onelogin 1.3.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b149586910635855872b58c39e17cecf82dbf489
-  data.tar.gz: 1886b20c18c654706ba9b815187a1ab33bb9f5ab
+  metadata.gz: e2f3757a3f4b5a485045078f5e97498e20190ff9
+  data.tar.gz: c2175985e00c53f6fa83d27bbd666ea55dda977f
 SHA512:
-  metadata.gz: 9786512a9794cdc1e267436ed1021d275ab05c147b4f80e01a5a6add0027abb12a9fac0148877cfe91ac099ce46c7d6e4ece02a25555ae0dfcbe51910b3dd054
-  data.tar.gz: 2f5aa83177a386e77c256ad884e4bd1fbdcf945f7c42f32a82b6d09cbdb3abbc38404abbf6728137369784eb88f96077d3c58648ba7b2555ca1e5a13812edf00
+  metadata.gz: 4e4056a209d371b7566248766646fd442996b52ae530106b6b0fbe57885306b7f1ca981a4f1d94a6b726c6e7942970f21352b3148137ffe696fdeb107981ddbf
+  data.tar.gz: 6b2c498d6067207d8306c90dd65ff2cd6d6f78848a6e716b6f9ebdbf404eb19e1dc3870c6095e03ebe86708ff796bac5a25bf77620627014f64e45d89758f6cf

data/README.md

@@ -235,6 +235,9 @@ apps = client.get_user_apps(user.id)
 # Get User Roles
 role_ids = client.get_user_roles(user.id)
 
+# Generate MFA Token
+mfa_token = client.generate_mfa_token(user.id)
+
 # Create user
 new_user_params = {
     email: "testcreate_1@example.com",

data/examples/rails-custom-login-page/README.md

@@ -7,8 +7,6 @@ over the look & feel.
 
 The downside to this approach is that you have to implement MFA and password resets etc yourself. However we do have the APIs for these actions available and have demonstrated how to use them in this app.
 
-![Custom Login](https://s3.amazonaws.com/onelogin-screenshots/dev_site/images/custom-login-os.gif)
-
 If you want a standards based, out of the box way to authenticate users then we recommend you use [our OpenId Connect implementation](https://github.com/onelogin/onelogin-oidc-ruby).
 
 ## Get Started
@@ -17,6 +15,9 @@ The sample tries to keep everything as simple as possible so only
 implements
 * Login - Authenticate users in a single request to OneLogin with out any redirects
 * MFA - Does MFA verification if required
+* Password Reset with user verification via MFA
+* Self sign Up / Create a new user
+* Onboard / Activate a user
 * User Apps - List apps available to a user and provides SSO links
 * User Roles - Lists a users roles
 * Logout - destroying the local session and revoking the token at OneLogin

data/examples/rails-custom-login-page/app/assets/stylesheets/application.css

@@ -12,64 +12,4 @@
  *
  *= require_tree .
  *= require_self
- */
-
-body {
-  padding: 20px;
-  font-family: Arial, Helvetica, sans-serif
-}
-
-.alert, .error {
-  color: red;
-  text-align: center;
-}
-
-.row {
-  padding: 5px 0px;
-}
-
-.row span {
-  display: inline-block;
-  font-weight: bold;
-}
-
-.form {
-  width: 300px;
-  margin: 0 auto;
-  text-align: center;
-  padding: 50px;
-  background: green; /* For browsers that do not support gradients */
-  background: -webkit-linear-gradient(left, orange , yellow, green, cyan, blue, violet); /* For Safari 5.1 to 6.0 */
-  background: -o-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Opera 11.1 to 12.0 */
-  background: -moz-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Firefox 3.6 to 15 */
-  background: linear-gradient(to right, orange , yellow, green, cyan, blue, violet); /* Standard syntax (must be last) */
-}
-
-.form input {
-  width: 90%;
-  padding: 5px;
-  margin: 5px;
-}
-
-.form h1 {
-  color: #fff;
-}
-
-.login-footer {
-  width: 300px;
-  margin: 50px auto;
-  text-align: center;
-}
-
-form.edit div {
-  padding: 10px;
-}
-
-table.list {
-  width: 100%;
-}
-
-table.list tr td {
-  padding: 5px;
-  border-bottom: 1px #ccc solid;
-}
+ */

data/examples/rails-custom-login-page/app/controllers/sessions_controller.rb

@@ -1,7 +1,7 @@
 class SessionsController < ApplicationController
   def new
     response = log_in(params['username'], params['password'])
-    status = response ? :ok : :unauthorized
+    status = response[:error] ? :unauthorized : :ok
 
     render json: response, status: status
   end
@@ -17,7 +17,7 @@ class SessionsController < ApplicationController
   # available to verify token before
   # password reset is completed
   def forgot_password
-    user = validate_user(params['username'])
+    user = validate_user(params['forgot_username'])
 
     devices = get_mfa_devices(user.id)
 
@@ -28,9 +28,9 @@ class SessionsController < ApplicationController
 
   # Verify MFA token and then update password
   def reset_password
-    if verify_token(params['device_id'], params['otp_token'])
+    if verify_token(params['reset_device_id'], params['reset_otp_token'])
       status = :ok
-      response = set_password(session[:user_id], params['password'])
+      response = set_password(session[:user_id], params['new_password'])
     else
       status = :unauthorized
       response = 'Invalid token'

data/examples/rails-custom-login-page/app/controllers/users_controller.rb

@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
 
-  before_action :require_current_user
+  before_action :require_current_user, except: [:new, :create, :onboard, :activate]
   before_action :set_user, only: [:show, :edit, :update, :destroy]
 
   # GET /users
@@ -16,7 +16,6 @@ class UsersController < ApplicationController
 
   # GET /users/new
   def new
-    @user = User.new
   end
 
   # GET /users/1/edit
@@ -26,17 +25,52 @@ class UsersController < ApplicationController
   # POST /users
   # POST /users.json
   def create
-    @user = User.new(user_params)
+    # Create a user
+    user = api_client.create_user(user_params)
+    # Update custom attributes
+    api_client.set_custom_attribute_to_user(user.id, custom_user_params)
+    # Set status to unactivated
+    api_client.update_user(user.id, status: 0)
 
-    respond_to do |format|
-      if @user.save
-        format.html { redirect_to @user, notice: 'User was successfully created.' }
-        format.json { render :show, status: :created, location: @user }
-      else
-        format.html { render :new }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
+    if api_client.error
+      puts api_client.error_description
+    end
+
+    redirect_to onboard_path, notice: 'User has been created with status set to unactivated'
+  end
+
+  # GET /onboard
+  def onboard
+  end
+
+  # POST /activate
+  def activate
+    # Search for a user with this email address
+    @user = api_client.get_users(email: user_params[:email]).first
+
+    unless @user && verify_dob && verify_ssn
+      return redirect_to onboard_path, notice: "User #{user_params[:email]} was not verified"
+    end
+
+    # Update password
+    unless api_client.set_password_using_clear_text(@user.id, user_params[:password], user_params[:password])
+      return redirect_to onboard_path, notice: "Password update failed. #{api_client.error_description}"
     end
+
+    # Activate user
+    api_client.update_user(@user.id, status: 1)
+
+    # Redirect to login page
+    redirect_to home_index_path
+  end
+
+  # Verify dob and ssn match
+  def verify_ssn
+    @user.custom_attributes["custom_ssn"].eql? (custom_user_params[:custom_ssn])
+  end
+
+  def verify_dob
+    @user.custom_attributes["custom_dob"].eql? (custom_user_params[:custom_dob])
   end
 
   # PATCH/PUT /users/1
@@ -70,17 +104,13 @@ class UsersController < ApplicationController
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_user
-      @user = api_client.get_user(params[:id])
-    end
 
     # Never trust parameters from the scary internet, only allow the white list through.
     def user_params
-      params.permit(:firstname, :lastname, :email, :phone, :custom_field)
+      params.permit(:firstname, :lastname, :email, :phone, :custom_field, :username, :password)
     end
 
     def custom_user_params
-      params.permit(:custom_field)
+      params.permit(:custom_field, :custom_dob, :custom_ssn)
     end
 end

data/examples/rails-custom-login-page/app/helpers/sessions_helper.rb

@@ -8,7 +8,7 @@ module SessionsHelper
       },
       request.base_url # included for CORS session cookie request
     )
-    return nil unless response
+    return { error: api_client.error_description } unless response
 
     if response.is_a? OneLogin::Api::Models::SessionTokenMFAInfo
       session[:state_token] = response.state_token

data/examples/rails-custom-login-page/app/helpers/users_helper.rb

@@ -1,2 +1,3 @@
 module UsersHelper
+
 end

data/examples/rails-custom-login-page/app/views/home/index.html.erb

@@ -20,7 +20,9 @@
           <label for="password">Password</label>
           <%= password_field_tag :password, nil, placeholder: 'Enter Password', class: 'form-control' %>
         </div>
-        <button type="submit" class="btn btn-primary">Login</button> or <a href="#" class="forgot">Forgot Password</a>
+        <button type="submit" class="btn btn-primary">Login</button>
+        <hr/>
+        <a href="#" class="forgot">Forgot Password</a> | <a href="/signup">Sign Up</a>
       <% end %>
 
       <%= form_tag("/verify_mfa", method: "post", class: 'mfa-form') do %>
@@ -37,24 +39,24 @@
 
       <%= form_tag("/forgot_password", method: "post", class: 'forgot-password-form') do %>
         <div class="form-group">
-          <label for="username">Username</label>
-          <%= text_field_tag :username, nil, placeholder: 'Enter Username', class: 'form-control' %>
+          <label for="forgot_username">Username</label>
+          <%= text_field_tag :forgot_username, nil, placeholder: 'Enter Username', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Reset Password</button> or <a href="/">Login</a>
       <% end %>
 
       <%= form_tag("/reset_password", method: "post", class: 'reset-password-form') do %>
         <div class="form-group">
-          <label for="device_id">MFA Device</label>
-          <%= select_tag :device_id, nil, {:class => 'form-control'} %>
+          <label for="reset_device_id">MFA Device</label>
+          <%= select_tag :reset_device_id, nil, {:class => 'form-control'} %>
         </div>
         <div class="form-group">
-          <label for="otp_token">Token</label>
-          <%= text_field_tag :otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
+          <label for="reset_otp_token">Token</label>
+          <%= text_field_tag :reset_otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
         </div>
         <div class="form-group">
-          <label for="password">New Password</label>
-          <%= password_field_tag :password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
+          <label for="new_password">New Password</label>
+          <%= password_field_tag :new_password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Save Password</button>
       <% end %>
@@ -129,7 +131,8 @@
         },
         error: function(xhr, status, err) {
           console.log(err);
-          showAlert('danger','Login Failed');
+          console.log(xhr);
+          showAlert('danger', xhr.responseJSON.error);
           $(".login-form input[type=submit]").removeAttr("disabled");
         },
       });

data/examples/rails-custom-login-page/app/views/layouts/application.html.erb

@@ -10,8 +10,20 @@
   </head>
 
   <body>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+      <a class="navbar-brand" href="#">OneLogin Ruby SDK Sample</a>
+      <div class="collapse navbar-collapse" id="navbarNavAltMarkup">
+        <div class="navbar-nav">
+          <a class="nav-item nav-link active" href="/">Login</a>
+          <a class="nav-item nav-link" href="/signup">Sign Up</a>
+          <a class="nav-item nav-link" href="/onboard">Onboard</a>
+        </div>
+      </div>
+    </nav>
+
+
     <% flash.each do |key, value| %>
-      <div class="alert alert-<%= key %>"><%= value %></div>
+      <div class="alert alert-warning"><%= value %></div>
     <% end %>
 
     <%= yield %>

data/examples/rails-custom-login-page/app/views/users/new.html.erb

@@ -1,5 +1,60 @@
-<h1>New User</h1>
+<div class="jumbotron">
+  <p>This is a simple demo of how to sign up a new user and then make them activate their account</p>
+</div>
 
-<%= render 'form', user: @user %>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
 
-<%= link_to 'Back', users_path %>
+      <div class="alert alert-danger message" role="alert">
+      </div>
+
+      <%= form_tag("/users", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="firstname">First Name</label>
+          <%= text_field_tag :firstname, nil, placeholder: 'First Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="lastname">Last Name</label>
+          <%= text_field_tag :lastname, nil, placeholder: 'Last Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Sign Up</button>
+        <hr/>
+        <a href="/">Login</a>
+      <% end %>
+
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/app/views/users/onboard.html.erb

@@ -0,0 +1,54 @@
+<div class="jumbotron">
+  <p>This shows how an unactivated user could supply infomation to complete a sign up flow</p>
+</div>
+
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
+
+      <div class="alert alert-danger message" role="alert">
+      </div>
+
+      <%= form_tag("/activate", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="password">Password</label>
+          <%= password_field_tag :password, nil, placeholder: 'Make up a password', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Activate Account</button>
+      <% end %>
+
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/config/routes.rb

@@ -11,6 +11,10 @@ Rails.application.routes.draw do
 
   get 'users', to: 'users#index'
   get 'users/:id', to: 'users#show', as: 'user'
+  get 'signup', to: 'users#new'
+  get 'onboard', to: 'users#onboard'
+  post 'users', to: 'users#create'
+  post 'activate', to: 'users#activate'
   get 'users/:id/edit', to: 'users#edit', as: 'edit_user'
   patch 'users/:id', to: 'users#update', as: 'update_user'
 

data/lib/onelogin/api/client.rb

@@ -941,6 +941,52 @@ module OneLogin
         false
       end
 
+      # Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period.
+      # For example, use this token for account recovery.
+      #
+      # @param user_id [Integer] Id of the user
+      # @param expires_in [Integer] Set the duration of the token in seconds.
+      #                             (default: 259200 seconds = 72h) 72 hours is the max value.
+      # @param reusable [Boolean] Defines if the token reusable. (default: false) If set to true, token can be used for multiple apps, until it expires.
+      #
+      # @return [MFAToken] if the action succeed
+      #
+      # @see {https://developers.onelogin.com/api-docs/1/multi-factor-authentication/generate-mfa-token Generate MFA Token documentation}
+      def generate_mfa_token(user_id, expires_in=259200, reusable=False)
+        clean_error
+        prepare_token
+
+        begin
+          url = url_for(GENERATE_MFA_TOKEN_URL, user_id)
+
+          data = {
+            'expires_in' => expires_in,
+            'reusable' => reusable
+          }
+
+          response = self.class.post(
+            url,
+            headers: authorized_headers,
+            body: data.to_json
+          )
+
+          if response.code == 201
+            json_data = JSON.parse(response.body)
+            if !json_data.empty?
+              return OneLogin::Api::Models::MFAToken.new(json_data)
+            end
+          else
+            @error = extract_status_code_from_response(response)
+            @error_description = extract_error_message_from_response(response)
+          end
+        rescue Exception => e
+          @error = '500'
+          @error_description = e.message
+        end
+
+        nil
+      end
+
       # Generates a session login token in scenarios in which MFA may or may not be required.
       # A session login token expires two minutes after creation.
       #

data/lib/onelogin/api/models.rb

@@ -6,6 +6,7 @@ require 'onelogin/api/models/event_type'
 require 'onelogin/api/models/factor_enrollment_response'
 require 'onelogin/api/models/group'
 require 'onelogin/api/models/mfa'
+require 'onelogin/api/models/mfa_token'
 require 'onelogin/api/models/onelogin_token'
 require 'onelogin/api/models/otp_device'
 require 'onelogin/api/models/privilege'

data/lib/onelogin/api/models/mfa_token.rb

@@ -0,0 +1,18 @@
+module OneLogin
+  module Api
+    module Models
+
+      class MFAToken
+
+        attr_accessor :value, :expires_at, :reusable
+
+        def initialize(data)
+          @value = data['mfa_token']
+          @expires_at = data['expires_at']
+          @reusable = data['reusable']
+        end
+      end
+
+    end
+  end
+end

data/lib/onelogin/api/util/constants.rb

@@ -32,6 +32,7 @@ module OneLogin
         SET_USER_STATE_URL = "https://api.%s.onelogin.com/api/1/users/%s/set_state"
         LOG_USER_OUT_URL = "https://api.%s.onelogin.com/api/1/users/%s/logout"
         LOCK_USER_URL = "https://api.%s.onelogin.com/api/1/users/%s/lock_user"
+        GENERATE_MFA_TOKEN_URL = "https://api.%s.onelogin.com/api/1/users/%s/mfa_token"
 
         # Role URLs
         GET_ROLES_URL = "https://api.%s.onelogin.com/api/1/roles"

data/lib/onelogin/version.rb

@@ -1,3 +1,3 @@
 module OneLogin
-  VERSION = "1.3.1"
+  VERSION = "1.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: onelogin
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
 platform: ruby
 authors:
 - OneLogin
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2019-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -153,6 +153,7 @@ files:
 - examples/rails-custom-login-page/app/views/users/index.html.erb
 - examples/rails-custom-login-page/app/views/users/index.json.jbuilder
 - examples/rails-custom-login-page/app/views/users/new.html.erb
+- examples/rails-custom-login-page/app/views/users/onboard.html.erb
 - examples/rails-custom-login-page/app/views/users/show.html.erb
 - examples/rails-custom-login-page/app/views/users/show.json.jbuilder
 - examples/rails-custom-login-page/bin/bundle
@@ -226,6 +227,7 @@ files:
 - lib/onelogin/api/models/factor_enrollment_response.rb
 - lib/onelogin/api/models/group.rb
 - lib/onelogin/api/models/mfa.rb
+- lib/onelogin/api/models/mfa_token.rb
 - lib/onelogin/api/models/onelogin_token.rb
 - lib/onelogin/api/models/otp_device.rb
 - lib/onelogin/api/models/privilege.rb
@@ -265,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: http://www.rubygems.org/gems/onelogin-ruby-sdk
-rubygems_version: 2.2.2
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: OneLogin's Ruby SDK.