diff --git a/hosts/bicep/services/matrix/smtp-authenticator/default.nix b/hosts/bicep/services/matrix/smtp-authenticator/default.nix new file mode 100644 index 00000000..d4cfebc8 --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/default.nix @@ -0,0 +1,17 @@ +{ lib, buildPythonPackage, fetchFromGitHub }: + +buildPythonPackage rec { + pname = "matrix-synapse-smtp-auth"; + version = "0.1.0"; + + src = ./.; + + doCheck = false; + + meta = with lib; { + description = "An SMTP auth provider for Synapse"; + homepage = "pvv.ntnu.no"; + license = licenses.agpl3Only; + maintainers = with maintainers; [ dandellion ]; + }; +} diff --git a/hosts/bicep/services/matrix/smtp-authenticator/setup.py b/hosts/bicep/services/matrix/smtp-authenticator/setup.py new file mode 100644 index 00000000..3201aec5 --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/setup.py @@ -0,0 +1,11 @@ +from setuptools import setup + +setup( + name="matrix-synapse-smtp-auth", + version="0.1.0", + py_modules=['smtp_auth_provider'], + author="Daniel Løvbrøtte Olsen", + author_email="danio@pvv.ntnu.no", + description="An SMTP auth provider for Synapse", + license="AGPL-3.0-only" +) diff --git a/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py b/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py new file mode 100644 index 00000000..ac6694f8 --- /dev/null +++ b/hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py @@ -0,0 +1,45 @@ +from typing import Awaitable, Callable, Optional, Tuple + +from smtplib import SMTP_SSL as SMTP + +import synapse +from synapse import module_api + + +class SMTPAuthProvider: + def __init__(self, config: dict, api: module_api): + self.api = api + + self.config = config + + api.register_password_auth_provider_callbacks( + auth_checkers={ + ("m.login.password", ("password",)): self.check_pass, + }, + ) + + async def check_pass( + self, + username: str, + login_type: str, + login_dict: "synapse.module_api.JsonDict", + ): + if login_type != "m.login.password": + return None + + result = False + with SMTP(self.config["smtp_host"]) as smtp: + password = login_dict.get("password") + try: + smtp.login(username, password) + result = True + except: + return None + + if result == True: + userid = self.api.get_qualified_user_id(username) + if not self.api.check_user_exists(userid): + self.api.register_user(username) + return (userid, None) + else: + return None diff --git a/hosts/bicep/services/matrix/synapse.nix b/hosts/bicep/services/matrix/synapse.nix index 76f5bd2d..f96aa96d 100644 --- a/hosts/bicep/services/matrix/synapse.nix +++ b/hosts/bicep/services/matrix/synapse.nix @@ -25,6 +25,10 @@ in { services.matrix-synapse-next = { enable = true; + plugins = [ + (pkgs.python3Packages.callPackage ./smtp-authenticator { }) + ]; + dataDir = "/data/synapse"; workers.federationSenders = 2; @@ -81,7 +85,15 @@ in { enable_registration = false; registration_shared_secret_path = config.sops.secrets."matrix/synapse/user_registration".path; - password_config.enabled = lib.mkForce false; + password_config.enabled = true; + + modules = [ + { module = "smtp_auth_provider.SMTPAuthProvider"; + config = { + smtp_host = "smtp.pvv.ntnu.no"; + }; + } + ]; trusted_key_servers = [ { server_name = "matrix.org"; }