At the moment users login via gitlab oauth2 to login to our mattermost server. But the gitlab server will not be reachable from the mattermost in futere.
So I am trying to switch the login method of all users via the api.
For testing i am trying it with one user. the code looks something like this:
def change_login_method_to_email(users):
user_id = 'somethingsomething'
url = f"{get_mattermost_api_url()}/users/login/switch"
email = 'bla@example.com'
new_password = 'test.123'
params = {
'current_service': 'gitlab',
'new_service': 'email',
'email': email,
'new_password': new_password,
}
response = requests.post(url, headers=get_headers(), json=params)
print(response.content)
print(response.json())
In the documentation says:
To switch from OAuth2/SAML to email, specify current_service, new_service, email and new_password
The output of the script is:
b'{"id":"api.user.oauth_to_email.context.app_error","message":"Update password failed because context user_id did not match provided user\'s id.","detailed_error":"","request_id":"","status_code":403}'
In the get_headers() is the access token of a administrator, which works when I try other endpoints.
In the documentation it says:
Permissions
No current authentication required except when switching from OAuth2/SAML to email.
So I am trying to do this. But I just don’t know where and how I should authenticate. I tried to create a token for this user and added it to the params as ‘password’: token. nothing changed. Also I created a access token on gitlab, same error. I cannot use gitlab password as MFA is activated for every user.
A workaround would be to change the method in the database and then change the password via the api, but I would rather use the API for all steps.
What am I missing from the documentation?