synapse/synapse/config/password.py

# -*- coding: utf-8 -*-
# Copyright 2015, 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from ._base import Config


class PasswordConfig(Config):
    """Password login configuration
    """

    def read_config(self, config, **kwargs):
        password_config = config.get("password_config", {})
        if password_config is None:
            password_config = {}

        self.password_enabled = password_config.get("enabled", True)
        self.password_localdb_enabled = password_config.get("localdb_enabled", True)
        self.password_pepper = password_config.get("pepper", "")

    def generate_config_section(self, config_dir_path, server_name, **kwargs):
        return """\
        password_config:
           # Uncomment to disable password login
           #
           #enabled: false

           # Uncomment to disable authentication against the local password
           # database. This is ignored if `enabled` is false, and is only useful
           # if you have other password_providers.
           #
           #localdb_enabled: false

           # Uncomment and change to a secret random string for extra security.
           # DO NOT CHANGE THIS AFTER INITIAL SETUP!
           #
           #pepper: "EVEN_MORE_SECRET"
        """
Add config option to disable password login 2015-10-22 11:37:04 +02:00			`# -- coding: utf-8 --`
copyrights 2016-01-07 05:26:29 +01:00			`# Copyright 2015, 2016 OpenMarket Ltd`
Add config option to disable password login 2015-10-22 11:37:04 +02:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`from ._base import Config`


			`class PasswordConfig(Config):`
			`"""Password login configuration`
			`"""`

Pass config_dir_path and data_dir_path into Config.read_config. (#5522) * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config 2019-06-24 12:34:45 +02:00			`def read_config(self, config, **kwargs):`
Add config option to disable password login 2015-10-22 11:37:04 +02:00			`password_config = config.get("password_config", {})`
Comment out most options in the generated config. (#4863) Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand. 2019-03-19 11:06:40 +01:00			`if password_config is None:`
			`password_config = {}`

Add config option to disable password login 2015-10-22 11:37:04 +02:00			`self.password_enabled = password_config.get("enabled", True)`
Added possibilty to disable local password authentication (#5092) Signed-off-by: Daniel Hoffend <dh@dotlan.net> 2019-06-27 19:37:29 +02:00			`self.password_localdb_enabled = password_config.get("localdb_enabled", True)`
Fix password config 2016-07-05 12:12:53 +02:00			`self.password_pepper = password_config.get("pepper", "")`
Add config option to disable password login 2015-10-22 11:37:04 +02:00
Don't load the generated config as the default. It's too confusing. 2019-06-22 01:00:20 +02:00			`def generate_config_section(self, config_dir_path, server_name, **kwargs):`
Comment out most options in the generated config. (#4863) Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand. 2019-03-19 11:06:40 +01:00			`return """\`
Add config option to disable password login 2015-10-22 11:37:04 +02:00			`password_config:`
Comment out most options in the generated config. (#4863) Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand. 2019-03-19 11:06:40 +01:00			`# Uncomment to disable password login`
			`#`
			`#enabled: false`

Added possibilty to disable local password authentication (#5092) Signed-off-by: Daniel Hoffend <dh@dotlan.net> 2019-06-27 19:37:29 +02:00			`# Uncomment to disable authentication against the local password`
			# database. This is ignored if `enabled` is false, and is only useful
			`# if you have other password_providers.`
			`#`
			`#localdb_enabled: false`

Update password config comment Signed-off-by: Kent Shikama <kent@kentshikama.com> 2016-07-06 05:18:19 +02:00			`# Uncomment and change to a secret random string for extra security.`
Add pepper to password hashing Signed-off-by: Kent Shikama <kent@kentshikama.com> 2016-07-04 19:13:52 +02:00			`# DO NOT CHANGE THIS AFTER INITIAL SETUP!`
Comment out most options in the generated config. (#4863) Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand. 2019-03-19 11:06:40 +01:00			`#`
			`#pepper: "EVEN_MORE_SECRET"`
Fix pep8 2016-07-05 12:01:00 +02:00			`"""`