gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18612 Commits
842 Branches
288 MiB
 
 
 
 
 
 
Tree: 4b965c862d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b965c862d'
${ noResults }
synapse/synapse/config/auth.py

111 lines
4.0 KiB
Raw Blame History 

  1. # Copyright 2015, 2016 OpenMarket Ltd

  2. # Copyright 2020 The Matrix.org Foundation C.I.C.

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. 

  16. from ._base import Config

  17. 

  18. 

  19. class AuthConfig(Config):

  20.     """Password and login configuration"""

  21. 

  22.     section = "auth"

  23. 

  24.     def read_config(self, config, **kwargs):

  25.         password_config = config.get("password_config", {})

  26.         if password_config is None:

  27.             password_config = {}

  28. 

  29.         self.password_enabled = password_config.get("enabled", True)

  30.         self.password_localdb_enabled = password_config.get("localdb_enabled", True)

  31.         self.password_pepper = password_config.get("pepper", "")

  32. 

  33.         # Password policy

  34.         self.password_policy = password_config.get("policy") or {}

  35.         self.password_policy_enabled = self.password_policy.get("enabled", False)

  36. 

  37.         # User-interactive authentication

  38.         ui_auth = config.get("ui_auth") or {}

  39.         self.ui_auth_session_timeout = self.parse_duration(

  40.             ui_auth.get("session_timeout", 0)

  41.         )

  42. 

  43.     def generate_config_section(self, config_dir_path, server_name, **kwargs):

  44.         return """\

  45.         password_config:

  46.            # Uncomment to disable password login

  47.            #

  48.            #enabled: false

  49. 

  50.            # Uncomment to disable authentication against the local password

  51.            # database. This is ignored if `enabled` is false, and is only useful

  52.            # if you have other password_providers.

  53.            #

  54.            #localdb_enabled: false

  55. 

  56.            # Uncomment and change to a secret random string for extra security.

  57.            # DO NOT CHANGE THIS AFTER INITIAL SETUP!

  58.            #

  59.            #pepper: "EVEN_MORE_SECRET"

  60. 

  61.            # Define and enforce a password policy. Each parameter is optional.

  62.            # This is an implementation of MSC2000.

  63.            #

  64.            policy:

  65.               # Whether to enforce the password policy.

  66.               # Defaults to 'false'.

  67.               #

  68.               #enabled: true

  69. 

  70.               # Minimum accepted length for a password.

  71.               # Defaults to 0.

  72.               #

  73.               #minimum_length: 15

  74. 

  75.               # Whether a password must contain at least one digit.

  76.               # Defaults to 'false'.

  77.               #

  78.               #require_digit: true

  79. 

  80.               # Whether a password must contain at least one symbol.

  81.               # A symbol is any character that's not a number or a letter.

  82.               # Defaults to 'false'.

  83.               #

  84.               #require_symbol: true

  85. 

  86.               # Whether a password must contain at least one lowercase letter.

  87.               # Defaults to 'false'.

  88.               #

  89.               #require_lowercase: true

  90. 

  91.               # Whether a password must contain at least one lowercase letter.

  92.               # Defaults to 'false'.

  93.               #

  94.               #require_uppercase: true

  95. 

  96.         ui_auth:

  97.             # The amount of time to allow a user-interactive authentication session

  98.             # to be active.

  99.             #

  100.             # This defaults to 0, meaning the user is queried for their credentials

  101.             # before every action, but this can be overridden to allow a single

  102.             # validation to be re-used.  This weakens the protections afforded by

  103.             # the user-interactive authentication process, by allowing for multiple

  104.             # (and potentially different) operations to use the same validation session.

  105.             #

  106.             # Uncomment below to allow for credential validation to last for 15

  107.             # seconds.

  108.             #

  109.             #session_timeout: "15s"

  110.         """