From f901c3049e9ea262d65f55603f0fd84c0ba352a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= <julian-samuel@gebuehr.net>
Date: Sat, 3 Jun 2023 13:46:45 +0200
Subject: [PATCH] Stabilze authentication

---
 .../matrix-bot-matrix-registration-bot/defaults/main.yml   | 2 ++
 .../tasks/validate_config.yml                              | 7 ++++++-
 .../templates/config/config.yml.j2                         | 6 ++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
index 042207d72..3f129c179 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@@ -24,6 +24,8 @@ matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_m
 # The access token that the bot uses to communicate in Matrix chats
 # This does not necessarily need to be a privileged (admin) access token.
 matrix_bot_matrix_registration_bot_bot_access_token: ''
+# Instead also a password can be used
+matrix_bot_matrix_registration_bot_bot_password:  ''
 
 # The access token that the bot uses to call the Matrix API for creating registration tokens.
 # This needs to be a privileged (admin) access token.
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
index 39e97cde2..f5a3c7d60 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@@ -6,5 +6,10 @@
       You need to define a required configuration setting (`{{ item }}`).
   when: "vars[item] == ''"
   with_items:
-    - "matrix_bot_matrix_registration_bot_bot_access_token"
     - "matrix_bot_matrix_registration_bot_api_token"
+
+- name: Fail if now bot secret is defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define the bot secret to login.
+  when: "matrix_bot_matrix_registration_bot_bot_password == '' and matrix_bot_matrix_registration_bot_api_token ==''"
diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
index 756efb018..664a2fcbc 100644
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
@@ -1,7 +1,13 @@
 bot:
   server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
   username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
+{% if matrix_bot_matrix_registration_bot_bot_access_token | length > 0 %}
   access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
+{% endif %}
+{% if matrix_bot_matrix_registration_bot_bot_password | length > 0 %}
+  password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
+{% endif %}
+
 api:
   # API endpoint of the registration tokens
   base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}