Also mention access token in README
---
README.md | 2 +-
wee_most/config.py | 6 ++++++
wee_most/server.py | 32 +++++++++++++++++++++-----------
3 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index d3fcaaa..67e51fe 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ $ make install # WEECHAT_DATA_DIR=~/.weechat
/mattermost server add a_banal_server
```
-You should then edit its configuration such as URL, username, password, 2FA command,...
+You should then edit its configuration such as URL, username, password, 2FA command, access token...
To store the password safely, you can make use of WeeChat [secured data storage](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data)
```
diff --git a/wee_most/config.py b/wee_most/config.py
index 18fc0d6..041b95d 100644
--- a/wee_most/config.py
+++ b/wee_most/config.py
@@ -164,6 +164,12 @@ class PluginConfig:
description = "Username for authentication to {} server",
type = "string",
),
+ Setting(
+ name = "access_token",
+ default = "",
+ description = "Personal access token to {} server",
+ type = "string",
+ ),
]
def __getattr__(self, key):
diff --git a/wee_most/server.py b/wee_most/server.py
index fdc02d7..bbe433f 100644
--- a/wee_most/server.py
+++ b/wee_most/server.py
@@ -34,12 +34,12 @@ class Server:
self.url = config.get_server_config(id, "url").strip("/")
self.username = config.get_server_config(id, "username")
self.password = config.get_server_config(id, "password")
+ self.token = config.get_server_config(id, "access_token")
self.command_2fa = config.get_server_config(id, "command_2fa")
- if not self.url or not self.username or not self.password:
+ if not self.url or not self.username or not (self.password or self.token):
raise ValueError("Server " + id + " is not fully configured")
- self.token = ""
self.me = None
self.highlight_words = []
self.users = {}
@@ -316,14 +316,16 @@ def connect_server_cb(server_id, command, rc, out, err):
weechat.prnt("", "An error occurred while connecting")
return weechat.WEECHAT_RC_ERROR
- token_search = re.search("[tT]oken: (\w*)", out)
-
- out = out.splitlines()[-1] # we remove the headers line
+ server = servers[server_id]
+ out = out.splitlines()[-1] # we remove the status line
response = json.loads(out)
- server = servers[server_id]
+ if not server.token:
+ # user authenticates with password
+ # server supplies a "Token" header
+ token_search = re.search("[tT]oken: (\w*)", out)
+ server.token = token_search.group(1)
- server.token = token_search.group(1)
server.init_me(**response)
try:
@@ -372,10 +374,18 @@ def connect_server(server_id):
servers[server_id] = server
- wee_most.http.enqueue_request(
- "run_user_login",
- server, "connect_server_cb", server.id
- )
+ if server.token:
+ # skip login if user authenticates with personal access token
+ # instead directly GET /api/v4/users/me
+ wee_most.http.enqueue_request(
+ "run_get_user",
+ server, "me", "connect_server_cb", server.id
+ )
+ else:
+ wee_most.http.enqueue_request(
+ "run_user_login",
+ server, "connect_server_cb", server.id
+ )
return weechat.WEECHAT_RC_OK
--
2.37.2
Hi,
I've tested your patch but unfortunately it breaks the password login.
Please find below a few comments.
> - out = out.splitlines()[-1] # we remove the headers line
> + server = servers[server_id]
> + out = out.splitlines()[-1] # we remove the status line
From what I see the comment was correct. It splits the response on the
empty line between the headers and the body, and returns only the body.
> + if not server.token:
> + # user authenticates with password
> + # server supplies a "Token" header
> + token_search = re.search("[tT]oken: (\w*)", out)
This search needs to be done before the splitlines happens because the
token is part of the response headers which it discards.
Regards,
--
Damien Tardy-Panis
Hi
> I did not test with 2FA enabled either.
I was checking a bit the Mattermost documentation but it seems that it's
not possible to have 2FA when using a personal access token (I guess
that's why my company doesn't allow those). The 2FA value is used only
during a login call.
Overall, this make sense as that personal token is used in the same way
as a session token retrieved from the login call, there's no
intermediate step.
So there's no 2FA specific thing to test with this change, the 2FA code
can stay only in the login call.
Regards,
--
Damien Tardy-Panis