passwordstate 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e3e65ba47af619efcf537b2636eb297ac1cbe7a1c423c323e44a0126f27a5e2e
-  data.tar.gz: 5829c7ee7bf3af1d9098246e16f53f06f29d2002683cf8aed15b87a900e50bec
+  metadata.gz: 1fb957850976d1356b56000ef102e03638ff25ded2fc7d978ec9cd4399a51b4d
+  data.tar.gz: 2dc78e6bd303d713bc5e61e2fdfc608f1d65e826edbe04e7bb17698fdc6e88af
 SHA512:
-  metadata.gz: 96b62d8b3701e7779c035f7bdb05cf4b6ab5540fa74749742169bde51e093ccbe2d255c50309965c3f056bd5081fb24e438dd3f04e096a55cee12e3301b755a1
-  data.tar.gz: 5ed0bc2e7d0c7f922cb1ceee760d3a090381afda9a952d9fb98919eaedc1eee7cb1fecd5d18d3e65f28f6be5564a3eda13f35a8cd0e6a5f25ef8e10b26671b24
+  metadata.gz: 73027a2b795d5611b76c5733bc5ec1cbcde1de34cc956e48f3bc52c22f473df5d9ce0dcc54540688ef7481669d61db185711b64ada6f1d04528ff459dbd6c9bb
+  data.tar.gz: 6a9bfb4fd0d9f9579876334c219f0403fdb35a3dbf871bb0a884c9de07f86f7f95cdde9cd1434cdba86b0adbabe8c4613e8a30beab0d49db6ca404d741713f1f

data/.gitlab-ci.yml

@@ -7,7 +7,7 @@ cache:
     - vendor/ruby
 
 before_script:
-  - gem install bundler  --no-ri --no-rdoc
+  - gem install bundler -N
   - bundle install -j $(nproc) --path vendor
 
 rubocop:

data/CHANGELOG.md

@@ -1,7 +1,16 @@
+## v0.0.3 2019-10-23
+
+- Added method to check if resource types are available
+- Added `_bare: true` flag on resource getter to create a bare object for
+  method calls
+- Fixed handling of host objects
+- Further improved exception handling
+
 ## v0.0.2 2018-08-14
 
-- Add title and full_path fields to the appropriate resources - almost every resource should now have an obvious human-readable name
-- Fix password searching in password lists
+- Added title and full_path fields to the appropriate resources - almost every
+  resource should now have an obvious human-readable name
+- Fixed password searching in password lists
 - Improved exception handling
 
 ## v0.0.1 2018-07-31

data/lib/passwordstate/client.rb

@@ -4,11 +4,12 @@ module Passwordstate
   class Client
     USER_AGENT = "RubyPasswordstate/#{Passwordstate::VERSION}".freeze
     DEFAULT_HEADERS = {
-      'accept'       => 'application/json',
-      'user-agent'   => USER_AGENT
+      'accept' => 'application/json',
+      'user-agent' => USER_AGENT
     }.freeze
 
     attr_accessor :server_url, :auth_data, :headers, :validate_certificate
+    attr_reader :timeout
     attr_writer :api_type
 
     def initialize(url, options = {})
@@ -17,6 +18,7 @@ module Passwordstate
       @headers = DEFAULT_HEADERS
       @auth_data = options.select { |k, _v| %i[apikey username password].include? k }
       @api_type = options.fetch(:api_type) if options.key? :api_type
+      @timeout = options.fetch(:timeout, 15)
     end
 
     def logger
@@ -27,6 +29,11 @@ module Passwordstate
       @api_type || (auth_data.key?(:apikey) ? :api : :winapi)
     end
 
+    def timeout=(sec)
+      @timeout = sec
+      @http.read_timeout = sec if @http
+    end
+
     def folders
       ResourceList.new self, Passwordstate::Resources::Folder,
                        only: %i[all search post]
@@ -34,7 +41,7 @@ module Passwordstate
 
     def hosts
       ResourceList.new self, Passwordstate::Resources::Host,
-                       only: %i[search post delete]
+                       except: %i[search put]
     end
 
     def passwords
@@ -62,10 +69,18 @@ module Passwordstate
       end
     end
 
+    def version?(compare)
+      Gem::Dependency.new(to_s, compare).match?(to_s, version)
+    end
+
+    def require_version(compare)
+      raise "Your version of Passwordstate (#{version}) doesn't support the requested feature" unless version? compare
+    end
+
     def request(method, api_path, options = {})
       uri = URI(server_url + "/#{api_type}/" + api_path)
       uri.query = URI.encode_www_form(options.fetch(:query)) if options.key? :query
-      uri.query = nil if uri.query&.empty?
+      uri.query = nil unless uri.query&.any?
 
       req_obj = Net::HTTP.const_get(method.to_s.capitalize.to_sym).new uri
       if options.key? :body
@@ -77,6 +92,7 @@ module Passwordstate
       req_obj.ntlm_auth(auth_data[:username], auth_data[:password]) if api_type == :winapi
       headers.each { |h, v| req_obj[h] = v }
       req_obj['APIKey'] = auth_data[:apikey] if api_type == :api
+      req_obj['Reason'] = options.fetch(:reason) if options.key?(:reason) && version?('>= 8.4.8449')
 
       print_http req_obj
       res_obj = http.request req_obj
@@ -87,12 +103,14 @@ module Passwordstate
       data = JSON.parse(res_obj.body) rescue nil
       if data
         return data if res_obj.is_a? Net::HTTPSuccess
+
         data = data&.first
 
         raise Passwordstate::HTTPError.new_by_code(res_obj.code, req_obj, res_obj, data&.fetch('errors', []) || [])
       else
-        return res_obj.body if options.fetch(:allow_html, false)
-        raise Passwordstate::PasswordstateError, 'Response was not parseable as JSON'
+        return res_obj.body if res_obj.is_a?(Net::HTTPSuccess) && options.fetch(:allow_html, true)
+
+        raise Passwordstate::HTTPError.new_by_code(res_obj.code, req_obj, res_obj, [{ 'message' => res_obj.body }])
       end
     end
 
@@ -106,6 +124,7 @@ module Passwordstate
       @http ||= Net::HTTP.new server_url.host, server_url.port
       return @http if @http.active?
 
+      @http.read_timeout = @timeout if @timeout
       @http.use_ssl = server_url.scheme == 'https'
       @http.verify_mode = validate_certificate ? ::OpenSSL::SSL::VERIFY_NONE : nil
       @http.start
@@ -127,6 +146,7 @@ module Passwordstate
       logger.debug dir
 
       return if http.body.nil?
+
       clean_body = JSON.parse(http.body) rescue nil
       if clean_body
         clean_body = clean_body.each { |k, v| v.replace('[ REDACTED ]') if k.is_a?(String) && %w[password apikey].include?(k.downcase) }.to_json if http.body

data/lib/passwordstate/errors.rb

@@ -10,20 +10,24 @@ module Passwordstate
       @response = response
       @errors = errors
 
-      super <<-ERRMSG
-Passwordstate responded with an error to the request;
-#{errors.map { |err| err['message'] || err['phrase'] }.join(', ')}
-ERRMSG
+      super "Passwordstate responded with an error to the request:\n#{errors.map { |err| err['message'] || err['phrase'] }.join('; ')}"
     end
 
     def self.new_by_code(code, req, res, errors = [])
       code_i = code.to_i
 
       errtype = nil
+      errtype ||= UnauthorizedError if code_i == 401
+      errtype ||= ForbiddenError if code_i == 403
       errtype ||= NotFoundError if code_i == 404
       errtype ||= ClientError if code_i >= 400 && code_i < 500
       errtype ||= ServerError if code_i >= 500 && code_i < 600
 
+      if code_i == 302 && res['location'].start_with?('/error/generalerror.aspx?')
+        errtype ||= ServerError
+        errors = [{ 'phrase' => 'Response code 302, most likely meaning an authorization error' }]
+      end
+
       errtype ||= HTTPError
       errtype.new(code_i, req, res, errors)
     end
@@ -36,11 +40,16 @@ ERRMSG
     end
   end
 
+  # 401
+  class UnauthorizedError < ClientError
+  end
+
+  # 403
+  class ForbiddenError < ClientError
+  end
+
   # 404
   class NotFoundError < ClientError
-    def initialize(code, req, res, errors = [])
-      super
-    end
   end
 
   # 5xx

data/lib/passwordstate/resource.rb

@@ -30,6 +30,10 @@ module Passwordstate
       !send(self.class.index_field).nil?
     end
 
+    def self.available?(_client)
+      true
+    end
+
     def self.all(client, query = {})
       path = query.fetch(:_api_path, api_path)
       query = passwordstateify_hash query.reject { |k| k.to_s.start_with? '_' }
@@ -40,14 +44,18 @@ module Passwordstate
     end
 
     def self.get(client, object, query = {})
+      object = object.send(object.class.send(index_field)) if object.is_a? Resource
+
+      return new _client: client, index_field => object if query[:_bare]
+
       path = query.fetch(:_api_path, api_path)
       query = passwordstateify_hash query.reject { |k| k.to_s.start_with? '_' }
 
-      object = object.send(object.class.send(index_field)) if object.is_a? Resource
       resp = client.request(:get, "#{path}/#{object}", query: query).map do |data|
         new data.merge(_client: client)
       end
       return resp.first if resp.one? || resp.empty?
+
       resp
     end
 
@@ -83,17 +91,20 @@ module Passwordstate
       self.class.instance_variable_get :@api_path
     end
 
-    def attributes(ignore_redact = true)
+    def attributes(opts = {})
+      ignore_redact = opts.fetch(:ignore_redact, true)
+      nil_as_string = opts.fetch(:nil_as_string, self.class.nil_as_string)
       Hash[(self.class.send(:accessor_field_names) + self.class.send(:read_field_names) + self.class.send(:write_field_names)).map do |field|
         redact = self.class.send(:field_options)[field]&.fetch(:redact, false) && !ignore_redact
         value = instance_variable_get("@#{field}".to_sym) unless redact
         value = '[ REDACTED ]' if redact
+        value = '' if value.nil? && nil_as_string
         [field, value]
       end].reject { |_k, v| v.nil? }
     end
 
     def inspect
-      "#{to_s[0..-2]} #{attributes(false).reject { |_k, v| v.nil? }.map { |k, v| "@#{k}=#{v.inspect}" }.join(', ')}>"
+      "#{to_s[0..-2]} #{attributes(nil_as_string: false, ignore_redact: false).reject { |_k, v| v.nil? }.map { |k, v| "@#{k}=#{v.inspect}" }.join(', ')}>"
     end
 
     protected
@@ -144,6 +155,11 @@ module Passwordstate
         @index_field
       end
 
+      def nil_as_string(opt = nil)
+        @nil_as_string = opt unless opt.nil?
+        @nil_as_string
+      end
+
       def passwordstate_to_ruby_field(field)
         opts = send(:field_options).find { |(_k, v)| v[:name] == field }
         opts&.first || field.to_s.snake_case.to_sym
@@ -211,12 +227,16 @@ module Passwordstate
   end
 
   module Resources
-    autoload :Document,        'passwordstate/resources/document'
-    autoload :Folder,          'passwordstate/resources/folder'
-    autoload :Host,            'passwordstate/resources/host'
-    autoload :PasswordList,    'passwordstate/resources/password_list'
-    autoload :Password,        'passwordstate/resources/password'
-    autoload :PasswordHistory, 'passwordstate/resources/password'
-    autoload :Report,          'passwordstate/resources/report'
+    autoload :Document,               'passwordstate/resources/document'
+    autoload :Folder,                 'passwordstate/resources/folder'
+    autoload :FolderPermission,       'passwordstate/resources/folder'
+    autoload :Host,                   'passwordstate/resources/host'
+    autoload :PasswordList,           'passwordstate/resources/password_list'
+    autoload :PasswordListPermission, 'passwordstate/resources/password_list'
+    autoload :Password,               'passwordstate/resources/password'
+    autoload :PasswordHistory,        'passwordstate/resources/password'
+    autoload :PasswordPermission,     'passwordstate/resources/password_list'
+    autoload :Permission,             'passwordstate/resources/permission'
+    autoload :Report,                 'passwordstate/resources/report'
   end
 end

data/lib/passwordstate/resource_list.rb

@@ -2,6 +2,7 @@ module Passwordstate
   class ResourceList < Array
     Array.public_instance_methods(false).each do |method|
       next if %i[reject select slice clear inspect].include?(method.to_sym)
+
       class_eval <<-EVAL, __FILE__, __LINE__ + 1
         def #{method}(*args)
           lazy_load unless @loaded
@@ -48,7 +49,7 @@ module Passwordstate
 
     def load(entries)
       clear && entries.tap do |loaded|
-        loaded.sort! { |obj| obj.send(obj.class.index_field) } if options.fetch(:sort, true)
+        loaded.sort! { |a, b| a.send(a.class.index_field) <=> b.send(b.class.index_field) } if options.fetch(:sort, true)
       end.each { |obj| self << obj }
       self
     end
@@ -57,6 +58,7 @@ module Passwordstate
       return nil unless %i[search all get post put delete].include?(operation)
       return false if options.key?(:only) && !options[:only].include?(operation)
       return false if options.key?(:except) && options[:except].include?(operation)
+
       !options.fetch("#{operation}_path".to_sym, '').nil?
     end
 
@@ -66,6 +68,7 @@ module Passwordstate
 
     def create(data)
       raise 'Operation not supported' unless operation_supported?(:post)
+
       obj = resource.new options.fetch(:object_data, {}).merge(data).merge(_client: client)
       obj.post
       obj
@@ -73,6 +76,7 @@ module Passwordstate
 
     def search(query = {})
       raise 'Operation not supported' unless operation_supported?(:search)
+
       api_path = options.fetch(:search_path, resource.api_path)
       query = options.fetch(:search_query, {}).merge(query)
 
@@ -81,6 +85,7 @@ module Passwordstate
 
     def all(query = {})
       raise 'Operation not supported' unless operation_supported?(:all)
+
       api_path = options.fetch(:all_path, resource.api_path)
       query = options.fetch(:all_query, {}).merge(query)
 
@@ -89,6 +94,7 @@ module Passwordstate
 
     def get(id, query = {})
       raise 'Operation not supported' unless operation_supported?(:get)
+
       api_path = options.fetch(:get_path, resource.api_path)
       query = options.fetch(:get_query, {}).merge(query)
 
@@ -97,6 +103,7 @@ module Passwordstate
 
     def post(data, query = {})
       raise 'Operation not supported' unless operation_supported?(:post)
+
       api_path = options.fetch(:post_path, resource.api_path)
       query = options.fetch(:post_query, {}).merge(query)
 
@@ -105,6 +112,7 @@ module Passwordstate
 
     def put(data, query = {})
       raise 'Operation not supported' unless operation_supported?(:put)
+
       api_path = options.fetch(:put_path, resource.api_path)
       query = options.fetch(:put_query, {}).merge(query)
 
@@ -113,6 +121,7 @@ module Passwordstate
 
     def delete(id, query = {})
       raise 'Operation not supported' unless operation_supported?(:delete)
+
       api_path = options.fetch(:delete_path, resource.api_path)
       query = options.fetch(:delete_query, {}).merge(query)
 

data/lib/passwordstate/resources/folder.rb

@@ -23,10 +23,24 @@ module Passwordstate
                                         object_data: { nest_undef_folder_id: folder_id }
       end
 
+      def permissions
+        client.require_version('>= 8.4.8449')
+        FolderPermission.new(_client: client, folder_id: folder_id)
+      end
+
       def full_path(unix = false)
         return tree_path.tr('\\', '/') if unix
+
         tree_path
       end
     end
+
+    class FolderPermission < Permission
+      api_path 'folderpermissions'
+
+      index_field :folder_id
+
+      read_fields :folder_id, { name: 'FolderID' } # rubocop:disable Style/BracesAroundHashParameters
+    end
   end
 end

data/lib/passwordstate/resources/host.rb

@@ -18,6 +18,7 @@ module Passwordstate
                       :remote_connection_parameters,
                       :tag,
                       :title,
+                      :discovery_job_id, { name: 'DiscoveryJobID' },
                       :site_id, { name: 'SiteID' },
                       :internal_ip, { name: 'InternalIP', is: IPAddr },
                       :external_ip, { name: 'ExternalIP', is: IPAddr },
@@ -26,7 +27,20 @@ module Passwordstate
                       :virtual_machine_type,
                       :notes
 
-      read_fields :host_id, { name: 'HostID' } # rubocop:disable Style/BracesAroundHashParameters
+      read_fields :host_id, { name: 'HostID' },
+                  :site_location
+
+      # TODO: API breaks if all fields aren't included
+      nil_as_string true
+
+      def self.available?(client)
+        client.request :get, api_path
+        true
+      rescue Passwordstate::NotFoundError
+        true
+      rescue Passwordstate::ForbiddenError
+        false
+      end
     end
   end
 end

data/lib/passwordstate/resources/password.rb

@@ -21,16 +21,18 @@ module Passwordstate
                       :generic_field_9, { name: 'GenericField9' },
                       :generic_field_10, { name: 'GenericField10' },
                       :account_type_id, { name: 'AccountTypeID' },
-                      :account_type,
                       :notes,
                       :url,
                       :password, { redact: true },
                       :expiry_date, { is: Time },
                       :allow_export,
                       :web_user_id, { name: 'WebUser_ID' },
-                      :web_password_id, { name: 'WebPassword_ID' } # rubocop:disable Style/BracesAroundHashParameters
+                      :web_password_id, { name: 'WebPassword_ID' },
+                      :password_list_id, { name: 'PasswordListID' } # Note: POST only  # rubocop:disable Style/BracesAroundHashParameters
 
-      read_fields :password_id, { name: 'PasswordID' } # rubocop:disable Style/BracesAroundHashParameters
+      read_fields :account_type,
+                  :password_id, { name: 'PasswordID' },
+                  :password_list
 
       # Things that can be set in a POST/PUT request
       # TODO: Do this properly
@@ -41,7 +43,6 @@ module Passwordstate
                    :password_reset_schedule,
                    :add_days_to_expiry_date,
                    :script_id, { name: 'ScriptID' },
-                   :password_list_id, { name: 'PasswordListID' }, # POST only
                    :privileged_account_id,
                    :heartbeat_enabled,
                    :heartbeat_schedule,
@@ -56,17 +57,24 @@ module Passwordstate
 
       def history
         raise 'Password history only available on stored passwords' unless stored?
+
         Passwordstate::ResourceList.new client, PasswordHistory,
                                         all_path: "passwordhistory/#{password_id}",
                                         only: :all
       end
 
+      def permissions
+        client.require_version('>= 8.4.8449')
+        PasswordPermission.new(_client: client, password_id: password_id)
+      end
+
       def delete(recycle = false, query = {})
         super query.merge(move_to_recycle_bin: recycle)
       end
 
       def add_dependency(data = {})
         raise 'Password dependency creation only available for stored passwords' unless stored?
+
         client.request :post, 'dependencies', body: self.class.passwordstatify_hash(data.merge(password_id: password_id))
       end
 
@@ -81,6 +89,7 @@ module Passwordstate
       def self.generate(client, options = {})
         results = client.request(:get, 'generatepassword', query: options).map { |r| r['Password'] }
         return results.first if results.count == 1
+
         results
       end
     end
@@ -130,5 +139,13 @@ module Passwordstate
         raise 'Not applicable'
       end
     end
+
+    class PasswordPermission < Permission
+      api_path 'passwordpermissions'
+
+      index_field :password_id
+
+      read_fields :password_id, { name: 'PasswordID' } # rubocop:disable Style/BracesAroundHashParameters
+    end
   end
 end

data/lib/passwordstate/resources/password_list.rb

@@ -52,11 +52,24 @@ module Passwordstate
                                         object_data: { password_list_id: password_list_id }
       end
 
+      def permissions
+        client.require_version('>= 8.4.8449')
+        PasswordListPermission.new(_client: client, password_list_id: password_list_id)
+      end
+
       def full_path(unix = false)
         [tree_path, password_list].compact.join('\\').tap do |full|
           full.tr!('\\', '/') if unix
         end
       end
     end
+
+    class PasswordListPermission < Permission
+      api_path 'passwordlistpermissions'
+
+      index_field :password_list_id
+
+      read_fields :password_list_id, { name: 'PasswordListID' } # rubocop:disable Style/BracesAroundHashParameters
+    end
   end
 end

data/lib/passwordstate/resources/permission.rb

@@ -0,0 +1,16 @@
+module Passwordstate
+  module Resources
+    class Permission < Passwordstate::Resource
+      accessor_fields :permission
+
+      # TODO: Only one of the apply_* can be set at a time
+      write_fields :apply_permissions_for_user_id, { name: 'ApplyPermissionsForUserID' },
+                   :apply_permissions_for_security_group_id, { name: 'ApplyPermissionsForSecurityGroupID' },
+                   :apply_permissions_for_security_group_name
+
+      def get
+        raise 'Not applicable'
+      end
+    end
+  end
+end

data/lib/passwordstate/resources/report.rb

@@ -2,15 +2,15 @@ module Passwordstate
   module Resources
     class Report < Passwordstate::Resource
       REPORT_PARAMETERS = {
-        1  => %i[user_id],
-        2  => %i[user_id site_id],
-        3  => %i[user_id duration],
-        4  => %i[user_id site_id duration],
-        5  => %i[duration],
-        6  => %i[],
-        7  => %i[user_id site_id duration],
-        8  => %i[],
-        9  => %i[],
+        1 => %i[user_id],
+        2 => %i[user_id site_id],
+        3 => %i[user_id duration],
+        4 => %i[user_id site_id duration],
+        5 => %i[duration],
+        6 => %i[],
+        7 => %i[user_id site_id duration],
+        8 => %i[],
+        9 => %i[],
         10 => %i[duration],
         11 => %i[duration],
         12 => %i[site_id],

data/lib/passwordstate/util.rb

@@ -11,7 +11,9 @@ module Net
         password: password
       }
       @ntlm_auth_information[:domain] = domain unless domain.nil?
-      @ntlm_auth_options = {}
+      @ntlm_auth_options = {
+        ntlmv2: true
+      }
       @ntlm_auth_options[:workstation] = workstation unless workstation.nil?
     end
   end
@@ -31,6 +33,7 @@ class String
 
   def find_line(&_block)
     raise ArgumentError, 'No block given' unless block_given?
+
     each_line do |line|
       return line if yield line
     end
@@ -59,7 +62,7 @@ module Passwordstate
 
       if challenge && res.code == '401'
         type2 = Net::NTLM::Message.decode64 challenge
-        type3 = type2.response(req.ntlm_auth_information, req.ntlm_auth_options)
+        type3 = type2.response(req.ntlm_auth_information, req.ntlm_auth_options.dup)
 
         req['authorization'] = 'NTLM ' + type3.encode64
         req.body_stream.rewind if req.body_stream
@@ -74,4 +77,4 @@ module Passwordstate
   end
 end
 
-Net::HTTP.send :prepend, Passwordstate::NetHTTPExtensions unless Net::HTTP.ancestors.include? Passwordstate::NetHTTPExtensions
+Net::HTTP.prepend Passwordstate::NetHTTPExtensions unless Net::HTTP.ancestors.include? Passwordstate::NetHTTPExtensions

data/lib/passwordstate/version.rb

@@ -1,3 +1,3 @@
 module Passwordstate
-  VERSION = '0.0.2'.freeze
+  VERSION = '0.0.3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passwordstate
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Alexander Olofsson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-14 00:00:00.000000000 Z
+date: 2019-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logging
@@ -119,6 +119,7 @@ files:
 - lib/passwordstate/resources/host.rb
 - lib/passwordstate/resources/password.rb
 - lib/passwordstate/resources/password_list.rb
+- lib/passwordstate/resources/permission.rb
 - lib/passwordstate/resources/report.rb
 - lib/passwordstate/util.rb
 - lib/passwordstate/version.rb
@@ -144,8 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: A ruby API client for interacting with a passwordstate server