UNPKG

@okta/stormpath-migration

Version:

Migration tool to import Stormpath data into an Okta tenant

github.com/okta/stormpath-migration

okta/stormpath-migration

106 lines (94 loc) 3.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*! * Copyright (c) 2017, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. */ const logger = require('../util/logger'); const rs = require('../util/request-scheduler'); const ApiError = require('../util/api-error'); const USERS_PATH = '/api/v1/users'; function getIdFromStormpathHref(href) { return href.substring(href.lastIndexOf('/') + 1); } async function getExistingUser(profile) { try { const users = await rs.get({ url: USERS_PATH, qs: { filter: `profile.login eq "${profile.login}"` } }); return users.length > 0 ? users[0] : null; } catch (err) { throw new ApiError('Failed to get existing users', err); } } // Note: We cannot update an imported password after the user is out of the // STAGED status. async function updateExistingUser(user, profile) { logger.verbose(`Updating existing user with login=${profile.login} id=${user.id}`); try { // We cannot update an imported password after user is ACTIVE delete user.credentials; // When updating the user, do not overwrite the recovery answer delete profile.stormpathMigrationRecoveryAnswer; Object.assign(user.profile, profile); const updated = await rs.post({ url: `${USERS_PATH}/${user.id}`, body: user }); const stormpathAccountId = getIdFromStormpathHref(profile.stormpathHref); logger.updated(`okta_user_id=${user.id}, login=${profile.login}, stormpath_account_id=${stormpathAccountId}`); return updated; } catch (err) { throw new ApiError(`Failed to update okta user id=${user.id} login=${profile.login}`, err); } } async function createNewUser(profile, credentials) { logger.verbose(`Creating user login=${profile.login}`); try { const user = await rs.post({ url: `${USERS_PATH}?activate=false`, body: { profile, credentials } }); const stormpathAccountId = getIdFromStormpathHref(profile.stormpathHref); logger.created(`okta_user_id=${user.id}, login=${profile.login}, stormpath_account_id=${stormpathAccountId}`); activate = await rs.post({ url: `${USERS_PATH}/${user.id}/lifecycle/activate?sendEmail=false` }); logger.info(`Activated User id=${user.id} login=${profile.login}`); return user; } catch (err) { throw new ApiError(`Failed to create User login=${profile.login}`, err); } } async function suspendUser(userId) { logger.verbose('Suspending user id=${userId}'); try { await rs.post(`/api/v1/users/${userId}/lifecycle/suspend`); logger.info(`Suspended user id=${userId}`); } catch (err) { logger.error(new ApiError(`Failed to suspend user id=${userId}`, err)); } } async function createOktaUser(profile, credentials, status) { logger.verbose(`Trying to create User login=${profile.login}`); const existing = await getExistingUser(profile); const user = existing ? await updateExistingUser(existing, profile) : await createNewUser(profile, credentials); if (user && user.status !== 'SUSPENDED' && status === 'SUSPENDED') { await suspendUser(user.id); } return user; } module.exports = createOktaUser;