config: Make the OS keyring optional.

contrib/pantalaimon.conf

@@ -10,3 +10,4 @@ ListenPort = 8009
 Proxy = http://localhost:8080
 SSL = False
 IgnoreVerification = False
+UseKeyring = True

man/pantalaimon.conf.5

@@ -46,6 +46,11 @@ A boolean that decides if device verification should be enabled. If this is True
 devices will be marked as ignored automatically and encryption keys will be
 shared with them, if this is False the user needs to verify, blacklist or ignore
 devices manually before messages can be sent to a room. Defaults to "False".
+.It Cm UseKeyring
+This option configures if a proxy instance should use the OS keyring to store
+its own access tokens. The access tokens are required for the daemon to resume
+operation. If this is set to "No", access tokens are stored in the pantalaimon
+database in plaintext. Defaults to "Yes".
 .El
 .Pp
 Aditional to the homeserver section a special section with the name
@@ -56,6 +61,7 @@ can be used to configure the following values for all homeservers:
 .Cm Proxy ,
 .Cm SSL
 .Cm IgnoreVerification
+.Cm UseKeyring
 .Pp
 The
 .Cm Default

pantalaimon/config.py

@@ -33,6 +33,7 @@ class PanConfigParser(configparser.ConfigParser):
                 "ListenPort": "8009",
                 "LogLevel": "warnig",
                 "Notifications": "on",
+                "UseKeyring": "yes",
             },
             converters={
                 "address": parse_address,
@@ -110,6 +111,7 @@ class ServerConfig:
     proxy = attr.ib(type=str, default="")
     ssl = attr.ib(type=bool, default=True)
     ignore_verification = attr.ib(type=bool, default=False)
+    keyring = attr.ib(type=bool, default=True)
 
 
 @attr.s
@@ -164,6 +166,7 @@ class PanConfig:
                 listen_port = section.getint("ListenPort")
                 ssl = section.getboolean("SSL")
                 ignore_verification = section.getboolean("IgnoreVerification")
+                keyring = section.getboolean("UseKeyring")
                 proxy = section.geturl("Proxy")
 
                 listen_tuple = (listen_address, listen_port)
@@ -181,7 +184,8 @@ class PanConfig:
                     listen_port,
                     proxy,
                     ssl,
-                    ignore_verification
+                    ignore_verification,
+                    keyring
                 )
 
                 self.servers[section_name] = server_conf

pantalaimon/daemon.py

@@ -78,10 +78,13 @@ class ProxyDaemon:
         accounts = self.store.load_users(self.name)
 
         for user_id, device_id in accounts:
-            token = keyring.get_password(
-                "pantalaimon",
-                f"{user_id}-{device_id}-token"
-            )
+            if self.conf.keyring:
+                token = keyring.get_password(
+                    "pantalaimon",
+                    f"{user_id}-{device_id}-token"
+                )
+            else:
+                token = self.store.load_access_token(user_id, device_id)
 
             if not token:
                 logger.warn(f"Not restoring client for {user_id} {device_id}, "
@@ -527,11 +530,18 @@ class ProxyDaemon:
 
         self.pan_clients[user_id] = pan_client
 
-        keyring.set_password(
-            "pantalaimon",
-            f"{user_id}-{pan_client.device_id}-token",
-            pan_client.access_token
-        )
+        if self.conf.keyring:
+            keyring.set_password(
+                "pantalaimon",
+                f"{user_id}-{pan_client.device_id}-token",
+                pan_client.access_token
+            )
+        else:
+            self.store.save_access_token(
+                user_id,
+                pan_client.device_id,
+                pan_client.access_token
+            )
 
         pan_client.start_loop()