From 82c25a506be16d8673a0fdd4e30c97aae698dc1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= <julian-samuel@gebuehr.net>
Date: Wed, 5 Jul 2023 11:37:58 +0200
Subject: [PATCH] Automate access tokens

---
 CHANGELOG.md                                  | 10 ++++++++--
 ...ng-playbook-bot-matrix-registration-bot.md | 11 +++--------
 group_vars/matrix_servers                     |  2 +-
 .../defaults/main.yml                         |  4 +---
 .../tasks/setup_install.yml                   | 19 +++++++++++++++++++
 .../tasks/validate_config.yml                 |  2 +-
 6 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ab63e73b..cf79abaee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,15 @@
 
 ## matrix-registration-bot usage changed
 
-The matrix registration bot got some updates and supports password-based login. This means automatic registration is now possible and done by default.
+The [matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and supports password-based login. Therefore the bot is now
 
-**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password`. If previously only used `matrix_bot_matrix_registration_bot_bot_access_token` this was also used as `matrix_bot_matrix_registration_bot_api_token`. You now need to define the `api_token` explicitly while the `bot_access_token` is depreacted. You can therefore rename `matrix_bot_matrix_registration_bot_bot_access_token` -> `matrix_bot_matrix_registration_bot_api_token`.
+* automatically registered as user
+* doesn't need any manual configuration except setting a password at the start
+
+**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings as the bot will now autonatically be admin and use it's own access token for registering users
+
+* `matrix_bot_matrix_registration_bot_bot_access_token`
+* `matrix_bot_matrix_registration_bot_api_token`
 
 # 2023-05-25
 
diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md
index cca67d8d4..f0bffc85c 100644
--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@@ -2,8 +2,9 @@
 
 The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
 
-The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
-where you invite someone by sending them a registration token. They can register as normal but have to provide a valid registration token in a final step  of the registration.
+The bot allows you to easily **create and manage registration tokens** aka. invitation codes.
+It can be used for an invitation-based server,
+where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration.
 
 See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
 does and why it might be useful to you.
@@ -18,14 +19,8 @@ For `matrix_bot_matrix_registration_bot_api_token`you need an access token with
 ```yaml
 matrix_bot_matrix_registration_bot_enabled: true
 
-# An access token with the permission to access the admin api. Access to the API is needed
-# for all restricted actions of the bot (list, create etc..)
-# Refer to the documentation on obtaining-access-tokens.
-matrix_bot_matrix_registration_bot_api_token: "syt..."
-
 #By default, the playbook will set use the bot with a username like 
 ## this: `@bot.matrix-registration-bot:DOMAIN`.
-
 # To use a different username, uncomment & adjust the variable.
 # matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot
 
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 461e27512..645098a2f 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -4011,7 +4011,7 @@ matrix_user_creator_users_auto: |
     ([{
       'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
       'initial_password': matrix_bot_matrix_registration_bot_bot_password,
-      'initial_type': 'bot',
+      'initial_type': 'admin',
     }] if matrix_bot_matrix_registration_bot_enabled else [])
     +
     ([{
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
index 1e4f9ef7f..8d29dbc2c 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@@ -25,9 +25,7 @@ matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_m
 # The bot's password (can also be used to login via a client like element)
 matrix_bot_matrix_registration_bot_bot_password: ''
 
-# The access token that the bot uses to call the Matrix API for creating registration tokens.
-# This needs to be a privileged (admin) access token.
-matrix_bot_matrix_registration_bot_api_token: ''
+matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy"
 
 matrix_bot_matrix_registration_bot_logging_level: info
 matrix_bot_matrix_registration_environment_variables_extension: ''
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
index 515cd9973..ac4cc671d 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -1,5 +1,24 @@
 ---
 
+
+- name: Get an access token for the bot
+  ansible.builtin.uri:
+    url: "{{ matrix_bot_matrix_registration_bot_api_base_url }}/_matrix/client/r0/login"
+    return_content: true
+    method: POST
+    body_format: json
+    body: '{"identifier": { "type": "m.id.user", "user": "{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}" }, "password": "{{ matrix_bot_matrix_registration_bot_bot_password }}", "type": "m.login.password", "device_id": "matrix-docker-ansible-deploy"}'
+  register: login_result
+  #failed_when: login_result is failed or "'access_token' not in login_result.content"
+
+- name: Parse login result to json
+  ansible.builtin.set_fact:
+    login_result_json: "{{ login_result.content | from_json }}"
+
+- name: Parsing the access token
+  ansible.builtin.set_fact:
+    matrix_bot_matrix_registration_bot_api_token: "{{ login_result_json.access_token }}"
+
 - name: Ensure matrix-registration-bot paths exist
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
index b87204420..24034f1ee 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@@ -6,7 +6,6 @@
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
-    - "matrix_bot_matrix_registration_bot_api_token"
     - "matrix_bot_matrix_registration_bot_bot_password"
 
 - name: (Deprecation) Catch and report old settings
@@ -16,3 +15,4 @@
   when: "item in vars"
   with_items:
     - "matrix_bot_matrix_registration_bot_bot_access_token"
+    - "matrix_bot_matrix_registration_bot_api_token"