2020-02-05 13:55:41 +01:00
2019-11-08 10:51:31 +01:00
2019-11-25 13:48:17 +01:00
2019-11-08 11:26:34 +01:00
2019-12-16 10:35:56 +01:00
2020-02-05 13:55:41 +01:00
2019-10-07 13:19:28 +02:00
2019-11-07 10:22:30 +01:00
2019-11-07 16:59:09 +01:00
2019-09-30 18:20:05 +02:00
2019-11-08 11:26:34 +01:00
2019-11-08 11:26:34 +01:00
2019-10-07 13:19:28 +02:00
2019-12-09 16:16:47 +01:00

colnod-connector

Acces Management System of Colsys: Product info

TODO

  • Dry Run Mode (0.1v)
  • Logs (0.1v)
    • Timestamp
    • Id of record
    • Destination
    • Report
      • Token action to subject_id
      • Sbject action
        • action - updated, deleted, added
  • App output (0.1v)
    • To Colnod
      • Number of tokens added/deleted/updated
    • To DB
      • Number of subjects added/deleted/updated
      • Number of tokens added/deleted/updated

Requirements

  • QPSQL driver must be installed (PostgreSQL)
  • running on Qt 5.9

Qt 5

sudo apt-get install -y build-essential
sudo apt-get install -y qt5-default

PostgreSQL ( devel libs )

sudo apt-get install -y libpq-dev
sudo apt install libqt5sql5-psql # psql driver for Qt

Endpoints

  • POST /AaaManager/authSession

    • Header: Authorization: Basic =4589022lj3.....
    • password: spaceti1 -> sha512 echo spaceti1 | sha512sum
    E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0
    
    • body:
    {
       "password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0",
           "username": "spaceti"
    }
    
  1. POST request - /SubjectManager/getSubjects - get subjects
  2. POST request - /SubjectManager/getSubjectsUpdated - get tokens updated after time
  3. POST request - /SubjectManager/getSubjectsDeleted - get tokens deleted after time
  4. POST request - /TokenManager/getTokens - get tokens
  5. POST request - /TokenManager/getTokensUpdated - get tokens updated after time
  6. POST request - /TokenManager/getTokensDeleted - get tokens deleted after time
  7. POST request - /TokenManager/setTokens - set tokens defined as JSON
  8. POST request - /TokenManager/deleteTokens - delete tokens define as JSON2
  9. POST request - /AccessManager/getAccessGroups - get access groups
  10. POST request - /AccessManager/getAccessGroupsUpdated
  11. POST request - /AccessManager/getAccessGroupsDeleted
  12. POST request - /AccessManager/getAccessGroupMembership
  13. POST request - /AccessManager/getAccessGroupMembershipUpdated
  14. POST request - /AccessManager/getAccessGroupMembershipDeleted
  • time = epoch time im miliseconds
    {
        "timestamp": 1568646217767
    }
    
  • JSON
    {
      "items": [
        {
          "id": "cf5cb80e-e6dd-45db-8edd-c9655447821c",
          "name": "Testovaci pokus",
          "description": "mobile",
          "tokenType": "Token",
          "tokenBits}": 32,
          "tokenData": "7B9D31",
          "timeToLive": 255,
          "authErrors": 255,
          "flags": [
            "Enabled",
            "NoValidity"
          ],
          "subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904"
        }
      ]
    }
    
  • JSON2
    {
        "items": [
        "7272bcf6-b5ad-46dd-99a9-0c56faddf14c"
        ]
    }
    

RestAPI definitions

  • openapi.yaml ( editor VSCode with Swagger Viewer extension - ⌘+⇧+P Preview Swagger )

Colnod Test server

Colnod server: confluence

  • URL: 192.168.1.3:8843
  • !!! No license!!! - server will shutdown after 8 hours.
    • restart: sudo service cndserver start
    • check nmap -p8443 192.168.1.3 or nc -zvw3 192.168.1.3 8443
    • user: spaceti
    • password: ``
    • sha512: E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession

Colnod Penta server

  • Acces through: penta-master IP: 172.16.4.4
  • URL: 192.168.254.11:8443
  • Port forwarding: ssh -L 8443:192.168.254.11:8443 penta-master
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession

Insomnia Rest client

Insomnia Rest

It is possible to chain requests: see doc

  • use token from login response as an Authorization header
  • use id from POST /item in PUT /items/
  • use entire body from one response to upload to another

Import workspace

Testing Blueprint API

Snowboard

Necesarry to allow

  • Self signed certificate: Stack overflow
  • Enable CORS:
    • Safari: Develop->Disable cross origin restrictions

snowboard http -c snowboard.yml --playground colnod.apib

Colnod API snowboard documentation

Install snowboard

npm install -g snowboard

Tests made

Changes on colnod are made by Colnod client

Changes on db can be made by sql commands directly or by pgAdmin

  • add token to db/colnod (2 tests)
  • edit token in db/colnod (2 tests)
  • delete token from db/colnod (2 tests)
  • add subject to colnod
  • edit subject in colnod
  • delete subject from colnod
  • edit same token on both db/colnod (diffrent time)

First sync expected results

  • 2892 tokens updated
  • 173 tokens deleted
  • 2894 subjects updated
  • 117 subjects deleted

Database inicialization

  • Token table
-- Table: public.colnod_token
-- DROP TABLE public.colnod_token;
CREATE TABLE public.colnod_token
(
    id character(36) COLLATE pg_catalog."default" NOT NULL,
    auth_errors integer DEFAULT 255,
    description character varying(255) COLLATE pg_catalog."default",
    enabled boolean DEFAULT true,
    last_update timestamp without time zone DEFAULT '1970-01-01 00:00:00.001'::timestamp without time zone,
    name character varying(255) COLLATE pg_catalog."default",
    no_validity boolean DEFAULT true,
    time_to_live integer DEFAULT 255,
    token_bits integer DEFAULT 32,
    token_data character varying(255) COLLATE pg_catalog."default",
    token_type character varying(255) COLLATE pg_catalog."default" DEFAULT 'Token'::character varying,
    subject_id character(36) COLLATE pg_catalog."default",
    last_modified timestamp without time zone NOT NULL,
    deleted boolean DEFAULT false,
    CONSTRAINT colnod_token_pkey PRIMARY KEY (id)
)
WITH (
    OIDS = FALSE
)
TABLESPACE pg_default;

ALTER TABLE public.colnod_token
    OWNER to postgres;
  • Subject table
-- Table: public.colnod_subject
-- DROP TABLE public.colnod_subject;
CREATE TABLE public.colnod_subject
(
    id character(36) COLLATE pg_catalog."default" NOT NULL,
    description character varying(255) COLLATE pg_catalog."default",
    last_update timestamp without time zone NOT NULL,
    name character varying(255) COLLATE pg_catalog."default",
    pin character varying(255) COLLATE pg_catalog."default",
    last_modified timestamp without time zone,
    deleted boolean,
    CONSTRAINT colnod_subject_pkey PRIMARY KEY (id)
)
WITH (
    OIDS = FALSE
)
TABLESPACE pg_default;

ALTER TABLE public.colnod_subject
    OWNER to postgres;
  • Subject attributes table
-- Table: public.colnod_subject_attribute
-- DROP TABLE public.colnod_subject_attribute;
CREATE TABLE public.colnod_subject_attribute
(
    id character varying(255) COLLATE pg_catalog."default" NOT NULL,
    attribute_key character varying(255) COLLATE pg_catalog."default",
    attribute_value character varying(255) COLLATE pg_catalog."default",
    subject_id character(36) COLLATE pg_catalog."default",
    CONSTRAINT colnod_subject_attribute_pkey PRIMARY KEY (id)
)
WITH (
    OIDS = FALSE
)
TABLESPACE pg_default;

ALTER TABLE public.colnod_subject_attribute
    OWNER to postgres;
  • Config
-- Table: public.config
-- DROP TABLE public.config;
CREATE TABLE public.config
(
    last_sync bigint NOT NULL DEFAULT 0,
    CONSTRAINT config_pkey PRIMARY KEY (last_sync)
)
WITH (
    OIDS = FALSE
)
TABLESPACE pg_default;

ALTER TABLE public.config
    OWNER to postgres;

Possible checks

here

Bugs and improvments for Colsys

Bugs

  • It is possible to add token with token ID (tokenData) which already exists
  • No error message, when request data are invalid in login
  • getUpdated returns valid data for invalid time (negative)

Improvements

  • it would be nice to get response messages on calling enpoints
    • setToken -> successful edit/insert
    • deleteToken -> successful
Description
No description provided
Readme 523 KiB
Languages
C++ 86.8%
Shell 9.4%
QMake 2.4%
API Blueprint 1.4%