logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

howto_ejabberd.md (3981B)


  1. # Configuring Ejabberd (XMPP Server) to use Pleroma for authentication
  2. If you want to give your Pleroma users an XMPP (chat) account, you can configure [Ejabberd](https://github.com/processone/ejabberd) to use your Pleroma server for user authentication, automatically giving every local user an XMPP account.
  3. In general, you just have to follow the configuration described at [https://docs.ejabberd.im/admin/configuration/authentication/#external-script](https://docs.ejabberd.im/admin/configuration/authentication/#external-script). Please read this section carefully.
  4. Copy the script below to suitable path on your system and set owner and permissions. Also do not forget adjusting `PLEROMA_HOST` and `PLEROMA_PORT`, if necessary.
  5. ```bash
  6. cp pleroma_ejabberd_auth.py /etc/ejabberd/pleroma_ejabberd_auth.py
  7. chown ejabberd /etc/ejabberd/pleroma_ejabberd_auth.py
  8. chmod 700 /etc/ejabberd/pleroma_ejabberd_auth.py
  9. ```
  10. Set external auth params in ejabberd.yaml file:
  11. ```bash
  12. auth_method: [external]
  13. extauth_program: "python3 /etc/ejabberd/pleroma_ejabberd_auth.py"
  14. extauth_instances: 3
  15. auth_use_cache: false
  16. ```
  17. Restart / reload your ejabberd service.
  18. After restarting your Ejabberd server, your users should now be able to connect with their Pleroma credentials.
  19. ```python
  20. import sys
  21. import struct
  22. import http.client
  23. from base64 import b64encode
  24. import logging
  25. PLEROMA_HOST = "127.0.0.1"
  26. PLEROMA_PORT = "4000"
  27. AUTH_ENDPOINT = "/api/v1/accounts/verify_credentials"
  28. USER_ENDPOINT = "/api/v1/accounts"
  29. LOGFILE = "/var/log/ejabberd/pleroma_auth.log"
  30. logging.basicConfig(filename=LOGFILE, level=logging.INFO)
  31. # Pleroma functions
  32. def create_connection():
  33. return http.client.HTTPConnection(PLEROMA_HOST, PLEROMA_PORT)
  34. def verify_credentials(user: str, password: str) -> bool:
  35. user_pass_b64 = b64encode("{}:{}".format(
  36. user, password).encode('utf-8')).decode("ascii")
  37. params = {}
  38. headers = {
  39. "Authorization": "Basic {}".format(user_pass_b64)
  40. }
  41. try:
  42. conn = create_connection()
  43. conn.request("GET", AUTH_ENDPOINT, params, headers)
  44. response = conn.getresponse()
  45. if response.status == 200:
  46. return True
  47. return False
  48. except Exception as e:
  49. logging.info("Can not connect: %s", str(e))
  50. return False
  51. def does_user_exist(user: str) -> bool:
  52. conn = create_connection()
  53. conn.request("GET", "{}/{}".format(USER_ENDPOINT, user))
  54. response = conn.getresponse()
  55. if response.status == 200:
  56. return True
  57. return False
  58. def auth(username: str, server: str, password: str) -> bool:
  59. return verify_credentials(username, password)
  60. def isuser(username, server):
  61. return does_user_exist(username)
  62. def read():
  63. (pkt_size,) = struct.unpack('>H', bytes(sys.stdin.read(2), encoding='utf8'))
  64. pkt = sys.stdin.read(pkt_size)
  65. cmd = pkt.split(':')[0]
  66. if cmd == 'auth':
  67. username, server, password = pkt.split(':', 3)[1:]
  68. write(auth(username, server, password))
  69. elif cmd == 'isuser':
  70. username, server = pkt.split(':', 2)[1:]
  71. write(isuser(username, server))
  72. elif cmd == 'setpass':
  73. # u, s, p = pkt.split(':', 3)[1:]
  74. write(False)
  75. elif cmd == 'tryregister':
  76. # u, s, p = pkt.split(':', 3)[1:]
  77. write(False)
  78. elif cmd == 'removeuser':
  79. # u, s = pkt.split(':', 2)[1:]
  80. write(False)
  81. elif cmd == 'removeuser3':
  82. # u, s, p = pkt.split(':', 3)[1:]
  83. write(False)
  84. else:
  85. write(False)
  86. def write(result):
  87. if result:
  88. sys.stdout.write('\x00\x02\x00\x01')
  89. else:
  90. sys.stdout.write('\x00\x02\x00\x00')
  91. sys.stdout.flush()
  92. if __name__ == "__main__":
  93. logging.info("Starting pleroma ejabberd auth daemon...")
  94. while True:
  95. try:
  96. read()
  97. except Exception as e:
  98. logging.info(
  99. "Error while processing data from ejabberd %s", str(e))
  100. pass
  101. ```