Sydent: Reference Matrix Identity Server http://matrix.org (mirror)

Brendan Abolivier a005037342 Merge pull request #296 from matrix-org/babolivier/return_raise 1 day ago
.github 8453359625 Fix PR template 3 months ago
changelog.d a005037342 Merge pull request #296 from matrix-org/babolivier/return_raise 1 day ago
docs ab69bd0b40 Allow overriding of outbound replication URI 1 year ago
matrix_is_test 3151aaa629 more sensible master version 8 months ago
res 332bc03541 Change subject line for Riot email verification template (#84) 7 months ago
scripts 8d6bff7068 Fix example in generate-key 1 year ago
sydent a005037342 Merge pull request #296 from matrix-org/babolivier/return_raise 1 day ago
tests 97f8d31842 Merge pull request #293 from matrix-org/babolivier/delete_config 1 week ago
.gitignore f0011f4f15 / prefix 8 months ago
CHANGELOG.md 6453fcb5bf changelog: OpenID auth tokens -> access tokens 1 week ago
LICENSE 2360cd427f Reference Synapse Identity Verification and Lookup Server 5 years ago
MANIFEST.in d9d1216c36 Add a manifest to fix missing files 1 year ago
README.rst 716fcbf364 Rewrite part of the README to make it more user-friendly (#279) 3 months ago
matrix-sydent.service 4a64a89a68 example systemd file 1 year ago
pyproject.toml e780678767 Update pyproject.toml 1 week ago
setup.cfg 2360cd427f Reference Synapse Identity Verification and Lookup Server 5 years ago
setup.py 5c39549c23 Add unit tests 5 months ago
terms.sample.yaml aa34363d56 Support MSC2140 register/terms endpoints 9 months ago

README.rst

Installation
============

Installing the system dependencies
----------------------------------

To install Sydent's dependencies on a Debian-based system, run::

sudo apt-get install build-essential python3-dev libffi-dev \
sqlite3 libssl-dev python-virtualenv libxslt1-dev

Creating the virtualenv
-----------------------

To create the virtual environment in which Sydent will run::

virtualenv -p python3 ~/.sydent
source ~/.sydent/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools


Installing the latest Sydent release from PyPI
----------------------------------------------

Sydent and its dependencies can be installed using ``pip`` by running::

pip install matrix-sydent

Installing from source
----------------------

Alternatively, Sydent can be installed using ``pip`` from a local git checkout::

git clone https://github.com/matrix-org/sydent.git
cd sydent
pip install -e .


Running Sydent
==============

With the virtualenv activated, you can run Sydent using::

python -m sydent.sydent

This will create a configuration file in ``sydent.conf`` with some defaults. If a setting is
defined in both the ``[DEFAULT]`` section and another section in the configuration file,
then the value in the other section is used.

You'll most likely want to change the server name (``server.name``) and specify an email server
(look for the settings starting with ``email.``).

By default, Sydent will listen on ``0.0.0.0:8090``. This can be changed by changing the values for
the configuration settings ``clientapi.http.bind_address`` and ``clientapi.http.port``.

Sydent uses SQLite as its database backend. By default, it will create the database as ``sydent.db``
in its working directory. The name can be overridden by modifying the ``db.file`` configuration option.
Sydent is known to be working with SQLite version 3.16.2 and later.

SMS originators
---------------

Defaults for SMS originators will not be added to the generated config file, these should
be added to the ``[sms]`` section of that config file in the form::

originators. = :

Where country code is the numeric country code, or ``default`` to specify the originator
used for countries not listed. For example, to use a selection of long codes for the
US/Canada, a short code for the UK and an alphanumertic originator for everywhere else::

originators.1 = long:12125552368,long:12125552369
originators.44 = short:12345
originators.default = alpha:Matrix

Testing
=======

Sydent uses matrix-is-tester (https://github.com/matrix-org/matrix-is-tester/) to provide
black-box testing of compliance with the `Matrix Identity Service API `_.
This can be run as follows::

pip install git+https://github.com/matrix-org/matrix-is-tester.git
trial matrix_is_tester

The ``SYDENT_PYTHON`` enviroment variable can be set to launch Sydent with a specific python binary::

SYDENT_PYTHON=/path/to/python trial matrix_is_tester

The ``matrix_is_test`` directory contains Sydent's launcher for ``matrix_is_tester``: this means
that Sydent's directory needs to be on the Python path (e.g. ``PYTHONPATH=$PYTHONPATH:/path/to/sydent``).

Sydent also has some unit tests to ensure some of its features that aren't part of the Matrix
specification (e.g. replication) keep on working. To run these tests, run the following with Sydent's
virtualenv activated from the root of the Sydent repository::

trial tests


Internal bind and unbind API
============================

It is possible to enable an internal API which allows for binding and unbinding
between identifiers and matrix IDs without any validation.
This is open to abuse, so is disabled by
default, and when it is enabled, is available only on a separate socket which
is bound to ``localhost`` by default.

To enable it, configure the port in the config file. For example::

[http]
internalapi.http.port = 8091

To change the address to which that API is bound, set the ``internalapi.http.bind_address`` configuration
setting in the ``[http]`` section, for example::

[http]
internalapi.http.port = 8091
internalapi.http.bind_address = 192.168.0.18

As already mentioned above, this is open to abuse, so make sure this address is not publicly accessible.

To use bind::

curl -XPOST 'http://localhost:8091/_matrix/identity/internal/bind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'

The response has the same format as
`/_matrix/identity/api/v1/3pid/bind `_.

To use unbind::

curl -XPOST 'http://localhost:8091/_matrix/identity/internal/unbind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'

The response has the same format as
`/_matrix/identity/api/v1/3pid/unbind `_.


Replication
===========

It is possible to configure a mesh of Sydent instances which replicate identity bindings
between each other. See ``_.