bicep/matrix: enable smtp auth

yolo lmao
2023-10-22 01:10:03 +02:00
parent a6196e67fe
commit 32885891fe
4 changed files with 86 additions and 1 deletions
--- a/hosts/bicep/services/matrix/smtp-authenticator/default.nix
+++ b/hosts/bicep/services/matrix/smtp-authenticator/default.nix
@@ -0,0 +1,17 @@
+{ lib, buildPythonPackage, fetchFromGitHub }:
+
+buildPythonPackage rec {
+  pname = "matrix-synapse-smtp-auth";
+  version = "0.1.0";
+
+  src = ./.;
+
+  doCheck = false;
+
+  meta = with lib; {
+    description = "An SMTP auth provider for Synapse";
+    homepage = "pvv.ntnu.no";
+    license = licenses.agpl3Only;
+    maintainers = with maintainers; [ dandellion ];
+  };
+}
--- a/hosts/bicep/services/matrix/smtp-authenticator/setup.py
+++ b/hosts/bicep/services/matrix/smtp-authenticator/setup.py
@@ -0,0 +1,11 @@
+from setuptools import setup
+
+setup(
+    name="matrix-synapse-smtp-auth",
+    version="0.1.0",
+    py_modules=['smtp_auth_provider'],
+    author="Daniel Løvbrøtte Olsen",
+    author_email="danio@pvv.ntnu.no",
+    description="An SMTP auth provider for Synapse",
+    license="AGPL-3.0-only"
+)
--- a/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py
+++ b/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py
@@ -0,0 +1,45 @@
+from typing import Awaitable, Callable, Optional, Tuple
+
+from smtplib import SMTP_SSL as SMTP
+
+import synapse
+from synapse import module_api
+
+
+class SMTPAuthProvider:
+    def __init__(self, config: dict, api: module_api):
+        self.api = api
+
+        self.config = config
+
+        api.register_password_auth_provider_callbacks(
+            auth_checkers={
+                ("m.login.password", ("password",)): self.check_pass,
+            },
+        )
+
+    async def check_pass(
+        self,
+        username: str,
+        login_type: str,
+        login_dict: "synapse.module_api.JsonDict",
+    ):
+        if login_type != "m.login.password":
+            return None
+
+        result = False
+        with SMTP(self.config["smtp_host"]) as smtp:
+            password = login_dict.get("password")
+            try:
+                smtp.login(username, password)
+                result = True
+            except:
+                return None
+
+        if result == True:
+            userid = self.api.get_qualified_user_id(username)
+            if not self.api.check_user_exists(userid):
+                self.api.register_user(username)
+            return (userid, None)
+        else:
+            return None
--- a/hosts/bicep/services/matrix/synapse.nix
+++ b/hosts/bicep/services/matrix/synapse.nix
@@ -25,6 +25,10 @@ in {
  services.matrix-synapse-next = {
    enable = true;

+    plugins = [
+      (pkgs.python3Packages.callPackage ./smtp-authenticator { })
+    ];
+
    dataDir = "/data/synapse";

    workers.federationSenders = 2;
@@ -81,7 +85,15 @@ in {
      enable_registration = false;
      registration_shared_secret_path = config.sops.secrets."matrix/synapse/user_registration".path;

-      password_config.enabled = lib.mkForce false;
+      password_config.enabled = true;
+
+      modules = [
+        { module = "smtp_auth_provider.SMTPAuthProvider";
+          config = {
+            smtp_host = "smtp.pvv.ntnu.no";
+          };
+        }
+      ];

      trusted_key_servers = [
        { server_name = "matrix.org"; }