Improve readme

Allow toggle to enable/disable merging 3PIDs in profile
Fix possibly failing curl command
2019-02-19 22:41:16 +01:00 · 2019-02-19 22:29:55 +01:00 · 2019-02-14 17:26:57 +01:00 · 2018-12-20 23:49:23 +01:00 · 2018-11-14 04:13:02 +01:00 · 2017-10-24 11:05:38 +02:00
2 changed files with 94 additions and 40 deletions
--- a/README.md
+++ b/README.md
@@ -1,32 +1,53 @@
-# HTTP JSON REST Authenticator module for synapse
-This synapse authentication module (password provider) allows you to query identity data in existing webapps, like:
+# Synapse REST Password provider
+- [Overview](#overview)
+- [Install](#install)
+- [Configure](#configure)
+- [Integrate](#integrate)
+- [Support](#support)
+  
+## Overview
+This synapse's password provider allows you to validate a password for a given username and return a user profile using
+an existing backend, like:
 - Forums (phpBB, Discourse, etc.)
 - Custom Identity stores (Keycloak, ...)
 - CRMs (Wordpress, ...)
 - self-hosted clouds (Nextcloud, ownCloud, ...)

-It is mainly used with [mxisd](https://github.com/kamax-io/mxisd), the Federated Matrix Identity Server, to provide
+It is mainly used with [mxisd](https://github.com/kamax-matrix/mxisd), the Federated Matrix Identity Server, to provide
 missing features and offer a fully integrated solution (directory, authentication, search).

+**NOTE:** This module doesn't provide direct integration with any backend. If you do not use mxisd, you will need to write
+your own backend, following the [Integration section](#integrate). This module simply translate an anthentication result
+and profile information into actionables in synapse, and adapt your user profile with what is given.
+
 ## Install
+### From Synapse v0.34.0/py3
+Copy in whichever directory python3.x can pick it up as a module.  
+
+If you installed synapse using the Matrix debian repos:
+```
+sudo curl https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py -o /opt/venvs/matrix-synapse/lib/python3.5/site-packages/rest_auth_provider.py
+```
+If the command fail, double check that the python version still matches. If not, please let us know by opening an issue.
+
+### Before Synapse v0.34.0/py3 or any py2-based release
 Copy in whichever directory python2.x can pick it up as a module.  

 If you installed synapse using the Matrix debian repos:
 ```
-git clone https://github.com/maxidor/matrix-synapse-rest-auth.git
-cd matrix-synapse-rest-auth
-sudo cp rest_auth_provider.py /usr/lib/python2.7/dist-packages/
+sudo curl https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py -o /usr/lib/python2.7/dist-packages/rest_auth_provider.py
 ```
+If the command fail, double check that the python version still matches. If not, please let us know by opening an issue.

 ## Configure
 Add or amend the `password_providers` entry like so:
-```
+```yaml
 password_providers:
  - module: "rest_auth_provider.RestAuthProvider"
    config:
      endpoint: "http://change.me.example.com:12345"
 ```
-Set `endpoint` to the appropriate value.
+Set `endpoint` to the value documented with the endpoint provider.

 ## Use
 1. Install, configure, restart synapse
@@ -34,17 +55,18 @@ Set `endpoint` to the appropriate value.

 ## Next steps
 ### Lowercase username enforcement
+**NOTE**: This is no longer relevant as synapse natively enforces lowercase.
+
 To avoid creating users accounts with uppercase characters in their usernames and running into known
 issues regarding case sensitivity in synapse, attempting to login with such username will fail.

 It is highly recommended to keep this feature enable, but in case you would like to disable it:
-```
-[...]
+```yaml
    config:
      policy:
        registration:
          username:
-            enforceLowercase: False
+            enforceLowercase: false
 ```

 ### Profile auto-fill
@@ -53,27 +75,34 @@ If none is given, the display name is not set.
 Upon subsequent login, the display name is not changed.

 If you would like to change the behaviour, you can use the following configuration items:
-```
-[...]
+```yaml
    config:
      policy:
        registration:
          profile:
-            name: True
+            name: true
        login:
          profile:
-            name: False
+            name: false
 ```

 3PIDs received from the backend are merged with the ones already linked to the account.
+If you would like to change this behaviour, you can use the following configuration item:
+```yaml
+    config:
+      policy:
+        all:
+          threepid:
+            update: false
+```

 ## Integrate
-To use this module with your backend, you will need to implement a single REST endpoint:
+To use this module with your back-end, you will need to implement a single REST endpoint:

 Path: `/_matrix-internal/identity/v1/check_credentials`  
 Method: POST  
 Body as JSON UTF-8:
-```
+```json
 {
  "user": {
    "id": "@matrix.id.of.the.user:example.com",
@@ -82,12 +111,12 @@ Body as JSON UTF-8:
 }
 ```

-The following JSON answer will be provided:
-```
+If the credentials are accepted, the following JSON answer will be provided:
+```json
 {
  "auth": {
-    "success": <boolean>
-    "mxid": "@matrix.id.of.the.user:example.com"
+    "success": true,
+    "mxid": "@matrix.id.of.the.user:example.com",
    "profile": {
      "display_name": "John Doe",
      "three_pids": [
@@ -104,6 +133,18 @@ The following JSON answer will be provided:
  }
 }
 ```
+`auth.profile` and any sub-key are optional.
+
+---
+
+If the credentials are refused, the following JSON answer will be provided:
+```json
+{
+  "auth": {
+    "success": false
+  }
+}
+```

 ## Support
 For community support, visit our Matrix room [#matrix-synapse-rest-auth:kamax.io](https://matrix.to/#/#matrix-synapse-rest-auth:kamax.io)
--- a/rest_auth_provider.py
+++ b/rest_auth_provider.py
@@ -79,7 +79,7 @@ class RestAuthProvider(object):
            logger.info("Handling profile data")
            profile = auth["profile"]

-            store = yield self.account_handler.hs.get_handlers().profile_handler.store
+            store = yield self.account_handler.hs.get_profile_handler().store
            if "display_name" in profile and ((registration and self.config.setNameOnRegister) or (self.config.setNameOnLogin)):
                display_name = profile["display_name"]
                logger.info("Setting display name to '%s' based on profile data", display_name)
@@ -87,25 +87,28 @@ class RestAuthProvider(object):
            else:
                logger.info("Display name was not set because it was not given or policy restricted it")
            
-            if "three_pids" in profile:
-                logger.info("Handling 3PIDs")
-                for threepid in profile["three_pids"]:
-                    medium = threepid["medium"].lower()
-                    address = threepid["address"].lower()
-                    logger.info("Looking for 3PID %s:%s in user profile", medium, address)
+            if (self.config.updateThreepid):
+                if "three_pids" in profile:
+                    logger.info("Handling 3PIDs")
+                    for threepid in profile["three_pids"]:
+                        medium = threepid["medium"].lower()
+                        address = threepid["address"].lower()
+                        logger.info("Looking for 3PID %s:%s in user profile", medium, address)

-                    validated_at = self.account_handler.hs.get_clock().time_msec()
-                    if not (yield store.get_user_id_by_threepid(medium, address)):
-                        logger.info("3PID is not present, adding")
-                        yield store.user_add_threepid(
-                            user_id,
-                            medium,
-                            address,
-                            validated_at,
-                            validated_at
-                        )
-                    else:
-                        logger.info("3PID is present, skipping")
+                        validated_at = self.account_handler.hs.get_clock().time_msec()
+                        if not (yield store.get_user_id_by_threepid(medium, address)):
+                            logger.info("3PID is not present, adding")
+                            yield store.user_add_threepid(
+                                user_id,
+                                medium,
+                                address,
+                                validated_at,
+                                validated_at
+                            )
+                        else:
+                            logger.info("3PID is present, skipping")
+            else:
+                logger.info("3PIDs were not updated due to policy")
        else:
            logger.info("No profile data")

@@ -121,6 +124,7 @@ class RestAuthProvider(object):
            regLower = True
            setNameOnRegister = True
            setNameOnLogin = False
+            updateThreepid = True

        rest_config = _RestConfig()
        rest_config.endpoint = config["endpoint"]
@@ -152,6 +156,15 @@ class RestAuthProvider(object):
            # we don't care
            pass

+        try:
+            rest_config.updateThreepid = config['policy']['all']['threepid']['update']
+        except TypeError:
+            # we don't care
+            pass
+        except KeyError:
+            # we don't care
+            pass
+
        return rest_config

 def _require_keys(config, required):
Author	SHA1	Message	Date
Max Dor	5ae0be505d	Improve readme	2019-02-19 22:41:16 +01:00
Max Dor	f87df5204e	Allow toggle to enable/disable merging 3PIDs in profile	2019-02-19 22:29:55 +01:00
Max Dor	3d5fe63d01	Fix possibly failing curl command	2019-02-14 17:26:57 +01:00
Max Dor	3e0b0b21be	Add instructions for Synapse v0.34.0 switch to py3	2018-12-20 23:49:23 +01:00
Max Dor	38b551bac9	Update README with latest relevant info	2018-11-14 04:13:02 +01:00
Maxime Dor	46e68c4cbe	Fix for synapse >= v0.24	2017-10-24 11:05:38 +02:00