identikey 0.5.2 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39bb043b3ece2e37fc84ec06bb4f83b88be7af8391fb2061bee01d64fc9f0464
-  data.tar.gz: 94114e6c78ce9572c80b415be3a27bb39e17eb57e978fcb1a446da4a63fc1d00
+  metadata.gz: ffd988c720bdca730df04328a39439d122436887c02e794b65884559457cfbff
+  data.tar.gz: 325ae345fecbb3f4c31b5710d5cf6788cd88ac279319b127c8db64246e0e7919
 SHA512:
-  metadata.gz: 43194c6c964d57d6565ccd01d5b714ad4f61ae9658d24c3798b240715b543e67378f1e44ade48c3d76af245072bb7704399b80763934a4a8141b444806288b76
-  data.tar.gz: 3aa8e78fc6d9b07b1d308b28cfaa4da4ede847dd33af3311a2db2f699ed9521720ec5d88485286be66f2c71aaf4f6b0bc276fd92b32e7e4df976064fb9ca9a83
+  metadata.gz: ef2cc1d394a1fbec3d4205901447ded1f98d9c04aeb9a89bfaab69d5c5a11f0584b607b16cc84f19099aaafeb14bbfda6c3551c269f26b6213ad26aa8e8244d9
+  data.tar.gz: dd00773caf4a4a63804ac3059a098d193a793a107f4ad5050ecc46061f59285b39a2522658415eb70322280a9fc5803a6bea37e25d82b4ca61ae922d6ee53ada

data/.gitignore

@@ -6,14 +6,18 @@
 /pkg/
 /spec/reports/
 /spec/test.env
+/spec/examples.txt
 /tmp/
 /log/
 /sdk
+/dpx
 
 Gemfile.lock
 
 .byebug_history
 
+.env
+
 # vim swap files
 
 .*.sw?

data/Guardfile

@@ -0,0 +1,23 @@
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/README.md

@@ -186,15 +186,21 @@ your application.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then,
-run `rake` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies.
 
-To run specs, please copy `spec/test.env.example` into `spec/test.env` and
+Then, please copy `spec/test.env.example` into `spec/test.env` and
 populate it with your Identikey Authentication Server host, username, password
-and domain. You also need the Identikey SDK, that can be placed in `/sdk` and
+and domain.
+
+You also need the Identikey SDK, that can be placed in `sdk/` and
 its WSDL paths as well referenced in the `spec/test.env` file.
 
+Then, run `rake` to run the tests.
+
+You can also run `bin/console` for an interactive prompt that will allow you
+to experiment. It requires the same environment variables required by the
+specs.
+
 To install this gem onto your local machine, run `bundle exec rake install`.
 
 To release a new version, update the version number in `version.rb`, and then

data/Rakefile

@@ -6,3 +6,9 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
 end
 
 task :default => :spec
+
+require 'code_counter/engine'
+desc 'Print code statistics'
+task :stats do
+  puts CodeCounter::Engine.new.to_s
+end

data/bin/console

@@ -3,8 +3,27 @@
 require 'bundler/setup'
 require 'identikey'
 
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
+Identikey::Authentication.configure do
+  wsdl ENV.fetch('IK_WSDL_AUTH')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Auth WSDL #{ENV.fetch('IK_WSDL_AUTH')} against #{ENV.fetch('IK_HOST')}"
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}. Find it in $ik variable"
 
 require "pry"
 Pry.start

data/bin/export

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = Identikey::Administration::User.search(session: $ik, query: {})
+users_slim = users.map do |u|
+  { username:   u.username,
+    email:      u.email,
+    digipass:   u.digipass,
+    disabled:   u.disabled,
+    locked:     u.locked,
+    expires_at: u.expires_at
+  }
+end
+
+File.write ARGV[0], users_slim.to_json

data/bin/import

@@ -0,0 +1,89 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = JSON.load File.read ARGV[0]
+
+users.each do |import|
+
+  puts "Looking up #{import['username']}"
+  ik_user = begin
+    Identikey::Administration::User.find(session: $ik, username: import['username'], domain: ENV.fetch('IK_DOMAIN'))
+  rescue => e
+    puts "Cannot look up #{import['username']}: #{e.message}"
+    nil
+  end
+
+  unless ik_user
+    puts "User #{import['username']} not found, creating"
+
+    ik_user = Identikey::Administration::User.new($ik,
+      'USERFLD_USERID'          => import['username'],
+      'USERFLD_EMAIL'           => import['email'],
+      'USERFLD_DOMAIN'          => ENV.fetch('IK_DOMAIN'),
+      'USERFLD_LOCAL_AUTH'      => 'Default',
+      'USERFLD_BACKEND_AUTH'    => 'Default',
+      'USERFLD_DISABLED'        => import['disabled'],
+      'USERFLD_LOCKED'          => import['locked'],
+      'USERFLD_EXPIRATION_TIME' => import['expires_at']
+    )
+
+    begin
+      ik_user.save!
+      puts "User #{import['username']} created"
+    rescue => e
+
+      puts "Cannot create #{import['username']}: #{e.message}"
+
+      next
+    end
+  end
+
+  missing_digipass = import['digipass'] - ik_user.digipass
+
+  missing_digipass.each do |digipass|
+    puts "Assigining digipass #{digipass} to #{import['username']}"
+
+    ik_token = begin
+      Identikey::Administration::Digipass.find(session: $ik, serial_no: digipass)
+    rescue => e
+      puts "Digipass #{digipass} was not found"
+      next
+    end
+
+    begin
+      ik_token.assign! import['username'], ENV.fetch('IK_DOMAIN')
+    rescue => e
+      puts "Digipass #{digipass} could not be assigned to #{import['username']}: #{e.message}"
+    end
+
+    puts "Assignment of digipass #{digipass} to #{import['username']} was successful"
+  end
+
+end

data/identikey.gemspec

@@ -25,11 +25,14 @@ Gem::Specification.new do |spec|
   spec.add_dependency "savon", "~> 2.0"
 
   spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'hirb'
   spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'vacman_controller'
+  spec.add_development_dependency 'code_counter'
 end

data/lib/identikey/administration.rb

@@ -145,6 +145,40 @@ module Identikey
       )
     end
 
+    def user_execute_RESET_PASSWORD(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_RESET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
+
+    def user_execute_SET_PASSWORD(session_id:, username:, domain:, password:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_SET_PASSWORD',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain,
+          USERFLD_NEW_PASSWORD: password,
+          USERFLD_CONFIRM_NEW_PASSWORD: password
+        )
+      )
+    end
+
+    def user_execute_UNLOCK(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_UNLOCK',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
 
     # Executes a userQuery command that searches users. By default, it doesn't
     # log anywhere. To enable logging to a specific destination, pass a logger

data/lib/identikey/administration/session.rb

@@ -6,12 +6,21 @@ module Identikey
       attr_reader :session_id, :product, :version
       attr_reader :privileges, :location
 
-      def initialize(username:, password:, domain: 'master')
+      def initialize(username:, password: nil, apikey: nil, domain: 'master')
+        if password.nil? && apikey.nil?
+          raise Identikey::UsageError, "Either a password or an API Key is required"
+        end
+
         @client = Identikey::Administration.new
 
         @username = username
         @password = password
         @domain   = domain
+
+        if apikey
+          @service_user = true
+          @session_id = "Apikey #{username}:#{apikey}"
+        end
       end
 
       def endpoint
@@ -23,6 +32,8 @@ module Identikey
       end
 
       def logon
+        require_classic_user!
+
         stat, sess, error = @client.logon(username: @username, password: @password, domain: @domain)
 
         if stat != 'STAT_SUCCESS'
@@ -42,6 +53,7 @@ module Identikey
       end
 
       def logoff
+        require_classic_user!
         require_logged_on!
 
         stat, _, error = @client.logoff session_id: @session_id
@@ -60,6 +72,8 @@ module Identikey
       end
 
       def alive?(log: true)
+        require_classic_user!
+
         return false unless logged_on?
 
         stat, _ = @client.ping session_id: @session_id, log: log
@@ -108,7 +122,17 @@ module Identikey
       end
 
       def inspect
-        "#<#{self.class.name} sid=#@session_id username=#@username domain=#@domain product=#@product>"
+        descr = if service_user?
+          "SERVICE USER"
+        else
+          "domain=#@domain product=#@product"
+        end
+
+        "#<#{self.class.name} sid=#@session_id username=#@username #{descr}>"
+      end
+
+      def service_user?
+        !!@service_user
       end
 
       alias sid session_id
@@ -123,6 +147,12 @@ module Identikey
         end
       end
 
+      def require_classic_user!
+        if service_user?
+          raise Identikey::UsageError, "This command is not supported with Service users"
+        end
+      end
+
       def parse_privileges(privileges)
         privileges.split(', ').inject({}) do |h, priv|
           privilege, status = priv.split(' ')

data/lib/identikey/administration/user.rb

@@ -6,7 +6,7 @@ module Identikey
         new(session).find(username, domain)
       end
 
-      def self.search(session:, query:, options: {})
+      def self.search(session:, query:, options: {}, log: false)
         [:has_digipass, :not_has_digipass].each do |funky_boolean|
           if query.key?(funky_boolean) && [true, false].include?(query[funky_boolean])
             query[funky_boolean] = query[funky_boolean] ? 'Assigned' : 'Unassigned'
@@ -29,10 +29,12 @@ module Identikey
 
         stat, users, error = session.execute(:user_query,
           attributes:    Base.search_attributes_from(query, attribute_map: query_keys),
-          query_options: Base.search_options_from(options))
+          query_options: Base.search_options_from(options),
+          log:           log
+        )
 
         case stat
-        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user) }
+        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user, persisted: true) }
         when 'STAT_NOT_FOUND' then []
         else
           raise Identikey::Error, "Search user failed: #{stat} - #{error}"
@@ -59,11 +61,17 @@ module Identikey
       attr_accessor :expired
       attr_accessor :last_auth_attempt_at
       attr_accessor :description
+      attr_accessor :passwd_last_set_at
+      attr_accessor :has_password
 
-      def initialize(session, user = nil)
+      alias locked? locked
+      alias digipass? has_digipass
+      alias password? has_password
+
+      def initialize(session, user = nil, persisted: false)
         @session = session
 
-        replace(user) if user
+        replace(user, persisted: persisted) if user
       end
 
       def find(username, domain)
@@ -102,26 +110,20 @@ module Identikey
         })
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Save user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Save user #{self.username} failed: #{stat} - #{error}"
         end
 
         replace(user, persisted: true)
       end
 
       def destroy!
-        unless self.persisted?
-          raise Identikey::UsageError, "User #{self.username} is not persisted"
-        end
-
-        unless self.username && self.domain
-          raise Identikey::UsageError, "User #{self} is missing username and/or domain"
-        end
+        ensure_persisted!
 
         stat, _, error = @session.execute(
           :user_execute_DELETE, username: username, domain: domain)
 
         if stat != 'STAT_SUCCESS'
-          raise Identikey::OperationFailed, "Delete user failed: #{stat} - #{error}"
+          raise Identikey::OperationFailed, "Delete user #{self.username} failed: #{stat} - #{error}"
         end
 
         @persisted = false
@@ -129,6 +131,51 @@ module Identikey
         self
       end
 
+      def clear_password!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_RESET_PASSWORD, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Clear user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = false
+
+        true
+      end
+
+      def set_password!(password)
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_SET_PASSWORD, username: username, domain: domain, password: password)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Set user #{self.username} password failed: #{stat} - #{error}"
+        end
+
+        self.has_password = true
+
+        true
+      end
+
+      def unlock!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_UNLOCK, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Unlock user #{self.username} failed: #{stat} - #{error}"
+        end
+
+        self.locked = false
+
+        true
+      end
+
       protected
         def replace(user, persisted: false)
           self.username             = user['USERFLD_USERID']
@@ -151,11 +198,23 @@ module Identikey
           self.expired              = user['USERFLD_EXPIRED']
           self.last_auth_attempt_at = user['USERFLD_LASTAUTHREQ_TIME']
           self.description          = user['USERFLD_DESCRIPTION']
+          self.passwd_last_set_at   = user['USERFLD_LAST_PASSWORD_SET_TIME']
+          self.has_password         = !user['USERFLD_PASSWORD'].nil?
 
           @persisted = persisted
 
           self
         end
+
+        def ensure_persisted!
+          unless self.persisted?
+            raise Identikey::UsageError, "User #{self.username} is not persisted"
+          end
+
+          unless self.username && self.domain
+            raise Identikey::UsageError, "User #{self} is missing username and/or domain"
+          end
+        end
     end
 
   end

data/lib/identikey/authentication.rb

@@ -6,11 +6,13 @@ module Identikey
 
     operations :auth_user
 
-    def auth_user(user, domain, otp)
+    def auth_user(user, domain, otp, client = nil)
+      client ||= 'Administration Program'
+
       resp = super(message: {
         credentialAttributeSet: {
           attributes: typed_attributes_list_from(
-            CREDFLD_COMPONENT_TYPE: 'Administration Program',
+            CREDFLD_COMPONENT_TYPE: client,
             CREDFLD_USERID: user,
             CREDFLD_DOMAIN: domain,
             CREDFLD_PASSWORD_FORMAT: Unsigned(0),
@@ -22,13 +24,13 @@ module Identikey
       parse_response resp, :auth_user_response
     end
 
-    def self.valid_otp?(user, domain, otp)
-      status, result, _ = new.auth_user(user, domain, otp)
+    def self.valid_otp?(user, domain, otp, client = nil)
+      status, result, _ = new.auth_user(user, domain, otp, client)
       return otp_validated_ok?(status, result)
     end
 
-    def self.validate!(user, domain, otp)
-      status, result, error_stack = new.auth_user(user, domain, otp)
+    def self.validate!(user, domain, otp, client = nil)
+      status, result, error_stack = new.auth_user(user, domain, otp, client)
 
       if otp_validated_ok?(status, result)
         return true

data/lib/identikey/base.rb

@@ -264,8 +264,8 @@ module Identikey
           parse = /^(not_)?(.*)/i.match(full_name.to_s)
           name  = parse[2]
 
-          options = []
-          options.push(negative: true) if !parse[1].nil?
+          options = {}
+          options[:negative] = true if !parse[1].nil?
 
           type, value = case value
 
@@ -275,8 +275,8 @@ module Identikey
           when Integer
             [ 'xsd:int', value.to_s ]
 
-          when DateTime, Time
-            [ 'xsd:datetime', value.utc.iso8601 ]
+          when Time
+            [ 'xsd:dateTime', value.utc.iso8601 ]
 
           when TrueClass, FalseClass
             [ 'xsd:boolean', value.to_s ]
@@ -285,7 +285,7 @@ module Identikey
             [ 'xsd:string', value.to_s ]
 
           when NilClass
-            options.push(null: true)
+            options[:null] = true
             [ 'xsd:string', '' ]
 
           else

data/lib/identikey/version.rb

@@ -1,3 +1,3 @@
 module Identikey
-  VERSION = "0.5.2"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: identikey
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.8.0
 platform: ruby
 authors:
 - Marcello Barnaba
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-12-11 00:00:00.000000000 Z
+date: 2020-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: savon
@@ -42,16 +42,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vacman_controller
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: code_counter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem contains a SOAP client to consume Identikey API
 email:
 - vjt@openssl.it
@@ -146,10 +188,13 @@ files:
 - ".gitignore"
 - ".rspec"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
+- bin/export
+- bin/import
 - bin/setup
 - identikey.gemspec
 - lib/identikey.rb