IRC<->SSO user opt-in

Signed-off-by: Georg <georg@lysergic.dev>

config.py

@@ -99,18 +99,28 @@ conf.registerGlobalValue(Keycloak.options, 'emailVerified',
     """
     Keycloak: Whether to set newly created users email addresses to having been verified \(true, default\) or not \(false\)
     """
+    , private=True
 ))
 conf.registerGlobalValue(Keycloak.options, 'firstName',
     registry.String('Foo',
     """
     Keycloak: What to set as the firstName value for newly created users.
     """
+    , private=True
 ))
 conf.registerGlobalValue(Keycloak.options, 'lastName',
     registry.String('Bar',
     """
     Keycloak: What to set as the lastName value for newly created users.
     """
+    , private=True
+))
+conf.registerGlobalValue(Keycloak.options, 'ircgroup',
+    registry.String('',
+    """
+    Keycloak: Group ID for `ircprom`
+    """
+    , private=True
 ))
 
 # vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79:

plugin.py

@@ -126,7 +126,66 @@ class Keycloak(callbacks.Plugin):
 
     register = wrap(register, ['anything'])
 
+    def ircprom(self, irc, msg, args, option):
+        """<status>
+        true/on = enable authentication to your IRC account with an SSO account going by the same username --
+        false/off = allow authentication to your IRC account ONLY with internal IRC credentials (NickServ) --
+        Warning: Enabling this without having an SSO account with the same username as your IRC nickname is a security risk."""
 
+        user = msg.nick
+        server = self.registryValue('backend.server')
+        realm = self.registryValue('backend.realm')
+        tokenurl = self.registryValue('backend.token')
+        usererr = self.registryValue('replies.error')
+        gid = self.registryValue('options.ircgroup')
+        try:
+            tokendl = requests.get(tokenurl)
+            tokendata = tokendl.json()
+            token = tokendata['access_token']
+            url = server + '/auth/admin/realms/' + realm + '/users'
+            userdata = requests.get(url, params = {'username': user}, headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
+            userresp = userdata.json()
+            uid = userresp[0]['id']
+            print(user, uid)
+        except:
+            print("ERROR: Keycloak token could not be installed.")
+            irc.error(usererr)
+        try:
+            url = server + '/auth/admin/realms/' + realm + '/users/' + uid + '/groups/' + gid
+            if option == 'true' or option == 'on' or option == '1':
+                option = 'enable'
+                response = requests.put(
+                url,
+                headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
+            if option == 'false' or option == 'off' or option == '0':
+                option == 'disable'
+                response = requests.delete(
+                url,
+                headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
+            if option != 'true' != 'on' != '1' != 'false' != 'off' != '0':
+                irc.error('Invalid argument.')
+            else:
+                print("Keycloak: HTTP Status ", response.status_code)
+                try:
+                    print("Keycloak: Response Text: ", response.text)
+                except:
+                    print("Keycloak: No or invalid response text. This is not an error.")
+                try:
+                    print("Keycloak: Response JSON: ", response.json())
+                except:
+                    print("Keycloak: No or invalid response JSON. This it not an error.")
+                status = response.status_code
+                if status == 204:
+                    print(" SSO user " + user + " is now authorized to authenticate IRC user " + user)
+                    irc.queueMsg(msg=ircmsgs.IrcMsg(command='PRIVMSG', args=(msg.nick, f'{pw}')))
+                    irc.reply("OK, I sent you a private message.")
+                if status != 204:
+                    print("ERROR: HTTP request did not succeed.")
+                    irc.error(usererr)
+        except:
+            print('Operation failed.')
+
+    ircprom = wrap(ircprom, ['anything'])
 
 Class = Keycloak