comms: verify mas bot logins
This commit is contained in:
parent
fa6566ffc8
commit
94c1395c8c
@ -2,7 +2,7 @@
|
|||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
name: mas-local-users-ensure-1
|
name: mas-local-users-ensure-2
|
||||||
namespace: comms
|
namespace: comms
|
||||||
spec:
|
spec:
|
||||||
backoffLimit: 1
|
backoffLimit: 1
|
||||||
@ -64,6 +64,7 @@ spec:
|
|||||||
MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
|
MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
|
||||||
MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
|
MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
|
||||||
MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
|
MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
|
||||||
|
AUTH_BASE = "http://matrix-authentication-service:8080"
|
||||||
|
|
||||||
def admin_token():
|
def admin_token():
|
||||||
with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
|
with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
|
||||||
@ -97,57 +98,80 @@ spec:
|
|||||||
return r.json()["data"]
|
return r.json()["data"]
|
||||||
|
|
||||||
def create_user(token, username, password):
|
def create_user(token, username, password):
|
||||||
payload = {
|
payloads = [
|
||||||
"data": {
|
{
|
||||||
"type": "user",
|
"data": {
|
||||||
"attributes": {
|
"type": "user",
|
||||||
"username": username,
|
"attributes": {
|
||||||
"password": password,
|
"username": username,
|
||||||
},
|
"password": password,
|
||||||
}
|
},
|
||||||
}
|
}
|
||||||
r = requests.post(
|
},
|
||||||
f"{MAS_ADMIN_API_BASE}/users",
|
{"username": username, "password": password},
|
||||||
headers={"Authorization": f"Bearer {token}"},
|
]
|
||||||
json=payload,
|
for payload in payloads:
|
||||||
timeout=30,
|
r = requests.post(
|
||||||
)
|
f"{MAS_ADMIN_API_BASE}/users",
|
||||||
if r.status_code in (200, 201):
|
headers={"Authorization": f"Bearer {token}"},
|
||||||
return r.json()["data"]
|
json=payload,
|
||||||
if r.status_code == 409:
|
timeout=30,
|
||||||
return None
|
)
|
||||||
r.raise_for_status()
|
if r.status_code in (200, 201):
|
||||||
|
return r.json().get("data") or {}
|
||||||
|
if r.status_code == 409:
|
||||||
|
return None
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def update_password(token, user_id, password):
|
def update_password(token, user_id, password):
|
||||||
payload = {
|
payloads = [
|
||||||
"data": {
|
{
|
||||||
"type": "user",
|
"data": {
|
||||||
"id": user_id,
|
"type": "user",
|
||||||
"attributes": {
|
"id": user_id,
|
||||||
"password": password,
|
"attributes": {
|
||||||
},
|
"password": password,
|
||||||
}
|
},
|
||||||
}
|
}
|
||||||
r = requests.patch(
|
},
|
||||||
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}",
|
{"password": password},
|
||||||
|
]
|
||||||
|
for payload in payloads:
|
||||||
|
r = requests.patch(
|
||||||
|
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}",
|
||||||
|
headers={"Authorization": f"Bearer {token}"},
|
||||||
|
json=payload,
|
||||||
|
timeout=30,
|
||||||
|
)
|
||||||
|
if r.status_code in (200, 204):
|
||||||
|
return True
|
||||||
|
r = requests.post(
|
||||||
|
f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}/password",
|
||||||
headers={"Authorization": f"Bearer {token}"},
|
headers={"Authorization": f"Bearer {token}"},
|
||||||
json=payload,
|
json={"password": password},
|
||||||
timeout=30,
|
timeout=30,
|
||||||
)
|
)
|
||||||
if r.status_code in (200, 204):
|
return r.status_code in (200, 204)
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def ensure_user(token, username, password):
|
def ensure_user(token, username, password):
|
||||||
user = get_user(token, username)
|
user = get_user(token, username)
|
||||||
if user is None:
|
if user is None:
|
||||||
user = create_user(token, username, password)
|
user = create_user(token, username, password)
|
||||||
if user is None:
|
user = get_user(token, username)
|
||||||
user = get_user(token, username)
|
|
||||||
if user is None:
|
if user is None:
|
||||||
raise RuntimeError(f"failed to ensure user {username}")
|
raise RuntimeError(f"failed to ensure user {username}")
|
||||||
update_password(token, user["id"], password)
|
update_password(token, user["id"], password)
|
||||||
|
r = requests.post(
|
||||||
|
f"{AUTH_BASE}/_matrix/client/v3/login",
|
||||||
|
json={
|
||||||
|
"type": "m.login.password",
|
||||||
|
"identifier": {"type": "m.id.user", "user": username},
|
||||||
|
"password": password,
|
||||||
|
},
|
||||||
|
timeout=30,
|
||||||
|
)
|
||||||
|
if r.status_code != 200:
|
||||||
|
raise RuntimeError(f"login failed for {username}: {r.status_code} {r.text}")
|
||||||
|
|
||||||
token = admin_token()
|
token = admin_token()
|
||||||
ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])
|
ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user