Skip to content
Snippets Groups Projects
Commit a7388eee authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

rename sp_entityid => entityid

parent 0ceb100d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/access-check-manager.pl.in
+ 33
33
View file @ a7388eee
...@@ -29,7 +29,7 @@ GetOptions( ...@@ -29,7 +29,7 @@ GetOptions(
'displayname=s', 'displayname=s',
'email_address=s', 'email_address=s',
'expired', 'expired',
'sp_entityid=s', 'entityid=s',
'token=s', 'token=s',
) or pod2usage( ) or pod2usage(
-message => "unknown option, aborting\n", -message => "unknown option, aborting\n",
...@@ -83,11 +83,11 @@ sub add_account { ...@@ -83,11 +83,11 @@ sub add_account {
) unless $options{profile}; ) unless $options{profile};
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{sp_entityid}; ) unless $options{entityid};
my $entity = $options{sp_entityid}; my $entity = $options{entityid};
my $validity_period = my $validity_period =
$configuration->{$entity}->{account_validity_period} || $configuration->{$entity}->{account_validity_period} ||
$configuration->{service}->{account_validity_period}; $configuration->{service}->{account_validity_period};
...@@ -96,7 +96,7 @@ sub add_account { ...@@ -96,7 +96,7 @@ sub add_account {
my $account = AccountManager::Account->new( my $account = AccountManager::Account->new(
db => $db, db => $db,
profile => $options{profile}, profile => $options{profile},
sp_entityid => $options{sp_entityid}, entityid => $options{entityid},
scope => $configuration->{idp}->{scope}, scope => $configuration->{idp}->{scope},
password => $password, password => $password,
password_hash => AccountManager::Tools::sha256_hash($password), password_hash => AccountManager::Tools::sha256_hash($password),
...@@ -114,8 +114,8 @@ sub add_account { ...@@ -114,8 +114,8 @@ sub add_account {
sub list_accounts { sub list_accounts {
my %args; my %args;
if ($options{sp_entityid}) { if ($options{entityid}) {
push @{ $args{query} }, sp_entityid => $options{sp_entityid}; push @{ $args{query} }, entityid => $options{entityid};
} }
if ($options{profile}) { if ($options{profile}) {
...@@ -172,7 +172,7 @@ sub parse_metadata { ...@@ -172,7 +172,7 @@ sub parse_metadata {
}; };
die "unable to load federation metadata: $EVAL_ERROR" if $EVAL_ERROR; die "unable to load federation metadata: $EVAL_ERROR" if $EVAL_ERROR;
my $data = $federation_metadata->parse(id => $options{sp_entityid}); my $data = $federation_metadata->parse(id => $options{entityid});
printf "Document %s parsed\n", printf "Document %s parsed\n",
$configuration->{setup}->{federation_metadata_file}; $configuration->{setup}->{federation_metadata_file};
...@@ -185,9 +185,9 @@ sub parse_metadata { ...@@ -185,9 +185,9 @@ sub parse_metadata {
sub add_service { sub add_service {
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{sp_entityid}; ) unless $options{entityid};
pod2usage( pod2usage(
-message => "missing contacts option, aborting\n", -message => "missing contacts option, aborting\n",
...@@ -197,18 +197,18 @@ sub add_service { ...@@ -197,18 +197,18 @@ sub add_service {
## Check if entry already exists in DB first ## Check if entry already exists in DB first
my $provider = AccountManager::Entity->new( my $provider = AccountManager::Entity->new(
db => $db, db => $db,
entityid => $options{sp_entityid} entityid => $options{entityid}
); );
if ($provider->load(speculative => 1)) { if ($provider->load(speculative => 1)) {
printf "Entry for %s already in DB; update it with new data\n", printf "Entry for %s already in DB; update it with new data\n",
$options{sp_entityid}; $options{entityid};
$provider->contacts($options{contacts}); $provider->contacts($options{contacts});
$provider->displayname($options{displayname}) if $options{displayname}; $provider->displayname($options{displayname}) if $options{displayname};
} else { } else {
$provider = AccountManager::Entity->new( $provider = AccountManager::Entity->new(
db => $db, db => $db,
entityid => $options{sp_entityid}, entityid => $options{entityid},
contacts => $options{contacts}, contacts => $options{contacts},
displayname => $options{displayname} displayname => $options{displayname}
); );
...@@ -244,8 +244,8 @@ sub list_services { ...@@ -244,8 +244,8 @@ sub list_services {
sub list_tokens { sub list_tokens {
my %args; my %args;
if ($options{sp_entityid}) { if ($options{entityid}) {
push @{ $args{query} }, sp_entityid => $options{sp_entityid}; push @{ $args{query} }, entityid => $options{entityid};
} }
if ($options{token}) { if ($options{token}) {
push @{ $args{query} }, token => $options{token}; push @{ $args{query} }, token => $options{token};
...@@ -286,9 +286,9 @@ sub get_token { ...@@ -286,9 +286,9 @@ sub get_token {
die "No corresponding token found in DB\n" die "No corresponding token found in DB\n"
unless $token->load(); unless $token->load();
if ($options{sp_entityid}) { if ($options{entityid}) {
die "Authentication token cannot be used for this SP\n" die "Authentication token cannot be used for this SP\n"
unless $token->get('sp_entityid') eq $options{sp_entityid}; unless $token->get('entityid') eq $options{entityid};
} }
$token->print(); $token->print();
...@@ -303,15 +303,15 @@ sub add_token { ...@@ -303,15 +303,15 @@ sub add_token {
) unless $options{email_address}; ) unless $options{email_address};
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{sp_entityid}; ) unless $options{entityid};
# delete any previous token for the same email/service couple # delete any previous token for the same email/service couple
my $old_token = AccountManager::Token->new( my $old_token = AccountManager::Token->new(
db => $db, db => $db,
email_address => $options{email_address}, email_address => $options{email_address},
sp_entityid => $options{sp_entityid} entityid => $options{entityid}
); );
if ($old_token->load(speculative => 1)) { if ($old_token->load(speculative => 1)) {
...@@ -323,7 +323,7 @@ sub add_token { ...@@ -323,7 +323,7 @@ sub add_token {
my $token = AccountManager::Token->new( my $token = AccountManager::Token->new(
db => $db, db => $db,
email_address => $options{email_address}, email_address => $options{email_address},
sp_entityid => $options{sp_entityid}, entityid => $options{entityid},
creation_date => DateTime->now(), creation_date => DateTime->now(),
expiration_date => DateTime->now()->add(hours => $validity_period), expiration_date => DateTime->now()->add(hours => $validity_period),
token => AccountManager::Tools::generate_token() token => AccountManager::Tools::generate_token()
...@@ -347,25 +347,25 @@ access-check-manager.pl [options] add_account ...@@ -347,25 +347,25 @@ access-check-manager.pl [options] add_account
Options: Options:
--profile <string> --profile <string>
--sp_entityid <string> --entityid <string>
access-check-manager.pl [options] list_accounts access-check-manager.pl [options] list_accounts
Options: Options:
--profile <string> --profile <string>
--sp_entityid <string> --entityid <string>
--expired --expired
--delete --delete
access-check-manager.pl [options] parse_metadata access-check-manager.pl [options] parse_metadata
Options: Options:
--sp_entityid <string> --entityid <string>
access-check-manager.pl [options] add_service access-check-manager.pl [options] add_service
Options: Options:
--sp_entityid <string> --entityid <string>
--contact <string> --contact <string>
--displayname <string> --displayname <string>
...@@ -377,7 +377,7 @@ access-check-manager.pl [options] list_services ...@@ -377,7 +377,7 @@ access-check-manager.pl [options] list_services
access-check-manager.pl [options] list_tokens access-check-manager.pl [options] list_tokens
Options: Options:
--sp_entityid <string> --entityid <string>
--token <string> --token <string>
--expired --expired
--delete --delete
...@@ -385,13 +385,13 @@ access-check-manager.pl [options] list_tokens ...@@ -385,13 +385,13 @@ access-check-manager.pl [options] list_tokens
access-check-manager.pl [options] get_token access-check-manager.pl [options] get_token
Options: Options:
--sp_entityid <string> --entityid <string>
--token <string> --token <string>
access-check-manager.pl [options] add_token access-check-manager.pl [options] add_token
Options: Options:
--sp_entityid <string> --entityid <string>
--email_address <string> --email_address <string>
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -403,13 +403,13 @@ functions. ...@@ -403,13 +403,13 @@ functions.
=head1 EXAMPLES =head1 EXAMPLES
$> access-check-manager.pl add_account \ $> access-check-manager.pl add_account \
--sp_entityid https://test.federation.renater.fr/test/ressource \ --entityid https://test.federation.renater.fr/test/ressource \
--profile student1 --profile student1
Adds a new test account. Adds a new test account.
$> access-check-manager.pl list_accounts \ $> access-check-manager.pl list_accounts \
--sp_entityid https://test.federation.renater.fr/test/ressource \ --entityid https://test.federation.renater.fr/test/ressource \
--profile student1 --profile student1
List all test accounts. Criterias can be added to filter test accounts. List all test accounts. Criterias can be added to filter test accounts.
...@@ -428,7 +428,7 @@ Parses the SAML metadata file, as defined by the ...@@ -428,7 +428,7 @@ Parses the SAML metadata file, as defined by the
C<federation_metadata_file> configuration parameter. C<federation_metadata_file> configuration parameter.
$> access-check-manager.pl list_tokens \ $> access-check-manager.pl list_tokens \
--sp_entityid https://test.federation.renater.fr/test/ressource \ --entityid https://test.federation.renater.fr/test/ressource \
--token dhj67sjJ --token dhj67sjJ
List all authentication tokens. Criterias can be added to filter tokens. List all authentication tokens. Criterias can be added to filter tokens.
...@@ -446,12 +446,12 @@ Remove all expired authentication tokens from DB. ...@@ -446,12 +446,12 @@ Remove all expired authentication tokens from DB.
Get informations on a token. Get informations on a token.
$> access-check-manager.pl add_token --email_address john@my.fqdn \ $> access-check-manager.pl add_token --email_address john@my.fqdn \
--sp_entityid https://test.federation.renater.fr/test/ressource --entityid https://test.federation.renater.fr/test/ressource
Adds a new test account. Adds a new test account.
$> access-check-manager.pl add_service \ $> access-check-manager.pl add_service \
--sp_entityid https://test.federation.renater.fr/test/ressource \ --entityid https://test.federation.renater.fr/test/ressource \
--displayname 'Test SP' --contacts email1@dom,email2@dom --displayname 'Test SP' --contacts email1@dom,email2@dom
Adds a new service provider Adds a new service provider
conf/manager.sql
+ 2
2
View file @ a7388eee
...@@ -2,7 +2,7 @@ CREATE TABLE tokens ( ...@@ -2,7 +2,7 @@ CREATE TABLE tokens (
id bigint(20) NOT NULL AUTO_INCREMENT, id bigint(20) NOT NULL AUTO_INCREMENT,
token varchar(50) NOT NULL, token varchar(50) NOT NULL,
email_address varchar(200) NOT NULL, email_address varchar(200) NOT NULL,
sp_entityid varchar(200) NOT NULL, entityid varchar(200) NOT NULL,
creation_date datetime DEFAULT NULL, creation_date datetime DEFAULT NULL,
expiration_date datetime DEFAULT NULL, expiration_date datetime DEFAULT NULL,
PRIMARY KEY (id), PRIMARY KEY (id),
...@@ -31,6 +31,6 @@ CREATE TABLE accounts ( ...@@ -31,6 +31,6 @@ CREATE TABLE accounts (
expiration_date datetime DEFAULT NULL, expiration_date datetime DEFAULT NULL,
profile varchar(100) NOT NULL, profile varchar(100) NOT NULL,
scope varchar(100) NOT NULL, scope varchar(100) NOT NULL,
sp_entityid varchar(250) NOT NULL, entityid varchar(250) NOT NULL,
PRIMARY KEY (id) PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
lib/AccountManager/Account.pm
+ 4
4
View file @ a7388eee
...@@ -21,7 +21,7 @@ __PACKAGE__->meta->setup( ...@@ -21,7 +21,7 @@ __PACKAGE__->meta->setup(
expiration_date => { type => 'datetime' }, expiration_date => { type => 'datetime' },
profile => { type => 'varchar', length => 100, not_null => 1 }, profile => { type => 'varchar', length => 100, not_null => 1 },
scope => { type => 'varchar', length => 100, not_null => 1 }, scope => { type => 'varchar', length => 100, not_null => 1 },
sp_entityid => { type => 'varchar', length => 250, not_null => 1 }, entityid => { type => 'varchar', length => 250, not_null => 1 },
], ],
primary_key_columns => [ 'id' ], primary_key_columns => [ 'id' ],
...@@ -101,10 +101,10 @@ sub print { ...@@ -101,10 +101,10 @@ sub print {
$fd = \*STDOUT unless $fd; $fd = \*STDOUT unless $fd;
printf $fd printf $fd
"Account ID=%s; password_hash=%s; sp_entityid=%s; profile=%s; scope=%s; creation_date=%s; expiration_date=%s\n", "Account ID=%s; password_hash=%s; entityid=%s; profile=%s; scope=%s; creation_date=%s; expiration_date=%s\n",
$self->id(), $self->id(),
$self->password_hash(), $self->password_hash(),
$self->sp_entityid(), $self->entityid(),
$self->profile(), $self->profile(),
$self->scope(), $self->scope(),
$self->creation_date()->strftime('%Y:%m:%d'), $self->creation_date()->strftime('%Y:%m:%d'),
...@@ -174,7 +174,7 @@ sub comment { ...@@ -174,7 +174,7 @@ sub comment {
sub associatedSP { sub associatedSP {
my ($self) = @_; my ($self) = @_;
return $self->{sp_entityid}; return $self->{entityid};
} }
1; 1;
lib/AccountManager/App.pm
+ 5
5
View file @ a7388eee
...@@ -406,7 +406,7 @@ sub req_complete_challenge { ...@@ -406,7 +406,7 @@ sub req_complete_challenge {
my $old_token = AccountManager::Token->new( my $old_token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
email_address => $email, email_address => $email,
sp_entityid => $entityid, entityid => $entityid,
); );
if ($old_token->load(speculative => 1)) { if ($old_token->load(speculative => 1)) {
...@@ -422,7 +422,7 @@ sub req_complete_challenge { ...@@ -422,7 +422,7 @@ sub req_complete_challenge {
my $token = AccountManager::Token->new( my $token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
email_address => $email, email_address => $email,
sp_entityid => $entityid, entityid => $entityid,
creation_date => DateTime->now(), creation_date => DateTime->now(),
expiration_date => DateTime->now()->add(hours => $validity_period), expiration_date => DateTime->now()->add(hours => $validity_period),
secret => AccountManager::Tools::generate_secret(20) secret => AccountManager::Tools::generate_secret(20)
...@@ -584,7 +584,7 @@ sub req_create_accounts { ...@@ -584,7 +584,7 @@ sub req_create_accounts {
my $download_token = AccountManager::Token->new( my $download_token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
email_address => $email, email_address => $email,
sp_entityid => $entityid, entityid => $entityid,
creation_date => DateTime->now(), creation_date => DateTime->now(),
expiration_date => DateTime->now()->add(hours => $validity_period), expiration_date => DateTime->now()->add(hours => $validity_period),
secret => AccountManager::Tools::generate_secret(20) secret => AccountManager::Tools::generate_secret(20)
...@@ -602,7 +602,7 @@ sub req_create_accounts { ...@@ -602,7 +602,7 @@ sub req_create_accounts {
my $account = AccountManager::Account->new( my $account = AccountManager::Account->new(
db => $self->{db}, db => $self->{db},
profile => $profile, profile => $profile,
sp_entityid => $entityid, entityid => $entityid,
scope => $self->{configuration}->{idp}->{scope}, scope => $self->{configuration}->{idp}->{scope},
password => $password, password => $password,
password_crypt => AccountManager::Tools::encrypt($password, $key), password_crypt => AccountManager::Tools::encrypt($password, $key),
...@@ -787,7 +787,7 @@ sub check_token { ...@@ -787,7 +787,7 @@ sub check_token {
$self->abort( $self->abort(
log => "Authentication token $secret cannot be used for SP $args{entityid}", log => "Authentication token $secret cannot be used for SP $args{entityid}",
user => "wrong_token_for_sp" user => "wrong_token_for_sp"
) if $token->sp_entityid() ne $args{entityid}; ) if $token->entityid() ne $args{entityid};
## delete the token ## delete the token
unless ($token->delete()) { unless ($token->delete()) {
......
lib/AccountManager/Token.pm
+ 4
4
View file @ a7388eee
...@@ -14,7 +14,7 @@ __PACKAGE__->meta->setup( ...@@ -14,7 +14,7 @@ __PACKAGE__->meta->setup(
id => { type => 'bigserial', not_null => 1 }, id => { type => 'bigserial', not_null => 1 },
token => { type => 'varchar', length => 50, not_null => 1, alias => 'secret' }, token => { type => 'varchar', length => 50, not_null => 1, alias => 'secret' },
email_address => { type => 'varchar', length => 200, not_null => 1 }, email_address => { type => 'varchar', length => 200, not_null => 1 },
sp_entityid => { type => 'varchar', length => 200, not_null => 1 }, entityid => { type => 'varchar', length => 200, not_null => 1 },
creation_date => { type => 'datetime' }, creation_date => { type => 'datetime' },
expiration_date => { type => 'datetime' }, expiration_date => { type => 'datetime' },
], ],
...@@ -23,7 +23,7 @@ __PACKAGE__->meta->setup( ...@@ -23,7 +23,7 @@ __PACKAGE__->meta->setup(
unique_keys => [ unique_keys => [
[ 'token' ], [ 'token' ],
[ 'email_address', 'sp_entityid' ], [ 'email_address', 'entityid' ],
], ],
); );
...@@ -34,11 +34,11 @@ sub print { ...@@ -34,11 +34,11 @@ sub print {
$fd = \*STDOUT unless $fd; $fd = \*STDOUT unless $fd;
printf $fd printf $fd
"Token ID=%s; secret=%s; email_address=%s; sp_entityid=%s; creation_date=%s; expiration_date=%s\n", "Token ID=%s; secret=%s; email_address=%s; entityid=%s; creation_date=%s; expiration_date=%s\n",
$self->id(), $self->id(),
$self->secret(), $self->secret(),
$self->email_address(), $self->email_address(),
$self->sp_entityid(), $self->entityid(),
$self->creation_date()->strftime('%Y:%m:%d %H:%M'), $self->creation_date()->strftime('%Y:%m:%d %H:%M'),
$self->expiration_date()->strftime('%Y:%m:%d %H:%M'); $self->expiration_date()->strftime('%Y:%m:%d %H:%M');
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment