identikey 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +4 -0
- data/Guardfile +23 -0
- data/README.md +11 -5
- data/Rakefile +6 -0
- data/bin/console +21 -2
- data/bin/export +42 -0
- data/bin/import +89 -0
- data/identikey.gemspec +3 -0
- data/lib/identikey.rb +1 -20
- data/lib/identikey/administration.rb +70 -15
- data/lib/identikey/administration/user.rb +77 -16
- data/lib/identikey/authentication.rb +2 -2
- data/lib/identikey/base.rb +5 -5
- data/lib/identikey/error.rb +27 -0
- data/lib/identikey/version.rb +1 -1
- metadata +48 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9ddf98e9f2ab268487c380bab954e3fefebcdd729e81f74a5f1267ada748d8b8
|
4
|
+
data.tar.gz: 43bb94510b8cb9e6176da71ba4742891419e4591053ded611d753538d545e895
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 386ea4bc06bb5258ce0e3fa928880c3e3faae70198744c5c562c1ac8ab44b1961dfd82724e905e610432715c2ef105ff751055002489f41ea4d595652821a4b4
|
7
|
+
data.tar.gz: 3b7081b38c22f4da4bd74360467b6b4e9951d69e376b49ca47e314a6e2185257a00357fb131a5769b94ece4b39929d741baaba7e6e1330ba334e1c85ba08d5b7
|
data/.gitignore
CHANGED
data/Guardfile
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Note: The cmd option is now required due to the increasing number of ways
|
2
|
+
# rspec may be run, below are examples of the most common uses.
|
3
|
+
# * bundler: 'bundle exec rspec'
|
4
|
+
# * bundler binstubs: 'bin/rspec'
|
5
|
+
# * spring: 'bin/rspec' (This will use spring if running and you have
|
6
|
+
# installed the spring binstubs per the docs)
|
7
|
+
# * zeus: 'zeus rspec' (requires the server to be started separately)
|
8
|
+
# * 'just' rspec: 'rspec'
|
9
|
+
|
10
|
+
guard :rspec, cmd: "bundle exec rspec" do
|
11
|
+
require "guard/rspec/dsl"
|
12
|
+
dsl = Guard::RSpec::Dsl.new(self)
|
13
|
+
|
14
|
+
# RSpec files
|
15
|
+
rspec = dsl.rspec
|
16
|
+
watch(rspec.spec_helper) { rspec.spec_dir }
|
17
|
+
watch(rspec.spec_support) { rspec.spec_dir }
|
18
|
+
watch(rspec.spec_files)
|
19
|
+
|
20
|
+
# Ruby files
|
21
|
+
ruby = dsl.ruby
|
22
|
+
dsl.watch_spec_files_for(ruby.lib_files)
|
23
|
+
end
|
data/README.md
CHANGED
@@ -186,15 +186,21 @@ your application.
|
|
186
186
|
|
187
187
|
## Development
|
188
188
|
|
189
|
-
After checking out the repo, run `bin/setup` to install dependencies.
|
190
|
-
run `rake` to run the tests. You can also run `bin/console` for an interactive
|
191
|
-
prompt that will allow you to experiment.
|
189
|
+
After checking out the repo, run `bin/setup` to install dependencies.
|
192
190
|
|
193
|
-
|
191
|
+
Then, please copy `spec/test.env.example` into `spec/test.env` and
|
194
192
|
populate it with your Identikey Authentication Server host, username, password
|
195
|
-
and domain.
|
193
|
+
and domain.
|
194
|
+
|
195
|
+
You also need the Identikey SDK, that can be placed in `sdk/` and
|
196
196
|
its WSDL paths as well referenced in the `spec/test.env` file.
|
197
197
|
|
198
|
+
Then, run `rake` to run the tests.
|
199
|
+
|
200
|
+
You can also run `bin/console` for an interactive prompt that will allow you
|
201
|
+
to experiment. It requires the same environment variables required by the
|
202
|
+
specs.
|
203
|
+
|
198
204
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
199
205
|
|
200
206
|
To release a new version, update the version number in `version.rb`, and then
|
data/Rakefile
CHANGED
data/bin/console
CHANGED
@@ -3,8 +3,27 @@
|
|
3
3
|
require 'bundler/setup'
|
4
4
|
require 'identikey'
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
Identikey::Authentication.configure do
|
7
|
+
wsdl ENV.fetch('IK_WSDL_AUTH')
|
8
|
+
endpoint ENV.fetch('IK_HOST')
|
9
|
+
end
|
10
|
+
|
11
|
+
puts "Configured Auth WSDL #{ENV.fetch('IK_WSDL_AUTH')} against #{ENV.fetch('IK_HOST')}"
|
12
|
+
|
13
|
+
Identikey::Administration.configure do
|
14
|
+
wsdl ENV.fetch('IK_WSDL_ADMIN')
|
15
|
+
endpoint ENV.fetch('IK_HOST')
|
16
|
+
end
|
17
|
+
|
18
|
+
puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
|
19
|
+
|
20
|
+
$ik = Identikey::Administration::Session.new(
|
21
|
+
username: ENV.fetch('IK_USER'),
|
22
|
+
password: ENV.fetch('IK_PASS'),
|
23
|
+
domain: ENV.fetch('IK_DOMAIN')
|
24
|
+
)
|
25
|
+
|
26
|
+
puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}. Find it in $ik variable"
|
8
27
|
|
9
28
|
require "pry"
|
10
29
|
Pry.start
|
data/bin/export
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'identikey'
|
5
|
+
require 'json'
|
6
|
+
|
7
|
+
if ARGV.size != 1
|
8
|
+
$stderr.puts "Usage: #{$0} <users.json>"
|
9
|
+
exit 1
|
10
|
+
end
|
11
|
+
|
12
|
+
Identikey::Administration.configure do
|
13
|
+
wsdl ENV.fetch('IK_WSDL_ADMIN')
|
14
|
+
endpoint ENV.fetch('IK_HOST')
|
15
|
+
end
|
16
|
+
|
17
|
+
puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
|
18
|
+
|
19
|
+
$ik = Identikey::Administration::Session.new(
|
20
|
+
username: ENV.fetch('IK_USER'),
|
21
|
+
password: ENV.fetch('IK_PASS'),
|
22
|
+
domain: ENV.fetch('IK_DOMAIN')
|
23
|
+
)
|
24
|
+
|
25
|
+
$ik.logon
|
26
|
+
|
27
|
+
puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
|
28
|
+
|
29
|
+
at_exit { $ik.logoff }
|
30
|
+
|
31
|
+
users = Identikey::Administration::User.search(session: $ik, query: {})
|
32
|
+
users_slim = users.map do |u|
|
33
|
+
{ username: u.username,
|
34
|
+
email: u.email,
|
35
|
+
digipass: u.digipass,
|
36
|
+
disabled: u.disabled,
|
37
|
+
locked: u.locked,
|
38
|
+
expires_at: u.expires_at
|
39
|
+
}
|
40
|
+
end
|
41
|
+
|
42
|
+
File.write ARGV[0], users_slim.to_json
|
data/bin/import
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'identikey'
|
5
|
+
require 'json'
|
6
|
+
|
7
|
+
if ARGV.size != 1
|
8
|
+
$stderr.puts "Usage: #{$0} <users.json>"
|
9
|
+
exit 1
|
10
|
+
end
|
11
|
+
|
12
|
+
Identikey::Administration.configure do
|
13
|
+
wsdl ENV.fetch('IK_WSDL_ADMIN')
|
14
|
+
endpoint ENV.fetch('IK_HOST')
|
15
|
+
end
|
16
|
+
|
17
|
+
puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
|
18
|
+
|
19
|
+
$ik = Identikey::Administration::Session.new(
|
20
|
+
username: ENV.fetch('IK_USER'),
|
21
|
+
password: ENV.fetch('IK_PASS'),
|
22
|
+
domain: ENV.fetch('IK_DOMAIN')
|
23
|
+
)
|
24
|
+
|
25
|
+
$ik.logon
|
26
|
+
|
27
|
+
puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
|
28
|
+
|
29
|
+
at_exit { $ik.logoff }
|
30
|
+
|
31
|
+
users = JSON.load File.read ARGV[0]
|
32
|
+
|
33
|
+
users.each do |import|
|
34
|
+
|
35
|
+
puts "Looking up #{import['username']}"
|
36
|
+
ik_user = begin
|
37
|
+
Identikey::Administration::User.find(session: $ik, username: import['username'], domain: ENV.fetch('IK_DOMAIN'))
|
38
|
+
rescue => e
|
39
|
+
puts "Cannot look up #{import['username']}: #{e.message}"
|
40
|
+
nil
|
41
|
+
end
|
42
|
+
|
43
|
+
unless ik_user
|
44
|
+
puts "User #{import['username']} not found, creating"
|
45
|
+
|
46
|
+
ik_user = Identikey::Administration::User.new($ik,
|
47
|
+
'USERFLD_USERID' => import['username'],
|
48
|
+
'USERFLD_EMAIL' => import['email'],
|
49
|
+
'USERFLD_DOMAIN' => ENV.fetch('IK_DOMAIN'),
|
50
|
+
'USERFLD_LOCAL_AUTH' => 'Default',
|
51
|
+
'USERFLD_BACKEND_AUTH' => 'Default',
|
52
|
+
'USERFLD_DISABLED' => import['disabled'],
|
53
|
+
'USERFLD_LOCKED' => import['locked'],
|
54
|
+
'USERFLD_EXPIRATION_TIME' => import['expires_at']
|
55
|
+
)
|
56
|
+
|
57
|
+
begin
|
58
|
+
ik_user.save!
|
59
|
+
puts "User #{import['username']} created"
|
60
|
+
rescue => e
|
61
|
+
|
62
|
+
puts "Cannot create #{import['username']}: #{e.message}"
|
63
|
+
|
64
|
+
next
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
missing_digipass = import['digipass'] - ik_user.digipass
|
69
|
+
|
70
|
+
missing_digipass.each do |digipass|
|
71
|
+
puts "Assigining digipass #{digipass} to #{import['username']}"
|
72
|
+
|
73
|
+
ik_token = begin
|
74
|
+
Identikey::Administration::Digipass.find(session: $ik, serial_no: digipass)
|
75
|
+
rescue => e
|
76
|
+
puts "Digipass #{digipass} was not found"
|
77
|
+
next
|
78
|
+
end
|
79
|
+
|
80
|
+
begin
|
81
|
+
ik_token.assign! import['username'], ENV.fetch('IK_DOMAIN')
|
82
|
+
rescue => e
|
83
|
+
puts "Digipass #{digipass} could not be assigned to #{import['username']}: #{e.message}"
|
84
|
+
end
|
85
|
+
|
86
|
+
puts "Assignment of digipass #{digipass} to #{import['username']} was successful"
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
data/identikey.gemspec
CHANGED
@@ -32,4 +32,7 @@ Gem::Specification.new do |spec|
|
|
32
32
|
spec.add_development_dependency 'byebug'
|
33
33
|
spec.add_development_dependency 'simplecov'
|
34
34
|
spec.add_development_dependency 'dotenv'
|
35
|
+
spec.add_development_dependency 'guard-rspec'
|
36
|
+
spec.add_development_dependency 'vacman_controller'
|
37
|
+
spec.add_development_dependency 'code_counter'
|
35
38
|
end
|
data/lib/identikey.rb
CHANGED
@@ -1,26 +1,7 @@
|
|
1
1
|
require 'savon'
|
2
2
|
|
3
3
|
require 'identikey/version'
|
4
|
+
require 'identikey/error'
|
4
5
|
require 'identikey/unsigned'
|
5
6
|
require 'identikey/authentication'
|
6
7
|
require 'identikey/administration'
|
7
|
-
|
8
|
-
module Identikey
|
9
|
-
# Generic error class
|
10
|
-
class Error < StandardError; end
|
11
|
-
|
12
|
-
# Raised when the user is not doing things correctly
|
13
|
-
class UsageError < Error; end
|
14
|
-
|
15
|
-
# Raised when the received XML does not conform to documentation
|
16
|
-
class ParseError < Error; end
|
17
|
-
|
18
|
-
# Raised when something is "not found", such as an user or a digipass.
|
19
|
-
class NotFound < Error; end
|
20
|
-
|
21
|
-
# Raised when Admin logon failed
|
22
|
-
class LogonFailed < Error; end
|
23
|
-
|
24
|
-
# Raised when read/write operations fail
|
25
|
-
class OperationFailed < Error; end
|
26
|
-
end
|
@@ -61,12 +61,7 @@ module Identikey
|
|
61
61
|
# `log:` keyword is set to false.
|
62
62
|
#
|
63
63
|
def ping(session_id:, log:)
|
64
|
-
|
65
|
-
client.globals[:log] = log
|
66
|
-
|
67
|
-
sessionalive(session_id: session_id)
|
68
|
-
ensure
|
69
|
-
client.globals[:log] = old_log
|
64
|
+
logging_to(log) { sessionalive(session_id: session_id) }
|
70
65
|
end
|
71
66
|
|
72
67
|
def admin_session_query(session_id:)
|
@@ -150,17 +145,58 @@ module Identikey
|
|
150
145
|
)
|
151
146
|
end
|
152
147
|
|
148
|
+
def user_execute_RESET_PASSWORD(session_id:, username:, domain:)
|
149
|
+
user_execute(
|
150
|
+
session_id: session_id,
|
151
|
+
cmd: 'USERCMD_RESET_PASSWORD',
|
152
|
+
attributes: typed_attributes_list_from(
|
153
|
+
USERFLD_USERID: username,
|
154
|
+
USERFLD_DOMAIN: domain
|
155
|
+
)
|
156
|
+
)
|
157
|
+
end
|
153
158
|
|
154
|
-
def
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
159
|
+
def user_execute_SET_PASSWORD(session_id:, username:, domain:, password:)
|
160
|
+
user_execute(
|
161
|
+
session_id: session_id,
|
162
|
+
cmd: 'USERCMD_SET_PASSWORD',
|
163
|
+
attributes: typed_attributes_list_from(
|
164
|
+
USERFLD_USERID: username,
|
165
|
+
USERFLD_DOMAIN: domain,
|
166
|
+
USERFLD_NEW_PASSWORD: password,
|
167
|
+
USERFLD_CONFIRM_NEW_PASSWORD: password
|
168
|
+
)
|
169
|
+
)
|
170
|
+
end
|
162
171
|
|
163
|
-
|
172
|
+
def user_execute_UNLOCK(session_id:, username:, domain:)
|
173
|
+
user_execute(
|
174
|
+
session_id: session_id,
|
175
|
+
cmd: 'USERCMD_UNLOCK',
|
176
|
+
attributes: typed_attributes_list_from(
|
177
|
+
USERFLD_USERID: username,
|
178
|
+
USERFLD_DOMAIN: domain
|
179
|
+
)
|
180
|
+
)
|
181
|
+
end
|
182
|
+
|
183
|
+
# Executes a userQuery command that searches users. By default, it doesn't
|
184
|
+
# log anywhere. To enable logging to a specific destination, pass a logger
|
185
|
+
# as the log: option. To log to the default destination, pass `true` as
|
186
|
+
# the log: option.
|
187
|
+
#
|
188
|
+
def user_query(session_id:, attributes:, query_options:, log: false)
|
189
|
+
logging_to(log) do
|
190
|
+
resp = super(message: {
|
191
|
+
sessionID: session_id,
|
192
|
+
attributeSet: {
|
193
|
+
attributes: typed_attributes_query_list_from(attributes)
|
194
|
+
},
|
195
|
+
queryOptions: query_options
|
196
|
+
})
|
197
|
+
|
198
|
+
parse_response resp, :user_query_response
|
199
|
+
end
|
164
200
|
end
|
165
201
|
|
166
202
|
|
@@ -260,5 +296,24 @@ module Identikey
|
|
260
296
|
)
|
261
297
|
end
|
262
298
|
|
299
|
+
private
|
300
|
+
# Allows temporarily overriding the log destination. If it
|
301
|
+
# is set to `false` then logging is disabled altogether.
|
302
|
+
# If it is set to `true`, then this is a no-op.
|
303
|
+
#
|
304
|
+
def logging_to(destination)
|
305
|
+
old_log = client.globals[:log]
|
306
|
+
|
307
|
+
unless destination === true
|
308
|
+
client.globals[:log] = destination
|
309
|
+
end
|
310
|
+
|
311
|
+
yield
|
312
|
+
|
313
|
+
ensure
|
314
|
+
client.globals[:log] = old_log
|
315
|
+
end
|
316
|
+
|
317
|
+
|
263
318
|
end
|
264
319
|
end
|
@@ -6,9 +6,11 @@ module Identikey
|
|
6
6
|
new(session).find(username, domain)
|
7
7
|
end
|
8
8
|
|
9
|
-
def self.search(session:, query:, options: {})
|
10
|
-
|
11
|
-
query[
|
9
|
+
def self.search(session:, query:, options: {}, log: false)
|
10
|
+
[:has_digipass, :not_has_digipass].each do |funky_boolean|
|
11
|
+
if query.key?(funky_boolean) && [true, false].include?(query[funky_boolean])
|
12
|
+
query[funky_boolean] = query[funky_boolean] ? 'Assigned' : 'Unassigned'
|
13
|
+
end
|
12
14
|
end
|
13
15
|
|
14
16
|
query_keys = {
|
@@ -27,10 +29,12 @@ module Identikey
|
|
27
29
|
|
28
30
|
stat, users, error = session.execute(:user_query,
|
29
31
|
attributes: Base.search_attributes_from(query, attribute_map: query_keys),
|
30
|
-
query_options: Base.search_options_from(options)
|
32
|
+
query_options: Base.search_options_from(options),
|
33
|
+
log: log
|
34
|
+
)
|
31
35
|
|
32
36
|
case stat
|
33
|
-
when 'STAT_SUCCESS' then (users||[]).map {|user| new(session, user) }
|
37
|
+
when 'STAT_SUCCESS' then (users||[]).map {|user| new(session, user, persisted: true) }
|
34
38
|
when 'STAT_NOT_FOUND' then []
|
35
39
|
else
|
36
40
|
raise Identikey::Error, "Search user failed: #{stat} - #{error}"
|
@@ -57,11 +61,17 @@ module Identikey
|
|
57
61
|
attr_accessor :expired
|
58
62
|
attr_accessor :last_auth_attempt_at
|
59
63
|
attr_accessor :description
|
64
|
+
attr_accessor :passwd_last_set_at
|
65
|
+
attr_accessor :has_password
|
60
66
|
|
61
|
-
|
67
|
+
alias locked? locked
|
68
|
+
alias digipass? has_digipass
|
69
|
+
alias password? has_password
|
70
|
+
|
71
|
+
def initialize(session, user = nil, persisted: false)
|
62
72
|
@session = session
|
63
73
|
|
64
|
-
replace(user) if user
|
74
|
+
replace(user, persisted: persisted) if user
|
65
75
|
end
|
66
76
|
|
67
77
|
def find(username, domain)
|
@@ -100,26 +110,20 @@ module Identikey
|
|
100
110
|
})
|
101
111
|
|
102
112
|
if stat != 'STAT_SUCCESS'
|
103
|
-
raise Identikey::OperationFailed, "Save user failed: #{stat} - #{error}"
|
113
|
+
raise Identikey::OperationFailed, "Save user #{self.username} failed: #{stat} - #{error}"
|
104
114
|
end
|
105
115
|
|
106
116
|
replace(user, persisted: true)
|
107
117
|
end
|
108
118
|
|
109
119
|
def destroy!
|
110
|
-
|
111
|
-
raise Identikey::UsageError, "User #{self.username} is not persisted"
|
112
|
-
end
|
113
|
-
|
114
|
-
unless self.username && self.domain
|
115
|
-
raise Identikey::UsageError, "User #{self} is missing username and/or domain"
|
116
|
-
end
|
120
|
+
ensure_persisted!
|
117
121
|
|
118
122
|
stat, _, error = @session.execute(
|
119
123
|
:user_execute_DELETE, username: username, domain: domain)
|
120
124
|
|
121
125
|
if stat != 'STAT_SUCCESS'
|
122
|
-
raise Identikey::OperationFailed, "Delete user failed: #{stat} - #{error}"
|
126
|
+
raise Identikey::OperationFailed, "Delete user #{self.username} failed: #{stat} - #{error}"
|
123
127
|
end
|
124
128
|
|
125
129
|
@persisted = false
|
@@ -127,6 +131,51 @@ module Identikey
|
|
127
131
|
self
|
128
132
|
end
|
129
133
|
|
134
|
+
def clear_password!
|
135
|
+
ensure_persisted!
|
136
|
+
|
137
|
+
stat, _, error = @session.execute(
|
138
|
+
:user_execute_RESET_PASSWORD, username: username, domain: domain)
|
139
|
+
|
140
|
+
if stat != 'STAT_SUCCESS'
|
141
|
+
raise Identikey::OperationFailed, "Clear user #{self.username} password failed: #{stat} - #{error}"
|
142
|
+
end
|
143
|
+
|
144
|
+
self.has_password = false
|
145
|
+
|
146
|
+
true
|
147
|
+
end
|
148
|
+
|
149
|
+
def set_password!(password)
|
150
|
+
ensure_persisted!
|
151
|
+
|
152
|
+
stat, _, error = @session.execute(
|
153
|
+
:user_execute_SET_PASSWORD, username: username, domain: domain, password: password)
|
154
|
+
|
155
|
+
if stat != 'STAT_SUCCESS'
|
156
|
+
raise Identikey::OperationFailed, "Set user #{self.username} password failed: #{stat} - #{error}"
|
157
|
+
end
|
158
|
+
|
159
|
+
self.has_password = true
|
160
|
+
|
161
|
+
true
|
162
|
+
end
|
163
|
+
|
164
|
+
def unlock!
|
165
|
+
ensure_persisted!
|
166
|
+
|
167
|
+
stat, _, error = @session.execute(
|
168
|
+
:user_execute_UNLOCK, username: username, domain: domain)
|
169
|
+
|
170
|
+
if stat != 'STAT_SUCCESS'
|
171
|
+
raise Identikey::OperationFailed, "Unlock user #{self.username} failed: #{stat} - #{error}"
|
172
|
+
end
|
173
|
+
|
174
|
+
self.locked = false
|
175
|
+
|
176
|
+
true
|
177
|
+
end
|
178
|
+
|
130
179
|
protected
|
131
180
|
def replace(user, persisted: false)
|
132
181
|
self.username = user['USERFLD_USERID']
|
@@ -149,11 +198,23 @@ module Identikey
|
|
149
198
|
self.expired = user['USERFLD_EXPIRED']
|
150
199
|
self.last_auth_attempt_at = user['USERFLD_LASTAUTHREQ_TIME']
|
151
200
|
self.description = user['USERFLD_DESCRIPTION']
|
201
|
+
self.passwd_last_set_at = user['USERFLD_LAST_PASSWORD_SET_TIME']
|
202
|
+
self.has_password = !user['USERFLD_PASSWORD'].nil?
|
152
203
|
|
153
204
|
@persisted = persisted
|
154
205
|
|
155
206
|
self
|
156
207
|
end
|
208
|
+
|
209
|
+
def ensure_persisted!
|
210
|
+
unless self.persisted?
|
211
|
+
raise Identikey::UsageError, "User #{self.username} is not persisted"
|
212
|
+
end
|
213
|
+
|
214
|
+
unless self.username && self.domain
|
215
|
+
raise Identikey::UsageError, "User #{self} is missing username and/or domain"
|
216
|
+
end
|
217
|
+
end
|
157
218
|
end
|
158
219
|
|
159
220
|
end
|
@@ -28,13 +28,13 @@ module Identikey
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def self.validate!(user, domain, otp)
|
31
|
-
status, result,
|
31
|
+
status, result, error_stack = new.auth_user(user, domain, otp)
|
32
32
|
|
33
33
|
if otp_validated_ok?(status, result)
|
34
34
|
return true
|
35
35
|
else
|
36
36
|
error_message = result['CREDFLD_STATUS_MESSAGE']
|
37
|
-
raise Identikey::OperationFailed
|
37
|
+
raise Identikey::OperationFailed.new("OTP Validation error (#{status}): #{error_message}", error_stack)
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
data/lib/identikey/base.rb
CHANGED
@@ -264,8 +264,8 @@ module Identikey
|
|
264
264
|
parse = /^(not_)?(.*)/i.match(full_name.to_s)
|
265
265
|
name = parse[2]
|
266
266
|
|
267
|
-
options =
|
268
|
-
options
|
267
|
+
options = {}
|
268
|
+
options[:negative] = true if !parse[1].nil?
|
269
269
|
|
270
270
|
type, value = case value
|
271
271
|
|
@@ -275,8 +275,8 @@ module Identikey
|
|
275
275
|
when Integer
|
276
276
|
[ 'xsd:int', value.to_s ]
|
277
277
|
|
278
|
-
when
|
279
|
-
[ 'xsd:
|
278
|
+
when Time
|
279
|
+
[ 'xsd:dateTime', value.utc.iso8601 ]
|
280
280
|
|
281
281
|
when TrueClass, FalseClass
|
282
282
|
[ 'xsd:boolean', value.to_s ]
|
@@ -285,7 +285,7 @@ module Identikey
|
|
285
285
|
[ 'xsd:string', value.to_s ]
|
286
286
|
|
287
287
|
when NilClass
|
288
|
-
options
|
288
|
+
options[:null] = true
|
289
289
|
[ 'xsd:string', '' ]
|
290
290
|
|
291
291
|
else
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Identikey
|
2
|
+
# Generic error class
|
3
|
+
class Error < StandardError
|
4
|
+
def initialize(message, error_stack = nil)
|
5
|
+
super(message)
|
6
|
+
|
7
|
+
@error_stack = error_stack
|
8
|
+
end
|
9
|
+
|
10
|
+
attr_reader :error_stack
|
11
|
+
end
|
12
|
+
|
13
|
+
# Raised when the user is not doing things correctly
|
14
|
+
class UsageError < Error; end
|
15
|
+
|
16
|
+
# Raised when the received XML does not conform to documentation
|
17
|
+
class ParseError < Error; end
|
18
|
+
|
19
|
+
# Raised when something is "not found", such as an user or a digipass.
|
20
|
+
class NotFound < Error; end
|
21
|
+
|
22
|
+
# Raised when Admin logon failed
|
23
|
+
class LogonFailed < Error; end
|
24
|
+
|
25
|
+
# Raised when read/write operations fail
|
26
|
+
class OperationFailed < Error; end
|
27
|
+
end
|
data/lib/identikey/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: identikey
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marcello Barnaba
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: savon
|
@@ -136,6 +136,48 @@ dependencies:
|
|
136
136
|
- - ">="
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: guard-rspec
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: vacman_controller
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: code_counter
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
139
181
|
description: This gem contains a SOAP client to consume Identikey API
|
140
182
|
email:
|
141
183
|
- vjt@openssl.it
|
@@ -146,10 +188,13 @@ files:
|
|
146
188
|
- ".gitignore"
|
147
189
|
- ".rspec"
|
148
190
|
- Gemfile
|
191
|
+
- Guardfile
|
149
192
|
- LICENSE.txt
|
150
193
|
- README.md
|
151
194
|
- Rakefile
|
152
195
|
- bin/console
|
196
|
+
- bin/export
|
197
|
+
- bin/import
|
153
198
|
- bin/setup
|
154
199
|
- identikey.gemspec
|
155
200
|
- lib/identikey.rb
|
@@ -160,6 +205,7 @@ files:
|
|
160
205
|
- lib/identikey/administration/user.rb
|
161
206
|
- lib/identikey/authentication.rb
|
162
207
|
- lib/identikey/base.rb
|
208
|
+
- lib/identikey/error.rb
|
163
209
|
- lib/identikey/unsigned.rb
|
164
210
|
- lib/identikey/version.rb
|
165
211
|
- log/.keep
|