auto-reclaim script

1 files changed, 63 insertions, 0 deletions

diff --git a/server-build/QEMU-autobuild/buildReclaim.sh b/server-build/QEMU-autobuild/buildReclaim.sh
new file mode 100644
index 0000000..625d899
--- /dev/null
+++ b/server-build/QEMU-autobuild/buildReclaim.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+set -eu
+
+## BEGIN configuration
+
+# Where is WooCommerce?
+WOOHOST=http://127.0.0.1:9999
+
+# Name of the shop for the user
+SHOP_NAME="WooTaler Shop"
+
+# Ego of the zone for the RP in GNS
+SHOP_ZONE=wootaler-shop
+
+# Which attributes does WooCommerce want from the IdP?
+OIDC_SCOPE="openid profile email full_name"
+
+# URL where GNUnet REST service is listening for requests
+GNUNET_REST="http://localhost:7776/openid/"
+
+## END configuration
+
+# Setup GNUnet REST credentials
+OIDC_CLIENT_SECRET=`uuid`
+gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET"
+
+# Start GNUnet
+gnunet-arm -s
+
+# Setup Zone for RP
+gnunet-identity -C "$SHOP_ZONE"
+OIDC_CLIENT_IDENTITY=`gnunet-identity -dq -e $SHOP_ZONE`
+
+# Tell reclaim where the RP expects the authorization callback
+gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p
+
+# Tell reclaim the name of the shop that asks for permissions (to be shown to the user)
+gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p
+
+# Setup ReClaim as OIDC provider with WooCommerce
+cd /var/www/wordpress
+
+
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session ""
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "full_name"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{full_name}"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1"
+sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1"
+
+
+sudo -u www-data wp --user=admin option
+openid_connect_generic_settings
+a:24:{s:10:"login_type";s:6:"button";s:9:"client_id";s:52:"50BMJB6S9MV22BTG541G6XPQVNT7BNT7DZ3ZCCEZXFZPKV3915N0";s:13:"client_secret";s:6:"secret";s:5:"scope";s:30:"openid
+profile email
+full_name";s:14:"endpoint_login";s:36:"https://api.reclaim/openid/authorize";s:17:"endpoint_userinfo";s:43:"http://localhost:7776/openid/token/userinfo";s:14:"endpoint_token";s:34:"http://localhost:7776/openid/token";s:20:"endpoint_end_session";s:33:"https://example.com/oauth2/logout";s:12:"identity_key";s:3:"sub";s:12:"no_sslverify";s:1:"1";s:20:"http_request_timeout";s:1:"5";s:15:"enforce_privacy";s:1:"0";s:22:"alternate_redirect_uri";s:1:"0";s:12:"nickname_key";s:9:"full_name";s:12:"email_format";s:7:"{email}";s:18:"displayname_format";s:11:"{full_name}";s:22:"identify_with_username";s:1:"1";s:16:"state_time_limit";s:0:"";s:19:"link_existing_users";s:1:"0";s:24:"create_if_does_not_exist";s:1:"1";s:18:"redirect_user_back";s:1:"0";s:18:"redirect_on_logout";s:1:"1";s:14:"enable_logging";s:1:"1";s:9:"log_limit";s:4:"1000";}