Class: Legion::CLI::Auth

Inherits:
Thor
  • Object
show all
Defined in:
lib/legion/cli/auth_command.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.exit_on_failure?Boolean

Returns:

  • (Boolean) 


10
11
12
 
# File 'lib/legion/cli/auth_command.rb', line 10

def self.exit_on_failure?
  true
end

Instance Method Details

#kerberosObject 



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/legion/cli/auth_command.rb', line 83

def kerberos
  klist_output = `klist 2>&1`
  unless $CHILD_STATUS&.success?
    say 'No Kerberos ticket found. Run kinit first or check your domain connection.', :red
    return
  end

  principal_match = klist_output.match(/Principal:\s+(\S+)/)
  unless principal_match
    say 'Could not detect Kerberos principal from klist output.', :red
    return
  end

  principal = principal_match[1]
  realm     = options[:realm] || principal.split('@', 2).last
  say 'Detected Kerberos ticket:', :green
  say "  Principal: #{principal}"
  say "  Realm: #{realm}"

  api_url = resolve_api_url
  say "Authenticating to #{api_url}..."

  token    = build_spnego_token(api_url)
  response = send_negotiate_request(api_url, token)
  handle_negotiate_response(response)
rescue StandardError => e
  Legion::Logging.error("Auth#kerberos failed: #{e.message}") if defined?(Legion::Logging)
  say "Kerberos auth error: #{e.message}", :red
end

#teamsObject 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/legion/cli/auth_command.rb', line 21

def teams
  out = formatter
  Connection.ensure_settings(resolve_secrets: false)

  port = begin
    Legion::Settings.dig(:api, :port) || 4567
  rescue StandardError
    4567
  end

  out.header('Microsoft Teams Authentication')

  require 'net/http'
  require 'legion/json'

  # Ask the daemon for the authorize URL
  uri = ::URI.parse("http://127.0.0.1:#{port}/api/auth/teams/authorize")
  params = {}
  params[:scopes] = options[:scopes] if options[:scopes]
  response = ::Net::HTTP.post(uri, Legion::JSON.dump(params), 'Content-Type' => 'application/json')
  parsed = Legion::JSON.load(response.body)

  unless response.code.to_i == 200 && parsed.dig(:data, :authorize_url)
    error_msg = parsed.dig(:error, :message) || "HTTP #{response.code}"
    out.error("Daemon returned: #{error_msg}")
    raise SystemExit, 1
  end

  url = parsed[:data][:authorize_url]
  out.info('Opening browser for Microsoft login...')
  system('open', url) || out.warn("Open this URL manually:\n  #{url}")
  out.info('Waiting for callback on daemon...')

  # Poll daemon for auth result
  poll_uri = ::URI.parse("http://127.0.0.1:#{port}/api/auth/teams/status?state=#{parsed.dig(:data, :state)}")
  30.times do
    sleep 2
    poll_response = ::Net::HTTP.get_response(poll_uri)
    poll_data = Legion::JSON.load(poll_response.body)

    if poll_data.dig(:data, :authenticated)
      out.success('Authentication successful! Token stored by daemon.')
      return
    end

    next unless poll_data.dig(:data, :error)

    out.error("Authentication failed: #{poll_data[:data][:error]}")
    raise SystemExit, 1
  end

  out.error('Timed out waiting for authentication (60s)')
  raise SystemExit, 1
rescue Errno::ECONNREFUSED
  out = formatter
  out.error('Daemon not running. Start it first: legionio start')
  raise SystemExit, 1
end