Connecting to a mattermost instance behind gitlab authentication.

Question

Connecting to a mattermost instance behind gitlab authentication.

Mythra opened this issue 4 years ago · 4 comments

I'm attempting to connect to a materrmost instance behind gitlab authentication, where users are not allowed to create personal access tokens.

Reading #29 it sounded like I could copy the token from the web application, and use that. However while that does show the one message (that I sent!) it fails to see newer messages in a channel, and upon attempting to DM myself to check for newer messages working matterircd crashed.

Configuration:

Bind = "127.0.0.1:6667"
Debug = false
PasteBufferTimeout = 2500

[mattermost]
DefaultServer = "<mattermost-server>"
DefaultTeam = "<mattermost-team>"
Insecure = false
JoinInclude = ["#<channel>"]
JoinExclude = ["#town-square"]
PartFake = true
SkipTLSVerify = false
DisableAutoView = false

What I type in my IRC Client:

/msg mattermost <username> MMAUTHTOKEN=<token I copied from the "MMAUTHTOKEN" cookie my browser set>

Then the behaviour occurs I mentioned above. Upon logging in I see the only message I sent inside the channel I autojoin, but not messages that have occured after my initial message in that channel (nor do I see any other DMs/etc.). When using the web version of mattermost to DM myself to test it shows up on IRC, matterircd crashes, with the following logs:

Jun 26 22:24:32 znc matterircd[56787]: time="2020-06-26T22:24:32Z" level=info msg="Loaded config from /usr/local/etc/matterircd.toml" module=matterircd
Jun 26 22:24:32 znc matterircd[56787]: time="2020-06-26T22:24:32Z" level=info msg="Running version 0.19.2 " module=matterircd
Jun 26 22:24:32 znc matterircd[56787]: time="2020-06-26T22:24:32Z" level=info msg="Listening on 127.0.0.1:6667" module=matterircd
Jun 26 22:24:58 znc matterircd[56787]: time="2020-06-26T22:24:58Z" level=info msg="New connection: 127.0.0.1:27325" module=matterircd
Jun 26 22:24:58 znc matterircd[56787]: in handshake &irc.Message{Prefix:(*irc.Prefix)(nil), Command:"CAP", Params:[]string{"LS"}, Trailing:"", EmptyTrailing:false}
Jun 26 22:24:58 znc matterircd[56787]: in handshake &irc.Message{Prefix:(*irc.Prefix)(nil), Command:"NICK", Params:[]string{"<username>"}, Trailing:"", EmptyTrailing:false}
Jun 26 22:24:58 znc matterircd[56787]: in handshake &irc.Message{Prefix:(*irc.Prefix)(nil), Command:"USER", Params:[]string{"<username>", "\"<username>\"", "\"<username>\""}, Trailing:"Cynthia", EmptyTrailing:false}
Jun 26 22:25:30 znc matterircd[56787]: time="2020-06-26T22:25:30Z" level=warning msg="Failed to parse specified log-level '': &errors.errorString{s:"not a valid logrus Level: \"\""}" prefix=matterclient
Jun 26 22:25:48 znc matterircd[56787]: time="2020-06-26T22:25:48Z" level=info msg="login as <username> (team: <team>) on <host>" module=matterircd
Jun 26 22:25:48 znc matterircd[56787]: time="2020-06-26T22:25:48Z" level=info msg="Found version 5.23.0.5.23.1.971998378412a0d4c04dfde2ce89ddc3.true" prefix=matterclient
Jun 26 22:25:48 znc matterircd[56787]: time="2020-06-26T22:25:48Z" level=info msg="login succeeded" module=matterircd
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for djh7qenksf8j5nho3fsib444fc failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for wsmrz7ej4tngmmtiza1bf9ghto failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for n66qanbpjtg95nzs5jpd3hudjh failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for 11nx4ajjyjyriyy3qgfdjbbyga failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for 3xu9ud71epb7iytrdxjsf9qcxy failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for sch8hywkh7n5xgdk6wzznejeze failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for djh7qenksf8j5nho3fsib444fc failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for wsmrz7ej4tngmmtiza1bf9ghto failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for n66qanbpjtg95nzs5jpd3hudjh failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:25:49 znc matterircd[56787]: time="2020-06-26T22:25:49Z" level=error msg="ChannelView update for wtwgteuzeibgikh9cubn4sdnuy failed: : Invalid or expired session, please login again., " prefix=matterclient
Jun 26 22:26:37 znc matterircd[56787]: panic: interface conversion: interface {} is nil, not string
Jun 26 22:26:37 znc matterircd[56787]: 
Jun 26 22:26:37 znc matterircd[56787]: goroutine 47 [running]:
Jun 26 22:26:37 znc matterircd[56787]: github.com/42wim/matterircd/mm-go-irckit.(*User).handleWsActionPost(0xc000208000, 0xc000077500)
Jun 26 22:26:37 znc matterircd[56787]: 	/wrkdirs/usr/ports/net-im/matterircd/work/matterircd-0.19.2/mm-go-irckit/mmuser.go:456 +0x3032
Jun 26 22:26:37 znc matterircd[56787]: github.com/42wim/matterircd/mm-go-irckit.(*User).handleWsMessage(0xc000208000)
Jun 26 22:26:37 znc matterircd[56787]: 	/wrkdirs/usr/ports/net-im/matterircd/work/matterircd-0.19.2/mm-go-irckit/mmuser.go:266 +0x220
Jun 26 22:26:37 znc matterircd[56787]: created by github.com/42wim/matterircd/mm-go-irckit.(*User).loginToMattermost
Jun 26 22:26:37 znc matterircd[56787]: 	/wrkdirs/usr/ports/net-im/matterircd/work/matterircd-0.19.2/mm-go-irckit/mmuser.go:92 +0x316

Answer 1 · 2020-07-10T17:58:15.000Z

I've done some digging and figured out the mattermost server I was connecting too required the cookie MMCSRF= to be set, and also required that cookie to be present in a header: X-CSRF-Token. The panic was caused by seemingly an inability to handle "self" messages. Which is a shame since that's a very useful test.

I haven't tested sending messages yet, since I'm mainly using it as a watcher for keywords right now, but hope too soon.

My forks for those who run into similar problems are:

https://github.com/SecurityInsanity/matterircd (which just ends up pointing to my copy of matterbridge)
https://github.com/SecurityInsanity/matterbridge

To login with CSRF/MMAUTHTOKEN you can do:
/msg mattermost login <username> MMAUTHTOKEN=<mytoken>---MMCSRF=<my-csrf-value>
As for self messaging it no longer crashes (yay!), but uses a ghost user so you won't be able to send a message back, but can see messages you send yourself.

Answer 2 · 2020-08-13T18:40:44.000Z

@securityinsanity I'm willing to accept PR's to have this supported, feel free to open them.

Although, I've did a lot of refactoring the last week, which fixes a lot of issues, also like messaging yourself.

Answer 3 · 2020-08-13T18:42:07.000Z

Thanks @42wim! I'd be happy to provide some though honestly I feel like my current solution is effectively a hack. I'll try to spend some time cleaning it up.

Answer 4 · 2020-12-28T22:36:51.000Z

Did you try matterircd recently ? there has been a lot of refactoring and now MFA is also supported.
I'm going to close this now, but feel free to reopen if the issue still exists.