From 8898a6437be380578063938bcaf6ce474dee77bb Mon Sep 17 00:00:00 2001
From: Lars With <lars@with.de>
Date: Tue, 5 Jul 2022 20:13:30 +0200
Subject: [PATCH] implememt oauth support

---
 .talismanrc              |  5 +++++
 README.md                |  4 ++++
 defaults/main.yml        |  7 +++++++
 tasks/mailcow_oauth2.yml | 17 +++++++++++++++++
 vars/main.yml            |  5 +++++
 5 files changed, 38 insertions(+)
 create mode 100644 tasks/mailcow_oauth2.yml
 create mode 100644 vars/main.yml

diff --git a/.talismanrc b/.talismanrc
index 9a35049..c989102 100644
--- a/.talismanrc
+++ b/.talismanrc
@@ -57,3 +57,8 @@ fileignoreconfig:
 
 - filename: templates/mailcow_backup.sh.j2
   ignore_detectors: [filename]
+
+allowed_patterns:
+  - >
+    [-_a-zA-Z0-9]+: +"{{ [-_a-zA-Z0-9]+ }}"
+
diff --git a/README.md b/README.md
index 03606d9..c603057 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,10 @@ Note that this also requires installation of the python libraries `docker` and `
 | configuration | `mailcow_submission_port` | `587` | the SUBMISSION_PORT in mailcow.conf |
 | configuration | `mailcow_greylisting` | `true` | if greylisting should be active |
 | configuration | `mailcow_mynetworks` | `` | list of subnetwork masks to add to `mynetworks` in postfix <br /> if subnetwork masks are provided at the beginning `127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10` is added (local) |
+| oauth2 | `mailcow_oauth2_client_id` | | the client id for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_secret` | | the client secret for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_redirect_uri` | | the redirect uri for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_scope` | `profile` | the scope for the mailcow oauth2 app |
 | backup | `mailcow_configure_backup` | `false` | if backup of the mailcow should be configured for unattended backup |
 | backup | `mailcow_path` | `/opt/mailcow` | the mailcow path for the backup artifacts (scripts) |
 | backup | `mailcow_backup_path` | `/var/backups/mailcow` | the path for the mailcow backup |
diff --git a/defaults/main.yml b/defaults/main.yml
index 4f7402c..00b5ba7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 
+# mailcow_hostname:
+
 mailcow_install_path: /opt/mailcow-dockerized
 mailcow_timezone: Europe/Berlin
 mailcow_version: master
@@ -39,6 +41,11 @@ mailcow_dns_dkim: true
 mailcow_dns_do: true
 mailcow_dns_debug: false
 
+# mailcow_oauth2_client_id:
+# mailcow_oauth2_client_secret:
+# mailcow_oauth2_client_redirect_uri:
+mailcow_oauth2_client_scope: profile
+
 mailcow_configure_backup: false
 mailcow_path: /opt/mailcow
 mailcow_backup_path: /var/backups/mailcow
diff --git a/tasks/mailcow_oauth2.yml b/tasks/mailcow_oauth2.yml
new file mode 100644
index 0000000..f2cf063
--- /dev/null
+++ b/tasks/mailcow_oauth2.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Ensure oauth2-client in mailcow
+  ansible.builtin.uri:
+    url: "{{ mailcow_api_url }}/add/oauth2-client"
+    body_format: json
+    headers:
+      X-API-Key: "{{ mailcow_api_key }}"
+    method: post
+    body:
+      client_id:     "{{ mailcow_oauth2_client_id }}"
+      client_secret: "{{ mailcow_oauth2_client_secret }}"
+      redirect_uri:  "{{ mailcow_oauth2_client_redirect_uri }}" # "https://authentik.with.de/source/oauth/callback/mailcow"
+      scope:         "{{ mailcow_oauth2_client_scope }}"
+  register: _response
+
+...
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..d4e033c
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,5 @@
+---
+
+mailcow_api_url: "https://{{ mailcow_hostname }}/api/v1"
+
+...