account-manager-client.pl

#!/usr/bin/perl

## 18/07/2014, Olivier Salaün
## Command-line client for the Test IdP Account Manager

use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib", ;
use lib "/opt/testidp/IdPAccountManager/conf";

use Getopt::Long;
use POSIX;

use IdPAccountManager::TestAccount;
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;

my %options;
unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
                    'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
                    'token=s','send_notice')) {
    die "Unknown options.";
}

if ($options{'help'}) {
    printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
}

if ($options{'add_test_account'}) {
    
    unless ($options{'account_profile'}) {
        die "Missing account_profile option";
    }

    unless ($options{'sp_entityid'}) {
        die "Missing sp_entityid option";
    }
    
    my $test_account = new IdPAccountManager::TestAccount(account_profile => $options{'account_profile'},
                                                          sp_entityid => $options{'sp_entityid'});
    unless (defined $test_account) {
         IdPAccountManager::Tools::do_log('error',"Failed to create test account");
         exit -1;
    }
    
    unless ($test_account->save()) {
        IdPAccountManager::Tools::do_log('error',"Failed to create test account");
        exit -1;
    }
    
    printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", $test_account->get('id'), $test_account->get('user_password');
    
}elsif ($options{'list_test_accounts'}) {
    
    my %args;
    if ($options{'sp_entityid'}) {
        push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
    }
    
    if ($options{'account_profile'}) {
        push @{$args{'query'}}, 'account_profile' => $options{'account_profile'};
    }
    
    
    my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
    
    if ($#{$all} < 0) {
        printf "No test account in DB\n";
    }
    
    foreach my $test_account (@$all) {
        $test_account->print();
    }
}elsif ($options{'parse_federation_metadata'}) {
    my $federation_metadata = new IdPAccountManager::SAMLMetadata;
    unless ($federation_metadata->load(federation_metadata_file_path => $Conf::global{'federation_metadata_file_path'})) {
        die;
    }
    
    my %args;
    if ($options{'sp_entityid'}) {
        $args{'filter_entity_id'} = $options{'sp_entityid'};
    }

    unless ($federation_metadata->parse(%args)) {
        die;
    }
    
    printf "Document %s parsed\n", $Conf::global{'federation_metadata_file_path'};
    
    ## List SAML entities
    printf "Hashref representing the metadata:\n";
    &IdPAccountManager::Tools::dump_var($federation_metadata->{'federation_metadata_as_hashref'}, 0, \*STDOUT);
    
}elsif ($options{'list_service_providers'}) {
    
    my %args;    
    
    my $all = IdPAccountManager::ServiceProvider::list_service_providers(%args);
    
    if ($#{$all} < 0) {
        printf "No service provider in DB\n";
    }
    
    foreach my $service_provider (@$all) {
        $service_provider->print();
    }
     
}elsif ($options{'list_authentication_tokens'}) {
    
    my %args;    
    if ($options{'sp_entityid'}) {
        push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
    }
    if ($options{'token'}) {
        push @{$args{'query'}}, 'token' => $options{'token'};
    }
    
    my $all = IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args);
    
    if ($#{$all} < 0) {
        printf "No corresponding token found in DB\n";
    }
    
    foreach my $authentication_token (@$all) {
        $authentication_token->print();
    }
    
}elsif ($options{'get_authentication_token'}) {
    
    my %args;    
    if ($options{'token'}) {
        $args{'token'} = $options{'token'};
    }
    
    my $authentication_token = new IdPAccountManager::AuthenticationToken(%args);
    
    unless ($authentication_token->load()) {
        die "No corresponding token found in DB\n";
    }
    
    if ($options{'sp_entityid'}) {
        unless ($authentication_token->get('sp_entityid') eq $options{'sp_entityid'}) {
            die "Authentication token cannot be used for this SP\n";
        }
    }

    
    $authentication_token->print();

}elsif ($options{'add_authentication_token'}) {
    
    unless ($options{'email_address'}) {
        die "Missing email_address option";
     }

    unless ($options{'sp_entityid'}) {
        die "Missing sp_entityid option";
    }
    
    my $authentication_token = new IdPAccountManager::AuthenticationToken();
    unless (defined $authentication_token) {
         IdPAccountManager::Tools::do_log('error',"Failed to create token object");
         exit -1;
    }
    unless ($authentication_token->set('email_address' => $options{'email_address'},
                                       'sp_entityid' => $options{'sp_entityid'})) {
        IdPAccountManager::Tools::do_log('error',"Failed to set token value");
        exit -1;
    }    
    
    unless ($authentication_token->save()) {
        IdPAccountManager::Tools::do_log('error',"Failed to create token");
        exit -1;
    }
    
    $authentication_token->print();
    
}elsif ($options{'send_notice'}) {
    unless ($options{'email_address'}) {
        die "Missing email_address option";
    }

    unless (&IdPAccountManager::Tools::mail_notice('template' => 'templates/mail/notification_generic_error.tt2.eml',
                                                   'data' => {},
                                                   'to' => $options{'email_address'})) {
        die "Failed to send mail notice to $options{'email_address'}\n";
    }
    
    printf "Mail notice sent to $options{'email_address'}\n";
    
}else {
    die "Missing arguments";
    
}

__END__

=head1 NAME

IdPAccountManager::Tools - Command line client to the Test Account manager

=head1 SYNOPSIS

    ./bin/account-manager-client.pl --list_authentication_tokens

=head1 DESCRIPTION

The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This script provides a command-line interface for most functions.

=head1 EXAMPLES

=over 8

=item C<account-manager-client.pl --add_test_account --account_profile=student1 --sp_entityid=https://test.federation.renater.fr/test/ressource>

Adds a new test account.

=item C<account-manager-client.pl --list_test_accounts --sp_entityid=https://test.federation.renater.fr/test/ressource --account_profile=student1>

List all test accounts. Criterias can be added to filter test accounts.

=item C<account-manager-client.pl --parse_federation_metadata>

Parses the SAML metadata file, as defined by the C<federation_metadata_file_path> configuration parameter.

=item C<account-manager-client.pl --list_authentication_tokens --sp_entityid=https://test.federation.renater.fr/test/ressource --token=dhj67sjJ>

List all authentication tokens. Criterias can be added to filter tokens.

=item C<account-manager-client.pl --get_authentication_token --token=dhj67sjJ>

Get informations on a token.

=item C<account-manager-client.pl --add_authentication_token --email_address=john@my.fqdn --sp_entityid=https://test.federation.renater.fr/test/ressource>

Adds a new test account.

=item C<account-manager-client.pl --send_notice ----email_address=john@my.fqdn>

Sends a mail notice to the specified email address.

=back

=head1 AUTHOR

Olivier Salaün (olivier.salaun@renater.fr)