Class: Crowd

Inherits:
Object
  • Object
show all
Includes:
SOAP
Defined in:
lib/crowd/version.rb,
lib/crowd.rb,
lib/crowd/user_attribute_keys.rb

Overview

:nodoc:

Defined Under Namespace

Modules: UserAttributeKeys, Version Classes: AuthenticationConnectionException, AuthenticationException, AuthenticationInvalidCredentialException, AuthenticationInvalidException, AuthenticationObjectNotFoundException

Class Method Summary collapse

Class Method Details

.add_attribute_principal(username, attributes) ⇒ Object

Add attribute to principal



306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
 
# File 'lib/crowd.rb', line 306

def self.add_attribute_principal(username, attributes)
  attributes.each do |key, val|
    response = authenticated_connection do
      if(val.class == Array)
        valArray = ArrayOfString.new(val)
      else
        valArray = ArrayOfString.new
        valArray << val
      end

      tuple = SOAPAttribute.new(key, valArray)
      arg = AddAttributeToPrincipal.new(@@application_token, username, tuple)
      
      server.addAttributeToPrincipal(arg)
    end

    case response
      when AddAttributeToPrincipalResponse
        # Burying it because this means it was successful
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
  
  true
end

.add_principal(username, password, description, is_active, attributes) ⇒ Object

Add principal to the crowd directory.



193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
 
# File 'lib/crowd.rb', line 193

def self.add_principal(username, password, description, is_active, attributes)
  response = authenticated_connection do
    
    attrs = ArrayOfSOAPAttribute.new()
    attributes.each do |key, val|
      if (val.class == Array)
        attrVal = ArrayOfString.new(val)
      else
        attrVal = ArrayOfString.new
        attrVal << val
      end
      attrs << SOAPAttribute.new(key, attrVal)
    end

    principal = SOAPPrincipal.new(nil, is_active, attrs, nil, description, nil, nil, username)
    pword = PasswordCredential.new(password, false)
    arg = AddPrincipal.new(@@application_token, principal, pword)

    server.addPrincipal(arg)
  end
  
  case response
    when AddPrincipalResponse
      return true
    when InvalidCredentialException
      raise AuthenticationInvalidCredentalException
    when InvalidUserException
      raise AuthenticationInvalidException, response
    else
      raise AuthenticationException, response
  end
end

.add_principal_to_role(username, role) ⇒ Object

Add Principal to Role



435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
 
# File 'lib/crowd.rb', line 435

def self.add_principal_to_role(username, role)    
  response = authenticated_connection do         
    arg = AddPrincipalToRole.new(@@application_token, username, role)
    #raise arg.to_yaml
    server.addPrincipalToRole(arg)
  end
  
  case response
    when AddPrincipalToRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.add_role(name, description, is_active) ⇒ Object

Add Role



417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
 
# File 'lib/crowd.rb', line 417

def self.add_role(name, description, is_active)
  response = authenticated_connection do 
    role = SOAPRole.new(nil, is_active, nil, nil, description, nil, nil, nil, name)
    arg = AddRole.new(@@application_token, role)
    server.addRole(arg)
  end
  
  case response
    when AddRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.application_tokenObject 



88
 
# File 'lib/crowd.rb', line 88

def self.application_token; @@application_token; end

.application_token=(value) ⇒ Object

for testing



87
 
# File 'lib/crowd.rb', line 87

def self.application_token=(value); @@application_token = value; end

.authenticate_application(validation_factors = {}) ⇒ Object

Authenticates an application client to the Crowd security server.



116
117
118
119
120
121
122
123
124
125
126
127
 
# File 'lib/crowd.rb', line 116

def self.authenticate_application(validation_factors = {})
  pword = PasswordCredential.new(@@crowd_app_pword, false)
  aovf = helper_validation_factors(validation_factors)
  ctx = ApplicationAuthenticationContext.new(pword, @@crowd_app_name, aovf)
  arg = AuthenticateApplication.new(ctx)
  begin
    response = server.authenticateApplication(arg)
  rescue Errno::ECONNREFUSED => e
    raise AuthenticationConnectionException, e
  end
  @@application_token = response.out
end

.authenticate_principal(username, password, validation_factors = {}) ⇒ Object

Authenticates a principal verses the calling who is in the application’s assigned directory.

Validation factors are essential for SSO interoperable with Atlassian’s Java client library.

To use SSO, set:

validation_factors = { 'USER_AGENT' => '...', 'REMOTE_ADDRESS' => '...' }
for proxy users { 'X_FORWARDED_FOR" => '...' } might be useful as well.



136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/crowd.rb', line 136

def self.authenticate_principal(username, password, validation_factors = {})
  response = authenticated_connection do
    pword = PasswordCredential.new(password, false)
    aovf = helper_validation_factors(validation_factors)
    ctx = UserAuthenticationContext.new(@@application_token.name, pword, username, aovf)
    arg = AuthenticatePrincipal.new(@@application_token, ctx)

    server.authenticatePrincipal(arg)      
  end    
  
  #evaluate the response.  ideally, the authenticatePrincipal call should
  #return an AuthenticationInvalidCredentialException and we can handle it more
  #nicely below.
  case response
    when AuthenticatePrincipalResponse        
      return response.out
    when InvalidAuthenticationException
      return nil      
    when InactiveAccountException
      return nil
    when nil #no reponse      
      raise AuthenticationInvalidCredentialException, response
    when ::AuthenticationException
      raise AuthenticationInvalidCredentialException, response
    else
      raise AuthenticationException, response
  end
end

.create_principal_token(username, validation_factors = {}) ⇒ Object

Authenticates a principal without validating a password.



167
168
169
170
171
172
173
174
 
# File 'lib/crowd.rb', line 167

def self.create_principal_token(username, validation_factors = {})
  response = authenticated_connection do
    aovf = helper_validation_factors(validation_factors)
    arg = CreatePrincipalToken.new(@@application_token, username, aovf)
    server.createPrincipalToken(arg)
  end
  response.out
end

.crowd_app_nameObject 



90
 
# File 'lib/crowd.rb', line 90

def self.crowd_app_name; @@crowd_app_name; end

.crowd_app_name=(value) ⇒ Object

The name that the application will use when authenticating with the Crowd server. This needs to match the name you specified in Crowd server.



51
 
# File 'lib/crowd.rb', line 51

def self.crowd_app_name=(value); @@crowd_app_name = value; end

.crowd_app_pwordObject 



91
 
# File 'lib/crowd.rb', line 91

def self.crowd_app_pword; @@crowd_app_pword; end

.crowd_app_pword=(value) ⇒ Object

The password that the application will use when authenticating with the Crowd server. This needs to match the password you specified in Crowd server.



55
 
# File 'lib/crowd.rb', line 55

def self.crowd_app_pword=(value); @@crowd_app_pword = value; end

.crowd_cookie_tokenkeyObject 



95
 
# File 'lib/crowd.rb', line 95

def self.crowd_cookie_tokenkey; @@crowd_cookie_tokenkey; end

.crowd_cookie_tokenkey=(value) ⇒ Object

The cookie key to use when creating or reading the SSO token. Has a good default.



75
 
# File 'lib/crowd.rb', line 75

def self.crowd_cookie_tokenkey=(value); @@crowd_cookie_tokenkey = value; end

.crowd_session_lastvalidationObject 



97
 
# File 'lib/crowd.rb', line 97

def self.crowd_session_lastvalidation; @@crowd_session_lastvalidation; end

.crowd_session_lastvalidation=(value) ⇒ Object

The session key to use when storing a timestamp of the users last authentication.

Has a good default.



83
 
# File 'lib/crowd.rb', line 83

def self.crowd_session_lastvalidation=(value); @@crowd_session_lastvalidation = value; end

.crowd_session_tokenkeyObject 



94
 
# File 'lib/crowd.rb', line 94

def self.crowd_session_tokenkey; @@crowd_session_tokenkey; end

.crowd_session_tokenkey=(value) ⇒ Object

The session key to use when storing a String value of the users authentication token. Has a good default.



79
 
# File 'lib/crowd.rb', line 79

def self.crowd_session_tokenkey=(value); @@crowd_session_tokenkey = value; end

.crowd_session_validationintervalObject 



96
 
# File 'lib/crowd.rb', line 96

def self.crowd_session_validationinterval; @@crowd_session_validationinterval; end

.crowd_session_validationinterval=(value) ⇒ Object

The number of minutes to cache authentication validation in the session. If this value is set to 0, each HTTP request will be authenticated with the Crowd server. The default is 0.



71
 
# File 'lib/crowd.rb', line 71

def self.crowd_session_validationinterval=(value); @@crowd_session_validationinterval = value; end

.crowd_urlObject 



89
 
# File 'lib/crowd.rb', line 89

def self.crowd_url; @@crowd_url; end

.crowd_url=(value) ⇒ Object

The URL to use when connecting with the integration libraries to communicate with the Crowd server.



47
 
# File 'lib/crowd.rb', line 47

def self.crowd_url=(value); @@crowd_url = value; end

.crowd_validation_factors_need_user_agentObject 



93
 
# File 'lib/crowd.rb', line 93

def self.crowd_validation_factors_need_user_agent; @@crowd_validation_factors_need_user_agent; end

.crowd_validation_factors_need_user_agent=(value) ⇒ Object

This configuration depends on the Crowd java client library version that your other applications use. For crowd-integration-client-2.0.2.jar this needs to be ‘true’, for crowd-integration-client-2.0.5.jar this needs to be ‘false’.

Default is false.



66
 
# File 'lib/crowd.rb', line 66

def self.crowd_validation_factors_need_user_agent=(value); @@crowd_validation_factors_need_user_agent = value; end

.find_all_group_namesObject 



522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
 
# File 'lib/crowd.rb', line 522

def self.find_all_group_names
  response = authenticated_connection do 
    arg = FindAllGroupNames.new(@@application_token)
    server.findAllGroupNames(arg)
  end
  
  case response
    when FindAllGroupNamesResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.find_all_groups_for_principal(username) ⇒ Object 



538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
 
# File 'lib/crowd.rb', line 538

def self.find_all_groups_for_principal(username)
   response = authenticated_connection do 
     arg = FindGroupMemberships.new(@@application_token, username)
     server.findGroupMemberships(arg)
   end
   
   case response
     when FindGroupMembershipsResponse
       return response.out
     when ObjectNotFoundException
       return AuthenticationObjectNotFoundException
     else
       raise AuthenticationException, response
   end
end

.find_all_principal_namesObject

Find all principal names



383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
 
# File 'lib/crowd.rb', line 383

def self.find_all_principal_names    
  response = authenticated_connection do
    arg = FindAllPrincipalNames.new(@@application_token)
    server.findAllPrincipalNames(arg)
  end
  
  case response
    when FindAllPrincipalNamesResponse
      return response.out
    when ObjectNotFoundException
      return {}
    else
      raise AuthenticationException, response
  end
end

.find_all_role_namesObject

Find all role names



400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
 
# File 'lib/crowd.rb', line 400

def self.find_all_role_names
  response = authenticated_connection do 
    arg = FindAllRoleNames.new(@@application_token)
    server.findAllRoleNames(arg)
  end
  
  case response
    when FindAllRoleNamesResponse
      return response.out
    when ObjectNotFoundException
      return {}
    else
      raise AuthenticationException, response
  end
end

.find_principal_by_token(token) ⇒ Object

Find principal via token.



246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/crowd.rb', line 246

def self.find_principal_by_token(token)
  response = authenticated_connection do
    arg = FindPrincipalByToken.new(@@application_token, token)
    server.findPrincipalByToken(arg)      
  end
  case response
    when FindPrincipalByTokenResponse
      return parse_principal(response.out)
    when ObjectNotFoundException
      return nil
    else
      raise AuthenticationException, response
  end 
rescue AuthenticationObjectNotFoundException
  return nil
rescue AuthenticationException => e
  nil
rescue ::SOAP::FaultError => e
  raise AuthenticationException, e.message
end

.find_principal_by_username(username) ⇒ Object

Find principal via username.



227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
 
# File 'lib/crowd.rb', line 227

def self.find_principal_by_username(username)    
  response = authenticated_connection do
    arg = FindPrincipalByName.new(@@application_token, username)
    server.findPrincipalByName(arg)      
  end
  
  case response
    when FindPrincipalByNameResponse
      return parse_principal(response.out)
    when ObjectNotFoundException
      return nil
    else
      raise AuthenticationException, response
  end
rescue AuthenticationException => e
  raise AuthenticationObjectNotFoundException, e    
end

.get_group(name) ⇒ Object 



554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
 
# File 'lib/crowd.rb', line 554

def self.get_group(name)
  response = authenticated_connection do 
     arg = FindGroupByName.new(@@application_token, name)
     server.findGroupByName(arg)
   end
   
   case response
     when FindGroupByNameResponse
       return response.out
     when ObjectNotFoundException
       return AuthenticationObjectNotFoundException
     else
       raise AuthenticationException, response
   end
end

.invalidate_principal_token(token) ⇒ Object

Invalidate principal token.



268
269
270
271
272
273
274
275
276
277
278
279
280
 
# File 'lib/crowd.rb', line 268

def self.invalidate_principal_token(token)
  response = authenticated_connection do 
    arg = InvalidatePrincipalToken.new(@@application_token, token)
    server.invalidatePrincipalToken(arg)
  end
  
  case response
    when InvalidatePrincipalTokenResponse
      return true
    else
      raise AuthenticationException, response
  end
end

.is_group_member(username, group) ⇒ Object

Is Group Member



506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
 
# File 'lib/crowd.rb', line 506

def self.is_group_member(username, group)
  response = authenticated_connection do 
    arg = IsGroupMember.new(@@application_token, group, username )
    server.isGroupMember(arg)
  end
  
  case response
    when IsGroupMemberResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.is_role_member(username, role) ⇒ Object

Is Role Member



470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
 
# File 'lib/crowd.rb', line 470

def self.is_role_member(username, role)
  response = authenticated_connection do 
    arg = IsRoleMember.new(@@application_token, username, role )
    server.isRoleMember(arg)
  end
  
  case response
    when IsRoleMemberResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.is_valid_principal_token?(principal_token, validation_factors = {}) ⇒ Boolean

Checks if the principal’s current token is still valid.

Returns:

  • (Boolean) 


177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/crowd.rb', line 177

def self.is_valid_principal_token?(principal_token, validation_factors = {})
  response = authenticated_connection do
    aovf = helper_validation_factors(validation_factors)
    arg = IsValidPrincipalToken.new(@@application_token, principal_token, aovf)
    server.isValidPrincipalToken(arg)      
  end    
  
  case response
    when IsValidPrincipalTokenResponse        
      return response.out
    else
      raise AuthenticationException, response
  end
end

.remove_attribute_principal(username, attributes) ⇒ Object

Remove principal attribute.



283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
 
# File 'lib/crowd.rb', line 283

def self.remove_attribute_principal(username, attributes)    
  if(attributes.class != Array)
    attributes = [attributes]
  end
  
  attributes.each do |attr|
    response = authenticated_connection do
      arg = RemoveAttributeFromPrincipal.new(@@application_token, username, attr)
      server.removeAttributeFromPrincipal(arg)
    end

    case response
      when RemoveAttributeFromPrincipalResponse
        # Burying as this means it succeeded
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
end

.remove_principal(username) ⇒ Object

Remove principal



366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
 
# File 'lib/crowd.rb', line 366

def self.remove_principal(username)
  response = authenticated_connection do
    arg = RemovePrincipal.new(@@application_token, username)        
    server.removePrincipal(arg)
  end
  
  case response
    when RemovePrincipalResponse
      return true
    when ObjectNotFoundException
      raise AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end    
end

.remove_principal_from_role(username, role) ⇒ Object

Remove Principal form Role



453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
 
# File 'lib/crowd.rb', line 453

def self.remove_principal_from_role(username, role)
  response = authenticated_connection do 
    arg = RemovePrincipalFromRole.new(@@application_token, username, role)
    server.removePrincipalFromRole(arg)
  end
  
  case response
    when RemovePrincipalFromRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.remove_role(role) ⇒ Object

Remove Role



489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
 
# File 'lib/crowd.rb', line 489

def self.remove_role(role)
  response = authenticated_connection do 
    arg = RemoveRole.new(@@application_token, role)
    server.removeRole(arg)
  end
  
  case response
    when RemoveRoleResponse
      return true        
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.update_attribute_principal(username, attributes) ⇒ Object

Update attribute on principal



336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
 
# File 'lib/crowd.rb', line 336

def self.update_attribute_principal(username, attributes)    
  attributes.each do |key, val|
    response = authenticated_connection do
      if val.is_a?(Array)
        valArray = ArrayOfString.new(val)
      else
        valArray = ArrayOfString.new
        valArray << val
      end

      tuple = SOAPAttribute.new(key, valArray)
      arg = UpdatePrincipalAttribute.new(@@application_token, username, tuple)
      
      server.updatePrincipalAttribute(arg)
    end

    case response
      when UpdatePrincipalAttributeResponse
        # Burying as it worked
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
  
  true
end