identikey 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -10
- data/lib/identikey/administration/digipass.rb +4 -4
- data/lib/identikey/administration/session.rb +3 -3
- data/lib/identikey/administration/session_query.rb +1 -1
- data/lib/identikey/administration/user.rb +5 -5
- data/lib/identikey/authentication.rb +1 -1
- data/lib/identikey/base.rb +6 -6
- data/lib/identikey/version.rb +1 -1
- data/lib/identikey.rb +16 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1710a5f6fbcfc83e269476074afdedb5be773bc9d90e296fa87bda8799c09a6e
|
|
4
|
+
data.tar.gz: 23db861c5791fdac119b75ec14aeedf48701a8c7080cf423ca4197bbce355d06
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 525ef84c5dfbba3f8f9dba1a412961df59c2e59f1d28010fc067cf4aed0f4b52327772a4b525a446b35b9dbfd9dbc6d5bb18372fa3e9a3dd1c3faf17764afb3b
|
|
7
|
+
data.tar.gz: 595dc7ba66db94432d0961c91588bb5051d690683ca89afc5b3606c8cbbae00ae4a1791845c42935a9d7f0be09f5bc3b5e6fb667ff18cfed6512e97f73fb48d4
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Identikey
|
|
2
2
|
|
|
3
|
-
This library is a thin
|
|
3
|
+
This library is a thin yet incomplete wrapper of the VASCO Identikey SOAP API.
|
|
4
4
|
|
|
5
5
|
Vasco Identikey has been recently re-branded as OneSpan Authentication Server.
|
|
6
6
|
|
|
@@ -18,7 +18,7 @@ port 8888/TCP the SOAP protocol over HTTPS.
|
|
|
18
18
|
Add this line to your application's Gemfile:
|
|
19
19
|
|
|
20
20
|
```ruby
|
|
21
|
-
gem 'identikey'
|
|
21
|
+
gem 'identikey'
|
|
22
22
|
```
|
|
23
23
|
|
|
24
24
|
And then execute:
|
|
@@ -64,7 +64,7 @@ By default, all SOAP requests and responses are logged to `log/identikey.log`.
|
|
|
64
64
|
|
|
65
65
|
If you want to reduce the logging level please use:
|
|
66
66
|
|
|
67
|
-
```
|
|
67
|
+
```ruby
|
|
68
68
|
Identikey::Authentication.configure do
|
|
69
69
|
log_level :info # or one of [:debug, :warn, :error, :fatal]
|
|
70
70
|
end
|
|
@@ -72,7 +72,7 @@ end
|
|
|
72
72
|
|
|
73
73
|
Or to disable it altogether (not recommended):
|
|
74
74
|
|
|
75
|
-
```
|
|
75
|
+
```ruby
|
|
76
76
|
Identikey::Authentication.configure do
|
|
77
77
|
log false
|
|
78
78
|
end
|
|
@@ -84,15 +84,15 @@ amend it to suit your needs.
|
|
|
84
84
|
|
|
85
85
|
The only option whose semantics differ from the default is `filters`, as
|
|
86
86
|
it adds handling the faulty parameter passing design in Identikey, where
|
|
87
|
-
the same elements are used to transmit different business
|
|
87
|
+
the same elements are used to transmit different business informations.
|
|
88
88
|
|
|
89
89
|
By default, sensitive values attribute are filtered out from the logs.
|
|
90
90
|
Other attributes to filter out can be specified by prefixing them with
|
|
91
|
-
`identikey:`.
|
|
91
|
+
`identikey:`.
|
|
92
92
|
|
|
93
93
|
Example, filter out `CREDFLD_PASSWORD` and `CREDFLD_USERID`:
|
|
94
94
|
|
|
95
|
-
```
|
|
95
|
+
```ruby
|
|
96
96
|
Identikey::Authentication.configure do
|
|
97
97
|
filters [ 'identikey:CREDFLD_PASSWORD', 'identikey:CREDFLD_USERID' ]
|
|
98
98
|
end
|
|
@@ -100,9 +100,9 @@ end
|
|
|
100
100
|
|
|
101
101
|
Please note that the following attributes are filtered out by default:
|
|
102
102
|
|
|
103
|
-
* CREDFLD_PASSWORD
|
|
104
|
-
* CREDFLD_STATIC_PASSWORD
|
|
105
|
-
* CREDFLD_SESSION_ID
|
|
103
|
+
* `CREDFLD_PASSWORD`
|
|
104
|
+
* `CREDFLD_STATIC_PASSWORD`
|
|
105
|
+
* `CREDFLD_SESSION_ID`
|
|
106
106
|
|
|
107
107
|
Please note that if you set your custom filters, these will override the
|
|
108
108
|
defaults and you should also take care of filtering the above parameters
|
|
@@ -45,7 +45,7 @@ module Identikey
|
|
|
45
45
|
:digipass_execute_VIEW, serial_no: serial_no)
|
|
46
46
|
|
|
47
47
|
if stat != 'STAT_SUCCESS'
|
|
48
|
-
raise Identikey::
|
|
48
|
+
raise Identikey::NotFound, "Find digipass failed: #{stat} - #{error}"
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
replace(digipass)
|
|
@@ -60,7 +60,7 @@ module Identikey
|
|
|
60
60
|
:digipass_execute_UNASSIGN, serial_no: self.serial)
|
|
61
61
|
|
|
62
62
|
if stat != 'STAT_SUCCESS'
|
|
63
|
-
raise Identikey::
|
|
63
|
+
raise Identikey::OperationFailed, "Assign digipass failed: #{stat} - #{error}"
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
replace(digipass)
|
|
@@ -71,7 +71,7 @@ module Identikey
|
|
|
71
71
|
:digipass_execute_ASSIGN, serial_no: self.serial, username: username, domain: domain)
|
|
72
72
|
|
|
73
73
|
if stat != 'STAT_SUCCESS'
|
|
74
|
-
raise Identikey::
|
|
74
|
+
raise Identikey::OperationFailed, "Unassign digipass failed: #{stat} - #{error}"
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
replace(digipass)
|
|
@@ -84,7 +84,7 @@ module Identikey
|
|
|
84
84
|
# Stat is useless here - it reports whether the call or not has
|
|
85
85
|
# succeeded, not whether the OTP is valid
|
|
86
86
|
if stat != 'STAT_SUCCESS'
|
|
87
|
-
raise Identikey::
|
|
87
|
+
raise Identikey::OperationFailed, "Test OTP failed: #{stat} - #{error}"
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
appl['DIGIPASSAPPLFLD_RESULT_CODE'] == '0'
|
|
@@ -26,7 +26,7 @@ module Identikey
|
|
|
26
26
|
stat, sess, error = @client.logon(username: @username, password: @password, domain: @domain)
|
|
27
27
|
|
|
28
28
|
if stat != 'STAT_SUCCESS'
|
|
29
|
-
raise Identikey::
|
|
29
|
+
raise Identikey::LogonFailed, "logon failed: #{stat} - #{error}"
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
@privileges = parse_privileges sess['CREDFLD_LOGICAL_ADMIN_PRIVILEGES']
|
|
@@ -47,7 +47,7 @@ module Identikey
|
|
|
47
47
|
stat, _, error = @client.logoff session_id: @session_id
|
|
48
48
|
|
|
49
49
|
unless stat == 'STAT_ADMIN_SESSION_STOPPED' || stat == 'STAT_SUCCESS'
|
|
50
|
-
raise Identikey::
|
|
50
|
+
raise Identikey::LogonFailed, "logoff failed: #{stat} - #{error}"
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
@privileges = nil
|
|
@@ -103,7 +103,7 @@ module Identikey
|
|
|
103
103
|
|
|
104
104
|
def require_logged_on!
|
|
105
105
|
unless logged_on?
|
|
106
|
-
raise Identikey::
|
|
106
|
+
raise Identikey::UsageError, "Session is not logged on at the moment"
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
|
|
@@ -6,7 +6,7 @@ module Identikey
|
|
|
6
6
|
stat, sessions, error = session.execute(:admin_session_query)
|
|
7
7
|
|
|
8
8
|
if stat != 'STAT_SUCCESS'
|
|
9
|
-
raise Identikey::
|
|
9
|
+
raise Identikey::OperationFailed, "query failed: #{stat} - #{error}"
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
sessions.map do |sess|
|
|
@@ -37,7 +37,7 @@ module Identikey
|
|
|
37
37
|
:user_execute_VIEW, username: username, domain: domain)
|
|
38
38
|
|
|
39
39
|
if stat != 'STAT_SUCCESS'
|
|
40
|
-
raise Identikey::
|
|
40
|
+
raise Identikey::NotFound, "Find user failed: #{stat} - #{error}"
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
replace(user, persisted: true)
|
|
@@ -68,7 +68,7 @@ module Identikey
|
|
|
68
68
|
})
|
|
69
69
|
|
|
70
70
|
if stat != 'STAT_SUCCESS'
|
|
71
|
-
raise Identikey::
|
|
71
|
+
raise Identikey::OperationFailed, "Save user failed: #{stat} - #{error}"
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
replace(user, persisted: true)
|
|
@@ -76,18 +76,18 @@ module Identikey
|
|
|
76
76
|
|
|
77
77
|
def destroy!
|
|
78
78
|
unless self.persisted?
|
|
79
|
-
raise Identikey::
|
|
79
|
+
raise Identikey::UsageError, "User #{self.username} is not persisted"
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
unless self.username && self.domain
|
|
83
|
-
raise Identikey::
|
|
83
|
+
raise Identikey::UsageError, "User #{self} is missing username and/or domain"
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
stat, _, error = @session.execute(
|
|
87
87
|
:user_execute_DELETE, username: username, domain: domain)
|
|
88
88
|
|
|
89
89
|
if stat != 'STAT_SUCCESS'
|
|
90
|
-
raise Identikey::
|
|
90
|
+
raise Identikey::OperationFailed, "Delete user failed: #{stat} - #{error}"
|
|
91
91
|
end
|
|
92
92
|
|
|
93
93
|
@persisted = false
|
|
@@ -34,7 +34,7 @@ module Identikey
|
|
|
34
34
|
return true
|
|
35
35
|
else
|
|
36
36
|
error_message = result['CREDFLD_STATUS_MESSAGE']
|
|
37
|
-
raise Identikey::
|
|
37
|
+
raise Identikey::OperationFailed, "OTP Validation error (#{status}): #{error_message}"
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
data/lib/identikey/base.rb
CHANGED
|
@@ -134,11 +134,11 @@ module Identikey
|
|
|
134
134
|
body = resp.body
|
|
135
135
|
|
|
136
136
|
if body.size.zero?
|
|
137
|
-
raise Identikey::
|
|
137
|
+
raise Identikey::ParseError, "Empty response received"
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
unless body.key?(root_element)
|
|
141
|
-
raise Identikey::
|
|
141
|
+
raise Identikey::ParseError, "Expected response to have #{root_element}, found #{body.keys.join(', ')}"
|
|
142
142
|
end
|
|
143
143
|
|
|
144
144
|
# The root results element
|
|
@@ -155,7 +155,7 @@ module Identikey
|
|
|
155
155
|
# The results element
|
|
156
156
|
#
|
|
157
157
|
unless root.key?(:results)
|
|
158
|
-
raise Identikey::
|
|
158
|
+
raise Identikey::ParseError, "Results element not found below #{root_element}"
|
|
159
159
|
end
|
|
160
160
|
|
|
161
161
|
results = root[:results]
|
|
@@ -163,7 +163,7 @@ module Identikey
|
|
|
163
163
|
# Result code
|
|
164
164
|
#
|
|
165
165
|
unless results.key?(:result_codes)
|
|
166
|
-
raise Identikey::
|
|
166
|
+
raise Identikey::ParseError, "Result codes not found below #{root_element}"
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
result_code = results[:result_codes][:status_code_enum] || 'STAT_UNKNOWN'
|
|
@@ -171,7 +171,7 @@ module Identikey
|
|
|
171
171
|
# Result attributes
|
|
172
172
|
#
|
|
173
173
|
unless results.key?(:result_attribute)
|
|
174
|
-
raise Identikey::
|
|
174
|
+
raise Identikey::ParseError, "Result attribute not found below #{root_element}"
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
results_attr = results[:result_attribute]
|
|
@@ -257,7 +257,7 @@ module Identikey
|
|
|
257
257
|
next
|
|
258
258
|
|
|
259
259
|
else
|
|
260
|
-
raise Identikey::
|
|
260
|
+
raise Identikey::UsageError, "#{name} type #{value.class} is unsupported"
|
|
261
261
|
end
|
|
262
262
|
|
|
263
263
|
{ attributeID: name.to_s,
|
data/lib/identikey/version.rb
CHANGED
data/lib/identikey.rb
CHANGED
|
@@ -6,5 +6,21 @@ require 'identikey/authentication'
|
|
|
6
6
|
require 'identikey/administration'
|
|
7
7
|
|
|
8
8
|
module Identikey
|
|
9
|
+
# Generic error class
|
|
9
10
|
class Error < StandardError; end
|
|
11
|
+
|
|
12
|
+
# Raised when the user is not doing things correctly
|
|
13
|
+
class UsageError < Error; end
|
|
14
|
+
|
|
15
|
+
# Raised when the received XML does not conform to documentation
|
|
16
|
+
class ParseError < Error; end
|
|
17
|
+
|
|
18
|
+
# Raised when something is "not found", such as an user or a digipass.
|
|
19
|
+
class NotFound < Error; end
|
|
20
|
+
|
|
21
|
+
# Raised when Admin logon failed
|
|
22
|
+
class LogonFailed < Error; end
|
|
23
|
+
|
|
24
|
+
# Raised when read/write operations fail
|
|
25
|
+
class OperationFailed < Error; end
|
|
10
26
|
end
|