identikey 0.5.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17806b4e8996eac32014f37f34d9e698b4668e5fd196e1102e2a30c0eb349757
-  data.tar.gz: 26e36da28a662d259e538ef2936d8b03a883c0e38e450a5350e548a336336ed7
+  metadata.gz: 9ddf98e9f2ab268487c380bab954e3fefebcdd729e81f74a5f1267ada748d8b8
+  data.tar.gz: 43bb94510b8cb9e6176da71ba4742891419e4591053ded611d753538d545e895
 SHA512:
-  metadata.gz: cf8893d1ae7931194b59c54d0f3a6addd824869c116859ae534f36bb5a6619cebdb1f0e87bb6d8c74c4a67988470053abb2985b6d58e2011d59a0b16eeaf1eeb
-  data.tar.gz: 0c4e3661f8b518f55382490c9af060580d1982f2762904afeef435e9c544e0309e6ced8230bbea0e4b3e23451a544828bd10dc486858d8fc3ca03b792e191437
+  metadata.gz: 386ea4bc06bb5258ce0e3fa928880c3e3faae70198744c5c562c1ac8ab44b1961dfd82724e905e610432715c2ef105ff751055002489f41ea4d595652821a4b4
+  data.tar.gz: 3b7081b38c22f4da4bd74360467b6b4e9951d69e376b49ca47e314a6e2185257a00357fb131a5769b94ece4b39929d741baaba7e6e1330ba334e1c85ba08d5b7

data/.gitignore

@@ -6,14 +6,18 @@
 /pkg/
 /spec/reports/
 /spec/test.env
+/spec/examples.txt
 /tmp/
 /log/
 /sdk
+/dpx
 
 Gemfile.lock
 
 .byebug_history
 
+.env
+
 # vim swap files
 
 .*.sw?

data/Guardfile

@@ -0,0 +1,23 @@
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/README.md

@@ -186,15 +186,21 @@ your application.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then,
-run `rake` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies.
 
-To run specs, please copy `spec/test.env.example` into `spec/test.env` and
+Then, please copy `spec/test.env.example` into `spec/test.env` and
 populate it with your Identikey Authentication Server host, username, password
-and domain. You also need the Identikey SDK, that can be placed in `/sdk` and
+and domain.
+
+You also need the Identikey SDK, that can be placed in `sdk/` and
 its WSDL paths as well referenced in the `spec/test.env` file.
 
+Then, run `rake` to run the tests.
+
+You can also run `bin/console` for an interactive prompt that will allow you
+to experiment. It requires the same environment variables required by the
+specs.
+
 To install this gem onto your local machine, run `bundle exec rake install`.
 
 To release a new version, update the version number in `version.rb`, and then

data/Rakefile

@@ -6,3 +6,9 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
 end
 
 task :default => :spec
+
+require 'code_counter/engine'
+desc 'Print code statistics'
+task :stats do
+  puts CodeCounter::Engine.new.to_s
+end

data/bin/console

@@ -3,8 +3,27 @@
 require 'bundler/setup'
 require 'identikey'
 
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
+Identikey::Authentication.configure do
+  wsdl ENV.fetch('IK_WSDL_AUTH')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Auth WSDL #{ENV.fetch('IK_WSDL_AUTH')} against #{ENV.fetch('IK_HOST')}"
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}. Find it in $ik variable"
 
 require "pry"
 Pry.start

data/bin/export

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = Identikey::Administration::User.search(session: $ik, query: {})
+users_slim = users.map do |u|
+  { username:   u.username,
+    email:      u.email,
+    digipass:   u.digipass,
+    disabled:   u.disabled,
+    locked:     u.locked,
+    expires_at: u.expires_at
+  }
+end
+
+File.write ARGV[0], users_slim.to_json

data/bin/import

@@ -0,0 +1,89 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = JSON.load File.read ARGV[0]
+
+users.each do |import|
+
+  puts "Looking up #{import['username']}"
+  ik_user = begin
+    Identikey::Administration::User.find(session: $ik, username: import['username'], domain: ENV.fetch('IK_DOMAIN'))
+  rescue => e
+    puts "Cannot look up #{import['username']}: #{e.message}"
+    nil
+  end
+
+  unless ik_user
+    puts "User #{import['username']} not found, creating"
+
+    ik_user = Identikey::Administration::User.new($ik,
+      'USERFLD_USERID'          => import['username'],
+      'USERFLD_EMAIL'           => import['email'],
+      'USERFLD_DOMAIN'          => ENV.fetch('IK_DOMAIN'),
+      'USERFLD_LOCAL_AUTH'      => 'Default',
+      'USERFLD_BACKEND_AUTH'    => 'Default',
+      'USERFLD_DISABLED'        => import['disabled'],
+      'USERFLD_LOCKED'          => import['locked'],
+      'USERFLD_EXPIRATION_TIME' => import['expires_at']
+    )
+
+    begin
+      ik_user.save!
+      puts "User #{import['username']} created"
+    rescue => e
+
+      puts "Cannot create #{import['username']}: #{e.message}"
+
+      next
+    end
+  end
+
+  missing_digipass = import['digipass'] - ik_user.digipass
+
+  missing_digipass.each do |digipass|
+    puts "Assigining digipass #{digipass} to #{import['username']}"
+
+    ik_token = begin
+      Identikey::Administration::Digipass.find(session: $ik, serial_no: digipass)
+    rescue => e
+      puts "Digipass #{digipass} was not found"
+      next
+    end
+
+    begin
+      ik_token.assign! import['username'], ENV.fetch('IK_DOMAIN')
+    rescue => e
+      puts "Digipass #{digipass} could not be assigned to #{import['username']}: #{e.message}"
+    end
+
+    puts "Assignment of digipass #{digipass} to #{import['username']} was successful"
+  end
+
+end

data/identikey.gemspec

@@ -32,4 +32,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'vacman_controller'
+  spec.add_development_dependency 'code_counter'
 end

data/lib/identikey.rb

@@ -1,26 +1,7 @@
 require 'savon'
 
 require 'identikey/version'
+require 'identikey/error'
 require 'identikey/unsigned'
 require 'identikey/authentication'
 require 'identikey/administration'
-
-module Identikey
-  # Generic error class
-  class Error < StandardError; end
-
-  # Raised when the user is not doing things correctly
-  class UsageError < Error; end
-
-  # Raised when the received XML does not conform to documentation
-  class ParseError < Error; end
-
-  # Raised when something is "not found", such as an user or a digipass.
-  class NotFound < Error; end
-
-  # Raised when Admin logon failed
-  class LogonFailed < Error; end
-
-  # Raised when read/write operations fail
-  class OperationFailed < Error; end
-end

data/lib/identikey/administration.rb

@@ -61,12 +61,7 @@ module Identikey
     # `log:` keyword is set to false.
     #
     def ping(session_id:, log:)
-      old_log = client.globals[:log]
-      client.globals[:log] = log
-
-      sessionalive(session_id: session_id)
-    ensure
-      client.globals[:log] = old_log
+      logging_to(log) { sessionalive(session_id: session_id) }
     end
 
     def admin_session_query(session_id:)
@@ -150,17 +145,58 @@ module Identikey
       )
     end
 
+    def user_execute_RESET_PASSWORD(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_RESET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
 
-    def user_query(session_id:, attributes:, query_options:)
-      resp = super(message: {
-        sessionID: session_id,
-        attributeSet: {
-          attributes: typed_attributes_query_list_from(attributes)
-        },
-        queryOptions: query_options
-      })
+    def user_execute_SET_PASSWORD(session_id:, username:, domain:, password:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_SET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain,
+          USERFLD_NEW_PASSWORD: password,
+          USERFLD_CONFIRM_NEW_PASSWORD: password
+        )
+      )
+    end
 
-      parse_response resp, :user_query_response
+    def user_execute_UNLOCK(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_UNLOCK',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
+
+    # Executes a userQuery command that searches users. By default, it doesn't
+    # log anywhere. To enable logging to a specific destination, pass a logger
+    # as the log: option. To log to the default destination, pass `true` as
+    # the log: option.
+    #
+    def user_query(session_id:, attributes:, query_options:, log: false)
+      logging_to(log) do
+        resp = super(message: {
+          sessionID: session_id,
+          attributeSet: {
+            attributes: typed_attributes_query_list_from(attributes)
+          },
+          queryOptions: query_options
+        })
+
+        parse_response resp, :user_query_response
+      end
     end
 
 
@@ -260,5 +296,24 @@ module Identikey
       )
     end
 
+    private
+      # Allows temporarily overriding the log destination. If it
+      # is set to `false` then logging is disabled altogether.
+      # If it is set to `true`, then this is a no-op.
+      #
+      def logging_to(destination)
+        old_log = client.globals[:log]
+
+        unless destination === true
+          client.globals[:log] = destination
+        end
+
+        yield
+
+      ensure
+        client.globals[:log] = old_log
+      end
+
+
   end
 end

data/lib/identikey/administration/user.rb

@@ -6,9 +6,11 @@ module Identikey
         new(session).find(username, domain)
       end
 
-      def self.search(session:, query:, options: {})
-        if query.key?(:has_digipass) && [true, false].include?(query[:has_digipass])
-          query[:has_digipass] = query[:has_digipass] ? 'Assigned' : 'Unassigned'
+      def self.search(session:, query:, options: {}, log: false)
+        [:has_digipass, :not_has_digipass].each do |funky_boolean|
+          if query.key?(funky_boolean) && [true, false].include?(query[funky_boolean])
+            query[funky_boolean] = query[funky_boolean] ? 'Assigned' : 'Unassigned'
+          end
         end
 
         query_keys = {
@@ -27,10 +29,12 @@ module Identikey
 
         stat, users, error = session.execute(:user_query,
           attributes:    Base.search_attributes_from(query, attribute_map: query_keys),
-          query_options: Base.search_options_from(options))
+          query_options: Base.search_options_from(options),
+          log:           log
+        )
 
         case stat
-        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user) }
+        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user, persisted: true) }
         when 'STAT_NOT_FOUND' then []
         else
           raise Identikey::Error, "Search user failed: #{stat} - #{error}"
@@ -57,11 +61,17 @@ module Identikey
       attr_accessor :expired
       attr_accessor :last_auth_attempt_at
       attr_accessor :description
+      attr_accessor :passwd_last_set_at
+      attr_accessor :has_password
 
-      def initialize(session, user = nil)
+      alias locked? locked
+      alias digipass? has_digipass
+      alias password? has_password
+
+      def initialize(session, user = nil, persisted: false)
         @session = session
 
-        replace(user) if user
+        replace(user, persisted: persisted) if user
       end
 
       def find(username, domain)
@@ -100,26 +110,20 @@ module Identikey
         })
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Save user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Save user #{self.username} failed: #{stat} - #{error}"
         end
 
         replace(user, persisted: true)
       end
 
       def destroy!
-        unless self.persisted?
-          raise Identikey::UsageError, "User #{self.username} is not persisted"
-        end
-
-        unless self.username && self.domain
-          raise Identikey::UsageError, "User #{self} is missing username and/or domain"
-        end
+        ensure_persisted!
 
         stat, _, error = @session.execute(
           :user_execute_DELETE, username: username, domain: domain)
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Delete user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Delete user #{self.username} failed: #{stat} - #{error}"
         end
 
         @persisted = false
@@ -127,6 +131,51 @@ module Identikey
         self
       end
 
+      def clear_password!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_RESET_PASSWORD, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Clear user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = false
+
+        true
+      end
+
+      def set_password!(password)
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_SET_PASSWORD, username: username, domain: domain, password: password)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Set user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = true
+
+        true
+      end
+
+      def unlock!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_UNLOCK, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Unlock user #{self.username} failed: #{stat} - #{error}"
+        end
+
+        self.locked = false
+
+        true
+      end
+
       protected
         def replace(user, persisted: false)
           self.username             = user['USERFLD_USERID']
@@ -149,11 +198,23 @@ module Identikey
           self.expired              = user['USERFLD_EXPIRED']
           self.last_auth_attempt_at = user['USERFLD_LASTAUTHREQ_TIME']
           self.description          = user['USERFLD_DESCRIPTION']
+          self.passwd_last_set_at   = user['USERFLD_LAST_PASSWORD_SET_TIME']
+          self.has_password         = !user['USERFLD_PASSWORD'].nil?
 
           @persisted = persisted
 
           self
         end
+
+        def ensure_persisted!
+          unless self.persisted?
+            raise Identikey::UsageError, "User #{self.username} is not persisted"
+          end
+
+          unless self.username && self.domain
+            raise Identikey::UsageError, "User #{self} is missing username and/or domain"
+          end
+        end
     end
 
   end

data/lib/identikey/authentication.rb

@@ -28,13 +28,13 @@ module Identikey
     end
 
     def self.validate!(user, domain, otp)
-      status, result, _ = new.auth_user(user, domain, otp)
+      status, result, error_stack = new.auth_user(user, domain, otp)
 
       if otp_validated_ok?(status, result)
         return true
       else
         error_message = result['CREDFLD_STATUS_MESSAGE']
-        raise Identikey::OperationFailed, "OTP Validation error (#{status}): #{error_message}"
+        raise Identikey::OperationFailed.new("OTP Validation error (#{status}): #{error_message}", error_stack)
       end
     end
 

data/lib/identikey/base.rb

@@ -264,8 +264,8 @@ module Identikey
           parse = /^(not_)?(.*)/i.match(full_name.to_s)
           name  = parse[2]
 
-          options = []
-          options.push(negative: true) if !parse[1].nil?
+          options = {}
+          options[:negative] = true if !parse[1].nil?
 
           type, value = case value
 
@@ -275,8 +275,8 @@ module Identikey
           when Integer
             [ 'xsd:int', value.to_s ]
 
-          when DateTime, Time
-            [ 'xsd:datetime', value.utc.iso8601 ]
+          when Time
+            [ 'xsd:dateTime', value.utc.iso8601 ]
 
           when TrueClass, FalseClass
             [ 'xsd:boolean', value.to_s ]
@@ -285,7 +285,7 @@ module Identikey
             [ 'xsd:string', value.to_s ]
 
           when NilClass
-            options.push(null: true)
+            options[:null] = true
             [ 'xsd:string', '' ]
 
           else

data/lib/identikey/error.rb

@@ -0,0 +1,27 @@
+module Identikey
+  # Generic error class
+  class Error < StandardError
+    def initialize(message, error_stack = nil)
+      super(message)
+
+      @error_stack = error_stack
+    end
+
+    attr_reader :error_stack
+  end
+
+  # Raised when the user is not doing things correctly
+  class UsageError < Error; end
+
+  # Raised when the received XML does not conform to documentation
+  class ParseError < Error; end
+
+  # Raised when something is "not found", such as an user or a digipass.
+  class NotFound < Error; end
+
+  # Raised when Admin logon failed
+  class LogonFailed < Error; end
+
+  # Raised when read/write operations fail
+  class OperationFailed < Error; end
+end

data/lib/identikey/version.rb

@@ -1,3 +1,3 @@
 module Identikey
-  VERSION = "0.5.0"
+  VERSION = "0.7.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: identikey
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Marcello Barnaba
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-10-23 00:00:00.000000000 Z
+date: 2020-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: savon
@@ -136,6 +136,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vacman_controller
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: code_counter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem contains a SOAP client to consume Identikey API
 email:
 - vjt@openssl.it
@@ -146,10 +188,13 @@ files:
 - ".gitignore"
 - ".rspec"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
+- bin/export
+- bin/import
 - bin/setup
 - identikey.gemspec
 - lib/identikey.rb
@@ -160,6 +205,7 @@ files:
 - lib/identikey/administration/user.rb
 - lib/identikey/authentication.rb
 - lib/identikey/base.rb
+- lib/identikey/error.rb
 - lib/identikey/unsigned.rb
 - lib/identikey/version.rb
 - log/.keep