identikey 0.6.0 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '039378c49a626d18251414c4be82aeba56190ff552bcc8d7e6dae130688e1105'
-  data.tar.gz: 0f5aceccf8fcfc3cffe519e53869b0762574cd56029615b9b6b84fd7fb55c21e
+  metadata.gz: 66d43ba4ae2d3edfe361a94fe99fb85485fd90d804fd252bb03ab6d56541fc42
+  data.tar.gz: 723cf154216947148230acd05ba900b9ae4da15e06be73d2f2092a14034d3fbc
 SHA512:
-  metadata.gz: 857077183795724bc19eb58d498a91b7a84b5673f4b01c186722722ba6c3f15607aea0544d124f16b5eb1e35836e903ab04ec60e9043e835eb4ecbd57ef8d01d
-  data.tar.gz: 4d70c2fdaee23134609e222d3a725f00aea0c0f267e8c84fa6d0d938c00c32f91ca87038e09cb66658f1cd90c8a0198ea063e312bb941e50c6db3f01f6efa886
+  metadata.gz: e6f2c933ab1c131c879555fb1d34a51159ea4ff022782b9cd65d59fff7f1569b3c7ab7584035d8388ddc9ea153751216aafef622d59731168490aa4a686b9676
+  data.tar.gz: ebe4c8dbef838a97f21710350c345280750ba11bb25d070946d823e5d01b1ceb4425a73d3a9ae5a6e22755743288704694f8fca6ad6b73013e9ff68d9c1f49dd

data/bin/export

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = Identikey::Administration::User.search(session: $ik, query: {})
+users_slim = users.map do |u|
+  { username:   u.username,
+    email:      u.email,
+    digipass:   u.digipass,
+    disabled:   u.disabled,
+    locked:     u.locked,
+    expires_at: u.expires_at
+  }
+end
+
+File.write ARGV[0], users_slim.to_json

data/bin/import

@@ -0,0 +1,89 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'identikey'
+require 'json'
+
+if ARGV.size != 1
+  $stderr.puts "Usage: #{$0} <users.json>"
+  exit 1
+end
+
+Identikey::Administration.configure do
+  wsdl ENV.fetch('IK_WSDL_ADMIN')
+  endpoint ENV.fetch('IK_HOST')
+end
+
+puts "Configured Admin WSDL #{ENV.fetch('IK_WSDL_ADMIN')} against #{ENV.fetch('IK_HOST')}"
+
+$ik = Identikey::Administration::Session.new(
+  username: ENV.fetch('IK_USER'),
+  password: ENV.fetch('IK_PASS'),
+  domain:   ENV.fetch('IK_DOMAIN')
+)
+
+$ik.logon
+
+puts "Opened admin session with #{ENV.fetch('IK_USER')}@#{ENV.fetch('IK_DOMAIN')} against #{ENV.fetch('IK_HOST')}"
+
+at_exit { $ik.logoff }
+
+users = JSON.load File.read ARGV[0]
+
+users.each do |import|
+
+  puts "Looking up #{import['username']}"
+  ik_user = begin
+    Identikey::Administration::User.find(session: $ik, username: import['username'], domain: ENV.fetch('IK_DOMAIN'))
+  rescue => e
+    puts "Cannot look up #{import['username']}: #{e.message}"
+    nil
+  end
+
+  unless ik_user
+    puts "User #{import['username']} not found, creating"
+
+    ik_user = Identikey::Administration::User.new($ik,
+      'USERFLD_USERID'          => import['username'],
+      'USERFLD_EMAIL'           => import['email'],
+      'USERFLD_DOMAIN'          => ENV.fetch('IK_DOMAIN'),
+      'USERFLD_LOCAL_AUTH'      => 'Default',
+      'USERFLD_BACKEND_AUTH'    => 'Default',
+      'USERFLD_DISABLED'        => import['disabled'],
+      'USERFLD_LOCKED'          => import['locked'],
+      'USERFLD_EXPIRATION_TIME' => import['expires_at']
+    )
+
+    begin
+      ik_user.save!
+      puts "User #{import['username']} created"
+    rescue => e
+
+      puts "Cannot create #{import['username']}: #{e.message}"
+
+      next
+    end
+  end
+
+  missing_digipass = import['digipass'] - ik_user.digipass
+
+  missing_digipass.each do |digipass|
+    puts "Assigining digipass #{digipass} to #{import['username']}"
+
+    ik_token = begin
+      Identikey::Administration::Digipass.find(session: $ik, serial_no: digipass)
+    rescue => e
+      puts "Digipass #{digipass} was not found"
+      next
+    end
+
+    begin
+      ik_token.assign! import['username'], ENV.fetch('IK_DOMAIN')
+    rescue => e
+      puts "Digipass #{digipass} could not be assigned to #{import['username']}: #{e.message}"
+    end
+
+    puts "Assignment of digipass #{digipass} to #{import['username']} was successful"
+  end
+
+end

data/identikey.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "savon", "~> 2.0"
 
   spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'hirb'

data/lib/identikey/administration.rb

@@ -169,6 +169,16 @@ module Identikey
       )
     end
 
+    def user_execute_UNLOCK(session_id:, username:, domain:)
+      user_execute(
+        session_id: session_id,
+        cmd: 'USERCMD_UNLOCK',
+        attributes: typed_attributes_list_from(
+          USERFLD_USERID: username,
+          USERFLD_DOMAIN: domain
+        )
+      )
+    end
 
     # Executes a userQuery command that searches users. By default, it doesn't
     # log anywhere. To enable logging to a specific destination, pass a logger

data/lib/identikey/administration/session.rb

@@ -6,12 +6,21 @@ module Identikey
       attr_reader :session_id, :product, :version
       attr_reader :privileges, :location
 
-      def initialize(username:, password:, domain: 'master')
+      def initialize(username:, password: nil, apikey: nil, domain: 'master')
+        if password.nil? && apikey.nil?
+          raise Identikey::UsageError, "Either a password or an API Key is required"
+        end
+
         @client = Identikey::Administration.new
 
         @username = username
         @password = password
         @domain   = domain
+
+        if apikey
+          @service_user = true
+          @session_id = "Apikey #{username}:#{apikey}"
+        end
       end
 
       def endpoint
@@ -23,6 +32,8 @@ module Identikey
       end
 
       def logon
+        require_classic_user!
+
         stat, sess, error = @client.logon(username: @username, password: @password, domain: @domain)
 
         if stat != 'STAT_SUCCESS'
@@ -42,6 +53,7 @@ module Identikey
       end
 
       def logoff
+        require_classic_user!
         require_logged_on!
 
         stat, _, error = @client.logoff session_id: @session_id
@@ -60,6 +72,8 @@ module Identikey
       end
 
       def alive?(log: true)
+        require_classic_user!
+
         return false unless logged_on?
 
         stat, _ = @client.ping session_id: @session_id, log: log
@@ -108,7 +122,17 @@ module Identikey
       end
 
       def inspect
-        "#<#{self.class.name} sid=#@session_id username=#@username domain=#@domain product=#@product>"
+        descr = if service_user?
+          "SERVICE USER"
+        else
+          "domain=#@domain product=#@product"
+        end
+
+        "#<#{self.class.name} sid=#@session_id username=#@username #{descr}>"
+      end
+
+      def service_user?
+        !!@service_user
       end
 
       alias sid session_id
@@ -123,6 +147,12 @@ module Identikey
         end
       end
 
+      def require_classic_user!
+        if service_user?
+          raise Identikey::UsageError, "This command is not supported with Service users"
+        end
+      end
+
       def parse_privileges(privileges)
         privileges.split(', ').inject({}) do |h, priv|
           privilege, status = priv.split(' ')

data/lib/identikey/administration/user.rb

@@ -6,7 +6,7 @@ module Identikey
         new(session).find(username, domain)
       end
 
-      def self.search(session:, query:, options: {})
+      def self.search(session:, query:, options: {}, log: false)
         [:has_digipass, :not_has_digipass].each do |funky_boolean|
           if query.key?(funky_boolean) && [true, false].include?(query[funky_boolean])
             query[funky_boolean] = query[funky_boolean] ? 'Assigned' : 'Unassigned'
@@ -29,10 +29,12 @@ module Identikey
 
         stat, users, error = session.execute(:user_query,
           attributes:    Base.search_attributes_from(query, attribute_map: query_keys),
-          query_options: Base.search_options_from(options))
+          query_options: Base.search_options_from(options),
+          log:           log
+        )
 
         case stat
-        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user) }
+        when 'STAT_SUCCESS'   then (users||[]).map {|user| new(session, user, persisted: true) }
         when 'STAT_NOT_FOUND' then []
         else
           raise Identikey::Error, "Search user failed: #{stat} - #{error}"
@@ -59,11 +61,17 @@ module Identikey
       attr_accessor :expired
       attr_accessor :last_auth_attempt_at
       attr_accessor :description
+      attr_accessor :passwd_last_set_at
+      attr_accessor :has_password
 
-      def initialize(session, user = nil)
+      alias locked? locked
+      alias digipass? has_digipass
+      alias password? has_password
+
+      def initialize(session, user = nil, persisted: false)
         @session = session
 
-        replace(user) if user
+        replace(user, persisted: persisted) if user
       end
 
       def find(username, domain)
@@ -133,6 +141,8 @@ module Identikey
           raise Identikey::OperationFailed, "Clear user #{self.username} password failed: #{stat} - #{error}"
         end
 
+        self.has_password = false
+
         true
       end
 
@@ -146,6 +156,33 @@ module Identikey
           raise Identikey::OperationFailed, "Set user #{self.username} password failed: #{stat} - #{error}"
         end
 
+        self.has_password = true
+
+        true
+      end
+
+      def set_local_auth!(value)
+        ensure_persisted!
+
+        self.local_auth = value
+
+        self.save!
+
+        self
+      end
+
+      def unlock!
+        ensure_persisted!
+
+        stat, _, error = @session.execute(
+          :user_execute_UNLOCK, username: username, domain: domain)
+
+        if stat != 'STAT_SUCCESS'
+          raise Identikey::OperationFailed, "Unlock user #{self.username} failed: #{stat} - #{error}"
+        end
+
+        self.locked = false
+
         true
       end
 
@@ -171,6 +208,8 @@ module Identikey
           self.expired              = user['USERFLD_EXPIRED']
           self.last_auth_attempt_at = user['USERFLD_LASTAUTHREQ_TIME']
           self.description          = user['USERFLD_DESCRIPTION']
+          self.passwd_last_set_at   = user['USERFLD_LAST_PASSWORD_SET_TIME']
+          self.has_password         = !user['USERFLD_PASSWORD'].nil?
 
           @persisted = persisted
 

data/lib/identikey/authentication.rb

@@ -6,11 +6,13 @@ module Identikey
 
     operations :auth_user
 
-    def auth_user(user, domain, otp)
+    def auth_user(user, domain, otp, client = nil)
+      client ||= 'Administration Program'
+
       resp = super(message: {
         credentialAttributeSet: {
           attributes: typed_attributes_list_from(
-            CREDFLD_COMPONENT_TYPE: 'Administration Program',
+            CREDFLD_COMPONENT_TYPE: client,
             CREDFLD_USERID: user,
             CREDFLD_DOMAIN: domain,
             CREDFLD_PASSWORD_FORMAT: Unsigned(0),
@@ -22,18 +24,18 @@ module Identikey
       parse_response resp, :auth_user_response
     end
 
-    def self.valid_otp?(user, domain, otp)
-      status, result, _ = new.auth_user(user, domain, otp)
+    def self.valid_otp?(user, domain, otp, client = nil)
+      status, result, _ = new.auth_user(user, domain, otp, client)
       return otp_validated_ok?(status, result)
     end
 
-    def self.validate!(user, domain, otp)
-      status, result, error_stack = new.auth_user(user, domain, otp)
+    def self.validate!(user, domain, otp, client = nil)
+      status, result, error_stack = new.auth_user(user, domain, otp, client)
 
       if otp_validated_ok?(status, result)
         return true
       else
-        error_message = result['CREDFLD_STATUS_MESSAGE']
+        error_message = result ? result['CREDFLD_STATUS_MESSAGE'] : 'no status returned'
         raise Identikey::OperationFailed.new("OTP Validation error (#{status}): #{error_message}", error_stack)
       end
     end

data/lib/identikey/base.rb

@@ -264,8 +264,8 @@ module Identikey
           parse = /^(not_)?(.*)/i.match(full_name.to_s)
           name  = parse[2]
 
-          options = []
-          options.push(negative: true) if !parse[1].nil?
+          options = {}
+          options[:negative] = true if !parse[1].nil?
 
           type, value = case value
 
@@ -275,8 +275,8 @@ module Identikey
           when Integer
             [ 'xsd:int', value.to_s ]
 
-          when DateTime, Time
-            [ 'xsd:datetime', value.utc.iso8601 ]
+          when Time
+            [ 'xsd:dateTime', value.utc.iso8601 ]
 
           when TrueClass, FalseClass
             [ 'xsd:boolean', value.to_s ]
@@ -285,7 +285,7 @@ module Identikey
             [ 'xsd:string', value.to_s ]
 
           when NilClass
-            options.push(null: true)
+            options[:null] = true
             [ 'xsd:string', '' ]
 
           else

data/lib/identikey/version.rb

@@ -1,3 +1,3 @@
 module Identikey
-  VERSION = "0.6.0"
+  VERSION = "0.8.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: identikey
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.2
 platform: ruby
 authors:
 - Marcello Barnaba
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-12-24 00:00:00.000000000 Z
+date: 2020-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: savon
@@ -42,16 +42,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -193,6 +193,8 @@ files:
 - README.md
 - Rakefile
 - bin/console
+- bin/export
+- bin/import
 - bin/setup
 - identikey.gemspec
 - lib/identikey.rb