2022-02-21 09:23:28 -06:00
|
|
|
// Copyright 2022 The Matrix.org Foundation C.I.C.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2022-02-14 06:41:21 -06:00
|
|
|
package routing
|
|
|
|
|
|
|
|
import (
|
2022-02-21 07:27:59 -06:00
|
|
|
"bytes"
|
|
|
|
"context"
|
2022-02-14 09:18:51 -06:00
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/hex"
|
2022-02-21 07:27:59 -06:00
|
|
|
"fmt"
|
2022-02-14 06:41:21 -06:00
|
|
|
"net/http"
|
2022-03-07 02:45:59 -06:00
|
|
|
"net/url"
|
2022-02-14 06:41:21 -06:00
|
|
|
|
2022-02-21 07:27:59 -06:00
|
|
|
appserviceAPI "github.com/matrix-org/dendrite/appservice/api"
|
2022-02-15 04:07:24 -06:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
2022-02-21 07:27:59 -06:00
|
|
|
"github.com/matrix-org/dendrite/roomserver/api"
|
2022-02-14 06:41:21 -06:00
|
|
|
"github.com/matrix-org/dendrite/setup/config"
|
|
|
|
userapi "github.com/matrix-org/dendrite/userapi/api"
|
2022-02-14 09:18:51 -06:00
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
2022-02-15 04:07:24 -06:00
|
|
|
"github.com/matrix-org/util"
|
2022-02-14 06:41:21 -06:00
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
)
|
|
|
|
|
|
|
|
// The data used to populate the /consent request
|
|
|
|
type constentTemplateData struct {
|
2022-03-04 10:01:18 -06:00
|
|
|
UserID string
|
|
|
|
Version string
|
|
|
|
UserHMAC string
|
|
|
|
HasConsented bool
|
|
|
|
ReadOnly bool
|
2022-02-14 06:41:21 -06:00
|
|
|
}
|
|
|
|
|
2022-02-15 04:07:24 -06:00
|
|
|
func consent(writer http.ResponseWriter, req *http.Request, userAPI userapi.UserInternalAPI, cfg *config.ClientAPI) *util.JSONResponse {
|
2022-02-14 06:41:21 -06:00
|
|
|
consentCfg := cfg.Matrix.UserConsentOptions
|
2022-02-15 04:07:24 -06:00
|
|
|
internalError := jsonerror.InternalServerError()
|
2022-02-14 06:41:21 -06:00
|
|
|
|
2022-02-15 04:07:24 -06:00
|
|
|
// The data used to populate the /consent request
|
|
|
|
data := constentTemplateData{
|
2022-03-04 10:01:18 -06:00
|
|
|
UserID: req.FormValue("u"),
|
2022-02-15 04:07:24 -06:00
|
|
|
Version: req.FormValue("v"),
|
|
|
|
UserHMAC: req.FormValue("h"),
|
|
|
|
}
|
|
|
|
switch req.Method {
|
|
|
|
case http.MethodGet:
|
|
|
|
// display the privacy policy without a form
|
2022-03-04 10:01:18 -06:00
|
|
|
data.ReadOnly = data.UserID == "" || data.UserHMAC == "" || data.Version == ""
|
2022-02-14 09:18:51 -06:00
|
|
|
|
2022-02-15 04:07:24 -06:00
|
|
|
// let's see if the user already consented to the current version
|
2022-03-04 10:01:18 -06:00
|
|
|
if !data.ReadOnly {
|
2022-02-15 04:07:24 -06:00
|
|
|
res := &userapi.QueryPolicyVersionResponse{}
|
2022-03-04 10:01:18 -06:00
|
|
|
localpart, _, err := gomatrixserverlib.SplitID('@', data.UserID)
|
2022-02-14 06:41:21 -06:00
|
|
|
if err != nil {
|
2022-03-04 10:01:18 -06:00
|
|
|
logrus.WithError(err).Error("unable to split username")
|
2022-02-15 04:07:24 -06:00
|
|
|
return &internalError
|
2022-02-14 06:41:21 -06:00
|
|
|
}
|
2022-02-15 04:07:24 -06:00
|
|
|
if err = userAPI.QueryPolicyVersion(req.Context(), &userapi.QueryPolicyVersionRequest{
|
2022-03-04 10:01:18 -06:00
|
|
|
Localpart: localpart,
|
2022-02-15 04:07:24 -06:00
|
|
|
}, res); err != nil {
|
2022-03-04 10:01:18 -06:00
|
|
|
logrus.WithError(err).Error("unable query policy version")
|
2022-02-15 04:07:24 -06:00
|
|
|
return &internalError
|
2022-02-14 09:18:51 -06:00
|
|
|
}
|
2022-02-15 04:07:24 -06:00
|
|
|
data.HasConsented = res.PolicyVersion == consentCfg.Version
|
|
|
|
}
|
2022-02-14 06:41:21 -06:00
|
|
|
|
2022-02-15 04:07:24 -06:00
|
|
|
err := consentCfg.Templates.ExecuteTemplate(writer, consentCfg.Version+".gohtml", data)
|
|
|
|
if err != nil {
|
2022-03-04 10:01:18 -06:00
|
|
|
logrus.WithError(err).Error("unable to execute consent template")
|
2022-02-15 04:07:24 -06:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
case http.MethodPost:
|
2022-03-04 10:01:18 -06:00
|
|
|
localpart, _, err := gomatrixserverlib.SplitID('@', data.UserID)
|
2022-02-15 04:07:24 -06:00
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).Error("unable to split username")
|
|
|
|
return &internalError
|
|
|
|
}
|
2022-02-14 09:18:51 -06:00
|
|
|
|
2022-03-04 10:01:18 -06:00
|
|
|
ok, err := validHMAC(data.UserID, data.UserHMAC, consentCfg.FormSecret)
|
2022-02-15 04:07:24 -06:00
|
|
|
if err != nil || !ok {
|
|
|
|
_, err = writer.Write([]byte("invalid HMAC provided"))
|
2022-02-14 09:18:51 -06:00
|
|
|
if err != nil {
|
2022-02-15 04:07:24 -06:00
|
|
|
return &internalError
|
2022-02-14 09:18:51 -06:00
|
|
|
}
|
2022-02-15 04:07:24 -06:00
|
|
|
return &internalError
|
|
|
|
}
|
|
|
|
if err := userAPI.PerformUpdatePolicyVersion(
|
|
|
|
req.Context(),
|
|
|
|
&userapi.UpdatePolicyVersionRequest{
|
|
|
|
PolicyVersion: data.Version,
|
2022-03-04 10:01:18 -06:00
|
|
|
Localpart: localpart,
|
2022-02-15 04:07:24 -06:00
|
|
|
},
|
|
|
|
&userapi.UpdatePolicyVersionResponse{},
|
|
|
|
); err != nil {
|
|
|
|
_, err = writer.Write([]byte("unable to update database"))
|
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).Error("unable to write to database")
|
|
|
|
}
|
|
|
|
return &internalError
|
|
|
|
}
|
|
|
|
// display the privacy policy without a form
|
2022-03-04 10:01:18 -06:00
|
|
|
data.ReadOnly = false
|
2022-02-15 04:07:24 -06:00
|
|
|
data.HasConsented = true
|
|
|
|
|
|
|
|
err = consentCfg.Templates.ExecuteTemplate(writer, consentCfg.Version+".gohtml", data)
|
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).Error("unable to print consent template")
|
|
|
|
return &internalError
|
2022-02-14 06:41:21 -06:00
|
|
|
}
|
2022-02-15 04:07:24 -06:00
|
|
|
return nil
|
2022-02-14 06:41:21 -06:00
|
|
|
}
|
2022-02-15 04:07:24 -06:00
|
|
|
return &util.JSONResponse{Code: http.StatusOK}
|
2022-02-14 06:41:21 -06:00
|
|
|
}
|
2022-02-14 09:18:51 -06:00
|
|
|
|
2022-02-21 07:27:59 -06:00
|
|
|
func sendServerNoticeForConsent(userAPI userapi.UserInternalAPI, rsAPI api.RoomserverInternalAPI,
|
|
|
|
cfgNotices *config.ServerNotices,
|
|
|
|
cfgClient *config.ClientAPI,
|
|
|
|
senderDevice *userapi.Device,
|
|
|
|
asAPI appserviceAPI.AppServiceQueryAPI,
|
|
|
|
) {
|
2022-02-25 08:32:19 -06:00
|
|
|
res := &userapi.QueryOutdatedPolicyResponse{}
|
|
|
|
if err := userAPI.QueryOutdatedPolicy(context.Background(), &userapi.QueryOutdatedPolicyRequest{
|
2022-02-21 07:27:59 -06:00
|
|
|
PolicyVersion: cfgClient.Matrix.UserConsentOptions.Version,
|
|
|
|
}, res); err != nil {
|
|
|
|
logrus.WithError(err).Error("unable to fetch users with outdated consent policy")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-02-21 07:44:16 -06:00
|
|
|
var (
|
|
|
|
consentOpts = cfgClient.Matrix.UserConsentOptions
|
|
|
|
data = make(map[string]string)
|
|
|
|
err error
|
|
|
|
sentMessages int
|
|
|
|
)
|
|
|
|
|
2022-03-04 10:01:18 -06:00
|
|
|
if len(res.UserLocalparts) == 0 {
|
|
|
|
return
|
2022-02-21 07:44:16 -06:00
|
|
|
}
|
|
|
|
|
2022-03-04 10:01:18 -06:00
|
|
|
logrus.WithField("count", len(res.UserLocalparts)).Infof("Sending server notice to users who have not yet accepted the policy")
|
|
|
|
|
|
|
|
for _, localpart := range res.UserLocalparts {
|
|
|
|
if localpart == cfgClient.Matrix.ServerNotices.LocalPart {
|
2022-02-21 07:27:59 -06:00
|
|
|
continue
|
|
|
|
}
|
2022-03-04 10:01:18 -06:00
|
|
|
userID := fmt.Sprintf("@%s:%s", localpart, cfgClient.Matrix.ServerName)
|
2022-02-21 07:27:59 -06:00
|
|
|
data["ConsentURL"], err = buildConsentURI(cfgClient, userID)
|
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).WithField("userID", userID).Error("unable to construct consentURI")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
msgBody := &bytes.Buffer{}
|
|
|
|
|
|
|
|
if err = consentOpts.TextTemplates.ExecuteTemplate(msgBody, "serverNoticeTemplate", data); err != nil {
|
|
|
|
logrus.WithError(err).WithField("userID", userID).Error("unable to execute serverNoticeTemplate")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
req := sendServerNoticeRequest{
|
|
|
|
UserID: userID,
|
|
|
|
Content: struct {
|
|
|
|
MsgType string `json:"msgtype,omitempty"`
|
|
|
|
Body string `json:"body,omitempty"`
|
|
|
|
}{
|
|
|
|
MsgType: consentOpts.ServerNoticeContent.MsgType,
|
|
|
|
Body: msgBody.String(),
|
|
|
|
},
|
|
|
|
}
|
2022-03-28 04:33:12 -05:00
|
|
|
_, err = sendServerNotice(context.Background(), req, rsAPI, cfgNotices, cfgClient, senderDevice, asAPI, userAPI, nil, nil, nil)
|
2022-02-21 07:27:59 -06:00
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).WithField("userID", userID).Error("failed to send server notice for consent to user")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
sentMessages++
|
|
|
|
res := &userapi.UpdatePolicyVersionResponse{}
|
|
|
|
if err = userAPI.PerformUpdatePolicyVersion(context.Background(), &userapi.UpdatePolicyVersionRequest{
|
|
|
|
PolicyVersion: consentOpts.Version,
|
2022-03-04 10:01:18 -06:00
|
|
|
Localpart: userID,
|
2022-02-21 07:27:59 -06:00
|
|
|
ServerNoticeUpdate: true,
|
|
|
|
}, res); err != nil {
|
|
|
|
logrus.WithError(err).WithField("userID", userID).Error("failed to update policy version")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2022-02-21 07:44:16 -06:00
|
|
|
if sentMessages > 0 {
|
|
|
|
logrus.Infof("Sent messages to %d users", sentMessages)
|
|
|
|
}
|
2022-02-21 07:27:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
func buildConsentURI(cfgClient *config.ClientAPI, userID string) (string, error) {
|
|
|
|
consentOpts := cfgClient.Matrix.UserConsentOptions
|
|
|
|
|
|
|
|
mac := hmac.New(sha256.New, []byte(consentOpts.FormSecret))
|
|
|
|
_, err := mac.Write([]byte(userID))
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
userMAC := mac.Sum(nil)
|
|
|
|
|
2022-03-07 02:45:59 -06:00
|
|
|
params := url.Values{}
|
|
|
|
params.Add("u", userID)
|
|
|
|
params.Add("h", string(userMAC))
|
|
|
|
params.Add("v", consentOpts.Version)
|
|
|
|
|
|
|
|
return fmt.Sprintf("%s/_matrix/client/consent?%s", cfgClient.Matrix.UserConsentOptions.BaseURL, params.Encode()), nil
|
2022-02-21 07:27:59 -06:00
|
|
|
}
|
|
|
|
|
2022-02-14 09:18:51 -06:00
|
|
|
func validHMAC(username, userHMAC, secret string) (bool, error) {
|
|
|
|
mac := hmac.New(sha256.New, []byte(secret))
|
|
|
|
_, err := mac.Write([]byte(username))
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
expectedMAC := mac.Sum(nil)
|
|
|
|
decoded, err := hex.DecodeString(userHMAC)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return hmac.Equal(decoded, expectedMAC), nil
|
|
|
|
}
|