From 77d800eab2419b334cafd94b2e986351919def77 Mon Sep 17 00:00:00 2001 From: Levente Polyak Date: Sun, 23 Oct 2022 20:42:34 +0200 Subject: auth: implemented module to authenticate against our GitLab This helps to have a convenient way to manage and test our personal GitLab tokens. Those are used for certain API calls like creating new repositories. prefill the access token web view as per https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#prefill-personal-access-token-name-and-scopes Signed-off-by: Levente Polyak --- src/lib/auth/login.sh | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/lib/auth/status.sh | 69 +++++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 src/lib/auth/login.sh create mode 100644 src/lib/auth/status.sh (limited to 'src/lib/auth') diff --git a/src/lib/auth/login.sh b/src/lib/auth/login.sh new file mode 100644 index 0000000..083e80a --- /dev/null +++ b/src/lib/auth/login.sh @@ -0,0 +1,93 @@ +#!/hint/bash +# +# This may be included with or without `set -euE` +# +# SPDX-License-Identifier: GPL-3.0-or-later + +[[ -z ${DEVTOOLS_INCLUDE_AUTH_LOGIN_SH:-} ]] || return 0 +DEVTOOLS_INCLUDE_AUTH_LOGIN_SH=1 + +_DEVTOOLS_LIBRARY_DIR=${_DEVTOOLS_LIBRARY_DIR:-@pkgdatadir@} +# shellcheck source=src/lib/common.sh +source "${_DEVTOOLS_LIBRARY_DIR}"/lib/common.sh +# shellcheck source=src/lib/config.sh +source "${_DEVTOOLS_LIBRARY_DIR}"/lib/config.sh +# shellcheck source=src/lib/api/gitlab.sh +source "${_DEVTOOLS_LIBRARY_DIR}"/lib/api/gitlab.sh + +set -e + + +pkgctl_auth_login_usage() { + local -r COMMAND=${_DEVTOOLS_COMMAND:-${BASH_SOURCE[0]##*/}} + cat <<- _EOF_ + Usage: ${COMMAND} [OPTIONS] + + Interactively authenticate with the GitLab instance. + + The minimum required scopes for the token are: 'api', 'write_repository'. + + OPTIONS + -g, --gen-access-token Open the URL to generate a new personal access token + -h, --help Show this help text + + EXAMPLES + $ ${COMMAND} + $ ${COMMAND} --gen-access-token +_EOF_ +} + + +pkgctl_auth_login() { + local token personal_access_token_url + local GEN_ACESS_TOKEN=0 + + # option checking + while (( $# )); do + case $1 in + -h|--help) + pkgctl_auth_login_usage + exit 0 + ;; + -g|--gen-access-token) + GEN_ACESS_TOKEN=1 + shift + ;; + *) + die "invalid argument: %s" "$1" + ;; + esac + done + + personal_access_token_url="https://${GITLAB_HOST}/-/profile/personal_access_tokens?name=pkgctl+token&scopes=api,write_repository" + + cat <<- _EOF_ + Logging into ${BOLD}${GITLAB_HOST}${ALL_OFF} + + Tip: you can generate a Personal Access Token here ${personal_access_token_url} + The minimum required scopes are 'api' and 'write_repository'. +_EOF_ + + if (( GEN_ACESS_TOKEN )); then + xdg-open "${personal_access_token_url}" 2>/dev/null + fi + + # read token from stdin + read -s -r -p "${GREEN}?${ALL_OFF} ${BOLD}Paste your authentication token:${ALL_OFF} " token + echo + + if [[ -z ${token} ]]; then + msg_error " No token provided" + exit 1 + fi + + # check if the passed token works + GITLAB_TOKEN="${token}" + if ! result=$(gitlab_api_get_user); then + printf "%s\n" "$result" + exit 1 + fi + + msg_success " Logged in as ${BOLD}${result}${ALL_OFF}" + save_devtools_config +} diff --git a/src/lib/auth/status.sh b/src/lib/auth/status.sh new file mode 100644 index 0000000..6cbaab1 --- /dev/null +++ b/src/lib/auth/status.sh @@ -0,0 +1,69 @@ +#!/hint/bash +# +# This may be included with or without `set -euE` +# +# SPDX-License-Identifier: GPL-3.0-or-later + +[[ -z ${DEVTOOLS_INCLUDE_AUTH_STATUS_SH:-} ]] || return 0 +DEVTOOLS_INCLUDE_AUTH_STATUS_SH=1 + +_DEVTOOLS_LIBRARY_DIR=${_DEVTOOLS_LIBRARY_DIR:-@pkgdatadir@} +# shellcheck source=src/lib/common.sh +source "${_DEVTOOLS_LIBRARY_DIR}"/lib/common.sh +# shellcheck source=src/lib/api/gitlab.sh +source "${_DEVTOOLS_LIBRARY_DIR}"/lib/api/gitlab.sh + +set -e + + +pkgctl_auth_status_usage() { + local -r COMMAND=${_DEVTOOLS_COMMAND:-${BASH_SOURCE[0]##*/}} + cat <<- _EOF_ + Usage: ${COMMAND} [OPTIONS] + + Verifies and displays information about your authentication state of + services like the GitLab instance and reports issues if any. + + OPTIONS + -t, --show-token Display the auth token + -h, --help Show this help text + + EXAMPLES + $ ${COMMAND} + $ ${COMMAND} --show-token +_EOF_ +} + +pkgctl_auth_status() { + local SHOW_TOKEN=0 + # option checking + while (( $# )); do + case $1 in + -h|--help) + pkgctl_auth_status_usage + exit 0 + ;; + -t|--show-token) + SHOW_TOKEN=1 + shift + ;; + *) + die "invalid argument: %s" "$1" + ;; + esac + done + + printf "%s\n" "${BOLD}${GITLAB_HOST}${ALL_OFF}" + # shellcheck disable=2119 + if ! username=$(gitlab_api_get_user); then + printf "%s\n" "${username}" + exit 1 + fi + + msg_success " Logged in as ${BOLD}${username}${ALL_OFF}" + if (( SHOW_TOKEN )); then + msg_success " Token: ${GITLAB_TOKEN}" + else + msg_success " Token: **************************" + fi +} -- cgit v1.2.3-54-g00ecf From 5e22e4f81e61f4ad2228366439be00b691284894 Mon Sep 17 00:00:00 2001 From: Christian Heusel Date: Mon, 13 Feb 2023 14:58:42 +0100 Subject: config: allow suppying the gitlab token via env var This would allow to supply the gitlab tokens via the env var DEVTOOLS_GITLAB_TOKEN and therefore allow users to choose whatever program they want to fill this env var. Closes #113 Signed-off-by: Christian Heusel Signed-off-by: Levente Polyak --- doc/man/pkgctl-auth-login.1.asciidoc | 7 +++++++ src/lib/auth/login.sh | 8 ++++++++ src/lib/config.sh | 10 +++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) (limited to 'src/lib/auth') diff --git a/doc/man/pkgctl-auth-login.1.asciidoc b/doc/man/pkgctl-auth-login.1.asciidoc index 9c32ab2..eeeec4e 100644 --- a/doc/man/pkgctl-auth-login.1.asciidoc +++ b/doc/man/pkgctl-auth-login.1.asciidoc @@ -16,6 +16,13 @@ Interactively authenticate with the GitLab instance. The minimum required scopes for the token are: 'api', 'write_repository'. +The GitLab API token can either be stored in a plaintext file in +'$XDG_CONFIG_HOME/devtools/gitlab.conf', or supplied via the +'DEVTOOLS_GITLAB_TOKEN' environment variable using any command (gpg, vault, +password manager) by declaring a shell alias: + + $ alias pkgctl='DEVTOOLS_GITLAB_TOKEN="$(command to obtain token)" pkgctl' + Options ------- diff --git a/src/lib/auth/login.sh b/src/lib/auth/login.sh index 083e80a..d427676 100644 --- a/src/lib/auth/login.sh +++ b/src/lib/auth/login.sh @@ -27,6 +27,10 @@ pkgctl_auth_login_usage() { The minimum required scopes for the token are: 'api', 'write_repository'. + The GitLab API token can either be stored in a plaintext file, or + supplied via the DEVTOOLS_GITLAB_TOKEN environment variable using a + vault, see pkgctl-auth-login(1) for details. + OPTIONS -g, --gen-access-token Open the URL to generate a new personal access token -h, --help Show this help text @@ -66,6 +70,10 @@ pkgctl_auth_login() { Tip: you can generate a Personal Access Token here ${personal_access_token_url} The minimum required scopes are 'api' and 'write_repository'. + + If you do not want to store the token in a plaintext file, you can abort + the following prompt and supply the token via the DEVTOOLS_GITLAB_TOKEN + environment variable using a vault, see pkgctl-auth-login(1) for details. _EOF_ if (( GEN_ACESS_TOKEN )); then diff --git a/src/lib/config.sh b/src/lib/config.sh index 5034c6e..ba6532e 100644 --- a/src/lib/config.sh +++ b/src/lib/config.sh @@ -14,11 +14,15 @@ readonly XDG_DEVTOOLS_GITLAB_CONFIG="${XDG_DEVTOOLS_DIR}/gitlab.conf" export GITLAB_TOKEN="" load_devtools_config() { - if [[ ! -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then - GITLAB_TOKEN="" + if [[ -n "${DEVTOOLS_GITLAB_TOKEN}" ]]; then + GITLAB_TOKEN="${DEVTOOLS_GITLAB_TOKEN}" return fi - GITLAB_TOKEN=$(grep GITLAB_TOKEN "${XDG_DEVTOOLS_GITLAB_CONFIG}"|cut -d= -f2|cut -d\" -f2) + if [[ -f "${XDG_DEVTOOLS_GITLAB_CONFIG}" ]]; then + GITLAB_TOKEN=$(grep GITLAB_TOKEN "${XDG_DEVTOOLS_GITLAB_CONFIG}"|cut -d= -f2|cut -d\" -f2) + return + fi + GITLAB_TOKEN="" } save_devtools_config() { -- cgit v1.2.3-54-g00ecf