source: server/bin/settoken @ b0c7586

918-git-images-111dconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacion
Last change on this file since b0c7586 was afd6b4e, checked in by Ramón M. Gómez <ramongomez@…>, 5 years ago

#925: Script settoken changes REST token for users.
  • Property mode set to 100755
File size: 2.9 KB
Line 
1#!/bin/bash
2
3#/**
4#@file    settoken
5#@brief   Generate a new security token for the specified service or user.
6#@usage   settoken [[-f] [Service]] | User
7#@param   -f: force server restart without prompting (ask by default)
8#@param   Service: may be "server", "repo" or "services" (for all services, by default)
9#@param   User: OpenGnsys-defined username
10#@warning This script uses "php" command.
11#@version 1.1.1 - Initial version.
12#@author  Ramón M. Gómez - ETSII Univ. Sevilla
13#@date    2019-09-25
14#*/ ##
15
16# Global constants definition.
17PROG=$(basename "$(realpath "$0")")                     # Program name.
18OPENGNSYS=/opt/opengnsys                                # OpenGnsys main directory.
19SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg                # Configuration files.
20REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg
21
22# Functions.
23source $OPENGNSYS/lib/ogfunctions.sh || exit 1
24
25function new_token() {
26    php -r 'echo md5(uniqid(rand(), true));'
27}
28
29# Error control.
30[ "$USER" != "root" ] && raiseError access "Need to be root"
31if [ "$1" == "-f" ]; then
32    FORCE=1
33    shift
34fi
35[ $# -gt 1 ] && raiseError usage
36case "${1,,}" in
37    help)
38        help ;;
39    server)         # Generate server token.
40        SERVER=1 ;;
41    repo)           # Generate repository token.
42        REPO=1 ;;
43    ""|services)    # Generate server and repo tokens.
44        SERVER=1; REPO=1 ;;
45    *)              # Generate user token.
46        OGUSER="$1" ;;
47esac
48[ -w $SERVERCFG ] || raiseError access "Server configuration file"
49source $SERVERCFG
50
51# Update user token.
52if [ "$OGUSER" ]; then
53    APIKEY="$(new_token)"
54    DATA="
55UPDATE usuarios
56   SET apikey='$APIKEY', idusuario=LAST_INSERT_ID(idusuario)
57 WHERE usuario='$OGUSER';
58SELECT LAST_INSERT_ID();
59"
60    [ "$(dbexec "$DATA")" == "0" ] && raiseError notfound "User \"$OGUSER\""
61fi
62
63# Update server token.
64if [ "$SERVER" ]; then
65    # Confirm action (server will be restarted).
66    if [ ! "$FORCE" ]; then
67        read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER
68        [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
69    fi
70    APIKEY="$(new_token)"
71    sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file"
72fi
73
74# Update repository token.
75if [ "$REPO" ]; then
76    [ -w $REPOCFG ] || raiseError access "Repository configuration file"
77    APIKEY="$(new_token)"
78    sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file"
79    # If database is local, update it.
80    source $REPOCFG
81    if [ "$ServidorAdm" == "$IPlocal" ]; then
82        dbexec "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';"
83    else
84        echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)."
85    fi
86fi
87
88# Restart server, if needed.
89if [ "$SERVER" ]; then
90    restart opengnsys
91fi
92
Note: See TracBrowser for help on using the repository browser.