From 4cc5d80daa9e6ca771d301fef9070888b5300f79 Mon Sep 17 00:00:00 2001
From: Thomas Hackl <hackl@data-quest.de>
Date: Wed, 20 Apr 2022 08:45:08 +0200
Subject: [PATCH] system account login via WebSSO token

---
 migrations/02_add_matrix_login_token.php | 48 ++++++++++++++++++++++++
 models/MatrixAccount.php                 | 21 ++++++++---
 vendor/libpatrix                         |  2 +-
 3 files changed, 65 insertions(+), 6 deletions(-)
 create mode 100644 migrations/02_add_matrix_login_token.php

diff --git a/migrations/02_add_matrix_login_token.php b/migrations/02_add_matrix_login_token.php
new file mode 100644
index 0000000..bcf9c38
--- /dev/null
+++ b/migrations/02_add_matrix_login_token.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Class AddMatrixLoginToken
+ * Adds the option for the service account to have a login token
+ * instead of a password.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * @author      Thomas Hackl <hackl@data-quest.de>
+ * @license     http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
+ * @category    Matrix
+ */
+
+class AddMatrixLoginToken extends Migration
+{
+
+    public function description()
+    {
+        return 'Adds the option to have a login token for WebSSO instead of a password.';
+    }
+
+    public function up()
+    {
+        try {
+            Config::get()->create('MATRIX_SYSTEM_ACCOUNT_LOGIN_TOKEN', [
+                'value' => '',
+                'type' => 'string',
+                'range' => 'global',
+                'section' => 'matrix',
+                'description' => 'WebSSO-Token zum Login des Serviceaccounts. Ist dieser Wert gesetzt, ' .
+                    'wird er statt eines möglicherweise ebenfalls angegebenen Passworts verwendet.'
+            ]);
+        } catch (Exception $e) {
+        }
+
+    }
+
+    public function down()
+    {
+        // Remove config entry.
+        Config::get()->delete('MATRIX_SYSTEM_ACCOUNT_LOGIN_TOKEN');
+    }
+
+}
\ No newline at end of file
diff --git a/models/MatrixAccount.php b/models/MatrixAccount.php
index 2ba32dd..7575dd5 100644
--- a/models/MatrixAccount.php
+++ b/models/MatrixAccount.php
@@ -56,14 +56,24 @@ class MatrixAccount extends SimpleORMap
      */
     public static function requireSystemAccount()
     {
-        if (Config::get()->MATRIX_SYSTEM_ACCOUNT_USERNAME != ''
-                && Config::get()->MATRIX_SYSTEM_ACCOUNT_PASSWORD != '') {
-            $account = new Patrix\Account(Config::get()->MATRIX_SYSTEM_ACCOUNT_USERNAME,
-                Config::get()->MATRIX_SYSTEM_ACCOUNT_PASSWORD);
+        if (trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_USERNAME) != '' &&
+                (trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_PASSWORD) != '' ||
+                    trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_TOKEN) != '')) {
+
+            // Login token specified, use this.
+            if (trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_TOKEN) != '') {
+                $account = new Patrix\Account(trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_USERNAME), '',
+                    trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_TOKEN));
+            // No token, login by username and password.
+            } else {
+                $account = new Patrix\Account(trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_USERNAME),
+                    trim(Config::get()->MATRIX_SYSTEM_ACCOUNT_PASSWORD));
+            }
             MatrixClient::get()->login($account);
             return $account;
+
         } else {
-            //$username = 'studip-' . Config::get()->STUDIP_INSTALLATION_ID;
+
             $username = 'studip';
             $password = self::randomPassword();
             $sysaccount = new \Patrix\Account($username, $password);
@@ -74,6 +84,7 @@ class MatrixAccount extends SimpleORMap
             } else {
                 return null;
             }
+
         }
     }
 
diff --git a/vendor/libpatrix b/vendor/libpatrix
index 403ac1c..4d31e1a 160000
--- a/vendor/libpatrix
+++ b/vendor/libpatrix
@@ -1 +1 @@
-Subproject commit 403ac1cf84c817250e8b2757feb07d85dabdad7f
+Subproject commit 4d31e1a0c3a02b75415b478d698b8096c057d749
-- 
GitLab