soteria 1.0.0

data/lib/soteria/credential.rb

@@ -0,0 +1,154 @@
+module Soteria
+
+  class Credential
+
+
+    def get_return_hash(response_hash)
+      success = response_hash[:status] == '0000'
+
+      {
+          success: success,
+          message: response_hash[:status_message],
+          id: response_hash[:request_id],
+          auth_id: response_hash[:authn_id],
+          detail: response_hash[:detail_message]
+      }
+    end
+
+
+    # Authenticate a user with a credential. A credential includes a physical token, the desktop VIP credential app or
+    # the mobile VIP credential app. Users must link their credential id to their user id for this authentication to work.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP authentication WSDL.
+    # @param [String] user_id Id of the user to authenticate. This is the user id that is stored in the Symantec db.
+    # @param [String] credential_code The code from the users credential that was entered into the website.
+    # @return [Hash] A hash with information on if the authentication was successful.
+    def authenticate_user_credential(client, user_id, credential_code)
+      result = client.call(:authenticate_user,
+                           message: {
+                               'vip:requestId': Utilities.get_request_id('authenticate_user_credential'),
+                               'vip:userId': user_id,
+                               'vip:otpAuthData':
+                                   {
+                                       'vip:otp': credential_code
+                                   }
+                           })
+
+      get_return_hash(result.body[:authenticate_user_response])
+
+    end
+
+
+    # Create the body for the authenticate credentials request.
+    #
+    # @param [Integer] otp The One Time Password to check if valid.
+    # @param [Array] credentials An array of hashes, with between 1 and 5 credentials. Each hash should contain 2 values :id - the id of the credential and :type - the type of the credential.
+    # @return [Hash] A hash representing the request body for the authenticate credentials request.
+    def get_auth_body(otp, credentials)
+
+      credential_array = []
+
+      credentials.each do |credential|
+        credential_array.push({'vip:credentialId': credential[:id], 'vip:credentialType': credential[:type]})
+      end
+
+      {
+          'vip:requestId': Utilities.get_request_id('authenticate_credentials'),
+          'vip:credentials': credential_array,
+          'vip:otpAuthData': {
+              'vip:otp': otp
+          }
+      }
+
+    end
+
+
+    # Check if a otp is valid for a given credential.
+    #
+    # @param [Integer] otp The One Time Password to check if valid.
+    # @param [Array] credentials An array of hashes, with between 1 and 5 credentials. Each hash should contain 2 values :id - the id of the credential and :type - the type of the credential.
+    # @see CredentialTypes
+    # @return [Hash] A hash with all information about if the otp was successful
+    def authenticate_credentials(client, otp, credentials)
+      result = client.call(:authenticate_credentials, message: get_auth_body(otp, credentials))
+      get_return_hash(result.body[:authenticate_credentials_response])
+    end
+
+
+    # Register a SMS credential to the VIP Account. This must be done before you can add a SMS credential to a user.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [Object] phone_number The phone number to register.
+    def register_sms(client, phone_number)
+      result = client.call(:register, message: {
+          'vip:requestId': Utilities.get_request_id('register_credential'),
+          'vip:smsDeliveryInfo': {
+              'vip:phoneNumber': phone_number
+          }
+      } )
+
+      get_return_hash(result.body[:register_response])
+    end
+
+
+    # Use getCredentialInfo to get the credential that was last bound to the user, When the credential was last authenticated and
+    # the friendly name for the credential.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP query WSDL.
+    # @param [String] credential_id The unique ID for the credential.
+    # @param [String] credential_type The type of the credential.
+    # @param [Boolean] include_push If this flag is present and set to be true, the response contains all the push attributes in the field pushAttributes.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes. Also contains :credential which is a hash with info about the credential.
+    def get_credential_info(client, credential_id, credential_type, include_push)
+      message = {
+          'vip:requestId': Utilities.get_request_id('get_credential_info'),
+          'vip:credentialId': credential_id,
+          'vip:credentialType': credential_type
+      }
+
+      unless include_push == nil
+        message[:'vip:includePushAttributes'] = include_push
+      end
+
+      response = client.call(:get_credential_info, message: message)
+      response_hash = response.body[:get_credential_info_response]
+
+      ret = get_return_hash(response_hash)
+
+      # get the credential info
+      credential = {
+          id: response_hash[:credential_id],
+          type: response_hash[:credential_type],
+          enabled: response_hash[:credential_status] == 'ENABLED'
+      }
+
+      # add the bindings if they exist
+      unless response_hash[:num_bindings] == '0'
+        credential[:user_binding] = response_hash[:user_binding_detail]
+      end
+
+      ret[:credential] = credential
+
+      ret
+    end
+
+
+    # Use getServerTime to obtain the current server time.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP query WSDL.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes. Also contains :time which is current server time.
+    def get_server_time(client)
+      response = client.call(:get_server_time, message: {'vip:requestId': Utilities.get_request_id('get_server_time')})
+      response_body = response.body[:get_server_time_response]
+      ret = get_return_hash(response_body)
+
+      unless response_body[:timestamp] == nil
+        ret[:time] = response_body[:timestamp]
+      end
+
+      ret
+    end
+
+  end
+
+end

data/lib/soteria/credential_types.rb

@@ -0,0 +1,13 @@
+module Soteria
+
+  class CredentialTypes
+
+    STANDARD = 'STANDARD_OTP'
+    CERTIFICATE = 'CERTIFICATE'
+    SMS = 'SMS_OTP'
+    VOICE = 'VOICE_OTP'
+    SERVICE = 'SERVICE_OTP'
+
+  end
+
+end

data/lib/soteria/push.rb

@@ -0,0 +1,141 @@
+require_relative 'utilities'
+module Soteria
+
+  class Push
+
+
+    # Creates the body for a send push request.
+    #
+    # @param [String] user_id The id of the user to send the push to
+    # @param [Hash] options
+    # @return [Hash] A hash representing the body of the soap request to send a push notification.
+    def get_push_request_body(user_id, options)
+
+      # add in required values
+      message = {
+          'vip:requestId': Utilities.get_request_id('send_push_request'),
+          'vip:userId': user_id,
+      }
+
+      # no extra options so set the push auth data to nothing
+      # and return the body
+      if options == nil
+        message[:'vip:pushAuthData'] = ''
+        return message
+      end
+
+      #check if the user passed a pin, if so add it
+      if options.key?(:pin)
+        message[:'vip:pin'] = options[:pin]
+      end
+
+      # check for all push auth data options and add them
+      if options.key?(:title) || options.key?(:message) || options.key?(:profile) || options.key?(:time_out)
+        inner = []
+        if options.key?(:title)
+          inner.push({'vip:Key': 'display.message.title', 'vip:Value': options[:title]})
+        end
+        if options.key?(:message)
+          inner.push({'vip:Key': 'display.message.text', 'vip:Value': options[:message]})
+        end
+        if options.key?(:profile)
+          inner.push({'vip:Key': 'display.message.profile', 'vip:Value': options[:profile]})
+        end
+
+        # Add the options to the push auth data
+        if options.key?(:time_out)
+          message[:'vip:pushAuthData'] = {
+              'vip:displayParameters': inner,
+              'vip:requestParameters':
+                  {
+                      'vip:Key': 'request.timeout',
+                      'vip:Value': options[:time_out]
+                  }
+          }
+
+        else
+          message[:'vip:pushAuthData'] = {'vip:displayParameters': inner}
+        end
+
+      else
+        # dont add any push auth data
+        message[:'vip:pushAuthData'] = ''
+      end
+
+      # if options.key?(:level)
+      #   message['authContext'] = {'params': {'Key': 'authLevel.level', 'Value': options[:level]}}
+      # end
+
+      message
+    end
+
+
+    # Send a push notification to the specified user for authentication.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with.
+    # @see Savon::Client
+    # @param [String] user_id The id of the user to send the push to
+    # @param [Hash] options
+    def send_push(client, user_id, options)
+
+      # get the body of the request
+      request_body = get_push_request_body(user_id, options)
+      push_res = client.call(:authenticate_user_with_push, message: request_body)
+      result_hash = push_res.body[:authenticate_user_with_push_response]
+
+      # 6040 is the status code for a push being sent, any other code the push was not sent
+      success = result_hash[:status] == '6040'
+
+      {
+          success: success,
+          id: result_hash[:request_id],
+          transaction_id: result_hash[:transaction_id],
+          message: result_hash[:status_message]
+      }
+
+    end
+
+
+    # Polls for the status of the push notification. This is necessary because VIP does not have push support.
+    # This will poll until the response is no longer push in progress, then it will return a hash with the results.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP query WSDL.
+    # @param [String] transaction_id The id of the push transaction. id is in the hash returned from the send_push call
+    # @param [Int] interval An integer value in seconds that is the interval between polling VIP Services for a push response.
+    # @param [Int] time_out An integer value in seconds that is the timeout for polling. This should match the timeout that was set for the push message.
+    # @return [Hash] A hash with information on if the authentication was successful.
+    def poll_for_response(client, transaction_id, interval, time_out)
+
+      1.upto(time_out/interval) do
+
+        response = client.call(:poll_push_status,
+                               message: {
+                                   'vip:requestId': Utilities.get_request_id("poll_push_status"),
+                                   'vip:transactionId': transaction_id
+                               })
+
+        # The status of the push is called transaciton status
+        transaction_status = response.body[:poll_push_status_response][:transaction_status]
+        call_status = response.body[:poll_push_status_response]
+
+        # 7001 is in progress so we are waiting for that to change
+        if transaction_status[:status] != '7001'
+
+          success = transaction_status[:status] == '7000'
+          return {
+              success: success,
+              message: transaction_status[:status_message],
+              id: call_status[:request_id]
+          }
+
+        end
+
+        sleep interval
+
+      end
+
+    end
+
+  end
+
+end

data/lib/soteria/sms.rb

@@ -0,0 +1,81 @@
+module Soteria
+
+  class SMS
+
+
+    # Creates the body for a send SMS otp request.
+    #
+    # @param [String] user_id Id of the user to authenticate. This is the user id that is stored in the Symantec database.
+    # @param [Int] phone_number The phone number that the sms code should be sent to.
+    # @return [Hash] A hash with all information about if the otp was successful.
+    def create_send_sms_body(user_id, phone_number)
+      {
+          'vip:requestId': Utilities.get_request_id('send_sms_otp'),
+          'vip:userId': user_id,
+          'vip:smsDeliveryInfo':
+              {
+                  'vip:phoneNumber': phone_number
+              }
+      }
+    end
+
+
+    # Send a sms One Time Password to a user.
+    #
+    # @param [String] user_id Id of the user to authenticate. This is the user id that is stored in the Symantec database.
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [Int] phone_number The phone number that the sms code should be sent to.
+    # @return [Hash] A hash with all the appropriate information about the status of the SMS.
+    def send_sms(client, user_id, phone_number)
+      sms_res = client.call(:send_otp, message: create_send_sms_body(user_id, phone_number))
+      result_hash = sms_res.body[:send_otp_response]
+      success = result_hash[:status] == '0000'
+
+      {
+          success: success,
+          id: result_hash[:request_id],
+          message: result_hash[:status_message]
+      }
+    end
+
+
+    # Creates the body for a check otp request.
+    #
+    # @param [String] user_id Id of the user to authenticate. This is the user id that is stored in the Symantec db.
+    # @param [Object] otp The otp that was sent to the user via sms or voice
+    # @return [Hash] A hash representing the body of the soap request to check if an otp is valid.
+    def create_check_otp_body(user_id, otp)
+      {
+          'vip:requestId': Utilities.get_request_id('check_sms_otp'),
+          'vip:userId': user_id,
+          'vip:otpAuthData':
+              {
+                  'vip:otp': otp
+              }
+      }
+    end
+
+
+    # Check if the otp that a user entered is valid or not.
+    #
+    # @param [String] user_id Id of the user to authenticate. This is the user id that is stored in the Symantec db.
+    # @param [Object] otp The otp that was sent to the user via sms or voice
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP authentication WSDL.
+    # @return [Hash] A hash with all information about if the otp was successful
+    def check_otp(client, user_id, otp)
+      check_otp_response = client.call(:check_otp, message: create_check_otp_body(user_id, otp))
+      result_hash = check_otp_response.body[:check_otp_response]
+
+      success = result_hash[:status] == '0000'
+
+      {
+          success: success,
+          id: result_hash[:request_id],
+          message: result_hash[:status_message]
+      }
+    end
+
+
+  end
+
+end

data/lib/soteria/user.rb

@@ -0,0 +1,409 @@
+module Soteria
+
+  class User
+
+
+    # Add a new user to the list of users in Symantec VIP database.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id Id of the user to create.
+    # @param [String] pin an optional value that is a pin for the user. The PIN may be 4 to 128 international characters in length, depending on restrictions of the PIN policy.
+    # @return [Hash] A hash that contains: :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def create(client, user_id, pin)
+      message = {
+          'vip:requestId': Utilities.get_request_id('create_user'),
+          'vip:userId': user_id
+      }
+
+      unless pin.nil?
+        message['vip:pin'] = pin
+      end
+
+      response = client.call(:create_user, message: message)
+
+      get_return_hash(response.body[:create_user_response])
+    end
+
+
+    # Delete a user from the database of Symantec VIP users.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id Id of the user to delete.
+    # @return [Hash] A hash that contains: :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def delete(client, user_id)
+      response = client.call(:delete_user,
+                             message: {
+                                 'vip:requestId': Utilities.get_request_id('delete_user'),
+                                 'vip:userId': user_id
+                             })
+
+      get_return_hash(response.body[:delete_user_response])
+    end
+
+
+    # Creates the body for a add credential request.
+    #
+    # @param [String] user_id Id of the user to add a credential to.
+    # @param [String] credential_id
+    # @param [String] credential_type must be one of the keys to the credential types from the Utilities class.
+    # @see Utilities::CREDENTIAL_TYPES
+    # @param [Hash] options A hash that can contain the following. :name adds a friendly name to the credential added to vip, :otp sends a otp from the credential with the request to verify that the user actually has possession of the credential
+    # @return [Hash] A hash representing the body of the soap request to add a credential.
+    def get_add_credential_message(user_id, credential_id, credential_type, options)
+      message = {
+          'vip:requestId': Utilities.get_request_id('add_credential'),
+          'vip:userId': user_id
+      }
+
+      credential_detail = {
+          'vip:credentialId': credential_id,
+          'vip:credentialType': credential_type
+      }
+
+      unless options == nil
+        if options.key?(:name)
+          credential_detail[:'vip:friendlyName'] = options[:name]
+        end
+
+        if options.key?(:otp)
+          message[:'vip:otpAuthData'] = {
+              'vip:otp': options[:otp]
+          }
+        end
+      end
+
+      message[:'vip:credentialDetail'] = credential_detail
+
+      message
+    end
+
+
+    # Add a credential to an existing user in the Symantec VIP database.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id Id of the user to add a credential to.
+    # @param [String] credential_id Unique identifier of the credential.
+    # @param [String] credential_type must be one of the keys to the credential types from the Utilities class.
+    # @see Utilities::CREDENTIAL_TYPES
+    # @param [Hash] options A hash that can contain the following. :name adds a friendly name to the credential added to vip, :otp sends a otp from the credential with the request to verify that the user actually has possession of the credential
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def add_credential(client, user_id, credential_id, credential_type, options)
+      response = client.call(:add_credential, message: get_add_credential_message(user_id, credential_id, credential_type, options))
+      get_return_hash(response.body[:add_credential_response])
+    end
+
+
+    # Remove a credential from a given user. If the Device deletion policy for Remembered Devices is set to Admin Only,
+    # credentials can only be removed through VIP Manager. The removeCredential API will return the error 6010: This
+    # account is not authorized to perform the requested operation
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id Id of the user to remove a credential from.
+    # @param [String] credential_id Unique identifier of the credential.
+    # @param [String] credential_type must be one of the keys to the credential types from the Utilities class.
+    # @see Utilities::CREDENTIAL_TYPES
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def remove_credential(client, user_id, credential_id, credential_type)
+      response = client.call(:remove_credential, message: {
+          'vip:requestId': Utilities.get_request_id('remove_credential'),
+          'vip:userId': user_id,
+          'vip:credentialId': credential_id,
+          'vip:credentialType': credential_type
+      })
+
+      get_return_hash(response.body[:remove_credential_response])
+    end
+
+
+    # Updates the friendly name of a users credential.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id Id of the user to remove a credential from.
+    # @param [String] credential_id Unique identifier of the credential.
+    # @param [String] credential_type must be one of the keys to the credential types from the Utilities class.
+    # @see Utilities::CREDENTIAL_TYPES
+    # @param [Object] name A user-defined name to identify the credential.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def update_credential(client, user_id, credential_id, credential_type, name)
+      response = client.call(:update_credential, message: {
+          'vip:requestId': Utilities.get_request_id('update_credential'),
+          'vip:userId': user_id,
+          'vip:credentialId': credential_id,
+          'vip:credentialType': credential_type,
+          'vip:friendlyName': name
+      })
+
+      get_return_hash(response.body[:update_credential_response])
+    end
+
+
+    # Get all the credentials that have been last bound to a user or the last authentication, as well as the friendly
+    # name for the user's credential.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP query WSDL.
+    # @param [String] user_id Id of the user to get information about.
+    # @param [Boolean] include_push If the users push details should be returned.
+    # @return [Hash] A hash that contains; :credentials a array of credentials available, :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def get_user_info(client, user_id, include_push)
+      response = client.call(:get_user_info, message: {
+          'vip:requestId': Utilities.get_request_id('get_user_info'),
+          'vip:userId': user_id,
+          'vip:includePushAttributes': include_push
+      })
+
+      response_hash = response.body[:get_user_info_response]
+
+      credentials = []
+
+      if response_hash[:num_bindings] == nil || response_hash[:num_bindings] ==  '0'
+        credentials = nil
+
+      else
+        response_hash[:credential_binding_detail].each do |credential|
+
+          bind_detail = credential[:binding_detail]
+
+          if credential[:credential_type] == 'STANDARD_OTP'
+            push_attrs = credential[:push_attributes]
+            credentials.push({
+                                 type: 'STANDARD_OTP',
+                                 enabled: response_hash[:credential_status] == 'ENABLED' && bind_detail[:bind_status] == 'ENABLED',
+                                 friendly_name: bind_detail[:friendly_name],
+                                 push: push_check(push_attrs),
+                                 credential_id: credential[:credential_id]
+                             })
+
+          elsif credential[:credential_type] == 'SMS_OTP'
+            credentials.push({
+                                 type: 'SMS_OTP',
+                                 enabled: response_hash[:credential_status] == 'ENABLED' && bind_detail[:bind_status] == 'ENABLED',
+                                 friendly_name: bind_detail[:friendly_name],
+                                 push: false,
+                                 credential_id: credential[:credential_id]
+                             })
+          elsif credential[:credential_type] == 'VOICE_OTP'
+            credentials.push({
+                                 type: 'VOICE_OTP',
+                                 enabled: response_hash[:credential_status] == 'ENABLED' && bind_detail[:bind_status] == 'ENABLED',
+                                 friendly_name: bind_detail[:friendly_name],
+                                 push: false,
+                                 credential_id: credential[:credential_id]
+                             })
+          end
+
+        end
+
+      end
+
+      ret = get_return_hash(response_hash)
+      ret[:credentials] = credentials
+      ret
+    end
+
+
+    # Use updateUser to update information about a user in VIP User Services.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @param [Object] options
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def update_user(client, user_id, options)
+      message = {
+          'vip:requestId': Utilities.get_request_id('update_user'),
+          'vip:userId': user_id
+      }
+
+      unless options == nil
+        if options.key?(:newId)
+          message[:'vip:newUserId'] = options[:newId]
+        end
+
+        if options.key?(:status)
+          message[:'vip:newUserStatus'] = options[:status]
+        end
+
+        if options.key?(:oldPin)
+          message[:'vip:oldPin'] = options[:oldPin]
+        end
+
+        if options.key?(:newPin)
+          message[:'vip:newPin'] = options[:newPin]
+        end
+
+        if options.key?(:pinReset)
+          message[:'vip:forcePinReset'] = options[:pinReset]
+        end
+
+      end
+
+      response = client.call(:update_user, message: message)
+      get_return_hash(response.body[:update_user_response])
+    end
+
+
+    # Use clearUserPin to remove an assigned PIN from a user.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def clear_user_pin(client, user_id)
+      response = client.call(:clear_user_pin, message: {
+          'vip:requestId': Utilities.get_request_id('clear_pin'),
+          'vip:userId': user_id
+      })
+
+      get_return_hash(response.body[:clear_user_pin_response])
+    end
+
+
+    # Use setTemporaryPasswordAttributes to change the expiration date for a temporary security code you previously set.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @param [Object] options
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def set_temp_pass_attr(client, user_id, options)
+      message = {
+          'vip:requestId': Utilities.get_request_id('set_temp_pass_attr'),
+          'vip:userId': user_id
+      }
+
+      unless options == nil
+        inner = {}
+        if options.key?(:oneTime)
+          inner[:'vip:oneTimeUseOnly'] = options[:oneTime]
+        end
+
+        if options.key?(:expireTime)
+          inner[:'vip:expirationTime'] = options[:expireTime]
+        end
+
+        message[:'vip:temporaryPasswordAttributes'] = inner
+      end
+
+      response = client.call(:set_temporary_password_attributes, message: message)
+      get_return_hash(response.body[:set_temporary_password_attributes_response])
+    end
+
+
+    # Use getTemporaryPasswordAttributes to poll VIP User Services every three to five seconds to check the status of a
+    # push notification. The push notification is validated against the notification’s unique transaction ID.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP query WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def get_temp_pass_attr(client, user_id)
+      response = client.call(:get_temporary_password_attributes, message: {
+          'vip:requestId': Utilities.get_request_id('get_temp_pass_attr'),
+          'vip:userId': user_id
+      })
+      response_hash = response.body[:get_temporary_password_attributes_response]
+
+      ret = get_return_hash(response_hash)
+
+      unless response_hash[:temp_pwd_attributes] == nil
+        ret[:oneTime] = response_hash[:temp_pwd_attributes][:one_time_use_only]
+        ret[:expiration] = response_hash[:temp_pwd_attributes][:expiration_time]
+      end
+
+      ret
+    end
+
+
+    # Use setTemporaryPassword to set a temporary security code for a user. You can optionally set an
+    # expiration date for the security code, or set it for one-time use only. The request requires the user ID and
+    # optionally, the temporary security code string. If you do not provide a security code, VIP User Services generates
+    # one for you.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @param [Int] phone The phone or mobile device number to which the VIP User Service should deliver the security code.
+    # @param [Hash] options
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def set_temp_password(client, user_id, phone, options)
+      message = {
+          'vip:requestId': Utilities.get_request_id('set_temp_pass'),
+          'vip:userId': user_id
+      }
+
+      phone_options = {'vip:phoneNumber': phone}
+
+      unless options == nil
+        if options.key?(:otp)
+          message[:'vip:temporaryPassword'] = options[:otp]
+        end
+
+        if options.key?(:expireTime)
+          message[:'vip:expirationTime'] = options[:expireTime]
+        end
+
+        if options.key?(:oneTime)
+          message[:'vip:temporaryPasswordAttributes'] = { 'vip:oneTimeUseOnly': options[:oneTime] }
+        end
+
+        if options.key?(:from)
+          phone_options[:'vip:expirationTime'] = options[:from]
+        end
+      end
+
+      message[:'vip:smsDeliveryInfo'] = phone_options
+
+      response = client.call(:set_temporary_password, message: message)
+
+      ret = get_return_hash(response.body[:set_temporary_password_response])
+      ret[:password] = response.body[:set_temporary_password_response][:temporary_password]
+
+      ret
+    end
+
+
+    # Use clearTemporaryPassword to add users to VIP User Services.to remove a temporary security code from a user. If the
+    # user attempts to use a temporary security that has been cleared, VIP User Services returns an error stating the
+    # security code is not set. If the user validates a security code using a valid credential, any temporary security
+    # code that is set for that user is automatically cleared.
+    #
+    # @param [Savon::Client] client A Savon client object to make the call with. This needs to be created with the VIP management WSDL.
+    # @param [String] user_id The unique ID for the user.
+    # @return [Hash] A hash that contains; :success a boolean if the call succeeded, :message a string with any error message, :id the id of the call for debugging purposes
+    def clear_temp_pass(client, user_id)
+      message = {
+          'vip:requestId': Utilities.get_request_id('clear_temp_pass'),
+          'vip:userId': user_id
+      }
+
+      response = client.call(:clear_temporary_password, message: message)
+      get_return_hash(response.body[:clear_temporary_password_response])
+    end
+
+
+    # Helper function to loop through an array of hashes with key value pairs and return if push is enabled.
+    #
+    # @param [Array] attrs A array of hash attributes
+    # @return [Boolean] If push is enabled for the give attributes
+    def push_check(attrs)
+      attrs.each do |a|
+        if a[:key] == 'PUSH_ENABLED'
+          return a[:value]
+        end
+      end
+      false
+    end
+
+
+    # Helper function to create the hash to return. All user calls have the same return values.
+    #
+    # @param [Hash] response_hash
+    # @return [Hash] A hash with the appropriate values. Included are: :success - a boolean if the operation was successful,
+    def get_return_hash(response_hash)
+      success = response_hash[:status] == '0000'
+
+      {
+          success: success,
+          message: response_hash[:status_message],
+          id: response_hash[:request_id]
+      }
+    end
+
+  end
+
+end