From ca2d66605645a0093fa0f3602a153c8392e7728b Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Thu, 26 Jan 2023 20:28:59 +0100 Subject: [PATCH] Auto-create users after external auth when enable-user-on-auth is on --- doc/soju.1.scd | 3 +++ downstream.go | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/doc/soju.1.scd b/doc/soju.1.scd index 5ebced0..02c7736 100644 --- a/doc/soju.1.scd +++ b/doc/soju.1.scd @@ -185,6 +185,9 @@ The following directives are supported: This can be used together with _disable-inactive-user_ to seamlessly disable and re-enable users during lengthy inactivity. + When external authentication is used (e.g. _auth oauth2_), bouncer users + are automatically created after successfull authentication. + *auth* ... Set the authentication method. By default, internal authentication is used. diff --git a/downstream.go b/downstream.go index d6983c6..3ba1968 100644 --- a/downstream.go +++ b/downstream.go @@ -1260,6 +1260,20 @@ func unmarshalUsername(rawUsername string) (username, client, network string) { func (dc *downstreamConn) setUser(username, clientName, networkName string) error { dc.user = dc.srv.getUser(username) + if dc.user == nil && dc.user.srv.Config().EnableUsersOnAuth { + ctx := context.TODO() + if _, err := dc.user.srv.db.GetUser(ctx, username); err != nil { + // Can't find the user in the DB -- try to create it + record := database.User{ + Username: username, + Enabled: true, + } + dc.user, err = dc.user.srv.createUser(ctx, &record) + if err != nil { + return fmt.Errorf("failed to automatically create user %q after successful authentication: %v", username, err) + } + } + } if dc.user == nil { return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help") }