improve auth scripts, install with package

author: Christian Grothoff <christian@grothoff.org> 2024-02-26 14:17:49 +0100
committer: Christian Grothoff <christian@grothoff.org> 2024-02-26 14:17:54 +0100
commit: c8d5523bff1fd8c02d6fc2ff431302425342b7cf (patch)
tree: b9d00a62b920b9d24b312fcf85d436c4571bcb67
parent: 27f3c82d88f9c67963c6da9befb5168adf63b50d (diff)
download: anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.tar.gz
anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.tar.bz2
anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.zip
3 files changed, 64 insertions, 46 deletions
diff --git a/src/authorization/Makefile.am b/src/authorization/Makefile.am
index c6a7af1..5d2854d 100644
--- a/src/authorization/Makefile.am
+++ b/src/authorization/Makefile.am
@@ -35,7 +35,9 @@ bin_PROGRAMS = \
   anastasis-helper-authorization-iban
 
 bin_SCRIPTS = \
-  anastasis-authorization-email.sh
+  anastasis-authorization-email.sh \
+  anastasis-authorization-sms.sh \
+  anastasis-authorization-post.sh
 
 anastasis_helper_authorization_iban_SOURCES = \
   anastasis-helper-authorization-iban.c
diff --git a/src/authorization/anastasis-authorization-post.sh b/src/authorization/anastasis-authorization-post.sh
index bbead49..66255ea 100755
--- a/src/authorization/anastasis-authorization-post.sh
+++ b/src/authorization/anastasis-authorization-post.sh
@@ -2,23 +2,34 @@
 # This file is in the public domain.
 set -eu
 
-# Theses are Anastasis SARL specific, do not share!
-# CLIENT_ID=
-# CLIENT_SECRET=
-# ORG_ID=
-. pingen-secrets
+# Check shared secrets
+if [ -x "$PINGEN_CLIENT_ID" ]
+then
+    echo "PINGEN_CLIENT_ID not sent in environment"
+    exit 1
+fi
+if [ -x "$PINGEN_CLIENT_SECRET" ]
+then
+    echo "PINGEN_CLIENT_SECRET not sent in environment"
+    exit 1
+fi
+if [ -x "$PINGEN_ORG_ID" ]
+then
+    echo "PINGEN_ORG_ID not sent in environment"
+    exit 1
+fi
 
 ENDPOINT="https://api.pingen.com"
 LOGS="$PWD/authorization-post.log"
 
-MESSAGE=`cat -`
-DATE=`date +%F`
+MESSAGE=$(cat -)
+DATE=$(date +%F)
 ADDR="$1"
-NAME=`echo $ADDR | jq -r .full_name`
-STREET=`echo $ADDR | jq -r .street`
+NAME=$(echo $ADDR | jq -r .full_name)
+STREET=$(echo $ADDR | jq -r .street)
 
-LNUMBER=`echo $STREET | awk '{print $NF}'`
-FNUMBER=`echo $STREET | awk '{print $1}'`
+LNUMBER=$(echo $STREET | awk '{print $NF}')
+FNUMBER=$(echo $STREET | awk '{print $1}')
 case $LNUMBER in
     ''|*[!0-9]*)
 	case $FNUMBER in
@@ -36,11 +47,11 @@ case $LNUMBER in
 esac
 
 
-CITY=`echo $ADDR | jq -r .city`
-POSTCODE=`echo $ADDR | jq -r .postcode`
-COUNTRY=`echo $ADDR | jq -r .country`
+CITY=$(echo $ADDR | jq -r .city)
+POSTCODE=$(echo $ADDR | jq -r .postcode)
+COUNTRY=$(echo $ADDR | jq -r .country)
 
-MYDIR=`mktemp -d /tmp/authorization-post-XXXXXX`
+MYDIR=$(mktemp -d /tmp/authorization-post-XXXXXX)
 cd "$MYDIR"
 cat - | sed -e "s/%NAME%/$NAME/g" \
 	    -e "s/%STREET%/$STREET/g" \
@@ -72,23 +83,23 @@ cat - | sed -e "s/%NAME%/$NAME/g" \
 EOF
 pdflatex input.tex > /dev/null 2> /dev/null
 
-REPLY=`curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" \
+REPLY=$(curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" \
     --data-urlencode "grant_type=client_credentials" \
-    --data-urlencode "client_id=$CLIENT_ID" \
-    --data-urlencode "client_secret=$CLIENT_SECRET" \
+    --data-urlencode "client_id=$PINGEN_CLIENT_ID" \
+    --data-urlencode "client_secret=$PINGEN_CLIENT_SECRET" \
     --data-urlencode "scope=letter" \
-    https://identity.pingen.com/auth/access-tokens`
+    https://identity.pingen.com/auth/access-tokens)
 
-ACCESS_TOKEN=`echo $REPLY | jq -r .access_token`
+ACCESS_TOKEN=$(echo $REPLY | jq -r .access_token)
 
-REPLY=`curl -s \
+REPLY=$(curl -s \
     -X GET "$ENDPOINT/file-upload" \
-    -H  "Authorization: Bearer $ACCESS_TOKEN"`
-ATTRS=`echo $REPLY | jq .data.attributes`
-UPLOAD_URL=`echo $ATTRS | jq -r .url`
-URL_SIG=`echo $ATTRS | jq -r .url_signature`
+    -H  "Authorization: Bearer $ACCESS_TOKEN")
+ATTRS=$(echo $REPLY | jq .data.attributes)
+UPLOAD_URL=$(echo $ATTRS | jq -r .url)
+URL_SIG=$(echo $ATTRS | jq -r .url_signature)
 
-curl -s -X PUT -T input.pdf $UPLOAD_URL
+curl -s -X PUT -T input.pdf "$UPLOAD_URL"
 
 
 RECIPIENT="$(jq -n '
@@ -116,7 +127,7 @@ SENDER="$(jq -n '
 	zip: "5421",
  	city: "Erpeldange",
 	country: "LU"
-    }' 
+    }'
   )"
 
 REQUEST="$(jq -n '
@@ -140,46 +151,46 @@ REQUEST="$(jq -n '
   )"
 
 STATUS=$(curl -s --request POST \
-     --url $ENDPOINT/organisations/${ORG_ID}/letters \
+     --url "$ENDPOINT/organisations/${PINGEN_ORG_ID}/letters" \
      --header 'Content-Type: application/vnd.api+json' \
      --header "Authorization: Bearer $ACCESS_TOKEN" \
      -d "$REQUEST" \
-     -o $MYDIR/final-reply.txt \
+     -o "$MYDIR/final-reply.txt" \
      -w "%{http_code}" -s)
-cat $MYDIR/final-reply.txt >> $LOGS
+cat "$MYDIR/final-reply.txt" >> "$LOGS"
 case $STATUS in
     201)
         ;;
     *)
-        echo "Failed to add letter: $STATUS" >> $LOGS
-	echo $REPLY
+        echo "Failed to add letter: $STATUS" >> "$LOGS"
+	echo "$REPLY"
         exit 1;
         ;;
 esac
-LETTER_ID=`cat $MYDIR/final-reply.txt | jq -r .data.id`
+LETTER_ID=$(cat "$MYDIR/final-reply.txt" | jq -r .data.id)
 REPLY=$MYDIR/delete-reply.txt
 STATUS=409
 sleep 1;
-while test $STATUS = 409;
+while test "$STATUS" = 409;
 do
   STATUS=$(curl -s --request DELETE \
-          --url $ENDPOINT/organisations/$ORG_ID/letters/$LETTER_ID \
+          --url "$ENDPOINT/organisations/$PINGEN_ORG_ID/letters/$LETTER_ID" \
           --header "Authorization: Bearer $ACCESS_TOKEN" \
-          -o $REPLY \
+          -o "$REPLY" \
           -w "%{http_code}" -s)
   case $STATUS in
     204)
-	cat $REPLY >> $LOGS
+	cat "$REPLY" >> "$LOGS"
         ;;
     409)
 	# Happens, likely still in processing...
 	;;
     *)
-        echo "Failed to delete letter: $STATUS" >> $LOGS
+        echo "Failed to delete letter: $STATUS" >> "$LOGS"
         ;;
   esac
 done
 
-rm -r $MYDIR
+rm -r "$MYDIR"
 
 exit 0
diff --git a/src/authorization/anastasis-authorization-sms.sh b/src/authorization/anastasis-authorization-sms.sh
index ddfc649..1e38661 100755
--- a/src/authorization/anastasis-authorization-sms.sh
+++ b/src/authorization/anastasis-authorization-sms.sh
@@ -1,14 +1,19 @@
-#!/bin/sh
+#!/bin/bash
 # This file is in the public domain.
 set -eu
-. telesign-secrets
-# Set AUTH_TOKEN=...
 
-MESSAGE=`cat -`
-TMPFILE=`mktemp /tmp/sms-loggingXXXXXX`
+# Check shared secrets
+if [ -x "$TELESIGN_AUTH_TOKEN" ]
+then
+    echo "TELESIGN_AUTH_TOKEN not sent in environment"
+    exit 1
+fi
+
+MESSAGE=$(cat -)
+TMPFILE=$(mktemp /tmp/sms-loggingXXXXXX)
 STATUS=$(curl --request POST \
      --url https://rest-api.telesign.com/v1/messaging \
-     --header 'authorization: Basic $AUTH_TOKEN' \
+     --header 'authorization: Basic $TELESIGN_AUTH_TOKEN' \
      --header 'content-type: application/x-www-form-urlencoded' \
      --data account_livecycle_event=transact \
      --data "message=$MESSAGE" \
author	Christian Grothoff <christian@grothoff.org>	2024-02-26 14:17:49 +0100
committer	Christian Grothoff <christian@grothoff.org>	2024-02-26 14:17:54 +0100
commit	c8d5523bff1fd8c02d6fc2ff431302425342b7cf (patch)
tree	b9d00a62b920b9d24b312fcf85d436c4571bcb67
parent	27f3c82d88f9c67963c6da9befb5168adf63b50d (diff)
download	anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.tar.gz anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.tar.bz2 anastasis-c8d5523bff1fd8c02d6fc2ff431302425342b7cf.zip