search

poljar / weechat-matrix

Weechat Matrix protocol script written in python
Other
958 stars 120 forks source link

Can't use secure data for username/password fields #198

Open boris-stepanov opened 4 years ago

boris-stepanov commented 4 years ago

Version

commit bd1583e2b76c0459c76ed78c86a2bd7a81c361df (May 23)

Installation method

yay -S libolm
git clone https://github.com/poljar/weechat-matrix.git
pip install -r requirements.txt
make install

Configuration

$ tail matrix.conf
[server]
matrix_org.autoconnect = off
matrix_org.address = "matrix.org"
matrix_org.port = 443
matrix_org.proxy = ""
matrix_org.ssl_verify = on
matrix_org.username = "${sec.data.matrix_org_username}"
matrix_org.password = "${sec.data.matrix_org_password}"
matrix_org.device_name = "Weechat Matrix"
matrix_org.autoreconnect_delay = 10
matrix_org.sso_helper_listening_port = 0
$ tail sec.conf
[data]
__passphrase__ = on
matrix_org_username = ... # hidden
matrix_org_password = ... # hidden

The problem

I cannot login on the server using such configuration. Everything works fine, in case of plaintext fields username/password.

2020-05-23 07:49:34 --  matrix: Logging in...
2020-05-23 07:49:34 =!= matrix: Error: LoginError: 403 Invalid password
2020-05-23 07:49:34 --  matrix: disconnected from server

Btw, I tried to add debug prints right after the msg = "{prefix}matrix: Logging in...".format( in server.py to compare login,password fields and didn't notice anything wrong.

poljar commented 4 years ago

Are you sure the correct password is in the secure data field? This does work as I'm using it myself.

While it's a bit hidden since we have some code generation around the config options, the evaluate=True over here means that the string gets evaluated, it's mentioned in the docs as well.

boris-stepanov commented 4 years ago

Sorry for the delay.

Are you sure the correct password is in the secure data field?

Yes, I checked this with print(self.config.username, self.config.password) right here: https://github.com/poljar/weechat-matrix/blob/master/matrix/server.py#L882

While it's a bit hidden since we have some code generation around the config options, the evaluate=True over here means that the string gets evaluated, it's mentioned in the docs as well.

I admit that the issue could hide somewhere else. I can't debug it by myself neither grep other places where credentials are used.

poljar commented 4 years ago

So what does the print show?

boris-stepanov commented 4 years ago

Correct and same <user> <password> in both cases. But I can login in case of non-evaluated credentials.

ghost commented 3 years ago

I have encountered this problem too.

https://github.com/poljar/weechat-matrix/blob/b7e502526baf5d254e7d1525339a4c61a7ae0edd/matrix/server.py#L876-L878 self.client.user is not properly evaluated when self.client.login is called although the calling function does have the correctly evaluated self.config.user. Manually overriding the value does lead to a successful login.

gabogut239 commented 3 years ago

I can login in case of non-evaluated credentials.

I can reproduce this using weechat 3.1 and the master branch as for this day.

When using the following commands, I get Invalid password

/secure passphrase mypassphrase
/secure set matrix_org_username myusername
/secure set matrix_org_password mypassword
/set matrix.server.matrix_org.username ${sec.data.matrix_org_username}
/set matrix.server.matrix_org.password ${sec.data.matrix_org_password}
poljar commented 3 years ago

Ah ok, so it seems that the problem lies in the fact that we don't get an update when the data inside the secure store changes like we do when the config option changes. This is problematic because a Client object gets created that uses the username config option and stores it.

The password on the other hand is evaluated at login time, thus using /secure for the password works.