Making Client Revocation Headless and Documenting New Feature

This closes angristan#486

README.md

@@ -70,6 +70,19 @@ Other variables can be set depending on your choice (encryption, compression). Y
 
 Password-protected clients are not supported by the headless installation method since user input is expected by Easy-RSA.
 
+### Headless User Removal
+
+The removal of an existing user can also be fully automated. Again, the key is to provide the (string) value of the `MENU_OPTION` variable along with the remaining mandatory variables before invoking the script.
+
+The following Bash script removes the existing user `bar` from an OpenVPN configuration
+```bash
+#!/bin/bash
+export MENU_OPTION="2"
+export CLIENT="bar"
+./openvpn-install.sh
+```
+
+
 ## Features
 
 - Installs and configures a ready-to-use OpenVPN server

openvpn-install.sh

@@ -1072,16 +1072,18 @@ function revokeClient () {
 		exit 1
 	fi
 
-	echo ""
-	echo "Select the existing client certificate you want to revoke"
-	tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
-	if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
-		read -rp "Select one client [1]: " CLIENTNUMBER
-	else
-		read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
-	fi
+	until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do
+		echo ""
+		echo "Select the existing client certificate you want to revoke"
+		tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
+		if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
+			read -rp "Select one client [1]: " CLIENTNUMBER
+		else
+			read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
+		fi
 
-	CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
+		CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
+	done
 	cd /etc/openvpn/easy-rsa/
 	./easyrsa --batch revoke "$CLIENT"
 	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl