commit 1b9459824c1eb0ee2b05da28ee87e62b42bf37aa
Author: Maxime Dor <max@kamax.io>
Date:   Wed Aug 30 22:15:22 2017 +0200

    Initial code

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e5a3a27
--- /dev/null
+++ b/README.md
@@ -0,0 +1,51 @@
+# HTTP JSON REST Authenticator module for synapse
+Allows you to use any backend implementing a specific HTTP JSON REST endpoint to authenticate a user in Matrix.  
+This allows to externalize authentication in synapse without having to write a module in python but rely on possibly existing workflows.
+
+## Install
+Copy in whichever directory python2.x can pick it up as a module.  
+
+If you installed synapse using the Matrix debian repos:
+```
+git clone https://github.com/maxidor/matrix-synapse-rest-auth.git
+cd matrix-synapse-rest-auth
+sudo cp rest_auth_provider /usr/lib/python2.6/dist-packages/
+sudo cp rest_auth_provider /usr/lib/python2.7/dist-packages/
+```
+
+## Configure
+```
+password_providers:
+  - module: "rest_auth_provider.RestAuthProvider"
+    config:
+      endpoint: "http://change.me.example.com:12345"
+```
+
+## Use
+1. Install, configure, restart synapse
+2. Try to login with a valid username and password for the endpoint configured
+
+## Extend
+The following endpoint path is called with HTTP POST request: `/_matrix-internal/identity/v1/check_credentials` with the following JSON body:
+```
+{
+  "user": {
+    "id": "@matrix.id.of.the.user:example.com",
+    "password": "passwordOfTheUser"
+  }
+}
+```
+
+The following JSON answer is expected:
+```
+{
+  "authentication": {
+    "success": <boolean>
+    "mxid": "@matrix.id.of.the.user:example.com"
+    "display_name": <String of the display name to set, optional>
+  }
+}
+```
+
+## Support
+Contact @max:kamax.io on Matrix
diff --git a/rest_auth_provider.py b/rest_auth_provider.py
new file mode 100644
index 0000000..e2585e7
--- /dev/null
+++ b/rest_auth_provider.py
@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+#
+# REST endpoint Authentication module for Matrix synapse
+# Copyright (C) 2017 Maxime Dor
+#
+# https://max.kamax.io/
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import logging
+from twisted.internet import defer
+import requests
+import json
+
+__version__ = "0.0.1"
+logger = logging.getLogger(__name__)
+
+class RestAuthProvider(object):
+    __version__ = "0.0.1"
+
+    def __init__(self, config, account_handler):
+        self.account_handler = account_handler
+
+        if not config.endpoint:
+            raise RuntimeError('Missing endpoint config')
+
+        self.endpoint = config.endpoint
+
+    @defer.inlineCallbacks
+    def check_password(self, user_id, password):
+        logger.info("Got password check for " + user_id)
+        data = {'user':{'id':user_id, 'password':password}}
+        r = requests.post(self.endpoint + '/_matrix-internal/identity/v1/check_credentials', json = data)
+        r.raise_for_status()
+        r = r.json()
+        if not r["authentication"]:
+            reason = "Invalid JSON data returned from REST endpoint"
+            logger.warning(reason)
+            raise RuntimeError(reason)
+
+        auth = r["authentication"]
+        if not auth["success"]:
+            logger.info("User not authenticated")
+            defer.returnValue(False)
+
+        logger.info("User authenticated: %s", auth["mxid"])
+
+        if not (yield self.account_handler.check_user_exists(user_id)):
+            logger.info("User %s does not exist yet, creating...", user_id)
+            localpart = user_id.split(":", 1)[0][1:]
+            user_id, access_token = (yield self.account_handler.register(localpart=localpart))
+            logger.info("Registration based on REST data was successful for %s", user_id)
+
+            if auth["display_name"]:
+                store = self.account_handler.hs.get_handlers().profile_handler.store
+                yield store.set_profile_displayname(localpart, auth["display_name"])
+                logger.info("Name '%s' was set based on profile data", auth["display_name"]);
+
+        defer.returnValue(True)
+
+    @staticmethod
+    def parse_config(config):
+        # verify config sanity
+        _require_keys(config, ["endpoint"])
+
+        class _RestConfig(object):
+            pass
+
+        rest_config = _RestConfig()
+        rest_config.endpoint = config["endpoint"]
+        return rest_config
+
+def _require_keys(config, required):
+    missing = [key for key in required if key not in config]
+    if missing:
+        raise Exception(
+            "REST Auth enabled but missing required config values: {}".format(
+                ", ".join(missing)
+            )
+        )
+