Initial code

This commit is contained in:
Maxime Dor 2017-08-30 22:15:22 +02:00
commit 1b9459824c
2 changed files with 144 additions and 0 deletions

51
README.md Normal file
View File

@ -0,0 +1,51 @@
# HTTP JSON REST Authenticator module for synapse
Allows you to use any backend implementing a specific HTTP JSON REST endpoint to authenticate a user in Matrix.
This allows to externalize authentication in synapse without having to write a module in python but rely on possibly existing workflows.
## Install
Copy in whichever directory python2.x can pick it up as a module.
If you installed synapse using the Matrix debian repos:
```
git clone https://github.com/maxidor/matrix-synapse-rest-auth.git
cd matrix-synapse-rest-auth
sudo cp rest_auth_provider /usr/lib/python2.6/dist-packages/
sudo cp rest_auth_provider /usr/lib/python2.7/dist-packages/
```
## Configure
```
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: "http://change.me.example.com:12345"
```
## Use
1. Install, configure, restart synapse
2. Try to login with a valid username and password for the endpoint configured
## Extend
The following endpoint path is called with HTTP POST request: `/_matrix-internal/identity/v1/check_credentials` with the following JSON body:
```
{
"user": {
"id": "@matrix.id.of.the.user:example.com",
"password": "passwordOfTheUser"
}
}
```
The following JSON answer is expected:
```
{
"authentication": {
"success": <boolean>
"mxid": "@matrix.id.of.the.user:example.com"
"display_name": <String of the display name to set, optional>
}
}
```
## Support
Contact @max:kamax.io on Matrix

93
rest_auth_provider.py Normal file
View File

@ -0,0 +1,93 @@
# -*- coding: utf-8 -*-
#
# REST endpoint Authentication module for Matrix synapse
# Copyright (C) 2017 Maxime Dor
#
# https://max.kamax.io/
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging
from twisted.internet import defer
import requests
import json
__version__ = "0.0.1"
logger = logging.getLogger(__name__)
class RestAuthProvider(object):
__version__ = "0.0.1"
def __init__(self, config, account_handler):
self.account_handler = account_handler
if not config.endpoint:
raise RuntimeError('Missing endpoint config')
self.endpoint = config.endpoint
@defer.inlineCallbacks
def check_password(self, user_id, password):
logger.info("Got password check for " + user_id)
data = {'user':{'id':user_id, 'password':password}}
r = requests.post(self.endpoint + '/_matrix-internal/identity/v1/check_credentials', json = data)
r.raise_for_status()
r = r.json()
if not r["authentication"]:
reason = "Invalid JSON data returned from REST endpoint"
logger.warning(reason)
raise RuntimeError(reason)
auth = r["authentication"]
if not auth["success"]:
logger.info("User not authenticated")
defer.returnValue(False)
logger.info("User authenticated: %s", auth["mxid"])
if not (yield self.account_handler.check_user_exists(user_id)):
logger.info("User %s does not exist yet, creating...", user_id)
localpart = user_id.split(":", 1)[0][1:]
user_id, access_token = (yield self.account_handler.register(localpart=localpart))
logger.info("Registration based on REST data was successful for %s", user_id)
if auth["display_name"]:
store = self.account_handler.hs.get_handlers().profile_handler.store
yield store.set_profile_displayname(localpart, auth["display_name"])
logger.info("Name '%s' was set based on profile data", auth["display_name"]);
defer.returnValue(True)
@staticmethod
def parse_config(config):
# verify config sanity
_require_keys(config, ["endpoint"])
class _RestConfig(object):
pass
rest_config = _RestConfig()
rest_config.endpoint = config["endpoint"]
return rest_config
def _require_keys(config, required):
missing = [key for key in required if key not in config]
if missing:
raise Exception(
"REST Auth enabled but missing required config values: {}".format(
", ".join(missing)
)
)