A Diaspora* auth provider for Synapse
Project description
Synapse-diaspora-auth
=====================
A diaspora authenticator for matrix synapse.
Installation
------------
This package is easy to install from pypi:
Just run this command to install:
.. code:: bash
pip install synapse-diaspora-auth
Alternatively, to install from git:
.. code:: bash
pip install git+https://git.fosscommunity.in/necessary129/synapse-diaspora-auth.git
Configuration
-------------
In your ``homeserver.yaml`` file, the ``password_providers`` directive
should look like this:
.. code:: yaml
password_providers:
- module: "diaspora_auth_provider.DiasporaAuthProvider"
config:
pepper: <pepper>
database:
engine: <db engine>
name: "<database>"
username: <db_user>
password: <db_password>
host: "127.0.0.1"
port: <port>
You should get ``pepper`` from ``<DIASPORA_HOME>/database.yaml`` or from
``<DIASPORA_HOME>/initializers/devise.rb`` as ``config.pepper``.
the engine should either be ``mysql`` or ``postgres``
The port is usually ``5432`` for PostgreSQL and ``3306`` for MariaDB/MySQL
Database
~~~~~~~~
synapse-diaspora-auth currently supports MySQL and PostgreSQL as the database engines.
PostgreSQL
^^^^^^^^^^
It is recommended to create a seperate user for synapse in the postgres
database, with read-only access to ``<database>``.
To do that, first login to postgres as the root user:
.. code:: bash
sudo -u postgres psql <database>
then, run these commands:
.. code:: sql
CREATE user <db_user> WITH password '<db_password>';
GRANT CONNECT ON DATABASE <database> TO <db_user>;
GRANT SELECT ON users TO <db_user>;
MySQL
^^^^^
The commands are almost the same in MySQL:
login to MySQL as root:
.. code:: bash
sudo mysql -u root
Then run these queries:
.. code:: sql
CREATE user '<db_user>'@'localhost' WITH password '<db_password>';
GRANT SELECT ON <database>.users TO '<db_user>'@'localhost';
And you will be good to go!
Email Authentication
~~~~~~~~~~~~~~~~~~~~
While this module helps in authenticating with diaspora, we need to set up mxisd_ for supporting
authentication through email.
Installation
^^^^^^^^^^^^
Follow the instructions `here <https://github.com/kamax-io/mxisd/blob/master/docs/getting-started.md#install>`_
Configuration & Setup
^^^^^^^^^^^^^^^^^^^^^
Follow `this <https://github.com/kamax-io/mxisd/blob/master/docs/getting-started.md#configure>`_.
Basically, if you used the debian package, you just need to set up the ``matrix.domain`` first.
And then, add these lines to ``mxisd.yaml``:
.. code:: yaml
sql:
enabled: true
type: mysql
connection: "//<HOST>/<DATABASE>?user=<USERNAME>&password=<PASSWORD>"
identity:
type: 'uid'
query: "select (case when ?='email' then username else null end) as uid from users where email=?"
Where ``<HOST>``, ``<DATABASE>``,``<USERNAME>`` and ``<PASSWORD>`` are your database host, diaspora database, user and password you created when you set up database for synapse-diaspora-auth
Now follow the steps `here <https://github.com/kamax-io/mxisd/blob/master/docs/features/authentication.md#advanced>`_. ie, forward the ``/_matrix/client/r0/login`` endpoint to mxisd and add
.. code:: yaml
dns.overwrite.homeserver.client:
- name: '<DOMAIN>'
value: 'http://localhost:8008'
where ``<DOMAIN>`` is your matrix server name.
An Apache2 reverse proxy example is already given `here <https://github.com/kamax-io/mxisd/blob/master/docs/features/authentication.md#apache2>`_. An example nginx configuration would be this:
.. code::
location /_matrix/client/r0/login {
proxy_pass http://localhost:8090/_matrix/client/r0/login;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Make sure to put this above other matrix reverse proxy directives. And Congrats! You now have a competely integrated synapse - diaspora setup! :D
.. _mxisd: https://github.com/kamax-io/mxisd
=====================
A diaspora authenticator for matrix synapse.
Installation
------------
This package is easy to install from pypi:
Just run this command to install:
.. code:: bash
pip install synapse-diaspora-auth
Alternatively, to install from git:
.. code:: bash
pip install git+https://git.fosscommunity.in/necessary129/synapse-diaspora-auth.git
Configuration
-------------
In your ``homeserver.yaml`` file, the ``password_providers`` directive
should look like this:
.. code:: yaml
password_providers:
- module: "diaspora_auth_provider.DiasporaAuthProvider"
config:
pepper: <pepper>
database:
engine: <db engine>
name: "<database>"
username: <db_user>
password: <db_password>
host: "127.0.0.1"
port: <port>
You should get ``pepper`` from ``<DIASPORA_HOME>/database.yaml`` or from
``<DIASPORA_HOME>/initializers/devise.rb`` as ``config.pepper``.
the engine should either be ``mysql`` or ``postgres``
The port is usually ``5432`` for PostgreSQL and ``3306`` for MariaDB/MySQL
Database
~~~~~~~~
synapse-diaspora-auth currently supports MySQL and PostgreSQL as the database engines.
PostgreSQL
^^^^^^^^^^
It is recommended to create a seperate user for synapse in the postgres
database, with read-only access to ``<database>``.
To do that, first login to postgres as the root user:
.. code:: bash
sudo -u postgres psql <database>
then, run these commands:
.. code:: sql
CREATE user <db_user> WITH password '<db_password>';
GRANT CONNECT ON DATABASE <database> TO <db_user>;
GRANT SELECT ON users TO <db_user>;
MySQL
^^^^^
The commands are almost the same in MySQL:
login to MySQL as root:
.. code:: bash
sudo mysql -u root
Then run these queries:
.. code:: sql
CREATE user '<db_user>'@'localhost' WITH password '<db_password>';
GRANT SELECT ON <database>.users TO '<db_user>'@'localhost';
And you will be good to go!
Email Authentication
~~~~~~~~~~~~~~~~~~~~
While this module helps in authenticating with diaspora, we need to set up mxisd_ for supporting
authentication through email.
Installation
^^^^^^^^^^^^
Follow the instructions `here <https://github.com/kamax-io/mxisd/blob/master/docs/getting-started.md#install>`_
Configuration & Setup
^^^^^^^^^^^^^^^^^^^^^
Follow `this <https://github.com/kamax-io/mxisd/blob/master/docs/getting-started.md#configure>`_.
Basically, if you used the debian package, you just need to set up the ``matrix.domain`` first.
And then, add these lines to ``mxisd.yaml``:
.. code:: yaml
sql:
enabled: true
type: mysql
connection: "//<HOST>/<DATABASE>?user=<USERNAME>&password=<PASSWORD>"
identity:
type: 'uid'
query: "select (case when ?='email' then username else null end) as uid from users where email=?"
Where ``<HOST>``, ``<DATABASE>``,``<USERNAME>`` and ``<PASSWORD>`` are your database host, diaspora database, user and password you created when you set up database for synapse-diaspora-auth
Now follow the steps `here <https://github.com/kamax-io/mxisd/blob/master/docs/features/authentication.md#advanced>`_. ie, forward the ``/_matrix/client/r0/login`` endpoint to mxisd and add
.. code:: yaml
dns.overwrite.homeserver.client:
- name: '<DOMAIN>'
value: 'http://localhost:8008'
where ``<DOMAIN>`` is your matrix server name.
An Apache2 reverse proxy example is already given `here <https://github.com/kamax-io/mxisd/blob/master/docs/features/authentication.md#apache2>`_. An example nginx configuration would be this:
.. code::
location /_matrix/client/r0/login {
proxy_pass http://localhost:8090/_matrix/client/r0/login;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Make sure to put this above other matrix reverse proxy directives. And Congrats! You now have a competely integrated synapse - diaspora setup! :D
.. _mxisd: https://github.com/kamax-io/mxisd
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for synapse-diaspora-auth-0.1.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a820187312c97ddfbc0a7d0582b5737c87e0d35755fc9e1687e1fbbc8543bcc6 |
|
MD5 | fdd5ffc53437e6537b7e66f3eade52c7 |
|
BLAKE2b-256 | 69a84a84dddf7a226fa1fab2ddd38d88d365f3d88a8dcd0b890dd01655943dbd |
Close
Hashes for synapse_diaspora_auth-0.1.1-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9336e0e30605b74df86ce2370c419fe0d81bcb3aff410cbeb2b3e9032f0433e5 |
|
MD5 | 03063b79bb1f69414746dc88376c2016 |
|
BLAKE2b-256 | 90c44900566eca973ac8707c6a0130db2554638da25199e54683a77538e854c5 |