Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2)

For now, we disable the new `com.devture.shared_secret_auth` login type
by default, because it causes problems with Element:
https://github.com/vector-im/element-web/issues/19605

This also becomes the first module to use the new Synapse module system
that got introduced in Synapse v1.46.0.

Despite these upgrades, things should remain functionally identical
as far as bridges, matrix-corporal or other consumers are concerned.
development
Slavi Pantaleev 3 years ago
parent fa9b69e213
commit 5a69c899a3

@ -489,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
# Enable this to activate the Shared Secret Auth password provider module. # Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth # See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true
# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605
matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false
matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}"
matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|bool|to_json }}
com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }}
# Enable this to activate LDAP password provider # Enable this to activate LDAP password provider
matrix_synapse_ext_password_provider_ldap_enabled: false matrix_synapse_ext_password_provider_ldap_enabled: false
@ -573,6 +581,9 @@ matrix_synapse_default_room_version: "6"
# If not, you can also control its value manually. # If not, you can also control its value manually.
matrix_synapse_spam_checker: [] matrix_synapse_spam_checker: []
# Controls the Synapse `modules` list.
# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2`
# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime.
matrix_synapse_modules: [] matrix_synapse_modules: []
matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_encryption_enabled_by_default_for_room_type: "off"

@ -5,6 +5,11 @@
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
- name: Fail if no Shared Secret Auth login types enabled
fail:
msg: "Shared Secret Auth is enabled, but none of the login types are"
when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"
- name: Download matrix-synapse-shared-secret-auth - name: Download matrix-synapse-shared-secret-auth
get_url: get_url:
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
@ -15,7 +20,17 @@
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
- set_fact: - set_fact:
matrix_synapse_password_providers_enabled: true matrix_synapse_modules: |
{{
matrix_synapse_modules|default([])
+
[
{
"module": "shared_secret_authenticator.SharedSecretAuthProvider",
"config": matrix_synapse_ext_password_provider_shared_secret_config
}
]
}}
matrix_synapse_container_extra_arguments: > matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }} {{ matrix_synapse_container_extra_arguments|default([]) }}

@ -3,7 +3,7 @@
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8 - name: Fail if trying to self-build on Ansible < 2.8
fail: fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
# Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,

@ -2586,11 +2586,6 @@ email:
# #filter: "(objectClass=posixAccount)" # #filter: "(objectClass=posixAccount)"
{% if matrix_synapse_password_providers_enabled %} {% if matrix_synapse_password_providers_enabled %}
password_providers: password_providers:
{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
- module: "shared_secret_authenticator.SharedSecretAuthenticator"
config:
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
{% endif %}
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %} {% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
- module: "rest_auth_provider.RestAuthProvider" - module: "rest_auth_provider.RestAuthProvider"
config: config:

Loading…
Cancel
Save