#!/bin/bash # # License type: BSD 3-Clause License # License copy: https://github.com/Telecominfraproject/wlan-cloud-UCENTRALSEC/blob/master/LICENSE # # Created by Stephane Bourque on 2021-03-04. # Arilia Wireless Inc. # if [[ "$(which jq)" == "" ]] then echo "You need the package jq installed to use this script." exit 1 fi if [[ "$(which curl)" == "" ]] then echo "You need the package curl installed to use this script." exit 1 fi if [[ -z "${OWSEC}" || -z "${OWSEC_USERNAME}" || -z "${OWSEC_PASSWORD}" ]] then echo "You must set the variables OWSEC, OWSEC_USERNAME, and OWSEC_PASSWORD in order to use this script. Something like" echo "export OWSEC=security.isp.com:16001" echo "export OWSEC_USERNAME=theusername@domain.com" echo "export OWSEC_PASSWORD=mytoughpassword" exit 1 fi username=${OWSEC_USERNAME} password=${OWSEC_PASSWORD} if [[ "${FLAGS}" == "" ]] then FLAGS="-s" fi token="" result_file=result.json browser_list=(firefox sensible-browser xdg-open w3m links links2 lynx youtube-dl) browser="" login() { payload="{ \"userId\" : \"$username\" , \"password\" : \"$password\" }" token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${OWSEC}/api/v1/oauth2" | jq -r '.access_token') if [[ "${token}" == "" ]] then echo "Could not login. Please verify the host and username/password." exit 13 fi echo "${token}" > token.json } testlogin() { payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} userMustChangePassword=$(cat ${result_file} | jq -r '.ErrorCode') if [[ ${userMustChangePassword} == "1" ]] then echo "User must change password to login..." if [[ "$3" == "" ]] then echo "Please supply your new password too..." exit 1 fi payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} jq < ${result_file} elif [[ "$3" != "" ]] then payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} token=$(cat ${result_file} | jq -r '.access_token') else payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\" }" token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${OWSEC}/api/v1/oauth2" | jq -r '.access_token') fi jq < ${result_file} } emailtest() { payload="{ \"userId\" : \"$1\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?forgotPassword=true" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} jq < ${result_file} } findbrowser() { if [[ "${browser}" != "" ]] then echo elif [[ "$(uname)" == "Darwin" ]] then browser=open else BROWSER_LIST=(firefox sensible-browser xdg-open w3m links links2 lynx youtube-dl) for br_name in "${browser_list[@]}" do if [[ $(which ${br_name}) != "" ]] then browser=${br_name} break fi done fi } logout() { curl ${FLAGS} -X DELETE -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ "https://${OWSEC}/api/v1/oauth2/${token}" token="" rm -rf token.json } me() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/oauth2?me=true" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } listendpoints() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemEndpoints" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} for index in {0..10} do endpointlocation=".endpoints[${index}].uri" endpointlocationtype=".endpoints[${index}].type" rawurl="$(cat ${result_file} | jq -r ${endpointlocation})" svctype="$(cat ${result_file} | jq -r ${endpointlocationtype})" proto="$(echo $rawurl | grep :// | sed -e's,^\(.*://\).*,\1,g')" url="$(echo ${rawurl/$proto/})" user="$(echo $url | grep @ | cut -d@ -f1)" hostport="$(echo ${url/$user@/} | cut -d/ -f1)" host="$(echo $hostport | sed -e 's,:.*,,g')" port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" path="$(echo $url | grep / | cut -d/ -f2-)" if [[ ${url} != "null" ]] then if [[ ${svctype} == "ucentralgw" ]] then echo "url: $url" echo " proto: $proto" echo " user: $user" echo " host: $host" echo " port: $port" echo " path: $path" UCENTRALGW=$host break fi fi done } getlogo() { curl ${FLAGS} -X GET "https://${OWSEC}/wwwassets/logo.png" } createuser() { case $3 in root|admin|subscriber|csr|system|installer|noc|accounting) payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} ;; *) echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting" exit 1 ;; esac } createsub() { payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : false, \"userRole\" : \"subscriber\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/subuser/0" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } createuser_v() { case $3 in root|admin|subscriber|csr|system|installer|noc|accounting) payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} ;; *) echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting" exit 1 ;; esac } deleteuser() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/user/$1" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } deletesub() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/subuser/$1" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getuser() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/user/$1" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getsub() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/subuser/$1" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getuserbyemail() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/user/${1}?byEmail=true" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getsubbyemail() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/subuser/${1}?byEmail=true" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } listusers() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/users" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } listsubs() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/subusers" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } policies() { payload="{}" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?requirements=true" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } setavatar() { curl ${FLAGS} -F 'data=@$2' "https://${OWSEC}/api/v1/avatar/$1" \ -H "Authorization: Bearer ${token}" > ${result_file}; jq < ${result_file} } getavatar() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/avatar/$1" \ -H "accept: application/octet-stream" \ -H "Authorization: Bearer ${token}" \ -o "user.svg" } deleteavatar() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/avatar/$1" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } sendemail() { payload="{ \"recipients\" : [ \"$1\" ] , \"subject\" : \"test1\" , \"from\" : \"$2\" , \"text\" : \"This is a test from SES.\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/email" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } sendsms() { payload="{ \"to\" : \"$1\" , \"text\" : \"$2\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/sms" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } setpreferences() { payload="{ \"data\" : [ { \"tag\" : \"${1}\" , \"value\" : \"${2}\" } ] }" echo ${payload} curl ${FLAGS} -X PUT "https://${OWSEC}/api/v1/preferences" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getpreferences() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/preferences" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } getauthqrcode() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/totp" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} -o qrcode.svg } testlogout() { echo "Logged in..." oldtoken=${token} listusers logout echo "Logged out..." token=${oldtoken} echo "This should be en error" listusers } setloglevel() { payload="{ \"command\" : \"setloglevel\" , \"subsystems\" : [ { \"tag\" : \"$1\" , \"value\" : \"$2\" } ] }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getloglevels() { payload="{ \"command\" : \"getloglevels\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getloglevelnames() { payload="{ \"command\" : \"getloglevelnames\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getsubsystemnames() { payload="{ \"command\" : \"getsubsystemnames\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } systeminfo() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/system?command=info" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } getsecret() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemSecret/${1}" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } getsecretdictionary() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemSecret/0?dictionary=true" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } getallsecrets() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemSecret/0?all=true" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } setsecret() { curl ${FLAGS} -X PUT "https://${OWSEC}/api/v1/systemSecret/${1}?value=${2}" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } deletesecret() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/systemSecret/${1}" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } reloadsubsystem() { payload="{ \"command\" : \"reload\", \"subsystems\" : [ \"$1\" ] }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } check_response() { if [ -s "$1" ]; then ERROR_CODE="$(jq -r '.ErrorCode' < $1)" if [[ -n "$ERROR_CODE" && "$ERROR_CODE" != 'null' ]]; then echo "Error: got HTTP error code $ERROR_CODE, exiting" exit 1 fi else echo "Error: result file not found or empty" exit 1 fi } createapikey() { payload="{ \"name\" : \"test1\" , \"expiresOn\" : 1699393386 }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/apiKey/$1" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } deleteapikey() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/apiKey/$1?keyUuid=$2" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } getapikey() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/apiKey/$1" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } test_service() { echo echo "----------------------" echo "Get system information" echo "----------------------" systeminfo check_response $result_file echo echo "----------------" echo "Create test user" echo "----------------" createuser testuser@mail.telecominfraproject.com 'Test123!' accounting check_response $result_file USER_ID="$(jq -r '.id' < $result_file)" if [[ $USER_ID == null ]]; then USER_ID="$(jq -r '.Id' < $result_file)" fi echo echo "-------------" echo "Get test user" echo "-------------" getuser $USER_ID check_response $result_file echo echo "----------------" echo "Delete test user" echo "----------------" deleteuser $USER_ID # check_response $result_file USER_STATUS="$(jq -r '.ErrorCode' < $result_file)" if [ "$USER_STATUS" == 404 ]; then echo "Error: failed to delete test user, HTTP error code 404" else echo "Successfully deleted test user" fi } help() { echo echo "Usage: cli [args]" echo echo "listendpoints Get all the system endpoints." echo "emailtest Generate a forgot Password e-amil to the logged in user." echo "me Show information about the logged user." echo "createuser Create a user with an initial password and force the user to change password." echo "createuser_v Same as create user but also force an e-mail verification." echo "deleteuser Delete the user." echo "getuser Get the user information." echo "listusers List users." echo "policies List the login and access policies." echo "setavatar Sets the avatar for user to the image in filename." echo "getavatar Get the avatar for the user." echo "deleteavatar Remove the avatar for a user." echo "sendemail Sends a test email to see if the e-mail system is working." echo "setloglevel Set the log level for s specific subsystem." echo "getloglevels Get the current log levels for all subsystems." echo "getloglevelnames Get the log level names available." echo "getsubsystemnames Get the list of subsystems." echo "systeminfo Get basic system information." echo "reloadsubsystem Reload the configuration for a subsystem." echo "test_service Run a set of CLI commands for testing purposes" echo } shopt -s nocasematch case "$1" in "createuser") login; createuser "$2" "$3" "$4"; logout;; "createsub") login; createsub "$2" "$3"; logout;; "createuser_v") login; createuser_v "$2" "$3" "$4"; logout;; "createsub_v") login; createsub_v "$2" "$3"; logout;; "deleteuser") login; deleteuser "$2" ; logout;; "deletesub") login; deletesub "$2" ; logout;; "getuser") login; getuser "$2" ; logout;; "getsub") login; getsub "$2" ; logout;; "getuserbyemail") login; getuserbyemail "$2" ; logout;; "getsubbyemail") login; getsubbyemail "$2" ; logout;; "listusers") login; listusers ; logout ;; "listsubs") login; listsubs ; logout ;; "me") login; me ; logout ;; "listendpoints") login; listendpoints ; logout ;; "testlogin") testlogin "$2" "$3" "$4";; "emailtest") emailtest "$2";; "getlogo") getlogo ;; "policies") policies ;; "setavatar") login; setavatar "$2"; logout;; "getavatar") login; getavatar "$2"; logout;; "deleteavatar") login; deleteavatar "$2"; logout;; "sendemail") login; sendemail "$2" "$3"; logout;; "sendsms") login; sendsms "$2" "$3" ; logout;; "testlogout") login; testlogout ;; "setloglevel") login; setloglevel "$2" "$3" ; logout ;; "getloglevels") login; getloglevels; logout ;; "getloglevelnames") login; getloglevelnames; logout ;; "getsubsystemnames") login; getsubsystemnames; logout ;; "reloadsubsystem") login; reloadsubsystem "$2"; logout ;; "systeminfo") login; systeminfo ; logout;; "setpreferences") login; setpreferences "$2" "$3" ; logout;; "getpreferences") login; getpreferences ; logout;; "getauthqrcode") login; getauthqrcode; logout;; "test_service") login; test_service; logout;; "createapikey") login; createapikey "$2" ; logout;; "deleteapikey") login; deleteapikey "$2" "$3"; logout;; "getapikey") login; getapikey "$2" ; logout;; "getsecret") login; getsecret "$2" ; logout;; "getallsecrets") login; getallsecrets ; logout;; "setsecret") login; setsecret "$2" "$3" ; logout;; "deletesecret") login; deletesecret "$2" ; logout;; "getsecretdictionary") login; getsecretdictionary ; logout;; "help") login; help ; logout ;; *) help ;; esac