From ab73d4320c79633c4015232a8d8f0b27c405b968 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 4 Aug 2020 13:54:25 +0200 Subject: auto-reclaim script --- server-build/QEMU-autobuild/buildReclaim.sh | 63 +++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 server-build/QEMU-autobuild/buildReclaim.sh (limited to 'server-build/QEMU-autobuild/buildReclaim.sh') diff --git a/server-build/QEMU-autobuild/buildReclaim.sh b/server-build/QEMU-autobuild/buildReclaim.sh new file mode 100644 index 0000000..625d899 --- /dev/null +++ b/server-build/QEMU-autobuild/buildReclaim.sh @@ -0,0 +1,63 @@ +#!/bin/sh +set -eu + +## BEGIN configuration + +# Where is WooCommerce? +WOOHOST=http://127.0.0.1:9999 + +# Name of the shop for the user +SHOP_NAME="WooTaler Shop" + +# Ego of the zone for the RP in GNS +SHOP_ZONE=wootaler-shop + +# Which attributes does WooCommerce want from the IdP? +OIDC_SCOPE="openid profile email full_name" + +# URL where GNUnet REST service is listening for requests +GNUNET_REST="http://localhost:7776/openid/" + +## END configuration + +# Setup GNUnet REST credentials +OIDC_CLIENT_SECRET=`uuid` +gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET" + +# Start GNUnet +gnunet-arm -s + +# Setup Zone for RP +gnunet-identity -C "$SHOP_ZONE" +OIDC_CLIENT_IDENTITY=`gnunet-identity -dq -e $SHOP_ZONE` + +# Tell reclaim where the RP expects the authorization callback +gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p + +# Tell reclaim the name of the shop that asks for permissions (to be shown to the user) +gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p + +# Setup ReClaim as OIDC provider with WooCommerce +cd /var/www/wordpress + + +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session "" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "full_name" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{full_name}" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1" +sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1" + + +sudo -u www-data wp --user=admin option +openid_connect_generic_settings +a:24:{s:10:"login_type";s:6:"button";s:9:"client_id";s:52:"50BMJB6S9MV22BTG541G6XPQVNT7BNT7DZ3ZCCEZXFZPKV3915N0";s:13:"client_secret";s:6:"secret";s:5:"scope";s:30:"openid +profile email +full_name";s:14:"endpoint_login";s:36:"https://api.reclaim/openid/authorize";s:17:"endpoint_userinfo";s:43:"http://localhost:7776/openid/token/userinfo";s:14:"endpoint_token";s:34:"http://localhost:7776/openid/token";s:20:"endpoint_end_session";s:33:"https://example.com/oauth2/logout";s:12:"identity_key";s:3:"sub";s:12:"no_sslverify";s:1:"1";s:20:"http_request_timeout";s:1:"5";s:15:"enforce_privacy";s:1:"0";s:22:"alternate_redirect_uri";s:1:"0";s:12:"nickname_key";s:9:"full_name";s:12:"email_format";s:7:"{email}";s:18:"displayname_format";s:11:"{full_name}";s:22:"identify_with_username";s:1:"1";s:16:"state_time_limit";s:0:"";s:19:"link_existing_users";s:1:"0";s:24:"create_if_does_not_exist";s:1:"1";s:18:"redirect_user_back";s:1:"0";s:18:"redirect_on_logout";s:1:"1";s:14:"enable_logging";s:1:"1";s:9:"log_limit";s:4:"1000";} -- cgit v1.2.3