Skip to content
Snippets Groups Projects
Commit 946224b5 authored by renater.salaun's avatar renater.salaun
Browse files

account expiration script added 

now generating a simpleSamlPhp conf file 


git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@4 047e039d-479c-447e-8a29-aa6bf4a09bab
parent c0026891
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/account-manager-client.pl
+ 21
1
View file @ 946224b5
......@@ -8,11 +8,12 @@ use utf8;
use lib "/opt/testidp/IdPAccountManager/lib";
use Getopt::Long;
use POSIX;
use IdPAccountManager::TestAccount;
my %options;
unless (&GetOptions(\%options, 'help', 'create_test_account', 'account_profile=s', 'sp_entityid=s')) {
unless (&GetOptions(\%options, 'help', 'create_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts')) {
die "Unknown options.";
}
......@@ -35,4 +36,23 @@ if ($options{'create_test_account'}) {
unless (defined $test_account) {
die "Failed to create test account";
}
}elsif ($options{'list_test_accounts'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'account_profile'}) {
push @{$args{'query'}}, 'account_profile' => $options{'account_profile'};
}
my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
foreach my $test_account (@$all) {
printf "Account ID=%s; password=%s; sp_entityid=%s; account_profile=%s; creation_date=%s; expiration_date=%s\n",
$test_account->id, $test_account->user_password, $test_account->sp_entityid, $test_account->account_profile,
&POSIX::strftime('%Y:%m:%d', localtime($test_account->creation_date)), &POSIX::strftime('%Y:%m:%d', localtime($test_account->expiration_date));
}
}
bin/expire-test-accounts.pl 0 → 100755
+ 55
0
View file @ 946224b5
#!/usr/bin/perl
## 09/09/2014, Olivier Salaün
## Command-line script to remove expired test accounts
## The script also updates the simpleSamlPhp config file
use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib";
use Getopt::Long;
use POSIX;
use IdPAccountManager::TestAccount;
my %options;
unless (&GetOptions(\%options, 'help', 'list_only')) {
die "Unknown options.";
}
if ($options{'help'}) {
printf "$0 --list_only\n";
}
if ($options {'list_only'}) {
my $all = IdPAccountManager::TestAccount::list_test_accounts('query' => ['expiration_date' => {lt => time}]);
foreach my $test_account (@$all) {
printf "Account ID=%s; password=%s; sp_entityid=%s; account_profile=%s; creation_date=%s; expiration_date=%s\n",
$test_account->id, $test_account->user_password, $test_account->sp_entityid, $test_account->account_profile,
&POSIX::strftime('%Y:%m:%d', localtime($test_account->creation_date)), &POSIX::strftime('%Y:%m:%d', localtime($test_account->expiration_date));
}
}else {
## Remove expired test accounts
my $all = IdPAccountManager::TestAccount::list_test_accounts('query' => ['expiration_date' => {lt => time}]);
printf "Removing expired test accounts...\n";
foreach my $test_account (@$all) {
printf "\tAccount ID=%s; password=%s; sp_entityid=%s; account_profile=%s; creation_date=%s; expiration_date=%s\n",
$test_account->id, $test_account->user_password, $test_account->sp_entityid, $test_account->account_profile,
&POSIX::strftime('%Y:%m:%d', localtime($test_account->creation_date)), &POSIX::strftime('%Y:%m:%d', localtime($test_account->expiration_date));
$test_account->delete || die;
}
printf "%d accounts removed\n", $#{$all}+1;
#&IdPAccountManager::Tools::dump_var(\%IdPAccountManager::Conf::global, 0, \*STDOUT);
## Update simpleSamlPhp configuration file
printf "Update simpleSamlPhp configuration file...\n";
IdPAccountManager::Tools::update_ssp_authsources();
}
conf/create-manager-db.sql
+ 3
3
View file @ 946224b5
......@@ -2,11 +2,11 @@
CREATE TABLE `testaccounts` (
`id` bigint(20) NOT NULL auto_increment,
`user_id` varchar(50) NOT NULL,
`user_password` varchar(50) NOT NULL,
`creation_date` int default NULL,
`expiration_date` int default NULL,
PRIMARY KEY (`id`),
UNIQUE (user_id)
`account_profile` varchar(100) NOT NULL,
`sp_entityid` varchar(250) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 ;
lib/IdPAccountManager/Data/Testaccount.pm
+ 6
6
View file @ 946224b5
......@@ -8,12 +8,12 @@ __PACKAGE__->meta->setup(
table => 'testaccounts',
columns => [
id => { type => 'bigserial', not_null => 1 },
user_password => { type => 'varchar', length => 50, not_null => 1 },
creation_date => { type => 'integer' },
expiration_date => { type => 'integer' },
account_profile => { type => 'varchar', length => 100, not_null => 1 },
relying_party_entityid => { type => 'varchar', length => 250, not_null => 1 },
id => { type => 'bigserial', not_null => 1 },
user_password => { type => 'varchar', length => 50, not_null => 1 },
creation_date => { type => 'integer' },
expiration_date => { type => 'integer' },
account_profile => { type => 'varchar', length => 100, not_null => 1 },
sp_entityid => { type => 'varchar', length => 250, not_null => 1 },
],
primary_key_columns => [ 'id' ],
......
lib/IdPAccountManager/TestAccount.pm
+ 32
1
View file @ 946224b5
package IdPAccountManager::TestAccount;
use IdPAccountManager::Data::Testaccount;
use IdPAccountManager::Data::Testaccount::Manager;
use IdPAccountManager::Tools;
use IdPAccountManager::Conf;
use Moose;
use Moose::Util::TypeConstraints;
......@@ -8,7 +14,7 @@ subtype 'entityid',
where { /^(urn:|http(s)?\:\/\/)/ },
message { "$_ is not a valide entityid"};
has 'account_profile' => (is => 'ro',
has 'account_profile' => (is => 'rw',
isa => 'Str',
required => 1);
has 'sp_entityid' => (is => 'rw',
......@@ -16,6 +22,31 @@ has 'sp_entityid' => (is => 'rw',
required => 1,
);
sub BUILD {
my $self = shift;
my $args = shift;
my $testaccount_db = IdPAccountManager::Data::Testaccount->new('account_profile' => $args->{'account_profile'},
'sp_entityid' => $args->{'sp_entityid'},
'user_password' => &IdPAccountManager::Tools::generate_password(),
'creation_date' => time,
'expiration_date' => time + ($IdPAccountManager::Conf::global{'accounts_validity_period'} * 3600 * 24));
$testaccount_db->save();
## TODO : update IdP conf file; given the account profile
}
## list all test accounts
## Class method
sub list_test_accounts {
my %args = @_;
my $all = IdPAccountManager::Data::Testaccount::Manager->get_testaccounts(%args);
return $all;
}
#before 'new' => sub { print "about to call new\n"; };
1; # Magic true value required at end of module
......
templates/accountProfiles/student1.tt2 0 → 100644
+ 13
0
View file @ 946224b5
'user[% account.id %]:[% account.user_password %]' => array(
'uid' => 'user[% account.id %]',
'eduPersonAffiliation' => array('member', 'student'),
'eduPersonScopedAffiliation' => array('member@[% conf.idp_scope %]', 'student@[% conf.idp_scope %]'),
'displayName' => 'John Kleinman',
'cn' => 'John Kleinman',
'mail' => 'john.kleinman@[% conf.idp_scope %]',
'eduPersonPrincipalName' =>'[% account.id %]@[% conf.idp_scope %]',
'eduPersonTargetedID' =>'[% conf.idp_entityid %]![% account.sp_entityid %]!X622UR2A7PG1uVhATobBOrMz+Ys=',
'schacHomeOrganization' => '[% conf.idp_scope %]',
'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
'associatedSP' => '[% account.sp_entityid %]',
),
templates/accountProfiles/valid-accounts.php.tt2 0 → 100644
+ 8
0
View file @ 946224b5
// template for a PhP configuration file loaded in simpleSamlPhp authsources.php file
$validTestAccounts = array (
'exampleauth:UserPass',
[% FOREACH account IN accounts %]
[% INCLUDE "${account.account_profile}.tt2" %]
[% END %]
);
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment