allow existing user to use deSEC (#2088)

1 files changed, 93 insertions, 26 deletions

diff --git a/addons/desec.sh b/addons/desec.sh
index 3a2654bb..84e2ccb6 100644
--- a/addons/desec.sh
+++ b/addons/desec.sh
@@ -8,6 +8,8 @@ SCRIPT_EXPLAINER="This script will automatically register a domain of your likin
 # shellcheck source=lib.sh
 source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
 
+
+prompt_dedyn_subdomain(){
 # Enter the subdomain
 msg_box "Please enter the subdomain (*example*.dedyn.io) that you want to use"
 while :
@@ -23,38 +25,43 @@ The only allowed characters for the subdomain are:
         msg_box "Allowed characters for the subdomain are:\na-z', 'A-Z', and '0-9'\n\nPlease try again."
     else
         DEDYNDOMAIN="$SUBDEDYN.dedyn.io"
-        # Check for SOA record
-        if host -t SOA "$DEDYNDOMAIN" >/dev/null 2>&1
-        then
-            if ! yesno_box_yes "Sorry, but it seems like $DEDYNDOMAIN is taken. Do you want to try again?"
-            then
-               exit
-            fi
-        else
-            break
-        fi
+        break
     fi
 done
+}
 
+new_domain_email_info_1(){
 ### TODO, is it possible to check if the email address already exists with deSEC? In that case we could skip this whole info and replace it with a function instead.
 # Email address
 msg_box "You will now be prompted to enter an email address. It's very important that the email address you enter it a 100% valid one! deSEC will verify your email address by sending you a verification link.
 
-Every 6 months you will get an email asking you to confirm your domain. If you don't react within a few weeks, your domain will be destroyed!"
+Every 6 months you will get an email asking you to confirm your domain. If you don't react within a few weeks, your domain will be destroyed!
 
-msg_box "Please note: If you already created an account with deSEC you can't use the same email address in this script as you won't get an email with a captcha. In that case, please use your already existing account to set up your domain at the deSEC website.
+PLEASE NOTE: The email address you enter here, can not already be registered as a valid account with deSEC."
+}
 
-Another option is to use another email address in this setup, and then email the deSEC support that you want to merge your two accounts together, or delete the first one.
+existing_account() {
+if yesno_box_no "Do you already have an account with deSEC and are able to login?"
+then
+    msg_box "OK, please login to your account and add a new auth token here: https://desec.io/tokens (https://imgur.com/a/anOpe5t).
 
-In other words, the email address used in this script has to be uniqe, and can not be registred with deSEC since before."
+When done, please copy that token and add it in the next screen after you hit 'OK'."
+else
+    return 1
+fi
+}
 
-VALIDEMAIL=$(input_box_flow "Please enter a valid email address. NOT a fake or a temporary one.")
+prompt_email_address(){
+VALIDEMAIL=$(input_box_flow "Please enter the email address that you would like to use for your deSEC account.")
+}
 
+new_domain_email_info_2(){
 msg_box "If you later want to log into your deSEC account, you need to set a login password here: https://desec.io/reset-password
 
 You don't need to do this now."
+}
 
-# Register the domain
+register_the_domain(){
 curl -X POST https://desec.io/api/v1/auth/ \
     --header "Content-Type: application/json" --data @- <<EOF
     {
@@ -68,23 +75,25 @@ EOF
 msg_box "If the registration was successful you should have got an email with a link to configure your auth token.
 
 Please wait up to 5 minutes for the email to arrive."
+}
 
+received_registration_email_check(){
 # Did the user get the email?
 if ! yesno_box_yes "Did you receive the email?"
 then
-    msg_box "OK, please try again later by executing the deSEC script like this:
-
-sudo bash $SCRIPTS/menu.sh --> Server Configuration --> deSEC
+    msg_box "OK, please try again later.
 
-Please also email support@desec.io for further support, maybe the subdomain is already in use?"
-    exit 1
+Please also email support@desec.io for further support. You can refer to the use of this script."
+    aborted_exit_message
 else
     if ! yesno_box_yes "Great! Did you copy the token you received?"
     then
         msg_box "OK, please copy the token and enter it in the next box after you hit 'OK'"
     fi
 fi
+}
 
+prompt_security_token(){
 # Check if DEDYNAUTH is valid
 while :
 do
@@ -93,15 +102,17 @@ do
     then
         if ! yesno_box_yes "Sorry, but it seems like the auth token (update password) is incorrect. Do you want to try again?"
         then
-           exit
+           aborted_exit_message
         fi
     else
-       msg_box "$DEDYNDOMAIN was successfully set up with deSEC! Now please continue with the DDNS and TLS setup for the domain."
+       msg_box "$DEDYNDOMAIN was successfully set up with deSEC! Now please continue with the DDNS and TLS setup for the subdomain."
        break
     fi
 done
+}
 
-# Ask user if DynDNS should be added to the domain
+prompt_dyndns(){
+# Ask user if DynDNS should be added to the subdomain
 if yesno_box_yes "Do you want to add automatic updates of your WAN IP using ddclient?
 Please note: this will reset any configuration that might be already in place with ddclient."
 then
@@ -109,7 +120,9 @@ then
     export DEDYNAUTHTOKEN
     run_script NETWORK ddclient-configuration
 fi
+}
 
+prompt_tls(){
 # Ask if the user wants to add TLS (use script)
 if yesno_box_yes "Do you want to set this domain as your Nextcoud domain \
 and activate TLS for your Nextcloud using Let's Encrypt?"
@@ -122,14 +135,68 @@ then
     curl_to_dir "https://raw.githubusercontent.com/desec-io/desec-certbot-hook/master" ".dedynauth" "$SCRIPTS"/deSEC
     check_command sed -i "s|DEDYN_TOKEN=.*|DEDYN_TOKEN=$DEDYNAUTHTOKEN|g" "$SCRIPTS"/deSEC/.dedynauth
     check_command sed -i "s|DEDYN_NAME=.*|DEDYN_NAME=$DEDYNDOMAIN|g" "$SCRIPTS"/deSEC/.dedynauth
-    msg_box "DNS updates for deSEC are now set. This means you don't have to open any ports (80|443) since deSEC TLS renewals will be run with a built in hook. \
+    msg_box "DNS updates for deSEC are now set. This means you don't have to open any ports (80|443) for the renewal process since deSEC TLS renewals will be run with a built in hook. \
 The hook files will end up in $SCRIPTS/deSEC, please don't touch that folder unless you know what you're doing. \
-You can read more about it here: https://github.com/desec-io/desec-certbot-hook"
+You can read more about it here: https://github.com/desec-io/desec-certbot-hook
+
+Please remember that you still need to open the port you choose to make your server publicly available.
+You can read more about that here: https://goo.gl/iUGE2U"
 
     # Run the TLS script
     run_script LETS_ENC activate-tls
 fi
 
+}
+
+aborted_exit_message(){
+    msg_box "You can run this script again at a later time by using:
+
+sudo bash $SCRIPTS/menu.sh --> Server Configuration --> deSEC"
+    exit 1
+}
+
+# The magic starts here:
+while :
+do
+    prompt_dedyn_subdomain
+    # Check for SOA record
+    if host -t SOA "$DEDYNDOMAIN" >/dev/null 2>&1
+    then
+        # Domain is taken
+        msg_box "Sorry, but it seems like $DEDYNDOMAIN is taken."
+        if existing_account
+        then
+            # Register the domain in the existing account --> prompt_for_security_token
+            break
+        else
+            # The user doesn't have an existing account, ask to try another domain
+            if ! yesno_box_yes "Would you like to try another subdomain? Answering 'No' will exit the deSEC/DynDNS/TLS setup."
+            then
+                aborted_exit_message
+            fi
+        fi
+    else
+        # Domain is free and available to register
+        if ! existing_account
+        then
+            # Ask for new account details
+            new_domain_email_info_1
+            prompt_email_address
+            new_domain_email_info_2
+            register_the_domain
+            received_registration_email_check
+            break
+        else
+            # Register the domain in the existing account --> prompt_for_security_token
+            break
+        fi
+    fi
+done
+
+prompt_security_token
+prompt_dyndns
+prompt_tls
+
 # Make sure they are gone
 unset DEDYNDOMAIN
 unset DEDYNAUTHTOKEN