Hopefully fix UIA for cross-signing setup (closes #1983) (#1986)

This commit is contained in:
Neil Alexander 2021-08-24 11:44:03 +01:00 committed by GitHub
parent 329c9e671c
commit 4b0cc32af2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -15,11 +15,10 @@
package routing package routing
import ( import (
"encoding/json"
"io/ioutil"
"net/http" "net/http"
"github.com/matrix-org/dendrite/clientapi/auth" "github.com/matrix-org/dendrite/clientapi/auth"
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
"github.com/matrix-org/dendrite/clientapi/httputil" "github.com/matrix-org/dendrite/clientapi/httputil"
"github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/dendrite/keyserver/api" "github.com/matrix-org/dendrite/keyserver/api"
@ -29,37 +28,52 @@ import (
"github.com/matrix-org/util" "github.com/matrix-org/util"
) )
type crossSigningRequest struct {
api.PerformUploadDeviceKeysRequest
Auth newPasswordAuth `json:"auth"`
}
func UploadCrossSigningDeviceKeys( func UploadCrossSigningDeviceKeys(
req *http.Request, userInteractiveAuth *auth.UserInteractive, req *http.Request, userInteractiveAuth *auth.UserInteractive,
keyserverAPI api.KeyInternalAPI, device *userapi.Device, keyserverAPI api.KeyInternalAPI, device *userapi.Device,
accountDB accounts.Database, cfg *config.ClientAPI, accountDB accounts.Database, cfg *config.ClientAPI,
) util.JSONResponse { ) util.JSONResponse {
uploadReq := &api.PerformUploadDeviceKeysRequest{} uploadReq := &crossSigningRequest{}
uploadRes := &api.PerformUploadDeviceKeysResponse{} uploadRes := &api.PerformUploadDeviceKeysResponse{}
ctx := req.Context() resErr := httputil.UnmarshalJSONRequest(req, &uploadReq)
defer req.Body.Close() // nolint:errcheck if resErr != nil {
bodyBytes, err := ioutil.ReadAll(req.Body) return *resErr
if err != nil { }
sessionID := uploadReq.Auth.Session
if sessionID == "" {
sessionID = util.RandomString(sessionIDLength)
}
if uploadReq.Auth.Type != authtypes.LoginTypePassword {
return util.JSONResponse{ return util.JSONResponse{
Code: http.StatusBadRequest, Code: http.StatusUnauthorized,
JSON: jsonerror.BadJSON("The request body could not be read: " + err.Error()), JSON: newUserInteractiveResponse(
sessionID,
[]authtypes.Flow{
{
Stages: []authtypes.LoginType{authtypes.LoginTypePassword},
},
},
nil,
),
} }
} }
typePassword := auth.LoginTypePassword{
if _, err := userInteractiveAuth.Verify(ctx, bodyBytes, device); err != nil { GetAccountByPassword: accountDB.GetAccountByPassword,
return *err Config: cfg,
} }
if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil {
if err = json.Unmarshal(bodyBytes, &uploadReq); err != nil { return *authErr
return util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.BadJSON("The request body could not be unmarshalled: " + err.Error()),
}
} }
AddCompletedSessionStage(sessionID, authtypes.LoginTypePassword)
uploadReq.UserID = device.UserID uploadReq.UserID = device.UserID
keyserverAPI.PerformUploadDeviceKeys(req.Context(), uploadReq, uploadRes) keyserverAPI.PerformUploadDeviceKeys(req.Context(), &uploadReq.PerformUploadDeviceKeysRequest, uploadRes)
if err := uploadRes.Error; err != nil { if err := uploadRes.Error; err != nil {
switch { switch {