comms: verify mas bot logins
This commit is contained in:
parent
fa6566ffc8
commit
94c1395c8c
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: mas-local-users-ensure-1
|
||||
name: mas-local-users-ensure-2
|
||||
namespace: comms
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
@ -64,6 +64,7 @@ spec:
|
||||
MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
|
||||
MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
|
||||
MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
|
||||
AUTH_BASE = "http://matrix-authentication-service:8080"
|
||||
|
||||
def admin_token():
|
||||
with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
|
||||
@ -97,57 +98,80 @@ spec:
|
||||
return r.json()["data"]
|
||||
|
||||
def create_user(token, username, password):
|
||||
payload = {
|
||||
"data": {
|
||||
"type": "user",
|
||||
"attributes": {
|
||||
"username": username,
|
||||
"password": password,
|
||||
},
|
||||
}
|
||||
}
|
||||
r = requests.post(
|
||||
f"{MAS_ADMIN_API_BASE}/users",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json=payload,
|
||||
timeout=30,
|
||||
)
|
||||
if r.status_code in (200, 201):
|
||||
return r.json()["data"]
|
||||
if r.status_code == 409:
|
||||
return None
|
||||
r.raise_for_status()
|
||||
payloads = [
|
||||
{
|
||||
"data": {
|
||||
"type": "user",
|
||||
"attributes": {
|
||||
"username": username,
|
||||
"password": password,
|
||||
},
|
||||
}
|
||||
},
|
||||
{"username": username, "password": password},
|
||||
]
|
||||
for payload in payloads:
|
||||
r = requests.post(
|
||||
f"{MAS_ADMIN_API_BASE}/users",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json=payload,
|
||||
timeout=30,
|
||||
)
|
||||
if r.status_code in (200, 201):
|
||||
return r.json().get("data") or {}
|
||||
if r.status_code == 409:
|
||||
return None
|
||||
return None
|
||||
|
||||
def update_password(token, user_id, password):
|
||||
payload = {
|
||||
"data": {
|
||||
"type": "user",
|
||||
"id": user_id,
|
||||
"attributes": {
|
||||
"password": password,
|
||||
},
|
||||
}
|
||||
}
|
||||
r = requests.patch(
|
||||
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}",
|
||||
payloads = [
|
||||
{
|
||||
"data": {
|
||||
"type": "user",
|
||||
"id": user_id,
|
||||
"attributes": {
|
||||
"password": password,
|
||||
},
|
||||
}
|
||||
},
|
||||
{"password": password},
|
||||
]
|
||||
for payload in payloads:
|
||||
r = requests.patch(
|
||||
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json=payload,
|
||||
timeout=30,
|
||||
)
|
||||
if r.status_code in (200, 204):
|
||||
return True
|
||||
r = requests.post(
|
||||
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}/password",
|
||||
headers={"Authorization": f"Bearer {token}"},
|
||||
json=payload,
|
||||
json={"password": password},
|
||||
timeout=30,
|
||||
)
|
||||
if r.status_code in (200, 204):
|
||||
return True
|
||||
return False
|
||||
return r.status_code in (200, 204)
|
||||
|
||||
def ensure_user(token, username, password):
|
||||
user = get_user(token, username)
|
||||
if user is None:
|
||||
user = create_user(token, username, password)
|
||||
if user is None:
|
||||
user = get_user(token, username)
|
||||
user = get_user(token, username)
|
||||
if user is None:
|
||||
raise RuntimeError(f"failed to ensure user {username}")
|
||||
update_password(token, user["id"], password)
|
||||
r = requests.post(
|
||||
f"{AUTH_BASE}/_matrix/client/v3/login",
|
||||
json={
|
||||
"type": "m.login.password",
|
||||
"identifier": {"type": "m.id.user", "user": username},
|
||||
"password": password,
|
||||
},
|
||||
timeout=30,
|
||||
)
|
||||
if r.status_code != 200:
|
||||
raise RuntimeError(f"login failed for {username}: {r.status_code} {r.text}")
|
||||
|
||||
token = admin_token()
|
||||
ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user