3 changed files with 106 additions and 177 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -1,34 +0,0 @@
 # .editorconfig
 # EditorConfig settings for this code base.
 # See documentation at <URL:http://editorconfig.org/>.
 # Is this the top-most EditorConfig config file in the code base?
 root = true
 # Match all file names, unless more specific match later.
 [*]
 # Text encoding name.
 charset = utf-8
 # Remove trailing whitespace on lines?
 trim_trailing_whitespace = true
 # End-of-line style (“lf”, “cr”, “crlf”).
 end_of_line = lf
 # Ensure file ends with a line break?
 insert_final_newline = true
 # Character to use for indentation (“tab“ for U+0009, “space“ for U+0020).
 indent_style = space
 # Number of columns for each indentation level.
 indent_size = 4
 # Local variables:
 # coding: utf-8
 # mode: conf
 # End:
 # vim: fileencoding=utf-8 filetype=dosini :
--- a/auth-mastodon.py
+++ b/auth-mastodon.py
@ -1,85 +1,51 @@
 #!/usr/bin/env python3
 import os, sys, logging, struct, psycopg2, bcrypt, random, atexit, time
-import atexit
+# Database connection details. The credentials here need access to the Mastodon database, which "ejabberd" is unlikely
-import logging
+# to have on your system by default. You shoud grant SELECT privileges to ejabberd on the "accounts" and "users" tables,
-import struct
+# to play it safe, or include the Mastodon DB user credentials here (don't).
 import sys
 import time
 import bcrypt
 import psycopg2
 # Database connection details. The credentials here need access to the
 # Mastodon database, which "ejabberd" is unlikely to have on your system
 # by default. You shoud grant SELECT privileges to ejabberd on the
 # "accounts" and "users" tables, to play it safe, or include the
 # Mastodon DB user credentials here (don't).
 db_host="localhost"
 db_port=5432
 db_user="ejabberd"
 db_pass=""
 db_name="mastodon"
-# This is the query that pulls the password hash for the given user.
+# This is the query that pulls the password hash for the given user. Mastodon doesn't store the domain for local accounts in
-# Mastodon doesn't store the domain for local accounts in the database,
+# the database, so we ignore the host component and try to match username where the domain is NULL.
-# so we ignore the host component and try to match username where the
+db_query_getpass="select users.encrypted_password as password from accounts inner join users on accounts.id=users.account_id where lower(accounts.username) = %(user)s and accounts.domain is null"
 # domain is NULL.
 db_query_getpass = """
    SELECT users.encrypted_password AS password
    FROM accounts
        INNER JOIN users
        ON accounts.id = users.account_id
    WHERE
        lower(accounts.username) = %(user)s
        AND accounts.domain IS NULL
    """
 ########################################################################
 #Setup
 ########################################################################
 sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a')
-logging.basicConfig(
+logging.basicConfig(level=logging.INFO,
    level=logging.INFO,
 					format='%(asctime)s %(levelname)s %(message)s',
 					filename='/var/log/ejabberd/extauth.log',
-    filemode='a',
+					filemode='a')
 )
 try:
-    # Connect to the DB, set autocommit and readonly otherwise
+	# Connect to the DB, set autocommit and readonly otherwise postgresql seems to have a 
-    # postgresql seems to have a tendency to keep things "idle in
+	# tendency to keep things "idle in transaction" and table locks eventually grind
-    # transaction" and table locks eventually grind Mastodon to a halt.
+	# Mastodon to a halt. We don't make any changes anyway.
-    # We don't make any changes anyway.
+	database=psycopg2.connect(host = db_host, user = db_user, password = db_pass, database = db_name, port = db_port)
    database = psycopg2.connect(
        host=db_host,
        user=db_user,
        password=db_pass,
        database=db_name,
        port=db_port,
    )
 	database.set_session(readonly=True, autocommit=True)
 	logging.debug(database.get_dsn_parameters())
-except Exception:
+except:
 	logging.error("Unable to initialize database, check settings!")
 	time.sleep(10)
 	sys.exit(1)
@atexit.register
 def close_db():
 	cursor.close()
 	database.close()
 logging.info('auth-mastodon script started, waiting for ejabberd requests')
 class EjabberdInputError(Exception):
 	def __init__(self, value):
 		self.value = value
 	def __str__(self):
 		return repr(self.value)
@ -93,7 +59,7 @@ def ejabberd_in():
 	input_length = sys.stdin.buffer.read(2)
-    if len(input_length) != 2:
+	if len(input_length) is not 2:
 		logging.debug("ejabberd sent us wrong things!")
 		raise EjabberdInputError('Wrong input from ejabberd!')
@ -113,9 +79,7 @@ def ejabberd_out(bool):
 	token = genanswer(bool)
-    logging.debug(
+	logging.debug("sent bytes: %#x %#x %#x %#x" % (token[0], token[1], token[2], token[3]))
        "sent bytes: %#x %#x %#x %#x"
        % (token[0], token[1], token[2], token[3]))
 	sys.stdout.buffer.write(token)
 	sys.stdout.buffer.flush()
@ -130,23 +94,22 @@ def genanswer(bool):
 def get_password(user, host):
-    # Right now we ignore the host component, as Mastodon doesn't store
+	# Right now we ignore the host component, as Mastodon doesn't store it for local accounts.
-    # it for local accounts. It may be required one day, so the code to
+	# It may be required one day, so the code to handle passing it to the query is left in for now.
    # handle passing it to the query is left in for now.
 	cursor = database.cursor()
 	cursor.execute(db_query_getpass, {"user": user.lower(), "host": host})
 	data = cursor.fetchone()
 	cursor.close()
-    return data[0] if data is not None else None
+	return data[0] if data != None else None
 def isuser(user, host):
-    return get_password(user, host) is not None
+	return get_password(user, host) != None
 def auth(user, host, password):
 	db_password = get_password(user, host)
-    if db_password is None:
+	if db_password == None:
 		logging.debug("Wrong username: %s@%s" % (user, host))
 		return False
 	else:
@ -171,15 +134,15 @@ while True:
 		ejab_request = ejabberd_in().split(':', 3)
 	except EOFError:
 		break
-    except Exception:
+	except Exception as e:
 		logging.exception("Exception occured while reading stdin")
 		raise
 	op_result = False
 	try:
-        # Only 'auth' and 'isuser' implemented, placeholders left to
+		# Only 'auth' and 'isuser' implemented, placeholders left to maybe 
-        # maybe expose other functions later but for now let's not even
+		# expose other functions later but for now let's not even think about 
-        # think about modifying the Mastodon DB
+		# modifying the Mastodon DB
 		if ejab_request[0] == "auth":
 			op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3])
 		elif ejab_request[0] == "isuser":