mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-08 22:53:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable m.login.token if there are no enabled login methods to use it.

Browse source
This commit is contained in:
Tommie Gannert 2022-05-23 11:37:27 +02:00
parent 43989aa017
commit c1c2a0448c
4 changed files with 42 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
clientapi/auth/login.go
View file

@ -62,6 +62,14 @@ func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.U
Config: cfg, Config: cfg,
} }
case authtypes.LoginTypeToken: case authtypes.LoginTypeToken:
if !cfg.Login.LoginTokenEnabled() {
err := util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.InvalidArgumentValue("disabled login type: " + header.Type),
}
return nil, nil, &err
}
typ = &LoginTypeToken{ typ = &LoginTypeToken{
UserAPI: userAPI, UserAPI: userAPI,
Config: cfg, Config: cfg,

10
clientapi/auth/login_test.go
View file

@ -68,6 +68,11 @@ func TestLoginFromJSONReader(t *testing.T) {
Matrix: &config.Global{ Matrix: &config.Global{
ServerName: serverName, ServerName: serverName,
}, },
Login: config.Login{
SSO: config.SSO{
Enabled: true,
},
},
} }
login, cleanup, err := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg) login, cleanup, err := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
if err != nil { if err != nil {
@ -146,6 +151,11 @@ func TestBadLoginFromJSONReader(t *testing.T) {
Matrix: &config.Global{ Matrix: &config.Global{
ServerName: serverName, ServerName: serverName,
}, },
Login: config.Login{
SSO: config.SSO{
Enabled: true,
},
},
} }
_, cleanup, errRes := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg) _, cleanup, errRes := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
if errRes == nil { if errRes == nil {

21
clientapi/routing/login.go
View file

@ -59,6 +59,10 @@ func passwordLogin() []stage {
} }
func ssoLogin(cfg *config.ClientAPI) []stage { func ssoLogin(cfg *config.ClientAPI) []stage {
if !cfg.Login.SSO.Enabled {
return nil
}
var idps []identityProvider var idps []identityProvider
for _, idp := range cfg.Login.SSO.Providers { for _, idp := range cfg.Login.SSO.Providers {
brand := idp.Brand brand := idp.Brand
@ -87,6 +91,18 @@ func ssoLogin(cfg *config.ClientAPI) []stage {
} }
} }
func tokenLogin(cfg *config.ClientAPI) []stage {
if !cfg.Login.LoginTokenEnabled() {
return nil
}
return []stage{
{
Type: authtypes.LoginTypeToken,
},
}
}
// Login implements GET and POST /login // Login implements GET and POST /login
func Login( func Login(
req *http.Request, userAPI userapi.ClientUserAPI, req *http.Request, userAPI userapi.ClientUserAPI,
@ -94,9 +110,8 @@ func Login(
) util.JSONResponse { ) util.JSONResponse {
if req.Method == http.MethodGet { if req.Method == http.MethodGet {
allFlows := passwordLogin() allFlows := passwordLogin()
if cfg.Login.SSO.Enabled { allFlows = append(allFlows, ssoLogin(cfg)...)
allFlows = append(allFlows, ssoLogin(cfg)...) allFlows = append(allFlows, tokenLogin(cfg)...)
}
return util.JSONResponse{ return util.JSONResponse{
Code: http.StatusOK, Code: http.StatusOK,
JSON: flows{Flows: allFlows}, JSON: flows{Flows: allFlows},

6
setup/config/config_clientapi.go
View file

@ -103,6 +103,12 @@ type Login struct {
SSO SSO `yaml:"sso"` SSO SSO `yaml:"sso"`
} }
// LoginTokenEnabled returns whether any login type uses
// authtypes.LoginTypeToken.
func (l *Login) LoginTokenEnabled() bool {
return l.SSO.Enabled
}
func (l *Login) Verify(configErrs *ConfigErrors) { func (l *Login) Verify(configErrs *ConfigErrors) {
l.SSO.Verify(configErrs) l.SSO.Verify(configErrs)
} }