warengroup/wx
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactoring Code

Browse Source
This commit is contained in:
Christer Warén
2025-11-10 12:40:35 +02:00
parent 5a666e6f60
commit fbaa5780d9
39 changed files with 1559 additions and 1223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

278
src/commands/auth/login.sh
View File

@@ -1,164 +1,138 @@
wx-login(){
if [[ ! -z $1 ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
fi
wxi-header "Login"
wxi-restricted --user
wxi-restricted --org
wxi-restricted --vault
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
wxi-header "$ORG_HEADER" h3
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ ! -z ${args['login-type']} ]]
then
LOGIN_TYPE=${args['login-type']}
elif [[ ! -z ${args['token']} ]]
then
LOGIN_TYPE=token
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
LOGIN_TYPE=token
elif [[ ! -z ${args['username']} ]]
then
LOGIN_TYPE=ldap
else
LOGIN_TYPE=ldap
fi
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
if [[ ! -z $LOGIN_TYPE ]]
then
case $LOGIN_TYPE in
ldap)
echo -n "Username: "
if [[ ! -z ${args['username']} ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
USERNAME=${args['username']}
wxi-content text "$USERNAME"
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
read USERNAME
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
echo -n "Password: "
if [[ ! -z ${args['password']} ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
PASSWORD=${args['password']}
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then
echo -n "Username: "
read USERNAME
else
echo "Username: $USERNAME"
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
read -s PASSWORD
echo "****************"
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
echo "Status: Vault Token Required"
wx-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
read -s PASSWORD
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
fi
if [[ ! -z $PASSWORD ]]
then
wxi-content text "****************"
else
wxi-content text ""
fi
if [[ -z $USERNAME || -z $PASSWORD ]]
then
wxi-content status "Username & Password" "Required"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
wxi-content status "Login" "Failed"
wxi-stop
fi
wxi-config login
;;
token)
echo -n "Token: "
if [[ ! -z ${args['token']} ]]
then
if [[ ${args['token']} != "true" ]]
then
TOKEN=${args['token']}
fi
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
else
read -s TOKEN
fi
if [[ ! -z $TOKEN ]]
then
wxi-content text "***********************************************************************************************"
fi
if [[ -z $TOKEN ]]
then
wxi-content status "Token" "Required"
wxi-footer
wxi-stop
fi
if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
wxi-content status "Token" "Invalid"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
wxi-content status "Login" "Failed"
wxi-stop
fi
wxi-config login
;;
*)
wxi-content status "Login Type" "Unsupported"
wxi-footer
wxi-stop
;;
esac
fi
VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name')
if [[ -z $VAULT_USERNAME ]]
then
wxi-content status "Login" "Username Missing"
wxi-stop
elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]]
then
wxi-content status "Login" "Authentication Method Invalid"
wxi-stop
elif [[ $VAULT_USERNAME == ldap* ]]
then
USERNAME=${VAULT_USERNAME#ldap-}
elif [[ $VAULT_USERNAME == oidc* ]]
then
USERNAME=${VAULT_USERNAME#oidc-}
fi
wxi-footer
}