Telesign auto setup

4 files changed, 34 insertions, 10 deletions

diff --git a/regional-currency/config_nginx.sh b/regional-currency/config_nginx.sh
index 745b3e4..c9bb3c2 100755
--- a/regional-currency/config_nginx.sh
+++ b/regional-currency/config_nginx.sh
@@ -30,10 +30,10 @@ if test "${ENABLE_TLS}" == "y"; then
   certbot --nginx -n --agree-tos -m ${TLS_EMAIL} \
     -d backend."${DOMAIN_NAME}" \
     -d bank."${DOMAIN_NAME}" \
-    -d exchange."${DOMAIN_NAME}"
+    -d exchange."${DOMAIN_NAME}" &>> setup.log
 else
   sed -i "s/https:\/\/bank./http:\/\/bank./g" /etc/libeufin/settings.json
 fi
 
 say "Restarting Nginx with new configuration"
-systemctl reload nginx
+systemctl reload nginx &>> setup.log
diff --git a/regional-currency/functions.sh b/regional-currency/functions.sh
index 9acc3f1..961d7c5 100755
--- a/regional-currency/functions.sh
+++ b/regional-currency/functions.sh
@@ -92,6 +92,26 @@ function ask_questions() {
     echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf
     echo "" # force new line
   fi
+  if test -z "${DO_TELESIGN:-}"; then
+    read -r -p "Setup sms two-factor authentication using Telesign https://www.telesign.com? (y/n): " DO_TELESIGN
+    if test "${DO_TELESIGN:-y}" != n; then
+      read -r -p "Enter your Telesign Customer ID: " TELESIGN_CUSTOMER_ID
+      read -r -s -p "Enter your Telesign API Key: " TELESIGN_API_KEY
+      echo "" # force new line
+      read -r -p "Enter a phone number to test: " TELESIGN_PHONE
+      TELESIGN_AUTH_TOKEN=$(echo "$TELESIGN_CUSTOMER_ID:$TELESIGN_API_KEY" | base64 -w 0)
+      export AUTH_TOKEN=$TELESIGN_AUTH_TOKEN
+      echo "12345" | libeufin-tan-sms.sh $TELESIGN_PHONE
+      read -r -s -p "Enter the code received by $TELESIGN_PHONE : " TELESIGN_TEST_CODE
+      if test "${TELESIGN_TEST_CODE:-y}" != "12345"; then
+        say "Wrong code, rerun this script to enter the right Telesign auth info"
+        exit 1
+      fi
+      echo "TELESIGN_AUTH_TOKEN=\"${TELESIGN_AUTH_TOKEN}\"" >>config/user.conf
+    fi
+    echo "DO_TELESIGN=${DO_TELESIGN}" >>config/user.conf
+    echo "" # force new line
+  fi
 }
 
 function check_dns() {
diff --git a/regional-currency/main.sh b/regional-currency/main.sh
index 1486aae..bca1d72 100755
--- a/regional-currency/main.sh
+++ b/regional-currency/main.sh
@@ -83,9 +83,6 @@ say "Congratulations, you have successfully installed GNU Taler"
 say "Your bank is at ${PROTO}://bank.${DOMAIN_NAME}/"
 say "A merchant is at ${PROTO}://backend.${DOMAIN_NAME}/"
 say "You should set credentials for the merchant soon."
-say "For the SMS cash-out TAN, make sure that telesign-secret"
-say "is found in the PATH and that it defines the CUSTOMER_ID"
-say "and API_KEY environment variables."
 
 say "For currency conversion to work, you must manually complete"
 say "the EBICS configuration."
diff --git a/regional-currency/setup-libeufin.sh b/regional-currency/setup-libeufin.sh
index 3fbf316..04ca162 100755
--- a/regional-currency/setup-libeufin.sh
+++ b/regional-currency/setup-libeufin.sh
@@ -36,7 +36,7 @@ taler-config -s nexus-ebics -o currency \
 
 say "Configuring libeufin-bank with ${CURRENCY}..."
 
-cat <<EOF > /etc/libeufin/libeufin-bank.conf
+cat >/etc/libeufin/libeufin-bank.conf <<EOF
 [libeufin-bank]
 CURRENCY=${CURRENCY}
 WIRE_TYPE=x-taler-bank
@@ -45,10 +45,18 @@ SUGGESTED_WITHDRAWAL_EXCHANGE=${PROTO}://exchange.${DOMAIN_NAME}
 SERVE=tcp
 PORT=${BANK_PORT}
 ALLOW_CONVERSION=yes
-FIAT_CURRENCY=${FIAT_CURRENCY} 
-TAN_SMS=libeufin-tan-sms.sh
-TAN_EMAIL=libeufin-tan-email.sh
+FIAT_CURRENCY=${FIAT_CURRENCY}
 ALLOW_EDIT_CASHOUT_PAYTO_URI=yes
+EOF
+
+if test -n "$TELESIGN_AUTH_TOKEN"; then
+  cat >>/etc/libeufin/libeufin-bank.conf <<EOF 
+TAN_SMS=libeufin-tan-sms.sh
+TAN_SMS_ENV="AUTH_TOKEN=$TELESIGN_AUTH_TOKEN"
+EOF
+fi
+
+cat >>/etc/libeufin/libeufin-bank.conf <<EOF
 
 [CURRENCY-NETZBON]
 enabled=yes
@@ -58,7 +66,6 @@ fractional_input_digits=2
 fractional_normal_digits=2
 fractional_trailing_zero_digits=2
 alt_unit_names={"0":"NETZBON"}
-
 EOF
 
 say "Setting up libeufin database..."