Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/env python3
import requests
import secrets
from getpass import getpass
from typing import Any
TAIGA_BASE = "https://todo.fachschaft.cl.uni-heidelberg.de"
# https://docs.taiga.io/api.html#object-auth-user-detail
UserAuthDetail = dict[str, Any]
class AuthenticationFailedError(Exception):
pass
def json_or_error(r: requests.Response) -> dict[str, Any]:
if r.status_code == 401:
raise AuthenticationFailedError(r.json())
elif r.status_code != 200:
raise RuntimeError(r.json())
return r.json()
def __login_with_type(username: str, psasword: str, type_: str) -> UserAuthDetail:
# See https://docs.taiga.io/api.html#auth-normal-login
r = requests.post(
f"{TAIGA_BASE}/api/v1/auth",
json={
"type": type_,
"username": username,
"password": password,
},
)
return json_or_error(r)
def login(username: str, password: str) -> UserAuthDetail:
"""Log in to the Taiga instance at TAIGA_BASE with the given username and password.
If successful, return an auth_detail dictionary, which (among other things) contains
an "auth_token" that can be used to authorize API operations.
This first treats the account as an LDAP account. If this doesn't work, it falls back
to normal authentication.
:return: auth_detail dictionary, token stored with key "auth_token"
:raise AuthenticationFailedError: When authentication is not possible (HTTP 401)
"""
try:
auth_detail = __login_with_type(username, password, "ldap")
except AuthenticationFailedError:
auth_detail = __login_with_type(username, password, "normal")
return auth_detail
def get_auth_code_dict(application_id: str, user_auth_token: str) -> dict[str, Any]:
"""
https://docs.taiga.io/api.html#external-app-authorization
"""
r = requests.post(
f"{TAIGA_BASE}/api/v1/application-tokens/authorize",
json={"application": application_id, "state": secrets.token_hex(48)},
headers={"Authorization": f"Bearer {user_auth_token}"},
)
return json_or_error(r)
def get_token_dict(
application_id: str, user_auth_token: str, auth_code_dict: dict[str, Any]
) -> dict[str, Any]:
r = requests.post(
f"{TAIGA_BASE}/api/v1/application-tokens/validate",
json={
"application": application_id,
"auth_code": auth_code_dict["auth_code"],
"state": auth_code_dict["state"],
},
headers={"Authorization": f"Bearer {user_auth_token}"},
)
return json_or_error(r)
def get_application_auth_token(application_id: str, user_auth_token: str) -> str:
auth_code_dict = get_auth_code_dict(application_id, user_auth_token)
token_dict = get_token_dict(application_id, user_auth_token, auth_code_dict)
return token_dict["token"]
if __name__ == "__main__":
print(
f"Tool to request an application access token from the Taiga instance {TAIGA_BASE}"
)
print()
username = input("[?] Username: ")
password = getpass("[?] Password: ")
try:
auth_detail = login(username, password)
print("[✓] Successfully logged in.")
print()
except AuthenticationFailedError:
print(
"[✗] Login failed: Maybe password or username were wrong, or Taiga made an error."
)
exit(1)
print(
f"[!] Now, create an application under {TAIGA_BASE}/admin/external_apps/application "
f"(you will need an admin account for this)."
)
print()
application_id = input("[?] Application id: ")
application_auth_token = get_application_auth_token(
application_id, auth_detail["auth_token"]
)
print(f"[✓] Your application auth token is: {application_auth_token}")