From 2039141369463918d4349c0b8708b320fa0dcc18 Mon Sep 17 00:00:00 2001
From: Christos Arvanitis <arvchristos@protonmail.com>
Date: Mon, 11 Dec 2023 12:19:49 +0100
Subject: [PATCH] Check for required env variables on OIDC

---
 core/files/configure_misp.sh | 13 ++++---------
 core/files/utilities.sh      | 18 ++++++++++++++++++
 docker-compose.yml           |  1 +
 template.env                 |  6 +++---
 4 files changed, 26 insertions(+), 12 deletions(-)
 create mode 100644 core/files/utilities.sh

diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
index 99537c1..cb1a633 100755
--- a/core/files/configure_misp.sh
+++ b/core/files/configure_misp.sh
@@ -1,20 +1,12 @@
 #!/bin/bash
 
 source /rest_client.sh
+source /utilities.sh
 
 [ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test"
 [ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase"
 [ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis"
 [ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules"
-[ -z "$OIDC_PROVIDER_URL" ] && OIDC_PROVIDER_URL="test_provider"
-[ -z "$OIDC_CLIENT_ID" ] && OIDC_CLIENT_ID="test_client_id"
-[ -z "$OIDC_CLIENT_SECRET" ] && OIDC_CLIENT_SECRET="test_client_secret"
-[ -z "$OIDC_ROLES_PROPERTY" ] && OIDC_ROLES_PROPERTY="roles"
-[ -z "$OIDC_ROLES_MAPPING" ] && OIDC_ROLES_MAPPING="{
-    \"admin\": \"1\",
-    \"sync-user\": \"5\"
-}"
-[ -z "$OIDC_DEFAULT_ORG" ] && OIDC_DEFAULT_ORG="$ADMIN_ORG"
 
 # Switches to selectively disable configuration logic
 [ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true"
@@ -109,6 +101,9 @@ set_up_oidc() {
         return
     fi
 
+    # Check required variables
+    check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
+
     sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
         \"Security\": {
             \"auth\": [\"OidcAuth.Oidc\"]
diff --git a/core/files/utilities.sh b/core/files/utilities.sh
new file mode 100644
index 0000000..7f691a9
--- /dev/null
+++ b/core/files/utilities.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Check whether passed env variables are defined
+check_env_vars() {
+    local required_vars=("$@")
+
+    missing_vars=()
+    for i in "${required_vars[@]}"
+    do
+        test -n "${!i:+y}" || missing_vars+=("$i")
+    done
+    if [ ${#missing_vars[@]} -ne 0 ]
+    then
+        echo "The following env variables are not set:"
+        printf ' %q\n' "${missing_vars[@]}"
+        exit 1
+    fi
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 76731ad..dcd4f42 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -75,6 +75,7 @@ services:
       - "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
       - "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
       - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
+      - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
       - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
       # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
       - "SYNCSERVERS=${SYNCSERVERS}"
diff --git a/template.env b/template.env
index f9280ed..cc5106e 100644
--- a/template.env
+++ b/template.env
@@ -93,6 +93,6 @@ SYNCSERVERS_1_KEY=
 # OIDC_PROVIDER_URL=
 # OIDC_CLIENT_ID=
 # OIDC_CLIENT_SECRET=
-# OIDC_ROLES_PROPERTY=
-# OIDC_ROLES_MAPPING=
-# OIDC_DEFAULT_ORG=""
+# OIDC_ROLES_PROPERTY="roles"
+# OIDC_ROLES_MAPPING={"admin": "1","sync-user": "5"}
+# OIDC_DEFAULT_ORG=