diff --git a/config.py b/config.py index af334c7..9704ca6 100644 --- a/config.py +++ b/config.py @@ -99,18 +99,28 @@ conf.registerGlobalValue(Keycloak.options, 'emailVerified', """ Keycloak: Whether to set newly created users email addresses to having been verified \(true, default\) or not \(false\) """ + , private=True )) conf.registerGlobalValue(Keycloak.options, 'firstName', registry.String('Foo', """ Keycloak: What to set as the firstName value for newly created users. """ + , private=True )) conf.registerGlobalValue(Keycloak.options, 'lastName', registry.String('Bar', """ Keycloak: What to set as the lastName value for newly created users. """ + , private=True +)) +conf.registerGlobalValue(Keycloak.options, 'ircgroup', + registry.String('', + """ + Keycloak: Group ID for `ircprom` + """ + , private=True )) # vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79: diff --git a/plugin.py b/plugin.py index 561fcb0..fe6028e 100644 --- a/plugin.py +++ b/plugin.py @@ -126,7 +126,66 @@ class Keycloak(callbacks.Plugin): register = wrap(register, ['anything']) + def ircprom(self, irc, msg, args, option): + """ + true/on = enable authentication to your IRC account with an SSO account going by the same username -- + false/off = allow authentication to your IRC account ONLY with internal IRC credentials (NickServ) -- + Warning: Enabling this without having an SSO account with the same username as your IRC nickname is a security risk.""" + user = msg.nick + server = self.registryValue('backend.server') + realm = self.registryValue('backend.realm') + tokenurl = self.registryValue('backend.token') + usererr = self.registryValue('replies.error') + gid = self.registryValue('options.ircgroup') + try: + tokendl = requests.get(tokenurl) + tokendata = tokendl.json() + token = tokendata['access_token'] + url = server + '/auth/admin/realms/' + realm + '/users' + userdata = requests.get(url, params = {'username': user}, headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + userresp = userdata.json() + uid = userresp[0]['id'] + print(user, uid) + except: + print("ERROR: Keycloak token could not be installed.") + irc.error(usererr) + try: + url = server + '/auth/admin/realms/' + realm + '/users/' + uid + '/groups/' + gid + if option == 'true' or option == 'on' or option == '1': + option = 'enable' + response = requests.put( + url, + headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + if option == 'false' or option == 'off' or option == '0': + option == 'disable' + response = requests.delete( + url, + headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token}) + if option != 'true' != 'on' != '1' != 'false' != 'off' != '0': + irc.error('Invalid argument.') + else: + print("Keycloak: HTTP Status ", response.status_code) + try: + print("Keycloak: Response Text: ", response.text) + except: + print("Keycloak: No or invalid response text. This is not an error.") + try: + print("Keycloak: Response JSON: ", response.json()) + except: + print("Keycloak: No or invalid response JSON. This it not an error.") + status = response.status_code + if status == 204: + print(" SSO user " + user + " is now authorized to authenticate IRC user " + user) + irc.queueMsg(msg=ircmsgs.IrcMsg(command='PRIVMSG', args=(msg.nick, f'{pw}'))) + irc.reply("OK, I sent you a private message.") + if status != 204: + print("ERROR: HTTP request did not succeed.") + irc.error(usererr) + except: + print('Operation failed.') + + ircprom = wrap(ircprom, ['anything']) Class = Keycloak