From c8d5523bff1fd8c02d6fc2ff431302425342b7cf Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 26 Feb 2024 14:17:49 +0100 Subject: improve auth scripts, install with package --- src/authorization/Makefile.am | 4 +- src/authorization/anastasis-authorization-post.sh | 89 +++++++++++++---------- src/authorization/anastasis-authorization-sms.sh | 17 +++-- 3 files changed, 64 insertions(+), 46 deletions(-) diff --git a/src/authorization/Makefile.am b/src/authorization/Makefile.am index c6a7af1..5d2854d 100644 --- a/src/authorization/Makefile.am +++ b/src/authorization/Makefile.am @@ -35,7 +35,9 @@ bin_PROGRAMS = \ anastasis-helper-authorization-iban bin_SCRIPTS = \ - anastasis-authorization-email.sh + anastasis-authorization-email.sh \ + anastasis-authorization-sms.sh \ + anastasis-authorization-post.sh anastasis_helper_authorization_iban_SOURCES = \ anastasis-helper-authorization-iban.c diff --git a/src/authorization/anastasis-authorization-post.sh b/src/authorization/anastasis-authorization-post.sh index bbead49..66255ea 100755 --- a/src/authorization/anastasis-authorization-post.sh +++ b/src/authorization/anastasis-authorization-post.sh @@ -2,23 +2,34 @@ # This file is in the public domain. set -eu -# Theses are Anastasis SARL specific, do not share! -# CLIENT_ID= -# CLIENT_SECRET= -# ORG_ID= -. pingen-secrets +# Check shared secrets +if [ -x "$PINGEN_CLIENT_ID" ] +then + echo "PINGEN_CLIENT_ID not sent in environment" + exit 1 +fi +if [ -x "$PINGEN_CLIENT_SECRET" ] +then + echo "PINGEN_CLIENT_SECRET not sent in environment" + exit 1 +fi +if [ -x "$PINGEN_ORG_ID" ] +then + echo "PINGEN_ORG_ID not sent in environment" + exit 1 +fi ENDPOINT="https://api.pingen.com" LOGS="$PWD/authorization-post.log" -MESSAGE=`cat -` -DATE=`date +%F` +MESSAGE=$(cat -) +DATE=$(date +%F) ADDR="$1" -NAME=`echo $ADDR | jq -r .full_name` -STREET=`echo $ADDR | jq -r .street` +NAME=$(echo $ADDR | jq -r .full_name) +STREET=$(echo $ADDR | jq -r .street) -LNUMBER=`echo $STREET | awk '{print $NF}'` -FNUMBER=`echo $STREET | awk '{print $1}'` +LNUMBER=$(echo $STREET | awk '{print $NF}') +FNUMBER=$(echo $STREET | awk '{print $1}') case $LNUMBER in ''|*[!0-9]*) case $FNUMBER in @@ -36,11 +47,11 @@ case $LNUMBER in esac -CITY=`echo $ADDR | jq -r .city` -POSTCODE=`echo $ADDR | jq -r .postcode` -COUNTRY=`echo $ADDR | jq -r .country` +CITY=$(echo $ADDR | jq -r .city) +POSTCODE=$(echo $ADDR | jq -r .postcode) +COUNTRY=$(echo $ADDR | jq -r .country) -MYDIR=`mktemp -d /tmp/authorization-post-XXXXXX` +MYDIR=$(mktemp -d /tmp/authorization-post-XXXXXX) cd "$MYDIR" cat - | sed -e "s/%NAME%/$NAME/g" \ -e "s/%STREET%/$STREET/g" \ @@ -72,23 +83,23 @@ cat - | sed -e "s/%NAME%/$NAME/g" \ EOF pdflatex input.tex > /dev/null 2> /dev/null -REPLY=`curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" \ +REPLY=$(curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" \ --data-urlencode "grant_type=client_credentials" \ - --data-urlencode "client_id=$CLIENT_ID" \ - --data-urlencode "client_secret=$CLIENT_SECRET" \ + --data-urlencode "client_id=$PINGEN_CLIENT_ID" \ + --data-urlencode "client_secret=$PINGEN_CLIENT_SECRET" \ --data-urlencode "scope=letter" \ - https://identity.pingen.com/auth/access-tokens` + https://identity.pingen.com/auth/access-tokens) -ACCESS_TOKEN=`echo $REPLY | jq -r .access_token` +ACCESS_TOKEN=$(echo $REPLY | jq -r .access_token) -REPLY=`curl -s \ +REPLY=$(curl -s \ -X GET "$ENDPOINT/file-upload" \ - -H "Authorization: Bearer $ACCESS_TOKEN"` -ATTRS=`echo $REPLY | jq .data.attributes` -UPLOAD_URL=`echo $ATTRS | jq -r .url` -URL_SIG=`echo $ATTRS | jq -r .url_signature` + -H "Authorization: Bearer $ACCESS_TOKEN") +ATTRS=$(echo $REPLY | jq .data.attributes) +UPLOAD_URL=$(echo $ATTRS | jq -r .url) +URL_SIG=$(echo $ATTRS | jq -r .url_signature) -curl -s -X PUT -T input.pdf $UPLOAD_URL +curl -s -X PUT -T input.pdf "$UPLOAD_URL" RECIPIENT="$(jq -n ' @@ -116,7 +127,7 @@ SENDER="$(jq -n ' zip: "5421", city: "Erpeldange", country: "LU" - }' + }' )" REQUEST="$(jq -n ' @@ -140,46 +151,46 @@ REQUEST="$(jq -n ' )" STATUS=$(curl -s --request POST \ - --url $ENDPOINT/organisations/${ORG_ID}/letters \ + --url "$ENDPOINT/organisations/${PINGEN_ORG_ID}/letters" \ --header 'Content-Type: application/vnd.api+json' \ --header "Authorization: Bearer $ACCESS_TOKEN" \ -d "$REQUEST" \ - -o $MYDIR/final-reply.txt \ + -o "$MYDIR/final-reply.txt" \ -w "%{http_code}" -s) -cat $MYDIR/final-reply.txt >> $LOGS +cat "$MYDIR/final-reply.txt" >> "$LOGS" case $STATUS in 201) ;; *) - echo "Failed to add letter: $STATUS" >> $LOGS - echo $REPLY + echo "Failed to add letter: $STATUS" >> "$LOGS" + echo "$REPLY" exit 1; ;; esac -LETTER_ID=`cat $MYDIR/final-reply.txt | jq -r .data.id` +LETTER_ID=$(cat "$MYDIR/final-reply.txt" | jq -r .data.id) REPLY=$MYDIR/delete-reply.txt STATUS=409 sleep 1; -while test $STATUS = 409; +while test "$STATUS" = 409; do STATUS=$(curl -s --request DELETE \ - --url $ENDPOINT/organisations/$ORG_ID/letters/$LETTER_ID \ + --url "$ENDPOINT/organisations/$PINGEN_ORG_ID/letters/$LETTER_ID" \ --header "Authorization: Bearer $ACCESS_TOKEN" \ - -o $REPLY \ + -o "$REPLY" \ -w "%{http_code}" -s) case $STATUS in 204) - cat $REPLY >> $LOGS + cat "$REPLY" >> "$LOGS" ;; 409) # Happens, likely still in processing... ;; *) - echo "Failed to delete letter: $STATUS" >> $LOGS + echo "Failed to delete letter: $STATUS" >> "$LOGS" ;; esac done -rm -r $MYDIR +rm -r "$MYDIR" exit 0 diff --git a/src/authorization/anastasis-authorization-sms.sh b/src/authorization/anastasis-authorization-sms.sh index ddfc649..1e38661 100755 --- a/src/authorization/anastasis-authorization-sms.sh +++ b/src/authorization/anastasis-authorization-sms.sh @@ -1,14 +1,19 @@ -#!/bin/sh +#!/bin/bash # This file is in the public domain. set -eu -. telesign-secrets -# Set AUTH_TOKEN=... -MESSAGE=`cat -` -TMPFILE=`mktemp /tmp/sms-loggingXXXXXX` +# Check shared secrets +if [ -x "$TELESIGN_AUTH_TOKEN" ] +then + echo "TELESIGN_AUTH_TOKEN not sent in environment" + exit 1 +fi + +MESSAGE=$(cat -) +TMPFILE=$(mktemp /tmp/sms-loggingXXXXXX) STATUS=$(curl --request POST \ --url https://rest-api.telesign.com/v1/messaging \ - --header 'authorization: Basic $AUTH_TOKEN' \ + --header 'authorization: Basic $TELESIGN_AUTH_TOKEN' \ --header 'content-type: application/x-www-form-urlencoded' \ --data account_livecycle_event=transact \ --data "message=$MESSAGE" \ -- cgit v1.2.3