feat: admin APIs for token authenticated registration (#3101)
### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Santhoshivan Amudhan santhoshivan23@gmail.com`
This commit is contained in:
parent
a734b112c6
commit
45082d4dce
|
@ -2,6 +2,7 @@ package clientapi
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"reflect"
|
||||
|
@ -23,12 +24,649 @@ import (
|
|||
"github.com/matrix-org/util"
|
||||
"github.com/tidwall/gjson"
|
||||
|
||||
capi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/test"
|
||||
"github.com/matrix-org/dendrite/test/testrig"
|
||||
"github.com/matrix-org/dendrite/userapi"
|
||||
uapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
)
|
||||
|
||||
func TestAdminCreateToken(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
ctx := context.Background()
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
cfg.ClientAPI.RegistrationRequiresToken = true
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
aliceAdmin: {},
|
||||
bob: {},
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
|
||||
testCases := []struct {
|
||||
name string
|
||||
requestingUser *test.User
|
||||
requestOpt test.HTTPRequestOpt
|
||||
wantOK bool
|
||||
withHeader bool
|
||||
}{
|
||||
{
|
||||
name: "Missing auth",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token1",
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Bob is denied access",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token2",
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can create a token without specifyiing any information",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{}),
|
||||
},
|
||||
{
|
||||
name: "Alice can to create a token specifying a name",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token3",
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice cannot to create a token that already exists",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token3",
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can create a token specifying valid params",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token4",
|
||||
"uses_allowed": 5,
|
||||
"expiry_time": time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond),
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice cannot create a token specifying invalid name",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token@",
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice cannot create a token specifying invalid uses_allowed",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token5",
|
||||
"uses_allowed": -1,
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice cannot create a token specifying invalid expiry_time",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"token": "token6",
|
||||
"expiry_time": time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond),
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice cannot to create a token specifying invalid length",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"length": 80,
|
||||
},
|
||||
),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
tc := tc
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
req := test.NewRequest(t, http.MethodPost, "/_dendrite/admin/registrationTokens/new")
|
||||
if tc.requestOpt != nil {
|
||||
req = test.NewRequest(t, http.MethodPost, "/_dendrite/admin/registrationTokens/new", tc.requestOpt)
|
||||
}
|
||||
if tc.withHeader {
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
|
||||
}
|
||||
rec := httptest.NewRecorder()
|
||||
routers.DendriteAdmin.ServeHTTP(rec, req)
|
||||
t.Logf("%s", rec.Body.String())
|
||||
if tc.wantOK && rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestAdminListRegistrationTokens(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
ctx := context.Background()
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
cfg.ClientAPI.RegistrationRequiresToken = true
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
aliceAdmin: {},
|
||||
bob: {},
|
||||
}
|
||||
tokens := []capi.RegistrationToken{
|
||||
{
|
||||
Token: getPointer("valid"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
{
|
||||
Token: getPointer("invalid"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
}
|
||||
for _, tkn := range tokens {
|
||||
tkn := tkn
|
||||
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
|
||||
testCases := []struct {
|
||||
name string
|
||||
requestingUser *test.User
|
||||
valid string
|
||||
isValidSpecified bool
|
||||
wantOK bool
|
||||
withHeader bool
|
||||
}{
|
||||
{
|
||||
name: "Missing auth",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
isValidSpecified: false,
|
||||
},
|
||||
{
|
||||
name: "Bob is denied access",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
isValidSpecified: false,
|
||||
},
|
||||
{
|
||||
name: "Alice can list all tokens",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can list all valid tokens",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
valid: "true",
|
||||
isValidSpecified: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can list all invalid tokens",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
valid: "false",
|
||||
isValidSpecified: true,
|
||||
},
|
||||
{
|
||||
name: "No response when valid has a bad value",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
valid: "trueee",
|
||||
isValidSpecified: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
tc := tc
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
var path string
|
||||
if tc.isValidSpecified {
|
||||
path = fmt.Sprintf("/_dendrite/admin/registrationTokens?valid=%v", tc.valid)
|
||||
} else {
|
||||
path = "/_dendrite/admin/registrationTokens"
|
||||
}
|
||||
req := test.NewRequest(t, http.MethodGet, path)
|
||||
if tc.withHeader {
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
|
||||
}
|
||||
rec := httptest.NewRecorder()
|
||||
routers.DendriteAdmin.ServeHTTP(rec, req)
|
||||
t.Logf("%s", rec.Body.String())
|
||||
if tc.wantOK && rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestAdminGetRegistrationToken(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
ctx := context.Background()
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
cfg.ClientAPI.RegistrationRequiresToken = true
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
aliceAdmin: {},
|
||||
bob: {},
|
||||
}
|
||||
tokens := []capi.RegistrationToken{
|
||||
{
|
||||
Token: getPointer("alice_token1"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
{
|
||||
Token: getPointer("alice_token2"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
}
|
||||
for _, tkn := range tokens {
|
||||
tkn := tkn
|
||||
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
|
||||
testCases := []struct {
|
||||
name string
|
||||
requestingUser *test.User
|
||||
token string
|
||||
wantOK bool
|
||||
withHeader bool
|
||||
}{
|
||||
{
|
||||
name: "Missing auth",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
},
|
||||
{
|
||||
name: "Bob is denied access",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can GET alice_token1",
|
||||
token: "alice_token1",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can GET alice_token2",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
token: "alice_token2",
|
||||
},
|
||||
{
|
||||
name: "Alice cannot GET a token that does not exists",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token3",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
tc := tc
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
|
||||
req := test.NewRequest(t, http.MethodGet, path)
|
||||
if tc.withHeader {
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
|
||||
}
|
||||
rec := httptest.NewRecorder()
|
||||
routers.DendriteAdmin.ServeHTTP(rec, req)
|
||||
t.Logf("%s", rec.Body.String())
|
||||
if tc.wantOK && rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestAdminDeleteRegistrationToken(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
ctx := context.Background()
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
cfg.ClientAPI.RegistrationRequiresToken = true
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
aliceAdmin: {},
|
||||
bob: {},
|
||||
}
|
||||
tokens := []capi.RegistrationToken{
|
||||
{
|
||||
Token: getPointer("alice_token1"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
{
|
||||
Token: getPointer("alice_token2"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
}
|
||||
for _, tkn := range tokens {
|
||||
tkn := tkn
|
||||
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
|
||||
testCases := []struct {
|
||||
name string
|
||||
requestingUser *test.User
|
||||
token string
|
||||
wantOK bool
|
||||
withHeader bool
|
||||
}{
|
||||
{
|
||||
name: "Missing auth",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
},
|
||||
{
|
||||
name: "Bob is denied access",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can DELETE alice_token1",
|
||||
token: "alice_token1",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
},
|
||||
{
|
||||
name: "Alice can DELETE alice_token2",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
token: "alice_token2",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
tc := tc
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
|
||||
req := test.NewRequest(t, http.MethodDelete, path)
|
||||
if tc.withHeader {
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
|
||||
}
|
||||
rec := httptest.NewRecorder()
|
||||
routers.DendriteAdmin.ServeHTTP(rec, req)
|
||||
t.Logf("%s", rec.Body.String())
|
||||
if tc.wantOK && rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestAdminUpdateRegistrationToken(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
ctx := context.Background()
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
cfg.ClientAPI.RegistrationRequiresToken = true
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil)
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
aliceAdmin: {},
|
||||
bob: {},
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, ctx, routers)
|
||||
tokens := []capi.RegistrationToken{
|
||||
{
|
||||
Token: getPointer("alice_token1"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
{
|
||||
Token: getPointer("alice_token2"),
|
||||
UsesAllowed: getPointer(int32(10)),
|
||||
ExpiryTime: getPointer(time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond)),
|
||||
Pending: getPointer(int32(0)),
|
||||
Completed: getPointer(int32(0)),
|
||||
},
|
||||
}
|
||||
for _, tkn := range tokens {
|
||||
tkn := tkn
|
||||
userAPI.PerformAdminCreateRegistrationToken(ctx, &tkn)
|
||||
}
|
||||
testCases := []struct {
|
||||
name string
|
||||
requestingUser *test.User
|
||||
method string
|
||||
token string
|
||||
requestOpt test.HTTPRequestOpt
|
||||
wantOK bool
|
||||
withHeader bool
|
||||
}{
|
||||
{
|
||||
name: "Missing auth",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": 10,
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Bob is denied access",
|
||||
requestingUser: bob,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": 10,
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can UPDATE a token's uses_allowed property",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": 10,
|
||||
}),
|
||||
},
|
||||
{
|
||||
name: "Alice can UPDATE a token's expiry_time property",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: true,
|
||||
withHeader: true,
|
||||
token: "alice_token2",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"expiry_time": time.Now().Add(5*24*time.Hour).UnixNano() / int64(time.Millisecond),
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can UPDATE a token's uses_allowed and expiry_time property",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": 20,
|
||||
"expiry_time": time.Now().Add(10*24*time.Hour).UnixNano() / int64(time.Millisecond),
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice CANNOT update a token with invalid properties",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token2",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": -5,
|
||||
"expiry_time": time.Now().Add(-1*5*24*time.Hour).UnixNano() / int64(time.Millisecond),
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice CANNOT UPDATE a token that does not exist",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token9",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": 100,
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can UPDATE token specifying uses_allowed as null - Valid for infinite uses",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"uses_allowed": nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
{
|
||||
name: "Alice can UPDATE token specifying expiry_time AS null - Valid for infinite time",
|
||||
requestingUser: aliceAdmin,
|
||||
wantOK: false,
|
||||
withHeader: true,
|
||||
token: "alice_token1",
|
||||
requestOpt: test.WithJSONBody(t, map[string]interface{}{
|
||||
"expiry_time": nil,
|
||||
},
|
||||
),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
tc := tc
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
path := fmt.Sprintf("/_dendrite/admin/registrationTokens/%s", tc.token)
|
||||
req := test.NewRequest(t, http.MethodPut, path)
|
||||
if tc.requestOpt != nil {
|
||||
req = test.NewRequest(t, http.MethodPut, path, tc.requestOpt)
|
||||
}
|
||||
if tc.withHeader {
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[tc.requestingUser].accessToken)
|
||||
}
|
||||
rec := httptest.NewRecorder()
|
||||
routers.DendriteAdmin.ServeHTTP(rec, req)
|
||||
t.Logf("%s", rec.Body.String())
|
||||
if tc.wantOK && rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected http status %d, got %d: %s", http.StatusOK, rec.Code, rec.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func getPointer[T any](s T) *T {
|
||||
return &s
|
||||
}
|
||||
|
||||
func TestAdminResetPassword(t *testing.T) {
|
||||
aliceAdmin := test.NewUser(t, test.WithAccountType(uapi.AccountTypeAdmin))
|
||||
bob := test.NewUser(t, test.WithAccountType(uapi.AccountTypeUser))
|
||||
|
|
|
@ -21,3 +21,11 @@ type ExtraPublicRoomsProvider interface {
|
|||
// Rooms returns the extra rooms. This is called on-demand by clients, so cache appropriately.
|
||||
Rooms() []fclient.PublicRoom
|
||||
}
|
||||
|
||||
type RegistrationToken struct {
|
||||
Token *string `json:"token"`
|
||||
UsesAllowed *int32 `json:"uses_allowed"`
|
||||
Pending *int32 `json:"pending"`
|
||||
Completed *int32 `json:"completed"`
|
||||
ExpiryTime *int64 `json:"expiry_time"`
|
||||
}
|
||||
|
|
|
@ -6,6 +6,8 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
|
@ -16,14 +18,254 @@ import (
|
|||
"github.com/matrix-org/util"
|
||||
"github.com/nats-io/nats.go"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/exp/constraints"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/internal/httputil"
|
||||
roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
|
||||
"github.com/matrix-org/dendrite/setup/config"
|
||||
"github.com/matrix-org/dendrite/setup/jetstream"
|
||||
"github.com/matrix-org/dendrite/userapi/api"
|
||||
userapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
)
|
||||
|
||||
var validRegistrationTokenRegex = regexp.MustCompile("^[[:ascii:][:digit:]_]*$")
|
||||
|
||||
func AdminCreateNewRegistrationToken(req *http.Request, cfg *config.ClientAPI, userAPI userapi.ClientUserAPI) util.JSONResponse {
|
||||
if !cfg.RegistrationRequiresToken {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusForbidden,
|
||||
JSON: spec.Forbidden("Registration via tokens is not enabled on this homeserver"),
|
||||
}
|
||||
}
|
||||
request := struct {
|
||||
Token string `json:"token"`
|
||||
UsesAllowed *int32 `json:"uses_allowed,omitempty"`
|
||||
ExpiryTime *int64 `json:"expiry_time,omitempty"`
|
||||
Length int32 `json:"length"`
|
||||
}{}
|
||||
|
||||
if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON(fmt.Sprintf("Failed to decode request body: %s", err)),
|
||||
}
|
||||
}
|
||||
|
||||
token := request.Token
|
||||
usesAllowed := request.UsesAllowed
|
||||
expiryTime := request.ExpiryTime
|
||||
length := request.Length
|
||||
|
||||
if len(token) == 0 {
|
||||
if length == 0 {
|
||||
// length not provided in request. Assign default value of 16.
|
||||
length = 16
|
||||
}
|
||||
// token not present in request body. Hence, generate a random token.
|
||||
if length <= 0 || length > 64 {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("length must be greater than zero and not greater than 64"),
|
||||
}
|
||||
}
|
||||
token = util.RandomString(int(length))
|
||||
}
|
||||
|
||||
if len(token) > 64 {
|
||||
//Token present in request body, but is too long.
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("token must not be longer than 64"),
|
||||
}
|
||||
}
|
||||
|
||||
isTokenValid := validRegistrationTokenRegex.Match([]byte(token))
|
||||
if !isTokenValid {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("token must consist only of characters matched by the regex [A-Za-z0-9-_]"),
|
||||
}
|
||||
}
|
||||
// At this point, we have a valid token, either through request body or through random generation.
|
||||
if usesAllowed != nil && *usesAllowed < 0 {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("uses_allowed must be a non-negative integer or null"),
|
||||
}
|
||||
}
|
||||
if expiryTime != nil && spec.Timestamp(*expiryTime).Time().Before(time.Now()) {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("expiry_time must not be in the past"),
|
||||
}
|
||||
}
|
||||
pending := int32(0)
|
||||
completed := int32(0)
|
||||
// If usesAllowed or expiryTime is 0, it means they are not present in the request. NULL (indicating unlimited uses / no expiration will be persisted in DB)
|
||||
registrationToken := &clientapi.RegistrationToken{
|
||||
Token: &token,
|
||||
UsesAllowed: usesAllowed,
|
||||
Pending: &pending,
|
||||
Completed: &completed,
|
||||
ExpiryTime: expiryTime,
|
||||
}
|
||||
created, err := userAPI.PerformAdminCreateRegistrationToken(req.Context(), registrationToken)
|
||||
if !created {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusConflict,
|
||||
JSON: map[string]string{
|
||||
"error": fmt.Sprintf("token: %s already exists", token),
|
||||
},
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusInternalServerError,
|
||||
JSON: err,
|
||||
}
|
||||
}
|
||||
return util.JSONResponse{
|
||||
Code: 200,
|
||||
JSON: map[string]interface{}{
|
||||
"token": token,
|
||||
"uses_allowed": getReturnValue(usesAllowed),
|
||||
"pending": pending,
|
||||
"completed": completed,
|
||||
"expiry_time": getReturnValue(expiryTime),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func getReturnValue[t constraints.Integer](in *t) any {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
return *in
|
||||
}
|
||||
|
||||
func AdminListRegistrationTokens(req *http.Request, cfg *config.ClientAPI, userAPI userapi.ClientUserAPI) util.JSONResponse {
|
||||
queryParams := req.URL.Query()
|
||||
returnAll := true
|
||||
valid := true
|
||||
validQuery, ok := queryParams["valid"]
|
||||
if ok {
|
||||
returnAll = false
|
||||
validValue, err := strconv.ParseBool(validQuery[0])
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("invalid 'valid' query parameter"),
|
||||
}
|
||||
}
|
||||
valid = validValue
|
||||
}
|
||||
tokens, err := userAPI.PerformAdminListRegistrationTokens(req.Context(), returnAll, valid)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusInternalServerError,
|
||||
JSON: spec.ErrorUnknown,
|
||||
}
|
||||
}
|
||||
return util.JSONResponse{
|
||||
Code: 200,
|
||||
JSON: map[string]interface{}{
|
||||
"registration_tokens": tokens,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func AdminGetRegistrationToken(req *http.Request, cfg *config.ClientAPI, userAPI userapi.ClientUserAPI) util.JSONResponse {
|
||||
vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
|
||||
if err != nil {
|
||||
return util.ErrorResponse(err)
|
||||
}
|
||||
tokenText := vars["token"]
|
||||
token, err := userAPI.PerformAdminGetRegistrationToken(req.Context(), tokenText)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusNotFound,
|
||||
JSON: spec.NotFound(fmt.Sprintf("token: %s not found", tokenText)),
|
||||
}
|
||||
}
|
||||
return util.JSONResponse{
|
||||
Code: 200,
|
||||
JSON: token,
|
||||
}
|
||||
}
|
||||
|
||||
func AdminDeleteRegistrationToken(req *http.Request, cfg *config.ClientAPI, userAPI userapi.ClientUserAPI) util.JSONResponse {
|
||||
vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
|
||||
if err != nil {
|
||||
return util.ErrorResponse(err)
|
||||
}
|
||||
tokenText := vars["token"]
|
||||
err = userAPI.PerformAdminDeleteRegistrationToken(req.Context(), tokenText)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusInternalServerError,
|
||||
JSON: err,
|
||||
}
|
||||
}
|
||||
return util.JSONResponse{
|
||||
Code: 200,
|
||||
JSON: map[string]interface{}{},
|
||||
}
|
||||
}
|
||||
|
||||
func AdminUpdateRegistrationToken(req *http.Request, cfg *config.ClientAPI, userAPI userapi.ClientUserAPI) util.JSONResponse {
|
||||
vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
|
||||
if err != nil {
|
||||
return util.ErrorResponse(err)
|
||||
}
|
||||
tokenText := vars["token"]
|
||||
request := make(map[string]*int64)
|
||||
if err = json.NewDecoder(req.Body).Decode(&request); err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON(fmt.Sprintf("Failed to decode request body: %s", err)),
|
||||
}
|
||||
}
|
||||
newAttributes := make(map[string]interface{})
|
||||
usesAllowed, ok := request["uses_allowed"]
|
||||
if ok {
|
||||
// Only add usesAllowed to newAtrributes if it is present and valid
|
||||
if usesAllowed != nil && *usesAllowed < 0 {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("uses_allowed must be a non-negative integer or null"),
|
||||
}
|
||||
}
|
||||
newAttributes["usesAllowed"] = usesAllowed
|
||||
}
|
||||
expiryTime, ok := request["expiry_time"]
|
||||
if ok {
|
||||
// Only add expiryTime to newAtrributes if it is present and valid
|
||||
if expiryTime != nil && spec.Timestamp(*expiryTime).Time().Before(time.Now()) {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("expiry_time must not be in the past"),
|
||||
}
|
||||
}
|
||||
newAttributes["expiryTime"] = expiryTime
|
||||
}
|
||||
if len(newAttributes) == 0 {
|
||||
// No attributes to update. Return existing token
|
||||
return AdminGetRegistrationToken(req, cfg, userAPI)
|
||||
}
|
||||
updatedToken, err := userAPI.PerformAdminUpdateRegistrationToken(req.Context(), tokenText, newAttributes)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusNotFound,
|
||||
JSON: spec.NotFound(fmt.Sprintf("token: %s not found", tokenText)),
|
||||
}
|
||||
}
|
||||
return util.JSONResponse{
|
||||
Code: 200,
|
||||
JSON: *updatedToken,
|
||||
}
|
||||
}
|
||||
|
||||
func AdminEvacuateRoom(req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI) util.JSONResponse {
|
||||
vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
|
||||
if err != nil {
|
||||
|
|
|
@ -162,6 +162,36 @@ func Setup(
|
|||
}),
|
||||
).Methods(http.MethodGet, http.MethodPost, http.MethodOptions)
|
||||
}
|
||||
dendriteAdminRouter.Handle("/admin/registrationTokens/new",
|
||||
httputil.MakeAdminAPI("admin_registration_tokens_new", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
|
||||
return AdminCreateNewRegistrationToken(req, cfg, userAPI)
|
||||
}),
|
||||
).Methods(http.MethodPost, http.MethodOptions)
|
||||
|
||||
dendriteAdminRouter.Handle("/admin/registrationTokens",
|
||||
httputil.MakeAdminAPI("admin_list_registration_tokens", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
|
||||
return AdminListRegistrationTokens(req, cfg, userAPI)
|
||||
}),
|
||||
).Methods(http.MethodGet, http.MethodOptions)
|
||||
|
||||
dendriteAdminRouter.Handle("/admin/registrationTokens/{token}",
|
||||
httputil.MakeAdminAPI("admin_get_registration_token", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
|
||||
switch req.Method {
|
||||
case http.MethodGet:
|
||||
return AdminGetRegistrationToken(req, cfg, userAPI)
|
||||
case http.MethodPut:
|
||||
return AdminUpdateRegistrationToken(req, cfg, userAPI)
|
||||
case http.MethodDelete:
|
||||
return AdminDeleteRegistrationToken(req, cfg, userAPI)
|
||||
default:
|
||||
return util.MatrixErrorResponse(
|
||||
404,
|
||||
string(spec.ErrorNotFound),
|
||||
"unknown method",
|
||||
)
|
||||
}
|
||||
}),
|
||||
).Methods(http.MethodGet, http.MethodPut, http.MethodDelete, http.MethodOptions)
|
||||
|
||||
dendriteAdminRouter.Handle("/admin/evacuateRoom/{roomID}",
|
||||
httputil.MakeAdminAPI("admin_evacuate_room", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
|
||||
|
|
|
@ -13,6 +13,10 @@ type ClientAPI struct {
|
|||
// secrets)
|
||||
RegistrationDisabled bool `yaml:"registration_disabled"`
|
||||
|
||||
// If set, requires users to submit a token during registration.
|
||||
// Tokens can be managed using admin API.
|
||||
RegistrationRequiresToken bool `yaml:"registration_requires_token"`
|
||||
|
||||
// Enable registration without captcha verification or shared secret.
|
||||
// This option is populated by the -really-enable-open-registration
|
||||
// command line parameter as it is not recommended.
|
||||
|
@ -56,6 +60,7 @@ type ClientAPI struct {
|
|||
|
||||
func (c *ClientAPI) Defaults(opts DefaultOpts) {
|
||||
c.RegistrationSharedSecret = ""
|
||||
c.RegistrationRequiresToken = false
|
||||
c.RecaptchaPublicKey = ""
|
||||
c.RecaptchaPrivateKey = ""
|
||||
c.RecaptchaEnabled = false
|
||||
|
|
|
@ -27,6 +27,7 @@ import (
|
|||
"github.com/matrix-org/gomatrixserverlib/fclient"
|
||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
"github.com/matrix-org/dendrite/internal/pushrules"
|
||||
)
|
||||
|
@ -94,6 +95,11 @@ type ClientUserAPI interface {
|
|||
QueryPushers(ctx context.Context, req *QueryPushersRequest, res *QueryPushersResponse) error
|
||||
QueryPushRules(ctx context.Context, userID string) (*pushrules.AccountRuleSets, error)
|
||||
QueryAccountAvailability(ctx context.Context, req *QueryAccountAvailabilityRequest, res *QueryAccountAvailabilityResponse) error
|
||||
PerformAdminCreateRegistrationToken(ctx context.Context, registrationToken *clientapi.RegistrationToken) (bool, error)
|
||||
PerformAdminListRegistrationTokens(ctx context.Context, returnAll bool, valid bool) ([]clientapi.RegistrationToken, error)
|
||||
PerformAdminGetRegistrationToken(ctx context.Context, tokenString string) (*clientapi.RegistrationToken, error)
|
||||
PerformAdminDeleteRegistrationToken(ctx context.Context, tokenString string) error
|
||||
PerformAdminUpdateRegistrationToken(ctx context.Context, tokenString string, newAttributes map[string]interface{}) (*clientapi.RegistrationToken, error)
|
||||
PerformAccountCreation(ctx context.Context, req *PerformAccountCreationRequest, res *PerformAccountCreationResponse) error
|
||||
PerformDeviceCreation(ctx context.Context, req *PerformDeviceCreationRequest, res *PerformDeviceCreationResponse) error
|
||||
PerformDeviceUpdate(ctx context.Context, req *PerformDeviceUpdateRequest, res *PerformDeviceUpdateResponse) error
|
||||
|
|
|
@ -33,6 +33,7 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/clientapi/userutil"
|
||||
"github.com/matrix-org/dendrite/internal/eventutil"
|
||||
"github.com/matrix-org/dendrite/internal/pushgateway"
|
||||
|
@ -63,6 +64,37 @@ type UserInternalAPI struct {
|
|||
Updater *DeviceListUpdater
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) PerformAdminCreateRegistrationToken(ctx context.Context, registrationToken *clientapi.RegistrationToken) (bool, error) {
|
||||
exists, err := a.DB.RegistrationTokenExists(ctx, *registrationToken.Token)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if exists {
|
||||
return false, fmt.Errorf("token: %s already exists", *registrationToken.Token)
|
||||
}
|
||||
_, err = a.DB.InsertRegistrationToken(ctx, registrationToken)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("Error creating token: %s"+err.Error(), *registrationToken.Token)
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) PerformAdminListRegistrationTokens(ctx context.Context, returnAll bool, valid bool) ([]clientapi.RegistrationToken, error) {
|
||||
return a.DB.ListRegistrationTokens(ctx, returnAll, valid)
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) PerformAdminGetRegistrationToken(ctx context.Context, tokenString string) (*clientapi.RegistrationToken, error) {
|
||||
return a.DB.GetRegistrationToken(ctx, tokenString)
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) PerformAdminDeleteRegistrationToken(ctx context.Context, tokenString string) error {
|
||||
return a.DB.DeleteRegistrationToken(ctx, tokenString)
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) PerformAdminUpdateRegistrationToken(ctx context.Context, tokenString string, newAttributes map[string]interface{}) (*clientapi.RegistrationToken, error) {
|
||||
return a.DB.UpdateRegistrationToken(ctx, tokenString, newAttributes)
|
||||
}
|
||||
|
||||
func (a *UserInternalAPI) InputAccountData(ctx context.Context, req *api.InputAccountDataRequest, res *api.InputAccountDataResponse) error {
|
||||
local, domain, err := gomatrixserverlib.SplitID('@', req.UserID)
|
||||
if err != nil {
|
||||
|
|
|
@ -23,6 +23,7 @@ import (
|
|||
"github.com/matrix-org/gomatrixserverlib/fclient"
|
||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
"github.com/matrix-org/dendrite/internal/pushrules"
|
||||
"github.com/matrix-org/dendrite/userapi/api"
|
||||
|
@ -30,6 +31,15 @@ import (
|
|||
"github.com/matrix-org/dendrite/userapi/types"
|
||||
)
|
||||
|
||||
type RegistrationTokens interface {
|
||||
RegistrationTokenExists(ctx context.Context, token string) (bool, error)
|
||||
InsertRegistrationToken(ctx context.Context, registrationToken *clientapi.RegistrationToken) (bool, error)
|
||||
ListRegistrationTokens(ctx context.Context, returnAll bool, valid bool) ([]clientapi.RegistrationToken, error)
|
||||
GetRegistrationToken(ctx context.Context, tokenString string) (*clientapi.RegistrationToken, error)
|
||||
DeleteRegistrationToken(ctx context.Context, tokenString string) error
|
||||
UpdateRegistrationToken(ctx context.Context, tokenString string, newAttributes map[string]interface{}) (*clientapi.RegistrationToken, error)
|
||||
}
|
||||
|
||||
type Profile interface {
|
||||
GetProfileByLocalpart(ctx context.Context, localpart string, serverName spec.ServerName) (*authtypes.Profile, error)
|
||||
SearchProfiles(ctx context.Context, searchString string, limit int) ([]authtypes.Profile, error)
|
||||
|
@ -144,6 +154,7 @@ type UserDatabase interface {
|
|||
Pusher
|
||||
Statistics
|
||||
ThreePID
|
||||
RegistrationTokens
|
||||
}
|
||||
|
||||
type KeyChangeDatabase interface {
|
||||
|
|
222
userapi/storage/postgres/registration_tokens_table.go
Normal file
222
userapi/storage/postgres/registration_tokens_table.go
Normal file
|
@ -0,0 +1,222 @@
|
|||
package postgres
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"time"
|
||||
|
||||
"github.com/matrix-org/dendrite/clientapi/api"
|
||||
internal "github.com/matrix-org/dendrite/internal"
|
||||
"github.com/matrix-org/dendrite/internal/sqlutil"
|
||||
"github.com/matrix-org/dendrite/userapi/storage/tables"
|
||||
"golang.org/x/exp/constraints"
|
||||
)
|
||||
|
||||
const registrationTokensSchema = `
|
||||
CREATE TABLE IF NOT EXISTS userapi_registration_tokens (
|
||||
token TEXT PRIMARY KEY,
|
||||
pending BIGINT,
|
||||
completed BIGINT,
|
||||
uses_allowed BIGINT,
|
||||
expiry_time BIGINT
|
||||
);
|
||||
`
|
||||
|
||||
const selectTokenSQL = "" +
|
||||
"SELECT token FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const insertTokenSQL = "" +
|
||||
"INSERT INTO userapi_registration_tokens (token, uses_allowed, expiry_time, pending, completed) VALUES ($1, $2, $3, $4, $5)"
|
||||
|
||||
const listAllTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens"
|
||||
|
||||
const listValidTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens WHERE" +
|
||||
"(uses_allowed > pending + completed OR uses_allowed IS NULL) AND" +
|
||||
"(expiry_time > $1 OR expiry_time IS NULL)"
|
||||
|
||||
const listInvalidTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens WHERE" +
|
||||
"(uses_allowed <= pending + completed OR expiry_time <= $1)"
|
||||
|
||||
const getTokenSQL = "" +
|
||||
"SELECT pending, completed, uses_allowed, expiry_time FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const deleteTokenSQL = "" +
|
||||
"DELETE FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const updateTokenUsesAllowedAndExpiryTimeSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET uses_allowed = $2, expiry_time = $3 WHERE token = $1"
|
||||
|
||||
const updateTokenUsesAllowedSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET uses_allowed = $2 WHERE token = $1"
|
||||
|
||||
const updateTokenExpiryTimeSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET expiry_time = $2 WHERE token = $1"
|
||||
|
||||
type registrationTokenStatements struct {
|
||||
selectTokenStatement *sql.Stmt
|
||||
insertTokenStatement *sql.Stmt
|
||||
listAllTokensStatement *sql.Stmt
|
||||
listValidTokensStatement *sql.Stmt
|
||||
listInvalidTokenStatement *sql.Stmt
|
||||
getTokenStatement *sql.Stmt
|
||||
deleteTokenStatement *sql.Stmt
|
||||
updateTokenUsesAllowedAndExpiryTimeStatement *sql.Stmt
|
||||
updateTokenUsesAllowedStatement *sql.Stmt
|
||||
updateTokenExpiryTimeStatement *sql.Stmt
|
||||
}
|
||||
|
||||
func NewPostgresRegistrationTokensTable(db *sql.DB) (tables.RegistrationTokensTable, error) {
|
||||
s := ®istrationTokenStatements{}
|
||||
_, err := db.Exec(registrationTokensSchema)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return s, sqlutil.StatementList{
|
||||
{&s.selectTokenStatement, selectTokenSQL},
|
||||
{&s.insertTokenStatement, insertTokenSQL},
|
||||
{&s.listAllTokensStatement, listAllTokensSQL},
|
||||
{&s.listValidTokensStatement, listValidTokensSQL},
|
||||
{&s.listInvalidTokenStatement, listInvalidTokensSQL},
|
||||
{&s.getTokenStatement, getTokenSQL},
|
||||
{&s.deleteTokenStatement, deleteTokenSQL},
|
||||
{&s.updateTokenUsesAllowedAndExpiryTimeStatement, updateTokenUsesAllowedAndExpiryTimeSQL},
|
||||
{&s.updateTokenUsesAllowedStatement, updateTokenUsesAllowedSQL},
|
||||
{&s.updateTokenExpiryTimeStatement, updateTokenExpiryTimeSQL},
|
||||
}.Prepare(db)
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) RegistrationTokenExists(ctx context.Context, tx *sql.Tx, token string) (bool, error) {
|
||||
var existingToken string
|
||||
stmt := sqlutil.TxStmt(tx, s.selectTokenStatement)
|
||||
err := stmt.QueryRowContext(ctx, token).Scan(&existingToken)
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
return false, nil
|
||||
}
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) InsertRegistrationToken(ctx context.Context, tx *sql.Tx, registrationToken *api.RegistrationToken) (bool, error) {
|
||||
stmt := sqlutil.TxStmt(tx, s.insertTokenStatement)
|
||||
_, err := stmt.ExecContext(
|
||||
ctx,
|
||||
*registrationToken.Token,
|
||||
getInsertValue(registrationToken.UsesAllowed),
|
||||
getInsertValue(registrationToken.ExpiryTime),
|
||||
*registrationToken.Pending,
|
||||
*registrationToken.Completed)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func getInsertValue[t constraints.Integer](in *t) any {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
return *in
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) ListRegistrationTokens(ctx context.Context, tx *sql.Tx, returnAll bool, valid bool) ([]api.RegistrationToken, error) {
|
||||
var stmt *sql.Stmt
|
||||
var tokens []api.RegistrationToken
|
||||
var tokenString string
|
||||
var pending, completed, usesAllowed *int32
|
||||
var expiryTime *int64
|
||||
var rows *sql.Rows
|
||||
var err error
|
||||
if returnAll {
|
||||
stmt = sqlutil.TxStmt(tx, s.listAllTokensStatement)
|
||||
rows, err = stmt.QueryContext(ctx)
|
||||
} else if valid {
|
||||
stmt = sqlutil.TxStmt(tx, s.listValidTokensStatement)
|
||||
rows, err = stmt.QueryContext(ctx, time.Now().UnixNano()/int64(time.Millisecond))
|
||||
} else {
|
||||
stmt = sqlutil.TxStmt(tx, s.listInvalidTokenStatement)
|
||||
rows, err = stmt.QueryContext(ctx, time.Now().UnixNano()/int64(time.Millisecond))
|
||||
}
|
||||
if err != nil {
|
||||
return tokens, err
|
||||
}
|
||||
defer internal.CloseAndLogIfError(ctx, rows, "ListRegistrationTokens: rows.close() failed")
|
||||
for rows.Next() {
|
||||
err = rows.Scan(&tokenString, &pending, &completed, &usesAllowed, &expiryTime)
|
||||
if err != nil {
|
||||
return tokens, err
|
||||
}
|
||||
tokenString := tokenString
|
||||
pending := pending
|
||||
completed := completed
|
||||
usesAllowed := usesAllowed
|
||||
expiryTime := expiryTime
|
||||
|
||||
tokenMap := api.RegistrationToken{
|
||||
Token: &tokenString,
|
||||
Pending: pending,
|
||||
Completed: completed,
|
||||
UsesAllowed: usesAllowed,
|
||||
ExpiryTime: expiryTime,
|
||||
}
|
||||
tokens = append(tokens, tokenMap)
|
||||
}
|
||||
return tokens, rows.Err()
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) GetRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string) (*api.RegistrationToken, error) {
|
||||
stmt := sqlutil.TxStmt(tx, s.getTokenStatement)
|
||||
var pending, completed, usesAllowed *int32
|
||||
var expiryTime *int64
|
||||
err := stmt.QueryRowContext(ctx, tokenString).Scan(&pending, &completed, &usesAllowed, &expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
token := api.RegistrationToken{
|
||||
Token: &tokenString,
|
||||
Pending: pending,
|
||||
Completed: completed,
|
||||
UsesAllowed: usesAllowed,
|
||||
ExpiryTime: expiryTime,
|
||||
}
|
||||
return &token, nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) DeleteRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string) error {
|
||||
stmt := sqlutil.TxStmt(tx, s.deleteTokenStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) UpdateRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string, newAttributes map[string]interface{}) (*api.RegistrationToken, error) {
|
||||
var stmt *sql.Stmt
|
||||
usesAllowed, usesAllowedPresent := newAttributes["usesAllowed"]
|
||||
expiryTime, expiryTimePresent := newAttributes["expiryTime"]
|
||||
if usesAllowedPresent && expiryTimePresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenUsesAllowedAndExpiryTimeStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, usesAllowed, expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else if usesAllowedPresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenUsesAllowedStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, usesAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else if expiryTimePresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenExpiryTimeStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return s.GetRegistrationToken(ctx, tx, tokenString)
|
||||
}
|
|
@ -53,6 +53,10 @@ func NewDatabase(ctx context.Context, conMan sqlutil.Connections, dbProperties *
|
|||
return nil, err
|
||||
}
|
||||
|
||||
registationTokensTable, err := NewPostgresRegistrationTokensTable(db)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("NewPostgresRegistrationsTokenTable: %w", err)
|
||||
}
|
||||
accountsTable, err := NewPostgresAccountsTable(db, serverName)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("NewPostgresAccountsTable: %w", err)
|
||||
|
@ -125,6 +129,7 @@ func NewDatabase(ctx context.Context, conMan sqlutil.Connections, dbProperties *
|
|||
ThreePIDs: threePIDTable,
|
||||
Pushers: pusherTable,
|
||||
Notifications: notificationsTable,
|
||||
RegistrationTokens: registationTokensTable,
|
||||
Stats: statsTable,
|
||||
ServerName: serverName,
|
||||
DB: db,
|
||||
|
|
|
@ -31,6 +31,7 @@ import (
|
|||
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
"github.com/matrix-org/dendrite/internal/pushrules"
|
||||
"github.com/matrix-org/dendrite/internal/sqlutil"
|
||||
|
@ -43,6 +44,7 @@ import (
|
|||
type Database struct {
|
||||
DB *sql.DB
|
||||
Writer sqlutil.Writer
|
||||
RegistrationTokens tables.RegistrationTokensTable
|
||||
Accounts tables.AccountsTable
|
||||
Profiles tables.ProfileTable
|
||||
AccountDatas tables.AccountDataTable
|
||||
|
@ -78,6 +80,42 @@ const (
|
|||
loginTokenByteLength = 32
|
||||
)
|
||||
|
||||
func (d *Database) RegistrationTokenExists(ctx context.Context, token string) (bool, error) {
|
||||
return d.RegistrationTokens.RegistrationTokenExists(ctx, nil, token)
|
||||
}
|
||||
|
||||
func (d *Database) InsertRegistrationToken(ctx context.Context, registrationToken *clientapi.RegistrationToken) (created bool, err error) {
|
||||
err = d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
||||
created, err = d.RegistrationTokens.InsertRegistrationToken(ctx, txn, registrationToken)
|
||||
return err
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
func (d *Database) ListRegistrationTokens(ctx context.Context, returnAll bool, valid bool) ([]clientapi.RegistrationToken, error) {
|
||||
return d.RegistrationTokens.ListRegistrationTokens(ctx, nil, returnAll, valid)
|
||||
}
|
||||
|
||||
func (d *Database) GetRegistrationToken(ctx context.Context, tokenString string) (*clientapi.RegistrationToken, error) {
|
||||
return d.RegistrationTokens.GetRegistrationToken(ctx, nil, tokenString)
|
||||
}
|
||||
|
||||
func (d *Database) DeleteRegistrationToken(ctx context.Context, tokenString string) (err error) {
|
||||
err = d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
||||
err = d.RegistrationTokens.DeleteRegistrationToken(ctx, nil, tokenString)
|
||||
return err
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
func (d *Database) UpdateRegistrationToken(ctx context.Context, tokenString string, newAttributes map[string]interface{}) (updatedToken *clientapi.RegistrationToken, err error) {
|
||||
err = d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
||||
updatedToken, err = d.RegistrationTokens.UpdateRegistrationToken(ctx, txn, tokenString, newAttributes)
|
||||
return err
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
// GetAccountByPassword returns the account associated with the given localpart and password.
|
||||
// Returns sql.ErrNoRows if no account exists which matches the given localpart.
|
||||
func (d *Database) GetAccountByPassword(
|
||||
|
|
222
userapi/storage/sqlite3/registration_tokens_table.go
Normal file
222
userapi/storage/sqlite3/registration_tokens_table.go
Normal file
|
@ -0,0 +1,222 @@
|
|||
package sqlite3
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"time"
|
||||
|
||||
"github.com/matrix-org/dendrite/clientapi/api"
|
||||
internal "github.com/matrix-org/dendrite/internal"
|
||||
"github.com/matrix-org/dendrite/internal/sqlutil"
|
||||
"github.com/matrix-org/dendrite/userapi/storage/tables"
|
||||
"golang.org/x/exp/constraints"
|
||||
)
|
||||
|
||||
const registrationTokensSchema = `
|
||||
CREATE TABLE IF NOT EXISTS userapi_registration_tokens (
|
||||
token TEXT PRIMARY KEY,
|
||||
pending BIGINT,
|
||||
completed BIGINT,
|
||||
uses_allowed BIGINT,
|
||||
expiry_time BIGINT
|
||||
);
|
||||
`
|
||||
|
||||
const selectTokenSQL = "" +
|
||||
"SELECT token FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const insertTokenSQL = "" +
|
||||
"INSERT INTO userapi_registration_tokens (token, uses_allowed, expiry_time, pending, completed) VALUES ($1, $2, $3, $4, $5)"
|
||||
|
||||
const listAllTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens"
|
||||
|
||||
const listValidTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens WHERE" +
|
||||
"(uses_allowed > pending + completed OR uses_allowed IS NULL) AND" +
|
||||
"(expiry_time > $1 OR expiry_time IS NULL)"
|
||||
|
||||
const listInvalidTokensSQL = "" +
|
||||
"SELECT * FROM userapi_registration_tokens WHERE" +
|
||||
"(uses_allowed <= pending + completed OR expiry_time <= $1)"
|
||||
|
||||
const getTokenSQL = "" +
|
||||
"SELECT pending, completed, uses_allowed, expiry_time FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const deleteTokenSQL = "" +
|
||||
"DELETE FROM userapi_registration_tokens WHERE token = $1"
|
||||
|
||||
const updateTokenUsesAllowedAndExpiryTimeSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET uses_allowed = $2, expiry_time = $3 WHERE token = $1"
|
||||
|
||||
const updateTokenUsesAllowedSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET uses_allowed = $2 WHERE token = $1"
|
||||
|
||||
const updateTokenExpiryTimeSQL = "" +
|
||||
"UPDATE userapi_registration_tokens SET expiry_time = $2 WHERE token = $1"
|
||||
|
||||
type registrationTokenStatements struct {
|
||||
selectTokenStatement *sql.Stmt
|
||||
insertTokenStatement *sql.Stmt
|
||||
listAllTokensStatement *sql.Stmt
|
||||
listValidTokensStatement *sql.Stmt
|
||||
listInvalidTokenStatement *sql.Stmt
|
||||
getTokenStatement *sql.Stmt
|
||||
deleteTokenStatement *sql.Stmt
|
||||
updateTokenUsesAllowedAndExpiryTimeStatement *sql.Stmt
|
||||
updateTokenUsesAllowedStatement *sql.Stmt
|
||||
updateTokenExpiryTimeStatement *sql.Stmt
|
||||
}
|
||||
|
||||
func NewSQLiteRegistrationTokensTable(db *sql.DB) (tables.RegistrationTokensTable, error) {
|
||||
s := ®istrationTokenStatements{}
|
||||
_, err := db.Exec(registrationTokensSchema)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return s, sqlutil.StatementList{
|
||||
{&s.selectTokenStatement, selectTokenSQL},
|
||||
{&s.insertTokenStatement, insertTokenSQL},
|
||||
{&s.listAllTokensStatement, listAllTokensSQL},
|
||||
{&s.listValidTokensStatement, listValidTokensSQL},
|
||||
{&s.listInvalidTokenStatement, listInvalidTokensSQL},
|
||||
{&s.getTokenStatement, getTokenSQL},
|
||||
{&s.deleteTokenStatement, deleteTokenSQL},
|
||||
{&s.updateTokenUsesAllowedAndExpiryTimeStatement, updateTokenUsesAllowedAndExpiryTimeSQL},
|
||||
{&s.updateTokenUsesAllowedStatement, updateTokenUsesAllowedSQL},
|
||||
{&s.updateTokenExpiryTimeStatement, updateTokenExpiryTimeSQL},
|
||||
}.Prepare(db)
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) RegistrationTokenExists(ctx context.Context, tx *sql.Tx, token string) (bool, error) {
|
||||
var existingToken string
|
||||
stmt := sqlutil.TxStmt(tx, s.selectTokenStatement)
|
||||
err := stmt.QueryRowContext(ctx, token).Scan(&existingToken)
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
return false, nil
|
||||
}
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) InsertRegistrationToken(ctx context.Context, tx *sql.Tx, registrationToken *api.RegistrationToken) (bool, error) {
|
||||
stmt := sqlutil.TxStmt(tx, s.insertTokenStatement)
|
||||
_, err := stmt.ExecContext(
|
||||
ctx,
|
||||
*registrationToken.Token,
|
||||
getInsertValue(registrationToken.UsesAllowed),
|
||||
getInsertValue(registrationToken.ExpiryTime),
|
||||
*registrationToken.Pending,
|
||||
*registrationToken.Completed)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func getInsertValue[t constraints.Integer](in *t) any {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
return *in
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) ListRegistrationTokens(ctx context.Context, tx *sql.Tx, returnAll bool, valid bool) ([]api.RegistrationToken, error) {
|
||||
var stmt *sql.Stmt
|
||||
var tokens []api.RegistrationToken
|
||||
var tokenString string
|
||||
var pending, completed, usesAllowed *int32
|
||||
var expiryTime *int64
|
||||
var rows *sql.Rows
|
||||
var err error
|
||||
if returnAll {
|
||||
stmt = sqlutil.TxStmt(tx, s.listAllTokensStatement)
|
||||
rows, err = stmt.QueryContext(ctx)
|
||||
} else if valid {
|
||||
stmt = sqlutil.TxStmt(tx, s.listValidTokensStatement)
|
||||
rows, err = stmt.QueryContext(ctx, time.Now().UnixNano()/int64(time.Millisecond))
|
||||
} else {
|
||||
stmt = sqlutil.TxStmt(tx, s.listInvalidTokenStatement)
|
||||
rows, err = stmt.QueryContext(ctx, time.Now().UnixNano()/int64(time.Millisecond))
|
||||
}
|
||||
if err != nil {
|
||||
return tokens, err
|
||||
}
|
||||
defer internal.CloseAndLogIfError(ctx, rows, "ListRegistrationTokens: rows.close() failed")
|
||||
for rows.Next() {
|
||||
err = rows.Scan(&tokenString, &pending, &completed, &usesAllowed, &expiryTime)
|
||||
if err != nil {
|
||||
return tokens, err
|
||||
}
|
||||
tokenString := tokenString
|
||||
pending := pending
|
||||
completed := completed
|
||||
usesAllowed := usesAllowed
|
||||
expiryTime := expiryTime
|
||||
|
||||
tokenMap := api.RegistrationToken{
|
||||
Token: &tokenString,
|
||||
Pending: pending,
|
||||
Completed: completed,
|
||||
UsesAllowed: usesAllowed,
|
||||
ExpiryTime: expiryTime,
|
||||
}
|
||||
tokens = append(tokens, tokenMap)
|
||||
}
|
||||
return tokens, rows.Err()
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) GetRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string) (*api.RegistrationToken, error) {
|
||||
stmt := sqlutil.TxStmt(tx, s.getTokenStatement)
|
||||
var pending, completed, usesAllowed *int32
|
||||
var expiryTime *int64
|
||||
err := stmt.QueryRowContext(ctx, tokenString).Scan(&pending, &completed, &usesAllowed, &expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
token := api.RegistrationToken{
|
||||
Token: &tokenString,
|
||||
Pending: pending,
|
||||
Completed: completed,
|
||||
UsesAllowed: usesAllowed,
|
||||
ExpiryTime: expiryTime,
|
||||
}
|
||||
return &token, nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) DeleteRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string) error {
|
||||
stmt := sqlutil.TxStmt(tx, s.deleteTokenStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *registrationTokenStatements) UpdateRegistrationToken(ctx context.Context, tx *sql.Tx, tokenString string, newAttributes map[string]interface{}) (*api.RegistrationToken, error) {
|
||||
var stmt *sql.Stmt
|
||||
usesAllowed, usesAllowedPresent := newAttributes["usesAllowed"]
|
||||
expiryTime, expiryTimePresent := newAttributes["expiryTime"]
|
||||
if usesAllowedPresent && expiryTimePresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenUsesAllowedAndExpiryTimeStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, usesAllowed, expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else if usesAllowedPresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenUsesAllowedStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, usesAllowed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else if expiryTimePresent {
|
||||
stmt = sqlutil.TxStmt(tx, s.updateTokenExpiryTimeStatement)
|
||||
_, err := stmt.ExecContext(ctx, tokenString, expiryTime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return s.GetRegistrationToken(ctx, tx, tokenString)
|
||||
}
|
|
@ -50,7 +50,10 @@ func NewUserDatabase(ctx context.Context, conMan sqlutil.Connections, dbProperti
|
|||
if err = m.Up(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
registationTokensTable, err := NewSQLiteRegistrationTokensTable(db)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("NewSQLiteRegistrationsTokenTable: %w", err)
|
||||
}
|
||||
accountsTable, err := NewSQLiteAccountsTable(db, serverName)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("NewSQLiteAccountsTable: %w", err)
|
||||
|
@ -130,6 +133,7 @@ func NewUserDatabase(ctx context.Context, conMan sqlutil.Connections, dbProperti
|
|||
LoginTokenLifetime: loginTokenLifetime,
|
||||
BcryptCost: bcryptCost,
|
||||
OpenIDTokenLifetimeMS: openIDTokenLifetimeMS,
|
||||
RegistrationTokens: registationTokensTable,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -25,10 +25,20 @@ import (
|
|||
"github.com/matrix-org/gomatrixserverlib/fclient"
|
||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||
|
||||
clientapi "github.com/matrix-org/dendrite/clientapi/api"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
"github.com/matrix-org/dendrite/userapi/types"
|
||||
)
|
||||
|
||||
type RegistrationTokensTable interface {
|
||||
RegistrationTokenExists(ctx context.Context, txn *sql.Tx, token string) (bool, error)
|
||||
InsertRegistrationToken(ctx context.Context, txn *sql.Tx, registrationToken *clientapi.RegistrationToken) (bool, error)
|
||||
ListRegistrationTokens(ctx context.Context, txn *sql.Tx, returnAll bool, valid bool) ([]clientapi.RegistrationToken, error)
|
||||
GetRegistrationToken(ctx context.Context, txn *sql.Tx, tokenString string) (*clientapi.RegistrationToken, error)
|
||||
DeleteRegistrationToken(ctx context.Context, txn *sql.Tx, tokenString string) error
|
||||
UpdateRegistrationToken(ctx context.Context, txn *sql.Tx, tokenString string, newAttributes map[string]interface{}) (*clientapi.RegistrationToken, error)
|
||||
}
|
||||
|
||||
type AccountDataTable interface {
|
||||
InsertAccountData(ctx context.Context, txn *sql.Tx, localpart string, serverName spec.ServerName, roomID, dataType string, content json.RawMessage) error
|
||||
SelectAccountData(ctx context.Context, localpart string, serverName spec.ServerName) (map[string]json.RawMessage, map[string]map[string]json.RawMessage, error)
|
||||
|
|
Loading…
Reference in a new issue