### # Copyright (c) 2021, Georg Pfuetzenreuter # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, # this list of conditions, and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions, and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the author of this software nor the name of # contributors to this software may be used to endorse or promote products # derived from this software without specific prior written consent. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. ### import json import re import requests import secrets import string from supybot import utils, plugins, ircutils, callbacks from supybot.commands import * from supybot.ircmsgs import nick try: from supybot.i18n import PluginInternationalization _ = PluginInternationalization('Keycloak') except ImportError: # Placeholder that allows to run the plugin on a bot # without the i18n module _ = lambda x: x class Keycloak(callbacks.Plugin): """Interfaces with Keycloak SSO.""" threaded = True def register(self, irc, msg, args, email): """ registers an account with your username and the specified email address""" #url = 'https://sso.casa/auth/admin/realms/LibertaCasa/users' #token = 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ0MVdqUE5zNk1qWmVfRHF5VjY5ZHRaTFptRm1pYjUtaXlyaktQNjlvd204In0.eyJleHAiOjE2MzA0Mjc2NTgsImlhdCI6MTYzMDQyNzM1OCwianRpIjoiMWIzNjcwNmUtMDA1MS00Y2RhLTgzOTEtMjkyZjQ2ZjVlMDc2IiwiaXNzIjoiaHR0cHM6Ly9zc28uY2FzYS9hdXRoL3JlYWxtcy9MaWJlcnRhQ2FzYSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI3OTVjMThkYi04NTMzLTQxMjItOGVhZC1iZjVjYmRjZjRkNzUiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJpcmMiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtbGliZXJ0YWNhc2EiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwicXVlcnktZ3JvdXBzIiwicXVlcnktdXNlcnMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImNsaWVudElkIjoiaXJjIiwiY2xpZW50SG9zdCI6IjJhMDI6MTc0ODpkZDVkOmU0NjA6MmUwOjRjZmY6ZmU2ODo1Y2EiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1pcmMiLCJjbGllbnRBZGRyZXNzIjoiMmEwMjoxNzQ4OmRkNWQ6ZTQ2MDoyZTA6NGNmZjpmZTY4OjVjYSJ9.fZS5Ovmi8amIoJQedVCkjrl4NzTquXsyzpq7ec_SZk1dV6jD-HzHgQA9Ux22Z3hME3CKSmRq7Ljmd0f4MSkb21SXvkb4Nnk4kLyXiAUIqN_ssU4znakNLLpK-2Nwj9-VseQ5FOhVClWlu2QELkFuOO2qAxyXNrvqWd-OfjB6UxvkdS8CRsemoI9uRlUeya3c1kW7TTjFoOoAFaLYqJipWNuT5UtUTWnzbFfhbFy4Mfi5sYMCjP5arp1Ztkzmtr08Ts2cXE2Dafhzq8XmKdciDelSPfHM1jfAMXOx2OBX1YMfs5oDRTj43NrmYQ_trH4Vc3KYAwj_Bx4-XOVMYEWBJA' #url = 'http://192.168.0.115:8880/auth/admin/realms/devel/users' #token = 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1TDlTMk5tUW9RMkFrWnZaR0NKdUR0ZUNrbGJfRHhlZlhFUmk5cXN0ODBvIn0.eyJleHAiOjE2MzA0MzUzMDIsImlhdCI6MTYzMDQzNTAwMiwianRpIjoiYjJiNjE4ZGEtMDUwZi00ZWU2LWFjNjgtYmFjNTc5ZjZjN2Q0IiwiaXNzIjoiaHR0cDovLzE5Mi4xNjguMC4xMTU6ODg4MC9hdXRoL3JlYWxtcy9kZXZlbCIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2YzdmZTMxYS1hZWM3LTQzMzUtYWI2OC1kMzM2YTIwN2E5ZGQiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJpcmMiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iLCJkZWZhdWx0LXJvbGVzLWRldmVsIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwicXVlcnktZ3JvdXBzIiwicXVlcnktdXNlcnMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImNsaWVudElkIjoiaXJjIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRIb3N0IjoiMTcyLjE2LjI0LjIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtaXJjIiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xNi4yNC4yIn0.dbKBz15f8zdOE6V0Db1WxiHeDgFHyUfNh8gJgAl8ddFfmihtFkVo1gD8IGWKJuapJD-KJWpq3xK3TWaOLr2wdC8QSMhfG3h7l2RWfmkmy2-Ra8_-ZDLDFKQKO6HfFEVZJ5NLzgHatduwX3wJPjDGfuXJf1Iw5iSV0j5eTjOdZVifWoIFrzCCwLbn_fjuX50RRBGWVuq_Qg96L_u4ohaIlRutvaE3tWvzG7GRvdKYYwla9xiIksOvNzjyZf5ucL0VJ3NeuN2yX9TY4YMPXaFAHRlFixcuUKIZw3P_D782GRaxzYNUS_yfGi5li25hT0rD4OEX22YSqkHHJzZszWlAWw' server = self.registryValue('backend.server') realm = self.registryValue('backend.realm') tokenurl = self.registryValue('backend.token') usererr = self.registryValue('replies.error') try: tokendl = requests.get(tokenurl) tokendata = tokendl.json() token = tokendata['access_token'] except: print("ERROR: Keycloak token could not be installed.") irc.error(usererr) url = server + '/auth/admin/realms/' + realm + '/users' if re.match(r"[^@]+@[^@]+\.[^@]+", email): payload = { "firstName": "Foo", "lastName": "Bar", "email": email, "enabled": "true", "username": msg.nick, "credentials": [{"type": "password", "value": "test123", "temporary": "true"}] } response = requests.post( url, headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}, json = payload ) print("Keycloak: HTTP Status ", response.status_code) if response.text: print("Keycloak: Response Text: ", response.text) print("Keycloak: Response JSON: ", response.json()) status = response.status_code #To-Do: figure out why this needs to bere instead of being fed from the usererr config variable defined above #usererr = irc.error("Something went wrong. Please contact an administrator.") if status == 201: print(" SSO User " + msg.nick + " created.") irc.reply("OK, please log in and change your password NOW.") if status == 400: print("ERROR: Keycloak indicated that the request is invalid.") irc.error(usererr) if status == 401: print("ERROR: Fix your Keycloak API credentials and/or client roles, doh.") irc.error(usererr) if status == 403: print("ERROR: Keycloak indicated that the authorization provided is not enough to access the resource.") irc.error(usererr) if status == 404: print("ERROR: Keycloak indicated that the requested resource does not exist.") irc.error(usererr) if status == 409: print("ERROR: Keycloak indicated that the resource already exists or \"some other coonflict when processing the request\" occured.") irc.reply("Your username seems to already be registerd.") if status == 415: print("ERROR: Keycloak indicated that the requested media type is not supported.") irc.error(usererr) if status == 500: print("ERROR: Keycloak indicated that the server could not fullfill the request due to \"some unexpected error \".") irc.error(usererr) else: irc.error("Is that a valid email address?") register = wrap(register, ['anything']) Class = Keycloak # vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: