phoseum-cli 0.0.17 → 0.0.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55fcf795cbe7c7fe868d31a947711b3f2efc17e748246d3f5373c86f5e7991a4
-  data.tar.gz: 5cf61e614209e2416120e36a1ae948aacbea0195d0da6d4782764f6acc0bbd88
+  metadata.gz: dda101298c10dfba931a42da89cf49f7621341ab94c6f6eb5b763d17abe36084
+  data.tar.gz: 3b60673f5aa9ace4862570622496360d83352d89407d9863cf4f2391ba73efb3
 SHA512:
-  metadata.gz: ff835b71a62a453a75495a205ec99650e452db565919dd980b6956d7c84fe59af001bdfbbebfcaff1c9d43bfd57607ff2baa29ffac156655e2f4c9e882fd3862
-  data.tar.gz: a6a227719b09b49ced47780bc704e7c67610eea30665d763325092e3ede1da0c692c347a7ce7c52ccff6a026bf7efff65f8b8be11b6191ebac6c0329fe9809f7
+  metadata.gz: 113d85253686c204b3eaa02643050193cdb7a65ea33e1654b7fa8da1c1e65f56b197db195c0f4cc9059f447a4781c18f5b48afce52dd5b7b36e23ff25657d6dd
+  data.tar.gz: 46efcbf1a8b7679f9c0888355ebc1963f047bc56ab079b9122f9e0050b84ab4162b6d4906066b4b213d8410b16c544475664ceed0fccb2a86bbb3948bedf8771

data/bin/phoseum-cli

@@ -237,45 +237,6 @@ def health(what='',name='')
   exit 0
 end
 
-def user_mgmt(action,user,pass='',role='')
-  post_body={}
-  if action == "add_user"
-    post_body=JSON.generate({"action" => "create-user", "user" => "#{user}", "password" => "#{pass}", "role" => "#{role}"})
-    if !$config['DEFAULT_SECRET']
-      puts "You must have a DEFAULT_SECRET setting to be able to create a user".red
-      exit 1
-    end
-  end
-  base = URI.parse("#{$config['SERVERURL']}")
-  puts "\nConnecting to: #{$config['SERVERURL']}".yellow if !$QUIET
-  request = Net::HTTP::Post.new(base)
-  request.body = post_body
-  request.basic_auth("auth", $config['DEFAULT_SECRET'])
-  response = Net::HTTP.start(base.hostname, $config['PORT'],
-                             :timeout => $config['CALL_TIMEOUT'],
-                             :use_ssl => base.scheme == "https",
-                             :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-                             :ca_file => $config['CA_TRUST']
-                             ) do |http|
-    http.request(request)
-  end
-  begin
-    list = JSON.parse(response.body)
-    if list['error']
-      puts list['error'].red
-      exit 1
-    end
-    if list['success']
-      data=list['success']
-      puts data
-    end
-  rescue
-    puts "Error on Login".red
-    puts clean_html(response.body)
-  end
-  exit 0
-end
-
 def user_login(puser='',ppass='')
 
   server_value = cross_versions()
@@ -341,7 +302,6 @@ def user_login(puser='',ppass='')
   return false
 end
 
-
 def delete(what='',path='')
   if !validate_token($config['TOKEN'])
     if token = user_login()
@@ -389,12 +349,24 @@ case options
     end
     health(what,value)
   when -> (cre) { cre[:create_user] }
-    puts "Creating User".green if !$QUIET
+    secretinfo = api_caller({"action" => "check-secret", "value" => $config['DEFAULT_SECRET']},true)
+    if secretinfo['error']
+      err_msg = JSON.parse(secretinfo)
+      puts err_msg['error'].red
+      puts "You will only be able to change your own password.".red
+      exit 1
+    end
+    if secretinfo['success']
+      puts secretinfo['success'].green
+    end
+
     if options[:create_user]
       value=check_string_sanity(options[:create_user])
+      username_sanity(value)
+      puts "Creating User #{value}".green if !$QUIET
       what='add_user'
-      if !options[:role]
-        puts "You need to select one of the valid Roles".red
+      if !options[:role] || options[:role] != "Super" && options[:role] != "User"
+        puts "You need to select one of the valid Roles (Super or User)".red
         exit 1
       else
         print "Please type the password twice for user #{value}.\n\t"
@@ -402,7 +374,17 @@ case options
         print "\t"
         confirm=STDIN.getpass('Confirm: ')
         if new_password == confirm
-          user_mgmt(what,value,new_password,options[:role])
+          password_sanity(new_password)
+          if add_user(value,confirm,options[:role])
+            puts "User #{value} added successfully".green
+            exit 0
+          else
+            puts "Failed to add User #{value}".red
+            exit 1
+          end
+        else
+          puts "Passwords won't match, aborting. #{new_password} != #{confirm}".red
+          exit 1
         end
       end
     end
@@ -444,15 +426,24 @@ case options
     if options[:user]
       what='user'
       value=options[:user]
-      if confirm_action("Are you sure you want to delete the #{what} #{value}")
-        puts "Deleting #{what} #{value}".green if !$QUIET
-        if delete_user(value)
-          puts "#{value} successfully deleted.".green
+      secretinfo = api_caller({"action" => "check-secret", "value" => $config['DEFAULT_SECRET']},true)
+      if secretinfo['error']
+        err_msg = JSON.parse(secretinfo)
+        puts err_msg['error'].red
+        puts "You cannot delete users if you don't have the Server Secret."
+        exit 1
+      end
+      if secretinfo['success']
+        if confirm_action("Are you sure you want to delete the #{what} #{value}")
+          puts "Deleting #{what} #{value}".green if !$QUIET
+          if delete_user(value)
+            puts "#{value} successfully deleted.".green
+          else
+            puts "#{value} failed to be deleted.".red
+          end
         else
-          puts "#{value} failed to be deleted.".red
+          puts "Deleting #{what} cancelled.".green
         end
-      else
-        puts "Deleting #{what} cancelled.".green
       end
     end
     if !what
@@ -461,17 +452,116 @@ case options
     end
   when -> (o) { o[:options] }
     if options[:user]
-      print "Please confirm #{options[:user]} password.\n\t"
-      current_password=STDIN.getpass('Password: ')
-      if token = user_login(options[:user],current_password)
-        print "\n Change [P]assword, [U]sername, [R]ole :[P/U/R]: "
-        confirm=STDIN.gets.chomp
-      else
-        puts "User Check Failed".red
+      user_work=check_string_sanity(options[:user])
+      tokeninfo = api_caller({"action" => "token-payload", "token" => "#{$config['TOKEN']}"})
+      if tokeninfo['error']
+        puts "Your token seems invalid, please login again (-l or -c)".red
         exit 1
       end
+      auth_user = ''
+      role_user = ''
+      if tokeninfo['success']
+        payload = tokeninfo['payload']
+        tkdata = JSON.parse(payload)
+        auth_user = tkdata[0]['data']['user'].clone
+        role_user = tkdata[0]['data']['role'].clone
+        puts "Current user is #{auth_user}".green
+      end
+
+      secretinfo = api_caller({"action" => "check-secret", "value" => $config['DEFAULT_SECRET']},true)
+      if secretinfo['error']
+        err_msg = JSON.parse(secretinfo)
+        puts err_msg['error'].red
+        puts "You will only be able to change your own password."
+        if user_work != auth_user
+          puts "Requesting other user than your own at command line is wrong, aborting. (#{user_work} is not #{auth_user})".red
+          exit 1
+        end
+      end
+      if secretinfo['success']
+        puts secretinfo['success'].green
+        if role_user == "Super"
+          puts "You will be able to change any user on the system".green
+        else
+          if user_work != auth_user
+            puts "Having a regular user will now allow to change other users's options".yellow
+            puts "Requesting other user than your own at command line is wrong, aborting. (#{user_work} is not #{auth_user})".red
+            exit 1
+          end
+        end
+      end
+
+      if user_work == auth_user
+        print "Please type new password for user #{user_work} .\n\t"
+        new_password=STDIN.getpass('Password: ')
+        print "\t"
+        check_password=STDIN.getpass('Confirm: ')
+        if new_password != check_password
+          puts "Passwords won't match, try again.".red
+          exit 1
+        end
+        if change_user_password(auth_user,check_password)
+          puts "Password changed successfully".green
+          exit 0
+        else
+          puts "Could not change user password.".red
+          exit 1
+        end
+      end
+
+      if user_work != auth_user && secretinfo['success']
+        print "\n Change [P]assword, [U]sername, [R]ole from user #{user_work} :[P/U/R]: "
+        opt_action=STDIN.gets.chomp
+        if opt_action == "P"
+          print "Please type new password for user #{user_work} .\n\t"
+          new_password=STDIN.getpass('Password: ')
+          print "\t"
+          check_password=STDIN.getpass('Confirm: ')
+          if new_password != check_password
+            puts "Passwords won't match, try again.".red
+            exit 1
+          end
+          password_sanity(new_password)
+          if change_user_password(options[:user],check_password,true)
+            puts "Password changed successfully".green
+            exit 0
+          else
+            puts "Could not change user password.".red
+            exit 1
+          end
+        end
+        if opt_action == "U"
+          print "\tPlease type new username for user #{user_work} : "
+          new_user_proto=STDIN.gets.chomp
+          new_user=check_string_sanity(new_user_proto)
+          username_sanity(new_user)
+          if change_username(user_work,new_user)
+            puts "Username changed successfully".green
+            exit 0
+          else
+            puts "Could not change username.".red
+            exit 1
+          end
+        end
+        if opt_action == "R"
+          print " Please select between roles [S]uper,[U]ser for user #{user_work} :[S/U]: "
+          new_role=STDIN.gets.chomp
+          if new_role == "S" || new_role == "U"
+            role_nominal = new_role == "S" ? "Super" : "User"
+            if change_role(user_work,role_nominal)
+              puts "Username changed successfully".green
+              exit 0
+            else
+              puts "Could not change username.".red
+              exit 1
+            end
+          else
+            puts "Unknown option: #{new_role} .".red
+            exit 1
+          end
+        end
+      end
     else
-    # if !what
       puts "Got no user to work with. Exiting.".red
       exit 1
     end
@@ -526,6 +616,7 @@ case options
     test
   else
     ARGV[0] = '--help'
+    local_version
     option_parser(ARGV)
     exit 1
 end

data/lib/phoseum/phoseum-cli-lib.rb

@@ -1,4 +1,12 @@
 
+# Provide some help and options!
+#
+# Example:
+#   >> options = option_parser(ARGV)
+#   => puts options[:option]
+#
+# Arguments:
+#   ARGV: (Array or command line parameters)
 def option_parser(opts)
   options = {}
   OptionParser.new do |opts|
@@ -60,7 +68,7 @@ def option_parser(opts)
       options[:role] = r
     end
 
-    opts.on("-o", "--options", "Update options from object. Use with: [user]") do |o|
+    opts.on("-o", "--options", "Update options from User. Use with: [user]") do |o|
       options[:options] = o
     end
 
@@ -88,6 +96,15 @@ def option_parser(opts)
   return options
 end
 
+# Give yes/no prompt!
+#
+# Example:
+#   >> confirm_action("message")
+#   => You must write 'YES' to confirm, otherwise NO is assumed
+#   => message :[YES/NO]:
+#
+# Arguments:
+#   msg: (String)
 def confirm_action(msg)
   puts "You must write 'YES' to confirm, otherwise NO is assumed".yellow
   print "#{msg} :[YES/NO]: "
@@ -138,16 +155,6 @@ def client_checks
     puts "I could not find a valid SERVERURL configuration. Contains: #{$config['SERVERURL']}".red
     exit 1
   end
-  if !$config['DEFAULT_SECRET']
-    puts "I could not find the DEFAULT_SECRET from Phoseum config, this will limit our actions.".red
-    exit 1
-  elsif $config['DEFAULT_SECRET'] == 'copy-secret-from-server'
-    puts "DEFAULT_SECRET from Phoseum config. Still on self generated value, copy a valid one from the server.".red
-    exit 1
-  elsif $config['DEFAULT_SECRET'] == ''
-    puts "I could not find the DEFAULT_SECRET from Phoseum config, Variable is empty.".red
-    exit 1
-  end
   if !$config['SERVERURL']
     puts "I could not find the SERVERURL from Phoseum config, this client is then useless.".red
     exit 1
@@ -228,45 +235,31 @@ def search_image(sign,album='')
   end
 end
 
-def validate_token(token)
+def api_caller(json_body,auth=false,cli=false)
   headers = {}
-  if $config['TOKEN']
-    headers={ "bearer" => "#{$config['TOKEN']}" }
-  else
-    return false
+  if !auth
+    if $config['TOKEN']
+      headers={ "bearer" => "#{$config['TOKEN']}" }
+    else
+      return false
+    end
   end
   base = URI.parse("#{$config['SERVERURL']}")
   request = Net::HTTP::Post.new(base,headers)
-  request.body = JSON.generate({"action" => "check-token" })
-  response = Net::HTTP.start(base.hostname, $config['PORT'],
-                             :timeout => $config['CALL_TIMEOUT'],
-                             :use_ssl => base.scheme == "https",
-                             :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-                             :ca_file => $config['CA_TRUST']
-                             ) do |http|
-    http.request(request)
-  end
-  begin
-    list = JSON.parse(response.body)
-    if list['error']
-      return false
+  request.body = JSON.generate(json_body)
+
+  if auth
+    if cli
+      request.basic_auth("cli", "loginNOauth")
+    else
+      request.basic_auth("auth", $config['DEFAULT_SECRET'])
     end
-    if list['success']
-      return true
+  else
+    if cli
+      request.basic_auth("cli", "loginNOauth")
     end
-  rescue
-    puts "\nThe server sent out an Error:".red
-    puts clean_html(response.body)
-    exit 1
   end
-end
 
-def cross_versions
-  headers = {}
-  base = URI.parse("#{$config['SERVERURL']}")
-  request = Net::HTTP::Post.new(base,headers)
-  request.basic_auth("cli", "loginNOauth")
-  request.body = JSON.generate({"action" => "version-check" })
   response = Net::HTTP.start(base.hostname, $config['PORT'],
                              :timeout => $config['CALL_TIMEOUT'],
                              :use_ssl => base.scheme == "https",
@@ -278,56 +271,103 @@ def cross_versions
   begin
     list = JSON.parse(response.body)
     return list
-    # if list['error']
-    #   return false
-    # end
-    # if list['success']
-    #   return true
-    # end
   rescue
-    puts "\nThe server sent out an Error:".red
-    puts clean_html(response.body)
-    exit 1
+    if !auth
+      puts "\nThe server sent out an Error:".red
+      puts clean_html(response.body)
+      exit 1
+    else
+      return '{"error": "Secret is invalid"}'
+    end
   end
 end
 
+def validate_token(token)
+  result = api_caller({"action" => "check-token" })
+  if result['error']
+    return false
+  end
+  if result['success']
+    return true
+  end
+end
 
-def delete_user(username)
-  headers = {}
-  if $config['TOKEN']
-    headers={ "bearer" => "#{$config['TOKEN']}" }
-  else
+def change_user_password(user,pass,auth=false)
+  result = api_caller({"action" => "change-password", "username" => user, "password" => pass},auth)
+  if result['error']
     return false
   end
-  base = URI.parse("#{$config['SERVERURL']}")
-  request = Net::HTTP::Post.new(base,headers)
-  request.body = JSON.generate({"action" => "delete-user", "username" => username })
-  response = Net::HTTP.start(base.hostname, $config['PORT'],
-                             :timeout => $config['CALL_TIMEOUT'],
-                             :use_ssl => base.scheme == "https",
-                             :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-                             :ca_file => $config['CA_TRUST']
-                             ) do |http|
-    http.request(request)
+  if result['success']
+    return true
   end
-  begin
-    list = JSON.parse(response.body)
-    if list['error']
-      return false
-    end
-    if list['success']
-      return true
-    end
-  rescue
-    puts "\nThe server sent out an Error:".red
-    puts clean_html(response.body)
+end
+
+def change_username(user,new_user)
+  result = api_caller({"action" => "change-username", "username" => user, "new-username" => new_user},true)
+  if result['error']
+    return false
+  end
+  if result['success']
+    return true
+  end
+end
+
+def add_user(user,password,role)
+  result = api_caller({"action" => "create-user", "user" => user, "password" => password, "role" => role},true)
+  if result['error']
+    return false
+  end
+  if result['success']
+    return true
+  end
+end
+
+
+def change_role(user,new_role)
+  result = api_caller({"action" => "change-role", "username" => user, "new-role" => new_role},true)
+  if result['error']
+    return false
+  end
+  if result['success']
+    return true
+  end
+end
+
+def password_sanity(password)
+  if password.length < MIN_PASS
+    puts "New password is shorter than #{MIN_PASS} chars, please use a bigger password.".red
+    exit 1
+  end
+  if !password.test_password
+    puts "Password must be at least #{MIN_PASS} and contain at least one capital, one symbol, one number, one regular characters.".red
+    exit 1
+  end
+end
+
+def username_sanity(username)
+  if username.length < MIN_USER
+    puts "New Username is shorter than #{MIN_USER} chars, please use a bigger username.".red
     exit 1
   end
 end
 
+def cross_versions
+  return api_caller({"action" => "version-check" },true,true)
+end
+
+def delete_user(username)
+  result = api_caller({"action" => "delete-user", "username" => username},true)
+  if result['error']
+    return false
+  end
+  if result['success']
+    return true
+  end
+end
+
 def local_version
   puts "This CLI library is running version: #{VERSION_SIGN}"
   return
 end
 
-VERSION_SIGN="0.0.17"
+VERSION_SIGN="0.0.22"

data/lib/phoseum/phoseum-common-lib.rb

@@ -1,17 +1,50 @@
+MIN_USER = 3
+MIN_PASS = 7
+
 class String
   def remove_non_ascii(replacement='')
-      n=self.split("")
-      self.slice!(0..self.size)
-      n.each { |b|
-       if b.ord < 48 || b.ord > 57 && b.ord < 65 || b.ord > 90 && b.ord < 97 || b.ord > 122 then
-         self.concat(replacement)
-       else
-         self.concat(b)
-       end
-      }
-      self.to_s
-    end
+    n=self.split("")
+    self.slice!(0..self.size)
+    n.each { |b|
+     if b.ord < 48 || b.ord > 57 && b.ord < 65 || b.ord > 90 && b.ord < 97 || b.ord > 122 then
+       self.concat(replacement)
+     else
+       self.concat(b)
+     end
+    }
+    self.to_s
+  end
 
+  def test_password()
+    symbol = false
+    number = false
+    capital= false
+    regular= false
+    all_valid= true
+    n=self.split("")
+    self.slice!(0..self.size)
+    n.each { |b|
+     # test symbols
+     if b.ord > 32 && b.ord < 48 || b.ord > 58 && b.ord < 65 || b.ord > 91 && b.ord < 97 || b.ord > 123 && b.ord < 126 then
+       symbol = true
+     # test capital letters
+     elsif b.ord > 65 && b.ord < 91 then
+       capital = true
+     # test numbers
+     elsif b.ord > 47 && b.ord < 58 then
+       number = true
+     # test regular alphabet
+     elsif b.ord > 96 && b.ord < 123 then
+       regular = true
+     else
+       # com character out of the acceptable ranges
+       all_valid = false
+     end
+    }
+    if symbol && capital && number && regular && all_valid
+      return true
+    end
+  end
 end
 
 def check_string_sanity(album)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: phoseum-cli
 version: !ruby/object:Gem::Version
-  version: 0.0.17
+  version: 0.0.22
 platform: ruby
 authors:
 - Julio C Hegedus
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-13 00:00:00.000000000 Z
+date: 2020-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: yaml