From 5a69c899a3f657d604dbfdfc465a81615ce330dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Nov 2021 17:25:01 +0200 Subject: [PATCH] Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2) For now, we disable the new `com.devture.shared_secret_auth` login type by default, because it causes problems with Element: https://github.com/vector-im/element-web/issues/19605 This also becomes the first module to use the new Synapse module system that got introduced in Synapse v1.46.0. Despite these upgrades, things should remain functionally identical as far as bridges, matrix-corporal or other consumers are concerned. --- roles/matrix-synapse/defaults/main.yml | 13 ++++++++++++- .../ext/shared-secret-auth/setup_install.yml | 17 ++++++++++++++++- roles/matrix-synapse/tasks/init.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 5 ----- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 838058ea9..079ffb4b6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -489,8 +489,16 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals # Enable this to activate the Shared Secret Auth password provider module. # See: https://github.com/devture/matrix-synapse-shared-secret-auth matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" +matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true +# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605 +matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false +matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml|from_yaml }}" +matrix_synapse_ext_password_provider_shared_secret_config_yaml: | + shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} + m_login_password_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled|bool|to_json }} + com_devture_shared_secret_auth_support_enabled: {{ matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled|to_json }} # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap_enabled: false @@ -573,6 +581,9 @@ matrix_synapse_default_room_version: "6" # If not, you can also control its value manually. matrix_synapse_spam_checker: [] +# Controls the Synapse `modules` list. +# You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` +# Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. matrix_synapse_modules: [] matrix_synapse_encryption_enabled_by_default_for_room_type: "off" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index af92041df..f408e2f9f 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -5,6 +5,11 @@ msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" +- name: Fail if no Shared Secret Auth login types enabled + fail: + msg: "Shared Secret Auth is enabled, but none of the login types are" + when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)" + - name: Download matrix-synapse-shared-secret-auth get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" @@ -15,7 +20,17 @@ group: "{{ matrix_user_groupname }}" - set_fact: - matrix_synapse_password_providers_enabled: true + matrix_synapse_modules: | + {{ + matrix_synapse_modules|default([]) + + + [ + { + "module": "shared_secret_authenticator.SharedSecretAuthProvider", + "config": matrix_synapse_ext_password_provider_shared_secret_config + } + ] + }} matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index bee1783e2..880650492 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8cfb9b205..af6e3e130 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2586,11 +2586,6 @@ email: # #filter: "(objectClass=posixAccount)" {% if matrix_synapse_password_providers_enabled %} password_providers: -{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %} - - module: "shared_secret_authenticator.SharedSecretAuthenticator" - config: - sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }} -{% endif %} {% if matrix_synapse_ext_password_provider_rest_auth_enabled %} - module: "rest_auth_provider.RestAuthProvider" config: