diff --git a/contrib/pantalaimon.conf b/contrib/pantalaimon.conf index f9fc754..df0cb67 100644 --- a/contrib/pantalaimon.conf +++ b/contrib/pantalaimon.conf @@ -10,3 +10,4 @@ ListenPort = 8009 Proxy = http://localhost:8080 SSL = False IgnoreVerification = False +UseKeyring = True diff --git a/man/pantalaimon.conf.5 b/man/pantalaimon.conf.5 index 4b8f1c7..0697b55 100644 --- a/man/pantalaimon.conf.5 +++ b/man/pantalaimon.conf.5 @@ -46,6 +46,11 @@ A boolean that decides if device verification should be enabled. If this is True devices will be marked as ignored automatically and encryption keys will be shared with them, if this is False the user needs to verify, blacklist or ignore devices manually before messages can be sent to a room. Defaults to "False". +.It Cm UseKeyring +This option configures if a proxy instance should use the OS keyring to store +its own access tokens. The access tokens are required for the daemon to resume +operation. If this is set to "No", access tokens are stored in the pantalaimon +database in plaintext. Defaults to "Yes". .El .Pp Aditional to the homeserver section a special section with the name @@ -56,6 +61,7 @@ can be used to configure the following values for all homeservers: .Cm Proxy , .Cm SSL .Cm IgnoreVerification +.Cm UseKeyring .Pp The .Cm Default diff --git a/pantalaimon/config.py b/pantalaimon/config.py index 29a06b6..000f08e 100644 --- a/pantalaimon/config.py +++ b/pantalaimon/config.py @@ -33,6 +33,7 @@ class PanConfigParser(configparser.ConfigParser): "ListenPort": "8009", "LogLevel": "warnig", "Notifications": "on", + "UseKeyring": "yes", }, converters={ "address": parse_address, @@ -110,6 +111,7 @@ class ServerConfig: proxy = attr.ib(type=str, default="") ssl = attr.ib(type=bool, default=True) ignore_verification = attr.ib(type=bool, default=False) + keyring = attr.ib(type=bool, default=True) @attr.s @@ -164,6 +166,7 @@ class PanConfig: listen_port = section.getint("ListenPort") ssl = section.getboolean("SSL") ignore_verification = section.getboolean("IgnoreVerification") + keyring = section.getboolean("UseKeyring") proxy = section.geturl("Proxy") listen_tuple = (listen_address, listen_port) @@ -181,7 +184,8 @@ class PanConfig: listen_port, proxy, ssl, - ignore_verification + ignore_verification, + keyring ) self.servers[section_name] = server_conf diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index 63bb1fb..f2f11b6 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -78,10 +78,13 @@ class ProxyDaemon: accounts = self.store.load_users(self.name) for user_id, device_id in accounts: - token = keyring.get_password( - "pantalaimon", - f"{user_id}-{device_id}-token" - ) + if self.conf.keyring: + token = keyring.get_password( + "pantalaimon", + f"{user_id}-{device_id}-token" + ) + else: + token = self.store.load_access_token(user_id, device_id) if not token: logger.warn(f"Not restoring client for {user_id} {device_id}, " @@ -527,11 +530,18 @@ class ProxyDaemon: self.pan_clients[user_id] = pan_client - keyring.set_password( - "pantalaimon", - f"{user_id}-{pan_client.device_id}-token", - pan_client.access_token - ) + if self.conf.keyring: + keyring.set_password( + "pantalaimon", + f"{user_id}-{pan_client.device_id}-token", + pan_client.access_token + ) + else: + self.store.save_access_token( + user_id, + pan_client.device_id, + pan_client.access_token + ) pan_client.start_loop()