pratyush/limnoria-keycloak
1
0
Fork 0
forked from Georg/limnoria-keycloak
Code Pull Requests Activity

Init + config values + basic registration function

Browse Source 
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-08-31 22:59:00 +02:00
commit b747836374
Signed by untrusted user: Georg
GPG Key ID: 1DAF57F49F8E8F22
7 changed files with 328 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
__pycache__/

1
README.md Normal file
View File

@ -0,0 +1 @@
Allows Limnoria users to interface with Keycloak SSO through IRC.

71
__init__.py Normal file
View File

@ -0,0 +1,71 @@
###
# Copyright (c) 2021, Georg Pfuetzenreuter
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions, and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions, and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the author of this software nor the name of
# contributors to this software may be used to endorse or promote products
# derived from this software without specific prior written consent.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
###
"""
Keycloak: Interfaces with Keycloak SSO.
"""
import sys
import supybot
from supybot import world
# Use this for the version of this plugin.
__version__ = ""
# XXX Replace this with an appropriate author or supybot.Author instance.
__author__ = supybot.authors.unknown
# This is a dictionary mapping supybot.Author instances to lists of
# contributions.
__contributors__ = {}
# This is a url where the most recent plugin package can be downloaded.
__url__ = ''
from . import config
from . import plugin
if sys.version_info >= (3, 4):
from importlib import reload
else:
from imp import reload
# In case we're being reloaded.
reload(config)
reload(plugin)
# Add more reloads here if you add third-party modules and want them to be
# reloaded when this plugin is reloaded. Don't forget to import them as well!
if world.testing:
from . import test
Class = plugin.Class
configure = config.configure
# vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79:

93
config.py Normal file
View File

@ -0,0 +1,93 @@
###
# Copyright (c) 2021, Georg Pfuetzenreuter
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions, and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions, and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the author of this software nor the name of
# contributors to this software may be used to endorse or promote products
# derived from this software without specific prior written consent.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
###
from supybot import conf, registry
try:
from supybot.i18n import PluginInternationalization
_ = PluginInternationalization('Keycloak')
except:
# Placeholder that allows to run the plugin on a bot
# without the i18n module
_ = lambda x: x
def configure(advanced):
# This will be called by supybot to configure this module. advanced is
# a bool that specifies whether the user identified themself as an advanced
# user or not. You should effect your configuration by manipulating the
# registry as appropriate.
from supybot.questions import expect, anything, something, yn
conf.registerPlugin('Keycloak', True)
Keycloak = conf.registerPlugin('Keycloak')
# This is where your configuration variables (if any) should go. For example:
# conf.registerGlobalValue(Keycloak, 'someConfigVariableName',
# registry.Boolean(False, _("""Help for someConfigVariableName.""")))
###
# API related settings below:
###
conf.registerGroup(Keycloak, 'backend')
conf.registerGlobalValue(Keycloak.backend, 'server',
registry.String('https://example.com',
"""
Keycloak: Instance hostname in the format https://example.com - the rest of the URL will be constructed by the system.
"""
, private=True
))
conf.registerGlobalValue(Keycloak.backend, 'realm',
registry.String('MyRealm',
"""
Keycloak: Realm name with exact capitalization.
"""
, private=True
))
conf.registerGlobalValue(Keycloak.backend, 'token',
registry.String('InsanelyLongTokenConsistingOfRandomChars',
"""
Keycloak: Access/Bearer/OIDC token. NOT a client secret. NOT a token with MASTER realm access. NOT a token with excess access roles.
"""
, private=True
))
###
# User replies settings below:
###
conf.registerGroup(Keycloak, 'replies')
conf.registerGlobalValue(Keycloak.replies, 'error',
registry.String('Something went wrong. Please contact an administrator.',
"""
Keycloak: Response to show the user if any kind of error occured. Note that exact error details will alwasy be printed exclusively to the console.
"""
, private=False
))
# vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79:

1
local/__init__.py Normal file
View File

@ -0,0 +1 @@
# Stub so local is a module, used for third-party modules

123
plugin.py Normal file
View File

@ -0,0 +1,123 @@
###
# Copyright (c) 2021, Georg Pfuetzenreuter
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions, and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions, and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the author of this software nor the name of
# contributors to this software may be used to endorse or promote products
# derived from this software without specific prior written consent.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
###
import re
import requests
import secrets
import string
from supybot import utils, plugins, ircutils, callbacks
from supybot.commands import *
from supybot.ircmsgs import nick
try:
from supybot.i18n import PluginInternationalization
_ = PluginInternationalization('Keycloak')
except ImportError:
# Placeholder that allows to run the plugin on a bot
# without the i18n module
_ = lambda x: x
class Keycloak(callbacks.Plugin):
"""Interfaces with Keycloak SSO."""
threaded = True
def register(self, irc, msg, args, email):
"""<email>
registers an account with your username and the specified email address"""
server = self.registryValue('backend.server')
realm = self.registryValue('backend.realm')
tokenurl = self.registryValue('backend.token')
usererr = self.registryValue('replies.error')
try:
tokendl = requests.get(tokenurl)
tokendata = tokendl.json()
token = tokendata['access_token']
url = server + '/auth/admin/realms/' + realm + '/users'
if re.match(r"[^@]+@[^@]+\.[^@]+", email):
payload = {
"firstName": "Foo",
"lastName": "Bar",
"email": email,
"enabled": "true",
"username": msg.nick,
"credentials": [{"type": "password", "value": "test123", "temporary": "true"}]
}
response = requests.post(
url,
headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token},
json = payload
)
print("Keycloak: HTTP Status ", response.status_code)
if response.text:
print("Keycloak: Response Text: ", response.text)
print("Keycloak: Response JSON: ", response.json())
status = response.status_code
#To-Do: figure out why this needs to bere instead of being fed from the usererr config variable defined above
#usererr = irc.error("Something went wrong. Please contact an administrator.")
if status == 201:
print(" SSO User " + msg.nick + " created.")
irc.reply("OK, please log in and change your password NOW.")
if status == 400:
print("ERROR: Keycloak indicated that the request is invalid.")
irc.error(usererr)
if status == 401:
print("ERROR: Fix your Keycloak API credentials and/or client roles, doh.")
irc.error(usererr)
if status == 403:
print("ERROR: Keycloak indicated that the authorization provided is not enough to access the resource.")
irc.error(usererr)
if status == 404:
print("ERROR: Keycloak indicated that the requested resource does not exist.")
irc.error(usererr)
if status == 409:
print("ERROR: Keycloak indicated that the resource already exists or \"some other coonflict when processing the request\" occured.")
irc.reply("Your username seems to already be registerd.")
if status == 415:
print("ERROR: Keycloak indicated that the requested media type is not supported.")
irc.error(usererr)
if status == 500:
print("ERROR: Keycloak indicated that the server could not fullfill the request due to \"some unexpected error \".")
irc.error(usererr)
else:
irc.error("Is that a valid email address?")
except:
print("ERROR: Keycloak token could not be installed.")
irc.error(usererr)
register = wrap(register, ['anything'])
Class = Keycloak
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:

38
test.py Normal file
View File

@ -0,0 +1,38 @@
###
# Copyright (c) 2021, Georg Pfuetzenreuter
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions, and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions, and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the author of this software nor the name of
# contributors to this software may be used to endorse or promote products
# derived from this software without specific prior written consent.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
###
from supybot.test import *
class KeycloakTestCase(PluginTestCase):
plugins = ('Keycloak',)
# vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79: