summary refs log tree commit diff
path: root/synapse/config/jwt_config.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2018-09-07 14:20:54 +0100
committerRichard van der Hoff <richard@matrix.org>2018-09-07 14:20:54 +0100
commitb8ad756bd0d7c42c7c241fa08f5e078561fddded (patch)
tree212d86a440076fc2eab7523153a5e34058f7084b /synapse/config/jwt_config.py
parentMerge branch 'master' into develop (diff)
downloadsynapse-b8ad756bd0d7c42c7c241fa08f5e078561fddded.tar.xz
Fix jwt import check
This handy code attempted to check that we could import jwt, but utterly failed
to check it was the right jwt.

Fixes https://github.com/matrix-org/synapse/issues/3793
Diffstat (limited to 'synapse/config/jwt_config.py')
-rw-r--r--synapse/config/jwt_config.py53
1 files changed, 53 insertions, 0 deletions
diff --git a/synapse/config/jwt_config.py b/synapse/config/jwt_config.py
new file mode 100644
index 0000000000..51e7f7e003
--- /dev/null
+++ b/synapse/config/jwt_config.py
@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+# Copyright 2015 Niklas Riekenbrauck
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from ._base import Config, ConfigError
+
+MISSING_JWT = (
+    """Missing jwt library. This is required for jwt login.
+
+    Install by running:
+        pip install pyjwt
+    """
+)
+
+
+class JWTConfig(Config):
+    def read_config(self, config):
+        jwt_config = config.get("jwt_config", None)
+        if jwt_config:
+            self.jwt_enabled = jwt_config.get("enabled", False)
+            self.jwt_secret = jwt_config["secret"]
+            self.jwt_algorithm = jwt_config["algorithm"]
+
+            try:
+                import jwt
+                jwt  # To stop unused lint.
+            except ImportError:
+                raise ConfigError(MISSING_JWT)
+        else:
+            self.jwt_enabled = False
+            self.jwt_secret = None
+            self.jwt_algorithm = None
+
+    def default_config(self, **kwargs):
+        return """\
+        # The JWT needs to contain a globally unique "sub" (subject) claim.
+        #
+        # jwt_config:
+        #    enabled: true
+        #    secret: "a secret"
+        #    algorithm: "HS256"
+        """