add CAS authentication #138
140
bin/hsadmin-ng
Executable file
140
bin/hsadmin-ng
Executable file
@ -0,0 +1,140 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$#" -eq 0 ]; then
|
||||
cat <<EOF
|
||||
curl-wrapper utilizing CAS-authentification for hsadmin-ng"
|
||||
usage: $0 [--trace] <<command>> [parameters]
|
||||
|
||||
commands:
|
||||
EOF
|
||||
grep '") ''# ' $0
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "--trace" ]; then
|
||||
function trace() {
|
||||
echo "$*" >&2
|
||||
}
|
||||
function doCurl() {
|
||||
set -x
|
||||
curl "$@"
|
||||
set +x
|
||||
}
|
||||
shift
|
||||
else
|
||||
function trace() {
|
||||
:
|
||||
}
|
||||
function doCurl() {
|
||||
curl "$@"
|
||||
}
|
||||
fi
|
||||
|
||||
if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
|
||||
[ -z "$HSADMINNG_CAS_USERNAME" ] || [ -z "$HSADMINNG_CAS_PASSWORD" ] || \
|
||||
[ -z "$HSADMINNG_CAS_SERVICE" ]; then
|
||||
cat >&2 <<EOF
|
||||
ERROR: environment incomplete
|
||||
|
||||
please set the following environment variables:
|
||||
export HSADMINNG_CAS_LOGIN=https://login.hostsharing.net/cas/v1/tickets
|
||||
export HSADMINNG_CAS_VALIDATE=https://login.hostsharing.net/cas/proxyValidate
|
||||
export HSADMINNG_CAS_USERNAME=<<your username>>
|
||||
export HSADMINNG_CAS_PASSWORD=<<your password>>
|
||||
export HSADMINNG_CAS_SERVICE=https://hsadminng.hostsharing.net:443/
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
function casLogin() {
|
||||
HSADMINNG_CAS_TGT=`doCurl -s -i -X POST \
|
||||
-H 'Content-Type: application/x-www-form-urlencoded' \
|
||||
-d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \
|
||||
$HSADMINNG_CAS_LOGIN -o /dev/null -D - \
|
||||
| grep -i "^Location: " | sed -e 's/^Location: //' -e 's/\\r//'`
|
||||
echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
|
||||
trace "$HSADMINNG_CAS_TGT"
|
||||
}
|
||||
|
||||
function casTicket() {
|
||||
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
|
||||
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
|
||||
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
trace "CAS-TGT: $HSADMINNG_CAS_TGT"
|
||||
|
||||
trace "fetching CAS service ticket"
|
||||
trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE\" $HSADMINNG_CAS_TGT"
|
||||
HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE" $HSADMINNG_CAS_TGT)
|
||||
if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then
|
||||
echo "ERROR: cannot get CAS service ticket" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo $HSADMINNG_CAS_TICKET
|
||||
}
|
||||
|
||||
function casValidate() {
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
|
||||
trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET"
|
||||
trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE}
|
||||
HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE} | grep -oPm1 "(?<=<cas:user>)[^<]+"`
|
||||
if [ -z "$HSADMINNG_CAS_USER" ]; then
|
||||
echo "validation failed" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "CAS-User: $HSADMINNG_CAS_USER"
|
||||
}
|
||||
|
||||
if ! find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then
|
||||
casLogin
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
"login") # explicitly login using CAS-server and credentials in HSADMINNG_CAS_..., fetches ticket granting ticket
|
||||
casLogin
|
||||
;;
|
||||
"logout") # logout, deleting ticket granting ticket
|
||||
rm ~/.cas-login-tgt
|
||||
;;
|
||||
"validate") # validate user login and print currently logged in user
|
||||
casValidate
|
||||
;;
|
||||
"get") # HTTP GET, add URL as parameter
|
||||
shift
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
#trace "curl -f -s --header \"Authorization: $HSADMINNG_CAS_TICKET\" " "$@"
|
||||
doCurl -f -H "Authorization: $HSADMINNG_CAS_TICKET" "$*"
|
||||
;;
|
||||
"post") # HTTP POST, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X POST " "$@"
|
||||
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$@"
|
||||
;;
|
||||
"patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" --header \"Content-Type: application/json\" -X PATCH " "$@"
|
||||
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" --header "Content-Type: application/json" -X POST "$*"
|
||||
;;
|
||||
"delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
trace "curl -f --header \"Authorization: $HSADMINNG_CAS_TICKET\" -X DELETE " "$@"
|
||||
curl -f -H "Authorization: $HSADMINNG_CAS_TICKET" -X POST "$@"
|
||||
;;
|
||||
*)
|
||||
cat >&2 <<EOF
|
||||
unknown command: '$1'
|
||||
valid commands: login, validate, curl
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user