onelogin 1.3.1 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/git-secrets-public.yml +55 -0
- data/README.md +64 -0
- data/examples/Gemfile.lock +10 -6
- data/examples/another-get-all-login-events-of-last-day-to-csv.rb +141 -0
- data/examples/events-to-csv.rb +3 -3
- data/examples/get-all-login-events-of-last-day-to-csv.rb +88 -0
- data/examples/rails-custom-login-page/Gemfile +2 -2
- data/examples/rails-custom-login-page/Gemfile.lock +20 -16
- data/examples/rails-custom-login-page/README.md +35 -2
- data/examples/rails-custom-login-page/app/assets/stylesheets/application.css +1 -61
- data/examples/rails-custom-login-page/app/controllers/home_controller.rb +1 -0
- data/examples/rails-custom-login-page/app/controllers/sessions_controller.rb +4 -4
- data/examples/rails-custom-login-page/app/controllers/users_controller.rb +48 -14
- data/examples/rails-custom-login-page/app/helpers/sessions_helper.rb +1 -1
- data/examples/rails-custom-login-page/app/helpers/users_helper.rb +1 -0
- data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb +2 -9
- data/examples/rails-custom-login-page/app/views/home/index.html.erb +84 -18
- data/examples/rails-custom-login-page/app/views/layouts/application.html.erb +13 -1
- data/examples/rails-custom-login-page/app/views/users/edit.html.erb +30 -24
- data/examples/rails-custom-login-page/app/views/users/index.html.erb +30 -27
- data/examples/rails-custom-login-page/app/views/users/new.html.erb +58 -3
- data/examples/rails-custom-login-page/app/views/users/onboard.html.erb +54 -0
- data/examples/rails-custom-login-page/app/views/users/show.html.erb +16 -13
- data/examples/rails-custom-login-page/config/initializers/onelogin.rb +3 -1
- data/examples/rails-custom-login-page/config/routes.rb +4 -0
- data/examples/rails-custom-login-page/config/secrets.yml.sample +2 -0
- data/lib/onelogin/api/client.rb +682 -10
- data/lib/onelogin/api/cursor.rb +4 -3
- data/lib/onelogin/api/models/connector_basic.rb +20 -0
- data/lib/onelogin/api/models/event.rb +6 -1
- data/lib/onelogin/api/models/event_type.rb +2 -2
- data/lib/onelogin/api/models/mfa_token.rb +18 -0
- data/lib/onelogin/api/models/onelogin_app.rb +62 -0
- data/lib/onelogin/api/models/onelogin_app_basic.rb +51 -0
- data/lib/onelogin/api/models/onelogin_app_v1.rb +22 -0
- data/lib/onelogin/api/models/user.rb +1 -1
- data/lib/onelogin/api/models.rb +5 -0
- data/lib/onelogin/api/util/constants.rb +18 -0
- data/lib/onelogin/version.rb +1 -1
- data/onelogin.gemspec +2 -2
- metadata +16 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43e75b93559432eb4abb128fda09326b0888f7dd
|
4
|
+
data.tar.gz: dffa50f002def9f773dfbfbb7d2aa26dc7752769
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dac538dcd80c1ae95c87f7235c6803fb7dd112671c6e1dedf1609e909da25aae8f4e50b5510545d2cef08e0eccb77069b94909cf9fb8b977fa961ca96951ca92
|
7
|
+
data.tar.gz: 9270fff7c56ba05816435ef2ecc81a3581e4771926c0108cbad490e584bcadbd07e2ed774b9308f923f6e2fafadde79b8af0c06d9aa60387ca678ab95bca760f
|
@@ -0,0 +1,55 @@
|
|
1
|
+
name: git-secrets
|
2
|
+
|
3
|
+
on: [push,pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
|
9
|
+
steps:
|
10
|
+
- name: Checkout
|
11
|
+
uses: actions/checkout@v2
|
12
|
+
with:
|
13
|
+
path: source
|
14
|
+
|
15
|
+
- name: Install git-secrets
|
16
|
+
shell: bash
|
17
|
+
run: |
|
18
|
+
cd ..
|
19
|
+
echo 'cloning https://github.com/awslabs/git-secrets.git'
|
20
|
+
git clone https://github.com/awslabs/git-secrets.git
|
21
|
+
cd git-secrets
|
22
|
+
echo 'installing git-secrets'
|
23
|
+
sudo make install
|
24
|
+
- name: Add Rules
|
25
|
+
shell: bash
|
26
|
+
run: |
|
27
|
+
cd source
|
28
|
+
echo 'running git-secrets'
|
29
|
+
pwd
|
30
|
+
git secrets --add '[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"~\\s]'
|
31
|
+
git secrets --add 'AIza[0-9A-Za-z\\-_]{35}'
|
32
|
+
git secrets --add 'LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tL[%a-zA-Z0-9+/]+={0,2}'
|
33
|
+
git secrets --add 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
|
34
|
+
git secrets --add 'LS0tLS1CRUdJTiBEU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
|
35
|
+
git secrets --add 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0t[%a-zA-Z0-9+/]+={0,2}'
|
36
|
+
git secrets --add 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS[%a-zA-Z0-9+/]+={0,2}'
|
37
|
+
git secrets --add '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
|
38
|
+
git secrets --add '[Tt][Ww][Ii][Tt][Tt][Ee][Rr][^/]{0,50}[0-9a-zA-Z]{35,44}'
|
39
|
+
git secrets --add '[Hh][Oo][Cc][Kk][Ee][Yy].{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
|
40
|
+
git secrets --add '(QTNU|QUtJQ|QUdQQ|QUlEQ|QVJPQ|QUlQQ|QU5QQ|QU5WQ|QVNJQ)[%a-zA-Z0-9+/]{20,24}={0,2}'
|
41
|
+
git secrets --add 'ya29\\.[0-9A-Za-z\\-_]+'
|
42
|
+
git secrets --add 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'
|
43
|
+
git secrets --add '[0-9a-f]{32}-us[0-9]{1,2}'
|
44
|
+
git secrets --add '[Ss][Aa][Uu][Cc][Ee].{0,50}(\\\"|~|`)?[0-9a-f-]{36}(\\\"|~|`)?'
|
45
|
+
git secrets --add '[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk][^/]{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
|
46
|
+
git secrets --add --allowed 'https:\/\/\#\{GITHUB_TOKEN\}:\#\{GITHUB_USERNAME\}@github.*'
|
47
|
+
git secrets --add --allowed 'AKIA[a-zA-Z0-9]{16}'
|
48
|
+
git secrets --add --allowed 'AIzaSyCi9HqVYImAgkqMCG0QmBUXAIfM5lyv_QU'
|
49
|
+
sed -i -e "s/~/'/g" .git/config
|
50
|
+
- name: Run Scan
|
51
|
+
shell: bash
|
52
|
+
run: |
|
53
|
+
cd source
|
54
|
+
git secrets --scan
|
55
|
+
echo 'Secrets found in this repo? You can install git-secrets locally to catch these issues pre-commit : https://github.com/awslabs/git-secrets'
|
data/README.md
CHANGED
@@ -235,6 +235,70 @@ apps = client.get_user_apps(user.id)
|
|
235
235
|
# Get User Roles
|
236
236
|
role_ids = client.get_user_roles(user.id)
|
237
237
|
|
238
|
+
# Generate MFA Token
|
239
|
+
mfa_token = client.generate_mfa_token(user.id)
|
240
|
+
|
241
|
+
# Get all Connectors in a OneLogin account filtering by name*/
|
242
|
+
apps = client.get_connectors({name:'SAML'})
|
243
|
+
|
244
|
+
# Get all Apps in a OneLogin account using API v1 */
|
245
|
+
apps_v1 = client.get_apps_v1
|
246
|
+
|
247
|
+
# Get all Apps in a OneLogin account filtering by auth_method*/
|
248
|
+
apps = client.get_apps({auth_method:6})
|
249
|
+
|
250
|
+
# Create app
|
251
|
+
app_data = {
|
252
|
+
name: "Created SAML App by API",
|
253
|
+
description:"Created SAML App by API description",
|
254
|
+
notes: "Created SAML App by API notes",
|
255
|
+
auth_method: 2,
|
256
|
+
policy_id: 167865,
|
257
|
+
allow_assumed_signin: false,
|
258
|
+
parameters: {
|
259
|
+
saml_username: {
|
260
|
+
user_attribute_mappings: "email",
|
261
|
+
label: "NameID (fka Email)",
|
262
|
+
}
|
263
|
+
},
|
264
|
+
connector_id: 110016,
|
265
|
+
visible: true,
|
266
|
+
configuration: {
|
267
|
+
saml_initiater_id: "0",
|
268
|
+
encrypt_assertion: "0",
|
269
|
+
recipient: "http://sp.example.com/acs",
|
270
|
+
saml_notbefore: "3",
|
271
|
+
saml_nameid_format_id: "0",
|
272
|
+
saml_issuer_type: "0",
|
273
|
+
saml_sign_element: "0",
|
274
|
+
consumer_url: "http://sp.example.com/acs",
|
275
|
+
validator: ".*",
|
276
|
+
relaystate: "",
|
277
|
+
logout_url: "http://sp.example.com/sls",
|
278
|
+
saml_encryption_method_id: "0",
|
279
|
+
login: "http://sp.example.com/login",
|
280
|
+
saml_sessionnotonorafter: "1440",
|
281
|
+
generate_attribute_value_tags: "0",
|
282
|
+
saml_notonorafter: "3",
|
283
|
+
audience: "http://sp.example.com/audience",
|
284
|
+
signature_algorithm: "SHA-256"
|
285
|
+
}
|
286
|
+
}
|
287
|
+
app = client.create_app(app_data)
|
288
|
+
|
289
|
+
# Update app
|
290
|
+
app_data[:name] = "Created SAML App by API updated"
|
291
|
+
client.update_app(app.id, app_data)
|
292
|
+
|
293
|
+
# Get app
|
294
|
+
app = client.get_app(app.id)
|
295
|
+
|
296
|
+
# Delete app
|
297
|
+
result = client.delete_app(app.id)
|
298
|
+
|
299
|
+
# Delete parameter from app
|
300
|
+
result = client.delete_parameter_from_app(app.id, parameter_id)
|
301
|
+
|
238
302
|
# Create user
|
239
303
|
new_user_params = {
|
240
304
|
email: "testcreate_1@example.com",
|
data/examples/Gemfile.lock
CHANGED
@@ -1,13 +1,17 @@
|
|
1
1
|
GEM
|
2
2
|
remote: https://rubygems.org/
|
3
3
|
specs:
|
4
|
-
httparty (0.
|
4
|
+
httparty (0.18.0)
|
5
|
+
mime-types (~> 3.0)
|
5
6
|
multi_xml (>= 0.5.2)
|
6
|
-
|
7
|
+
mime-types (3.3.1)
|
8
|
+
mime-types-data (~> 3.2015)
|
9
|
+
mime-types-data (3.2020.0425)
|
10
|
+
mini_portile2 (2.4.0)
|
7
11
|
multi_xml (0.6.0)
|
8
|
-
nokogiri (1.
|
9
|
-
mini_portile2 (~> 2.
|
10
|
-
onelogin (1.
|
12
|
+
nokogiri (1.10.9)
|
13
|
+
mini_portile2 (~> 2.4.0)
|
14
|
+
onelogin (1.6.0)
|
11
15
|
httparty (>= 0.13.7)
|
12
16
|
nokogiri (>= 1.6.3.1)
|
13
17
|
|
@@ -18,4 +22,4 @@ DEPENDENCIES
|
|
18
22
|
onelogin
|
19
23
|
|
20
24
|
BUNDLED WITH
|
21
|
-
1.
|
25
|
+
2.1.4
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require 'onelogin'
|
2
|
+
|
3
|
+
client = OneLogin::Api::Client.new(
|
4
|
+
client_id: '9a19e9b07257c30ed3eddc0f9cf8d4127b4387646940acc8432c0dbcbd5f0c0d',
|
5
|
+
client_secret: 'd5cfcbe70b626f1d131f632c398b5b0d60dbc149b9ad9a55ac33715c7239acf7',
|
6
|
+
region: 'us',
|
7
|
+
max_results: 50000
|
8
|
+
)
|
9
|
+
|
10
|
+
client.access_token
|
11
|
+
|
12
|
+
unless client.error.nil?
|
13
|
+
puts "Error #{client.error} #{client.error_description}"
|
14
|
+
exit
|
15
|
+
end
|
16
|
+
|
17
|
+
|
18
|
+
user_attribute_names = ['id', 'username', 'email']
|
19
|
+
event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
|
20
|
+
csv_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
|
21
|
+
|
22
|
+
user_options = {}
|
23
|
+
user_options[:fields] = user_attribute_names.join(",")
|
24
|
+
|
25
|
+
|
26
|
+
now = Date.today
|
27
|
+
days_ago = (now - 1)
|
28
|
+
event_options = {}
|
29
|
+
event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
|
30
|
+
event_options[:event_type_id] = 8;
|
31
|
+
event_options[:fields] = event_attribute_names.join(",")
|
32
|
+
event_options[:sort] = "-created_at"
|
33
|
+
|
34
|
+
now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
|
35
|
+
login_app_event_csv_name = now_str + '_login_app_events.csv'
|
36
|
+
login_event_csv_name = now_str + '_login_events.csv'
|
37
|
+
radius_event_csv_name = now_str + '_radius_events.csv'
|
38
|
+
|
39
|
+
users = {}
|
40
|
+
counter = 0
|
41
|
+
|
42
|
+
rate_limits = client.get_rate_limits
|
43
|
+
remaining_before = rate_limits.remaining
|
44
|
+
puts "Remaining RateLimit: #{remaining_before}"
|
45
|
+
|
46
|
+
puts "Extracting users from OneLogin"
|
47
|
+
|
48
|
+
client.get_users(user_options).each do |user|
|
49
|
+
users[user.id] = user
|
50
|
+
counter +=1
|
51
|
+
end
|
52
|
+
puts "#{counter} users extracted"
|
53
|
+
|
54
|
+
csv_login_app_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
|
55
|
+
csv_login_event_header = ['Timestamp', 'Description', 'Username', 'IP Address', 'User Id', 'Email']
|
56
|
+
|
57
|
+
puts "Extracting login app events from OneLogin"
|
58
|
+
counter = 0
|
59
|
+
CSV.open(login_app_event_csv_name, 'wb') do |csv|
|
60
|
+
# header row
|
61
|
+
csv << csv_login_app_event_header
|
62
|
+
|
63
|
+
# fetch the events
|
64
|
+
client.get_events(event_options).each do |event|
|
65
|
+
username = email = ""
|
66
|
+
description = "#{event.user_name} signed into #{event.app_name}"
|
67
|
+
unless users.nil?
|
68
|
+
if users.has_key?(event.user_id)
|
69
|
+
username = users[event.user_id].username
|
70
|
+
email = users[event.user_id].email
|
71
|
+
end
|
72
|
+
end
|
73
|
+
csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
|
74
|
+
counter +=1
|
75
|
+
end
|
76
|
+
end
|
77
|
+
puts "Exported #{counter} login app events to #{login_app_event_csv_name}"
|
78
|
+
|
79
|
+
rate_limits = client.get_rate_limits
|
80
|
+
remaining_after = rate_limits.remaining
|
81
|
+
puts "Remaining RateLimit: #{remaining_after}"
|
82
|
+
|
83
|
+
|
84
|
+
event_options[:event_type_id] = 5;
|
85
|
+
puts "Extracting login events from OneLogin"
|
86
|
+
counter = 0
|
87
|
+
CSV.open(login_event_csv_name, 'wb') do |csv|
|
88
|
+
# header row
|
89
|
+
csv << csv_login_event_header
|
90
|
+
|
91
|
+
# fetch the events
|
92
|
+
client.get_events(event_options).each do |event|
|
93
|
+
username = email = ""
|
94
|
+
description = "#{event.user_name} logged into OneLogin"
|
95
|
+
unless users.nil?
|
96
|
+
if users.has_key?(event.user_id)
|
97
|
+
username = users[event.user_id].username
|
98
|
+
email = users[event.user_id].email
|
99
|
+
end
|
100
|
+
end
|
101
|
+
csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
|
102
|
+
counter +=1
|
103
|
+
end
|
104
|
+
end
|
105
|
+
puts "Exported #{counter} login events to #{login_event_csv_name}"
|
106
|
+
|
107
|
+
rate_limits = client.get_rate_limits
|
108
|
+
remaining_after = rate_limits.remaining
|
109
|
+
puts "Remaining RateLimit: #{remaining_after}"
|
110
|
+
|
111
|
+
|
112
|
+
event_options[:event_type_id] = 68;
|
113
|
+
puts "Extracting login radius events from OneLogin"
|
114
|
+
counter = 0
|
115
|
+
CSV.open(radius_event_csv_name, 'wb') do |csv|
|
116
|
+
# header row
|
117
|
+
csv << csv_login_event_header
|
118
|
+
|
119
|
+
# fetch the events
|
120
|
+
client.get_events(event_options).each do |event|
|
121
|
+
username = email = ""
|
122
|
+
description = "#{event.user_name} logged via Radius"
|
123
|
+
unless users.nil?
|
124
|
+
if users.has_key?(event.user_id)
|
125
|
+
username = users[event.user_id].username
|
126
|
+
email = users[event.user_id].email
|
127
|
+
end
|
128
|
+
end
|
129
|
+
csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
|
130
|
+
counter +=1
|
131
|
+
end
|
132
|
+
end
|
133
|
+
puts "Exported #{counter} radius events to #{radius_event_csv_name}"
|
134
|
+
|
135
|
+
rate_limits = client.get_rate_limits
|
136
|
+
remaining_after = rate_limits.remaining
|
137
|
+
puts "Remaining RateLimit: #{remaining_after}"
|
138
|
+
|
139
|
+
|
140
|
+
consumed = remaining_before - remaining_after
|
141
|
+
puts "The script consumed #{consumed} calls"
|
data/examples/events-to-csv.rb
CHANGED
@@ -24,7 +24,7 @@ OptionParser.new do |opts|
|
|
24
24
|
options[:since] = s.iso8601
|
25
25
|
end
|
26
26
|
|
27
|
-
opts.on("-
|
27
|
+
opts.on("-dLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
|
28
28
|
now = Date.today
|
29
29
|
days_ago = (now - d)
|
30
30
|
options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
|
@@ -64,7 +64,7 @@ attribute_names = ['id', 'created_at', 'account_id', 'user_id', 'user_name', 'ev
|
|
64
64
|
'role_id', 'role_name', 'app_id', 'app_name', 'group_id', 'group_name', 'otp_device_id',
|
65
65
|
'otp_device_name', 'policy_id', 'policy_name', 'actor_system', 'custom_message',
|
66
66
|
'operation_name', 'directory_sync_run_id', 'directory_id', 'resolution', 'client_id',
|
67
|
-
'resource_type_id', 'error_description']
|
67
|
+
'resource_type_id', 'error_description', 'risk_score', 'risk_reasons', 'risk_cookie_id', 'browser_fingerprint']
|
68
68
|
|
69
69
|
counter = 0
|
70
70
|
limit = options[:limit] || 1000
|
@@ -82,7 +82,7 @@ CSV.open('events.csv', 'wb') do |csv|
|
|
82
82
|
|
83
83
|
# fetch the events
|
84
84
|
client.get_events(options).take(limit).each do |event|
|
85
|
-
csv << attribute_names.map { |attribute_name| event.send(attribute_name) }
|
85
|
+
csv << attribute_names.map { |attribute_name| event.send(attribute_name) if event.respond_to?(attribute_name) }
|
86
86
|
counter += 1
|
87
87
|
end
|
88
88
|
end
|
@@ -0,0 +1,88 @@
|
|
1
|
+
require 'onelogin'
|
2
|
+
|
3
|
+
#
|
4
|
+
# This example shows how you can export user details from OneLogin using the Ruby SDK
|
5
|
+
#
|
6
|
+
# Usage:
|
7
|
+
# 1. Set your own CLIENT_ID and CLIENT_SECRET below
|
8
|
+
# 2. From terminal run "ruby all-users-to-csv.rb" to extract all users including
|
9
|
+
# any custom attributes that might have been defined for the each user
|
10
|
+
#
|
11
|
+
|
12
|
+
#client = OneLogin::Api::Client.new(
|
13
|
+
# client_id: 'ONELOGIN_CLIENT_ID',
|
14
|
+
# client_secret:'ONELOGIN_CLIENT_SECRET',
|
15
|
+
# region: 'us',
|
16
|
+
# max_results: 50000
|
17
|
+
#)
|
18
|
+
client = OneLogin::Api::Client.new(
|
19
|
+
client_id: 'ONELOGIN_CLIENT_ID_GOES_HERE',
|
20
|
+
client_secret: 'ONELOGIN_CLIENT_SECRET_GOES_HERE',
|
21
|
+
region: 'us',
|
22
|
+
max_results: 50000
|
23
|
+
)
|
24
|
+
|
25
|
+
|
26
|
+
user_attribute_names = ['id', 'username', 'email']
|
27
|
+
event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
|
28
|
+
csv_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
|
29
|
+
|
30
|
+
user_options = {}
|
31
|
+
user_options[:fields] = user_attribute_names.join(",")
|
32
|
+
|
33
|
+
|
34
|
+
now = Date.today
|
35
|
+
days_ago = (now - 1)
|
36
|
+
event_options = {}
|
37
|
+
event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
|
38
|
+
event_options[:event_type_id] = 8;
|
39
|
+
event_options[:fields] = event_attribute_names.join(",")
|
40
|
+
event_options[:sort] = "-created_at"
|
41
|
+
|
42
|
+
now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
|
43
|
+
event_csv_name = now_str + '_events.csv'
|
44
|
+
|
45
|
+
users = {}
|
46
|
+
counter = 0
|
47
|
+
|
48
|
+
rate_limits = client.get_rate_limits
|
49
|
+
remaining_before = rate_limits.remaining
|
50
|
+
puts "Remaining RateLimit: #{remaining_before}"
|
51
|
+
|
52
|
+
puts "Extracting users from OneLogin"
|
53
|
+
|
54
|
+
client.get_users(user_options).each do |user|
|
55
|
+
users[user.id] = user
|
56
|
+
counter +=1
|
57
|
+
end
|
58
|
+
puts "#{counter} users extracted"
|
59
|
+
|
60
|
+
puts "Extracting events from OneLogin"
|
61
|
+
csv_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
|
62
|
+
counter = 0
|
63
|
+
CSV.open(event_csv_name, 'wb') do |csv|
|
64
|
+
# header row
|
65
|
+
csv << csv_event_header
|
66
|
+
|
67
|
+
# fetch the events
|
68
|
+
client.get_events(event_options).each do |event|
|
69
|
+
username = email = ""
|
70
|
+
description = "#{event.user_name} signed into #{event.app_name}"
|
71
|
+
unless users.nil?
|
72
|
+
if users.has_key?(event.user_id)
|
73
|
+
username = users[event.user_id].username
|
74
|
+
email = users[event.user_id].email
|
75
|
+
end
|
76
|
+
end
|
77
|
+
csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
|
78
|
+
counter +=1
|
79
|
+
end
|
80
|
+
end
|
81
|
+
puts "Exported #{counter} events to events.csv"
|
82
|
+
|
83
|
+
rate_limits = client.get_rate_limits
|
84
|
+
remaining_after = rate_limits.remaining
|
85
|
+
puts "Remaining RateLimit: #{remaining_after}"
|
86
|
+
|
87
|
+
consumed = remaining_before - remaining_after
|
88
|
+
puts "The script consumed #{consumed} calls"
|
@@ -11,7 +11,7 @@ gem 'rails', '~> 5.1.4'
|
|
11
11
|
# Use sqlite3 as the database for Active Record
|
12
12
|
gem 'sqlite3'
|
13
13
|
# Use Puma as the app server
|
14
|
-
gem 'puma', '~> 3.
|
14
|
+
gem 'puma', '~> 3.12'
|
15
15
|
# Use SCSS for stylesheets
|
16
16
|
gem 'sass-rails', '~> 5.0'
|
17
17
|
# Use Uglifier as compressor for JavaScript assets
|
@@ -33,7 +33,7 @@ gem 'jbuilder', '~> 2.5'
|
|
33
33
|
# Use Capistrano for deployment
|
34
34
|
# gem 'capistrano-rails', group: :development
|
35
35
|
|
36
|
-
gem 'onelogin', '~> 1.0
|
36
|
+
gem 'onelogin', '~> 1.6.0'
|
37
37
|
gem 'jquery-rails'
|
38
38
|
|
39
39
|
group :development, :test do
|
@@ -60,14 +60,15 @@ GEM
|
|
60
60
|
coffee-script-source
|
61
61
|
execjs
|
62
62
|
coffee-script-source (1.12.2)
|
63
|
-
concurrent-ruby (1.
|
64
|
-
crass (1.0.
|
63
|
+
concurrent-ruby (1.1.5)
|
64
|
+
crass (1.0.5)
|
65
65
|
erubi (1.7.1)
|
66
66
|
execjs (2.7.0)
|
67
|
-
ffi (1.
|
67
|
+
ffi (1.11.1)
|
68
68
|
globalid (0.4.1)
|
69
69
|
activesupport (>= 4.2.0)
|
70
|
-
httparty (0.
|
70
|
+
httparty (0.18.1)
|
71
|
+
mime-types (~> 3.0)
|
71
72
|
multi_xml (>= 0.5.2)
|
72
73
|
i18n (0.9.5)
|
73
74
|
concurrent-ruby (~> 1.0)
|
@@ -82,26 +83,29 @@ GEM
|
|
82
83
|
rb-fsevent (~> 0.9, >= 0.9.4)
|
83
84
|
rb-inotify (~> 0.9, >= 0.9.7)
|
84
85
|
ruby_dep (~> 1.2)
|
85
|
-
loofah (2.
|
86
|
+
loofah (2.3.1)
|
86
87
|
crass (~> 1.0.2)
|
87
88
|
nokogiri (>= 1.5.9)
|
88
89
|
mail (2.7.0)
|
89
90
|
mini_mime (>= 0.1.1)
|
90
91
|
method_source (0.9.0)
|
92
|
+
mime-types (3.3.1)
|
93
|
+
mime-types-data (~> 3.2015)
|
94
|
+
mime-types-data (3.2020.1104)
|
91
95
|
mini_mime (1.0.0)
|
92
|
-
mini_portile2 (2.
|
96
|
+
mini_portile2 (2.4.0)
|
93
97
|
minitest (5.11.3)
|
94
98
|
multi_json (1.13.1)
|
95
99
|
multi_xml (0.6.0)
|
96
100
|
nio4r (2.3.0)
|
97
|
-
nokogiri (1.
|
98
|
-
mini_portile2 (~> 2.
|
99
|
-
onelogin (1.0
|
101
|
+
nokogiri (1.10.4)
|
102
|
+
mini_portile2 (~> 2.4.0)
|
103
|
+
onelogin (1.6.0)
|
100
104
|
httparty (>= 0.13.7)
|
101
105
|
nokogiri (>= 1.6.3.1)
|
102
106
|
public_suffix (3.0.2)
|
103
|
-
puma (3.
|
104
|
-
rack (2.0.
|
107
|
+
puma (3.12.2)
|
108
|
+
rack (2.0.8)
|
105
109
|
rack-test (0.8.3)
|
106
110
|
rack (>= 1.0, < 3)
|
107
111
|
rails (5.1.5)
|
@@ -132,7 +136,7 @@ GEM
|
|
132
136
|
rb-inotify (0.9.10)
|
133
137
|
ffi (>= 0.5.0, < 2)
|
134
138
|
ruby_dep (1.5.0)
|
135
|
-
rubyzip (1.
|
139
|
+
rubyzip (1.3.0)
|
136
140
|
sass (3.5.5)
|
137
141
|
sass-listen (~> 4.0.0)
|
138
142
|
sass-listen (4.0.0)
|
@@ -152,7 +156,7 @@ GEM
|
|
152
156
|
spring-watcher-listen (2.0.1)
|
153
157
|
listen (>= 2.7, < 4.0)
|
154
158
|
spring (>= 1.2, < 3.0)
|
155
|
-
sprockets (3.7.
|
159
|
+
sprockets (3.7.2)
|
156
160
|
concurrent-ruby (~> 1.0)
|
157
161
|
rack (> 1, < 3)
|
158
162
|
sprockets-rails (3.2.1)
|
@@ -191,8 +195,8 @@ DEPENDENCIES
|
|
191
195
|
jbuilder (~> 2.5)
|
192
196
|
jquery-rails
|
193
197
|
listen (>= 3.0.5, < 3.2)
|
194
|
-
onelogin (~> 1.0
|
195
|
-
puma (~> 3.
|
198
|
+
onelogin (~> 1.5.0)
|
199
|
+
puma (~> 3.12)
|
196
200
|
rails (~> 5.1.4)
|
197
201
|
sass-rails (~> 5.0)
|
198
202
|
selenium-webdriver
|
@@ -205,4 +209,4 @@ DEPENDENCIES
|
|
205
209
|
web-console (>= 3.3.0)
|
206
210
|
|
207
211
|
BUNDLED WITH
|
208
|
-
1.
|
212
|
+
1.17.3
|
@@ -7,8 +7,6 @@ over the look & feel.
|
|
7
7
|
|
8
8
|
The downside to this approach is that you have to implement MFA and password resets etc yourself. However we do have the APIs for these actions available and have demonstrated how to use them in this app.
|
9
9
|
|
10
|
-
![Custom Login](https://s3.amazonaws.com/onelogin-screenshots/dev_site/images/custom-login-os.gif)
|
11
|
-
|
12
10
|
If you want a standards based, out of the box way to authenticate users then we recommend you use [our OpenId Connect implementation](https://github.com/onelogin/onelogin-oidc-ruby).
|
13
11
|
|
14
12
|
## Get Started
|
@@ -17,6 +15,9 @@ The sample tries to keep everything as simple as possible so only
|
|
17
15
|
implements
|
18
16
|
* Login - Authenticate users in a single request to OneLogin with out any redirects
|
19
17
|
* MFA - Does MFA verification if required
|
18
|
+
* Password Reset with user verification via MFA
|
19
|
+
* Self sign Up / Create a new user
|
20
|
+
* Onboard / Activate a user
|
20
21
|
* User Apps - List apps available to a user and provides SSO links
|
21
22
|
* User Roles - Lists a users roles
|
22
23
|
* Logout - destroying the local session and revoking the token at OneLogin
|
@@ -36,6 +37,14 @@ cd onelogin-ruby-sdk/examples/rails-custom-login-page && bundle install
|
|
36
37
|
|
37
38
|
3. Rename `config/secrets.yml.sample` to `config/secrets.yml` and update with your OneLogin API credentials, region and subdomain.
|
38
39
|
|
40
|
+
If you are using a custom domain instance, set it
|
41
|
+
in order to be used for the login demo.
|
42
|
+
|
43
|
+
If you want to set the cookie via post-form set
|
44
|
+
COOKIE_VIA_POST_FORM to true, otherwise the cookie
|
45
|
+
will be set via javascript via the makeCors method
|
46
|
+
described later.
|
47
|
+
|
39
48
|
```yaml
|
40
49
|
development:
|
41
50
|
secret_key_base: xxx
|
@@ -43,6 +52,8 @@ development:
|
|
43
52
|
ONELOGIN_CLIENT_SECRET: xxx
|
44
53
|
ONELOGIN_REGION: us
|
45
54
|
ONELOGIN_SUBDOMAIN: xxx
|
55
|
+
CUSTOM_DOMAIN: xxx
|
56
|
+
COOKIE_VIA_POST_FORM: true
|
46
57
|
```
|
47
58
|
4. Run the sample and browse to `http://localhost:3000`
|
48
59
|
```sh
|
@@ -95,6 +106,7 @@ function makeCors(session_token) {
|
|
95
106
|
xhr.withCredentials = true;
|
96
107
|
method = "POST";
|
97
108
|
var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
|
109
|
+
// var url = "https://" + CUSTOM_DOMAIN + "/session_via_api_token";
|
98
110
|
xhr.open(method, url, true);
|
99
111
|
xhr.setRequestHeader("Content-Type", "application/json");
|
100
112
|
body = {"session_token": session_token};
|
@@ -102,3 +114,24 @@ function makeCors(session_token) {
|
|
102
114
|
};
|
103
115
|
```
|
104
116
|
|
117
|
+
### Make form-based request to establish SSO session
|
118
|
+
```html
|
119
|
+
<!doctype html>
|
120
|
+
<html>
|
121
|
+
<head>
|
122
|
+
<meta charset="utf-8">
|
123
|
+
</head>
|
124
|
+
<body>
|
125
|
+
<p>Auth API Test</p>
|
126
|
+
<form action=
|
127
|
+
"https://{onelogin_instance}/session_via_api_token" method="POST">
|
128
|
+
<input type="hidden" name="session_token" value="{your session token value}">
|
129
|
+
<input type="submit" placeholder="GO">
|
130
|
+
<input id="auth_token" type="hidden">
|
131
|
+
</form>
|
132
|
+
</body>
|
133
|
+
</html>
|
134
|
+
|
135
|
+
where onelogin_instance is a custom domain or
|
136
|
+
{subdomain}.onelogin.com
|
137
|
+
```
|
@@ -12,64 +12,4 @@
|
|
12
12
|
*
|
13
13
|
*= require_tree .
|
14
14
|
*= require_self
|
15
|
-
*/
|
16
|
-
|
17
|
-
body {
|
18
|
-
padding: 20px;
|
19
|
-
font-family: Arial, Helvetica, sans-serif
|
20
|
-
}
|
21
|
-
|
22
|
-
.alert, .error {
|
23
|
-
color: red;
|
24
|
-
text-align: center;
|
25
|
-
}
|
26
|
-
|
27
|
-
.row {
|
28
|
-
padding: 5px 0px;
|
29
|
-
}
|
30
|
-
|
31
|
-
.row span {
|
32
|
-
display: inline-block;
|
33
|
-
font-weight: bold;
|
34
|
-
}
|
35
|
-
|
36
|
-
.form {
|
37
|
-
width: 300px;
|
38
|
-
margin: 0 auto;
|
39
|
-
text-align: center;
|
40
|
-
padding: 50px;
|
41
|
-
background: green; /* For browsers that do not support gradients */
|
42
|
-
background: -webkit-linear-gradient(left, orange , yellow, green, cyan, blue, violet); /* For Safari 5.1 to 6.0 */
|
43
|
-
background: -o-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Opera 11.1 to 12.0 */
|
44
|
-
background: -moz-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Firefox 3.6 to 15 */
|
45
|
-
background: linear-gradient(to right, orange , yellow, green, cyan, blue, violet); /* Standard syntax (must be last) */
|
46
|
-
}
|
47
|
-
|
48
|
-
.form input {
|
49
|
-
width: 90%;
|
50
|
-
padding: 5px;
|
51
|
-
margin: 5px;
|
52
|
-
}
|
53
|
-
|
54
|
-
.form h1 {
|
55
|
-
color: #fff;
|
56
|
-
}
|
57
|
-
|
58
|
-
.login-footer {
|
59
|
-
width: 300px;
|
60
|
-
margin: 50px auto;
|
61
|
-
text-align: center;
|
62
|
-
}
|
63
|
-
|
64
|
-
form.edit div {
|
65
|
-
padding: 10px;
|
66
|
-
}
|
67
|
-
|
68
|
-
table.list {
|
69
|
-
width: 100%;
|
70
|
-
}
|
71
|
-
|
72
|
-
table.list tr td {
|
73
|
-
padding: 5px;
|
74
|
-
border-bottom: 1px #ccc solid;
|
75
|
-
}
|
15
|
+
*/
|