From b4d630cd9e92a1cf7817e8d6d54487ef955d68f5 Mon Sep 17 00:00:00 2001 From: Krombel Date: Mon, 28 May 2018 10:45:31 +0200 Subject: [PATCH] add Requirements section --- README.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fa59928..f1866c8 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,15 @@ When using `operationMode=local` you can have the following benefits (some requi - Use the 3PID lookup for other users (only email) - Search for users that you have not seen yet +## Requirements + +- Working PHP environment with + - database connection provider \[one of sqlite, mysql, postgres\] + - curl extension to notify admins and register users (in `operationMode=synapse`) + - mail capability to interact with the users (Verification, Approval (+ initial password), Notifications) +- matrix-synapse-rest-auth when using `operationMode=local` +- some PHP capable webserver which makes the folder `public` accessible to the public and propably `internal` for server-internal access + ## How to install - Copy `config.sample.php` to `config.php` and configure the bot as you can find there @@ -43,15 +52,11 @@ When using `operationMode=local` you can have the following benefits (some requi ## Further notes: -### This bot sends mails -To allow the bot to verify the email address of the user and to interact with them e.g. in case of approval this bot needs a running mailserver configuration. -This bot relies on php to be properly configured. - -### Security: Passwords for registration are stored in clear text +### Security: Passwords from registration form are stored in clear text Currently the passwords which are typed in while capturing the register request are stored in clear text. +The bot needs to access them to trigger a register request with correct credentials. It is currently strongly recommended to set `"getPasswordOnRegistration" => false` in your config! -This leads to autocreating passwords which will then be send to the users directly -without storing it. +This leads to autocreating passwords which will then be send to the users directly without storing it. ### Use the ChangePasswortInterceptor (if `operationMode=local`)