From 0ba22e79321b1148532901854d9c33e0c3ce7960 Mon Sep 17 00:00:00 2001 From: Paul Mehrer Date: Wed, 10 Jan 2024 21:52:35 +0100 Subject: [PATCH] tweak(Admin) add cli to generate jwt access routes/tokens --- tine20/Admin/Frontend/Cli.php | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tine20/Admin/Frontend/Cli.php b/tine20/Admin/Frontend/Cli.php index 01eed002fc3..dfac3730d8b 100644 --- a/tine20/Admin/Frontend/Cli.php +++ b/tine20/Admin/Frontend/Cli.php @@ -9,6 +9,8 @@ * */ +use Firebase\JWT\JWT; + /** * cli server for Admin * @@ -39,6 +41,43 @@ class Admin_Frontend_Cli extends Tinebase_Frontend_Cli_Abstract ), ); + public function createJwtAccessRoute(Zend_Console_Getopt $_opts) + { + $this->_checkAdminRight(); + + $args = $this->_parseArgs($_opts, ['account', 'route']); + + $accountId = Tinebase_User::getInstance()->getFullUserByLoginName($args['account'])->getId(); + $route = (array)$args['route']; + + //create new private and public key + $new_key_pair = openssl_pkey_new(array( + "private_key_bits" => 2048, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + )); + openssl_pkey_export($new_key_pair, $private_key_pem); + + + $jwtAccessRoute = new Admin_Model_JWTAccessRoutes([ + Admin_Model_JWTAccessRoutes::FLD_ACCOUNTID => $accountId, + Admin_Model_JWTAccessRoutes::FLD_KEYID => Tinebase_Record_Abstract::generateUID(), + Admin_Model_JWTAccessRoutes::FLD_ISSUER => Tinebase_Record_Abstract::generateUID(), + Admin_Model_JWTAccessRoutes::FLD_KEY => $private_key_pem, + Admin_Model_JWTAccessRoutes::FLD_ROUTES => $route, + ]); + + $token = JWT::encode( + payload: ['iss' => $jwtAccessRoute->{Admin_Model_JWTAccessRoutes::FLD_ISSUER}], + key: $jwtAccessRoute->{Admin_Model_JWTAccessRoutes::FLD_KEY}, + alg: 'RS512', + keyId: $jwtAccessRoute->{Admin_Model_JWTAccessRoutes::FLD_KEYID} + ); + + Admin_Controller_JWTAccessRoutes::getInstance()->create($jwtAccessRoute); + + echo PHP_EOL . $token . PHP_EOL; + } + /** * create system groups for addressbook lists that don't have a system group *