diff --git a/.gitignore b/.gitignore index 75d8c058f..25acaf7e7 100644 --- a/.gitignore +++ b/.gitignore @@ -52,7 +52,4 @@ dendrite.yaml *.log* # Generated code -cmd/dendrite-demo-yggdrasil/embed/fs*.go - -cmd/sytest/config.json -cmd/sytest/result \ No newline at end of file +cmd/dendrite-demo-yggdrasil/embed/fs*.go \ No newline at end of file diff --git a/clientapi/auth/password.go b/clientapi/auth/password.go index 2e85cdbfb..7d486ad7f 100644 --- a/clientapi/auth/password.go +++ b/clientapi/auth/password.go @@ -54,6 +54,20 @@ func (t *LoginTypePassword) Request() interface{} { return &PasswordRequest{} } +func (t *LoginTypePassword) CheckPassword(ctx context.Context, localpart string, + r *PasswordRequest) (*Login, *util.JSONResponse) { + _, err := t.GetAccountByPassword(ctx, localpart, r.Password) + if err != nil { + // Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows + // but that would leak the existence of the user. + return nil, &util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"), + } + } + return &r.Login, nil +} + func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, *util.JSONResponse) { r := req.(*PasswordRequest) username := r.Username() @@ -70,30 +84,19 @@ func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, JSON: jsonerror.InvalidUsername(err.Error()), } } - if len(t.Config.LDAP.Host) > 0 { - addr := "" - if t.Config.LDAP.TLS { - addr = "ldaps://" + t.Config.LDAP.Host + ":" + t.Config.LDAP.Port - } else { - addr = "ldap://" + t.Config.LDAP.Host + ":" + t.Config.LDAP.Port - } - + if len(t.Config.LDAP.URI) > 0 { var conn *ldap.Conn - conn, err = ldap.DialURL(addr) + conn, err = ldap.DialURL(t.Config.LDAP.URI) if err != nil { - return nil, &util.JSONResponse{ - Code: http.StatusUnauthorized, - JSON: jsonerror.InvalidUsername(err.Error()), - } + ise := jsonerror.InternalServerError() + return nil, &ise } defer conn.Close() e1 := conn.Bind(t.Config.LDAP.BindDN, t.Config.LDAP.BindPSWD) if e1 != nil { - return nil, &util.JSONResponse{ - Code: http.StatusUnauthorized, - JSON: jsonerror.InvalidUsername(err.Error()), - } + ise := jsonerror.InternalServerError() + return nil, &ise } filter := fmt.Sprintf("(&%s(%s=%s))", t.Config.LDAP.Filter, "uid", localpart) searchRequest := ldap.NewSearchRequest(t.Config.LDAP.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, filter, []string{"uid"}, nil) @@ -112,14 +115,7 @@ func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, } } if len(sr.Entries) == 0 { - _, err = t.GetAccountByPassword(ctx, localpart, r.Password) - if err != nil { - return nil, &util.JSONResponse{ - Code: http.StatusForbidden, - JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"), - } - } - return &r.Login, nil + return t.CheckPassword(ctx, localpart, r) } userDN := sr.Entries[0].DN @@ -165,14 +161,6 @@ func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, } return &r.Login, nil } - _, err = t.GetAccountByPassword(ctx, localpart, r.Password) - if err != nil { - // Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows - // but that would leak the existence of the user. - return nil, &util.JSONResponse{ - Code: http.StatusForbidden, - JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"), - } - } - return &r.Login, nil + + return t.CheckPassword(ctx, localpart, r) } diff --git a/cmd/sytest/config-example.json b/cmd/sytest/config-example.json deleted file mode 100644 index 6d31feb7b..000000000 --- a/cmd/sytest/config-example.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "src": "path of dendrite's source code on your computer, ends with '/'", - "send_mail": false, - "username": "your email account", - "password": "your email password", - "host": "your email smtp host", - "port": "your email port" -} \ No newline at end of file diff --git a/cmd/sytest/sytest.go b/cmd/sytest/sytest.go deleted file mode 100644 index dbaabca90..000000000 --- a/cmd/sytest/sytest.go +++ /dev/null @@ -1,114 +0,0 @@ -package main - -import ( - "crypto/tls" - "encoding/json" - "fmt" - "io/ioutil" - "net" - "net/smtp" - "os" - "os/exec" - - "github.com/sirupsen/logrus" -) - -func main() { - err := exec.Command("git", "pull").Run() - if err != nil { - logrus.WithError(err).Fatalln("Run git pull failed") - } - logrus.Infoln("Git update done") - err = os.RemoveAll("./cmd/sytest/result") - if err != nil && !os.IsNotExist(err) { - logrus.WithError(err).Fatalln("Remove old result failed") - } - file, err := ioutil.ReadFile("./cmd/sytest/config.json") - if err != nil { - logrus.WithError(err).Fatalln("Read config file failed") - } - var cfg struct { - Src string `json:"src"` - SendMail bool `json:"send_mail"` - Username string `json:"username"` - Password string `json:"password"` - Host string `json:"host"` - Port string `json:"port"` - } - err = json.Unmarshal(file, &cfg) - if err != nil { - logrus.WithError(err).Fatalln("Unmarshal config file failed") - } - err = exec.Command("docker", "run", "--rm", - "-v", cfg.Src+":/src/", - "-v", cfg.Src+"cmd/sytest/result:/logs/", - "matrixdotorg/sytest-dendrite").Run() - if err != nil { - logrus.WithError(err).Fatalln("Run sytest docker image failed") - } - logrus.Infoln("Sytest done") - out, err := exec.Command("./are-we-synapse-yet.py", - "-v", "./cmd/sytest/result/results.tap").Output() - if err != nil { - logrus.WithError(err).Fatalln("Run are-we-synapse-yet failed") - } - if cfg.SendMail { - auth := smtp.PlainAuth("", - cfg.Username, - cfg.Password, - cfg.Host) - to := []string{"all@workly.ai"} - content := []byte(fmt.Sprintf("From:%s\r\nTo:all@workly.ai\r\nSubject:Are We Synapse Yet?\r\nContent-Type:text/plain;charset=utf-8\r\n\r\n%s", cfg.Username, out)) - err = sendMail(cfg.Host+":"+cfg.Port, auth, cfg.Username, to, content) - if err != nil { - logrus.WithError(err).Fatalln("Send mail failed") - } - } else { - logrus.Infoln("\n" + string(out)) - } -} - -func sendMail(addr string, auth smtp.Auth, from string, to []string, msg []byte) (err error) { - c, err := dial(addr) - if err != nil { - return err - } - if auth != nil { - if ok, _ := c.Extension("AUTH"); ok { - if err = c.Auth(auth); err != nil { - return err - } - } - } - if err = c.Mail(from); err != nil { - return err - } - for _, addr := range to { - if err = c.Rcpt(addr); err != nil { - fmt.Print(err) - return err - } - } - w, err := c.Data() - if err != nil { - return err - } - _, err = w.Write(msg) - if err != nil { - return err - } - err = w.Close() - if err != nil { - return err - } - return c.Quit() -} - -func dial(addr string) (*smtp.Client, error) { - conn, err := tls.Dial("tcp", addr, nil) - if err != nil { - return nil, err - } - host, _, _ := net.SplitHostPort(addr) - return smtp.NewClient(conn, host) -} diff --git a/setup/config/config_clientapi.go b/setup/config/config_clientapi.go index 0e89ca789..2e85755b9 100644 --- a/setup/config/config_clientapi.go +++ b/setup/config/config_clientapi.go @@ -127,9 +127,7 @@ func (r *RateLimiting) Defaults() { } type LDAP struct { - TLS bool `yaml:"tls"` - Host string `yaml:"host"` - Port string `yaml:"port"` + URI string `yaml:"uri"` BaseDN string `yaml:"basedn"` Filter string `yaml:"filter"` BindDN string `yaml:"bind_dn"`