Skip to end of metadata
Go to start of metadata

Create a user account

  1. Open Swagger UI by going to e.g. http://app.prd.yona.nu/swagger-ui/index.html
  2. Go to User and then POST /users/ "Add a new user" and click Execute
  3. Click "Try it out" and use the example value
    1. If the previous attempt left the account in the system
      1. Go to "Admin" and then POST /admin/requestUserOverwrite/ "Request user overwrite"
      2. Click "Try it out", enter the test number (+31612345678) and click Execute
      3. Go to the Kibana log viewer and look up the confirmation code from the SMS that was sent to the test number
      4. Go back to User and then POST /users/ "Add a new user"
      5. Enter the confirmation code in the overwriteUserConfirmationCode field and click Execute
    2. Otherwise
      1. Copy the User ID from one of the URLs in the JSON output of the POST
      2. Go to User and then POST /users/{userID}/confirmMobileNumber "Confirm mobile number"
      3. Paste the user ID into the userID field
      4. Go back to the output of the previous POST, copy the password from the yonaPassword property in the JSON output of the POST and paste that into Yona-Password
      5. Go to the Kibana log viewer and look up the confirmation code from the SMS that was sent to the test number (+31612345678) 
      6. Put that as code in the body of the payload and click Execute

The user is now created and in ready-to-use state. After completing the testing, remove the account to keep the system clean.

Delete a user account

  1. Open Swagger UI by going to e.g. http://app.prd.yona.nu/swagger-ui/index.html
  2. Go to User and then DELETE /users/{userID} "Delete a user"
  3. Click "Try it out" and copy/paste the user ID and password values as explained under "Otherwise" in the section Create a user account and click Execute
  4. This should result in a status 200. Check the info in the Response headers section to see that you actually executed the request and aren't looking at the example responses (smile)

Fetch the mobile config and verify the signing of it

  1. In the JSON output of POST lookup the yonaPassword property and the yona:appleMobileConfig link
  2. Compose a curl command like this and execute it:
    curl -o mobile.config -H "Yona-Password: AES:128:4VfVswoo9+DKD0aiBl78BQ==" http://app.prd.yona.nu/users/35c9b92c-d8b8-4e5d-a4f8-c55a9d20126a/apple.mobileconfig
  3. Verify the signature with this command:
    openssl smime -verify -in mobile.config -inform DER -noverify -binary -signer cert.pem -out textdata
  4. This should output "Verification successful"
  5. Print the certificates embedded in the signed mobile config:
    openssl smime -inform DER -pk7out < mobile.config | openssl pkcs7 -print_certs
  6. This should output two certificates, with the following subjects and issuers:
    1. subject=/UID=2QV6TDW3E5/CN=iPhone Developer: Jan Bosch (F9MFGA6G92)/OU=KMR2VE49BG/O=Stichting Yona Foundation/C=US
      issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority

    2. subject=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
      issuer=/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA

 

 

 

  • No labels