Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPII-3714: Added a script that generates client credentials #769

Merged
merged 3 commits into from
Apr 25, 2019
Merged

GPII-3714: Added a script that generates client credentials #769

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
53043b1
GPII-3714: Added a script that generates client credentials
javihernandez Apr 1, 2019
bbcbb36
GPII-3714: Made linter happy
javihernandez Apr 1, 2019
a8a81ef
GPII-3714: Fixed variable passing check
javihernandez Apr 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
145 changes: 145 additions & 0 deletions scripts/generateCredentials.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
/*!
Copyright 2019 Raising the Floor US

Licensed under the New BSD license. You may not use this file except in
compliance with this License.

You may obtain a copy of the License at
https://github.com/GPII/universal/blob/master/LICENSE.txt

As part of GPII-3714, we need a script to generate the credentials
for both the client and the server in order for the instances of GPII to be
authenticated when performing read and save actions against the cloud-based flowManager.

These credentials consist in:

1. The secret file - what goes in the client side

{
"site": "example.gpii.net",
"clientCredentials": {
"client_id": "UUID-pilot-computer",
"client_secret": "UUID-pilot-computer-secret"
}
}

2. The credentials - what goes into the database

2.1 The client credentials

{
"_id": "UUID-clientCredentials",
"type": "clientCredential",
"schemaVersion": "0.1",
"clientId": "UUID-gpiiAppInstallationClient",
"oauth2ClientId": "UUID-pilot-computer",
"oauth2ClientSecret": "UUID-pilot-computer-secret",
"revoked": false,
"revokedReason": null,
"timestampCreated": "2017-11-21T18:11:22.101Z",
"timestampRevoked": null
}

2.2 The GPII App Installation Client

{
"_id": "UUID-gpiiAppInstallationClient",
"type": "gpiiAppInstallationClient",
"schemaVersion": "0.1",
"name": "Pilot Computers",
"computerType": "public",
"timestampCreated": "2017-11-21T18:11:22.101Z",
"timestampUpdated": null
}

The options must be passed as environmental variables, they are:

* GPII_CREDENTIALS_NAME [String] [required]: The site name
* GPII_CREDENTIALS_SITE [String] [required]: The site domain

Example usage:

GPII_CREDENTIALS_NAME="GPII Testers" GPII_CREDENTIALS_SITE=testers.gpii.net node generateCredentials.js

After running the script, you can find the files in the folder "testers.gpii.net-credentials".
The script generates two files containing:
1. secret.txt: The file to be provided when building the "Secret Blower" installer
2. couchDBData.json: The JSON-format documents that go into the production
database and ready to be inserted using an HTTP POST request like this:

* curl -d @couchDBData.json -H "Content-type: application/json" -X POST http://localhost:25984/gpii/_bulk_docs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the plan is to run something similar to this workflow in production (and stg)?

If so, we will want a note in gpii-infra; the one you wrote for seeding preferences for users is a good example.



*/
"use strict";

var process = require("process"),
fs = require("fs"),
path = require("path"),
uuid = uuid || require("node-uuid");

var credentialsName = process.env.GPII_CREDENTIALS_NAME;
var credentialsSite = process.env.GPII_CREDENTIALS_SITE;

if (!credentialsSite || !credentialsSite) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should one of these be credentialsName?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well spotted, thanks!

console.log("Usage: GPII_CREDENTIALS_NAME=<SITE NAME> GPII_CREDENTIALS_SITE=<SITE.NAME.COM> node generateCredentials.js");
process.exit(1);
}

var generateCredentials = function () {
var currentTime = new Date().toISOString();

var clientId = uuid.v4();
var clientSecret = uuid.v4();
var clientCredentialsId = uuid.v4();
var gpiiAppInstallationClientId = uuid.v4();

var secret = {
"site": credentialsSite,
"clientCredentials": {
"client_id": clientId,
"client_secret": clientSecret
}
};

var clientCredential = {
"_id": clientCredentialsId,
"type": "clientCredential",
"schemaVersion": "0.1",
"clientId": gpiiAppInstallationClientId,
"oauth2ClientId": clientId,
"oauth2ClientSecret": clientSecret,
"revoked": false,
"revokedReason": null,
"timestampCreated": currentTime,
"timestampRevoked": null
};

var gpiiAppInstallationClient = {
"_id": gpiiAppInstallationClientId,
"type": "gpiiAppInstallationClient",
"schemaVersion": "0.1",
"name": credentialsName,
"computerType": "public",
"timestampCreated": currentTime,
"timestampUpdated": null
};

return {
secret: secret,
couchDBData: {
"docs": [clientCredential, gpiiAppInstallationClient]
}
};
};

var outputFolder = credentialsSite + "-credentials";
fs.mkdir(outputFolder, function (err) {
if (err) {
throw err;
process.exit(1);
}
var credentials = generateCredentials();
fs.writeFileSync(path.join(outputFolder, "secret.txt"), JSON.stringify(credentials.secret, null, 2));
fs.writeFileSync(path.join(outputFolder, "couchDBData.json"), JSON.stringify(credentials.couchDBData, null, 2));
});