---

- name: Fail if Shared Secret Auth secret not set
  ansible.builtin.fail:
    msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
  when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"

- name: Fail if no Shared Secret Auth login types enabled
  ansible.builtin.fail:
    msg: "Shared Secret Auth is enabled, but none of the login types are"
  when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"

- name: Download matrix-synapse-shared-secret-auth
  ansible.builtin.get_url:
    url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
    dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
    force: true
    mode: 0440
    owner: "{{ matrix_synapse_uid }}"
    group: "{{ matrix_synapse_gid }}"
  register: result
  retries: "{{ devture_playbook_help_geturl_retries_count }}"
  delay: "{{ devture_playbook_help_geturl_retries_delay }}"
  until: result is not failed

- ansible.builtin.set_fact:
    matrix_synapse_modules: |
      {{
        matrix_synapse_modules | default([])
        +
        [
          {
            "module": "shared_secret_authenticator.SharedSecretAuthProvider",
            "config": matrix_synapse_ext_password_provider_shared_secret_config
          }
        ]
      }}

    matrix_synapse_container_extra_arguments: >
      {{
        matrix_synapse_container_extra_arguments | default([])
        +
        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
      }}

    matrix_synapse_additional_loggers: >
      {{
        matrix_synapse_additional_loggers
        +
        [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
      }}