👽️ Introduced /login InhibitDevice for 2FA Initial Login Phase.

2025-12-07 15:03:09 -06:00 · 2022-09-12 13:53:46 +03:00 · 2022-09-12 13:53:46 +03:00 · b0955b532b
parent 37fcdf67c2
commit b0955b532b
4 changed files with 23 additions and 7 deletions
--- a/clientapi/auth/login.go
+++ b/clientapi/auth/login.go
@ -45,6 +45,7 @@ func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.C

 	var header struct {
 		Type          string `json:"type"`
+		InhibitDevice bool   `json:"inhibit_device"`
 	}
 	if err := json.Unmarshal(reqBytes, &header); err != nil {
 		err := &util.JSONResponse{
@ -61,6 +62,7 @@ func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.C
 			UserApi:       useraccountAPI,
 			Config:        cfg,
 			Rt:            rt,
+			InhibitDevice: header.InhibitDevice,
 		}
 	case authtypes.LoginTypeToken:
 		typ = &LoginTypeToken{
--- a/clientapi/auth/password.go
+++ b/clientapi/auth/password.go
@ -45,6 +45,7 @@ type LoginTypePassword struct {
 	UserApi       api.ClientUserAPI
 	Config        *config.ClientAPI
 	Rt            *ratelimit.RtFailedLogin
+	InhibitDevice bool
 }

 func (t *LoginTypePassword) Name() string {
@ -61,6 +62,7 @@ func (t *LoginTypePassword) LoginFromJSON(ctx context.Context, reqBytes []byte)
 	if err != nil {
 		return nil, nil, err
 	}
+	login.InhibitDevice = t.InhibitDevice

 	return login, func(context.Context, *util.JSONResponse) {}, nil
 }
--- a/clientapi/auth/user_interactive.go
+++ b/clientapi/auth/user_interactive.go
@ -66,6 +66,7 @@ type LoginIdentifier struct {
 type Login struct {
 	LoginIdentifier                 // Flat fields deprecated in favour of `identifier`.
 	Identifier      LoginIdentifier `json:"identifier"`
+	InhibitDevice   bool            `json:"inhibit_device,omitempty"`

 	// Both DeviceID and InitialDisplayName can be omitted, or empty strings ("")
 	// Thus a pointer is needed to differentiate between the two
--- a/clientapi/routing/login.go
+++ b/clientapi/routing/login.go
@ -69,6 +69,17 @@ func Login(
 		if authErr != nil {
 			return *authErr
 		}
+		if login.InhibitDevice {
+			return util.JSONResponse{
+				Code: http.StatusOK,
+				JSON: loginResponse{
+					UserID:      login.Username(),
+					AccessToken: "",
+					HomeServer:  cfg.Matrix.ServerName,
+					DeviceID:    "",
+				},
+			}
+		}
 		// make a device/access token
 		authErr2 := completeAuth(req.Context(), cfg.Matrix.ServerName, userAPI, login, req.RemoteAddr, req.UserAgent())
 		cleanup(req.Context(), &authErr2)