From d3831ba3a5f722654a6f2a49ef174252e018fcd8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Aug 2024 21:04:09 +0300 Subject: [PATCH] Add appservice-double-puppet double-puppeting support to mautrix-whatsapp Shared Secret Auth double puppeting still works for this bridge, but is deprecated and will go away in the future. --- ...onfiguring-playbook-bridge-mautrix-whatsapp.md | 10 ++++++---- group_vars/matrix_servers | 15 ++++++++++++--- .../defaults/main.yml | 7 +++---- .../tasks/validate_config.yml | 1 + 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index caa7edee3..d6c1ff455 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -8,7 +8,7 @@ Use the following playbook configuration: ```yaml matrix_mautrix_whatsapp_enabled: true -``` +``` Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks. The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file: @@ -28,11 +28,13 @@ Use `!wa unset-relay` to deactivate. If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. -### Method 1: automatically, by enabling Shared Secret Auth +### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth -The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. +The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook. -This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. +Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future. ### Method 2: manually, by asking each user to provide a working access token diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b80ac579d..e3a84e4ba 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1555,8 +1555,6 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}" -matrix_mautrix_meta_instagram_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" - matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: |- {{ ({ @@ -1930,7 +1928,18 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" -matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" +matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: |- + {{ + ({ + matrix_mautrix_whatsapp_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token) + }) + if matrix_appservice_double_puppet_enabled + else ( + {matrix_mautrix_whatsapp_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret} + if matrix_synapse_ext_password_provider_shared_secret_auth_enabled + else {} + ) + }} matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e3d3476a3..d14d7e089 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -134,10 +134,9 @@ matrix_mautrix_whatsapp_appservice_database_uri: "{{ }[matrix_mautrix_whatsapp_database_engine] }}" -# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). -matrix_mautrix_whatsapp_login_shared_secret: '' -matrix_mautrix_whatsapp_bridge_login_shared_secret_map: - "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" +matrix_mautrix_whatsapp_bridge_login_shared_secret_map: "{{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_whatsapp_bridge_login_shared_secret_map_custom) }}" +matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: {} +matrix_mautrix_whatsapp_bridge_login_shared_secret_map_custom: {} # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 9e01464dc..7d4fa9479 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -19,3 +19,4 @@ when: "item.old in vars" with_items: - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'} + - {'old': 'matrix_mautrix_whatsapp_login_shared_secret', 'new': ''}