chinwag/ejabberd-auth-mastodon
2
0
Fork 1
Code Issues 1 Pull requests Releases Wiki Activity

Wrap long block comment lines at 72 columns.

Browse source
This commit is contained in:
Ben Finney 2022-12-19 09:26:13 +11:00
parent 9325300e39
commit a88f298e98
1 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
auth-mastodon.py
View file

@ -10,17 +10,21 @@ import bcrypt
import psycopg2 import psycopg2
# Database connection details. The credentials here need access to the Mastodon database, which "ejabberd" is unlikely # Database connection details. The credentials here need access to the
# to have on your system by default. You shoud grant SELECT privileges to ejabberd on the "accounts" and "users" tables, # Mastodon database, which "ejabberd" is unlikely to have on your system
# to play it safe, or include the Mastodon DB user credentials here (don't). # by default. You shoud grant SELECT privileges to ejabberd on the
# "accounts" and "users" tables, to play it safe, or include the
# Mastodon DB user credentials here (don't).
db_host = "localhost" db_host = "localhost"
db_port = 5432 db_port = 5432
db_user = "ejabberd" db_user = "ejabberd"
db_pass = "" db_pass = ""
db_name = "mastodon" db_name = "mastodon"
# This is the query that pulls the password hash for the given user. Mastodon doesn't store the domain for local accounts in # This is the query that pulls the password hash for the given user.
# the database, so we ignore the host component and try to match username where the domain is NULL. # Mastodon doesn't store the domain for local accounts in the database,
# so we ignore the host component and try to match username where the
# domain is NULL.
db_query_getpass = """ db_query_getpass = """
SELECT users.encrypted_password AS password SELECT users.encrypted_password AS password
FROM accounts FROM accounts
@ -44,9 +48,10 @@ logging.basicConfig(
) )
try: try:
# Connect to the DB, set autocommit and readonly otherwise postgresql seems to have a # Connect to the DB, set autocommit and readonly otherwise
# tendency to keep things "idle in transaction" and table locks eventually grind # postgresql seems to have a tendency to keep things "idle in
# Mastodon to a halt. We don't make any changes anyway. # transaction" and table locks eventually grind Mastodon to a halt.
# We don't make any changes anyway.
database = psycopg2.connect( database = psycopg2.connect(
host=db_host, host=db_host,
user=db_user, user=db_user,
@ -126,8 +131,9 @@ def genanswer(bool):
def get_password(user, host): def get_password(user, host):
# Right now we ignore the host component, as Mastodon doesn't store it for local accounts. # Right now we ignore the host component, as Mastodon doesn't store
# It may be required one day, so the code to handle passing it to the query is left in for now. # it for local accounts. It may be required one day, so the code to
# handle passing it to the query is left in for now.
cursor = database.cursor() cursor = database.cursor()
cursor.execute(db_query_getpass, {"user": user.lower(), "host": host}) cursor.execute(db_query_getpass, {"user": user.lower(), "host": host})
data = cursor.fetchone() data = cursor.fetchone()
@ -172,9 +178,9 @@ while True:
op_result = False op_result = False
try: try:
# Only 'auth' and 'isuser' implemented, placeholders left to maybe # Only 'auth' and 'isuser' implemented, placeholders left to
# expose other functions later but for now let's not even think about # maybe expose other functions later but for now let's not even
# modifying the Mastodon DB # think about modifying the Mastodon DB
if ejab_request[0] == "auth": if ejab_request[0] == "auth":
op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3]) op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3])
elif ejab_request[0] == "isuser": elif ejab_request[0] == "isuser":