[add] role:synapse-with-pav_jsonfile

ansible/roles/synapse-with-pav_jsonfile/defaults/defaults.json

@@ -0,0 +1,6 @@
+{
+	"var_synapse_with_pav_jsonfile_module_path": "/usr/lib/python3.11/matrix-synapse-pav-jsonfile.py",
+	"var_synapse_with_pav_jsonfile_conf_path": "/etc/matrix-synapse/conf.d/pav-jsonfile.yaml",
+	"var_synapse_with_pav_jsonfile_data_path_local": null,
+	"var_synapse_with_pav_jsonfile_data_path_remote": "/etc/matrix-synapse/users.json"
+}

ansible/roles/synapse-with-pav_jsonfile/files/data-empty.json

@@ -0,0 +1,2 @@
+{
+}

ansible/roles/synapse-with-pav_jsonfile/files/module.py

@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+
+import json as _json
+
+
+'''
+@see https://matrix-org.github.io/synapse/latest/modules/password_auth_provider_callbacks.html
+@see https://github.com/matrix-org/synapse/blob/develop/synapse/module_api/__init__.py
+'''
+class class_pav_jsonfile(object):
+	
+	'''
+	implementation
+	'''
+	@staticmethod
+	def parse_config(config_raw):
+		path = (
+			config_raw["path"]
+			if ("path" in config_raw) else
+			"/etc/matrix-synapse/users.json"
+		)
+		data = _json.load(open(path))
+		for (name, entry, ) in data.items():
+			if (not ("password" in entry)):
+				raise ValueError("users json file malformed: missing field 'password' for user '%s'" % name)
+		return {
+			"path": path,
+		}
+		
+	
+	'''
+	implementation
+	'''
+	def __init__(self, config, account_handler):
+		self.config = config
+		self.module_api = account_handler
+		self.module_api.register_password_auth_provider_callbacks(
+			auth_checkers = {("m.login.password", ("password",)): self.check_auth}
+		)
+		
+	
+	async def private_check_password(self, user_id, password):
+		name = user_id.split(":", 1)[0][1:]
+		data = _json.load(open(self.config["path"]))
+		return (
+			(name in data)
+			and
+			data[name].get("active", True)
+			and
+			(data[name].get("password", "") == password)
+		)
+		
+	
+	'''
+	implementation
+	'''
+	async def check_auth(self, username, login_type, login_dict):
+		user_id = self.module_api.get_qualified_user_id(username)
+		passed = await self.private_check_password(user_id, login_dict["password"])
+		if (not passed):
+			return None
+		else:
+			canonical_user_id = await self.module_api.check_user_exists(user_id)
+			if (canonical_user_id is None):
+				self.module_api.register_user(username, username, None, False)
+			else:
+				pass
+			return (user_id, None, )
+		
+	
+

ansible/roles/synapse-with-pav_jsonfile/tasks/main.json

@@ -0,0 +1,44 @@
+[
+	{
+		"name": "put module",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "module.py",
+			"dest": "{{var_synapse_with_pav_jsonfile_module_path}}"
+		}
+	},
+	{
+		"name": "emplace conf",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.yaml.j2",
+			"dest": "{{var_synapse_with_pav_jsonfile_conf_path}}"
+		}
+	},
+	{
+		"name": "place user data file | fallback",
+		"become": true,
+		"ansible.builtin.file": {
+			"src": "data-empty.json",
+			"dest": "{{var_synapse_with_pav_jsonfile_data_path_remote}}"
+		}
+	},
+	{
+		"name": "place user data file | actual",
+		"when": "var_synapse_with_pav_jsonfile_data_path_local != None",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_synapse_with_pav_jsonfile_data_path_local}}",
+			"dest": "{{var_synapse_with_pav_jsonfile_data_path_remote}}"
+		}
+	},
+	{
+		"name": "restart synapse",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "matrix-synapse"
+		}
+	}
+]
+]

ansible/roles/synapse-with-pav_jsonfile/templates/conf.yaml.j2

@@ -0,0 +1,4 @@
+password_providers:
+  - module: {{var_synapse_with_pav_jsonfile_module_path}}
+    config:
+      path: {{var_synapse_with_pav_jsonfile_data_path_remote}}