-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcomdirect_cli
More file actions
executable file
·156 lines (132 loc) · 5.16 KB
/
comdirect_cli
File metadata and controls
executable file
·156 lines (132 loc) · 5.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/bin/sh
# Environment Variable Prerequisites
#
# Do not set the variables here. Instead put them into a file
# .comdirect in HOME to keep it separate.
#
# ACHTUNG: IHR HINTERLEGT ZUGANGSDATEN AUF EUER BANKKONTO!
#
# CLIENT_ID comdirect client_id of your bank account
#
# CLIENT_SECRET comdirect client_secret of your bank account
#
# KUNDENUMMER Eure 6stellige Kundenummer
#
# PIN Euer PIN/Passwort
#
# Base URL for all comdirect REST API requests
base_url=https://api.comdirect.de
# No idea why this is needed. It serves no purpose, just complicates things.
client_request_id='{"clientRequestId":{"sessionId":"icanhascheezburger","requestId":0}}'
# Access and refresk tokens are read and stored in a file
# .comdirect.tok in your HOME
# Make sure curl is available in $PATH
if ! command -v curl >/dev/null 2>&1 ; then
echo >&2 "missing curl"
exit 1
fi
# Make sure jq is available in $PATH
if ! command -v jq >/dev/null 2>&1 ; then
echo >&2 "missing jq"
exit 1
fi
# Read credentials from $HOME/.comdirect
if test -r "$HOME"/.comdirect ; then
. "$HOME"/.comdirect
else
echo >&2 "$HOME/.comdirect not found"
exit 1
fi
authenticate()
{
# 2.1 OAuth2 Resource Owner Password Credentials Flow
curl_data="client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&username=$USERNAME&password=$PASSWORD&grant_type=password"
RESPONSE=$(curl -sS -d "$curl_data" "$base_url"/oauth/token)
ACCESS_TOKEN=$(echo "$RESPONSE" | jq -r ".access_token")
# 2.2 Abruf Session-Status
RESPONSE=$(curl -sS \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H "x-http-request-info: $client_request_id" \
$base_url/api/session/clients/user/v1/sessions)
IDENTIFIER=$(echo "$RESPONSE" | jq -r ".[].identifier")
# 2.3 Anlage Validierung einer Session-Tan
CLIENT_REQUEST_BODY=$(jq -ncj \
--arg identifier "$IDENTIFIER" \
'{"identifier":$identifier,"sessionTanActive":true,"activated2FA":true}')
TAN_CHALLENGE_ID=$(curl -sS \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H "x-http-request-info: $client_request_id" \
-d "$CLIENT_REQUEST_BODY" \
-D - \
$base_url/api/session/clients/user/v1/sessions/"$IDENTIFIER"/validate \
-o /dev/null | grep "x-once-authentication-info" | cut -c29- | jq -r ".id")
# User needs to accept push TAN in comdirect banking app
read -p "Accept push TAN and press [ENTER] to continue" key_value
unset key_value
# 2.4 Aktivierung einer Session-TAN
ID_OBJ=$(jq -ncj \
--arg id "$TAN_CHALLENGE_ID" \
'{"id":$id}')
curl -X PATCH -sS \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Accept: application/json' \
-H "x-http-request-info: $client_request_id" \
-H 'Content-Type: application/json' \
-H "x-once-authentication-info: $ID_OBJ" \
-d "$CLIENT_REQUEST_BODY" \
"$base_url"/api/session/clients/user/v1/sessions/"$IDENTIFIER" > /dev/null
# 2.5 CD Secondary Flow
RESPONSE=$(curl -sS \
-d client_id="$CLIENT_ID" \
-d client_secret="$CLIENT_SECRET" \
-d grant_type=cd_secondary \
-d token="$ACCESS_TOKEN" \
-H 'Accept:application/json' \
"$base_url"/oauth/token)
# No idea why we need to override the access_token with a new value
ACCESS_TOKEN=$(echo "$RESPONSE" | jq -r ".access_token")
REFRESH_TOKEN=$(echo "$RESPONSE" | jq -r ".refresh_token")
echo "ACCESS_TOKEN=${ACCESS_TOKEN}\nREFRESH_TOKEN=$REFRESH_TOKEN" > "$HOME"/.comdirect.tok
}
refresh_token_flow()
{
curl_data="client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&refresh_token=$REFRESH_TOKEN&grant_type=refresh_token"
RESPONSE=$(curl -sS -d "$curl_data" "$base_url"/oauth/token)
ACCESS_TOKEN=$(echo "$RESPONSE" | jq -r ".access_token")
REFRESH_TOKEN=$(echo "$RESPONSE" | jq -r ".refresh_token")
echo "ACCESS_TOKEN=${ACCESS_TOKEN}\nREFRESH_TOKEN=$REFRESH_TOKEN" > "$HOME"/.comdirect.tok
}
# Read access and refresh token if available
# No refresh token workflow at the moment, we only read
# the tokens if the file is not older than 600 seconds,
# otherwise create new access tokens
if test -r "$HOME"/.comdirect.tok ; then
. "$HOME"/.comdirect.tok
last_modified=$(($(date +%s)-$(stat -c %Y "$HOME"/.comdirect.tok)))
if test $last_modified -ge 599 ; then
refresh_token_flow
fi
else
authenticate
fi
# 4.1.1 Abruf AccountBalances alle Konten
curl -sS \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H "x-http-request-info: $client_request_id" \
"$base_url"/api/banking/clients/user/v2/accounts/balances \
| jq -r '.values[] | [ .account.accountType.text, .balanceEUR.value] | @csv' \
| column -t -s,
# Revoke token
# curl -X DELETE -sS \
# -H 'Accept: application/json' \
# -H 'Content-Type:application/x-www-form-urlencoded' \
# -H "Authorization: Bearer $ACCESS_TOKEN" \
# "$base_url"/oauth/revoke
# we are done
exit 0