11 files changed, 72 insertions, 14 deletions

diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb
index 107ed68..555c520 100644
--- a/lib/chef_zero/chef_data/default_creator.rb
+++ b/lib/chef_zero/chef_data/default_creator.rb
@@ -187,8 +187,6 @@ module ChefZero
           elsif path[2] == 'users'
             if osc_compat
               result << 'admin'
-            else
-              result += @creators[path[0..1]] if @creators[path[0..1]]
             end
           end
         end
@@ -215,7 +213,6 @@ module ChefZero
             end
           end
 
-
           # /organizations/(*)/clients/\1-validator
           # /organizations/*/environments/_default
           # /organizations/*/groups/{admins,billing-admins,clients,users}
diff --git a/lib/chef_zero/data_normalizer.rb b/lib/chef_zero/data_normalizer.rb
index 011606a..8492656 100644
--- a/lib/chef_zero/data_normalizer.rb
+++ b/lib/chef_zero/data_normalizer.rb
@@ -32,12 +32,22 @@ module ChefZero
       container
     end
 
-    def self.normalize_user(user, name, identity_keys)
+    def self.normalize_user(user, name, identity_keys, osc_compat, method=nil)
       user[identity_keys.first] ||= name
+      user['public_key'] ||= PUBLIC_KEY
       user['admin'] ||= false
       user['admin'] = !!user['admin']
       user['openid'] ||= nil
-      user['public_key'] ||= PUBLIC_KEY
+      if !osc_compat
+        if method == 'GET'
+          user.delete('admin')
+          user.delete('password')
+          user.delete('openid')
+        end
+        user['email'] ||= nil
+        user['first_name'] ||= nil
+        user['last_name'] ||= nil
+      end
       user
     end
 
diff --git a/lib/chef_zero/endpoints/actor_endpoint.rb b/lib/chef_zero/endpoints/actor_endpoint.rb
index 6bf151d..4f213d3 100644
--- a/lib/chef_zero/endpoints/actor_endpoint.rb
+++ b/lib/chef_zero/endpoints/actor_endpoint.rb
@@ -40,7 +40,18 @@ module ChefZero
 
         # Inject private_key into response, delete public_key/password if applicable
         if result[0] == 200 || result[0] == 201
-          response = JSON.parse(result[2], :create_additions => false)
+          if request.rest_path[0] == 'users'
+            key = nil
+            identity_keys.each do |identity_key|
+              key ||= request_body[identity_key]
+            end
+            key ||= request.rest_path[-1]
+            response = {
+              'uri' => build_uri(request.base_uri, [ 'users', key ])
+            }
+          else
+            response = JSON.parse(result[2], :create_additions => false)
+          end
           response['private_key'] = private_key if private_key
           response.delete('public_key') if !updating_public_key && request.rest_path[2] == 'users'
           response.delete('password')
@@ -55,7 +66,7 @@ module ChefZero
         if request.rest_path[2] == 'clients'
           response = DataNormalizer.normalize_client(response, request.rest_path[3])
         else
-          response = DataNormalizer.normalize_user(response, request.rest_path[3], identity_keys)
+          response = DataNormalizer.normalize_user(response, request.rest_path[3], identity_keys, server.options[:osc_compat], request.method)
         end
         JSON.pretty_generate(response)
       end
diff --git a/lib/chef_zero/endpoints/actors_endpoint.rb b/lib/chef_zero/endpoints/actors_endpoint.rb
index 52908d2..55dac80 100644
--- a/lib/chef_zero/endpoints/actors_endpoint.rb
+++ b/lib/chef_zero/endpoints/actors_endpoint.rb
@@ -3,8 +3,39 @@ require 'chef_zero/endpoints/rest_list_endpoint'
 
 module ChefZero
   module Endpoints
-    # /clients or /users
+    # /users, /organizations/ORG/clients or /organizations/ORG/users
     class ActorsEndpoint < RestListEndpoint
+      def get(request)
+        response = super(request)
+
+        if request.query_params['email']
+          results = JSON.parse(response[2], :create_additions => false)
+          new_results = {}
+          results.each do |name, url|
+            record = get_data(request, request.rest_path + [ name ], :nil)
+            if record
+              record = JSON.parse(record, :create_additions => false)
+              new_results[name] = url if record['email'] == request.query_params['email']
+            end
+          end
+          response[2] = JSON.pretty_generate(new_results)
+        end
+
+        if request.query_params['verbose']
+          results = JSON.parse(response[2], :create_additions => false)
+          results.each do |name, url|
+            record = get_data(request, request.rest_path + [ name ], :nil)
+            if record
+              record = JSON.parse(record, :create_additions => false)
+              record = DataNormalizer.normalize_user(record, name, identity_keys, server.options[:osc_compat])
+              results[name] = record
+            end
+          end
+          response[2] = JSON.pretty_generate(results)
+        end
+        response
+      end
+
       def post(request)
         # First, find out if the user actually posted a public key.  If not, make
         # one.
@@ -17,11 +48,12 @@ module ChefZero
         end
 
         result = super(request)
+
         if result[0] == 201
           # If we generated a key, stuff it in the response.
           response = JSON.parse(result[2], :create_additions => false)
           response['private_key'] = private_key if private_key
-          response['public_key'] = public_key
+          response['public_key'] = public_key unless request.rest_path[0] == 'users'
           json_response(201, response)
         else
           result
diff --git a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
index 3194a69..98dbf04 100644
--- a/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
+++ b/lib/chef_zero/endpoints/authenticate_user_endpoint.rb
@@ -15,7 +15,7 @@ module ChefZero
           raise RestErrorResponse.new(401, "Bad username or password")
         end
         user = JSON.parse(user, :create_additions => false)
-        user = DataNormalizer.normalize_user(user, name, [ 'username' ])
+        user = DataNormalizer.normalize_user(user, name, [ 'username' ], server.options[:osc_compat])
         if user['password'] != password
           raise RestErrorResponse.new(401, "Bad username or password")
         end
diff --git a/lib/chef_zero/endpoints/organization_user_endpoint.rb b/lib/chef_zero/endpoints/organization_user_endpoint.rb
index 1178141..368a068 100644
--- a/lib/chef_zero/endpoints/organization_user_endpoint.rb
+++ b/lib/chef_zero/endpoints/organization_user_endpoint.rb
@@ -10,14 +10,14 @@ module ChefZero
         get_data(request) # 404 if user is not in org
         user = get_data(request, [ 'users', username ])
         user = JSON.parse(user, :create_additions => false)
-        json_response(200, DataNormalizer.normalize_user(user, username, ['username']))
+        json_response(200, DataNormalizer.normalize_user(user, username, ['username'], server.options[:osc_compat], request.method))
       end
 
       def delete(request)
         user = get_data(request)
         delete_data(request)
         user = JSON.parse(user, :create_additions => false)
-        json_response(200, DataNormalizer.normalize_user(user, request.rest_path[3], ['username']))
+        json_response(200, DataNormalizer.normalize_user(user, request.rest_path[3], ['username'], server.options[:osc_compat]))
       end
     end
   end
diff --git a/lib/chef_zero/endpoints/rest_object_endpoint.rb b/lib/chef_zero/endpoints/rest_object_endpoint.rb
index fb821e0..41cf3ed 100644
--- a/lib/chef_zero/endpoints/rest_object_endpoint.rb
+++ b/lib/chef_zero/endpoints/rest_object_endpoint.rb
@@ -28,8 +28,9 @@ module ChefZero
         rename = key != request.rest_path[-1]
         if rename
           begin
-            create_data(request, request.rest_path[0..1] + request.rest_path[2..-2], key, request.body, :data_store_exceptions)
+            create_data(request, request.rest_path[0..-2], key, request.body, :data_store_exceptions)
           rescue DataStore::DataAlreadyExistsError
+            puts $!.backtrace.join("\n")
             return error(409, "Cannot rename '#{request.rest_path[-1]}' to '#{key}': '#{key}' already exists")
           end
           delete_data(request)
diff --git a/lib/chef_zero/endpoints/system_recovery_endpoint.rb b/lib/chef_zero/endpoints/system_recovery_endpoint.rb
index cc7d760..125643b 100644
--- a/lib/chef_zero/endpoints/system_recovery_endpoint.rb
+++ b/lib/chef_zero/endpoints/system_recovery_endpoint.rb
@@ -15,7 +15,7 @@ module ChefZero
         end
 
         user = JSON.parse(user, :create_additions => false)
-        user = DataNormalizer.normalize_user(user, name, [ 'username' ])
+        user = DataNormalizer.normalize_user(user, name, [ 'username' ], server.options[:osc_compat])
         if !user['recovery_authentication_enabled']
           raise RestErrorResponse.new(403, "Only users with recovery_authentication_enabled=true may use /system_recovery to log in")
         end
diff --git a/lib/chef_zero/rest_base.rb b/lib/chef_zero/rest_base.rb
index f64343b..eabc07e 100644
--- a/lib/chef_zero/rest_base.rb
+++ b/lib/chef_zero/rest_base.rb
@@ -136,6 +136,7 @@ module ChefZero
           raise RestErrorResponse.new(404, "Parent not found: #{build_uri(request.base_uri, request.rest_path)}")
         end
       rescue DataStore::DataAlreadyExistsError
+        puts $!.backtrace.join("\n")
         if options.include?(:data_store_exceptions)
           raise
         else
@@ -155,6 +156,7 @@ module ChefZero
           raise RestErrorResponse.new(404, "Parent not found: #{build_uri(request.base_uri, request.rest_path)}")
         end
       rescue DataStore::DataAlreadyExistsError
+        puts $!.backtrace.join("\n")
         if options.include?(:data_store_exceptions)
           raise
         else
diff --git a/lib/chef_zero/server.rb b/lib/chef_zero/server.rb
index c952278..6ccdb89 100644
--- a/lib/chef_zero/server.rb
+++ b/lib/chef_zero/server.rb
@@ -78,6 +78,7 @@ require 'chef_zero/endpoints/user_association_requests_endpoint'
 require 'chef_zero/endpoints/user_association_requests_count_endpoint'
 require 'chef_zero/endpoints/user_association_request_endpoint'
 require 'chef_zero/endpoints/user_organizations_endpoint'
+require 'chef_zero/endpoints/verify_password_endpoint'
 require 'chef_zero/endpoints/file_store_file_endpoint'
 require 'chef_zero/endpoints/not_found_endpoint'
 
@@ -432,6 +433,7 @@ module ChefZero
           [ "/users/*/organizations", UserOrganizationsEndpoint.new(self) ],
           [ "/authenticate_user", AuthenticateUserEndpoint.new(self) ],
           [ "/system_recovery", SystemRecoveryEndpoint.new(self) ],
+          [ "/verify_password", VerifyPasswordEndpoint.new(self) ],
 
           [ "/organizations", OrganizationsEndpoint.new(self) ],
           [ "/organizations/*", OrganizationEndpoint.new(self) ],
diff --git a/spec/support/oc_pedant.rb b/spec/support/oc_pedant.rb
index e40a710..4d033c0 100644
--- a/spec/support/oc_pedant.rb
+++ b/spec/support/oc_pedant.rb
@@ -128,3 +128,6 @@ requestors({
 
 self[:tags] = [:validation, :authentication, :authorization]
 verify_error_messages false
+
+ruby_users_endpoint? false
+ruby_org_assoc? false