hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

assuming-long-roleidnames + object-uuid-based-rolenames #139

Merged
hsh-michaelhoennig merged 13 commits from bugfix/assuming-long-roleidnames into master 2024-12-30 10:00:20 +01:00
Conversation 0 Commits 13 Files Changed 26 +74 -19
1 changed files with 74 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b0bfb06833 - Show all commits

93
bin/cas-curl
View File

@ -3,19 +3,21 @@
if [ "$#" -eq 0 ] || [ "$1" == "help" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ]; then if [ "$#" -eq 0 ] || [ "$1" == "help" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ]; then
cat <<EOF cat <<EOF
curl-wrapper utilizing CAS-authentication for hsadmin-ng curl-wrapper utilizing CAS-authentication for hsadmin-ng
usage: $0 [--trace] <<command>> [parameters] usage: $0 [--trace] [--show-password] <<command>> [parameters]
commands: commands:
EOF EOF
grep '") ''# ' $0 # filters out help texts (marked with ## and following lines with #) from the commands itself
# (the '' makes sure that this line is not found, just the lines with actual help texts)
sed -n '/#''#/ {s/#''#//; p; :a; n; /^[[:space:]]*#/!b; s/^[[:space:]]*#//; p; ba}' $0
exit exit
fi fi
export HSADMINNG_CAS_ASSUME_HEADER if [ "$2" == "--show-password" ]; then
if [ -f ~/.cas-curl-assume ]; then HSADMINNG_CAS_SHOW_PASSWORD=yes
HSADMINNG_CAS_ASSUME="$(cat ~/.cas-curl-assume)" shift
else else
HSADMINNG_CAS_ASSUME= HSADMINNG_CAS_SHOW_PASSWORD=
fi fi
if [ "$1" == "--trace" ]; then if [ "$1" == "--trace" ]; then
@ -40,6 +42,13 @@ else
} }
fi fi
export HSADMINNG_CAS_ASSUME_HEADER
if [ -f ~/.cas-curl-assume ]; then
HSADMINNG_CAS_ASSUME="$(cat ~/.cas-curl-assume)"
else
HSADMINNG_CAS_ASSUME=
fi
if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \ if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
[ -z "$HSADMINNG_CAS_SERVICE_ID" ]; then [ -z "$HSADMINNG_CAS_SERVICE_ID" ]; then
cat >&2 <<EOF cat >&2 <<EOF
@ -73,10 +82,16 @@ function casLogin() {
read -s -e -p "Password: " HSADMINNG_CAS_PASSWORD read -s -e -p "Password: " HSADMINNG_CAS_PASSWORD
fi fi
if [ "$HSADMINNG_CAS_SHOW_PASSWORD" == "--show-password" ]; then
HSADMINNG_CAS_PASSWORD_DISPLAY=$HSADMINNG_CAS_PASSWORD
else
HSADMINNG_CAS_PASSWORD_DISPLAY="<<password hidden - use --show-password to show>>"
fi
# Do NOT use doCurl here! We do neither want to print the password nor pass a CAS service ticket. # Do NOT use doCurl here! We do neither want to print the password nor pass a CAS service ticket.
trace "+ curl --fail-with-body -s -i -X POST \ trace "+ curl --fail-with-body -s -i -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \ -H 'Content-Type: application/x-www-form-urlencoded' \
-d \"username=$HSADMINNG_CAS_USERNAME&password=<<PASSWORD OMITTED>>\" \ -d \"username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD_DISPLAY\" \
$HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D -" $HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D -"
HSADMINNG_CAS_TGT=`curl --fail-with-body -s -i -X POST \ HSADMINNG_CAS_TGT=`curl --fail-with-body -s -i -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \ -H 'Content-Type: application/x-www-form-urlencoded' \
@ -126,45 +141,85 @@ function casValidate() {
} }
case "${1,,}" in case "${1,,}" in
"login") # reads username+password and fetches ticket granting ticket (bypasses HSADMINNG_CAS_USERNAME+HSADMINNG_CAS_PASSWORD)
# -- generic commands --------------------------------------------------------------------------
"env") ## prints all related HSADMINNG_CAS_... environment variables; use '--show-password' to show the password as well
# example: cas-curl env --show-password
echo "HSADMINNG_CAS_LOGIN: $HSADMINNG_CAS_LOGIN"
echo "HSADMINNG_CAS_VALIDATE: $HSADMINNG_CAS_VALIDATE"
echo "HSADMINNG_CAS_USERNAME: $HSADMINNG_CAS_USERNAME"
if [ "$2" == "--show-password" ]; then
echo "HSADMINNG_CAS_PASSWORD: $HSADMINNG_CAS_PASSWORD"
elif [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
echo "HSADMINNG_CAS_PASSWORD: <<not given>>"
else
echo "HSADMINNG_CAS_PASSWORD: <<given, but hidden - add --show-password to show>>"
fi
echo "HSADMINNG_CAS_SERVICE_ID: $HSADMINNG_CAS_SERVICE_ID"
;;
# --- authentication-related commands ------------------------------------------------------------
"login") ## reads username+password and fetches ticket granting ticket (bypasses HSADMINNG_CAS_USERNAME+HSADMINNG_CAS_PASSWORD)
# example: cas-curl login
casLogout casLogout
export HSADMINNG_CAS_USERNAME= export HSADMINNG_CAS_USERNAME=
export HSADMINNG_CAS_PASSWORD= export HSADMINNG_CAS_PASSWORD=
casLogin casLogin
;; ;;
"assume") # assumes the given comma-separated roles "assume") ## assumes the given comma-separated roles
# example using object-id-name: cas-curl assume 'hs_office.relation#ExampleMandant-with-PARTNER-ExamplePartner:AGENT'
# example using object-uuid: cas-curl assume 'hs_office.relation#1d3bc468-c5c8-11ef-9d0d-4751ecfda2b7:AGENT'
shift shift
if [ -z "$1" ]; then if [ -z "$1" ]; then
rm ~/.cas-curl-assume echo "ERROR: requires comma-separated list of roles to assume" >&2
else exit 1
echo "$1" >~/.cas-curl-assume
fi fi
echo "$1" >~/.cas-curl-assume
;; ;;
"logout") # logout, deleting ticket granting ticket "unassume") ## do not assume any particular role anymore, use the plain user as RBAC subject
casLogout rm ~/.cas-curl-assume
;; ;;
"validate") # validates ticket granting ticket and prints currently logged in user "validate") ## validates current ticket granting ticket and prints currently logged in user
casValidate casValidate
;; ;;
"get") # HTTP GET, add URL as parameter "logout") ## logout, deletes ticket granting ticket
casLogout
;;
# --- HTTP-commands ----------------------------------------------------------------------
"get") ## HTTP GET, add URL as parameter
# example: cas-curl GET http://localhost:8080/api/hs/office/partners/P-10003 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift shift
casLogin casLogin
HSADMINNG_CAS_TICKET=`casTicket` HSADMINNG_CAS_TICKET=`casTicket`
doCurl "$*" doCurl "$*"
;; ;;
"post") # HTTP POST, add curl options to specify the request body and the URL as last parameter "post") ## HTTP POST, add curl options to specify the request body and the URL as last parameter
# example: cas-curl POST \
# -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
# http://localhost:8080/api/test/customers | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift shift
casLogin casLogin
HSADMINNG_CAS_TICKET=`casTicket` HSADMINNG_CAS_TICKET=`casTicket`
doCurl --header "Content-Type: application/json" -X POST "$@" doCurl --header "Content-Type: application/json" -X POST "$@"
;; ;;
"patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter "patch") ## HTTP PATCH, add curl options to specify the request body and the URL as last parameterparameter
# example: cas-curl PATCH \
# -d '{ "reference":80002 }' \
# http://localhost:8080/api/test/customers/ae90ac2a-4728-4ca9-802e-a0d0108b2324 | jq
# hint: '| jq' is just for human-readable formatted JSON output
shift shift
casLogin casLogin
HSADMINNG_CAS_TICKET=`casTicket` HSADMINNG_CAS_TICKET=`casTicket`
doCurl --header "Content-Type: application/json" -X POST "$*" doCurl --header "Content-Type: application/json" -X POST "$*"
;; ;;
"delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter "delete") ## HTTP DELETE, add curl options to specify the request body and the URL as last parameter
# example: cas-curl DELETE http://localhost:8080/api/hs/office/persons/ae90ac2a-4728-4ca9-802e-a0d0108b2324
shift shift
casLogin casLogin
HSADMINNG_CAS_TICKET=`casTicket` HSADMINNG_CAS_TICKET=`casTicket`