chinwag/ejabberd-auth-mastodon
2
0
Fork 1
Code Issues 1 Pull requests Releases Wiki Activity
External authentication script for ejabberd to validate Mastodon accounts directly from the database. https://social.chinwag.org
17 commits 1 branch 0 tags 430 KiB
Python 100%
Go to file
Ben Finney 9325300e39 Wrap long statements across multiple lines. 
PEP 8 specifies:

* Limit all lines to a maximum of 79 characters.

* The preferred way of wrapping long lines is by using Python’s implied
  line continuation inside parentheses, brackets and braces. Long lines can
  be broken over multiple lines by wrapping expressions in parentheses.
  These should be used in preference to using a backslash for line
  continuation.
2022-12-19 09:26:03 +11:00
.editorconfig Specify EditorConfig settings for this code base. 2022-12-19 09:24:31 +11:00
.gitignore Initial commit of test implementation 2020-03-27 14:04:57 +11:00
auth-mastodon.py Wrap long statements across multiple lines. 2022-12-19 09:26:03 +11:00
LICENSE Add GPL and README 2020-03-27 14:31:08 +11:00
README.md Remove trailing whitespace. 2022-12-19 09:24:40 +11:00

README.md

auth-mastodon.py

This is a Python script designed to run as an ejabberd external auth program, and validate user accounts directly from a Mastodon installation's database.

The code is derived from ejabberd-auth-mysql and is licensed under the GNU GPLv3.

It is used on Chinwag Social to provide XMPP messaging functionality to every account.

Discussion, questions and/or just saying hi in the Chinwag Social Beergarden MUC (beergarden@rooms.chinwag.org) is welcomed!

Setup

Edit the auth-mastodon.py file and add database connection credentials at the top. Moving this to a config file is next on the TODO list, as this makes updates an awful process. Sorry.

I recommend not using your main Mastodon database user account for this, and instead granting SELECT privileges on the Mastodon accounts and users tables to your ejabberd user instead.

The code here does not attempt any modification to the Mastodon tables at any point, so there's no reason to give it more than read-only rights.

Then configure ejabberd to use auth-mastodon.py as an external authentication provider, as described in the ejabberd docs:

auth_method: external
extauth_program: "/path/to/auth-mastodon.py"

To Do

  1. Move all database and config elements to a simple file to be stored in /etc/ejabberd or similar
  2. Verify domain part of request somehow. Maybe define a canonical domain to be used in config? Does this gain us anything at all?
  3. Better error handling. Would be good to be more descriptive in the logs, perhaps.
  4. Setup documentation is very brief, maybe include how to grant minimal permissions via pgsql.