mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-12 17:33:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge 5a461f9071 into b72ed3e38c

Browse source
This commit is contained in:
Anant Prakash 2018-03-09 13:21:48 +00:00 committed by GitHub
parent b72ed3e38c 5a461f9071
commit aa7909fb72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 156 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/github.com/matrix-org/dendrite/clientapi/auth/authtypes/loginrequest.go Normal file
View file

@ -0,0 +1,26 @@
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package authtypes
// LoginRequest represents the request sent by the client
// https://matrix.org/docs/spec/client_server/r0.3.0.html#post-matrix-client-r0-login
type LoginRequest struct {
Type LoginType `json:"type"`
User string `json:"user"`
Medium string `json:"medium"`
Address string `json:"address"`
Password string `json:"password"`
Token string `json:"token"`
DeviceID string `json:"device_id"`
InitialDisplayName *string `json:"initial_device_display_name"`
}

26
src/github.com/matrix-org/dendrite/clientapi/auth/authtypes/loginresponse.go Normal file
View file

@ -0,0 +1,26 @@
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package authtypes
import (
"github.com/matrix-org/gomatrixserverlib"
)
// LoginResponse represents the response received by the client
// https://matrix.org/docs/spec/client_server/r0.3.0.html#post-matrix-client-r0-login
type LoginResponse struct {
UserID string `json:"user_id"`
AccessToken string `json:"access_token"`
HomeServer gomatrixserverlib.ServerName `json:"home_server"`
DeviceID string `json:"device_id"`
}

2
src/github.com/matrix-org/dendrite/clientapi/auth/authtypes/logintypes.go
View file

@ -9,4 +9,6 @@ const (
LoginTypeSharedSecret = "org.matrix.login.shared_secret" LoginTypeSharedSecret = "org.matrix.login.shared_secret"
LoginTypeRecaptcha = "m.login.recaptcha" LoginTypeRecaptcha = "m.login.recaptcha"
LoginTypeApplicationService = "m.login.application_service" LoginTypeApplicationService = "m.login.application_service"
LoginTypePassword = "m.login.password"
LoginTypeToken = "m.login.token"
) )

175
src/github.com/matrix-org/dendrite/clientapi/routing/login.go
View file

@ -15,10 +15,12 @@
package routing package routing
import ( import (
"database/sql"
"net/http" "net/http"
"strings" "strings"
"github.com/matrix-org/dendrite/clientapi/auth" "github.com/matrix-org/dendrite/clientapi/auth"
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts" "github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
"github.com/matrix-org/dendrite/clientapi/auth/storage/devices" "github.com/matrix-org/dendrite/clientapi/auth/storage/devices"
"github.com/matrix-org/dendrite/clientapi/httputil" "github.com/matrix-org/dendrite/clientapi/httputil"
@ -37,73 +39,19 @@ type flow struct {
Stages []string `json:"stages"` Stages []string `json:"stages"`
} }
type passwordRequest struct { func defaultPasswordLogin() loginFlows {
User string `json:"user"`
Password string `json:"password"`
InitialDisplayName *string `json:"initial_device_display_name"`
}
type loginResponse struct {
UserID string `json:"user_id"`
AccessToken string `json:"access_token"`
HomeServer gomatrixserverlib.ServerName `json:"home_server"`
DeviceID string `json:"device_id"`
}
func passwordLogin() loginFlows {
f := loginFlows{} f := loginFlows{}
s := flow{"m.login.password", []string{"m.login.password"}} s := flow{string(authtypes.LoginTypePassword), []string{string(authtypes.LoginTypePassword)}}
f.Flows = append(f.Flows, s) f.Flows = append(f.Flows, s)
return f return f
} }
// Login implements GET and POST /login func handlePasswordLogin(
func Login( r authtypes.LoginRequest, localpart string, accountDB *accounts.Database,
req *http.Request, accountDB *accounts.Database, deviceDB *devices.Database, deviceDB *devices.Database, req *http.Request, cfg config.Dendrite) util.JSONResponse {
cfg config.Dendrite,
) util.JSONResponse {
if req.Method == "GET" { // TODO: support other forms of login other than password, depending on config options
return util.JSONResponse{
Code: 200,
JSON: passwordLogin(),
}
} else if req.Method == "POST" {
var r passwordRequest
resErr := httputil.UnmarshalJSONRequest(req, &r)
if resErr != nil {
return *resErr
}
if r.User == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'user' must be supplied."),
}
}
util.GetLogger(req.Context()).WithField("user", r.User).Info("Processing login request")
// r.User can either be a user ID or just the localpart... or other things maybe.
localpart := r.User
if strings.HasPrefix(r.User, "@") {
var domain gomatrixserverlib.ServerName
var err error
localpart, domain, err = gomatrixserverlib.SplitID('@', r.User)
if err != nil {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.InvalidUsername("Invalid username"),
}
}
if domain != cfg.Matrix.ServerName {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.InvalidUsername("User ID not ours"),
}
}
}
acc, err := accountDB.GetAccountByPassword(req.Context(), localpart, r.Password) acc, err := accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
if err != nil { if err != nil {
// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows // Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
// but that would leak the existence of the user. // but that would leak the existence of the user.
@ -131,13 +79,118 @@ func Login(
return util.JSONResponse{ return util.JSONResponse{
Code: 200, Code: 200,
JSON: loginResponse{ JSON: authtypes.LoginResponse{
UserID: dev.UserID, UserID: dev.UserID,
AccessToken: dev.AccessToken, AccessToken: dev.AccessToken,
HomeServer: cfg.Matrix.ServerName, HomeServer: cfg.Matrix.ServerName,
DeviceID: dev.ID, DeviceID: dev.ID,
}, },
} }
}
func handleTokenLogin(
r authtypes.LoginRequest, deviceDB *devices.Database,
req *http.Request, cfg config.Dendrite) util.JSONResponse {
if r.Token == "" {
return util.JSONResponse{
Code: 401,
JSON: jsonerror.MissingToken("Missing access token"),
}
}
dev, err := deviceDB.GetDeviceByAccessToken(req.Context(), r.Token)
if err != nil {
if err == sql.ErrNoRows {
return util.JSONResponse{
Code: 401,
JSON: jsonerror.UnknownToken("Unknown token"),
}
}
return util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Unexpected server error occurred"),
}
}
if dev.ID != r.DeviceID {
// The access token specified in the request was generated for a
// different device.
return util.JSONResponse{
Code: 403,
JSON: jsonerror.Forbidden("Access token not valid for this device"),
}
}
return util.JSONResponse{
Code: 200,
JSON: authtypes.LoginResponse{
UserID: dev.UserID,
AccessToken: dev.AccessToken,
HomeServer: cfg.Matrix.ServerName,
DeviceID: dev.ID,
},
}
}
// Login implements GET and POST /login
func Login(
req *http.Request, accountDB *accounts.Database, deviceDB *devices.Database,
cfg config.Dendrite,
) util.JSONResponse {
if req.Method == "GET" {
return util.JSONResponse{
Code: 200,
JSON: defaultPasswordLogin(),
}
} else if req.Method == "POST" {
var r authtypes.LoginRequest
resErr := httputil.UnmarshalJSONRequest(req, &r)
if resErr != nil {
return *resErr
}
if r.User == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'user' must be supplied."),
}
}
util.GetLogger(req.Context()).WithField("user", r.User).Info("Processing login request")
// r.User can either be a user ID or just the localpart... or other things maybe.
localpart := r.User
if strings.HasPrefix(r.User, "@") {
var domain gomatrixserverlib.ServerName
var err error
localpart, domain, err = gomatrixserverlib.SplitID('@', r.User)
if err != nil {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.InvalidUsername("Invalid username"),
}
}
if domain != cfg.Matrix.ServerName {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.InvalidUsername("User ID not ours"),
}
}
}
switch r.Type {
case authtypes.LoginTypePassword:
return handlePasswordLogin(r, localpart, accountDB, deviceDB, req, cfg)
case authtypes.LoginTypeToken:
return handleTokenLogin(r, deviceDB, req, cfg)
default:
return util.JSONResponse{
Code: 501,
JSON: jsonerror.Unknown("Unknown login type"),
}
}
} }
return util.JSONResponse{ return util.JSONResponse{
Code: 405, Code: 405,