onelogin 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7fca4bd8901e5234c12acd2fcbf85179634aeb25
-  data.tar.gz: 8b7e7cb38fac5a432812cd12705c55e4539f4fac
+  metadata.gz: b149586910635855872b58c39e17cecf82dbf489
+  data.tar.gz: 1886b20c18c654706ba9b815187a1ab33bb9f5ab
 SHA512:
-  metadata.gz: 671935da852605381ade21ea1ee8dffb13f788a6ee50af30842a7e4edc5edba97b30a112280f69a9ec817c73b20f6e65eec189e95cc1b3c23c47a9d86a25bc3c
-  data.tar.gz: bc7473a57abbbcb9fd20637c589d32f57e27f29089dd1af4e9d641193c019c14267c331ea6aad91c8a1d0368029a9eebfd0c84928d5d177bc5ae39f400a2b1c7
+  metadata.gz: 9786512a9794cdc1e267436ed1021d275ab05c147b4f80e01a5a6add0027abb12a9fac0148877cfe91ac099ce46c7d6e4ece02a25555ae0dfcbe51910b3dd054
+  data.tar.gz: 2f5aa83177a386e77c256ad884e4bd1fbdcf945f7c42f32a82b6d09cbdb3abbc38404abbf6728137369784eb88f96077d3c58648ba7b2555ca1e5a13812edf00

data/README.md

@@ -341,6 +341,76 @@ sent = client.send_invite_link("user@example.com")
 #Get Apps to Embed for a User
 embed_token = "30e256c101cd0d2e731de1ec222e93c4be8a1572"
 apps = client.get_embed_apps("30e256c101cd0d2e731de1ec222e93c4be8a1572", "user@example.com")
+
+# Get Privileges
+privileges = client.get_privileges()
+
+# Create Privilege
+name = "privilege_example"
+version = "2018-05-18"
+
+statement1 = OneLogin::Api::Models::Statement.new(
+    "Allow",
+    [
+        "users:List",
+        "users:Get",
+    ],
+    ["*"]
+)
+
+statement2 = OneLogin::Api::Models::Statement.new(
+    "Allow",
+    [
+        "apps:List",
+        "apps:Get",
+    ],
+    ["*"]
+)
+
+statements = [
+    statement1,
+    statement2
+]
+privilege = client.create_privilege(name, version, statements)
+
+# Update Privilege
+name = "privilege_example_updated"
+statement2 = OneLogin::Api::Models::Statement.new(
+    "Allow",
+    [
+        "apps:List",
+    ],
+    ["*"]
+)
+statements = [
+    statement1,
+    statement2
+]
+privilege = client.update_privilege(privilege.id, name, version, statements)
+
+# Get Privilege
+privileges = client.get_privilege(privilege.id)
+
+# Delete Privilege
+result = client.delete_privilege(privilege.id)
+
+# Gets a list of the roles assigned to a privilege
+assigned_roles = client.get_roles_assigned_to_privilege(privilege.id)
+
+# Assign roles to a privilege
+result = client.assign_roles_to_privilege(privilege.id, [role_id1, role_id2])
+
+# Remove role from a privilege
+result = client.remove_role_from_privilege(privilege.id, role_id_1)
+
+# Gets a list of the users assigned to a privilege
+assigned_users = client.get_users_assigned_to_privilege(privilege.id)
+
+# Assign users to a privilege
+result = client.assign_users_to_privilege(privilege.id, [user_id1, user_id2])
+
+# Remove user from a privilege
+result = client.remove_user_from_privilege(privilege.id, user_id2)
 ```
 
 ## Proxy Servers

data/examples/events-to-csv.rb

@@ -24,13 +24,13 @@ OptionParser.new do |opts|
     options[:since] = s.iso8601
   end
 
-  opts.on("-lLAST", "--LAST=LAST", Integer, "Events since this many days ago") do |d|
+  opts.on("-lLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
     now = Date.today
     days_ago = (now - d)
     options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
   end
 
-  opts.on("-uUNTIL", "--UNTIL=UNTIL", Time, "Events before this date") do |u|
+  opts.on("-bUNTIL", "--until=UNTIL", Time, "Events before this date") do |u|
     options[:until] = u.iso8601
   end
 

data/examples/rails-custom-login-page/app/assets/stylesheets/application.css

@@ -33,7 +33,7 @@ body {
   font-weight: bold;
 }
 
-.login-form, .mfa-form {
+.form {
   width: 300px;
   margin: 0 auto;
   text-align: center;
@@ -45,13 +45,13 @@ body {
   background: linear-gradient(to right, orange , yellow, green, cyan, blue, violet); /* Standard syntax (must be last) */
 }
 
-.login-form input, .mfa-form input {
+.form input {
   width: 90%;
   padding: 5px;
   margin: 5px;
 }
 
-.login-form h1, .mfa-form h1 {
+.form h1 {
   color: #fff;
 }
 

data/examples/rails-custom-login-page/app/controllers/sessions_controller.rb

@@ -13,6 +13,32 @@ class SessionsController < ApplicationController
     render json: response, status: status
   end
 
+  # Checks for user and gets MFA devices
+  # available to verify token before
+  # password reset is completed
+  def forgot_password
+    user = validate_user(params['username'])
+
+    devices = get_mfa_devices(user.id)
+
+    status = user ? :ok : :not_found
+
+    render json: devices, status: status
+  end
+
+  # Verify MFA token and then update password
+  def reset_password
+    if verify_token(params['device_id'], params['otp_token'])
+      status = :ok
+      response = set_password(session[:user_id], params['password'])
+    else
+      status = :unauthorized
+      response = 'Invalid token'
+    end
+
+    render json: response, status: status
+  end
+
   def destroy
     log_out
     redirect_to root_url

data/examples/rails-custom-login-page/app/helpers/sessions_helper.rb

@@ -57,4 +57,31 @@ module SessionsHelper
   def current_user_id
     session[:user]['id'] if current_user
   end
+
+  def validate_user(username)
+    user = api_client.get_users(username: username).first
+
+    if user
+      session[:user_id] = user.id
+    end
+
+    user
+  end
+
+  def get_mfa_devices(user_id)
+    devices = api_client.get_enrolled_factors(user_id)
+
+    # only return devices that dont need a trigger.
+    # i.e. this sample does not support push yet
+    devices.select {|d| d.needs_trigger == true }
+  end
+
+  def verify_token(device_id, mfa_token)
+    puts "VERIFY MFA TOKEN User:#{session[:user_id]}, Device:#{device_id}, Token:#{mfa_token}"
+    api_client.verify_factor(session[:user_id], device_id, mfa_token)
+  end
+
+  def set_password(user_id, password)
+    api_client.set_password_using_clear_text(user_id, password, password)
+  end
 end

data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb

@@ -1,37 +1,50 @@
-<h1>Dashboard</h1>
-<p>
-  You must be authenticated to see this page so if you're seeing it then
-  everything worked as expected 🎉
-</p>
-
-<p>
-  <a href="/users">List Users</a> | <a href="/logout">Log Out</a>
-</p>
-
-<h2>Apps</h2>
-<%@apps.each do |app|%>
+<div class="jumbotron">
+  <h1>Dashboard</h1>
+  <p>
+    You must be authenticated to see this page so if you're seeing it then
+    everything worked as expected 🎉
+  </p>
+  <p>
+    <a href="/users">List Users</a> | <a href="/logout">Log Out</a>
+  </p>
+</div>
+
+<div class="container">
   <div class="row">
-    <span><a href="https://<%= ONELOGIN_SUBDOMAIN %>.onelogin.com/launch/<%= app.id %>"><%= app.name %></a></span>
+    <div class="col-sm">
+      <h2>Apps</h2>
+      <ul class="list-group">
+      <%@apps.each do |app|%>
+        <li class="list-group-item"><a href="https://<%= ONELOGIN_SUBDOMAIN %>.onelogin.com/launch/<%= app.id %>"><%= app.name %></a></li>
+      <%end%>
+      </ul>
+    </div>
+    <div class="col-sm">
+      <h2>Roles</h2>
+      <ul class="list-group">
+      <%@roles.each do |role|%>
+        <li class="list-group-item"><%= role.name %></li>
+      <%end%>
+      </ul>
+
+      <br/>
+
+      <h2>Profile</h2>
+      <ul class="list-group">
+        <%current_user.each do |k, v|%>
+          <li class="list-group-item">
+            <b><%= k%>:</b> <%= v%>
+          </li>
+        <%end%>
+      </ul>
+    </div>
   </div>
-<%end%>
+</div>
+
 
-<hr>
 
-<h2>Roles</h2>
-<%@roles.each do |role|%>
-  <div class="row">
-    <span><%= role.name %></span>
-  </div>
-<%end%>
 
-<hr>
 
-<h2>Profile</h2>
 
-<%current_user.each do |k, v|%>
-  <div class="row">
-    <span><%= k%>:</span> <%= v%>
-  </div>
-<%end%>
 
 

data/examples/rails-custom-login-page/app/views/home/index.html.erb

@@ -1,33 +1,73 @@
-<div class="login-footer">
-  This is a simple demo of how to authenticate
-  a user and handle MFA when required
+<div class="jumbotron">
+  <p>This is a simple demo of how to authenticate a user and handle MFA when required</p>
 </div>
-<div class="error"></div>
-<div class="login-form">
-  <h1>Custom Login</h1>
-  <%= form_tag("/login", method: "post") do %>
-    <div>
-      <%= text_field_tag :username, nil, placeholder: 'Enter Username' %>
-    </div>
-    <div>
-      <%= password_field_tag :password, nil, placeholder: 'Enter Password' %>
+
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
     </div>
-    <%= submit_tag("Login") %>
-  <% end %>
-</div>
-<div class="mfa-form">
-  <h1>MFA Required</h1>
-  <%= form_tag("/verify_mfa", method: "post") do %>
-    <div>
-      <%= select_tag :device_id %>
+    <div class="col-sm">
+
+      <div class="alert alert-danger message" role="alert">
+      </div>
+
+      <%= form_tag("/login", method: "post", class: 'login-form') do %>
+        <div class="form-group">
+          <label for="username">Username</label>
+          <%= text_field_tag :username, nil, placeholder: 'Enter Username', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="password">Password</label>
+          <%= password_field_tag :password, nil, placeholder: 'Enter Password', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Login</button> or <a href="#" class="forgot">Forgot Password</a>
+      <% end %>
+
+      <%= form_tag("/verify_mfa", method: "post", class: 'mfa-form') do %>
+        <div class="form-group">
+          <label for="device_id">MFA Device</label>
+          <%= select_tag :device_id, nil, {:class => 'form-control'} %>
+        </div>
+        <div class="form-group">
+          <label for="otp_token">Token</label>
+          <%= text_field_tag :otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Verify Token</button>
+      <% end %>
+
+      <%= form_tag("/forgot_password", method: "post", class: 'forgot-password-form') do %>
+        <div class="form-group">
+          <label for="username">Username</label>
+          <%= text_field_tag :username, nil, placeholder: 'Enter Username', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Reset Password</button> or <a href="/">Login</a>
+      <% end %>
+
+      <%= form_tag("/reset_password", method: "post", class: 'reset-password-form') do %>
+        <div class="form-group">
+          <label for="device_id">MFA Device</label>
+          <%= select_tag :device_id, nil, {:class => 'form-control'} %>
+        </div>
+        <div class="form-group">
+          <label for="otp_token">Token</label>
+          <%= text_field_tag :otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="password">New Password</label>
+          <%= password_field_tag :password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Save Password</button>
+      <% end %>
+
     </div>
-    <div>
-      <%= text_field_tag :otp_token, nil, placeholder: 'Enter token' %>
+    <div class="col-sm">
     </div>
-    <%= submit_tag("Verify Token") %>
-  <% end %>
+  </div>
 </div>
 
+
+
+
 <script type="text/javascript">
 
   var ONELOGIN_SUBDOMAIN = "<%= ONELOGIN_SUBDOMAIN %>"
@@ -43,11 +83,29 @@
     xhr.send(JSON.stringify(body));
   };
 
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+
   $(function(){
+    hideAlert();
     $(".login-form").show();
     $(".mfa-form").hide();
+    $(".forgot-password-form").hide();
+    $(".reset-password-form").hide();
 
-    $(".login-form form").on("submit", function(event){
+    $(".forgot").click(function(e){
+      e.preventDefault();
+      $(".forgot-password-form").show();
+      $(".login-form").hide();
+    });
+
+    $(".login-form").on("submit", function(event){
       $.ajax({
         type: "POST",
         url: this.action,
@@ -56,8 +114,10 @@
           console.log(res);
           if(res.requires_mfa){
             console.log('requires mfa')
+            showAlert('danger', 'MFA Required')
+
             for(var i=0; i<res.devices.length; i++){
-              $('select').append('<option value="' + res.devices[i].id + '">' + res.devices[i].type + '</option>');
+              $('.mfa-form select').append('<option value="' + res.devices[i].id + '">' + res.devices[i].type + '</option>');
             }
             $(".login-form").hide();
             $(".mfa-form").show();
@@ -69,14 +129,14 @@
         },
         error: function(xhr, status, err) {
           console.log(err);
-          $(".error").text("Login Failed").show();
-          $(".login-form form input[type=submit]").removeAttr("disabled");
+          showAlert('danger','Login Failed');
+          $(".login-form input[type=submit]").removeAttr("disabled");
         },
       });
       event.preventDefault();
     });
 
-    $(".mfa-form form").on("submit", function(event){
+    $(".mfa-form").on("submit", function(event){
       $.ajax({
         type: "POST",
         url: this.action,
@@ -89,15 +149,58 @@
         },
         error: function(xhr, status, err) {
           console.log(err);
-          $(".error").text("MFA Verification Failed").show();
+          showAlert("danger", "MFA Verification Failed");
           $(".login-form").show();
           $(".mfa-form").hide();
-          $(".login-form form input[type=submit]").removeAttr("disabled");
-          $(".mfa-form form input[type=submit]").removeAttr("disabled");
+          $(".login-form input[type=submit]").removeAttr("disabled");
+          $(".mfa-form input[type=submit]").removeAttr("disabled");
         },
       });
       event.preventDefault();
     });
-  })
 
+    $(".forgot-password-form").on("submit", function(event){
+      $.ajax({
+        type: "POST",
+        url: this.action,
+        data: $(this).serialize(),
+        success: function(res, status, xhr) {
+          console.log(res);
+
+          for(var i=0; i<res.length; i++){
+            $('.reset-password-form select').append('<option value="' + res[i].id + '">' + res[i].auth_factor_name + '</option>');
+          }
+
+          $(".forgot-password-form").hide();
+          $(".reset-password-form").show();
+        },
+        error: function(xhr, status, err) {
+          console.log(err);
+          showAlert("danger", "User not found");
+        },
+      });
+      event.preventDefault();
+    });
+
+    $(".reset-password-form").on("submit", function(event){
+      $.ajax({
+        type: "POST",
+        url: this.action,
+        data: $(this).serialize(),
+        success: function(res, status, xhr) {
+          console.log(res);
+
+          $(".login-form").show();
+          $(".forgot-password-form").hide();
+          $(".reset-password-form").hide();
+          showAlert("success", "Password changed");
+        },
+        error: function(xhr, status, err) {
+          console.log(err);
+          showAlert("danger", err);
+        },
+      });
+      event.preventDefault();
+    });
+  })
 </script>