Class: Soteria::Client
- Inherits:
-
Object
- Object
- Soteria::Client
- Defined in:
- lib/soteria/client.rb
Instance Method Summary collapse
-
#activate_token(token_id) ⇒ Hash
Call when a newly registered SMS OTP credential requires activation.
-
#add_credential(user_id, credential_id, credential_type, options) ⇒ Hash
Add a credential to an existing user in the Symantec VIP database.
-
#authenticate_credentials(otp, credentials) ⇒ Hash
Check if a otp is valid for a given credential.
-
#authenticate_user_cridential(user_id, credential_code) ⇒ Hash
Authenticate a user with a credential.
-
#authenticate_with_push(user_id, interval, time_out, options) ⇒ Hash
authenticate_with_push handles the process of sending the push to a user as well as polling for the response.
-
#check_otp(user_id, otp) ⇒ Hash
Check if the otp that a user entered is valid or not.
-
#clear_temp_pass(user_id) ⇒ Hash
Use clearTemporaryPassword to add users to VIP User Services.to remove a temporary security code from a user.
-
#clear_user_pin(user_id) ⇒ Hash
Use clearUserPin to remove an assigned PIN from a user.
-
#create_user(user_id, pin) ⇒ Hash
Add a new user to the list of users in Symantec VIP database.
-
#deactivate_token(token_id) ⇒ Hash
Use the DeactivateToken for SMS OTP API to deactivate an SMS OTP credential.
-
#delete_user(user_id) ⇒ Hash
Delete a user from the database of Symantec VIP users.
-
#disable_sms_credentail(reason, token_id) ⇒ Hash
Use the DisableToken for SMS OTP API to disable an SMS OTP credential.
-
#enable_sms_credentail(token_id) ⇒ Hash
Use the EnableToken for SMS OTP API to enable a previously disabled SMS OTP credential.
-
#get_auth_client ⇒ Soteria.Client
Getter for the auth client.
-
#get_credential_info(credential_id, credential_type, include_push) ⇒ Hash
Use getCredentialInfo to get the credential that was last bound to the user, When the credential was last authenticated and the friendly name for the credential.
-
#get_management_client ⇒ Soteria.Client
Getter for the management client.
-
#get_query_client ⇒ Soteria.Client
Getter for the query client.
-
#get_server_time ⇒ Hash
Use getServerTime to obtain the current server time.
-
#get_temp_pass_attr(user_id) ⇒ Hash
Use getTemporaryPasswordAttributes to poll VIP User Services every three to five seconds to check the status of a push notification.
-
#get_user_info(user_id, include_push) ⇒ Object
Get all the credentials that have been last bound to a user or the last authentication, as well as the friendly name for the user’s credential.
-
#initialize(cert_file, cert_key_file, password, should_log) ⇒ Client
constructor
To use Soteria, SSL certificates for Symantec VIP Services are required.
-
#poll_for_response(transaction_id, interval, time_out) ⇒ Hash
Polls for the status of the push notification.
-
#register(token_id) ⇒ Hash
Register a new SMS OTP credential.
-
#register_sms(phone_number) ⇒ Hash
Call to register a SMS credential to the VIP account.
-
#remove_credential(user_id, credential_id, credential_type) ⇒ Hash
Remove a credential from a given user.
-
#send_push(user_id, options) ⇒ Hash
Send a push notification to the specified user for authentication.
-
#send_sms(user_id, phone_number) ⇒ Hash
Send a sms One Time Password to a user.
-
#set_temp_pass(token_id, pass) ⇒ Hash
Send a temporary password to the token.
-
#set_temp_pass_attr(user_id, options) ⇒ Hash
Use setTemporaryPasswordAttributes to change the expiration date for a temporary security code you previously set.
-
#set_temp_password(user_id, phone, options) ⇒ Hash
Use setTemporaryPassword to set a temporary security code for a user.
-
#update_credential(user_id, credential_id, credential_type, name) ⇒ Hash
Updates the friendly name of a users credential.
-
#update_user(user_id, options) ⇒ Hash
Use updateUser to update information about a user in VIP User Services.
Constructor Details
#initialize(cert_file, cert_key_file, password, should_log) ⇒ Client
To use Soteria, SSL certificates for Symantec VIP Services are required. To obtain a certificate go to manager.vip.symantec.com/ and log in. From the dashboard go to Account -> Manage VIP Certificates -> Request a Certificate. From there follow the directions to create a new certificate. On the download screen select the PKCS#12 format and enter the password you would like to use to secure the certificate. Once the certificate is downoaded run these two commands to split the PKCS#12 certificate into a public and private key.
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/soteria/client.rb', line 23 def initialize(cert_file, cert_key_file, password, should_log) # @cert_file = cert_file # @cert_key_file = cert_key_file # @cert_key_password = password #[:get_server_time, :get_user_info, :get_credential_info, :get_temporary_password_attributes, :poll_push_status] @query_client = Utilities.create_client('http://webdev.cse.msu.edu/~yehanlin/vip/vipuserservices-query-1.7.wsdl', should_log, cert_file, cert_key_file, password) #[:authenticate_user, :authenticate_user_with_push, :authenticate_credentials, :evaluate_risk, :confirm_risk, :deny_risk, :check_otp] @auth_client = Utilities.create_client('http://webdev.cse.msu.edu/~yehanlin/vip/vipuserservices-auth-1.7.wsdl', should_log, cert_file, cert_key_file, password) #[:create_user, :update_user, :delete_user, :clear_user_pin, :add_credential, :update_credential, :remove_credential, :set_temporary_password, :clear_temporary_password, :set_temporary_password_attributes, :send_otp, :register] @management_client = Utilities.create_client('http://webdev.cse.msu.edu/~yehanlin/vip/vipuserservices-mgmt-1.7.wsdl', should_log, cert_file, cert_key_file, password) @auth = Auth.new(cert_file, cert_key_file, password, should_log) @push = Push.new @sms = SMS.new @credential = Credential.new @user = User.new end |
Instance Method Details
#activate_token(token_id) ⇒ Hash
Call when a newly registered SMS OTP credential requires activation
360 361 362 |
# File 'lib/soteria/client.rb', line 360 def activate_token(token_id) @auth.activate_token(token_id) end |
#add_credential(user_id, credential_id, credential_type, options) ⇒ Hash
Add a credential to an existing user in the Symantec VIP database.
268 269 270 |
# File 'lib/soteria/client.rb', line 268 def add_credential(user_id, credential_id, credential_type, ) @user.add_credential(@management_client, user_id, credential_id, credential_type, ) end |
#authenticate_credentials(otp, credentials) ⇒ Hash
Check if a otp is valid for a given credential.
131 132 133 |
# File 'lib/soteria/client.rb', line 131 def authenticate_credentials(otp, credentials) @credential.authenticate_credentials(@auth_client, otp, credentials) end |
#authenticate_user_cridential(user_id, credential_code) ⇒ Hash
Authenticate a user with a credential. A credential includes a physical token, the desktop VIP credential app or the mobile VIP credential app. Users must link their credential id to their user id for this authentication to work.
120 121 122 |
# File 'lib/soteria/client.rb', line 120 def authenticate_user_cridential(user_id, credential_code) @credential.authenticate_user_credential(@auth_client, user_id, credential_code) end |
#authenticate_with_push(user_id, interval, time_out, options) ⇒ Hash
authenticate_with_push handles the process of sending the push to a user as well as polling for the response. It calls send_push, then takes the transaction id from that call and starts polling for the result. It has the same result as making the calls independently but requires only one call instead of two as well as handles any errors.
101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/soteria/client.rb', line 101 def authenticate_with_push(user_id, interval, time_out, ) push_response = @push.send_push(@auth_client, user_id, ) unless push_response[:success] return push_response end transaction_id = push_response[:transaction_id] @push.poll_for_response(@query_client, transaction_id, interval, time_out) end |
#check_otp(user_id, otp) ⇒ Hash
Check if the otp that a user entered is valid or not.
151 152 153 |
# File 'lib/soteria/client.rb', line 151 def check_otp(user_id, otp) @sms.check_otp(@auth_client, user_id, otp) end |
#clear_temp_pass(user_id) ⇒ Hash
Use clearTemporaryPassword to add users to VIP User Services.to remove a temporary security code from a user. If the user attempts to use a temporary security that has been cleared, VIP User Services returns an error stating the security code is not set. If the user validates a security code using a valid credential, any temporary security code that is set for that user is automatically cleared.
235 236 237 |
# File 'lib/soteria/client.rb', line 235 def clear_temp_pass(user_id) @user.clear_temp_pass(@management_client, user_id) end |
#clear_user_pin(user_id) ⇒ Hash
Use clearUserPin to remove an assigned PIN from a user.
189 190 191 |
# File 'lib/soteria/client.rb', line 189 def clear_user_pin(user_id) @user.clear_user_pin(@management_client, user_id) end |
#create_user(user_id, pin) ⇒ Hash
Add a new user to the list of users in Symantec VIP database.
161 162 163 |
# File 'lib/soteria/client.rb', line 161 def create_user(user_id, pin) @user.create(@management_client, user_id, pin) end |
#deactivate_token(token_id) ⇒ Hash
Use the DeactivateToken for SMS OTP API to deactivate an SMS OTP credential. If the deactivation is successful, the credential is deactivated.
369 370 371 |
# File 'lib/soteria/client.rb', line 369 def deactivate_token(token_id) @auth.deactivate_token(token_id) end |
#delete_user(user_id) ⇒ Hash
Delete a user from the database of Symantec VIP users.
170 171 172 |
# File 'lib/soteria/client.rb', line 170 def delete_user(user_id) @user.delete(@management_client, user_id) end |
#disable_sms_credentail(reason, token_id) ⇒ Hash
Use the DisableToken for SMS OTP API to disable an SMS OTP credential.
351 352 353 |
# File 'lib/soteria/client.rb', line 351 def disable_sms_credentail(reason, token_id) @auth.disable_sms_credentail(reason, token_id) end |
#enable_sms_credentail(token_id) ⇒ Hash
Use the EnableToken for SMS OTP API to enable a previously disabled SMS OTP credential.
341 342 343 |
# File 'lib/soteria/client.rb', line 341 def enable_sms_credentail(token_id) @auth.enable_sms_credentail(token_id) end |
#get_auth_client ⇒ Soteria.Client
Getter for the auth client
57 58 59 |
# File 'lib/soteria/client.rb', line 57 def get_auth_client @auth_client end |
#get_credential_info(credential_id, credential_type, include_push) ⇒ Hash
Use getCredentialInfo to get the credential that was last bound to the user, When the credential was last authenticated and the friendly name for the credential.
247 248 249 |
# File 'lib/soteria/client.rb', line 247 def get_credential_info(credential_id, credential_type, include_push) @credential.get_credential_info(@query_client, credential_id, credential_type, include_push) end |
#get_management_client ⇒ Soteria.Client
Getter for the management client
65 66 67 |
# File 'lib/soteria/client.rb', line 65 def get_management_client @management_client end |
#get_query_client ⇒ Soteria.Client
Getter for the query client
49 50 51 |
# File 'lib/soteria/client.rb', line 49 def get_query_client @query_client end |
#get_server_time ⇒ Hash
Use getServerTime to obtain the current server time.
255 256 257 |
# File 'lib/soteria/client.rb', line 255 def get_server_time() @credential.get_server_time(@query_client) end |
#get_temp_pass_attr(user_id) ⇒ Hash
Use getTemporaryPasswordAttributes to poll VIP User Services every three to five seconds to check the status of a push notification. The push notification is validated against the notification’s unique transaction ID.
209 210 211 |
# File 'lib/soteria/client.rb', line 209 def get_temp_pass_attr(user_id) @user.get_temp_pass_attr(@query_client, user_id) end |
#get_user_info(user_id, include_push) ⇒ Object
Get all the credentials that have been last bound to a user or the last authentication, as well as the friendly name for the user’s credential.
Returns an array with a hash for every credential that can be used as a second factor authentication option a user has. Each hash contains:
-
:type - The type of the credential.
-
:enabled - If the credential is enabled.
-
:friendly_name - The name the user gave the credential.
-
:push - A boolean if push is enabled for the credential.
-
:credential_id - The id of the credential. This is useful for SMS auth.
285 286 287 |
# File 'lib/soteria/client.rb', line 285 def get_user_info(user_id, include_push) @user.get_user_info(@query_client, user_id, include_push) end |
#poll_for_response(transaction_id, interval, time_out) ⇒ Hash
Polls for the status of the push notification. This is necessary because VIP does not have push support. This will poll until the response is no longer push in progress, then it will return a hash with the results.
87 88 89 |
# File 'lib/soteria/client.rb', line 87 def poll_for_response(transaction_id, interval, time_out) @push.poll_for_response(@query_client, transaction_id, interval, time_out) end |
#register(token_id) ⇒ Hash
Register a new SMS OTP credential.
378 379 380 |
# File 'lib/soteria/client.rb', line 378 def register(token_id) @auth.register(token_id) end |
#register_sms(phone_number) ⇒ Hash
Call to register a SMS credential to the VIP account. Before a user can add a SMS credential to their account it must first exist in the organizations list of credentials.
295 296 297 |
# File 'lib/soteria/client.rb', line 295 def register_sms(phone_number) @credential.register_sms(@management_client, phone_number) end |
#remove_credential(user_id, credential_id, credential_type) ⇒ Hash
Remove a credential from a given user. If the Device deletion policy for Remembered Devices is set to Admin Only, credentials can only be removed through VIP Manager. The removeCredential API will return the error 6010: This account is not authorized to perform the requested operation
309 310 311 |
# File 'lib/soteria/client.rb', line 309 def remove_credential(user_id, credential_id, credential_type) puts @user.remove_credential(@management_client, user_id, credential_id, credential_type) end |
#send_push(user_id, options) ⇒ Hash
Send a push notification to the specified user for authentication.
75 76 77 |
# File 'lib/soteria/client.rb', line 75 def send_push(user_id, ) @push.send_push(@auth_client, user_id, ) end |
#send_sms(user_id, phone_number) ⇒ Hash
Send a sms One Time Password to a user.
141 142 143 |
# File 'lib/soteria/client.rb', line 141 def send_sms(user_id, phone_number) @sms.send_sms(@management_client, user_id, phone_number) end |
#set_temp_pass(token_id, pass) ⇒ Hash
Send a temporary password to the token.
332 333 334 |
# File 'lib/soteria/client.rb', line 332 def set_temp_pass(token_id, pass) @auth.set_temp_pass(token_id, pass) end |
#set_temp_pass_attr(user_id, options) ⇒ Hash
Use setTemporaryPasswordAttributes to change the expiration date for a temporary security code you previously set.
199 200 201 |
# File 'lib/soteria/client.rb', line 199 def set_temp_pass_attr(user_id, ) @user.set_temp_pass_attr(@management_client, user_id, ) end |
#set_temp_password(user_id, phone, options) ⇒ Hash
Use setTemporaryPassword to set a temporary security code for a user. You can optionally set an expiration date for the security code, or set it for one-time use only. The request requires the user ID and optionally, the temporary security code string. If you do not provide a security code, VIP User Services generates one for you.
223 224 225 |
# File 'lib/soteria/client.rb', line 223 def set_temp_password(user_id, phone, ) @user.set_temp_password(@management_client, user_id, phone, ) end |
#update_credential(user_id, credential_id, credential_type, name) ⇒ Hash
Updates the friendly name of a users credential.
322 323 324 |
# File 'lib/soteria/client.rb', line 322 def update_credential(user_id, credential_id, credential_type, name) puts @user.update_credential(@management_client, user_id, credential_id, credential_type, name) end |
#update_user(user_id, options) ⇒ Hash
Use updateUser to update information about a user in VIP User Services.
180 181 182 |
# File 'lib/soteria/client.rb', line 180 def update_user(user_id, ) @user.update_user(@management_client, user_id, ) end |