# colnod-connector
Acces Management System of Colsys: [Product info](http://produkty.colsys.cz/colnod/)
## TODO
- [x] Dry Run Mode (0.1v)
- [x] Logs (0.1v)
- Timestamp
- Id of record
- Destination
- Report
- Token `action` to `subject_id`
- Sbject `action`
- `action` - updated, deleted, added
- [x] App output (0.1v)
- To Colnod
- Number of tokens added/deleted/updated
- To DB
- Number of subjects added/deleted/updated
- Number of tokens added/deleted/updated
## Requirements
- QPSQL driver must be installed (PostgreSQL)
- running on Qt 5.9
### Qt 5
```
sudo apt-get install -y build-essential
sudo apt-get install -y qt5-default
```
### PostgreSQL ( devel libs )
```
sudo apt-get install -y libpq-dev
sudo apt install libqt5sql5-psql # psql driver for Qt
```
## Endpoints
- POST `/AaaManager/authSession`
- Header: Authorization: Basic =4589022lj3.....
- password: spaceti1 -> sha512 `echo spaceti1 | sha512sum`
```bash
E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0
```
- body:
```json
{
"password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0",
"username": "spaceti"
}
```
1. POST request - `/SubjectManager/getSubjects` - get subjects
2. POST request - `/SubjectManager/getSubjectsUpdated` - get tokens updated after `time`
3. POST request - `/SubjectManager/getSubjectsDeleted` - get tokens deleted after `time`
4. POST request - `/TokenManager/getTokens` - get tokens
5. POST request - `/TokenManager/getTokensUpdated` - get tokens updated after `time`
6. POST request - `/TokenManager/getTokensDeleted` - get tokens deleted after `time`
7. POST request - `/TokenManager/setTokens` - set tokens defined as `JSON`
8. POST request - `/TokenManager/deleteTokens` - delete tokens define as `JSON2`
9. POST request - `/AccessManager/getAccessGroups` - get access groups
10. POST request - `/AccessManager/getAccessGroupsUpdated`
11. POST request - `/AccessManager/getAccessGroupsDeleted`
12. POST request - `/AccessManager/getAccessGroupMembership`
13. POST request - `/AccessManager/getAccessGroupMembershipUpdated`
14. POST request - `/AccessManager/getAccessGroupMembershipDeleted`
- `time` = epoch time im miliseconds
```time
{
"timestamp": 1568646217767
}
```
- `JSON`
```json
{
"items": [
{
"id": "cf5cb80e-e6dd-45db-8edd-c9655447821c",
"name": "Testovaci pokus",
"description": "mobile",
"tokenType": "Token",
"tokenBits}": 32,
"tokenData": "7B9D31",
"timeToLive": 255,
"authErrors": 255,
"flags": [
"Enabled",
"NoValidity"
],
"subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904"
}
]
}
```
- `JSON2`
```json2
{
"items": [
"7272bcf6-b5ad-46dd-99a9-0c56faddf14c"
]
}
```
## RestAPI definitions
- `openapi.yaml` ( editor `VSCode` with `Swagger Viewer` extension - ⌘+⇧+P `Preview Swagger` )
## Colnod Test server
[Colnod server: confluence](https://spaceti.atlassian.net/wiki/spaces/IN/pages/97320961/Colsys+-+Colnod)
- URL: `192.168.1.3:8843`
- `!!! No license!!!` - server will shutdown after 8 hours.
- restart: `sudo service cndserver start`
- check `nmap -p8443 192.168.1.3` or `nc -zvw3 192.168.1.3 8443`
- user: `spaceti`
- password: ``
- sha512: `E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0`
```bash
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession
```
## Colnod Penta server
- Acces through: `penta-master` IP: `172.16.4.4`
- URL: `192.168.254.11:8443`
- Port forwarding: `ssh -L 8443:192.168.254.11:8443 penta-master`
```bash
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession
```
## Insomnia Rest client
[Insomnia Rest](https://insomnia.rest/)
It is possible to chain requests: [see doc](https://support.insomnia.rest/article/43-chaining-requests)
- use token from login response as an Authorization header
- use id from POST /item in PUT /items/
- use entire body from one response to upload to another
### Import workspace
- import: [Insomnia file on GitLab](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/Insomnia_2019-10-15.yaml)
## Testing Blueprint API
### Snowboard
#### Necesarry to allow
- Self signed certificate: [Stack overflow](https://superuser.com/a/1235250)
- Enable CORS:
- Safari: Develop->Disable cross origin restrictions
`snowboard http -c snowboard.yml --playground colnod.apib`
[Colnod API snowboard documentation](http://localhost:8088)
#### Install snowboard
`npm install -g snowboard`
## Possible checks
[here](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/doc/possible-checks.md)
## Bugs and improvments for Colsys
### Bugs
- It is possible to add token with token ID (tokenData) which already exists
- No error message, when request data are invalid in login
- getUpdated returns valid data for invalid time (negative)
### Improvements
- it would be nice to get response messages on calling enpoints
- setToken -> successful edit/insert
- deleteToken -> successful
-