/
login.sh
executable file
·150 lines (138 loc) · 4.54 KB
/
login.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
#!/bin/bash
##############################################################
# Basic automation to get tokens from the Authorization Server
##############################################################
TOKEN_HANDLER_BASE_URL='http://api.example.local:8080/oauth-agent'
WEB_BASE_URL='http://www.example.local'
AUTHORIZATION_SERVER_BASE_URL='http://login.example.local:8443'
RESPONSE_FILE=data/response.txt
LOGIN_COOKIES_FILE=data/login_cookies.txt
CURITY_COOKIES_FILE=data/curity_cookies.txt
MAIN_COOKIES_FILE=data/main_cookies.txt
TEST_USERNAME=demouser
TEST_PASSWORD=Password1
CLIENT_ID=spa-client
#export http_proxy='http://127.0.0.1:8888'
#
# Ensure that we are in the folder containing this script
#
cd "$(dirname "${BASH_SOURCE[0]}")"
#
# Get a header value from the HTTP response file
#
function getHeaderValue(){
local _HEADER_NAME=$1
local _HEADER_VALUE=$(cat $RESPONSE_FILE | grep -i "^$_HEADER_NAME" | sed -r "s/^$_HEADER_NAME: (.*)$/\1/i")
local _HEADER_VALUE=${_HEADER_VALUE%$'\r'}
echo $_HEADER_VALUE
}
#
# Pattern matching to dig out a field value from an auto submit HTML form, via the second pattern match
#
function getHtmlFormValue(){
local _FIELD_NAME=$1
local _FIELD_LINE=$(cat $RESPONSE_FILE | grep -i "name=\"$_FIELD_NAME\"")
local _FIELD_VALUE=$(echo $_FIELD_LINE | sed -r "s/^(.*)name=\"$_FIELD_NAME\" value=\"(.*)\"(.*)$/\2/i")
echo $_FIELD_VALUE
}
#
# Temp data is stored in this folder
#
mkdir -p data
#
# First get the authorization request URL
#
HTTP_STATUS=$(curl -i -s -X POST "$TOKEN_HANDLER_BASE_URL/login/start" \
-H "origin: $WEB_BASE_URL" \
-H 'content-type: application/json' \
-H 'accept: application/json' \
-c $LOGIN_COOKIES_FILE \
-o $RESPONSE_FILE -w '%{http_code}')
if [ "$HTTP_STATUS" == '000' ]; then
echo '*** Connectivity problem encountered, please check endpoints and whether an HTTP proxy tool is running'
exit 1
fi
if [ "$HTTP_STATUS" != '200' ]; then
echo "*** Start login failed with status $HTTP_STATUS"
exit 1
fi
JSON=$(tail -n 1 $RESPONSE_FILE)
echo $JSON | jq
AUTHORIZATION_REQUEST_URL=$(jq -r .authorizationRequestUrl <<< "$JSON")
#
# Follow redirects until the login HTML form is returned and save cookies
#
echo "$AUTHORIZATION_REQUEST_URL"
HTTP_STATUS=$(curl -i -L -s -X GET "$AUTHORIZATION_REQUEST_URL" \
-c $CURITY_COOKIES_FILE \
-o $RESPONSE_FILE -w '%{http_code}')
if [ $HTTP_STATUS != '200' ]; then
echo "*** Problem encountered during an OpenID Connect authorization redirect, status: $HTTP_STATUS"
exit 1
fi
#
# Post up the test credentials, sending then regetting cookies
#
HTTP_STATUS=$(curl -i -s -X POST "$AUTHORIZATION_SERVER_BASE_URL/authn/authentication/Username-Password" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-b $CURITY_COOKIES_FILE \
-c $CURITY_COOKIES_FILE \
--data-urlencode "userName=$TEST_USERNAME" \
--data-urlencode "password=$TEST_PASSWORD" \
-o $RESPONSE_FILE -w '%{http_code}')
if [ $HTTP_STATUS != '200' ]; then
echo "*** Problem encountered submitting test user credentials, status: $HTTP_STATUS"
exit 1
fi
#
# Do the auto form post, providing Identity Server cookies
#
TOKEN=$(getHtmlFormValue 'token')
STATE=$(getHtmlFormValue 'state')
HTTP_STATUS=$(curl -i -s -X POST "$AUTHORIZATION_SERVER_BASE_URL/oauth/v2/oauth-authorize?client_id=$CLIENT_ID" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-b $CURITY_COOKIES_FILE \
-c $CURITY_COOKIES_FILE \
--data-urlencode "token=$TOKEN" \
--data-urlencode "state=$STATE" \
-o $RESPONSE_FILE -w '%{http_code}')
if [ $HTTP_STATUS != '303' ]; then
echo "*** Problem encountered auto posting form, status: $HTTP_STATUS"
exit 1
fi
#
# Read the response details
#
APP_URL=$(getHeaderValue 'location')
if [ "$APP_URL" == '' ]; then
echo '*** API driven login did not complete successfully'
exit 1
fi
PAGE_URL_JSON='{"pageUrl":"'$APP_URL'"}'
echo $PAGE_URL_JSON | jq
#
# End the login by swapping the code for tokens
#
HTTP_STATUS=$(curl -i -s -X POST "$TOKEN_HANDLER_BASE_URL/login/end" \
-H "origin: $WEB_BASE_URL" \
-H 'content-type: application/json' \
-H 'accept: application/json' \
-c $MAIN_COOKIES_FILE \
-b $LOGIN_COOKIES_FILE \
-d $PAGE_URL_JSON \
-o $RESPONSE_FILE -w '%{http_code}')
if [ "$HTTP_STATUS" != '200' ]; then
echo "*** Problem encountered ending the login, status $HTTP_STATUS"
JSON=$(tail -n 1 $RESPONSE_FILE)
echo $JSON | jq
exit 1
fi
JSON=$(tail -n 1 $RESPONSE_FILE)
echo $JSON | jq
IS_LOGGED_IN=$(jq -r .isLoggedIn <<< "$JSON")
HANDLED=$(jq -r .handled <<< "$JSON")
if [ "$IS_LOGGED_IN" != 'true' ] || [ "$HANDLED" != 'true' ]; then
echo '*** End login returned an unexpected payload'
exit 1
fi
exit 0