Skip to content
meetzoo edited this page Nov 1, 2018 · 12 revisions

Tokens are used for authorization. Tokens are managed by the cif-tokens tool.

Existing Tokens

When you run your cif instance for the first time, it will auto-generate an admin and smrt token for you. You can find these in ~/.cif.yml and /etc/cif/csirtg-smrt.yml.

Check to make sure either CIF_TOKEN is set in your environment (env | grep CIF), or your ~/.cif.yml file has a token in it token: 1234.... If you don't have either of these, locate the /var/lib/cif/cif.sqlite database and do a select * from tokens; to see what tokens were already generated for you.

List tokens

Run the cif-tokens tool with no extra command line switches

$ CIF_TOKEN=1234.. cif-tokens [--token 1234...]

username       groups   admin read write acl expires revoked token                                                           
csirtg-smrt    everyone              yes                       cbe063846786db05ebe494475f65efde533749ba516206c17c65580218b96a7b
admin          everyone  yes  yes                       ab284e119df6e40f55681d854a76dc4dc1c09b65ea8689d02d993e939c408460
...

Create a new User

$ cif-tokens --create --user [email protected]
username               groups   admin read write acl expires revoked token                                                           
[email protected] everyone       yes                            b76b0ac05393936c34aa3151f3d0a123f822e6c83f73c887fd0f3de96c15797b

Delete a user

cif-tokens --delete --username [email protected]
[2015-03-25T11:54:22,932Z][INFO]: 1 tokens deleted...

Modify a user

The only things you can modify to an existing user are:

  • generate a new token
  • remove a token
  • revoke a user / token

If you want to change the following properties you have delete the user and create a new user:

  • username
  • admin flag
  • expires date

Usage text

usage: cif [-h] [-d] [-V] [--runtime-path RUNTIME_PATH] [--token TOKEN]
           [--remote REMOTE] [--create] [--delete]
           [--delete-token DELETE_TOKEN] [--username USERNAME] [--admin]
           [--expires EXPIRES] [--read] [--write] [--revoked]
           [--groups GROUPS] [--no-everyone] [--acl ACL] [--columns COLUMNS]
           [--config-generate CONFIG_GENERATE] [--config CONFIG]
           [--no-verify-ssl] [--update UPDATE]

example usage:
    $ cif-tokens --name [email protected] --create --admin

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug
  -V, --version         show program's version number and exit
  --runtime-path RUNTIME_PATH
                        specify the runtime path [default
                        /var/folders/x9/8yyvm1ds27nbfpvhnry0v1480000gn/T]
  --token TOKEN         specify api token [default None]
  --remote REMOTE       specify API remote [default http://localhost:5000]
  --create              create token (requires admin token
  --delete              delete token (requires admin token)
  --delete-token DELETE_TOKEN
                        specify the token to delete
  --username USERNAME   specify username
  --admin
  --expires EXPIRES     set a token expiration timestamp
  --read                set the token read flag
  --write               set the token write flag
  --revoked             set the token revoked flag
  --groups GROUPS       specify token groups (eg: everyone,group1,group2)
                        [default everyone]
  --no-everyone         do not create key in the 'everyone' group
  --acl ACL             set the token itype acls (eg: ipv4,ipv6)
  --columns COLUMNS     specify columns to print when searching [default usern
                        ame,groups,last_activity_at,admin,read,write,acl,expir
                        es,token]
  --config-generate CONFIG_GENERATE
                        generate configuration file
  --config CONFIG       specify configuration file [default
                        /Users/wes/Development/cifv3/bearded-avenger/cif.yml]
  --no-verify-ssl       Turn OFF TLS verification
  --update UPDATE       update a token