Auto-create users after external auth when enable-user-on-auth is on

2023-01-26 20:28:59 +01:00 · 2023-01-26 20:28:59 +01:00 · ca2d666056
commit ca2d666056
parent c79fc0c19e
2 changed files with 17 additions and 0 deletions
--- a/doc/soju.1.scd
+++ b/doc/soju.1.scd
@ -185,6 +185,9 @@ The following directives are supported:
 	This can be used together with _disable-inactive-user_ to seamlessly
 	disable and re-enable users during lengthy inactivity.

+	When external authentication is used (e.g. _auth oauth2_), bouncer users
+	are automatically created after successfull authentication.
+
 *auth* <driver> ...
 	Set the authentication method. By default, internal authentication is used.

--- a/downstream.go
+++ b/downstream.go
@ -1260,6 +1260,20 @@ func unmarshalUsername(rawUsername string) (username, client, network string) {

 func (dc *downstreamConn) setUser(username, clientName, networkName string) error {
 	dc.user = dc.srv.getUser(username)
+	if dc.user == nil && dc.user.srv.Config().EnableUsersOnAuth {
+		ctx := context.TODO()
+		if _, err := dc.user.srv.db.GetUser(ctx, username); err != nil {
+			// Can't find the user in the DB -- try to create it
+			record := database.User{
+				Username: username,
+				Enabled:  true,
+			}
+			dc.user, err = dc.user.srv.createUser(ctx, &record)
+			if err != nil {
+				return fmt.Errorf("failed to automatically create user %q after successful authentication: %v", username, err)
+			}
+		}
+	}
 	if dc.user == nil {
 		return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help")
 	}