Class: OneLogin::Api::Client

Inherits:

Object

• Object
• OneLogin::Api::Client

Includes:

HTTParty, Util

Defined in:

lib/onelogin/api/client.rb

Overview

at developers.onelogin.com/api-docs/1/getting-started/dev-overview.

Constant Summary

NOKOGIRI_OPTIONS =

Nokogiri::XML::ParseOptions::STRICT |
Nokogiri::XML::ParseOptions::NONET

DEFAULT_USER_AGENT =

"onelogin-ruby-sdk v#{OneLogin::VERSION}".freeze

Constants included from Util::Constants

Util::Constants::ACTIVATE_FACTOR_URL, Util::Constants::ADD_ROLE_TO_USER_URL, Util::Constants::ASSIGN_ROLES_TO_PRIVILEGE_URL, Util::Constants::ASSIGN_USERS_TO_PRIVILEGE_URL, Util::Constants::CREATE_APP_URL, Util::Constants::CREATE_EVENT_URL, Util::Constants::CREATE_GROUP_URL, Util::Constants::CREATE_PRIVILEGE_URL, Util::Constants::CREATE_ROLE_URL, Util::Constants::CREATE_USER_URL, Util::Constants::DELETE_APP_PARAMETER_URL, Util::Constants::DELETE_APP_URL, Util::Constants::DELETE_PRIVILEGE_URL, Util::Constants::DELETE_ROLE_TO_USER_URL, Util::Constants::DELETE_USER_URL, Util::Constants::EMBED_APP_URL, Util::Constants::ENROLL_FACTOR_URL, Util::Constants::GENERATE_INVITE_LINK_URL, Util::Constants::GENERATE_MFA_TOKEN_URL, Util::Constants::GET_APPS_FOR_USER_URL, Util::Constants::GET_APPS_URL, Util::Constants::GET_APPS_URL_V1, Util::Constants::GET_APP_URL, Util::Constants::GET_CONNECTORS_URL, Util::Constants::GET_CUSTOM_ATTRIBUTES_URL, Util::Constants::GET_ENROLLED_FACTORS_URL, Util::Constants::GET_EVENTS_URL, Util::Constants::GET_EVENT_TYPES_URL, Util::Constants::GET_EVENT_URL, Util::Constants::GET_FACTORS_URL, Util::Constants::GET_GROUPS_URL, Util::Constants::GET_GROUP_URL, Util::Constants::GET_PRIVILEGE_URL, Util::Constants::GET_RATE_URL, Util::Constants::GET_ROLES_ASSIGNED_TO_PRIVILEGE_URL, Util::Constants::GET_ROLES_FOR_USER_URL, Util::Constants::GET_ROLES_URL, Util::Constants::GET_ROLE_URL, Util::Constants::GET_SAML_ASSERTION_URL, Util::Constants::GET_SAML_VERIFY_FACTOR, Util::Constants::GET_TOKEN_VERIFY_FACTOR, Util::Constants::GET_USERS_ASSIGNED_TO_PRIVILEGE_URL, Util::Constants::GET_USERS_URL, Util::Constants::GET_USER_URL, Util::Constants::LIST_PRIVILEGES_URL, Util::Constants::LOCK_USER_URL, Util::Constants::LOG_USER_OUT_URL, Util::Constants::REMOVE_FACTOR_URL, Util::Constants::REMOVE_ROLE_FROM_PRIVILEGE_URL, Util::Constants::REMOVE_USER_FROM_PRIVILEGE_URL, Util::Constants::SEND_INVITE_LINK_URL, Util::Constants::SESSION_LOGIN_TOKEN_URL, Util::Constants::SET_CUSTOM_ATTRIBUTE_TO_USER_URL, Util::Constants::SET_PW_CLEARTEXT, Util::Constants::SET_PW_SALT, Util::Constants::SET_USER_STATE_URL, Util::Constants::TOKEN_REFRESH_URL, Util::Constants::TOKEN_REQUEST_URL, Util::Constants::TOKEN_REVOKE_URL, Util::Constants::UPDATE_APP_URL, Util::Constants::UPDATE_PRIVILEGE_URL, Util::Constants::UPDATE_USER_URL, Util::Constants::VALID_ACTIONS, Util::Constants::VERIFY_FACTOR_URL

Instance Attribute Summary

• #client_id ⇒ Object

  Returns the value of attribute client_id.

• #client_secret ⇒ Object

  Returns the value of attribute client_secret.

• #error ⇒ Object

  Returns the value of attribute error.

• #error_attribute ⇒ Object

  Returns the value of attribute error_attribute.

• #error_description ⇒ Object

  Returns the value of attribute error_description.

• #region ⇒ Object

  Returns the value of attribute region.

• #user_agent ⇒ Object

  Returns the value of attribute user_agent.

Instance Method Summary

• #access_token ⇒ OneLoginToken

  Generates an access token and refresh token that you may use to call Onelogin's API methods.

• #activate_factor(user_id, device_id) ⇒ FactorEnrollmentResponse

  Triggers an SMS or Push notification containing a One-Time Password (OTP) that can be used to authenticate a user with the Verify Factor call.

• #assign_role_to_user(user_id, role_ids) ⇒ Boolean

  Assigns Roles to User.

• #assign_roles_to_privilege(privilege_id, role_ids) ⇒ Boolean

  Assign one or more roles to a privilege.

• #assign_users_to_privilege(privilege_id, user_ids) ⇒ Boolean

  Assign one or more users to a privilege.

• #authorized_headers(bearer = true) ⇒ Object
• #clean_error ⇒ Object

  Clean any previous error registered at the client.

• #create_app(app_params) ⇒ OneLoginApp

  Creates an app.

• #create_event(event_params) ⇒ Boolean

  Create an event in the OneLogin event log.

• #create_privilege(name, version, statements) ⇒ Privilege

  Creates a Privilege.

• #create_session_login_token(query_params, allowed_origin = '') ⇒ SessionTokenInfo|SessionTokenMFAInfo

  Generates a session login token in scenarios in which MFA may or may not be required.

• #create_user(user_params) ⇒ User

  Creates an user.

• #delete_app(app_id) ⇒ Boolean

  Deletes an app.

• #delete_parameter_from_app(app_id, parameter_id) ⇒ Boolean

  Deletes an App Parameter.

• #delete_privilege(privilege_id) ⇒ Boolean

  Deletes a Privilege.

• #delete_user(user_id) ⇒ Boolean

  Deletes an user.

• #enroll_factor(user_id, factor_id, display_name, number) ⇒ OTPDevice

  Enroll a user with a given authentication factor.

• #expired? ⇒ Boolean
• #generate_invite_link(email) ⇒ String

  Generates an invite link for a user that you have already created in your OneLogin account.

• #generate_mfa_token(user_id, expires_in = 259200, reusable = false) ⇒ MFAToken

  Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period.

• #get_app(app_id) ⇒ OneLoginApp

  Gets a OneLoginApp resource.

• #get_apps(params = {}) ⇒ Array

  Gets a list of OneLoginAppBasic resources.

• #get_apps_v1(params = {}) ⇒ Array

  Gets a list of OneLoginAppV1 resources.

• #get_connectors(params = {}) ⇒ Array

  Gets a list of Connector resources.

• #get_custom_attributes ⇒ Array

  Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.

• #get_embed_apps(token, email) ⇒ Array

  Lists apps accessible by a OneLogin user.

• #get_enrolled_factors(user_id) ⇒ Array

  Return a list of authentication factors registered to a particular user for multifactor authentication (MFA).

• #get_event(event_id) ⇒ Event

  Gets Event by ID.

• #get_event_types ⇒ Array

  List of all OneLogin event types available to the Events API.

• #get_events(params = {}) ⇒ Array

  Gets a list of Event resources.

• #get_factors(user_id) ⇒ Array

  Returns a list of authentication factors that are available for user enrollment via API.

• #get_group(group_id) ⇒ Group

  Gets Group by ID.

• #get_groups(params = {}) ⇒ Array

  Gets a list of Group resources (element of groups limited with the limit parameter).

• #get_privilege(privilege_id) ⇒ Privilege

  Get a Privilege.

• #get_privileges ⇒ Array

  Gets a list of the Privileges created in an account.

• #get_rate_limits ⇒ RateLimit

  Gets current rate limit details about an access token.

• #get_role(role_id) ⇒ Role

  Gets Role by ID.

• #get_roles(params = {}) ⇒ Array

  Gets a list of Role resources.

• #get_roles_assigned_to_privilege(privilege_id) ⇒ Array

  Gets a list of the roles assigned to a privilege.

• #get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address = nil) ⇒ SAMLEndpointResponse

  Generates a SAML Assertion.

• #get_saml_assertion_verifying(app_id, device_id, state_token, otp_token = nil, url_endpoint = nil, do_not_notify = false) ⇒ SAMLEndpointResponse

  Verify a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.

• #get_session_token_verified(device_id, state_token, otp_token = nil, allowed_origin = '', do_not_notify = false) ⇒ SessionTokenInfo

  Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).

• #get_user(user_id) ⇒ User

  Gets User by ID.

• #get_user_apps(user_id) ⇒ Array

  Gets a list of apps accessible by a user, not including personal apps.

• #get_user_roles(user_id) ⇒ Array

  Gets a list of role IDs that have been assigned to a user.

• #get_users(params = {}) ⇒ Array

  Gets a list of User resources.

• #get_users_assigned_to_privilege(privilege_id) ⇒ Array

  Gets a list of the users assigned to a privilege.

• #handle_operation_response(response) ⇒ Object
• #handle_saml_endpoint_response(response) ⇒ Object
• #handle_session_token_response(response) ⇒ Object
• #headers ⇒ Object
• #initialize(config) ⇒ Client constructor

  Create a new instance of the Client.

• #lock_user(user_id, minutes) ⇒ Boolean

  Use this call to lock a user's account based on the policy assigned to the user, for a specific time you define in the request, or until you unlock it.

• #log_user_out(user_id) ⇒ Boolean

  Log a user out of any and all sessions.

• #prepare_token ⇒ Object
• #regenerate_token ⇒ OneLoginToken

  Refreshing tokens provides a new set of access and refresh tokens.

• #remove_factor(user_id, device_id) ⇒ Boolean

  Remove an enrolled factor from a user.

• #remove_role_from_privilege(privilege_id, role_id) ⇒ Boolean

  Removes one role from the privilege.

• #remove_role_from_user(user_id, role_ids) ⇒ Boolean

  Removes Role from User.

• #remove_user_from_privilege(privilege_id, user_id) ⇒ Boolean

  Removes one user from the privilege.

• #retrieve_apps_from_xml(xml_content) ⇒ Object
• #revoke_token ⇒ Boolean

  Revokes an access token and refresh token pair.

• #send_invite_link(email, personal_email = nil) ⇒ String

  Sends an invite link to a user that you have already created in your OneLogin account.

• #set_custom_attribute_to_user(user_id, custom_attributes) ⇒ Boolean

  Set Custom Attribute Value.

• #set_password_using_clear_text(user_id, password, password_confirmation, validate_policy = false) ⇒ Boolean

  Sets Password by ID Using Cleartext.

• #set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt = nil) ⇒ Boolean

  Set Password by ID Using Salt and SHA-256.

• #set_state_to_user(user_id, state) ⇒ Boolean

  Set User State.

• #update_app(app_id, app_params) ⇒ User

  Updates an app.

• #update_privilege(privilege_id, name, version, statements) ⇒ Privilege

  Updates a Privilege.

• #update_user(user_id, user_params) ⇒ User

  Updates an user.

• #validate_config ⇒ Object
• #verify_factor(user_id, device_id, otp_token = nil, state_token = nil) ⇒ Boolean

  Authenticates a one-time password (OTP) code provided by a multifactor authentication (MFA) device.

Methods included from Util::Parser

#extract_error_attribute_from_response, #extract_error_message_from_response, #extract_status_code_from_response

Methods included from Util::UrlBuilder

#url_for

Constructor Details

#initialize(config) ⇒ Client

Create a new instance of the Client.

Parameters:

• config (Hash) —

  Client Id, Client Secret and Region

# File 'lib/onelogin/api/client.rb', line 34

def initialize(config)
  options = Hash[config.map { |(k, v)| [k.to_sym, v] }]

  @client_id = options[:client_id]
  @client_secret = options[:client_secret]
  @region = options[:region] || 'us'
  @max_results = options[:max_results] || 1000

  if options[:timeout] and defined? self.class.default_timeout
    self.class.default_timeout options[:timeout]
  end

  if options[:proxy_host]
    self.class.http_proxy options[:proxy_host], options[:proxy_port], options[:proxy_user], options[:proxy_pass]
  end

  self.class.default_options.update(verify: false)

  validate_config

  @user_agent = DEFAULT_USER_AGENT
end

Instance Attribute Details

#client_id ⇒ Object

Returns the value of attribute client_id.

# File 'lib/onelogin/api/client.rb', line 22

def client_id
  @client_id
end

#client_secret ⇒ Object

Returns the value of attribute client_secret.

# File 'lib/onelogin/api/client.rb', line 22

def client_secret
  @client_secret
end

#error ⇒ Object

Returns the value of attribute error.

# File 'lib/onelogin/api/client.rb', line 23

def error
  @error
end

#error_attribute ⇒ Object

Returns the value of attribute error_attribute.

# File 'lib/onelogin/api/client.rb', line 23

def error_attribute
  @error_attribute
end

#error_description ⇒ Object

Returns the value of attribute error_description.

# File 'lib/onelogin/api/client.rb', line 23

def error_description
  @error_description
end

#region ⇒ Object

Returns the value of attribute region.

# File 'lib/onelogin/api/client.rb', line 22

def region
  @region
end

#user_agent ⇒ Object

Returns the value of attribute user_agent.

# File 'lib/onelogin/api/client.rb', line 23

def user_agent
  @user_agent
end

Instance Method Details

#access_token ⇒ OneLoginToken

Generates an access token and refresh token that you may use to call Onelogin's API methods.

Returns:

• (OneLoginToken) —

  Returns the generated OAuth Token info

See Also:

• Generate Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 165

def access_token
  clean_error

  begin
    url = url_for(TOKEN_REQUEST_URL)

    data = {
      'grant_type' => 'client_credentials'
    }

    response = self.class.post(
      url,
      headers: authorized_headers(false),
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data.has_key?('status')
        @error = json_data['status']['code'].to_s
        @error_description = extract_error_message_from_response(response)
      else
        token = OneLogin::Api::Models::OneLoginToken.new(json_data)
        @access_token = token.access_token
        @refresh_token = token.refresh_token
        @expiration = token.created_at + token.expires_in
        return token
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#activate_factor(user_id, device_id) ⇒ FactorEnrollmentResponse

Triggers an SMS or Push notification containing a One-Time Password (OTP) that can be used to authenticate a user with the Verify Factor call.

Parameters:

• user_id (Integer) —

  The id of the user.

• device_id (Integer) —

  The id of the MFA device.

Returns:

• (FactorEnrollmentResponse) —

  Info with User Id, Device Id, and OTP Device

See Also:

• Activate an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 2124

def activate_factor(user_id, device_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    if device_id.nil? || device_id.to_s.empty?
      @error = '400'
      @error_description = "device_id is required"
      @error_attribute = "device_id"
      return
    end

    url = url_for(ACTIVATE_FACTOR_URL, user_id, device_id)

    response = self.class.post(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::FactorEnrollmentResponse.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#assign_role_to_user(user_id, role_ids) ⇒ Boolean

Assigns Roles to User

Parameters:

• user_id (Integer) —

  Id of the user

• role_ids (Array) —

  List of role ids to be added

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Assign Role to User documentation}

# File 'lib/onelogin/api/client.rb', line 618

def assign_role_to_user(user_id, role_ids)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(ADD_ROLE_TO_USER_URL, user_id)

    data = {
      'role_id_array' => role_ids
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#assign_roles_to_privilege(privilege_id, role_ids) ⇒ Boolean

Assign one or more roles to a privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

• role_ids (Array) —

  Ids of the roles to be added.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Assign Roles documentation}

# File 'lib/onelogin/api/client.rb', line 2750

def assign_roles_to_privilege(privilege_id, role_ids)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(ASSIGN_ROLES_TO_PRIVILEGE_URL, privilege_id)

    data = {
      'roles' => role_ids
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 201
      return handle_operation_response(response)
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)

    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#assign_users_to_privilege(privilege_id, user_ids) ⇒ Boolean

Assign one or more users to a privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

• user_ids (Array) —

  Ids of the users to be added.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Assign Users documentation}

# File 'lib/onelogin/api/client.rb', line 2873

def assign_users_to_privilege(privilege_id, user_ids)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(ASSIGN_USERS_TO_PRIVILEGE_URL, privilege_id)

    data = {
      'users' => user_ids
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 201
      return handle_operation_response(response)
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#authorized_headers(bearer = true) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 142

def authorized_headers(bearer = true)
  # Removed the ":"
  authorization = if bearer
    "bearer #{@access_token}"
  else
    "client_id:#{@client_id},client_secret:#{@client_secret}"
  end

  headers.merge({
    'Authorization' => authorization
  })
end

#clean_error ⇒ Object

Clean any previous error registered at the client.

# File 'lib/onelogin/api/client.rb', line 63

def clean_error
  @error = nil
  @error_description = nil
  @error_attribute = nil
end

#create_app(app_params) ⇒ OneLoginApp

Creates an app

Parameters:

• app_params (Hash) —

  App data (name, visible, policy_id, is_available, parameters, allow_assumed_signin, configuration, notes, description, provisioning, connector_id, auth_method, tab_id)

Returns:

• (OneLoginApp) —

  the created app

See Also:

• Create App documentation}

# File 'lib/onelogin/api/client.rb', line 1326

def create_app(app_params)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_APP_URL)

    unless app_params.has_key?('connector_id') || app_params['connector_id'].to_s.empty?
      @error = '400'
      @error_description = "connector_id is required"
      @error_attribute = "connector_id"
      return
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: app_params.to_json
    )

    if response.code == 201
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::OneLoginApp.new(json_data)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#create_event(event_params) ⇒ Boolean

Create an event in the OneLogin event log.

Parameters:

• event_params (Hash) —

  Event data (event_type_id, account_id, actor_system, actor_user_id, actor_user_name, app_id, assuming_acting_user_id, custom_message, directory_sync_run_id, group_id, group_name, ipaddr, otp_device_id, otp_device_name, policy_id, policy_name, role_id, role_name, user_id, user_name)

Returns:

• (Boolean) —

  the result of the operation

See Also:

• Create Event documentation}

# File 'lib/onelogin/api/client.rb', line 1734

def create_event(event_params)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_EVENT_URL)

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: event_params.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#create_privilege(name, version, statements) ⇒ Privilege

Creates a Privilege

Parameters:

• name (string) —

  The name of the privilege.

• version (string) —

  The version for the privilege schema. Set to 2018-05-18.

• statements (Array) —

  A list of statements. Statement object or a dict with the keys Effect, Action and Scope

Returns:

• (Privilege) —

  the created privilege

See Also:

• Create Privilege documentation}

# File 'lib/onelogin/api/client.rb', line 2496

def create_privilege(name, version, statements)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_PRIVILEGE_URL)

    statement_data = []
    for statement in statements
      if statement.instance_of?(OneLogin::Api::Models::Statement)
        statement_data << {
         'Effect' => statement.effect,
         'Action' => statement.actions,
         'Scope' => statement.scopes
        }
      elsif statement.instance_of?(Hash) && statement.has_key?('Effect') && statement.has_key?('Action') && statement.has_key?('Scope')
        statement_data << statement
      else
        @error = 400.to_s
        @error_description = "statements is invalid. Provide a list of statements. The statement should be an Statement object or dict with the keys Effect, Action and Scope"
        return
      end
    end

    privilege_data = {
      'name' => name,
      'privilege' => {
        'Version'=> version,
        'Statement' => statement_data
      }
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: privilege_data.to_json
    )

    if response.code == 201
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::Privilege.new(json_data['id'], name, version, statements)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#create_session_login_token(query_params, allowed_origin = '') ⇒ SessionTokenInfo|SessionTokenMFAInfo

Generates a session login token in scenarios in which MFA may or may not be required. A session login token expires two minutes after creation.

Parameters:

• query_params (Hash) —

  Query Parameters (username_or_email, password, subdomain, return_to_url, ip_address, browser_id)

• allowed_origin (String) (defaults to: '') —

  Custom-Allowed-Origin-Header. Required for CORS requests only. Set to the Origin URI from which you are allowed to send a request using CORS.

Returns:

• (SessionTokenInfo|SessionTokenMFAInfo) —

  if the action succeed

See Also:

• Create Session Login Token documentation}

# File 'lib/onelogin/api/client.rb', line 1101

def create_session_login_token(query_params, allowed_origin='')
  clean_error
  prepare_token

  begin
    url = url_for(SESSION_LOGIN_TOKEN_URL)

    if query_params.nil? || !query_params.has_key?('username_or_email') || !query_params.has_key?('password') || !query_params.has_key?('subdomain')
      raise "username_or_email, password and subdomain are required parameters"
    end

    headers = authorized_headers
    if allowed_origin
      headers = headers.merge({ 'Custom-Allowed-Origin-Header-1' => allowed_origin })
    end

    response = self.class.post(
      url,
      headers: headers,
      body: query_params.to_json
    )

    if response.code == 200
      return handle_session_token_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#create_user(user_params) ⇒ User

Creates an user

Parameters:

• user_params (Hash) —

  User data (firstname, lastname, email, username, company, department, directory_id, distinguished_name, external_id, group_id, invalid_login_attempts, locale_code, manager_ad_id, member_of, openid_name, phone, samaccountname, title, userprincipalname)

Returns:

• (User) —

  the created user

See Also:

• Create User documentation}

# File 'lib/onelogin/api/client.rb', line 528

def create_user(user_params)
  clean_error
  prepare_token

  begin
    url = url_for(CREATE_USER_URL)

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: user_params.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#delete_app(app_id) ⇒ Boolean

Deletes an app

Parameters:

• app_id (Integer) —

  Id of the app to be removed

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Delete App by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1460

def delete_app(app_id)
  clean_error
  prepare_token

  begin
    if app_id.nil? || app_id.to_s.empty?
      @error = '400'
      @error_description = "app_id is required"
      @error_attribute = "app_id"
      return
    end

    url = url_for(DELETE_APP_URL, app_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 204
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#delete_parameter_from_app(app_id, parameter_id) ⇒ Boolean

Deletes an App Parameter

Parameters:

• app_id (Integer) —

  Id of the app

• parameter_id (Integer) —

  Id of the parameter to be removed

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Delete an App Parameter documentation}

# File 'lib/onelogin/api/client.rb', line 1502

def delete_parameter_from_app(app_id, parameter_id)
  clean_error
  prepare_token

  begin
    if app_id.nil? || app_id.to_s.empty?
      @error = '400'
      @error_description = "app_id is required"
      @error_attribute = "app_id"
      return
    end

    if parameter_id.nil? || parameter_id.to_s.empty?
      @error = '400'
      @error_description = "parameter_id is required"
      @error_attribute = "parameter_id"
      return
    end

    url = url_for(DELETE_APP_PARAMETER_URL, app_id, parameter_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 204
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#delete_privilege(privilege_id) ⇒ Boolean

Deletes a Privilege

Parameters:

• privilege_id (string) —

  Id of the privilege to be removed.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Delete Privilege documentation}

# File 'lib/onelogin/api/client.rb', line 2674

def delete_privilege(privilege_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(DELETE_PRIVILEGE_URL, privilege_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 204
      return handle_operation_response(response)
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#delete_user(user_id) ⇒ Boolean

Deletes an user

Parameters:

• user_id (Integer) —

  Id of the user to be removed

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Delete User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1002

def delete_user(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(DELETE_USER_URL, user_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#enroll_factor(user_id, factor_id, display_name, number) ⇒ OTPDevice

Enroll a user with a given authentication factor.

Parameters:

• user_id (Integer) —

  The id of the user.

• factor_id (Integer) —

  The identifier of the factor to enroll the user with.

• display_name (String) —

  A name for the users device.

• number (String) —

  The phone number of the user in E.164 format.

Returns:

• (OTPDevice) —

  MFA device

See Also:

• Enroll an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 2018

def enroll_factor(user_id, factor_id, display_name, number)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    if factor_id.nil? || factor_id.to_s.empty?
      @error = '400'
      @error_description = "factor_id is required"
      @error_attribute = "factor_id"
      return
    end

    url = url_for(ENROLL_FACTOR_URL, user_id)

    data = {
      'factor_id'=> factor_id.to_i,
      'display_name'=> display_name,
      'number'=> number
    }

    response = self.class.post(
      url,
      :headers => authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data']
        return OneLogin::Api::Models::OTPDevice.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/onelogin/api/client.rb', line 69

def expired?
  Time.now.utc > @expiration
end

#generate_invite_link(email) ⇒ String

Generates an invite link for a user that you have already created in your OneLogin account.

Parameters:

• email (String) —

  Set to the email address of the user that you want to generate an invite link for.

Returns:

• (String) —

  the invitation link

See Also:

• Generate Invite Link documentation}

# File 'lib/onelogin/api/client.rb', line 2298

def generate_invite_link(email)
  clean_error
  prepare_token

  begin
    if email.nil? || email.to_s.empty?
      @error = '400'
      @error_description = "email is required"
      @error_attribute = "email"
      return
    end

    url = url_for(GENERATE_INVITE_LINK_URL)

    data = {
      'email'=> email
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return json_data['data'][0]
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#generate_mfa_token(user_id, expires_in = 259200, reusable = false) ⇒ MFAToken

Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period. For example, use this token for account recovery.

Parameters:

• user_id (Integer) —

  Id of the user

• expires_in (Integer) (defaults to: 259200) —

  Set the duration of the token in seconds. (default: 259200 seconds = 72h) 72 hours is the max value.

• reusable (Boolean) (defaults to: false) —

  Defines if the token reusable. (default: false) If set to true, token can be used for multiple apps, until it expires.

Returns:

• (MFAToken) —

  if the action succeed

See Also:

• Generate MFA Token documentation}

# File 'lib/onelogin/api/client.rb', line 1047

def generate_mfa_token(user_id, expires_in=259200, reusable=false)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(GENERATE_MFA_TOKEN_URL, user_id)

    data = {
      'expires_in' => expires_in,
      'reusable' => reusable
    }

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 201
      json_data = JSON.parse(response.body)
      if !json_data.empty?
        return OneLogin::Api::Models::MFAToken.new(json_data)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_app(app_id) ⇒ OneLoginApp

Gets a OneLoginApp resource.

Returns:

• (OneLoginApp) —

  OneLoginApp object

See Also:

• Get App documentation}

# File 'lib/onelogin/api/client.rb', line 1369

def get_app(app_id)
  clean_error
  prepare_token

  begin
    if app_id.nil? || app_id.to_s.empty?
      @error = '400'
      @error_description = "app_id is required"
      @error_attribute = "app_id"
      return
    end

    url = url_for(GET_APP_URL, app_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::OneLoginApp.new(json_data)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_apps(params = {}) ⇒ Array

Gets a list of OneLoginAppBasic resources.

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of OneLoginAppBasic objects

See Also:

• Get Apps documentation}

# File 'lib/onelogin/api/client.rb', line 1283

def get_apps(params = {})
  clean_error
  prepare_token

  begin
    url = url_for(GET_APPS_URL)

    apps = []
    response = self.class.get(
      url,
      headers: authorized_headers,
      query: params
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if !json_data.empty?
        json_data.each do |data|
          apps << OneLogin::Api::Models::OneLoginAppBasic.new(data)
        end
      end
      return apps
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_apps_v1(params = {}) ⇒ Array

Gets a list of OneLoginAppV1 resources. (if no limit provided, by default get 50 elements)

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of OneLoginAppV1 objects

See Also:

• Get Apps documentation}

# File 'lib/onelogin/api/client.rb', line 1254

def get_apps_v1(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::OneLoginAppV1,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self, url_for(GET_APPS_URL_V1), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_connectors(params = {}) ⇒ Array

Gets a list of Connector resources.

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of Connector objects

See Also:

• List Connectors documentation}

# File 'lib/onelogin/api/client.rb', line 1208

def get_connectors(params = {})
  clean_error
  prepare_token

  begin
    url = url_for(GET_CONNECTORS_URL)

    connectors = []
    response = self.class.get(
      url,
      headers: authorized_headers,
      query: params
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if !json_data.empty?
        json_data.each do |data|
          pp data
          connectors << OneLogin::Api::Models::ConnectorBasic.new(data)
        end
      end
      return connectors
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_custom_attributes ⇒ Array

Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.

Returns:

• (Array) —

  the custom attributes of the account

See Also:

• Get Custom Attributes documentation}

# File 'lib/onelogin/api/client.rb', line 484

def get_custom_attributes
  clean_error
  prepare_token

  begin
    url = url_for(GET_CUSTOM_ATTRIBUTES_URL)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    custom_attributes = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        custom_attributes = json_data['data'][0]
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end

    return custom_attributes
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_embed_apps(token, email) ⇒ Array

Lists apps accessible by a OneLogin user.

Parameters:

• token (String) —

  Provide your embedding token.

• email (String) —

  Provide the email of the user for which you want to return a list of embeddable apps.

Returns:

• (Array) —

  the embed apps

See Also:

• Get Apps to Embed for a User documentation}

# File 'lib/onelogin/api/client.rb', line 2392

def get_embed_apps(token, email)
  clean_error

  begin
    response = self.class.get(
      EMBED_APP_URL,
      headers: {
        'User-Agent' => @user_agent
      },
      query: {
        token: token,
        email: email
      }
    )

    if response.code == 200 && !(response.body.nil? || response.body.empty?)
      return retrieve_apps_from_xml(response.body)
    else
      @error = response.code.to_s
      unless response.body.nil? || response.body.empty?
        @error_description = response.body
      end
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_enrolled_factors(user_id) ⇒ Array

Return a list of authentication factors registered to a particular user for multifactor authentication (MFA)

Parameters:

• user_id (Integer) —

  The id of the user.

Returns:

• (Array) —

  OTPDevice List

See Also:

• Get Enrolled Authentication Factors documentation}

# File 'lib/onelogin/api/client.rb', line 2075

def get_enrolled_factors(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(GET_ENROLLED_FACTORS_URL, user_id)

    response = self.class.get(
      url,
      :headers => authorized_headers
    )

    otp_devices = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data'] and json_data['data']['otp_devices']
        json_data['data']['otp_devices'].each do |otp_device_data|
          otp_devices << OneLogin::Api::Models::OTPDevice.new(otp_device_data)
        end
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
    return otp_devices
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_event(event_id) ⇒ Event

Gets Event by ID.

Parameters:

• event_id (Integer) —

  Id of the Event

Returns:

• (Event) —

  the event identified by the id

See Also:

• Get Event by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1685

def get_event(event_id)
  clean_error
  prepare_token

  begin
    if event_id.nil? || event_id.to_s.empty?
      @error = '400'
      @error_description = "event_id is required"
      @error_attribute = "event_id"
      return
    end

    url = url_for(GET_EVENT_URL, event_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Event.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_event_types ⇒ Array

List of all OneLogin event types available to the Events API.

Returns:

• (Array) —

  the list of event type

See Also:

• Get Event Types documentation}

# File 'lib/onelogin/api/client.rb', line 1628

def get_event_types
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::EventType,
      headers: authorized_headers,
      max_results: @max_results
    }

    return Cursor.new(self, url_for(GET_EVENT_TYPES_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_events(params = {}) ⇒ Array

Gets a list of Event resources. (if no limit provided, by default get 50 elements)

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of Event objects

See Also:

• Get Events documentation}

# File 'lib/onelogin/api/client.rb', line 1656

def get_events(params={})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::Event,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self, url_for(GET_EVENTS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_factors(user_id) ⇒ Array

Returns a list of authentication factors that are available for user enrollment via API.

Parameters:

• user_id (Integer) —

  The id of the user.

Returns:

• (Array) —

  AuthFactor list

See Also:

• Get Available Authentication Factors documentation}

# File 'lib/onelogin/api/client.rb', line 1968

def get_factors(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(GET_FACTORS_URL, user_id)

    response = self.class.get(
      url,
      :headers => authorized_headers
    )

    factors = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data and json_data['data'] and json_data['data']['auth_factors']
        json_data['data']['auth_factors'].each do |factor_data|
          factors << OneLogin::Api::Models::AuthFactor.new(factor_data)
        end
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
    return factors
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_group(group_id) ⇒ Group

Gets Group by ID.

Parameters:

• group_id (Integer) —

  Id of the Group

Returns:

• (Group) —

  the group identified by the id

See Also:

• Get Group by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1800

def get_group(group_id)
  clean_error
  prepare_token

  begin
    if group_id.nil? || group_id.to_s.empty?
      @error = '400'
      @error_description = "group_id is required"
      @error_attribute = "group_id"
      return
    end

    url = url_for(GET_GROUP_URL, group_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Group.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_groups(params = {}) ⇒ Array

Gets a list of Group resources (element of groups limited with the limit parameter).

Returns:

• (Array) —

  the list of groups

See Also:

• Get Groups documentation}

# File 'lib/onelogin/api/client.rb', line 1771

def get_groups(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::Group,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self, url_for(GET_GROUPS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_privilege(privilege_id) ⇒ Privilege

Get a Privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege

Returns:

• (Privilege) —

  the privilege identified by the id

See Also:

• Get Privilege documentation}

# File 'lib/onelogin/api/client.rb', line 2558

def get_privilege(privilege_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(GET_PRIVILEGE_URL, privilege_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::Privilege.new(json_data)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_privileges ⇒ Array

Gets a list of the Privileges created in an account.

Returns:

• (Array) —

  list of privilege objects

See Also:

• List Privileges documentation}

# File 'lib/onelogin/api/client.rb', line 2453

def get_privileges()
  clean_error
  prepare_token

  begin

    url = url_for(LIST_PRIVILEGES_URL)

    privileges = []
    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if !json_data.empty?
        json_data.each do |data|
          privileges << OneLogin::Api::Models::Privilege.new(data)
        end
      end
      return privileges
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_rate_limits ⇒ RateLimit

Gets current rate limit details about an access token.

Returns:

• (RateLimit) —

  Returns the rate limit info

See Also:

• Get Rate Limit documentation}

# File 'lib/onelogin/api/client.rb', line 295

def get_rate_limits
  clean_error
  prepare_token

  begin
    url = url_for(GET_RATE_URL)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::RateLimit.new(json_data['data'])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_role(role_id) ⇒ Role

Gets Role by ID.

Parameters:

• role_id (Integer) —

  Id of the Role

Returns:

• (Role) —

  the role identified by the id

See Also:

• Get Role by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1583

def get_role(role_id)
  clean_error
  prepare_token

  begin
    if role_id.nil? || role_id.to_s.empty?
      @error = '400'
      @error_description = "role_id is required"
      @error_attribute = "role_id"
      return
    end

    url = url_for(GET_ROLE_URL, role_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::Role.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_roles(params = {}) ⇒ Array

Gets a list of Role resources. (if no limit provided, by default get 50 elements)

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of Role objects

See Also:

• Get Roles documentation}

# File 'lib/onelogin/api/client.rb', line 1554

def get_roles(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::Role,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self, url_for(GET_ROLES_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_roles_assigned_to_privilege(privilege_id) ⇒ Array

Gets a list of the roles assigned to a privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

Returns:

• (Array) —

  list of Role Id

See Also:

• Get Assigned Roles documentation}

# File 'lib/onelogin/api/client.rb', line 2714

def get_roles_assigned_to_privilege(privilege_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    options = {
      headers: authorized_headers,
      max_results: @max_results,
      container: 'roles'
    }

    return Cursor.new(self, url_for(GET_ROLES_ASSIGNED_TO_PRIVILEGE_URL, privilege_id), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address = nil) ⇒ SAMLEndpointResponse

Generates a SAML Assertion.

Parameters:

• username_or_email (String) —

  username or email of the OneLogin user accessing the app

• password (String) —

  Password of the OneLogin user accessing the app

• app_id (String) —

  App ID of the app for which you want to generate a SAML token

• subdomain (String) —

  subdomain of the OneLogin account related to the user/app

• ip_address (String) (defaults to: nil) —

  (Optional) whitelisted IP address that needs to be bypassed (some MFA scenarios)

Returns:

• (SAMLEndpointResponse) —

  object with an encoded SAMLResponse

See Also:

• Generate SAML Assertion documentation}

# File 'lib/onelogin/api/client.rb', line 1851

def get_saml_assertion(username_or_email, password, app_id, subdomain, ip_address=nil)
  clean_error
  prepare_token

  begin
    url = url_for(GET_SAML_ASSERTION_URL)

    data = {
      'username_or_email'=> username_or_email,
      'password'=> password,
      'app_id'=> app_id,
      'subdomain'=> subdomain,
    }

    unless ip_address.nil? || ip_address.empty?
      data['ip_address'] = ip_address
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_saml_endpoint_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_saml_assertion_verifying(app_id, device_id, state_token, otp_token = nil, url_endpoint = nil, do_not_notify = false) ⇒ SAMLEndpointResponse

Verify a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.

Parameters:

• app_id (String) —

  App ID of the app for which you want to generate a SAML token

• devide_id (String) —

  Provide the MFA device_id you are submitting for verification.

• state_token (String) —

  Provide the state_token associated with the MFA device_id you are submitting for verification.

• otp_token (String) (defaults to: nil) —

  (Optional) Provide the OTP value for the MFA factor you are submitting for verification.

• url_endpoint (String) (defaults to: nil) —

  (Optional) Specify an url where return the response.

• do_not_notify (String) (defaults to: false) —

  (Optional) When verifying MFA via Protect Push, set this to true to stop additional push notifications being sent to the OneLogin Protect device

Returns:

• (SAMLEndpointResponse) —

  object with an encoded SAMLResponse

See Also:

• Verify Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1901

def get_saml_assertion_verifying(app_id, device_id, state_token, otp_token=nil, url_endpoint=nil, do_not_notify=false)
  clean_error
  prepare_token

  begin
    if app_id.nil? || app_id.to_s.empty?
      @error = '400'
      @error_description = "app_id is required"
      @error_attribute = "app_id"
      return
    end

    if device_id.nil? || device_id.to_s.empty?
      @error = '400'
      @error_description = "device_id is required"
      @error_attribute = "device_id"
      return
    end

    if url_endpoint.nil? || url_endpoint.empty?
      url = url_for(GET_SAML_VERIFY_FACTOR)
    else
      url = url_endpoint
    end

    data = {
      'app_id'=> app_id,
      'device_id'=> device_id.to_s,
      'state_token'=> state_token,
      'do_not_notify'=> do_not_notify
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_saml_endpoint_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_session_token_verified(device_id, state_token, otp_token = nil, allowed_origin = '', do_not_notify = false) ⇒ SessionTokenInfo

Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).

Parameters:

• device_id (String) —

  Provide the MFA device_id you are submitting for verification.

• state_token (String) —

  Provide the state_token associated with the MFA device_id you are submitting for verification.

• otp_token (String) (defaults to: nil) —

  (Optional) Provide the OTP value for the MFA factor you are submitting for verification.

• allowed_origin (String) (defaults to: '') —

  (Optional) Required for CORS requests only. Set to the Origin URI from which you are allowed to send a request using CORS.

• do_not_notify (String) (defaults to: false) —

  (Optional) When verifying MFA via Protect Push, set this to true to stop additional push notifications being sent to the OneLogin Protect device.

Returns:

• (SessionTokenInfo) —

  if the action succeed

See Also:

• Verify Factor documentation}

# File 'lib/onelogin/api/client.rb', line 1148

def get_session_token_verified(device_id, state_token, otp_token=nil, allowed_origin='', do_not_notify=false)
  clean_error
  prepare_token

  begin
    if device_id.nil? || device_id.to_s.empty?
      @error = '400'
      @error_description = "device_id is required"
      @error_attribute = "device_id"
      return
    end

    url = url_for(GET_TOKEN_VERIFY_FACTOR)

    data = {
      'device_id'=> device_id.to_s,
      'state_token'=> state_token,
      'do_not_notify'=> do_not_notify
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    headers = authorized_headers
    if allowed_origin
      headers = headers.merge({ 'Custom-Allowed-Origin-Header-1' => allowed_origin })
    end

    response = self.class.post(
      url,
      headers: headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_session_token_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user(user_id) ⇒ User

Gets User by ID.

Parameters:

• user_id (Integer) —

  Id of the user

Returns:

• (User) —

  the user identified by the id

See Also:

• Get User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 364

def get_user(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(GET_USER_URL, user_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user_apps(user_id) ⇒ Array

Gets a list of apps accessible by a user, not including personal apps.

Parameters:

• user_id (Integer) —

  Id of the user

Returns:

• (Array) —

  the apps of the user identified by the id

See Also:

• Get Apps for a User documentation}

# File 'lib/onelogin/api/client.rb', line 407

def get_user_apps(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    options = {
      model: OneLogin::Api::Models::App,
      headers: authorized_headers,
      max_results: @max_results
    }

    return Cursor.new(self, url_for(GET_APPS_FOR_USER_URL, user_id), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_user_roles(user_id) ⇒ Array

Gets a list of role IDs that have been assigned to a user.

Parameters:

• user_id (Integer) —

  Id of the user

Returns:

• (Array) —

  the role ids of the user identified by the id

See Also:

• Get Roles for a User documentation}

# File 'lib/onelogin/api/client.rb', line 442

def get_user_roles(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(GET_ROLES_FOR_USER_URL, user_id)

    response = self.class.get(
      url,
      headers: authorized_headers
    )

    role_ids = []
    if response.code == 200
      json_data = JSON.parse(response.body)
      role_ids = json_data['data'][0] if json_data && json_data['data']
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end

    return role_ids
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_users(params = {}) ⇒ Array

Gets a list of User resources. (if no limit provided, by default gt 50 elements)

Parameters:

• params (Hash) (defaults to: {}) —

  Parameters to filter the result of the list

Returns:

• (Array) —

  list of User objects

See Also:

• Get Users documentation}

# File 'lib/onelogin/api/client.rb', line 335

def get_users(params = {})
  clean_error
  prepare_token

  begin
    options = {
      model: OneLogin::Api::Models::User,
      headers: authorized_headers,
      max_results: @max_results,
      params: params
    }

    return Cursor.new(self, url_for(GET_USERS_URL), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#get_users_assigned_to_privilege(privilege_id) ⇒ Array

Gets a list of the users assigned to a privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

Returns:

• (Array) —

  list of User Id

See Also:

• Get Assigned Users documentation}

# File 'lib/onelogin/api/client.rb', line 2837

def get_users_assigned_to_privilege(privilege_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    options = {
      headers: authorized_headers,
      max_results: @max_results,
      container: 'users'
    }

    return Cursor.new(self, url_for(GET_USERS_ASSIGNED_TO_PRIVILEGE_URL, privilege_id), options)

  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#handle_operation_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 81

def handle_operation_response(response)
  result = false
  begin
    content = JSON.parse(response.body)
    if content
      if content.has_key?('status') && content['status'].has_key?('type') && content['status']['type'] == "success"
        result = true
      elsif content.has_key?('success') && content['success']
        result = true
      end
    end
  rescue Exception => e
    result = false
  end

  result
end

#handle_saml_endpoint_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 114

def handle_saml_endpoint_response(response)
  content = JSON.parse(response.body)
  if content && content.has_key?('status') && content['status'].has_key?('message') && content['status'].has_key?('type')
    status_type = content['status']['type']
    status_message = content['status']['message']
    saml_endpoint_response = OneLogin::Api::Models::SAMLEndpointResponse.new(status_type, status_message)
    if content.has_key?('data')
      if status_message == 'Success'
        saml_endpoint_response.saml_response = content['data']
      else
        mfa = OneLogin::Api::Models::MFA.new(content['data'][0])
        saml_endpoint_response.mfa = mfa
      end
    end

    return saml_endpoint_response
  end

  nil
end

#handle_session_token_response(response) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 99

def handle_session_token_response(response)
  content = JSON.parse(response.body)
  if content && content.has_key?('status') && content['status'].has_key?('message') && content.has_key?('data')
    if content['status']['message'] == "Success"
      return OneLogin::Api::Models::SessionTokenInfo.new(content['data'][0])
    elsif content['status']['message'] == "MFA is required for this user"
      return OneLogin::Api::Models::SessionTokenMFAInfo.new(content['data'][0])
    else
      raise "Status Message type not reognized: %s" % content['status']['message']
    end
  end

  nil
end

#headers ⇒ Object

# File 'lib/onelogin/api/client.rb', line 135

def headers
  {
    'Content-Type' => 'application/json',
    'User-Agent' => @user_agent
  }
end

#lock_user(user_id, minutes) ⇒ Boolean

Use this call to lock a user's account based on the policy assigned to the user, for a specific time you define in the request, or until you unlock it.

Parameters:

• user_id (Integer) —

  Id of the user to be locked

• minutes (Integer) —

  Set to the number of minutes for which you want to lock the user account. (0 to delegate on policy)

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Lock User Account documentation}

# File 'lib/onelogin/api/client.rb', line 956

def lock_user(user_id, minutes)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(LOCK_USER_URL, user_id)

    data = {
      'locked_until' => minutes
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#log_user_out(user_id) ⇒ Boolean

Log a user out of any and all sessions.

Parameters:

• user_id (Integer) —

  Id of the user to be logged out

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Log User Out documentation}

# File 'lib/onelogin/api/client.rb', line 912

def log_user_out(user_id)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(LOG_USER_OUT_URL, user_id)

    response = self.class.put(
      url,
      headers: authorized_headers
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#prepare_token ⇒ Object

# File 'lib/onelogin/api/client.rb', line 73

def prepare_token
  if @access_token.nil?
    access_token
  elsif expired?
    regenerate_token
  end
end

#regenerate_token ⇒ OneLoginToken

Refreshing tokens provides a new set of access and refresh tokens.

Returns:

• (OneLoginToken) —

  Returns the refreshed OAuth Token info

See Also:

• Refresh Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 210

def regenerate_token
  clean_error

  begin
    url = url_for(TOKEN_REQUEST_URL)

    data = {
      'grant_type' => 'refresh_token',
      'access_token' => @access_token,
      'refresh_token' => @refresh_token
    }

    response = self.class.post(
      url,
      headers: headers,
      body: data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data.has_key?('status')
        @error = json_data['status']['code'].to_s
        @error_description = extract_error_message_from_response(response)
      else
        token = OneLogin::Api::Models::OneLoginToken.new(json_data)
        @access_token = token.access_token
        @refresh_token = token.refresh_token
        @expiration = token.created_at + token.expires_in
        return token
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#remove_factor(user_id, device_id) ⇒ Boolean

Remove an enrolled factor from a user.

Parameters:

• user_id (Integer) —

  The id of the user.

• device_id (Integer) —

  The device_id of the MFA device.

Returns:

• (Boolean) —

  The result of the action

See Also:

• Remove a Factor documentation}

# File 'lib/onelogin/api/client.rb', line 2245

def remove_factor(user_id, device_id)
  clean_error
  prepare_token

  begin

    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    if device_id.nil? || device_id.to_s.empty?
      @error = '400'
      @error_description = "device_id is required"
      @error_attribute = "device_id"
      return
    end

    url = url_for(REMOVE_FACTOR_URL, user_id, device_id)

    response = self.class.delete(
      url,
      :headers => authorized_headers
    )

    if response.code == 200
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      return false
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#remove_role_from_privilege(privilege_id, role_id) ⇒ Boolean

Removes one role from the privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

• role_id (Integer) —

  Id of the role to be removed.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Remove Role documentation}

# File 'lib/onelogin/api/client.rb', line 2797

def remove_role_from_privilege(privilege_id, role_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(REMOVE_ROLE_FROM_PRIVILEGE_URL, privilege_id, role_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 204
      return true
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#remove_role_from_user(user_id, role_ids) ⇒ Boolean

Removes Role from User

Parameters:

• user_id (Integer) —

  Id of the user

• role_ids (Array) —

  List of role ids to be removed

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Remove Role from User documentation}

# File 'lib/onelogin/api/client.rb', line 665

def remove_role_from_user(user_id, role_ids)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(DELETE_ROLE_TO_USER_URL, user_id)

    data = {
      'role_id_array' => role_ids
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#remove_user_from_privilege(privilege_id, user_id) ⇒ Boolean

Removes one user from the privilege.

Parameters:

• privilege_id (string) —

  Id of the privilege.

• user_id (Integer) —

  Id of the user to be removed.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Remove User documentation}

# File 'lib/onelogin/api/client.rb', line 2919

def remove_user_from_privilege(privilege_id, user_id)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(REMOVE_USER_FROM_PRIVILEGE_URL, privilege_id, user_id)

    response = self.class.delete(
      url,
      headers: authorized_headers
    )

    if response.code == 204
      return true
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#retrieve_apps_from_xml(xml_content) ⇒ Object

# File 'lib/onelogin/api/client.rb', line 2423

def retrieve_apps_from_xml(xml_content)
  doc = Nokogiri::XML(xml_content) do |config|
    config.options = NOKOGIRI_OPTIONS
  end

  node_list = doc.xpath("/apps/app")
  attributes = ['id', 'icon', 'name', 'provisioned', 'extension_required', 'personal', 'login_id']
  apps = []
  node_list.each do |node|
    app_data = {}
    node.children.each do |children|
      if attributes.include? children.name
        app_data[children.name] = children.content
      end
    end
    apps << OneLogin::Api::Models::EmbedApp.new(app_data)
  end

  apps
end

#revoke_token ⇒ Boolean

Revokes an access token and refresh token pair.

Returns:

• (Boolean) —

  If the opeation succeded

See Also:

• Revoke Tokens documentation}

# File 'lib/onelogin/api/client.rb', line 257

def revoke_token
  clean_error

  begin
    url = url_for(TOKEN_REVOKE_URL)

    data = {
      access_token: @access_token
    }

    response = self.class.post(
      url,
      headers: authorized_headers(false),
      body: data.to_json
    )

    if response.code == 200
      @access_token = nil
      @refresh_token = nil
      @expiration = nil
      return true
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#send_invite_link(email, personal_email = nil) ⇒ String

Sends an invite link to a user that you have already created in your OneLogin account.

Parameters:

• email (String) —

  Set to the email address of the user that you want to send an invite link for.

• personal_email (String) (defaults to: nil) —

  (Optional) If you want to send the invite email to an email other than the one provided in email, provide it here. The invite link will be sent to this address instead.

Returns:

• (String) —

  the result of the operation

See Also:

• Send Invite Link documentation}

# File 'lib/onelogin/api/client.rb', line 2349

def send_invite_link(email, personal_email=nil)
  clean_error
  prepare_token

  begin
    url = url_for(SEND_INVITE_LINK_URL)

    data = {
      'email'=> email
    }

    unless personal_email.nil? || personal_email.to_s.empty?
      data['personal_email'] = personal_email
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_custom_attribute_to_user(user_id, custom_attributes) ⇒ Boolean

Set Custom Attribute Value

Parameters:

• user_id (Integer) —

  Id of the user

• custom_attributes (Hash) —

  Provide one or more key value pairs composed of the custom attribute field shortname and the value that you want to set the field to.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Set Custom Attribute Value documentation}

# File 'lib/onelogin/api/client.rb', line 866

def set_custom_attribute_to_user(user_id, custom_attributes)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(SET_CUSTOM_ATTRIBUTE_TO_USER_URL, user_id)

    data = {
      'custom_attributes' => custom_attributes
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_password_using_clear_text(user_id, password, password_confirmation, validate_policy = false) ⇒ Boolean

Sets Password by ID Using Cleartext

Parameters:

• user_id (Integer) —

  Id of the user

• password (String) —

  Set to the password value using cleartext.

• password_confirmation (String) —

  Ensure that this value matches the password value exactly.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Set Password by ID Using Cleartext documentation}

# File 'lib/onelogin/api/client.rb', line 714

def set_password_using_clear_text(user_id, password, password_confirmation, validate_policy=false)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(SET_PW_CLEARTEXT, user_id)

    data = {
      'password' => password,
      'password_confirmation' => password_confirmation,
      'validate_policy' => validate_policy
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt = nil) ⇒ Boolean

Set Password by ID Using Salt and SHA-256

Parameters:

• user_id (Integer) —

  Id of the user

• password (String) —

  Set to the password value using cleartext.

• password_confirmation (String) —

  Ensure that this value matches the password value exactly.

• password_algorithm (String) —

  Set to salt+sha256.

• password_salt (String) (defaults to: nil) —

  (Optional) To provide your own salt value.

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Set Password by ID Using Salt and SHA-256 documentation}

# File 'lib/onelogin/api/client.rb', line 766

def set_password_using_hash_salt(user_id, password, password_confirmation, password_algorithm, password_salt=nil)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(SET_PW_SALT, user_id)

    data = {
      'password' => password,
      'password_confirmation' => password_confirmation,
      'password_algorithm' => password_algorithm
    }

    unless password_salt.nil?
      data['password_salt'] = password_salt
    end

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#set_state_to_user(user_id, state) ⇒ Boolean

Set User State

Parameters:

• id (Integer) —

  Id of the user to be modified

• state (Integer) —

  Set to the state value. [Unapproved: 0, Approved (licensed): 1, Rejected: 2, Unlicensed: 3]

Returns:

• (Boolean) —

  if the action succeed

See Also:

• Set User State documentation}

# File 'lib/onelogin/api/client.rb', line 819

def set_state_to_user(user_id, state)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(SET_USER_STATE_URL, user_id)

    data = {
      'state' => state
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end

#update_app(app_id, app_params) ⇒ User

Updates an app

Parameters:

• app_id (Integer) —

  Id of the app

• app_params (Hash) —

  App data (name, visible, policy_id, is_available, parameters, allow_assumed_signin, configuration, notes, description, provisioning, connector_id, auth_method, tab_id)

Returns:

• (User) —

  the modified user

See Also:

• Update App by ID documentation}

# File 'lib/onelogin/api/client.rb', line 1415

def update_app(app_id, app_params)
  clean_error
  prepare_token

  begin
    if app_id.nil? || app_id.to_s.empty?
      @error = '400'
      @error_description = "app_id is required"
      @error_attribute = "app_id"
      return
    end

    url = url_for(UPDATE_APP_URL, app_id)

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: app_params.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::OneLoginApp.new(json_data)
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#update_privilege(privilege_id, name, version, statements) ⇒ Privilege

Updates a Privilege

Parameters:

• privilege_id (string) —

  The id of the privilege to be updated.

• name (string) —

  The name of the privilege.

• version (string) —

  The version for the privilege schema. Set to 2018-05-18.

• statements (Array) —

  A list of statements. Statement object or a dict with the keys Effect, Action and Scope

Returns:

• (Privilege) —

  the modified privilege

See Also:

• Update Privilege documentation}

# File 'lib/onelogin/api/client.rb', line 2605

def update_privilege(privilege_id, name, version, statements)
  clean_error
  prepare_token

  begin
    if privilege_id.nil? || privilege_id.to_s.empty?
      @error = '400'
      @error_description = "privilege_id is required"
      @error_attribute = "privilege_id"
      return
    end

    url = url_for(UPDATE_PRIVILEGE_URL, privilege_id)

    statement_data = []
    for statement in statements
      if statement.instance_of?(OneLogin::Api::Models::Statement)
        statement_data << {
         'Effect' => statement.effect,
         'Action' => statement.actions,
         'Scope' => statement.scopes
        }
      elsif statement.instance_of?(Hash) && statement.has_key?('Effect') && statement.has_key?('Action') && statement.has_key?('Scope')
        statement_data << statement
      else
        @error = 400.to_s
        @error_description = "statements is invalid. Provide a list of statements. The statement should be an Statement object or dict with the keys Effect, Action and Scope"
        return
      end
    end

    privilege_data = {
      'name' => name,
      'privilege' => {
        'Version'=> version,
        'Statement' => statement_data
      }
    }

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: privilege_data.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data.has_key?('id')
        return OneLogin::Api::Models::Privilege.new(json_data['id'], name, version, statements)
      end
    else
      @error = extract_status_code_from_response(response)
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#update_user(user_id, user_params) ⇒ User

Updates an user

Parameters:

• user_id (Integer) —

  Id of the user

• user_params (Hash) —

  User data (firstname, lastname, email, username, company, department, directory_id, distinguished_name, external_id, group_id, invalid_login_attempts, locale_code, manager_ad_id, member_of, openid_name, phone, samaccountname, title, userprincipalname)

Returns:

• (User) —

  the modified user

See Also:

• Update User by ID documentation}

# File 'lib/onelogin/api/client.rb', line 572

def update_user(user_id, user_params)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    url = url_for(UPDATE_USER_URL, user_id)

    response = self.class.put(
      url,
      headers: authorized_headers,
      body: user_params.to_json
    )

    if response.code == 200
      json_data = JSON.parse(response.body)
      if json_data && json_data['data']
        return OneLogin::Api::Models::User.new(json_data['data'][0])
      end
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
      @error_attribute = extract_error_attribute_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  nil
end

#validate_config ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/onelogin/api/client.rb', line 57

def validate_config
  raise ArgumentError, 'client_id & client_secret are required' unless @client_id && @client_secret
end

#verify_factor(user_id, device_id, otp_token = nil, state_token = nil) ⇒ Boolean

Authenticates a one-time password (OTP) code provided by a multifactor authentication (MFA) device.

Parameters:

• user_id (Integer) —

  The id of the user.

• device_id (Integer) —

  The id of the MFA device.

• otp_token (String) (defaults to: nil) —

  OTP code provided by the device or SMS message sent to user. When a device like OneLogin Protect that supports Push has been used you do not need to provide the otp_token.

• state_token (String) (defaults to: nil) —

  The state_token is returned after a successful request to Enroll a Factor or Activate a Factor. MUST be provided if the needs_trigger attribute from the proceeding calls is set to true.

Returns:

• (Boolean) —

  True if Factor is verified

See Also:

• Verify an Authentication Factor documentation}

# File 'lib/onelogin/api/client.rb', line 2182

def verify_factor(user_id, device_id, otp_token=nil, state_token=nil)
  clean_error
  prepare_token

  begin
    if user_id.nil? || user_id.to_s.empty?
      @error = '400'
      @error_description = "user_id is required"
      @error_attribute = "user_id"
      return
    end

    if device_id.nil? || device_id.to_s.empty?
      @error = '400'
      @error_description = "device_id is required"
      @error_attribute = "device_id"
      return
    end


    url = url_for(VERIFY_FACTOR_URL, user_id, device_id)

    data = {
      'user_id'=> user_id,
      'device_id'=> device_id
    }

    unless otp_token.nil? || otp_token.empty?
      data['otp_token'] = otp_token
    end

    unless state_token.nil? || state_token.empty?
      data['state_token'] = state_token
    end

    response = self.class.post(
      url,
      headers: authorized_headers,
      body: data.to_json
    )

    if response.code == 200
      return handle_operation_response(response)
    else
      @error = response.code.to_s
      @error_description = extract_error_message_from_response(response)
    end
  rescue Exception => e
    @error = '500'
    @error_description = e.message
  end

  false
end