[perso/Immae/Config/Nix.git] / nixops / modules / task / www / index.php

<?php
if (!isset($_SERVER["REMOTE_USER"])) {
  die("please login");
}
$ldap_user = $_SERVER["REMOTE_USER"];
$ldap_host = getenv("TASKD_LDAP_HOST");
$ldap_dn = getenv('TASKD_LDAP_DN');
$ldap_password = getenv('TASKD_LDAP_PASSWORD');
$ldap_base = getenv('TASKD_LDAP_BASE');
$ldap_filter = getenv('TASKD_LDAP_FILTER');
$host   = getenv('TASKD_HOST');
$vardir = getenv('TASKD_VARDIR');

$connect = ldap_connect($ldap_host);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
  die("impossible to connect to LDAP");
}

$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);

$search = ldap_search($connect, $ldap_base, $search_query);
$info = ldap_get_entries($connect, $search);

if (ldap_count_entries($connect, $search) != 1) {
  die("Impossible to find user in LDAP");
}

$entries = [];
foreach($info[0]["immaetaskid"] as $key => $value) {
  if ($key !== "count") {
    $entries[] = explode(":", $value);
  }
}

if (isset($_GET["file"])) {
  $basecert = $vardir . "/userkeys/" . $ldap_user;
  if (!file_exists($basecert . ".cert.pem")) {
    exec("taskserver-user-certs $ldap_user");
  }
  $certificate = file_get_contents($basecert . ".cert.pem");
  $cert_key    = file_get_contents($basecert . ".key.pem");

  // IdenTrust DST Root CA X3
  // obtained here: https://letsencrypt.org/fr/certificates/
  $server_cert = "-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----";

  $file = $_GET["file"];
  switch($file) {
  case "ca.cert.pem":
    $content = $server_cert;
    $name    = "ca.cert.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "cert.pem":
    $content = $certificate;
    $name    = $ldap_user . ".cert.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "key.pem":
    $content = $cert_key;
    $name    = $ldap_user . ".key.pem";
    $type    = "application/x-x509-ca-cert";
    break;
  case "mirakel";
    foreach ($entries as $entry) {
      list($org, $user, $key) = $entry;
      if ($key == $_GET["key"]) { break; }
    }
    $name    = $user . ".mirakel";
    $type    = "text/plain";
    $content = "username: $user
org: $org
user key: $key
server: $host
client.cert:
$certificate
Client.key:
$cert_key
ca.cert:
$server_cert
";
    break;
  default:
    die("invalid file name");
    break;
  }

  header("Content-Type: $type");
  header('Content-Disposition: attachment; filename="' . $name . '"');
  header('Content-Transfer-Encoding: binary');
  header('Accept-Ranges: bytes');
  header('Cache-Control: private');
  header('Pragma: private');
  echo $content;
  exit;
}
?>
<html>
<header>
  <title>Taskwarrior configuration</title>
</header>
<body>
<ul>
  <li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
  <li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
  <li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
</ul>
For command line interface, download the files, put them near your Taskwarrior
configuration files, and add that to your Taskwarrior configuration:
<pre>
taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
taskd.server=<?php echo $host ."\n"; ?>
<?php if (count($entries) > 1) {
  echo "# Chose one of them\n";
  foreach($entries as $entry) {
    list($org, $user, $key) = $entry;
    echo "# taskd.credentials=$org/$user/$key\n";
  }
} else { ?>
taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
<?php } ?>
taskd.ca=/path/to/ca.cert.pem
</pre>
For Mirakel, download and import the file:
<ul>
<?php
foreach ($entries as $entry) {
  list($org, $user, $key) = $entry;
  echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
}
?>
</ul>
For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
</body>
</html>
Commit	Line	Data
	1	<?php
	2	if (!isset($_SERVER["REMOTE_USER"])) {
	3	die("please login");
	4	}
	5	$ldap_user = $_SERVER["REMOTE_USER"];
	6	$ldap_host = getenv("TASKD_LDAP_HOST");
	7	$ldap_dn = getenv('TASKD_LDAP_DN');
	8	$ldap_password = getenv('TASKD_LDAP_PASSWORD');
	9	$ldap_base = getenv('TASKD_LDAP_BASE');
	10	$ldap_filter = getenv('TASKD_LDAP_FILTER');
	11	$host = getenv('TASKD_HOST');
	12	$vardir = getenv('TASKD_VARDIR');
	13
	14	$connect = ldap_connect($ldap_host);
	15	ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
	16	if (!$connect \|\| !ldap_bind($connect, $ldap_dn, $ldap_password)) {
	17	die("impossible to connect to LDAP");
	18	}
	19
	20	$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
	21
	22	$search = ldap_search($connect, $ldap_base, $search_query);
	23	$info = ldap_get_entries($connect, $search);
	24
	25	if (ldap_count_entries($connect, $search) != 1) {
	26	die("Impossible to find user in LDAP");
	27	}
	28
	29	$entries = [];
	30	foreach($info[0]["immaetaskid"] as $key => $value) {
	31	if ($key !== "count") {
	32	$entries[] = explode(":", $value);
	33	}
	34	}
	35
	36	if (isset($_GET["file"])) {
	37	$basecert = $vardir . "/userkeys/" . $ldap_user;
	38	if (!file_exists($basecert . ".cert.pem")) {
	39	exec("taskserver-user-certs $ldap_user");
	40	}
	41	$certificate = file_get_contents($basecert . ".cert.pem");
	42	$cert_key = file_get_contents($basecert . ".key.pem");
	43
	44	// IdenTrust DST Root CA X3
	45	// obtained here: https://letsencrypt.org/fr/certificates/
	46	$server_cert = "-----BEGIN CERTIFICATE-----
	47	MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
	48	MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
	49	DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
	50	PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
	51	Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
	52	AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
	53	rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
	54	OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
	55	xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
	56	7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
	57	aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
	58	HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
	59	SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
	60	ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
	61	AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
	62	R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
	63	JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
	64	Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
	65	-----END CERTIFICATE-----";
	66
	67	$file = $_GET["file"];
	68	switch($file) {
	69	case "ca.cert.pem":
	70	$content = $server_cert;
	71	$name = "ca.cert.pem";
	72	$type = "application/x-x509-ca-cert";
	73	break;
	74	case "cert.pem":
	75	$content = $certificate;
	76	$name = $ldap_user . ".cert.pem";
	77	$type = "application/x-x509-ca-cert";
	78	break;
	79	case "key.pem":
	80	$content = $cert_key;
	81	$name = $ldap_user . ".key.pem";
	82	$type = "application/x-x509-ca-cert";
	83	break;
	84	case "mirakel";
	85	foreach ($entries as $entry) {
	86	list($org, $user, $key) = $entry;
	87	if ($key == $_GET["key"]) { break; }
	88	}
	89	$name = $user . ".mirakel";
	90	$type = "text/plain";
	91	$content = "username: $user
	92	org: $org
	93	user key: $key
	94	server: $host
	95	client.cert:
	96	$certificate
	97	Client.key:
	98	$cert_key
	99	ca.cert:
	100	$server_cert
	101	";
	102	break;
	103	default:
	104	die("invalid file name");
	105	break;
	106	}
	107
	108	header("Content-Type: $type");
	109	header('Content-Disposition: attachment; filename="' . $name . '"');
	110	header('Content-Transfer-Encoding: binary');
	111	header('Accept-Ranges: bytes');
	112	header('Cache-Control: private');
	113	header('Pragma: private');
	114	echo $content;
	115	exit;
	116	}
	117	?>
	118	<html>
	119	<header>
	120	<title>Taskwarrior configuration</title>
	121	</header>
	122	<body>
	123	<ul>
	124	<li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
	125	<li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
	126	<li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
	127	</ul>
	128	For command line interface, download the files, put them near your Taskwarrior
	129	configuration files, and add that to your Taskwarrior configuration:
	130	<pre>
	131	taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
	132	taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
	133	taskd.server=<?php echo $host ."\n"; ?>
	134	<?php if (count($entries) > 1) {
	135	echo "# Chose one of them\n";
	136	foreach($entries as $entry) {
	137	list($org, $user, $key) = $entry;
	138	echo "# taskd.credentials=$org/$user/$key\n";
	139	}
	140	} else { ?>
	141	taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
	142	<?php } ?>
	143	taskd.ca=/path/to/ca.cert.pem
	144	</pre>
	145	For Mirakel, download and import the file:
	146	<ul>
	147	<?php
	148	foreach ($entries as $entry) {
	149	list($org, $user, $key) = $entry;
	150	echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
	151	}
	152	?>
	153	</ul>
	154	For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
	155	</body>
	156	</html>
	157