mirror of
https://github.com/matrix-org/dendrite.git
synced 2025-12-23 14:53:10 -06:00
ef21bed096
Changed with comments from Kegsay and Half-Shot - changed some return error codes - moved sso url creation &validation to startup time - added test to sytest whitelist
219 lines
6.3 KiB
Go
219 lines
6.3 KiB
Go
// Copyright 2017 Vector Creations Ltd
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package routing
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"net/http"
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/auth"
|
|
"github.com/matrix-org/dendrite/clientapi/httputil"
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
|
"github.com/matrix-org/dendrite/clientapi/userutil"
|
|
"github.com/matrix-org/dendrite/internal/config"
|
|
userapi "github.com/matrix-org/dendrite/userapi/api"
|
|
"github.com/matrix-org/dendrite/userapi/storage/accounts"
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
"github.com/matrix-org/util"
|
|
)
|
|
|
|
type loginResponse struct {
|
|
UserID string `json:"user_id"`
|
|
AccessToken string `json:"access_token"`
|
|
HomeServer gomatrixserverlib.ServerName `json:"home_server"`
|
|
DeviceID string `json:"device_id"`
|
|
}
|
|
|
|
type flows struct {
|
|
Flows []flow `json:"flows"`
|
|
}
|
|
|
|
type flow struct {
|
|
Type string `json:"type"`
|
|
}
|
|
|
|
func passwordLogin() flows {
|
|
f := flows{}
|
|
s := flow{
|
|
Type: "m.login.password",
|
|
}
|
|
f.Flows = append(f.Flows, s)
|
|
return f
|
|
}
|
|
|
|
func ssoLogin() flows {
|
|
f := flows{}
|
|
s := flow{
|
|
Type: "m.login.sso",
|
|
}
|
|
f.Flows = append(f.Flows, s)
|
|
return f
|
|
}
|
|
|
|
// Login implements GET and POST /login
|
|
func Login(
|
|
req *http.Request, accountDB accounts.Database, userAPI userapi.UserInternalAPI,
|
|
cfg *config.ClientAPI,
|
|
) util.JSONResponse {
|
|
if req.Method == http.MethodGet {
|
|
// TODO: support other forms of login other than password, depending on config options
|
|
flows := passwordLogin()
|
|
if cfg.CAS.Enabled {
|
|
flows.Flows = append(flows.Flows, ssoLogin().Flows...)
|
|
}
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: flows,
|
|
}
|
|
} else if req.Method == http.MethodPost {
|
|
// TODO: is the the right way to read the body and re-add it?
|
|
body, err := ioutil.ReadAll(req.Body)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: jsonerror.BadJSON("Bad JSON"),
|
|
}
|
|
}
|
|
// add the body back to the request because ioutil.ReadAll consumes the body
|
|
req.Body = ioutil.NopCloser(bytes.NewBuffer(body))
|
|
|
|
// marshall the body into an unstructured json map
|
|
var jsonBody map[string]interface{}
|
|
if err := json.Unmarshal([]byte(body), &jsonBody); err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: jsonerror.BadJSON("Bad JSON"),
|
|
}
|
|
}
|
|
|
|
var loginType string
|
|
if val, ok := jsonBody["type"]; ok {
|
|
loginType = val.(string)
|
|
} else {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: jsonerror.BadJSON("No 'type' parameter"),
|
|
}
|
|
}
|
|
if loginType == "m.login.password" {
|
|
return doPasswordLogin(req, accountDB, userAPI, cfg)
|
|
} else if loginType == "m.login.token" {
|
|
return doTokenLogin(req, accountDB, userAPI, cfg)
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusMethodNotAllowed,
|
|
JSON: jsonerror.NotFound("Bad method"),
|
|
}
|
|
}
|
|
|
|
// Handles a m.login.password login type request
|
|
func doPasswordLogin(
|
|
req *http.Request, accountDB accounts.Database, userAPI userapi.UserInternalAPI,
|
|
cfg *config.ClientAPI,
|
|
) util.JSONResponse {
|
|
typePassword := auth.LoginTypePassword{
|
|
GetAccountByPassword: accountDB.GetAccountByPassword,
|
|
Config: cfg,
|
|
}
|
|
r := typePassword.Request()
|
|
resErr := httputil.UnmarshalJSONRequest(req, r)
|
|
if resErr != nil {
|
|
return *resErr
|
|
}
|
|
login, authErr := typePassword.Login(req.Context(), r)
|
|
if authErr != nil {
|
|
return *authErr
|
|
}
|
|
|
|
// make a device/access token
|
|
return completeAuth(req.Context(), cfg.Matrix.ServerName, userAPI, login)
|
|
}
|
|
|
|
// Handles a m.login.token login type request
|
|
func doTokenLogin(req *http.Request, accountDB accounts.Database, userAPI userapi.UserInternalAPI,
|
|
cfg *config.ClientAPI,
|
|
) util.JSONResponse {
|
|
// create a struct with the appropriate DB(postgres/sqlite) function and the configs
|
|
typeToken := auth.LoginTypeToken{
|
|
GetAccountByLocalpart: accountDB.GetAccountByLocalpart,
|
|
Config: cfg,
|
|
}
|
|
r := typeToken.Request()
|
|
resErr := httputil.UnmarshalJSONRequest(req, r)
|
|
if resErr != nil {
|
|
return *resErr
|
|
}
|
|
login, authErr := typeToken.Login(req.Context(), r)
|
|
if authErr != nil {
|
|
return *authErr
|
|
}
|
|
|
|
// make a device/access token
|
|
authResult := completeAuth(req.Context(), cfg.Matrix.ServerName, userAPI, login)
|
|
|
|
// the login is successful, delete the login token before returning the access token to the client
|
|
if authResult.Code == http.StatusOK {
|
|
if err := auth.DeleteLoginToken(r.(*auth.LoginTokenRequest).Token); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("Could not delete login ticket from DB")
|
|
}
|
|
}
|
|
return authResult
|
|
}
|
|
|
|
func completeAuth(
|
|
ctx context.Context, serverName gomatrixserverlib.ServerName, userAPI userapi.UserInternalAPI, login *auth.Login,
|
|
) util.JSONResponse {
|
|
token, err := auth.GenerateAccessToken()
|
|
if err != nil {
|
|
util.GetLogger(ctx).WithError(err).Error("auth.GenerateAccessToken failed")
|
|
return jsonerror.InternalServerError()
|
|
}
|
|
|
|
localpart, err := userutil.ParseUsernameParam(login.Username(), &serverName)
|
|
if err != nil {
|
|
util.GetLogger(ctx).WithError(err).Error("auth.ParseUsernameParam failed")
|
|
return jsonerror.InternalServerError()
|
|
}
|
|
|
|
var performRes userapi.PerformDeviceCreationResponse
|
|
err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{
|
|
DeviceDisplayName: login.InitialDisplayName,
|
|
DeviceID: login.DeviceID,
|
|
AccessToken: token,
|
|
Localpart: localpart,
|
|
}, &performRes)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: jsonerror.Unknown("failed to create device: " + err.Error()),
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: loginResponse{
|
|
UserID: performRes.Device.UserID,
|
|
AccessToken: performRes.Device.AccessToken,
|
|
HomeServer: serverName,
|
|
DeviceID: performRes.Device.ID,
|
|
},
|
|
}
|
|
}
|