Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Matrix: Logging-in with an access_token #895

Open
samip5 opened this issue Jun 26, 2023 · 12 comments · May be fixed by #1203
Open

Matrix: Logging-in with an access_token #895

samip5 opened this issue Jun 26, 2023 · 12 comments · May be fixed by #1203
Labels

Comments

@samip5
Copy link

samip5 commented Jun 26, 2023

Question
I cannot seem to figure out what's the proper syntax for matrix notify urls.

I have the token already but I cannot figure out how do I get it to login using m.login.token and NOT m.login.password (as that is disabled)?

The URL I tried is simply: matrixs://smb:<token>@matrix.pikaviestin.fi and I want to send the notify to specific room but it won't let it work in syntax matrixs://<token>@matrix.pikaviestin.fi/<internal-room-id-with-!>

2023-06-26 07:18:46,068 - DEBUG - Matrix POST URL: https://matrix.pikaviestin.fi:/_matrix/client/r0/login (cert_verify=True)
2023-06-26 07:18:46,068 - DEBUG - Matrix Payload: {'type': 'm.login.password', 'user': 'smb', 'password': '<token>'}
2023-06-26 07:18:46,157 - WARNING - Failed to handshake with Matrix server: Bad Request - Unsupported Parameters., error=400.
2023-06-26 07:18:46,157 - DEBUG - Response Details:
b'{"errcode":"M_UNKNOWN","error":"Password login has been disabled."}'
2023-06-26 07:18:46,158 - DEBUG - Matrix POST URL: https://matrix.pikaviestin.fi:/_matrix/client/r0/register (cert_verify=True)
2023-06-26 07:18:46,158 - DEBUG - Matrix Payload: {'kind': 'user', 'auth': {'type': 'm.login.dummy'}, 'username': 'smb', 'password': '<token>'}
2023-06-26 07:18:46,255 - WARNING - Failed to handshake with Matrix server: Unauthorized - Invalid Token., error=403.
2023-06-26 07:18:46,255 - DEBUG - Response Details:
b'{"errcode":"M_FORBIDDEN","error":"Registration has been disabled"}'
@caronc
Copy link
Owner

caronc commented Jun 26, 2023

There is a bug on my end. In the URL being posted, you can see that it's adding a colon at the end of the URL (as though a port number might follow but there isn't one).

I've fixed it in a local branch this weekend, but I've also see set up a matrix server on my side. I'm going to go through the whole plugin and revitalize it.

@samip5
Copy link
Author

samip5 commented Jun 26, 2023

There is a bug on my end. In the URL being posted, you can see that it's adding a colon at the end of the URL (as though a port number might follow but there isn't one).

I don't think that's the issue per se. I checked the code and there appears to be no way to give it the access_token directly when logging in via password is disabled on server side (as it's using oauth).

@uqlel
Copy link

uqlel commented Jan 17, 2024

@caronc Will this be implemented? For me it's currently pretty useless because it logins every time and gets new access token so two messages sent without a long break make only one of the message arrive because server throttles the login:

2024-01-17 14:13:18,176 [WARNING] apprise: Matrix server requested we throttle back 250.511ms; retries left 1.
2024-01-17 14:13:18,338 [WARNING] apprise: Matrix server requested we throttle back 250.349ms; retries left 0.
2024-01-17 14:17:28,853 [WARNING] apprise: Failed to handshake with Matrix server: Unauthorized - Invalid Token., error=403.

Logging by access token would solve this because it would do all the requests with the same access token so it wouldn't be throttled

@jribal
Copy link

jribal commented Jan 25, 2024

Hey @uqlel,

You can increase rc_login Matrix rc_login documentation

I set:

  account:
    per_second: 5
    burst_count: 40

I still throttle sometimes but 2.5ms max instead of 250ms and it works for my use case.
Until an access token solution gets implemented it could work if you find a good value.

I had this throttle error but could not understand it was a login throttle and not a message throttle.

@caronc
Copy link
Owner

caronc commented Jan 27, 2024

@uqlel : I'm trying to find a webhook standard for Matrix right now. One thing with webhooks is that it doesn't appear to support attachments. It seems to be a third party addon such as this, but upon googling, there are other formats as well.

What (Matrix) service are you specifically using if you don't mind me asking? Also if my interpretation above is really wrong, please correct me too! 🙂

@samip5
Copy link
Author

samip5 commented Jan 27, 2024

I'm trying to find a webhook standard for Matrix right now.

Please see https://spec.matrix.org/v1.9/client-server-api/#authentication-types for how one could auth via token directly, and matrix-org/matrix-spec#541

@caronc
Copy link
Owner

caronc commented Jan 27, 2024

Adding support for the m.login.registration_token (link) still looks like i need to authenticate with that (instead of a user/pass) to get a session id to work with. This process needs to be repeated for each use of Apprise (so the extra hit on the server).

Apprise keeps the session as long as it's instance is running. But calling it from the CLI or API, after the service has done it's deed, memory is freed and the session information is lost. I think this is what you're experiencing.

The only true solution will be for persistent storage (ticket here). Basically what you're looking for is After Apprise acquires your session, it holds onto it and re-uses it on future instances (saving the extra http request). The trade off of this is Apprise starts managing a small database which can grow, needs management, etc). When I do get around to adding persistent storage, this would be yet another use case for it.

Perhaps i should increase the throttle time (to adapt a little better and prevent clever workarounds like @jribal found)?

@samip5
Copy link
Author

samip5 commented Jan 28, 2024

Adding support for the m.login.registration_token (link) still looks like i need to authenticate with that (instead of a user/pass) to get a session id to work with. This process needs to be repeated for each use of Apprise (so the extra hit on the server).

Please add instead support for direct m.login.token (link).
The registration token will not work if the Matrix server doesn't have direct registrations enabled and instead is SSO-only, which many are. Eg. let us give it the token to use, which we can generate out-of-band.

@caronc caronc mentioned this issue Aug 23, 2024
4 tasks
@caronc
Copy link
Owner

caronc commented Aug 23, 2024

I'm not sure where we are with this ticket, persistent storage is in place and now the auth token acquired from the server is cached to disk (saving from constant logon and logoff calls). so this will drastically reduce the overhead. Not sure if I introduced any new problems with this new change yet or not.

@natoleet
Copy link

natoleet commented Sep 9, 2024

I too wish to be able to login via the m.login.token
As above, I only allow SSO logins to Matrix, so username:password is not possible.

As an immediate workaround I'm simply using a 3rd party webhook bot.

@samip5
Copy link
Author

samip5 commented Sep 11, 2024

I'm not sure where we are with this ticket, persistent storage is in place and now the auth token acquired from the server is cached to disk (saving from constant logon and logoff calls). so this will drastically reduce the overhead. Not sure if I introduced any new problems with this new change yet or not.

SSO is not supported, so we are unfortunately still nowhere.

https://github.com/caronc/apprise/blob/master/apprise/plugins/matrix.py#L878 => m.login.password which is NOT supported on most servers. It should allow to specify the access_token directly instead and use it via m.login.token.

@caronc caronc linked a pull request Sep 14, 2024 that will close this issue
4 tasks
@caronc
Copy link
Owner

caronc commented Sep 14, 2024

Have a look at the recent PR and if someone could test it out, that woudl be great! Test instructoins are inside link. 🙏

@caronc caronc linked a pull request Sep 14, 2024 that will close this issue
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants