diff options
| author | Georg | 2021-09-02 19:43:22 +0200 |
|---|---|---|
| committer | Georg | 2021-09-02 19:43:22 +0200 |
| commit | 31ed2ed1fe49858498a60f0fb51da8edb5e5df5a (patch) | |
| tree | 507e1a72ab8fc364935dc920b1e7d972f9700418 | |
| parent | 474d16ba946b31c7fa13c9365138d8245d09f724 (diff) | |
| download | keycloak-31ed2ed1fe49858498a60f0fb51da8edb5e5df5a.tar.gz keycloak-31ed2ed1fe49858498a60f0fb51da8edb5e5df5a.tar.bz2 keycloak-31ed2ed1fe49858498a60f0fb51da8edb5e5df5a.zip | |
IRC<->SSO user opt-in
Signed-off-by: Georg <georg@lysergic.dev>
| -rw-r--r-- | config.py | 10 | ||||
| -rw-r--r-- | plugin.py | 59 |
2 files changed, 69 insertions, 0 deletions
@@ -99,18 +99,28 @@ conf.registerGlobalValue(Keycloak.options, 'emailVerified', """ Keycloak: Whether to set newly created users email addresses to having been verified \(true, default\) or not \(false\) """ + , private=True )) conf.registerGlobalValue(Keycloak.options, 'firstName', registry.String('Foo', """ Keycloak: What to set as the firstName value for newly created users. """ + , private=True )) conf.registerGlobalValue(Keycloak.options, 'lastName', registry.String('Bar', """ Keycloak: What to set as the lastName value for newly created users. """ + , private=True +)) +conf.registerGlobalValue(Keycloak.options, 'ircgroup', + registry.String('', + """ + Keycloak: Group ID for `ircprom` + """ + , private=True )) # vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79: @@ -126,7 +126,66 @@ class Keycloak(callbacks.Plugin): register = wrap(register, ['anything']) + def ircprom(self, irc, msg, args, option): + """<status> + true/on = enable authentication to your IRC account with an SSO account going by the same username -- + false/off = allow authentication to your IRC account ONLY with internal IRC credentials (NickServ) -- + Warning: Enabling this without having an SSO account with the same username as your IRC nickname is a security risk.""" + user = msg.nick + server = self.registryValue('backend.server') + realm = self.registryValue('backend.realm') + tokenurl = self.registryValue('backend.token') + usererr = self.registryValue('replies.error') + gid = self.registryValue('options.ircgroup') + try: + tokendl = requests.get(tokenurl) + tokendata = tokendl.json() + token = tokendata['access_token'] + url = server + '/auth/admin/realms/' + realm + '/users' + userdata = requests.get(url, params = {'username': user}, headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + userresp = userdata.json() + uid = userresp[0]['id'] + print(user, uid) + except: + print("ERROR: Keycloak token could not be installed.") + irc.error(usererr) + try: + url = server + '/auth/admin/realms/' + realm + '/users/' + uid + '/groups/' + gid + if option == 'true' or option == 'on' or option == '1': + option = 'enable' + response = requests.put( + url, + headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + if option == 'false' or option == 'off' or option == '0': + option == 'disable' + response = requests.delete( + url, + headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + if option != 'true' != 'on' != '1' != 'false' != 'off' != '0': + irc.error('Invalid argument.') + else: + print("Keycloak: HTTP Status ", response.status_code) + try: + print("Keycloak: Response Text: ", response.text) + except: + print("Keycloak: No or invalid response text. This is not an error.") + try: + print("Keycloak: Response JSON: ", response.json()) + except: + print("Keycloak: No or invalid response JSON. This it not an error.") + status = response.status_code + if status == 204: + print(" SSO user " + user + " is now authorized to authenticate IRC user " + user) + irc.queueMsg(msg=ircmsgs.IrcMsg(command='PRIVMSG', args=(msg.nick, f'{pw}'))) + irc.reply("OK, I sent you a private message.") + if status != 204: + print("ERROR: HTTP request did not succeed.") + irc.error(usererr) + except: + print('Operation failed.') + + ircprom = wrap(ircprom, ['anything']) Class = Keycloak |