From e4625e80617d88bfd3141fbfa6e3bd1723c066e5 Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sun, 22 Oct 2023 01:10:03 +0200 Subject: [PATCH] bicep/matrix: enable smtp auth yolo lmao --- .../matrix/smtp-authenticator/default.nix | 17 ++++++++ .../matrix/smtp-authenticator/setup.py | 11 +++++ .../smtp-authenticator/smtp_auth_provider.py | 40 +++++++++++++++++++ hosts/bicep/services/matrix/synapse.nix | 14 ++++++- 4 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 hosts/bicep/services/matrix/smtp-authenticator/default.nix create mode 100644 hosts/bicep/services/matrix/smtp-authenticator/setup.py create mode 100644 hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py diff --git a/hosts/bicep/services/matrix/smtp-authenticator/default.nix b/hosts/bicep/services/matrix/smtp-authenticator/default.nix new file mode 100644 index 0000000..d4cfebc --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/default.nix @@ -0,0 +1,17 @@ +{ lib, buildPythonPackage, fetchFromGitHub }: + +buildPythonPackage rec { + pname = "matrix-synapse-smtp-auth"; + version = "0.1.0"; + + src = ./.; + + doCheck = false; + + meta = with lib; { + description = "An SMTP auth provider for Synapse"; + homepage = "pvv.ntnu.no"; + license = licenses.agpl3Only; + maintainers = with maintainers; [ dandellion ]; + }; +} diff --git a/hosts/bicep/services/matrix/smtp-authenticator/setup.py b/hosts/bicep/services/matrix/smtp-authenticator/setup.py new file mode 100644 index 0000000..3201aec --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/setup.py @@ -0,0 +1,11 @@ +from setuptools import setup + +setup( + name="matrix-synapse-smtp-auth", + version="0.1.0", + py_modules=['smtp_auth_provider'], + author="Daniel Løvbrøtte Olsen", + author_email="danio@pvv.ntnu.no", + description="An SMTP auth provider for Synapse", + license="AGPL-3.0-only" +) diff --git a/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py b/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py new file mode 100644 index 0000000..a497c9e --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py @@ -0,0 +1,40 @@ +from typing import Awaitable, Callable, Optional, Tuple + +from smtplib import SMTP_SSL as SMTP + +import synapse +from synapse import module_api + + +class SMTPAuthProvider: + def __init__(self, config: dict, api: module_api): + self.api = api + + api.register_password_auth_provider_callbacks( + auth_checkers={ + ("m.login.password", ("password",)): self.check_pass, + }, + ) + + async def check_pass( + self, + username: str, + login_type: str, + login_dict: "synapse.module_api.JsonDict", + ): + if login_type != "m.login.password": + return None + + result = False + with SMTP(config.smtp_host) as smtp: + password = login_dict.get("password") + try: + smtp.login(username, password) + except: + return None + result = True + + if result == True: + return (self.api.get_qualified_user_id(username), None) + else: + return None diff --git a/hosts/bicep/services/matrix/synapse.nix b/hosts/bicep/services/matrix/synapse.nix index 76f5bd2..f96aa96 100644 --- a/hosts/bicep/services/matrix/synapse.nix +++ b/hosts/bicep/services/matrix/synapse.nix @@ -25,6 +25,10 @@ in { services.matrix-synapse-next = { enable = true; + plugins = [ + (pkgs.python3Packages.callPackage ./smtp-authenticator { }) + ]; + dataDir = "/data/synapse"; workers.federationSenders = 2; @@ -81,7 +85,15 @@ in { enable_registration = false; registration_shared_secret_path = config.sops.secrets."matrix/synapse/user_registration".path; - password_config.enabled = lib.mkForce false; + password_config.enabled = true; + + modules = [ + { module = "smtp_auth_provider.SMTPAuthProvider"; + config = { + smtp_host = "smtp.pvv.ntnu.no"; + }; + } + ]; trusted_key_servers = [ { server_name = "matrix.org"; }