authorization"
+const ApplicationJsonContentType = "application/json"
+const CookieHeader = "CookieHeader"
+
+type DefaultCsrfTokenFetcher struct {
+	transport *Transport
+}
+
+func NewDefaultCsrfTokenFetcher(transport *Transport) *DefaultCsrfTokenFetcher {
+	return &DefaultCsrfTokenFetcher{transport: transport}
+}
+
+func (c *DefaultCsrfTokenFetcher) FetchCsrfToken(url string, currentRequest *http.Request) (*csrf_paramters.CsrfRequestHeader, error) {
+	fetchTokenRequest, err := http.NewRequest(http.MethodGet, url, nil)
+	if err != nil {
+		return nil, err
+	}
+	fetchTokenRequest.Header.Set(XCsrfToken, CsrfTokenHeaderFetchValue)
+	fetchTokenRequest.Header.Set(ContentTypeHeader, ApplicationJsonContentType)
+
+	cliConnection := plugin.NewCliConnection(os.Args[1])
+	token, err := cliConnection.AccessToken()
+	if err != nil {
+		return nil, err
+	}
+	fetchTokenRequest.Header.Set(AuthorizationHeader, token)
+	UpdateCookiesIfNeeded(currentRequest.Cookies(), fetchTokenRequest)
+
+	response, err := c.transport.Transport.RoundTrip(fetchTokenRequest)
+	if err != nil {
+		return nil, err
+	}
+	if len(response.Cookies()) != 0 {
+		fetchTokenRequest.Header.Del(CookieHeader)
+		UpdateCookiesIfNeeded(response.Cookies(), fetchTokenRequest)
+
+		c.transport.Cookies.Cookies = fetchTokenRequest.Cookies()
+
+		response, err = c.transport.Transport.RoundTrip(fetchTokenRequest)
+
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &csrf_paramters.CsrfRequestHeader{response.Header.Get(XCsrfHeader), response.Header.Get(XCsrfToken)}, nil
+}
+
+func getCsrfTokenUrl(req *http.Request) string {
+	return string(req.URL.Scheme) + "://" + string(req.URL.Host) + CsrfTokensApi
+}
+
+func UpdateCookiesIfNeeded(cookies []*http.Cookie, request *http.Request) {
+	if cookies != nil {
+		request.Header.Del(CookieHeader)
+		for _, cookie := range cookies {
+			request.AddCookie(cookie)
+		}
+	}
+}