mdm 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0e0daa1a33ac49616b63c831fcd2070282921e78
+  data.tar.gz: 2d22d20fa023a6ee190349983b2c8646b0ce21dc
+SHA512:
+  metadata.gz: 5fa6587ec44183147c65f74aa53231e9aed2876626020381a8e3de7a2f866aab2f09a46cd8be9229bacba45cfea5a5b274353c54cffec0126be1d710dc267d32
+  data.tar.gz: 2240aa24ebde87657890d8088e4999f1c8f5ca5c9a66704378b1152031a6fbe2636e85aa92abfcfa0ef58201230b7362947b75d80df530daa7b7aa33e25b10da

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Olivier Thierry
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,3 @@
+= Mdm
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Mdm'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/controllers/mdm/application_controller.rb

@@ -0,0 +1,4 @@
+module Mdm
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/mdm/commands_controller.rb

@@ -0,0 +1,60 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  class CommandsController < ApplicationController
+
+    def index
+      render json: { commands: case params[:filter]
+                               when 'completed'
+                                 Command.completed
+                               when 'pending'
+                                 Command.pending
+                               else
+                                Command.all
+                               end }
+    end
+
+    def create
+      @commands = create_commands(devices)
+      @commands.each { |command|
+        command.device.notify
+      }
+      render json: @commands
+    rescue NoMethodError
+      render json: { error: 'wrong command' }, status: :bad_request
+    rescue ArgumentError
+      render json: { error: 'bad arguments' }, status: :bad_request
+    rescue ActiveRecord::RecordNotFound
+      render nothing: true, status: :not_found
+    end
+
+    private
+
+    def create_commands(devices)
+      devices.map do |device|
+        uuid, payload = create_command_payload_for_device(device)
+        Command.create(
+          uuid: uuid,
+          payload: payload,
+          status: Command::Status::IDLE,
+          device: device
+        )
+      end
+    end
+
+    def create_command_payload_for_device(device)
+      Payload.send(
+        "payload_#{params[:command]}".to_sym,
+        *[device, params]
+      )
+    end
+
+    def devices
+      @devices ||= if params[:devices]
+                     Device.where(id: params[:devices])
+                   else
+                     Device.all
+                   end
+    end
+  end
+end

data/app/controllers/mdm/enrollment/enrollment_controller.rb

@@ -0,0 +1,47 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  module Enrollment
+    class EnrollmentController < ApplicationController
+
+      def enroll
+        send_file Configuration.configuration_profile, {
+                    disposition: 'attachment',
+                    filename: 'Enroll.mobileconfig'
+                  }
+      end
+
+      def checkin
+        if params[:MessageType] == 'TokenUpdate'
+          device_token_update
+        end
+
+        render nothing: true
+      end
+
+      private
+
+      def device_token_update
+        device = Mdm::Device.find_or_create_by(udid: params[:UDID])
+        device.update!(
+          unlock_token: params[:UnlockToken].try(:read),
+          push_token: params[:Token].hexastring,
+          push_magic: params[:PushMagic]
+        )
+      end
+    end
+  end
+end
+
+# TODO: move this somewhere
+class StringIO
+
+  def hexastring
+    chars = []
+    each_byte { |byte|
+      chars << ("%02x" % byte)
+    }
+    return chars.join
+  end
+
+end

data/app/controllers/mdm/management/accounts_controller.rb

@@ -0,0 +1,15 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  class Enrollment::AccountsController < ApplicationController
+
+    def show
+      service = Enrollment::Account.new
+      service.params[:profile_uuid] = params.require(:profile_uuid)
+      service.start
+
+      render json: { account: service.result }
+    end
+
+  end
+end

data/app/controllers/mdm/management/devices_controller.rb

@@ -0,0 +1,35 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  class Enrollment::DevicesController < ApplicationController
+
+    before_action :sync, only: :index
+
+    def index
+      @devices = Device.all
+      render json: { devices: @devices.map { |device|
+                       device.as_json(except: [
+                                        :unlock_token,
+                                        :push_magic
+                                      ])
+                     }
+                   }
+    end
+
+    def show
+      @device = Device.find(params[:id])
+      render json: { device: @device }
+    end
+
+    private
+
+    def sync
+      service = Enrollment::Sync.new
+      service.start
+    rescue Enrollment::Sync::DevicesCursorNotFound
+      service = Enrollment::Devices.new
+      service.start
+    end
+
+  end
+end

data/app/controllers/mdm/management/profiles_controller.rb

@@ -0,0 +1,35 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  class Enrollment::ProfilesController < ApplicationController
+
+    def index
+      @profiles = Profile.all
+      render json: { profiles: @profiles }
+    end
+
+    def create
+      service = Enrollment::CreateProfile.new
+      service.params = params.except(:devices)
+
+      if params[:devices]
+        service.devices = Device.where(serial_number: params.require[:devices])
+      end
+
+      service.start
+      render json: service.result
+    end
+
+    def update
+      @profile = Mdm::Profile.find(params[:id])
+
+      service = Mdm::Enrollment::AssignProfile.new
+      service.profile = @profile
+      service.devices = Mdm::Device.where(serial_number: params.require(:devices))
+      service.start
+
+      render json: service.result
+    end
+
+  end
+end

data/app/controllers/mdm/management/services_controller.rb

@@ -0,0 +1,13 @@
+require_dependency "mdm/application_controller"
+
+module Mdm
+  class Enrollment::ServicesController < ApplicationController
+
+    def index
+      render json: {
+               services: Enrollment::Service::Base.available_services
+             }
+    end
+
+  end
+end

data/app/controllers/mdm/server_controller.rb

@@ -0,0 +1,44 @@
+module Mdm
+  class ServerController < ApplicationController
+
+    def server
+      # Device is waiting for command
+      if params[:Status] == Command::Status::IDLE
+        return render nothing: true if device.commands.pending.empty?
+        return render text: device.commands.pending.first.payload
+      end
+
+      # Device is updating command
+      command.update(status: params[:Status])
+
+      if command.complete?
+        payload = Plist::parse_xml(command.payload).with_indifferent_access
+        # Use data from `DeviceInformation` request to update the device locally
+        if payload[:Command][:RequestType] == 'DeviceInformation'
+          device.refresh!(params[:QueryResponses])
+        end
+      end
+      
+      render nothing: true
+    end
+
+    private
+
+    def device
+      @device ||= begin
+                    device = Device.find_by_udid(params[:UDID])
+                    return render nothing: true, status: :not_found unless device
+                    device
+                  end
+    end
+
+    def command
+      @command ||= begin
+                     command = Command.find_by_uuid(params[:CommandUUID])
+                     return render nothing: true, status: :not_found unless command
+                     command
+                   end
+    end
+    
+  end
+end

data/app/helpers/mdm/application_helper.rb

@@ -0,0 +1,4 @@
+module Mdm
+  module ApplicationHelper
+  end
+end

data/app/models/mdm/command.rb

@@ -0,0 +1,23 @@
+module Mdm
+  class Command < ActiveRecord::Base
+
+    module Status
+      IDLE, ACKNOWLEDGED = ["Idle", "Acknowledged"]
+    end
+
+    belongs_to :device, class_name: 'Mdm::Device', foreign_key: 'mdm_device_id'
+
+    scope :pending,   -> { where(status: Status::IDLE) } 
+    scope :completed, -> { where(status: Status::ACKNOWLEDGED) } 
+
+    def complete?
+      status == Status::ACKNOWLEDGED
+    end
+    
+    def self.available_commands
+      Payload.methods.select { |method|
+        method.to_s.start_with? 'payload_' }
+    end
+
+  end
+end

data/app/models/mdm/cursor.rb

@@ -0,0 +1,11 @@
+module Mdm
+  class Cursor < ActiveRecord::Base
+
+    DEVICES, SYNC = ['devices', 'sync']
+
+    validates :service,
+              uniqueness: true,
+              inclusion: { in: [DEVICES, SYNC] }
+
+  end
+end

data/app/models/mdm/device.rb

@@ -0,0 +1,39 @@
+module Mdm
+  class Device < ActiveRecord::Base
+
+    has_many :commands, foreign_key: 'mdm_device_id'
+
+    has_one :profile,
+            primary_key: :profile_uuid,
+            foreign_key: :profile_uuid
+
+    def notify
+      apn = Houston::Client.production
+      apn.certificate = File.read("#{Rails.root}/certs/push.pem")
+
+      notification = Houston::Notification.new(device: push_token)
+      notification.custom_data = {
+        mdm: push_magic
+      }
+
+      apn.push(notification)
+    end
+
+    def refresh!(data = {})
+      update!(
+        name: data[:DeviceName],
+        udid: data[:UDID],
+        serial_number: data[:SerialNumber],
+        device_model: data[:Model],
+        device_model_name: data[:ModelName],
+        os_version: data[:OSVersion],
+        build_version: data[:BuildVersion],
+        imei: data[:IMEI],
+        is_roaming: data[:IsRoaming],
+        is_supervised: data[:IsSupervised],
+        device_capacity: data[:DeviceCapacity],
+        available_capacity: data[:AvailableDeviceCapacity]
+      )
+    end
+  end
+end

data/app/models/mdm/payload.rb

@@ -0,0 +1,158 @@
+module Mdm
+  class Payload
+
+    def self.payload_device_lock(device, request_params = {})
+      payload('DeviceLock')
+    end
+
+    def self.payload_device_info(device, request_params = {})
+      payload('DeviceInformation', {
+                Queries: [
+                  "IsSupervised",
+                  "AvailableDeviceCapacity",
+                  "BluetoothMAC",
+                  "BuildVersion",
+                  "CarrierSettingsVersion",
+                  "CurrentCarrierNetwork",
+                  "CurrentMCC",
+                  "CurrentMNC",
+                  "DataRoamingEnabled",
+                  "DeviceCapacity",
+                  "DeviceName",
+                  "ICCID",
+                  "IMEI",
+                  "IsRoaming",
+                  "Model",
+                  "ModelName",
+                  "ModemFirmwareVersion",
+                  "OSVersion",
+                  "PhoneNumber",
+                  "Product",
+                  "ProductName",
+                  "SIMCarrierNetwork",
+                  "SIMMCC",
+                  "SIMMNC",
+                  "SerialNumber",
+                  "UDID",
+                  "WiFiMAC",
+                  "UDID"
+                ]
+              })
+    end
+
+    def self.payload_install_app(device, request_params)
+      params = request_params.permit(
+        :Options,
+        :ManifestURL,
+        :ManagementFlags,
+        :Configuration,
+        :Attributes,
+        :ChangeManagementState
+      )
+      
+      payload('InstallApplication', params)
+    end
+
+    def self.payload_uninstall_app(device, request_params)
+      params = request_params.permit(:Identifier)
+      Rails.logger.info "params: #{params.inspect}"
+      payload('RemoveApplication', params)
+    end
+
+    def self.payload_clear_password(device, request_params)
+      params = request_params.permit(:device_id, :Where)
+      device = Device.find(params[:device_id])        
+      payload('ClearPasscode', params.merge({
+                                              UnlockToken: StringIO.new(device.unlock_token)
+                                            }))
+    end
+
+    def self.payload_voice_roaming(device, request_params)        
+      payload('Settings', {
+                Settings: [
+                  {
+                    Item: 'VoiceRoaming',
+                    Enabled: request_params.required(:Enabled) == "true"
+                  }
+                ]
+              })
+    end
+
+    def self.payload_data_roaming(device, request_params)        
+      payload('Settings', {
+                Settings: [
+                  {
+                    Item: 'DataRoaming',
+                    Enabled: request_params.required(:Enabled) == "true"
+                  }
+                ]
+              })
+    end
+
+    def self.payload_personal_hotspot(device, request_params)        
+      payload('Settings', {
+                Settings: [
+                  {
+                    Item: 'PersonalHotspot',
+                    Enabled: request_params.required(:Enabled) == "true"
+                  }
+                ]
+              })
+    end
+
+    def self.payload_set_wallpaper(device, request_params)
+      payload('Settings', {
+                Settings: [
+                  {
+                    Item: 'Wallpaper',
+                    Image: StringIO.new(request_params.require(:Image).read),
+                    Where: request_params[:Where]
+                  }
+                ]
+              })
+    end
+
+    def self.payload_set_app_settings(device, request_params)
+      payload('Settings', {
+                Settings: [
+                  {
+                    Item: 'ApplicationConfiguration',
+                    Identifier: request_params.require(:Identifier),
+                    Configuration: request_params[:Configuration]
+                  }
+                ]
+              })        
+    end
+
+    def self.payload_identify(device, request_params)
+      params = request_params.permit(:Identifier)
+      payload_set_app_settings(
+        device,
+        ActionController::Parameters.new(
+          {
+            Configuration: {
+              device: {
+                udid: device.udid,
+                serial_number: device.serial_number || 'N/A'
+              }
+            }
+          }.merge(params)
+        )
+      )
+    end
+
+    private
+
+    def self.payload(command, params = {})
+      uuid = SecureRandom.uuid
+
+      [
+        uuid,
+        {
+          CommandUUID: uuid,
+          Command: { RequestType: command }.merge(params)
+        }.to_plist.gsub("\n", '').gsub("\t", '')
+      ]
+    end
+  end
+end