From bd388611799dee8cb96aec7b85d6b7ea8e3b6544 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 12 Jan 2020 20:28:36 +0200 Subject: [PATCH] Add support for automatic Double Puppeting for all Mautrix bridges --- CHANGELOG.md | 11 ++++++ ...guring-playbook-bridge-mautrix-facebook.md | 38 +++++++++++-------- ...guring-playbook-bridge-mautrix-hangouts.md | 34 +++++++++++++++++ ...guring-playbook-bridge-mautrix-telegram.md | 32 ++++++++++++++++ ...guring-playbook-bridge-mautrix-whatsapp.md | 32 ++++++++++++++++ group_vars/matrix_servers | 9 ++++- .../defaults/main.yml | 5 ++- .../defaults/main.yml | 5 ++- .../defaults/main.yml | 5 ++- .../defaults/main.yml | 5 ++- 10 files changed, 156 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 34b2d8b7..8848df0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2020-01-12 + +## Added support for automatic Double Puppeting for all Mautrix bridges + +Double Puppeting can now be easily enabled for all Mautrix bridges supported by the playbook (Facebook, Hangouts, Whatsapp, Telegram). + +This is possible due to those bridges' integration with [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) - yet another component that this playbook can install for you. + +To get started, following the playbook's documentation for the bridge you'd like to configure. + + # 2019-12-06 ## Added support for an alternative method for using another webserver diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 4664decf..a228f7cb 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -8,27 +8,22 @@ See the project's [documentation](https://github.com/tulir/mautrix-facebook/wiki matrix_mautrix_facebook_enabled: true ``` -## Usage - -You then need to start a chat with `@facebookbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). - - -### Set up bridging -Send `login YOUR_FACEBOOK_EMAIL_ADDRESS YOUR_FACEBOOK_PASSWORD` to the bridge bot to enable bridging for your Facebook/Messenger account. +## Set up Double Puppeting -You can learn more here about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-facebook/wiki/Authentication). +If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-facebook/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. -If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. +### Method 1: automatically, by enabling Shared Secret Auth -After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting). +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. -### Set up Double Puppeting +### Method 2: manually, by asking each user to provide a working access token -**Note**: Double Puppeting can be configured only after you've already [set up bridging](#set-up-bridging). +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). -If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-facebook/wiki/Authentication#double-puppeting) (hint: you most likely do), you should: +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: - retrieve a Matrix access token for yourself. You can use the following command: @@ -43,6 +38,19 @@ https://matrix.DOMAIN/_matrix/client/r0/login - make sure you don't log out the `Mautrix-Facebook` device some time in the future, as that would break the Double Puppeting feature +## Usage + +You then need to start a chat with `@facebookbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login YOUR_FACEBOOK_EMAIL_ADDRESS YOUR_FACEBOOK_PASSWORD` to the bridge bot to enable bridging for your Facebook/Messenger account. + +You can learn more here about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-facebook/wiki/Authentication). + +If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. + + ## Set up community-grouping This is an **optional feature** that you may wish to enable. @@ -74,7 +82,7 @@ If you don't see all your contacts, you may wish to send a `sync` message to the If your Matrix server is in a wildly different location than where you usually use your Facebook account from, the bridge's login attempts may be outright rejected by Facebook. Along with that, Facebook may even force you to change the account's password. -If you happen to run into this problem while [setting up bridging](#set-up-bridging), try to first get a successful session up by logging in to Facebook through the Matrix server's IP address. +If you happen to run into this problem while [setting up bridging](#usage), try to first get a successful session up by logging in to Facebook through the Matrix server's IP address. The easiest way to do this may be to use [sshuttle](https://sshuttle.readthedocs.io/) to proxy your traffic through the Matrix server. @@ -88,4 +96,4 @@ Once connected, you should be able to verify that you're browsing the web throug Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/). -Once logged in, proceed to [set up bridging](#set-up-bridging). +Once logged in, proceed to [set up bridging](#usage). diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index f7f89291..a74b1f11 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -11,6 +11,37 @@ To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use th matrix_mautrix_hangouts_enabled: true ``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-hangouts/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Hangouts` device some time in the future, as that would break the Double Puppeting feature + + ## Usage Once the bot is enabled you need to start a chat with `Hangouts bridge bot` with handle `@hangoutsbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). @@ -22,3 +53,6 @@ Automatic login may not work. If it does not, reload the page and select the "Ma Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages. You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. + diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index a5956cb6..2e6b4d8c 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -12,6 +12,38 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH ``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging. + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send `login-matrix` to the bot and follow instructions about how to send the access token to it + +- make sure you don't log out the `Mautrix-Telegram` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). If you want to use the relay-bot feature ([relay bot documentation](https://github.com/tulir/mautrix-telegram/wiki/Relay-bot)), which allows anonymous user to chat with telegram users, use the following additional playbook configuration: diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 4c646717..78ae2863 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -10,4 +10,36 @@ Use the following playbook configuration: matrix_mautrix_whatsapp_enabled: true ``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Whatsapp` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + You then need to start a chat with `@whatsappbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 24646e77..61c9fe69 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -149,6 +149,8 @@ matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}" +matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + ###################################################################### # # /matrix-bridge-mautrix-facebook @@ -176,6 +178,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" +matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + ###################################################################### # # /matrix-bridge-mautrix-hangouts @@ -195,7 +199,6 @@ matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key # We don't enable bridges by default. matrix_mautrix_telegram_enabled: false - matrix_mautrix_telegram_systemd_required_services_list: | {{ ['docker.service'] @@ -211,6 +214,8 @@ matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}" +matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + ###################################################################### # # /matrix-bridge-mautrix-telegram @@ -238,6 +243,8 @@ matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}" +matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + ###################################################################### # # /matrix-bridge-mautrix-whatsapp diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 8f4c5ccb..bf57e926 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -27,6 +27,9 @@ matrix_mautrix_facebook_systemd_wanted_services_list: [] matrix_mautrix_facebook_appservice_token: '' matrix_mautrix_facebook_homeserver_token: '' +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_facebook_login_shared_secret: '' + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -129,7 +132,7 @@ matrix_mautrix_facebook_configuration_yaml: | # If set, custom puppets will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret: null + login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }} # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast # presence, but then it won't send other users' presence to the client. presence: true diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index aa9ce950..fdb2c639 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -29,6 +29,9 @@ matrix_mautrix_hangouts_systemd_wanted_services_list: [] matrix_mautrix_hangouts_appservice_token: '' matrix_mautrix_hangouts_homeserver_token: '' +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_hangouts_login_shared_secret: '' + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -115,7 +118,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # If set, custom puppets will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret: null + login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index b73e9d2e..065030da 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_systemd_wanted_services_list: [] matrix_mautrix_telegram_appservice_token: '' matrix_mautrix_telegram_homeserver_token: '' +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_telegram_login_shared_secret: '' + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -192,7 +195,7 @@ matrix_mautrix_telegram_configuration_yaml: | # If set, custom puppets will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret: null + login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} # Set to false to disable link previews in messages sent to Telegram. telegram_link_preview: true # Use inline images instead of a separate message for the caption. diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index b22c7f77..4d1818d0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -27,6 +27,9 @@ matrix_mautrix_whatsapp_systemd_wanted_services_list: [] matrix_mautrix_whatsapp_appservice_token: '' matrix_mautrix_whatsapp_homeserver_token: '' +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_whatsapp_login_shared_secret: '' + # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -137,7 +140,7 @@ matrix_mautrix_whatsapp_configuration_yaml: | # If set, custom puppets will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret: null + login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} # Whether or not to invite own WhatsApp user's Matrix puppet into private # chat portals when backfilling if needed.