Takwaiw/dendrite publickey (#2)

* Implementation of MSC 3782 Add publickey login as a new auth type. Co-authored-by: Tak Wai Wong <takwaiw@gmail.com>
2026-01-16 10:33:11 -06:00 · 2022-05-12 16:47:48 -07:00 · 2022-05-12 16:47:48 -07:00 · 3145a9dc52
parent 56194c4e32
commit 3145a9dc52
6 changed files with 52 additions and 14 deletions
--- a/clientapi/auth/user_interactive.go
+++ b/clientapi/auth/user_interactive.go
@ -246,7 +246,7 @@ func (u *UserInteractive) ResponseWithChallenge(sessionID string, response inter
 // Verify returns an error/challenge response to send to the client, or nil if the user is authenticated.
 // `bodyBytes` is the HTTP request body which must contain an `auth` key.
 // Returns the login that was verified for additional checks if required.
-func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte, device *api.Device) (*Login, *util.JSONResponse) {
+func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte) (*Login, *util.JSONResponse) {
 	// TODO: rate limit

 	// "A client should first make a request with no auth parameter. The homeserver returns an HTTP 401 response, with a JSON body"
--- a/clientapi/auth/user_interactive_test.go
+++ b/clientapi/auth/user_interactive_test.go
@ -17,11 +17,6 @@ var (
 	serverName = gomatrixserverlib.ServerName("example.com")
 	// space separated localpart+password -> account
 	lookup = make(map[string]*api.Account)
-	device = &api.Device{
-		AccessToken: "flibble",
-		DisplayName: "My Device",
-		ID:          "device_id_goes_here",
-	}
 )

 type fakeAccountDatabase struct {
@ -60,7 +55,7 @@ func setup() *UserInteractive {
 func TestUserInteractiveChallenge(t *testing.T) {
 	uia := setup()
 	// no auth key results in a challenge
-	_, errRes := uia.Verify(ctx, []byte(`{}`), device)
+	_, errRes := uia.Verify(ctx, []byte(`{}`))
 	if errRes == nil {
 		t.Fatalf("Verify succeeded with {} but expected failure")
 	}
@ -100,7 +95,7 @@ func TestUserInteractivePasswordLogin(t *testing.T) {
 		}`),
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc, device)
+		_, errRes := uia.Verify(ctx, tc)
 		if errRes != nil {
 			t.Errorf("Verify failed but expected success for request: %s - got %+v", string(tc), errRes)
 		}
@ -181,7 +176,7 @@ func TestUserInteractivePasswordBadLogin(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc.body, device)
+		_, errRes := uia.Verify(ctx, tc.body)
 		if errRes == nil {
 			t.Errorf("Verify succeeded but expected failure for request: %s", string(tc.body))
 			continue
--- a/clientapi/routing/deactivate.go
+++ b/clientapi/routing/deactivate.go
@ -28,7 +28,7 @@ func Deactivate(
 		}
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, deviceAPI)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
 	if errRes != nil {
 		return *errRes
 	}
--- a/clientapi/routing/device.go
+++ b/clientapi/routing/device.go
@ -198,7 +198,7 @@ func DeleteDeviceById(
 		sessionID = s
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, device)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
 	if errRes != nil {
 		switch data := errRes.JSON.(type) {
 		case auth.Challenge:
--- a/setup/config/config_clientapi.go
+++ b/setup/config/config_clientapi.go
@ -3,6 +3,8 @@ package config
 import (
 	"fmt"
 	"time"
+
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 )

 type ClientAPI struct {
@ -160,3 +162,44 @@ func (r *RateLimiting) Defaults() {
 	r.Threshold = 5
 	r.CooloffMS = 500
 }
+
+type ethereumAuthParams struct {
+	Version  uint32   `json:"version"`
+	ChainIDs []string `json:"chain_ids"`
+}
+
+type ethereumAuthConfig struct {
+	Enabled  bool     `yaml:"enabled"`
+	Version  uint32   `yaml:"version"`
+	ChainIDs []string `yaml:"chain_ids"`
+}
+
+type publicKeyAuthentication struct {
+	Ethereum ethereumAuthConfig `yaml:"ethereum"`
+}
+
+func (pk *publicKeyAuthentication) Enabled() bool {
+	return pk.Ethereum.Enabled
+}
+
+func (pk *publicKeyAuthentication) GetPublicKeyRegistrationFlows() []authtypes.Flow {
+	var flows []authtypes.Flow
+	if pk.Ethereum.Enabled {
+		flows = append(flows, authtypes.Flow{Stages: []authtypes.LoginType{authtypes.LoginTypePublicKeyEthereum}})
+	}
+
+	return flows
+}
+
+func (pk *publicKeyAuthentication) GetPublicKeyRegistrationParams() map[string]interface{} {
+	params := make(map[string]interface{})
+	if pk.Ethereum.Enabled {
+		p := ethereumAuthParams{
+			Version:  pk.Ethereum.Version,
+			ChainIDs: pk.Ethereum.ChainIDs,
+		}
+		params[authtypes.LoginTypePublicKeyEthereum] = p
+	}
+
+	return params
+}
--- a/userapi/storage/tables/stats_table_test.go
+++ b/userapi/storage/tables/stats_table_test.go
@ -300,10 +300,10 @@ func Test_UserStatistics(t *testing.T) {
 				},
 				R30UsersV2: map[string]int64{
 					"ios":      0,
-					"android":  0,
-					"web":      0,
+					"android":  1,
+					"web":      1,
 					"electron": 0,
-					"all":      0,
+					"all":      2,
 				},
 				AllUsers:        6,
 				NonBridgedUsers: 5,