From 7729a9715dcd74954a0622a24decbbd9a632a547 Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri, 12 Jun 2020 09:22:24 +0100
Subject: [PATCH] Massage client API a bit

---
 clientapi/routing/device.go         |  8 +--
 clientapi/routing/login.go          | 87 ++++++++++++++++++++---------
 clientapi/routing/register.go       |  6 +-
 cmd/dendrite-demo-yggdrasil/main.go |  2 +-
 4 files changed, 70 insertions(+), 33 deletions(-)

diff --git a/clientapi/routing/device.go b/clientapi/routing/device.go
index 89c394913..fab0d68d0 100644
--- a/clientapi/routing/device.go
+++ b/clientapi/routing/device.go
@@ -27,8 +27,10 @@ import (
 )
 
 type deviceJSON struct {
-	DeviceID string `json:"device_id"`
-	UserID   string `json:"user_id"`
+	DeviceID    string `json:"device_id"`
+	DisplayName string `json:"display_name"`
+	LastSeenIP  string `json:"last_seen_ip"`
+	LastSeenTS  uint64 `json:"last_seen_ts"`
 }
 
 type devicesJSON struct {
@@ -70,7 +72,6 @@ func GetDeviceByID(
 		Code: http.StatusOK,
 		JSON: deviceJSON{
 			DeviceID: dev.ID,
-			UserID:   dev.UserID,
 		},
 	}
 }
@@ -98,7 +99,6 @@ func GetDevicesByLocalpart(
 	for _, dev := range deviceList {
 		res.Devices = append(res.Devices, deviceJSON{
 			DeviceID: dev.ID,
-			UserID:   dev.UserID,
 		})
 	}
 
diff --git a/clientapi/routing/login.go b/clientapi/routing/login.go
index c0042fa95..5b357bd8d 100644
--- a/clientapi/routing/login.go
+++ b/clientapi/routing/login.go
@@ -15,6 +15,8 @@
 package routing
 
 import (
+	"encoding/json"
+	"fmt"
 	"net/http"
 
 	"context"
@@ -45,15 +47,22 @@ type loginIdentifier struct {
 	User string `json:"user"`
 }
 
-type passwordRequest struct {
+type loginWithPasswordRequest struct {
 	Identifier loginIdentifier `json:"identifier"`
-	Password   string          `json:"password"`
+	Medium     string          `json:"medium"`   // third-party only
+	Password   string          `json:"password"` // m.login.password only
+	Token      string          `json:"token"`    // m.login.token only
 	// Both DeviceID and InitialDisplayName can be omitted, or empty strings ("")
 	// Thus a pointer is needed to differentiate between the two
 	InitialDisplayName *string `json:"initial_device_display_name"`
 	DeviceID           *string `json:"device_id"`
 }
 
+type loginRequest struct {
+	Type string `json:"type"`
+	loginWithPasswordRequest
+}
+
 type loginResponse struct {
 	UserID      string                       `json:"user_id"`
 	AccessToken string                       `json:"access_token"`
@@ -79,44 +88,68 @@ func Login(
 			JSON: passwordLogin(),
 		}
 	} else if req.Method == http.MethodPost {
-		var r passwordRequest
+		var temp interface{}
 		var acc *authtypes.Account
-		resErr := httputil.UnmarshalJSONRequest(req, &r)
+		resErr := httputil.UnmarshalJSONRequest(req, &temp)
 		if resErr != nil {
 			return *resErr
 		}
-		switch r.Identifier.Type {
-		case "m.id.user":
-			if r.Identifier.User == "" {
+
+		j, _ := json.MarshalIndent(temp, "", "  ")
+		fmt.Println(string(j))
+
+		var r loginRequest
+		json.Unmarshal(j, &r)
+
+		switch r.Type {
+		case "m.login.password":
+			j, _ := json.MarshalIndent(r, "", "  ")
+			fmt.Printf("LOGIN REQUEST: %+v\n", string(j))
+			switch r.Identifier.Type {
+			case "m.id.user":
+				if r.Identifier.User == "" {
+					return util.JSONResponse{
+						Code: http.StatusBadRequest,
+						JSON: jsonerror.BadJSON("'user' must be supplied."),
+					}
+				}
+
+				util.GetLogger(req.Context()).WithField("user", r.Identifier.User).Info("Processing login request")
+
+				localpart, err := userutil.ParseUsernameParam(r.Identifier.User, &cfg.Matrix.ServerName)
+				if err != nil {
+					return util.JSONResponse{
+						Code: http.StatusBadRequest,
+						JSON: jsonerror.InvalidUsername(err.Error()),
+					}
+				}
+
+				acc, err = accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
+				if err != nil {
+					// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
+					// but that would leak the existence of the user.
+					return util.JSONResponse{
+						Code: http.StatusForbidden,
+						JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"),
+					}
+				}
+
+			case "m.login.token":
 				return util.JSONResponse{
 					Code: http.StatusBadRequest,
-					JSON: jsonerror.BadJSON("'user' must be supplied."),
+					JSON: jsonerror.Unknown("Token login is not supported"),
 				}
-			}
 
-			util.GetLogger(req.Context()).WithField("user", r.Identifier.User).Info("Processing login request")
-
-			localpart, err := userutil.ParseUsernameParam(r.Identifier.User, &cfg.Matrix.ServerName)
-			if err != nil {
+			default:
 				return util.JSONResponse{
 					Code: http.StatusBadRequest,
-					JSON: jsonerror.InvalidUsername(err.Error()),
-				}
-			}
-
-			acc, err = accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
-			if err != nil {
-				// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
-				// but that would leak the existence of the user.
-				return util.JSONResponse{
-					Code: http.StatusForbidden,
-					JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"),
+					JSON: jsonerror.Unknown("login identifier '" + r.Identifier.Type + "' not supported"),
 				}
 			}
 		default:
 			return util.JSONResponse{
 				Code: http.StatusBadRequest,
-				JSON: jsonerror.BadJSON("login identifier '" + r.Identifier.Type + "' not supported"),
+				JSON: jsonerror.Unknown(fmt.Sprintf("Login type %q not supported", r.Type)),
 			}
 		}
 
@@ -126,7 +159,7 @@ func Login(
 			return jsonerror.InternalServerError()
 		}
 
-		dev, err := getDevice(req.Context(), r, deviceDB, acc, token)
+		dev, err := getDevice(req.Context(), r.loginWithPasswordRequest, deviceDB, acc, token)
 		if err != nil {
 			return util.JSONResponse{
 				Code: http.StatusInternalServerError,
@@ -153,7 +186,7 @@ func Login(
 // getDevice returns a new or existing device
 func getDevice(
 	ctx context.Context,
-	r passwordRequest,
+	r loginWithPasswordRequest,
 	deviceDB devices.Database,
 	acc *authtypes.Account,
 	token string,
diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index d356db2cb..ba6c57566 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -506,7 +506,11 @@ func Register(
 		"session_id": r.Auth.Session,
 	}).Info("Processing registration request")
 
-	return handleRegistrationFlow(req, r, sessionID, cfg, accountDB, deviceDB)
+	resp := handleRegistrationFlow(req, r, sessionID, cfg, accountDB, deviceDB)
+	j, _ := json.MarshalIndent(resp, "", "  ")
+	fmt.Println("ERROR!")
+	fmt.Println(string(j))
+	return resp
 }
 
 func handleGuestRegistration(
diff --git a/cmd/dendrite-demo-yggdrasil/main.go b/cmd/dendrite-demo-yggdrasil/main.go
index d217ee145..11f6d9970 100644
--- a/cmd/dendrite-demo-yggdrasil/main.go
+++ b/cmd/dendrite-demo-yggdrasil/main.go
@@ -157,7 +157,7 @@ func main() {
 		logrus.Fatal(httpServer.Serve(ygg))
 	}()
 	go func() {
-		httpBindAddr := fmt.Sprintf("localhost:%d", *instancePort)
+		httpBindAddr := fmt.Sprintf(":%d", *instancePort)
 		logrus.Info("Listening on ", httpBindAddr)
 		logrus.Fatal(http.ListenAndServe(httpBindAddr, nil))
 	}()