matrix-synapse-rest-passwor.../README.md

# Synapse REST Password provider
- [Overview](#overview)
- [Install](#install)
- [Configure](#configure)
- [Integrate](#integrate)
- [Support](#support)

## Overview
This synapse's password provider allows you to validate a password for a given username and return a user profile using an existing backend, like:

- Forums (phpBB, Discourse, etc.)
- Custom Identity stores (Keycloak, ...)
- CRMs (Wordpress, ...)
- self-hosted clouds (Nextcloud, ownCloud, ...)

It is mainly used with [ma1sd](https://github.com/ma1uta/ma1sd), the Federated Matrix Identity Server, to provide
missing features and offer a fully integrated solution (directory, authentication, search).

**NOTE:** This module doesn't provide direct integration with any backend. If you do not use mxisd, you will need to write
your own backend, following the [Integration section](#integrate). This module simply translate an anthentication result
and profile information into actionables in synapse, and adapt your user profile with what is given.

## Install
Copy in whichever directory python can pick it up as a module.

```
sudo pip install git+https://github.com/ma1uta/matrix-synapse-rest-password-provider
```

If the command fail, double check that the python version still matches. If not, please let us know by opening an issue.

## Configure
Add or amend the `password_providers` entry like so:
```yaml
password_providers:
  - module: "rest_auth_provider.RestAuthProvider"
    config:
      endpoint: "http://change.me.example.com:12345"
```
Set `endpoint` to the value documented with the endpoint provider.

## Use
1. Install, configure, restart synapse
2. Try to login with a valid username and password for the endpoint configured

## Next steps
### Lowercase username enforcement
**NOTE**: This is no longer relevant as synapse natively enforces lowercase.

To avoid creating users accounts with uppercase characters in their usernames and running into known
issues regarding case sensitivity in synapse, attempting to login with such username will fail.

It is highly recommended to keep this feature enable, but in case you would like to disable it:
```yaml
    config:
      policy:
        registration:
          username:
            enforceLowercase: false
```

### Profile auto-fill
By default, on first login, the display name is set to the one returned by the backend.  
If none is given, the display name is not set.  
Upon subsequent login, the display name is not changed.

If you would like to change the behaviour, you can use the following configuration items:
```yaml
    config:
      policy:
        registration:
          profile:
            name: true
        login:
          profile:
            name: false
```

3PIDs received from the backend are merged with the ones already linked to the account.
If you would like to change this behaviour, you can use the following configuration items:
```yaml
    config:
      policy:
        all:
          threepid:
            update: false
            replace: false
```
If update is set to `false`, the 3PIDs will not be changed at all. If replace is set to `true`, all 3PIDs not available in the backend anymore will be deleted from synapse.

## Integrate
To use this module with your back-end, you will need to implement a single REST endpoint:

Path: `/_matrix-internal/identity/v1/check_credentials`  
Method: POST  
Body as JSON UTF-8:
```json
{
  "user": {
    "id": "@matrix.id.of.the.user:example.com",
    "password": "passwordOfTheUser"
  }
}
```

If the credentials are accepted, the following JSON answer will be provided:
```json
{
  "auth": {
    "success": true,
    "mxid": "@matrix.id.of.the.user:example.com",
    "profile": {
      "display_name": "John Doe",
      "three_pids": [
        {
          "medium": "email",
          "address": "john.doe@example.org"
        },
        {
          "medium": "msisdn",
          "address": "123456789"
        }
      ]
    }
  }
}
```
`auth.profile` and any sub-key are optional.

---

If the credentials are refused, the following JSON answer will be provided:
```json
{
  "auth": {
    "success": false
  }
}
```
Improve readme 2019-02-20 05:40:15 +08:00			`# Synapse REST Password provider`
			`- [Overview](#overview)`
			`- [Install](#install)`
			`- [Configure](#configure)`
			`- [Integrate](#integrate)`
			`- [Support](#support)`
The End 2019-06-21 20:36:33 +08:00
Improve readme 2019-02-20 05:40:15 +08:00			`## Overview`
The End 2019-06-21 20:36:33 +08:00			`This synapse's password provider allows you to validate a password for a given username and return a user profile using an existing backend, like:`

Improve README 2017-09-18 19:46:42 +08:00			`- Forums (phpBB, Discourse, etc.)`
			`- Custom Identity stores (Keycloak, ...)`
			`- CRMs (Wordpress, ...)`
			`- self-hosted clouds (Nextcloud, ownCloud, ...)`

Temporary fix for authentication. Update readme. Add gitignore. 2020-01-24 06:08:15 +08:00			`It is mainly used with [ma1sd](https://github.com/ma1uta/ma1sd), the Federated Matrix Identity Server, to provide`
better wording in README 2017-09-18 21:18:34 +08:00			`missing features and offer a fully integrated solution (directory, authentication, search).`
Initial code 2017-08-31 04:15:22 +08:00
Improve readme 2019-02-20 05:40:15 +08:00			`NOTE: This module doesn't provide direct integration with any backend. If you do not use mxisd, you will need to write`
			`your own backend, following the [Integration section](#integrate). This module simply translate an anthentication result`
			`and profile information into actionables in synapse, and adapt your user profile with what is given.`

Initial code 2017-08-31 04:15:22 +08:00			`## Install`
Add setup.py for easier install (No need to figure out paths) 2020-03-27 03:01:05 +08:00			`Copy in whichever directory python can pick it up as a module.`
Add instructions for Synapse v0.34.0 switch to py3 2018-12-21 06:01:05 +08:00
			```
Add setup.py for easier install (No need to figure out paths) 2020-03-27 03:01:05 +08:00			`sudo pip install git+https://github.com/ma1uta/matrix-synapse-rest-password-provider`
Add instructions for Synapse v0.34.0 switch to py3 2018-12-21 06:01:05 +08:00			```
Initial code 2017-08-31 04:15:22 +08:00
Improve readme 2019-02-20 05:40:15 +08:00			`If the command fail, double check that the python version still matches. If not, please let us know by opening an issue.`
Initial code 2017-08-31 04:15:22 +08:00
			`## Configure`
Improve README 2017-09-18 19:46:42 +08:00			Add or amend the `password_providers` entry like so:
Improve readme 2019-02-20 05:40:15 +08:00			```yaml
Initial code 2017-08-31 04:15:22 +08:00			`password_providers:`
			`- module: "rest_auth_provider.RestAuthProvider"`
			`config:`
			`endpoint: "http://change.me.example.com:12345"`
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			```
Update README with latest relevant info 2018-11-14 11:13:02 +08:00			Set `endpoint` to the value documented with the endpoint provider.
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00
			`## Use`
			`1. Install, configure, restart synapse`
			`2. Try to login with a valid username and password for the endpoint configured`

			`## Next steps`
			`### Lowercase username enforcement`
Update README with latest relevant info 2018-11-14 11:13:02 +08:00			`NOTE: This is no longer relevant as synapse natively enforces lowercase.`

Enforce lowercase username registration policy 2017-10-08 10:58:35 +08:00			`To avoid creating users accounts with uppercase characters in their usernames and running into known`
			`issues regarding case sensitivity in synapse, attempting to login with such username will fail.`
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00
Enforce lowercase username registration policy 2017-10-08 10:58:35 +08:00			`It is highly recommended to keep this feature enable, but in case you would like to disable it:`
Improve readme 2019-02-20 05:40:15 +08:00			```yaml
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`config:`
Add ability to enforce lowercase usernames on registration 2017-09-26 20:49:32 +08:00			`policy:`
			`registration:`
			`username:`
Update README with latest relevant info 2018-11-14 11:13:02 +08:00			`enforceLowercase: false`
Initial code 2017-08-31 04:15:22 +08:00			```

Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`### Profile auto-fill`
			`By default, on first login, the display name is set to the one returned by the backend.`
			`If none is given, the display name is not set.`
			`Upon subsequent login, the display name is not changed.`
Improve README 2017-09-18 19:46:42 +08:00
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`If you would like to change the behaviour, you can use the following configuration items:`
Improve readme 2019-02-20 05:40:15 +08:00			```yaml
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`config:`
			`policy:`
			`registration:`
			`profile:`
Update README with latest relevant info 2018-11-14 11:13:02 +08:00			`name: true`
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`login:`
			`profile:`
Update README with latest relevant info 2018-11-14 11:13:02 +08:00			`name: false`
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			```
Add ability to enforce lowercase usernames on registration 2017-09-26 20:49:32 +08:00
Profile auto-fill improvements 2017-10-08 10:52:08 +08:00			`3PIDs received from the backend are merged with the ones already linked to the account.`
Updated Readme.md for 3PID replacement option 2019-02-22 00:02:07 +08:00			`If you would like to change this behaviour, you can use the following configuration items:`
Allow toggle to enable/disable merging 3PIDs in profile 2019-02-20 05:29:55 +08:00			```yaml
			`config:`
			`policy:`
			`all:`
			`threepid:`
			`update: false`
Updated Readme.md for 3PID replacement option 2019-02-22 00:02:07 +08:00			`replace: false`
Allow toggle to enable/disable merging 3PIDs in profile 2019-02-20 05:29:55 +08:00			```
Updated Readme.md for 3PID replacement option 2019-02-22 00:02:07 +08:00			If update is set to `false`, the 3PIDs will not be changed at all. If replace is set to `true`, all 3PIDs not available in the backend anymore will be deleted from synapse.
Initial code 2017-08-31 04:15:22 +08:00
Improve README 2017-09-18 19:46:42 +08:00			`## Integrate`
Fix possibly failing curl command 2019-02-15 00:26:57 +08:00			`To use this module with your back-end, you will need to implement a single REST endpoint:`
Improve README 2017-09-18 19:46:42 +08:00
			Path: `/_matrix-internal/identity/v1/check_credentials`
			`Method: POST`
			`Body as JSON UTF-8:`
Improve readme 2019-02-20 05:40:15 +08:00			```json
Initial code 2017-08-31 04:15:22 +08:00			`{`
			`"user": {`
			`"id": "@matrix.id.of.the.user:example.com",`
			`"password": "passwordOfTheUser"`
			`}`
			`}`
			```

Improve readme 2019-02-20 05:40:15 +08:00			`If the credentials are accepted, the following JSON answer will be provided:`
			```json
Initial code 2017-08-31 04:15:22 +08:00			`{`
Feed profile data (display name, 3PIDs) within synapse 2017-09-26 10:21:55 +08:00			`"auth": {`
Improve readme 2019-02-20 05:40:15 +08:00			`"success": true,`
			`"mxid": "@matrix.id.of.the.user:example.com",`
Feed profile data (display name, 3PIDs) within synapse 2017-09-26 10:21:55 +08:00			`"profile": {`
			`"display_name": "John Doe",`
			`"three_pids": [`
			`{`
			`"medium": "email",`
			`"address": "john.doe@example.org"`
			`},`
			`{`
			`"medium": "msisdn",`
			`"address": "123456789"`
			`}`
			`]`
			`}`
Initial code 2017-08-31 04:15:22 +08:00			`}`
			`}`
			```
Improve readme 2019-02-20 05:40:15 +08:00			`auth.profile` and any sub-key are optional.

			`---`

			`If the credentials are refused, the following JSON answer will be provided:`
			```json
			`{`
			`"auth": {`
			`"success": false`
			`}`
			`}`
			```