identikey 0.5.1 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b55edf8d9a08412a4ce162b70b130f149a0ea1047c97a14a301056aa5c41350
-  data.tar.gz: eac60565c851f0ee3d100171a804d60e5804bb59539ad83b81c09d92b0a811f8
+  metadata.gz: 7eb968c0e5dd54488d15939d79d81ebccbf7052c93e3da22ff77bad6fc623106
+  data.tar.gz: d90c163b2fdebaf21e6386a721c8f17b4ec0248dd44394e234c646007842a5fd
 SHA512:
-  metadata.gz: bdcc16f8fa44bc513e44b6ed6b2ef5c3259cdc251568e2719a410306b033c27a1cc7542f19707ce1ae4803b6d1a7b0466a549f1a7a1ef93812c3e6bf70f26160
-  data.tar.gz: f55cbd706367e52d32394c4e220146fec6ea0a0a881c3871d71a186b0857a58ecb19357e54837a67950b25647ad45a6125cdc7bf1f96ad83870734957e6f7394
+  metadata.gz: 984d1e2f3b20b1d882568d70e338420062ba54b89b26b5f7c9495fd92ee2f5507db7d1da38c4d45662c32fc478c68ac88622d3b69a8c50bb6a617b01a9761d7b
+  data.tar.gz: 1c8092afbd35a441141c9830422a26467fc1fd851cbb9eee3109e8e69edea710de97b1ab22041c66869f5a84ea2bc6a29d6e465142b0dba3727f2453cd0831a5

data/.gitignore

@@ -6,14 +6,18 @@
 /pkg/
 /spec/reports/
 /spec/test.env
+/spec/examples.txt
 /tmp/
 /log/
 /sdk
+/dpx
 
 Gemfile.lock
 
 .byebug_history
 
+.env
+
 # vim swap files
 
 .*.sw?

data/Guardfile

@@ -0,0 +1,23 @@
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/README.md

@@ -186,15 +186,21 @@ your application.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then,
-run `rake` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies.
 
-To run specs, please copy `spec/test.env.example` into `spec/test.env` and
+Then, please copy `spec/test.env.example` into `spec/test.env` and
 populate it with your Identikey Authentication Server host, username, password
-and domain. You also need the Identikey SDK, that can be placed in `/sdk` and
+and domain.
+
+You also need the Identikey SDK, that can be placed in `sdk/` and
 its WSDL paths as well referenced in the `spec/test.env` file.
 
+Then, run `rake` to run the tests.
+
+You can also run `bin/console` for an interactive prompt that will allow you
+to experiment. It requires the same environment variables required by the
+specs.
+
 To install this gem onto your local machine, run `bundle exec rake install`.
 
 To release a new version, update the version number in `version.rb`, and then

data/Rakefile

@@ -6,3 +6,9 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
 end
 
 task :default => :spec
+
+require 'code_counter/engine'
+desc 'Print code statistics'
+task :stats do
+  puts CodeCounter::Engine.new.to_s
+end

data/bin/console

@@ -3,8 +3,27 @@
 require 'bundler/setup'
 require 'identikey'
 
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
+Identikey::Authentication.configure do
+  wsdl ENV.fetch('IK_WSDL_AUTH')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Auth WSDL #{ENV.fetch('IK_WSDL_AUTH')} against #{ENV.fetch('IK_HOST')}"
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}. Find it in $ik variable"
 
 require "pry"
 Pry.start

data/bin/export

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = Identikey::Administration::User.search(session: $ik, query: {})
+users_slim = users.map do |u|
+  { username:   u.username,
+    email:      u.email,
+    digipass:   u.digipass,
+    disabled:   u.disabled,
+    locked:     u.locked,
+    expires_at: u.expires_at
+  }
+end
+
+File.write ARGV[0], users_slim.to_json

data/bin/import

@@ -0,0 +1,89 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = JSON.load File.read ARGV[0]
+
+users.each do |import|
+
+  puts "Looking up #{import['username']}"
+  ik_user = begin
+    Identikey::Administration::User.find(session: $ik, username: import['username'], domain: ENV.fetch('IK_DOMAIN'))
+  rescue => e
+    puts "Cannot look up #{import['username']}: #{e.message}"
+    nil
+  end
+
+  unless ik_user
+    puts "User #{import['username']} not found, creating"
+
+    ik_user = Identikey::Administration::User.new($ik,
+      'USERFLD_USERID'          => import['username'],
+      'USERFLD_EMAIL'           => import['email'],
+      'USERFLD_DOMAIN'          => ENV.fetch('IK_DOMAIN'),
+      'USERFLD_LOCAL_AUTH'      => 'Default',
+      'USERFLD_BACKEND_AUTH'    => 'Default',
+      'USERFLD_DISABLED'        => import['disabled'],
+      'USERFLD_LOCKED'          => import['locked'],
+      'USERFLD_EXPIRATION_TIME' => import['expires_at']
+    )
+
+    begin
+      ik_user.save!
+      puts "User #{import['username']} created"
+    rescue => e
+
+      puts "Cannot create #{import['username']}: #{e.message}"
+
+      next
+    end
+  end
+
+  missing_digipass = import['digipass'] - ik_user.digipass
+
+  missing_digipass.each do |digipass|
+    puts "Assigining digipass #{digipass} to #{import['username']}"
+
+    ik_token = begin
+      Identikey::Administration::Digipass.find(session: $ik, serial_no: digipass)
+    rescue => e
+      puts "Digipass #{digipass} was not found"
+      next
+    end
+
+    begin
+      ik_token.assign! import['username'], ENV.fetch('IK_DOMAIN')
+    rescue => e
+      puts "Digipass #{digipass} could not be assigned to #{import['username']}: #{e.message}"
+    end
+
+    puts "Assignment of digipass #{digipass} to #{import['username']} was successful"
+  end
+
+end

data/identikey.gemspec

@@ -25,11 +25,14 @@ Gem::Specification.new do |spec|
   spec.add_dependency "savon", "~> 2.0"
 
   spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'hirb'
   spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'vacman_controller'
+  spec.add_development_dependency 'code_counter'
 end

data/lib/identikey/administration.rb

@@ -61,12 +61,7 @@ module Identikey
     # `log:` keyword is set to false.
     #
     def ping(session_id:, log:)
-      old_log = client.globals[:log]
-      client.globals[:log] = log
-
-      sessionalive(session_id: session_id)
-    ensure
-      client.globals[:log] = old_log
+      logging_to(log) { sessionalive(session_id: session_id) }
     end
 
     def admin_session_query(session_id:)
@@ -150,17 +145,58 @@ module Identikey
       )
     end
 
+    def user_execute_RESET_PASSWORD(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_RESET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
 
-    def user_query(session_id:, attributes:, query_options:)
-      resp = super(message: {
-        sessionID: session_id,
-        attributeSet: {
-          attributes: typed_attributes_query_list_from(attributes)
-        },
-        queryOptions: query_options
-      })
+    def user_execute_SET_PASSWORD(session_id:, username:, domain:, password:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_SET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain,
+          USERFLD_NEW_PASSWORD: password,
+          USERFLD_CONFIRM_NEW_PASSWORD: password
+        )
+      )
+    end
 
-      parse_response resp, :user_query_response
+    def user_execute_UNLOCK(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_UNLOCK',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
+
+    # Executes a userQuery command that searches users. By default, it doesn't
+    # log anywhere. To enable logging to a specific destination, pass a logger
+    # as the log: option. To log to the default destination, pass `true` as
+    # the log: option.
+    #
+    def user_query(session_id:, attributes:, query_options:, log: false)
+      logging_to(log) do
+        resp = super(message: {
+          sessionID: session_id,
+          attributeSet: {
+            attributes: typed_attributes_query_list_from(attributes)
+          },
+          queryOptions: query_options
+        })
+
+        parse_response resp, :user_query_response
+      end
     end
 
 
@@ -260,5 +296,24 @@ module Identikey
       )
     end
 
+    private
+      # Allows temporarily overriding the log destination. If it
+      # is set to `false` then logging is disabled altogether.
+      # If it is set to `true`, then this is a no-op.
+      #
+      def logging_to(destination)
+        old_log = client.globals[:log]
+
+        unless destination === true
+          client.globals[:log] = destination
+        end
+
+        yield
+
+      ensure
+        client.globals[:log] = old_log
+      end
+
+
   end
 end

data/lib/identikey/administration/user.rb

@@ -6,7 +6,7 @@ module Identikey
         new(session).find(username, domain)
       end
 
-      def self.search(session:, query:, options: {})
+      def self.search(session:, query:, options: {}, log: false)
         [:has_digipass, :not_has_digipass].each do |funky_boolean|
           if query.key?(funky_boolean) && [true, false].include?(query[funky_boolean])
             query[funky_boolean] = query[funky_boolean] ? 'Assigned' : 'Unassigned'
@@ -29,10 +29,12 @@ module Identikey
 
         stat, users, error = session.execute(:user_query,
           attributes:    Base.search_attributes_from(query, attribute_map: query_keys),
-          query_options: Base.search_options_from(options))
+          query_options: Base.search_options_from(options),
+          log:           log
+        )
 
         case stat
-        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user) }
+        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user, persisted: true) }
         when 'STAT_NOT_FOUND' then []
         else
           raise Identikey::Error, "Search user failed: #{stat} - #{error}"
@@ -59,11 +61,17 @@ module Identikey
       attr_accessor :expired
       attr_accessor :last_auth_attempt_at
       attr_accessor :description
+      attr_accessor :passwd_last_set_at
+      attr_accessor :has_password
 
-      def initialize(session, user = nil)
+      alias locked? locked
+      alias digipass? has_digipass
+      alias password? has_password
+
+      def initialize(session, user = nil, persisted: false)
         @session = session
 
-        replace(user) if user
+        replace(user, persisted: persisted) if user
       end
 
       def find(username, domain)
@@ -102,26 +110,20 @@ module Identikey
         })
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Save user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Save user #{self.username} failed: #{stat} - #{error}"
         end
 
         replace(user, persisted: true)
       end
 
       def destroy!
-        unless self.persisted?
-          raise Identikey::UsageError, "User #{self.username} is not persisted"
-        end
-
-        unless self.username && self.domain
-          raise Identikey::UsageError, "User #{self} is missing username and/or domain"
-        end
+        ensure_persisted!
 
         stat, _, error = @session.execute(
           :user_execute_DELETE, username: username, domain: domain)
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Delete user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Delete user #{self.username} failed: #{stat} - #{error}"
         end
 
         @persisted = false
@@ -129,6 +131,51 @@ module Identikey
         self
       end
 
+      def clear_password!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_RESET_PASSWORD, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Clear user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = false
+
+        true
+      end
+
+      def set_password!(password)
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_SET_PASSWORD, username: username, domain: domain, password: password)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Set user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = true
+
+        true
+      end
+
+      def unlock!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_UNLOCK, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Unlock user #{self.username} failed: #{stat} - #{error}"
+        end
+
+        self.locked = false
+
+        true
+      end
+
       protected
         def replace(user, persisted: false)
           self.username             = user['USERFLD_USERID']
@@ -151,11 +198,23 @@ module Identikey
           self.expired              = user['USERFLD_EXPIRED']
           self.last_auth_attempt_at = user['USERFLD_LASTAUTHREQ_TIME']
           self.description          = user['USERFLD_DESCRIPTION']
+          self.passwd_last_set_at   = user['USERFLD_LAST_PASSWORD_SET_TIME']
+          self.has_password         = !user['USERFLD_PASSWORD'].nil?
 
           @persisted = persisted
 
           self
         end
+
+        def ensure_persisted!
+          unless self.persisted?
+            raise Identikey::UsageError, "User #{self.username} is not persisted"
+          end
+
+          unless self.username && self.domain
+            raise Identikey::UsageError, "User #{self} is missing username and/or domain"
+          end
+        end
     end
 
   end

data/lib/identikey/base.rb

@@ -264,8 +264,8 @@ module Identikey
           parse = /^(not_)?(.*)/i.match(full_name.to_s)
           name  = parse[2]
 
-          options = []
-          options.push(negative: true) if !parse[1].nil?
+          options = {}
+          options[:negative] = true if !parse[1].nil?
 
           type, value = case value
 
@@ -275,8 +275,8 @@ module Identikey
           when Integer
             [ 'xsd:int', value.to_s ]
 
-          when DateTime, Time
-            [ 'xsd:datetime', value.utc.iso8601 ]
+          when Time
+            [ 'xsd:dateTime', value.utc.iso8601 ]
 
           when TrueClass, FalseClass
             [ 'xsd:boolean', value.to_s ]
@@ -285,7 +285,7 @@ module Identikey
             [ 'xsd:string', value.to_s ]
 
           when NilClass
-            options.push(null: true)
+            options[:null] = true
             [ 'xsd:string', '' ]
 
           else

data/lib/identikey/version.rb

@@ -1,3 +1,3 @@
 module Identikey
-  VERSION = "0.5.1"
+  VERSION = "0.7.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: identikey
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.7.1
 platform: ruby
 authors:
 - Marcello Barnaba
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-01 00:00:00.000000000 Z
+date: 2020-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: savon
@@ -42,16 +42,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vacman_controller
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: code_counter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem contains a SOAP client to consume Identikey API
 email:
 - vjt@openssl.it
@@ -146,10 +188,13 @@ files:
 - ".gitignore"
 - ".rspec"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
+- bin/export
+- bin/import
 - bin/setup
 - identikey.gemspec
 - lib/identikey.rb