Quantcast
Channel: Mattermost Discussion Forums - Latest posts
Viewing all articles
Browse latest Browse all 25778

Launch queries on the Mattermost API, having Gitlab as authentication provider

$
0
0

@elias @mccoole

Hello everyone,

I have failed to industrialize authentication via oauth2 on mattermost.
I'm dropping this system (temporarily maybe?).

I recall my problem: to be able to launch calls on the mattermost api using exclusively gitlab authentication.

So I chose to emulate the "real" stream that we follow as user.
It forces me to parse the html code of the authentication form on gitlab.
And for a reason that escapes me, I am forced to add a Header to pass my queries as Ajax when I query on the mattermost api.
But it works.

The code (python):

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
DOC
"""
# Import from stdlib
from urllib.parse import urlparse

# Imports from external libraries
from lxml import html as ehtml
from path import Path
import requests



config = {
    'gitlab': {
        'username': 'my-username',
        'password': 'my-password',
    },
    'mattermost': {
        'api-url': Path('https://mattermost.domain.ext/api/v3'),
        'team-id': 'my-team-id',
    }
}



# Create session for keep cookies (auth with mattermost)
session = requests.Session()

# Request on gitlab oauth
r1 = session.get(config['mattermost']['api-url'] / 'oauth/gitlab/login')

# Parse html for retrieve data in prevision of auth in gitlab
gitlab_domain = Path('{uri.scheme}://{uri.netloc}/'.format(uri=urlparse(r1.url)))
html = ehtml.fromstring(r1.text)
form = html.xpath('//form[@id="new_ldap_user"]')[0]
data = {e.get('name'): e.get('value', None) for e in form.xpath('.//input')}
data['username'] = config['gitlab']['username']
data['password'] = config['gitlab']['password']

# Auth in gitlab
r2 = session.post(gitlab_domain / form.get('action').strip('/'), data=data)

# Now we have cookie in session for requests in API
# Next line is required for accepting requests in mattermost api, I don't know why
session.headers.update({
    'X-Requested-With': 'XMLHttpRequest',
})
# Profit !
r3 = session.get(config['mattermost']['api-url'] / 'teams' / config['mattermost']['team-id'] / 'channels/')
print(r3.json())

Viewing all articles
Browse latest Browse all 25778

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>