From ec956717683e117b18e5e6fc44db7d5b2d6205ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Thu, 22 Dec 2022 23:35:15 +0100
Subject: [PATCH] Configuration of SMTP params to allow mailing from
 user-mgmt-ui

---
 configure.sh                         | 54 ++++++++++++++++++++--------
 group_vars/all/variables.template    | 22 +++++++++---
 roles/soctools-server/tasks/main.yml |  9 ++++-
 3 files changed, 64 insertions(+), 21 deletions(-)

diff --git a/configure.sh b/configure.sh
index 048a152..57185d2 100755
--- a/configure.sh
+++ b/configure.sh
@@ -83,7 +83,7 @@ else
 	echo
 	echo
 	echo
-	echo "Please provide the following parameters for the first SOCTools user, which will be created during the initialization with organization admin privileges:"
+	echo "Please provide the following parameters for the first SOCTools user, which will be created during the initialization with organization admin privileges (other user accounts can be created later via a web GUI):"
 	echo "username  - Username of the user"
 	echo "firstname - First name of the user"
 	echo "lastname  - Last name of the user"
@@ -105,16 +105,37 @@ else
 	DN="CN=${CN}"
 	echo
 	echo
+	echo "Please provide the configuration for sending emails via SMTP (used by user management web GUI to send emails to users)."
+	echo "You can leave it empty if you are just testing and don't plan to add more users."
+	echo "  host     - Hostname of the SMTP server"
+	echo "  sender   - Email address used as the sender (e.g. 'soctools@${soctoolsproxy}')"
+	echo "  username - Authenticate using this username (leave empty to send emails without authentication)"
+	echo "  password - Authenticate using this password (WARNING: Password is stored in clear in a configuration file)"
+	echo
+	read -p "host []: " smtp_host
+	read -p "sender [soctools@${soctoolsproxy}]: " smtp_sender
+	if [ -z "$smtp_sender" ]; then
+		smtp_sender=soctools@${soctoolsproxy}
+	fi
+	read -p "username []: " smtp_username
+	read -p "password []: " smtp_password
+	echo
 	echo
 	echo "Please check the gathered variables and type 'yes' if everything is correct:"
 	echo "soctoolsproxy:  $soctoolsproxy"
 	echo "organization:   $organization"
-	echo "firstname:  $firstname"
-	echo "lastname:   $lastname"
-	echo "username:   $username"
-	echo "email:      $email"
-	echo "DN:         $DN"
-	echo "CN:         $CN"
+	echo "user:"
+	echo "  firstname:  $firstname"
+	echo "  lastname:   $lastname"
+	echo "  username:   $username"
+	echo "  email:      $email"
+	echo "  DN:         $DN"
+	echo "  CN:         $CN"
+	echo "smtp config:"
+	echo "  host:       $smtp_host"
+	echo "  sender:     $smtp_sender"
+	echo "  username:   $smtp_username"
+	echo "  password:   $smtp_password"
 	echo
 	echo
 	read -p "Correct? type 'yes' or 'no': " ANSWER
@@ -125,14 +146,17 @@ else
 		else
 			cp -f group_vars/all/variables.template group_vars/all/variables.yml
 			sed -i "s/CHANGE_ME_TO_FQDN/${soctoolsproxy}/g" group_vars/all/variables.yml
-			sed -i "s/soctools.test/${domain}/g" group_vars/all/variables.yml
-			sed -i "11s/CHANGE_ME_FIRST_NAME/${firstname}/" group_vars/all/variables.yml
-			sed -i "12s/CHANGE_ME_LAST_NAME/${lastname}/" group_vars/all/variables.yml
-			sed -i "13s/soc_admin/${username}/" group_vars/all/variables.yml
-			sed -i "14s/soc_admin@example.org/${email}/" group_vars/all/variables.yml
-			sed -i "15s/CN=soc_admin/${DN}/" group_vars/all/variables.yml
-			sed -i "16s/soc_admin/${CN}/" group_vars/all/variables.yml
-			sed -i "26s/soc_admin/${username}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_ORG/${organization}/g" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_SMTP_HOST/${smtp_host}/g" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_SMTP_SENDER/${smtp_sender}/g" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_SMTP_USERNAME/${smtp_username}/g" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_SMTP_PASSWORD/${smtp_password}/g" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_FIRST_NAME/${firstname}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_LAST_NAME/${lastname}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_USERNAME/${username}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_EMAIL/${email}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_DN/${DN}/" group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_CN/${CN}/" group_vars/all/variables.yml
 			echo
 			echo
 			echo "variables file generated (group_vars/all/variables.yml)"
diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template
index 0a8e1e6..c85ecbe 100644
--- a/group_vars/all/variables.template
+++ b/group_vars/all/variables.template
@@ -4,16 +4,28 @@
 soctoolsproxy: "CHANGE_ME_TO_FQDN"
 
 # Short organization name (will be used as org. name in MISP, The Hive and Cortex)
-org_name: "SOCTools"
+org_name: "CHANGE_ME_ORG"
+
+# SMTP connection parameters - used by user-mgmt-ui to send emails with access information to users
+smtp:
+    # hostname and port of SMTP server to use (TLS connection is always used)
+    host: "CHANGE_ME_SMTP_HOST"
+    port: 465
+    # sender email address ("From:" header)
+    sender: "CHANGE_ME_SMTP_SENDER"
+    # user and pass to authenticate (optional, it tries to send email without authentication if empty)
+    username: "CHANGE_ME_SMTP_USERNAME"
+    password: "CHANGE_ME_SMTP_PASSWORD"
+
 
 #List of users which will be created during the initialization with organization admin privileges
 soctools_users:
   - firstname: "CHANGE_ME_FIRST_NAME"
     lastname: "CHANGE_ME_LAST_NAME"
-    username: "soc_admin"
-    email: "soc_admin@example.org"
-    DN: "CN=soc_admin"
-    CN: "soc_admin"
+    username: "CHANGE_ME_USERNAME"
+    email: "CHANGE_ME_EMAIL"
+    DN: "CHANGE_ME_DN"
+    CN: "CHANGE_ME_CN"
 #  - firstname: "SOC Admin 2"
 #    lastname: ""
 #    username: "soc_admin_2"
diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml
index da0b59f..e25956f 100644
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -33,8 +33,15 @@
     chdir: '{{playbook_dir}}/user-mgmt-ui'
     warn: no
 
+- name: configure user-mgmt-ui
+  template:
+    src: '{{playbook_dir}}/user-mgmt-ui/config.yml.j2'
+    dest: '{{playbook_dir}}/user-mgmt-ui/config.yml'
+
 - name: create systemd service file for user-mgmt-ui
-  template: src=user-mgmt-ui.service.j2 dest=/etc/systemd/system/user-mgmt-ui.service mode=644
+  template:
+    src: user-mgmt-ui.service.j2
+    dest: /etc/systemd/system/user-mgmt-ui.service mode=644
 
 - name: enable and start user-mgmt-ui service
   systemd:
-- 
GitLab