From 4b0cc32af29a6292ea11b93800effb26370613c1 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 24 Aug 2021 11:44:03 +0100 Subject: [PATCH 1/4] Hopefully fix UIA for cross-signing setup (closes #1983) (#1986) --- clientapi/routing/key_crosssigning.go | 52 +++++++++++++++++---------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/clientapi/routing/key_crosssigning.go b/clientapi/routing/key_crosssigning.go index 756598dbc..7b9d8acd2 100644 --- a/clientapi/routing/key_crosssigning.go +++ b/clientapi/routing/key_crosssigning.go @@ -15,11 +15,10 @@ package routing import ( - "encoding/json" - "io/ioutil" "net/http" "github.com/matrix-org/dendrite/clientapi/auth" + "github.com/matrix-org/dendrite/clientapi/auth/authtypes" "github.com/matrix-org/dendrite/clientapi/httputil" "github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/keyserver/api" @@ -29,37 +28,52 @@ import ( "github.com/matrix-org/util" ) +type crossSigningRequest struct { + api.PerformUploadDeviceKeysRequest + Auth newPasswordAuth `json:"auth"` +} + func UploadCrossSigningDeviceKeys( req *http.Request, userInteractiveAuth *auth.UserInteractive, keyserverAPI api.KeyInternalAPI, device *userapi.Device, accountDB accounts.Database, cfg *config.ClientAPI, ) util.JSONResponse { - uploadReq := &api.PerformUploadDeviceKeysRequest{} + uploadReq := &crossSigningRequest{} uploadRes := &api.PerformUploadDeviceKeysResponse{} - ctx := req.Context() - defer req.Body.Close() // nolint:errcheck - bodyBytes, err := ioutil.ReadAll(req.Body) - if err != nil { + resErr := httputil.UnmarshalJSONRequest(req, &uploadReq) + if resErr != nil { + return *resErr + } + sessionID := uploadReq.Auth.Session + if sessionID == "" { + sessionID = util.RandomString(sessionIDLength) + } + if uploadReq.Auth.Type != authtypes.LoginTypePassword { return util.JSONResponse{ - Code: http.StatusBadRequest, - JSON: jsonerror.BadJSON("The request body could not be read: " + err.Error()), + Code: http.StatusUnauthorized, + JSON: newUserInteractiveResponse( + sessionID, + []authtypes.Flow{ + { + Stages: []authtypes.LoginType{authtypes.LoginTypePassword}, + }, + }, + nil, + ), } } - - if _, err := userInteractiveAuth.Verify(ctx, bodyBytes, device); err != nil { - return *err + typePassword := auth.LoginTypePassword{ + GetAccountByPassword: accountDB.GetAccountByPassword, + Config: cfg, } - - if err = json.Unmarshal(bodyBytes, &uploadReq); err != nil { - return util.JSONResponse{ - Code: http.StatusBadRequest, - JSON: jsonerror.BadJSON("The request body could not be unmarshalled: " + err.Error()), - } + if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil { + return *authErr } + AddCompletedSessionStage(sessionID, authtypes.LoginTypePassword) uploadReq.UserID = device.UserID - keyserverAPI.PerformUploadDeviceKeys(req.Context(), uploadReq, uploadRes) + keyserverAPI.PerformUploadDeviceKeys(req.Context(), &uploadReq.PerformUploadDeviceKeysRequest, uploadRes) if err := uploadRes.Error; err != nil { switch { From 037ff4fb2364cbee7a3a9a856cd2a711f5398682 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 24 Aug 2021 15:03:28 +0100 Subject: [PATCH 2/4] Version 0.5.0 --- CHANGES.md | 16 ++++++++++++++++ internal/version.go | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 8207d4844..3e0db8c3f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,21 @@ # Changelog +## Dendrite 0.5.0 (2021-08-24) + +### Features + +* Support for serverside key backups has been added, allowing your E2EE keys to be backed up and to be restored after logging out or when logging in from a new device +* Experimental support for cross-signing has been added, allowing verifying your own device keys and verifying other user's public keys +* Dendrite can now send logs to a TCP syslog server by using the `syslog` logger type (contributed by [sambhavsaggi](https://github.com/sambhavsaggi)) +* Go 1.15 is now the minimum supported version for Dendrite + +### Fixes + +* Device keys are now cleaned up from the keyserver when the user API removes a device session +* The `M_ROOM_IN_USE` error code is now returned when a room alias is already taken (contributed by [nivekuil](https://github.com/nivekuil)) +* A bug in the state storage migration has been fixed where room create events had incorrect state snapshots +* A bug when deactivating accounts caused by only reading the deprecated username field has been fixed + ## Dendrite 0.4.1 (2021-07-26) ### Features diff --git a/internal/version.go b/internal/version.go index 6ba1f13a8..cdda60e2e 100644 --- a/internal/version.go +++ b/internal/version.go @@ -18,7 +18,7 @@ const ( VersionMajor = 0 VersionMinor = 5 VersionPatch = 0 - VersionTag = "rc1" // example: "rc1" + VersionTag = "" // example: "rc1" ) func VersionString() string { From 2dd5fd1fd676c570a13c2ed062fa47a026ca826f Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 27 Aug 2021 15:48:27 +0100 Subject: [PATCH 3/4] publicRooms should accept POST as well as GET (#1991) --- federationapi/routing/routing.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/federationapi/routing/routing.go b/federationapi/routing/routing.go index 8f33c7660..503e512e6 100644 --- a/federationapi/routing/routing.go +++ b/federationapi/routing/routing.go @@ -449,7 +449,7 @@ func Setup( httputil.MakeExternalAPI("federation_public_rooms", func(req *http.Request) util.JSONResponse { return GetPostPublicRooms(req, rsAPI) }), - ).Methods(http.MethodGet) + ).Methods(http.MethodGet, http.MethodPost) v1fedmux.Handle("/user/keys/claim", httputil.MakeFedAPI( "federation_keys_claim", cfg.Matrix.ServerName, keys, wakeup, From 51b119107c972007f5a1bc626758a6229ece14db Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 27 Aug 2021 16:50:30 +0100 Subject: [PATCH 4/4] Don't return nonsense canonical room aliases in the public rooms responses (#1992) --- federationapi/routing/publicrooms.go | 4 +++- roomserver/api/wrapper.go | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/federationapi/routing/publicrooms.go b/federationapi/routing/publicrooms.go index ddd92c5c0..5b9be8807 100644 --- a/federationapi/routing/publicrooms.go +++ b/federationapi/routing/publicrooms.go @@ -156,7 +156,9 @@ func fillInRooms(ctx context.Context, roomIDs []string, rsAPI roomserverAPI.Room case topicTuple: pub.Topic = contentVal case canonicalTuple: - pub.CanonicalAlias = contentVal + if _, _, err := gomatrixserverlib.SplitID('#', contentVal); err == nil { + pub.CanonicalAlias = contentVal + } case visibilityTuple: pub.WorldReadable = contentVal == "world_readable" // need both of these to determine whether guests can join diff --git a/roomserver/api/wrapper.go b/roomserver/api/wrapper.go index 2ebe2f648..de66df803 100644 --- a/roomserver/api/wrapper.go +++ b/roomserver/api/wrapper.go @@ -215,7 +215,9 @@ func PopulatePublicRooms(ctx context.Context, roomIDs []string, rsAPI Roomserver case topicTuple: pub.Topic = contentVal case canonicalTuple: - pub.CanonicalAlias = contentVal + if _, _, err := gomatrixserverlib.SplitID('#', contentVal); err == nil { + pub.CanonicalAlias = contentVal + } case visibilityTuple: pub.WorldReadable = contentVal == "world_readable" // need both of these to determine whether guests can join