# colnod-connector Acces Management System of Colsys: [Product info](http://produkty.colsys.cz/colnod/) ## TODO - [x] Dry Run Mode (0.1v) - [x] Logs (0.1v) - Timestamp - Id of record - Destination - Report - Token `action` to `subject_id` - Sbject `action` - `action` - updated, deleted, added - [x] App output (0.1v) - To Colnod - Number of tokens added/deleted/updated - To DB - Number of subjects added/deleted/updated - Number of tokens added/deleted/updated ## Requirements - QPSQL driver must be installed (PostgreSQL) - running on Qt 5.9 ### Qt 5 ``` sudo apt-get install -y build-essential sudo apt-get install -y qt5-default ``` ### PostgreSQL ( devel libs ) ``` sudo apt-get install -y libpq-dev sudo apt install libqt5sql5-psql # psql driver for Qt ``` ## Endpoints - POST `/AaaManager/authSession` - Header: Authorization: Basic =4589022lj3..... - password: spaceti1 -> sha512 `echo spaceti1 | sha512sum` ```bash E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0 ``` - body: ```json { "password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0", "username": "spaceti" } ``` 1. POST request - `/SubjectManager/getSubjects` - get subjects 2. POST request - `/SubjectManager/getSubjectsUpdated` - get tokens updated after `time` 3. POST request - `/SubjectManager/getSubjectsDeleted` - get tokens deleted after `time` 4. POST request - `/TokenManager/getTokens` - get tokens 5. POST request - `/TokenManager/getTokensUpdated` - get tokens updated after `time` 6. POST request - `/TokenManager/getTokensDeleted` - get tokens deleted after `time` 7. POST request - `/TokenManager/setTokens` - set tokens defined as `JSON` 8. POST request - `/TokenManager/deleteTokens` - delete tokens define as `JSON2` 9. POST request - `/AccessManager/getAccessGroups` - get access groups 10. POST request - `/AccessManager/getAccessGroupsUpdated` 11. POST request - `/AccessManager/getAccessGroupsDeleted` 12. POST request - `/AccessManager/getAccessGroupMembership` 13. POST request - `/AccessManager/getAccessGroupMembershipUpdated` 14. POST request - `/AccessManager/getAccessGroupMembershipDeleted` - `time` = epoch time im miliseconds ```time { "timestamp": 1568646217767 } ``` - `JSON` ```json { "items": [ { "id": "cf5cb80e-e6dd-45db-8edd-c9655447821c", "name": "Testovaci pokus", "description": "mobile", "tokenType": "Token", "tokenBits}": 32, "tokenData": "7B9D31", "timeToLive": 255, "authErrors": 255, "flags": [ "Enabled", "NoValidity" ], "subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904" } ] } ``` - `JSON2` ```json2 { "items": [ "7272bcf6-b5ad-46dd-99a9-0c56faddf14c" ] } ``` ## RestAPI definitions - `openapi.yaml` ( editor `VSCode` with `Swagger Viewer` extension - ⌘+⇧+P `Preview Swagger` ) ## Colnod Test server [Colnod server: confluence](https://spaceti.atlassian.net/wiki/spaces/IN/pages/97320961/Colsys+-+Colnod) - URL: `192.168.1.3:8843` - `!!! No license!!!` - server will shutdown after 8 hours. - restart: `sudo service cndserver start` - check `nmap -p8443 192.168.1.3` or `nc -zvw3 192.168.1.3 8443` - user: `spaceti` - password: `` - sha512: `E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0` ```bash curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession ``` ## Colnod Penta server - Acces through: `penta-master` IP: `172.16.4.4` - URL: `192.168.254.11:8443` - Port forwarding: `ssh -L 8443:192.168.254.11:8443 penta-master` ```bash curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession ``` ## Insomnia Rest client [Insomnia Rest](https://insomnia.rest/) It is possible to chain requests: [see doc](https://support.insomnia.rest/article/43-chaining-requests) - use token from login response as an Authorization header - use id from POST /item in PUT /items/ - use entire body from one response to upload to another ### Import workspace - import: [Insomnia file on GitLab](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/Insomnia_2019-10-15.yaml) ## Testing Blueprint API ### Snowboard #### Necesarry to allow - Self signed certificate: [Stack overflow](https://superuser.com/a/1235250) - Enable CORS: - Safari: Develop->Disable cross origin restrictions `snowboard http -c snowboard.yml --playground colnod.apib` [Colnod API snowboard documentation](http://localhost:8088) #### Install snowboard `npm install -g snowboard` ## Tests made Changes on colnod are made by [Colnod client](https://spaceti.atlassian.net/wiki/spaces/IN/pages/194576388/Colnod+client) Changes on db can be made by sql commands directly or by [pgAdmin](https://www.pgadmin.org/) - add token to db/colnod (2 tests) - edit token in db/colnod (2 tests) - delete token from db/colnod (2 tests) - add subject to colnod - edit subject in colnod - delete subject from colnod - edit same token on both db/colnod (diffrent time) ## First sync expected results - 2892 tokens updated - 173 tokens deleted - 2894 subjects updated - 117 subjects deleted ## Database inicialization - Token table ```SQL create -- Table: public.colnod_token -- DROP TABLE public.colnod_token; CREATE TABLE public.colnod_token ( id character(36) COLLATE pg_catalog."default" NOT NULL, auth_errors integer DEFAULT 255, description character varying(255) COLLATE pg_catalog."default", enabled boolean DEFAULT true, last_update timestamp without time zone DEFAULT '1970-01-01 00:00:00.001'::timestamp without time zone, name character varying(255) COLLATE pg_catalog."default", no_validity boolean DEFAULT true, time_to_live integer DEFAULT 255, token_bits integer DEFAULT 32, token_data character varying(255) COLLATE pg_catalog."default", token_type character varying(255) COLLATE pg_catalog."default" DEFAULT 'Token'::character varying, subject_id character(36) COLLATE pg_catalog."default", last_modified timestamp without time zone NOT NULL, deleted boolean DEFAULT false, CONSTRAINT colnod_token_pkey PRIMARY KEY (id) ) WITH ( OIDS = FALSE ) TABLESPACE pg_default; ALTER TABLE public.colnod_token OWNER to postgres; ``` - Subject table ```SQL create -- Table: public.colnod_subject -- DROP TABLE public.colnod_subject; CREATE TABLE public.colnod_subject ( id character(36) COLLATE pg_catalog."default" NOT NULL, description character varying(255) COLLATE pg_catalog."default", last_update timestamp without time zone NOT NULL, name character varying(255) COLLATE pg_catalog."default", pin character varying(255) COLLATE pg_catalog."default", last_modified timestamp without time zone, deleted boolean, CONSTRAINT colnod_subject_pkey PRIMARY KEY (id) ) WITH ( OIDS = FALSE ) TABLESPACE pg_default; ALTER TABLE public.colnod_subject OWNER to postgres; ``` - Subject attributes table ```SQL create -- Table: public.colnod_subject_attribute -- DROP TABLE public.colnod_subject_attribute; CREATE TABLE public.colnod_subject_attribute ( id character varying(255) COLLATE pg_catalog."default" NOT NULL, attribute_key character varying(255) COLLATE pg_catalog."default", attribute_value character varying(255) COLLATE pg_catalog."default", subject_id character(36) COLLATE pg_catalog."default", CONSTRAINT colnod_subject_attribute_pkey PRIMARY KEY (id) ) WITH ( OIDS = FALSE ) TABLESPACE pg_default; ALTER TABLE public.colnod_subject_attribute OWNER to postgres; ``` - Config ```SQL create -- Table: public.config -- DROP TABLE public.config; CREATE TABLE public.config ( last_sync bigint NOT NULL DEFAULT 0, CONSTRAINT config_pkey PRIMARY KEY (last_sync) ) WITH ( OIDS = FALSE ) TABLESPACE pg_default; ALTER TABLE public.config OWNER to postgres; ``` ## Possible checks [here](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/doc/possible-checks.md) ## Bugs and improvments for Colsys ### Bugs - It is possible to add token with token ID (tokenData) which already exists - No error message, when request data are invalid in login - getUpdated returns valid data for invalid time (negative) ### Improvements - it would be nice to get response messages on calling enpoints - setToken -> successful edit/insert - deleteToken -> successful -