Merge pull request #19 from jianxiaoguo/dev

feat(workflow-cli): use OIDC login

Author: duanhongyi

cli/cli.go

@@ -9,9 +9,7 @@ var Shortcuts = map[string]string{
 	"logout":         "auth:logout",
 	"logs":           "apps:logs",
 	"open":           "apps:open",
-	"passwd":         "auth:passwd",
 	"pull":           "builds:create",
-	"register":       "auth:register",
 	"rollback":       "releases:rollback",
 	"run":            "apps:run",
 	"scale":          "ps:scale",

cmd/auth.go

@@ -3,108 +3,88 @@ package cmd
 import (
 	"errors"
 	"fmt"
-	"strings"
-	"syscall"
+	"net/url"
+	"os/exec"
+	"runtime"
+	"time"
 
 	drycc "github.com/drycc/controller-sdk-go"
+	"github.com/drycc/controller-sdk-go/api"
 	"github.com/drycc/controller-sdk-go/auth"
 	"github.com/drycc/workflow-cli/settings"
-	"golang.org/x/crypto/ssh/terminal"
 )
 
-// Register creates a account on a Drycc controller.
-func (d *DryccCmd) Register(controller string, username string, password string, email string,
-	sslVerify, login bool) error {
-
-	c, err := drycc.New(sslVerify, controller, "")
-
-	if err != nil {
+func (d *DryccCmd) doLogin(s settings.Settings) error {
+	URL, err := auth.Login(s.Client)
+	if d.checkAPICompatibility(s.Client, err) != nil {
 		return err
 	}
-
-	tempSettings, err := settings.Load(d.ConfigFile)
-
-	if err == nil && tempSettings.Client.ControllerURL.Host == c.ControllerURL.Host {
-		c.Token = tempSettings.Client.Token
-	}
-
-	// Set user agent for temporary client.
-	c.UserAgent = settings.UserAgent
-
-	if err = c.CheckConnection(); d.checkAPICompatibility(c, err) != nil {
-		return err
+	if err != nil {
+		return nil
 	}
-
-	if username == "" {
-		d.Print("username: ")
-		fmt.Scanln(&username)
+	fmt.Printf("Opening browser to %s\n", URL)
+	d.Print("Waiting for login... ")
+	err = d.openBrower(URL)
+	if err != nil {
+		d.Print("Cannot open browser, please visit the website in yourself")
 	}
-
-	if password == "" {
-		d.Print("password: ")
-		password, err = readPassword()
-		if err != nil {
-			return err
-		}
-
-		d.Printf("\npassword (confirm): ")
-		passwordConfirm, err := readPassword()
-		d.Println()
-
-		if err != nil {
-			return err
-		}
-
-		if password != passwordConfirm {
-			return errors.New("password mismatch, aborting registration")
-		}
+	u, err := url.Parse(URL)
+	if err != nil {
+		return err
 	}
+	key := u.Query()["key"][0]
+	quit := progress(d.WOut)
+	d.doToken(s, key)
+	quit <- true
+	<-quit
+	return nil
+}
 
-	if email == "" {
-		d.Print("email: ")
-		fmt.Scanln(&email)
+func (d *DryccCmd) openBrower(URL string) error {
+	var commands = map[string]string{
+		"windows": "start",
+		"darwin":  "open",
+		"linux":   "xdg-open",
 	}
-
-	err = auth.Register(c, username, password, email)
-
-	c.Token = ""
-
-	if d.checkAPICompatibility(c, err) != nil {
-		d.PrintErr("Registration failed: ")
-		return err
+	run, ok := commands[runtime.GOOS]
+	if !ok {
+		return errors.New("warning: Cannot open browser")
 	}
-
-	d.Printf("Registered %s\n", username)
-
-	if login {
-		return d.Login(controller, username, password, sslVerify)
+	cmd := exec.Command(run, URL)
+	err := cmd.Start()
+	if err != nil {
+		return errors.New("warning: Cannot open browser")
 	}
 
 	return nil
 }
 
-func (d *DryccCmd) doLogin(s settings.Settings, username, password string) error {
-	token, err := auth.Login(s.Client, username, password)
-	if d.checkAPICompatibility(s.Client, err) != nil {
-		return err
+func (d *DryccCmd) doToken(s settings.Settings, key string) error {
+	var token api.AuthLoginResponse
+	for i := 0; i <= 120; i++ {
+		token, _ = auth.Token(s.Client, key)
+		if token != (api.AuthLoginResponse{}) {
+			break
+		}
+		time.Sleep(time.Duration(5) * time.Second)
 	}
-
-	s.Client.Token = token
-	s.Username = username
-
-	filename, err := s.Save(d.ConfigFile)
-
-	if err != nil {
-		return nil
+	if token.Token == "" || token.Token == "fail" {
+		d.Printf("Logged fail")
+	} else {
+		s.Client.Token = token.Token
+		s.Username = token.Username
+		filename, err := s.Save(d.ConfigFile)
+		if err != nil {
+			return nil
+		}
+		d.Printf("Logged in as %s\n", token.Username)
+		d.Printf("Configuration file written to %s\n", filename)
 	}
-
-	d.Printf("Logged in as %s\n", username)
-	d.Printf("Configuration file written to %s\n", filename)
 	return nil
 }
 
 // Login to a Drycc controller.
-func (d *DryccCmd) Login(controller string, username string, password string, sslVerify bool) error {
+func (d *DryccCmd) Login(controller string, sslVerify bool) error {
 	c, err := drycc.New(sslVerify, controller, "")
 
 	if err != nil {
@@ -118,23 +98,8 @@ func (d *DryccCmd) Login(controller string, username string, password string, ss
 		return err
 	}
 
-	if username == "" {
-		d.Print("username: ")
-		fmt.Scanln(&username)
-	}
-
-	if password == "" {
-		d.Print("password: ")
-		password, err = readPassword()
-		d.Println()
-
-		if err != nil {
-			return err
-		}
-	}
-
 	s := settings.Settings{Client: c}
-	return d.doLogin(s, username, password)
+	return d.doLogin(s)
 }
 
 // Logout from a Drycc controller.
@@ -147,117 +112,6 @@ func (d *DryccCmd) Logout() error {
 	return nil
 }
 
-// Passwd changes a user's password.
-func (d *DryccCmd) Passwd(username, password, newPassword string) error {
-	s, err := settings.Load(d.ConfigFile)
-
-	if err != nil {
-		return err
-	}
-
-	if password == "" && username == "" {
-		d.Print("current password: ")
-		password, err = readPassword()
-		d.Println()
-
-		if err != nil {
-			return err
-		}
-	}
-
-	if newPassword == "" {
-		d.Print("new password: ")
-		newPassword, err = readPassword()
-		if err != nil {
-			return err
-		}
-
-		d.Printf("\nnew password (confirm): ")
-		passwordConfirm, err := readPassword()
-
-		d.Println()
-
-		if err != nil {
-			return err
-		}
-
-		if newPassword != passwordConfirm {
-			return errors.New("password mismatch, not changing")
-		}
-	}
-
-	err = auth.Passwd(s.Client, username, password, newPassword)
-	if d.checkAPICompatibility(s.Client, err) != nil {
-		d.PrintErr("Password change failed: ")
-		return err
-	}
-
-	d.Println("Password change succeeded.")
-	return nil
-}
-
-// Cancel deletes a user's account.
-func (d *DryccCmd) Cancel(username, password string, yes bool) error {
-	s, err := settings.Load(d.ConfigFile)
-
-	if err != nil {
-		return err
-	}
-
-	if username == "" || password != "" {
-		d.Println("Please log in again in order to cancel this account")
-
-		if err = d.Login(s.Client.ControllerURL.String(), username, password, s.Client.VerifySSL); err != nil {
-			return err
-		}
-	}
-
-	if !yes {
-		confirm := ""
-
-		s, err = settings.Load(d.ConfigFile)
-
-		if err != nil {
-			return err
-		}
-
-		deletedUser := username
-
-		if deletedUser == "" {
-			deletedUser = s.Username
-		}
-
-		d.Printf("cancel account %s at %s? (y/N): ", deletedUser, s.Client.ControllerURL.String())
-		fmt.Scanln(&confirm)
-
-		if strings.ToLower(confirm) == "y" {
-			yes = true
-		}
-	}
-
-	if !yes {
-		d.PrintErrln("Account not changed")
-		return nil
-	}
-
-	err = auth.Delete(s.Client, username)
-	if err == drycc.ErrConflict {
-		return fmt.Errorf("%s still has applications associated with it. Transfer ownership or delete them first", username)
-	} else if d.checkAPICompatibility(s.Client, err) != nil {
-		return err
-	}
-
-	// If user targets themselves, logout.
-	if username == "" || s.Username == username {
-		if err := settings.Delete(d.ConfigFile); err != nil {
-			return err
-		}
-	}
-
-	d.Println("Account cancelled")
-	return nil
-}
-
 // Whoami prints the logged in user. If all is true, it fetches info from the controller to know
 // more about the user.
 func (d *DryccCmd) Whoami(all bool) error {
@@ -278,35 +132,3 @@ func (d *DryccCmd) Whoami(all bool) error {
 	}
 	return nil
 }
-
-// Regenerate regenenerates a user's token.
-func (d *DryccCmd) Regenerate(username string, all bool) error {
-	s, err := settings.Load(d.ConfigFile)
-
-	if err != nil {
-		return err
-	}
-
-	token, err := auth.Regenerate(s.Client, username, all)
-	if d.checkAPICompatibility(s.Client, err) != nil {
-		return err
-	}
-
-	if username == "" && !all {
-		s.Client.Token = token
-		_, err = s.Save(d.ConfigFile)
-
-		if err != nil {
-			return err
-		}
-	}
-
-	d.Println("Token Regenerated")
-	return nil
-}
-
-func readPassword() (string, error) {
-	password, err := terminal.ReadPassword(int(syscall.Stdin))
-
-	return string(password), err
-}