mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-07 06:53:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

👽️ Introduced /login InhibitDevice for 2FA Initial Login Phase.

Browse source
This commit is contained in:
danielaloni 2022-09-12 13:53:46 +03:00
parent 37fcdf67c2
commit b0955b532b
4 changed files with 23 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clientapi/auth/login.go
View file

@ -44,7 +44,8 @@ func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.C
} }
var header struct { var header struct {
Type string `json:"type"` Type string `json:"type"`
InhibitDevice bool `json:"inhibit_device"`
} }
if err := json.Unmarshal(reqBytes, &header); err != nil { if err := json.Unmarshal(reqBytes, &header); err != nil {
err := &util.JSONResponse{ err := &util.JSONResponse{
@ -58,9 +59,10 @@ func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.C
switch header.Type { switch header.Type {
case authtypes.LoginTypePassword: case authtypes.LoginTypePassword:
typ = &LoginTypePassword{ typ = &LoginTypePassword{
UserApi: useraccountAPI, UserApi: useraccountAPI,
Config: cfg, Config: cfg,
Rt: rt, Rt: rt,
InhibitDevice: header.InhibitDevice,
} }
case authtypes.LoginTypeToken: case authtypes.LoginTypeToken:
typ = &LoginTypeToken{ typ = &LoginTypeToken{

8
clientapi/auth/password.go
View file

@ -42,9 +42,10 @@ const email = "email"
// LoginTypePassword implements https://matrix.org/docs/spec/client_server/r0.6.1#password-based // LoginTypePassword implements https://matrix.org/docs/spec/client_server/r0.6.1#password-based
type LoginTypePassword struct { type LoginTypePassword struct {
UserApi api.ClientUserAPI UserApi api.ClientUserAPI
Config *config.ClientAPI Config *config.ClientAPI
Rt *ratelimit.RtFailedLogin Rt *ratelimit.RtFailedLogin
InhibitDevice bool
} }
func (t *LoginTypePassword) Name() string { func (t *LoginTypePassword) Name() string {
@ -61,6 +62,7 @@ func (t *LoginTypePassword) LoginFromJSON(ctx context.Context, reqBytes []byte)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
login.InhibitDevice = t.InhibitDevice
return login, func(context.Context, *util.JSONResponse) {}, nil return login, func(context.Context, *util.JSONResponse) {}, nil
} }

1
clientapi/auth/user_interactive.go
View file

@ -66,6 +66,7 @@ type LoginIdentifier struct {
type Login struct { type Login struct {
LoginIdentifier // Flat fields deprecated in favour of `identifier`. LoginIdentifier // Flat fields deprecated in favour of `identifier`.
Identifier LoginIdentifier `json:"identifier"` Identifier LoginIdentifier `json:"identifier"`
InhibitDevice bool `json:"inhibit_device,omitempty"`
// Both DeviceID and InitialDisplayName can be omitted, or empty strings ("") // Both DeviceID and InitialDisplayName can be omitted, or empty strings ("")
// Thus a pointer is needed to differentiate between the two // Thus a pointer is needed to differentiate between the two

11
clientapi/routing/login.go
View file

@ -69,6 +69,17 @@ func Login(
if authErr != nil { if authErr != nil {
return *authErr return *authErr
} }
if login.InhibitDevice {
return util.JSONResponse{
Code: http.StatusOK,
JSON: loginResponse{
UserID: login.Username(),
AccessToken: "",
HomeServer: cfg.Matrix.ServerName,
DeviceID: "",
},
}
}
// make a device/access token // make a device/access token
authErr2 := completeAuth(req.Context(), cfg.Matrix.ServerName, userAPI, login, req.RemoteAddr, req.UserAgent()) authErr2 := completeAuth(req.Context(), cfg.Matrix.ServerName, userAPI, login, req.RemoteAddr, req.UserAgent())
cleanup(req.Context(), &authErr2) cleanup(req.Context(), &authErr2)