empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 09:18:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4fd1efe98a
fleet/website/views/emails/email-signed-csr-for-apns.ejs
Eric 4fd1efe98a
Website: Add API to send signed CSR emails (#8408) 
This pull request relies on the `mdm-gen-cert` command from
https://github.com/fleetdm/fleet/pull/8884.
Closes: https://github.com/fleetdm/fleet/issues/8223

Changes:
- Updated the deploy Fleet website workflow to:
   - Add Go as a dependency
   - Build the mdm-gen-cert binary in `/website/.tools/`
   - add the `/.tools/` folder to the Heroku app
- Added `deliver-apple-csr.js` -  an API that:
- can be called by making a `POST` request to
`/api/v1/deliver-apple-csr`
   - accepts `csr` as an input
- runs the `mdm-gen-cert` command with the `csr` set as an environment
variable
- returns an `invalidEmailDomain` response if the user's email domain is
in the array of banned email domains.
- saves the users organization and email address to the website's
database
- Sends an email to the requesting user's email address with the signed
CSR attached as a text file named `apple-apns-request.txt`
   - Posts a message to a channel in the Fleet Slack.
- Added a new model: `CertificateSigningRequests` that contains two
required attributes: `emailAddress` and `organization`
- Added a new email template `email-signed-csr-for-apns`
- Updated routes, policies, eslintrc, and rebuilt cloud-sdk


Before this can be merged, we will need to:
- [x] Add new config variables in Heroku
   - [x] `sails.config.custom.mdmVendorCertPem` 
   - [x] `sails.config.custom.mdmVendorKeyPem`
   - [x] `sails.config.custom.mdmVendorKeyPassphrase`
   - [x] `sails.config.custom.slackWebhookUrlForMDMSignups`
- [x] Add the `CertificateSigningRequests` model to the website's
database
2023-01-19 14:43:14 -06:00

24 lines
1.8 KiB
Plaintext
Vendored
Raw Blame History

<% /* Note: This is injected into `views/layouts/layout-email.ejs` */ %>
<p style="margin-bottom: 32px;">Your certificate signing request (CSR) for Apple Push Notification Service is attached to this email.</p>
<p style="margin-bottom: 32px; font-weight: 700;">What to do next</p>
<ol style="margin-bottom: 32px">
<li style="margin-bottom: 16px;">
Sign in to <a style="color: #6A67FE; text-decoration: none;" href="https://identity.apple.com/pushcert" target="_blank">Apple Push Certificates Portal</a> using a Managed Apple ID (recommended). Refer to <a style="color: #6A67FE; text-decoration: none;" href="https://support.apple.com/guide/apple-business-manager/use-managed-apple-ids-axm78b477c81/web" target="_blank">this guide</a> to learn more about Managed Apple IDs and how to set one up.
</li>
<li style="margin-bottom: 16px;">
In Apple Push Certificates Portal, select <span style="font-style: italic;">Create a Certificate</span>, upload your CSR, and download your APNS certificate.
</li>
<li style="margin-bottom: 0px;">
Deploy Fleet using this certificate. <a style="color: #6A67FE; text-decoration: none;" href="https://fleetdm.com/docs/deploying/configuration#apple-apns-cert" target="_blank">Click here to see how</a>.
</li>
</ol>
<div style="position: relative; padding: 12px 16px 12px 40px; margin-bottom: 32px; background-color: #F1F0FF; border: 1px solid #d9d9fe; border-radius: 6px;">
<img alt="A lightbulb" style="height: 16px; width: 16px; position: absolute; top: 16px; left: 12px;" src="<%= url.resolve(sails.config.custom.baseUrl,'/images/icon-lightbulb-16x16@2x.png') %>">
<p style="margin: 0">
<strong>Tip: </strong>Keep a note of the Managed Apple ID you use when creating APNS certificates for use with MDM. Certificates expire annually, and you will need your Managed Apple ID when you renew the certificate.
</p>
</div>
Reference in New Issue View Git Blame Copy Permalink