#!/bin/bash # # License type: BSD 3-Clause License # License copy: https://github.com/Telecominfraproject/wlan-cloud-UCENTRALSEC/blob/master/LICENSE # # Created by Stephane Bourque on 2021-03-04. # Arilia Wireless Inc. # if [[ "$(which jq)" == "" ]] then echo "You need the package jq installed to use this script." exit 1 fi if [[ "$(which curl)" == "" ]] then echo "You need the package curl installed to use this script." exit 1 fi if [[ "${OWSEC}" == "" ]] then echo "You must set the variable OWSEC in order to use this script. Something like" echo "OWSEC=myauthgateway.isp.com:16001" exit 1 fi if [[ "${FLAGS}" == "" ]] then FLAGS="-s" fi token="" result_file=result.json username="script.runner@arilia.com" password="NoMoreN00bs!" browser_list=(firefox sensible-browser xdg-open w3m links links2 lynx youtube-dl) browser="" login() { payload="{ \"userId\" : \"$username\" , \"password\" : \"$password\" }" token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${OWSEC}/api/v1/oauth2" | jq -r '.access_token') if [[ "${token}" == "" ]] then echo "Could not login. Please verify the host and username/password." exit 13 fi echo "${token}" > token.json } testlogin() { payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} userMustChangePassword=$(cat ${result_file} | jq -r '.ErrorCode') if [[ ${userMustChangePassword} == "1" ]] then echo "User must change password to login..." if [[ "$3" == "" ]] then echo "Please supply your new password too..." exit 1 fi payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} jq < ${result_file} elif [[ "$3" != "" ]] then payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} token=$(cat ${result_file} | jq -r '.access_token') else payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\" }" token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${OWSEC}/api/v1/oauth2" | jq -r '.access_token') fi jq < ${result_file} } emailtest() { payload="{ \"userId\" : \"$1\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?forgotPassword=true" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} jq < ${result_file} } findbrowser() { if [[ "${browser}" != "" ]] then echo elif [[ "$(uname)" == "Darwin" ]] then browser=open else BROWSER_LIST=(firefox sensible-browser xdg-open w3m links links2 lynx youtube-dl) for br_name in "${browser_list[@]}" do if [[ $(which ${br_name}) != "" ]] then browser=${br_name} break fi done fi } logout() { curl ${FLAGS} -X DELETE -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ "https://${OWSEC}/api/v1/oauth2/${token}" token="" rm -rf token.json } me() { curl ${FLAGS} -X GET -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ "https://${OWSEC}/api/v1/oauth2?me=true" } listendpoints() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemEndpoints" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} for index in {0..10} do endpointlocation=".endpoints[${index}].uri" endpointlocationtype=".endpoints[${index}].type" rawurl="$(cat ${result_file} | jq -r ${endpointlocation})" svctype="$(cat ${result_file} | jq -r ${endpointlocationtype})" proto="$(echo $rawurl | grep :// | sed -e's,^\(.*://\).*,\1,g')" url="$(echo ${rawurl/$proto/})" user="$(echo $url | grep @ | cut -d@ -f1)" hostport="$(echo ${url/$user@/} | cut -d/ -f1)" host="$(echo $hostport | sed -e 's,:.*,,g')" port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" path="$(echo $url | grep / | cut -d/ -f2-)" if [[ ${url} != "null" ]] then if [[ ${svctype} == "ucentralgw" ]] then echo "url: $url" echo " proto: $proto" echo " user: $user" echo " host: $host" echo " port: $port" echo " path: $path" UCENTRALGW=$host break fi fi done } getlogo() { curl ${FLAGS} -X GET "https://${OWSEC}/wwwassets/open-wifi.svg" } createuser() { payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } createuser_v() { payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } deleteuser() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/user/$1" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getuser() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/user/$1" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getuserbyemail() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/user/${1}?byEmail=true" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } listusers() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/users" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } policies() { payload="{}" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?requirements=true" \ -H "Content-Type: application/json" \ -d "$payload" > ${result_file} jq < ${result_file} } setavatar() { curl ${FLAGS} -F 'data=@$2' "https://${OWSEC}/api/v1/avatar/$1" \ -H "Authorization: Bearer ${token}" > ${result_file}; jq < ${result_file} } getavatar() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/avatar/$1" \ -H "accept: application/octet-stream" \ -H "Authorization: Bearer ${token}" \ -o "user.svg" } deleteavatar() { curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/avatar/$1" \ -H "Authorization: Bearer ${token}" \ -H "Content-Type: application/json" > ${result_file} jq < ${result_file} } sendemail() { payload="{ \"recipients\" : [ \"$1\" ] , \"subject\" : \"test1\" , \"from\" : \"$2\" , \"text\" : \"This is a test from SES.\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/email" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } sendsms() { payload="{ \"to\" : \"$1\" , \"text\" : \"$2\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/sms" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } setpreferences() { payload="{ \"data\" : [ { \"name\" : \"$1\" , \"value\" : \"$2\" }] }" curl ${FLAGS} -X PUT "https://${OWSEC}/api/v1/preferences" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" > ${result_file} jq < ${result_file} } getpreferences() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/preferences" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${token}" ${result_file} jq < ${result_file} } testlogout() { echo "Logged in..." oldtoken=${token} listusers logout echo "Logged out..." token=${oldtoken} echo "This should be en error" listusers } setloglevel() { payload="{ \"command\" : \"setloglevel\" , \"subsystems\" : [ { \"tag\" : \"$1\" , \"value\" : \"$2\" } ] }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getloglevels() { payload="{ \"command\" : \"getloglevels\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getloglevelnames() { payload="{ \"command\" : \"getloglevelnames\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } getsubsystemnames() { payload="{ \"command\" : \"getsubsystemnames\" }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } systeminfo() { curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/system?command=info" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" > ${result_file} jq < ${result_file} } reloadsubsystem() { payload="{ \"command\" : \"reload\", \"subsystems\" : [ \"$1\" ] }" curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \ -H "accept: application/json" \ -H "Authorization: Bearer ${token}" \ -d "$payload" } help() { echo echo "Usage: cli [args]" echo echo "listendpoints Get all the system endpoints." echo "emailtest Generate a forgot Password e-amil to the logged in user." echo "me Show information about the logged user." echo "createuser Create a user with an initial password and force the user to change password." echo "createuser_v Same as create user but also force an e-mail verification." echo "deleteuser Delete the user." echo "getuser Get the user information." echo "listusers List users." echo "policies List the login and access policies." echo "setavatar Sets the avatar for user to the image in filename." echo "getavatar Get the avatar for the user." echo "deleteavatar Remove the avatar for a user." echo "sendemail Sends a test email to see if the e-mail system is working." echo "setloglevel Set the log level for s specific subsystem." echo "getloglevels Get the current log levels for all subsystems." echo "getloglevelnames Get the log level names available." echo "getsubsystemnames Get the list of subsystems." echo "systeminfo Get basic system information." echo "reloadsubsystem Reload the configuration for a subsystem." echo } shopt -s nocasematch case "$1" in "createuser") login; createuser "$2" "$3"; logout;; "createuser_v") login; createuser_v "$2" "$3"; logout;; "deleteuser") login; deleteuser "$2" ; logout;; "getuser") login; getuser "$2" ; logout;; "getuserbyemail") login; getuserbyemail "$2" ; logout;; "listusers") login; listusers ; logout ;; "me") login; me ; logout ;; "listendpoints") login; listendpoints ; logout ;; "testlogin") testlogin "$2" "$3" "$4";; "emailtest") emailtest "$2";; "getlogo") getlogo ;; "policies") policies ;; "setavatar") login; setavatar "$2"; logout;; "getavatar") login; getavatar "$2"; logout;; "deleteavatar") login; deleteavatar "$2"; logout;; "sendemail") login; sendemail "$2" "$3"; logout;; "sendsms") login; sendsms "$2" "$3" ; logout;; "testlogout") login; testlogout ;; "setloglevel") login; setloglevel "$2" "$3" ; logout ;; "getloglevels") login; getloglevels; logout ;; "getloglevelnames") login; getloglevelnames; logout ;; "getsubsystemnames") login; getsubsystemnames; logout ;; "reloadsubsystem") login; reloadsubsystem "$2"; logout ;; "systeminfo") login; systeminfo ; logout;; "setpreferences") login; setpreferences "$2" "$3" ; logout;; "getpreferences") login; getpreferences ; logout;; "help") login; help ; logout ;; *) help ;; esac