User Information
Uniloader is able to edit users for Loway products. This is handy when scripting, as you can create users and classes, lock and unlock them, change passwords and whatever else is needed. In order to achieve this, Uniloader must be able to connect directly to the database (so the product does not need to be running).
When editing, changes are idempotent, this means that you declare the desired status and Uniloader will update the system as to reach it. If something is already in the correct state, it will not be updated. This is very handy when scripting, as you do not need to check that something needs to be done before doing it - e.g., if you add a user twice in a row, it will be only added once.
Editing users
To create a user (or assert that they exist), you might run:
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude add-user --username loway --classname ADMIN --fullname "Loway Suisse"
This will make sure that a user called "Loway" is present and belongs to class "ADMIN". If the user is created from scratch, it will be locked (they exist, but cannot log-in) and will have an unusable password. In order to use them, you will need to unlock and set a proper password.
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude add-user --username loway --classname ADMIN --email "me@home"
This will set the e-mail for user 'loway'.
The following options are available, and can be mixed and matched as necessary:
-
'username': the user’s login (mandatory). It can also be a string with multiple log-ins, separated by space.
-
'classname': the class this user belongs to. Mandatory if a user needs to be created.
-
'keyring': A set of required keys, separated by spaces. Keys can be explicitly "turned off" by prepending them with a minus sign. Keys will be added or removed on the basis of the current keyring.
-
'fullname': A textual description
-
'email': The e-mail address
-
'locked': User is locked: NO or YES
-
'new-password': The new password to set. This pasword is encrypted and cannot be recovereed if lost.
-
'signed-as': The login of a user that will 'sign' any updates
-
'expires-in': In how many days this user becomes available for automated expiry. Set -1 for no expiry, or 0 for immediate expiry.
-
'must-reset-password': If set to YES, the user is blocked so that its password must be reset. See section Password reset below.
-
'pwd-reset-link-duration': The number of days the password reset token will be valid for (including the present day)
Searching for users
To search for all users with or without a specific key in their keyring, you can run:
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude find-users --by-key -AGENT
Will find all users that do not hold the key AGENT
.
This makes it possible to edit them directly, like in:
VS=$(uniloader user find-users --by-key -AGENT) && uniloader user add-user --username "${VS}" --new-password 1234
That will change the password to "1234" for all users that are not agents.
If you need to find all users on the system, you can use the syntax --by-key - .
|
Editing classes
You can easily edit classes:
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude add-class --classname CLOUDOPS --fullname "System Operators" --keyring "USER USRADMIN USR_AGENT"
Will create a new class called CLOUDOPS with an initial keyring of USER
, USRADMIN
and USR_AGENT
.
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude add-class --classname CLOUDOPS --keyring "-USR_AGENT USR_ADD"
Removes the key USR_AGENT
from class CLOUDOPS (if present) and adds the key USR_ADD
(if not present).
The following options are available, and can be mixed and matched as necessary:
-
'classname': the class to create. Mandatory. It can also be a string with multiple classes, separated by space.
-
'keyring': A set of required keys, separated by spaces. Keys can be explicitly "turned off" by prepending them with a minus sign. Keys will be added or removed on the basis of the current keyring.
-
'fullname': A textual description
-
'signed-as': The login of a user that will 'sign' any updates
Searching for classes
To search for all classes with or without a specific key in their keyring, you can run:
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude find-classes --by-key AGENT
Will find all classes that contain the key AGENT
.
This makes it possible to edit them directly, like in:
VS=$(uniloader user find-classes --by-key -AGENT) && uniloader user add-class --classname "${VS}" --keyring "ABC"
That will add the key ABC
to all classes that do not contain AGENT
.
If you need to find all classes on the system, you can use the syntax --by-key - .
|
Expiring users
If you run:
uniloader user --dburi 127.0.0.1/queuemetrics --login queuemetrics --pwd javadude expire --sign-as demoadmin
Any users that have an expiry date set that is in the past will be locked. The password will not be changed.
Password reset
It is possible to "lock" a QueueMetrics 21.04.11+ user so that they must access QueueMetrics through a special link to have their password reset. This way the administrator never knows about the actual password used by the user.
Links have a definite validity (usually 5 days, including the current one) and when they expire, you need to repeat the process again to generate a new one.
To perform this, you would first lock the user by issuing:
uniloader user --login queuemetrics --pwd javadude user -u agent/123 --email agent123@home.my --locked NO --must-reset-password YES --pwd-reset-link-duration 3
Note how in this example we contextually set their email address and make sure they are not system-locked.
After running, Uniloader returns an access code:
2021/12/06 17:16:07 [Agent/123]: Currently in class AGENTS 2021/12/06 17:16:07 [Agent/123]: Class: AGENTS - Custom keys: '' - Name: 'Agente 123' - Email: 'agent123@home.my' - Enabled? true 2021/12/06 17:16:07 [Agent/123]: User must reset password - Token: 'KC13ADF0CKSHQ0DU2DSVY7EUZ819QT-20211208'
At this point the user cannot log-on anymore. See how the token contains the expiry date after the dash, so you can easily tell if a link is expired or not.
Then you would craft a special URL, like:
http://my.qm.server/queuemetrics/qm_password_reset.do?AUTH_user=agent/123&AUTH_token=KC13ADF0CKSHQ0DU2DSVY7EUZ819QT-20211208
That allows its owner to set a new password for Agent/123, and is valid for three days from now. The pssword is stored in an encrypted format and therefore cannot be recovered if lost.