colnod-connector/README.md
2019-12-09 15:57:50 +01:00

299 lines
9.1 KiB
Markdown

# colnod-connector
Acces Management System of Colsys: [Product info](http://produkty.colsys.cz/colnod/)
## TODO
- [x] Dry Run Mode (0.1v)
- [x] Logs (0.1v)
- Timestamp
- Id of record
- Destination
- Report
- Token `action` to `subject_id`
- Sbject `action`
- `action` - updated, deleted, added
- [x] App output (0.1v)
- To Colnod
- Number of tokens added/deleted/updated
- To DB
- Number of subjects added/deleted/updated
- Number of tokens added/deleted/updated
## Requirements
- QPSQL driver must be installed (PostgreSQL)
- running on Qt 5.9
### Qt 5
```
sudo apt-get install -y build-essential
sudo apt-get install -y qt5-default
```
### PostgreSQL ( devel libs )
```
sudo apt-get install -y libpq-dev
sudo apt install libqt5sql5-psql # psql driver for Qt
```
## Endpoints
- POST `/AaaManager/authSession`
- Header: Authorization: Basic =4589022lj3.....
- password: spaceti1 -> sha512 `echo spaceti1 | sha512sum`
```bash
E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0
```
- body:
```json
{
"password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0",
"username": "spaceti"
}
```
1. POST request - `/SubjectManager/getSubjects` - get subjects
2. POST request - `/SubjectManager/getSubjectsUpdated` - get tokens updated after <i>`time`</i>
3. POST request - `/SubjectManager/getSubjectsDeleted` - get tokens deleted after <i>`time`</i>
4. POST request - `/TokenManager/getTokens` - get tokens
5. POST request - `/TokenManager/getTokensUpdated` - get tokens updated after <i>`time`</i>
6. POST request - `/TokenManager/getTokensDeleted` - get tokens deleted after <i>`time`</i>
7. POST request - `/TokenManager/setTokens` - set tokens defined as <i>`JSON`</i>
8. POST request - `/TokenManager/deleteTokens` - delete tokens define as <i>`JSON2`</i>
9. POST request - `/AccessManager/getAccessGroups` - get access groups
10. POST request - `/AccessManager/getAccessGroupsUpdated`
11. POST request - `/AccessManager/getAccessGroupsDeleted`
12. POST request - `/AccessManager/getAccessGroupMembership`
13. POST request - `/AccessManager/getAccessGroupMembershipUpdated`
14. POST request - `/AccessManager/getAccessGroupMembershipDeleted`
- <i>`time`</i> = epoch time im miliseconds
```time
{
"timestamp": 1568646217767
}
```
- <i>`JSON`</i>
```json
{
"items": [
{
"id": "cf5cb80e-e6dd-45db-8edd-c9655447821c",
"name": "Testovaci pokus",
"description": "mobile",
"tokenType": "Token",
"tokenBits}": 32,
"tokenData": "7B9D31",
"timeToLive": 255,
"authErrors": 255,
"flags": [
"Enabled",
"NoValidity"
],
"subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904"
}
]
}
```
- <i>`JSON2`</i>
```json2
{
"items": [
"7272bcf6-b5ad-46dd-99a9-0c56faddf14c"
]
}
```
## RestAPI definitions
- `openapi.yaml` ( editor `VSCode` with `Swagger Viewer` extension - ⌘+⇧+P `Preview Swagger` )
## Colnod Test server
[Colnod server: confluence](https://spaceti.atlassian.net/wiki/spaces/IN/pages/97320961/Colsys+-+Colnod)
- URL: `192.168.1.3:8843`
- `!!! No license!!!` - server will shutdown after 8 hours.
- restart: `sudo service cndserver start`
- check `nmap -p8443 192.168.1.3` or `nc -zvw3 192.168.1.3 8443`
- user: `spaceti`
- password: ``
- sha512: `E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0`
```bash
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession
```
## Colnod Penta server
- Acces through: `penta-master` IP: `172.16.4.4`
- URL: `192.168.254.11:8443`
- Port forwarding: `ssh -L 8443:192.168.254.11:8443 penta-master`
```bash
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession
```
## Insomnia Rest client
[Insomnia Rest](https://insomnia.rest/)
It is possible to chain requests: [see doc](https://support.insomnia.rest/article/43-chaining-requests)
- use token from login response as an Authorization header
- use id from POST /item in PUT /items/<id>
- use entire body from one response to upload to another
### Import workspace
- import: [Insomnia file on GitLab](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/Insomnia_2019-10-15.yaml)
## Testing Blueprint API
### Snowboard
#### Necesarry to allow
- Self signed certificate: [Stack overflow](https://superuser.com/a/1235250)
- Enable CORS:
- Safari: Develop->Disable cross origin restrictions
`snowboard http -c snowboard.yml --playground colnod.apib`
[Colnod API snowboard documentation](http://localhost:8088)
#### Install snowboard
`npm install -g snowboard`
## Tests made
- add token to db/colnod
- edit token in db/colnod
- delete token from db/colnod
- add subject to colnod
- edit subject in colnod
- delete subject from colnod
- edit same token on both db/colnod (diffrent time)
## First sync expected results
- 2892 tokens updated
- 173 tokens deleted
- 2894 subjects updated
- 117 subjects deleted
## Database inicialization
- Token table
```SQL create
-- Table: public.colnod_token
-- DROP TABLE public.colnod_token;
CREATE TABLE public.colnod_token
(
id character(36) COLLATE pg_catalog."default" NOT NULL,
auth_errors integer DEFAULT 255,
description character varying(255) COLLATE pg_catalog."default",
enabled boolean DEFAULT true,
last_update timestamp without time zone DEFAULT '1970-01-01 00:00:00.001'::timestamp without time zone,
name character varying(255) COLLATE pg_catalog."default",
no_validity boolean DEFAULT true,
time_to_live integer DEFAULT 255,
token_bits integer DEFAULT 32,
token_data character varying(255) COLLATE pg_catalog."default",
token_type character varying(255) COLLATE pg_catalog."default" DEFAULT 'Token'::character varying,
subject_id character(36) COLLATE pg_catalog."default",
last_modified timestamp without time zone NOT NULL,
deleted boolean DEFAULT false,
CONSTRAINT colnod_token_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_token
OWNER to postgres;
```
- Subject table
```SQL create
-- Table: public.colnod_subject
-- DROP TABLE public.colnod_subject;
CREATE TABLE public.colnod_subject
(
id character(36) COLLATE pg_catalog."default" NOT NULL,
description character varying(255) COLLATE pg_catalog."default",
last_update timestamp without time zone NOT NULL,
name character varying(255) COLLATE pg_catalog."default",
pin character varying(255) COLLATE pg_catalog."default",
last_modified timestamp without time zone,
deleted boolean,
CONSTRAINT colnod_subject_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_subject
OWNER to postgres;
```
- Subject attributes table
```SQL create
-- Table: public.colnod_subject_attribute
-- DROP TABLE public.colnod_subject_attribute;
CREATE TABLE public.colnod_subject_attribute
(
id character varying(255) COLLATE pg_catalog."default" NOT NULL,
attribute_key character varying(255) COLLATE pg_catalog."default",
attribute_value character varying(255) COLLATE pg_catalog."default",
subject_id character(36) COLLATE pg_catalog."default",
CONSTRAINT colnod_subject_attribute_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_subject_attribute
OWNER to postgres;
```
- Config
```SQL create
-- Table: public.config
-- DROP TABLE public.config;
CREATE TABLE public.config
(
last_sync bigint NOT NULL DEFAULT 0,
CONSTRAINT config_pkey PRIMARY KEY (last_sync)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.config
OWNER to postgres;
```
## Possible checks
[here](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/doc/possible-checks.md)
## Bugs and improvments for Colsys
### Bugs
- It is possible to add token with token ID (tokenData) which already exists
- No error message, when request data are invalid in login
- getUpdated returns valid data for invalid time (negative)
### Improvements
- it would be nice to get response messages on calling enpoints
- setToken -> successful edit/insert
- deleteToken -> successful
-