From 7d68dec709661721914f164fb57b19f1d3807a43 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Thu, 16 Nov 2023 22:04:09 +0100
Subject: [PATCH 1/3] feat: add docs for deletion requests

---
 docs/deletion-request.md | 61 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 docs/deletion-request.md

diff --git a/docs/deletion-request.md b/docs/deletion-request.md
new file mode 100644
index 0000000..9af8009
--- /dev/null
+++ b/docs/deletion-request.md
@@ -0,0 +1,61 @@
+# Process for handling a deletion request
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host nachtigall
+```
+ssh barkeeper@nachtigall.pub.solar
+
+sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops
+
+# Take note of user id in response from following command
+sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar --query email=<email-address>
+
+# To avoid impersonification, we deactivate the account by resetting the password and email address
+# Use user id from previous command, for example
+sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/2ec6f173-3c10-4b82-9808-e2f2d393ff11/reset-password --realm pub.solar --set type=password --set value=<random-password> --no-merge
+sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/2ec6f173-3c10-4b82-9808-e2f2d393ff11 --realm pub.solar --set email=<username>@deactivated.pub.solar
+```
+
+Docs: https://www.keycloak.org/docs/latest/server_admin/index.html#updating-a-user
+
+
+### Nextcloud
+```
+ssh barkeeper@nachtigall.pub.solar
+nextcloud-occ user:delete <username>
+```
+
+Docs: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#user-commands-label
+
+
+### Mastodon
+```
+ssh barkeeper@nachtigall.pub.solar
+sudo -u mastodon mastodon-tootctl accounts delete --email <mail-address>
+```
+
+Docs: https://docs.joinmastodon.org/admin/tootctl/#accounts-delete
+
+
+### Forgejo
+```
+ssh barkeeper@nachtigall.pub.solar
+sudo -u gitea gitea admin user delete --config /var/lib/forgejo/custom/conf/app.ini --purge --email <mail-address>
+```
+
+Docs: https://forgejo.org/docs/latest/admin/command-line/#delete
+
+
+### Matrix
+```
+ssh bartender@matrix.pub.solar -p 2020
+curl --header "Authorization: Bearer <admin-access-token>" --request POST http://172.18.0.3:8008/_synapse/admin/v1/deactivate/@<username>:pub.solar --data '{"erase": true}'
+```
+
+Docs: https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#deactivate-account
+
+
+### OpenBikeSensor
+Not implemented, see: https://github.com/openbikesensor/portal/issues/95

From 50e84225c343c29c995eb68608200be5e77127d2 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Thu, 16 Nov 2023 22:04:29 +0100
Subject: [PATCH 2/3] feat: add various keycloak docs

---
 docs/keycloak/keycloak-email-list.md          | 22 +++++++++++++
 docs/keycloak/keycloak-reset-user-password.md | 33 +++++++++++++++++++
 docs/keycloak/keycloak-update-realm.md        | 19 +++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 docs/keycloak/keycloak-email-list.md
 create mode 100644 docs/keycloak/keycloak-reset-user-password.md
 create mode 100644 docs/keycloak/keycloak-update-realm.md

diff --git a/docs/keycloak/keycloak-email-list.md b/docs/keycloak/keycloak-email-list.md
new file mode 100644
index 0000000..9279f86
--- /dev/null
+++ b/docs/keycloak/keycloak-email-list.md
@@ -0,0 +1,22 @@
+# Process for getting a list of email addresses of all keycloak users
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+sudo --user keycloak kcadm.sh get users \
+  -r pub.solar \
+  --offset 0 \
+  --limit 1000 \
+  --no-config \
+  --server http://localhost:8080 \
+  --realm master \
+  --user admin \
+  --password <admin password> \
+  > keycloak-user-list.json
+
+jq -r '.[].email' < keycloak-user-list.json
+```
diff --git a/docs/keycloak/keycloak-reset-user-password.md b/docs/keycloak/keycloak-reset-user-password.md
new file mode 100644
index 0000000..b22bd01
--- /dev/null
+++ b/docs/keycloak/keycloak-reset-user-password.md
@@ -0,0 +1,33 @@
+# Process for resetting keycloak user passwords
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+mkdir /tmp/keycloak-credential-reset
+
+sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops
+
+sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar | jq --raw-output '.[] | .id' > /tmp/keycloak-credential-reset/all-uuids
+
+for UUID in $(cat /tmp/keycloak-credential-reset/all-uuids); do
+  sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users/$UUID/credentials --realm pub.solar > /tmp/keycloak-credential-reset/$UUID
+done
+
+mkdir /tmp/keycloak-credential-reset/accounts-with-creds
+
+find /tmp/keycloak-credential-reset -type f -size +3c -exec mv '{}' /tmp/keycloak-credential-reset/accounts-with-creds/ \;
+
+rm -r /tmp/keycloak-credential-reset/accounts-with-creds/
+
+find /tmp/keycloak-credential-reset/ -type f -exec basename '{}' \; > /tmp/keycloak-credential-reset/accounts-without-credentials
+
+vim /tmp/keycloak-credential-reset/accounts-without-credentials
+
+for UUID in $(cat /tmp/keycloak-credential-reset/accounts-without-credentials); do
+  sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/$UUID/reset-password --target-realm pub.solar --set type=password --set value=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-32};echo;) --set temporary=true --no-merge
+done
+```
diff --git a/docs/keycloak/keycloak-update-realm.md b/docs/keycloak/keycloak-update-realm.md
new file mode 100644
index 0000000..39f7af0
--- /dev/null
+++ b/docs/keycloak/keycloak-update-realm.md
@@ -0,0 +1,19 @@
+# Process for updating a keycloak realm via CLI
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+sudo -u keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm master --user admin
+
+sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
+
+sudo -u keycloak kcadm.sh update --config /tmp/kcadm.config realms/pub.solar -s browserFlow='Webauthn Browser'
+
+sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
+```
+
+Source: https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/

From 4861593b25eed825226149a7ada7fc75ca8d57ba Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Sat, 18 Nov 2023 18:19:34 +0100
Subject: [PATCH 3/3] fix: auth.pub.solar now runs on nachtigall

---
 docs/keycloak/keycloak-email-list.md          | 4 ++--
 docs/keycloak/keycloak-reset-user-password.md | 4 ++--
 docs/keycloak/keycloak-update-realm.md        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/keycloak/keycloak-email-list.md b/docs/keycloak/keycloak-email-list.md
index 9279f86..5d91c0d 100644
--- a/docs/keycloak/keycloak-email-list.md
+++ b/docs/keycloak/keycloak-email-list.md
@@ -3,9 +3,9 @@
 ### Keycloak
 Required:
 - auth.pub.solar ops user credentials
-- SSH access to host flora-6
+- SSH access to host nachtigall
 ```
-ssh barkeeper@flora-6.pub.solar
+ssh barkeeper@nachtigall.pub.solar
 
 sudo --user keycloak kcadm.sh get users \
   -r pub.solar \
diff --git a/docs/keycloak/keycloak-reset-user-password.md b/docs/keycloak/keycloak-reset-user-password.md
index b22bd01..8f123b3 100644
--- a/docs/keycloak/keycloak-reset-user-password.md
+++ b/docs/keycloak/keycloak-reset-user-password.md
@@ -3,9 +3,9 @@
 ### Keycloak
 Required:
 - auth.pub.solar ops user credentials
-- SSH access to host flora-6
+- SSH access to host nachtigall
 ```
-ssh barkeeper@flora-6.pub.solar
+ssh barkeeper@nachtigall.pub.solar
 
 mkdir /tmp/keycloak-credential-reset
 
diff --git a/docs/keycloak/keycloak-update-realm.md b/docs/keycloak/keycloak-update-realm.md
index 39f7af0..a2cd2f8 100644
--- a/docs/keycloak/keycloak-update-realm.md
+++ b/docs/keycloak/keycloak-update-realm.md
@@ -3,9 +3,9 @@
 ### Keycloak
 Required:
 - auth.pub.solar ops user credentials
-- SSH access to host flora-6
+- SSH access to host nachtigall
 ```
-ssh barkeeper@flora-6.pub.solar
+ssh barkeeper@nachtigall.pub.solar
 
 sudo -u keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm master --user admin