2018-02-04 03:22:01 +01:00
|
|
|
// Matrix Construct
|
|
|
|
//
|
|
|
|
// Copyright (C) Matrix Construct Developers, Authors & Contributors
|
|
|
|
// Copyright (C) 2016-2018 Jason Volk <jason@zemos.net>
|
|
|
|
//
|
|
|
|
// Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
// purpose with or without fee is hereby granted, provided that the above
|
|
|
|
// copyright notice and this permission notice is present in all copies. The
|
|
|
|
// full license for this software is available in the LICENSE file.
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2017-08-23 23:10:28 +02:00
|
|
|
using namespace ircd;
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2018-02-15 22:06:49 +01:00
|
|
|
mapi::header
|
|
|
|
IRCD_MODULE
|
|
|
|
{
|
|
|
|
"Client 3.3 :Login"
|
|
|
|
};
|
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource
|
2018-02-15 22:06:49 +01:00
|
|
|
login_resource
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-10-12 05:52:33 +02:00
|
|
|
"/_matrix/client/r0/login",
|
2017-12-12 21:26:39 +01:00
|
|
|
{
|
2018-02-15 22:06:49 +01:00
|
|
|
"(3.3.1) Authenticates the user by password, and issues an access token "
|
|
|
|
"they can use to authorize themself in subsequent requests."
|
2017-12-12 21:26:39 +01:00
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource::response
|
2018-02-15 22:11:51 +01:00
|
|
|
post__login_password(client &client,
|
2022-07-14 21:01:02 +02:00
|
|
|
const m::resource::request::object<m::login> &request)
|
2017-09-08 11:32:49 +02:00
|
|
|
{
|
2019-03-04 22:12:53 +01:00
|
|
|
const json::object &identifier
|
|
|
|
{
|
|
|
|
json::get<"identifier"_>(request)
|
|
|
|
};
|
|
|
|
|
|
|
|
const json::string &identifier_type
|
|
|
|
{
|
|
|
|
identifier.get("type")
|
|
|
|
};
|
|
|
|
|
|
|
|
if(identifier_type && identifier_type != "m.id.user")
|
|
|
|
throw m::UNSUPPORTED
|
|
|
|
{
|
|
|
|
"Identifier type '%s' is not supported.", identifier_type
|
|
|
|
};
|
|
|
|
|
|
|
|
const json::string &username
|
|
|
|
{
|
|
|
|
identifier_type == "m.id.user"?
|
|
|
|
json::string(identifier.at("user")):
|
|
|
|
at<"user"_>(request)
|
|
|
|
};
|
|
|
|
|
2020-04-15 03:22:17 +02:00
|
|
|
const auto &localpart
|
|
|
|
{
|
|
|
|
valid(m::id::USER, username)?
|
|
|
|
m::id::user(username).local():
|
|
|
|
string_view{username}
|
|
|
|
};
|
|
|
|
|
|
|
|
const auto &hostpart
|
|
|
|
{
|
|
|
|
valid(m::id::USER, username)?
|
|
|
|
m::id::user(username).host():
|
|
|
|
my_host()
|
|
|
|
};
|
|
|
|
|
|
|
|
if(!my_host(hostpart))
|
|
|
|
throw m::UNSUPPORTED
|
|
|
|
{
|
|
|
|
"Credentials for users of homeserver '%s' cannot be obtained here.",
|
|
|
|
hostpart,
|
|
|
|
};
|
|
|
|
|
2017-09-12 18:37:44 +02:00
|
|
|
// Build a canonical MXID from a the user field
|
2017-09-08 11:32:49 +02:00
|
|
|
const m::id::user::buf user_id
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2020-04-15 03:22:17 +02:00
|
|
|
localpart, hostpart
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
|
|
|
|
2019-02-18 21:38:01 +01:00
|
|
|
const string_view &supplied_password
|
2017-08-23 23:10:28 +02:00
|
|
|
{
|
2019-02-18 21:38:01 +01:00
|
|
|
at<"password"_>(request)
|
2017-09-25 03:05:42 +02:00
|
|
|
};
|
|
|
|
|
2017-09-25 05:47:13 +02:00
|
|
|
m::user user
|
2017-09-25 03:05:42 +02:00
|
|
|
{
|
2017-09-25 05:47:13 +02:00
|
|
|
user_id
|
2017-08-23 23:10:28 +02:00
|
|
|
};
|
|
|
|
|
2017-09-25 05:47:13 +02:00
|
|
|
if(!user.is_password(supplied_password))
|
2018-02-15 06:54:07 +01:00
|
|
|
throw m::FORBIDDEN
|
2017-09-08 11:32:49 +02:00
|
|
|
{
|
2018-02-15 06:54:07 +01:00
|
|
|
"Access denied."
|
2017-09-08 11:32:49 +02:00
|
|
|
};
|
|
|
|
|
2020-05-02 21:27:49 +02:00
|
|
|
if(!active(user))
|
2018-02-15 06:54:07 +01:00
|
|
|
throw m::FORBIDDEN
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2018-02-15 06:54:07 +01:00
|
|
|
"Access denied."
|
2017-03-21 03:28:00 +01:00
|
|
|
};
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2019-02-18 21:38:01 +01:00
|
|
|
const string_view &requested_device_id
|
2018-02-15 22:11:51 +01:00
|
|
|
{
|
2019-02-18 21:38:01 +01:00
|
|
|
json::get<"device_id"_>(request)
|
|
|
|
};
|
|
|
|
|
|
|
|
const string_view &initial_device_display_name
|
|
|
|
{
|
|
|
|
json::get<"initial_device_display_name"_>(request)
|
2018-02-15 22:11:51 +01:00
|
|
|
};
|
|
|
|
|
2018-02-16 22:12:25 +01:00
|
|
|
const auto device_id
|
2018-02-15 22:11:51 +01:00
|
|
|
{
|
2020-04-16 02:28:22 +02:00
|
|
|
valid(m::id::DEVICE, requested_device_id)?
|
|
|
|
m::id::device::buf{requested_device_id}:
|
2018-02-15 22:11:51 +01:00
|
|
|
requested_device_id?
|
|
|
|
m::id::device::buf{requested_device_id, my_host()}:
|
|
|
|
m::id::device::buf{m::id::generate, my_host()}
|
|
|
|
};
|
|
|
|
|
2020-04-16 02:28:22 +02:00
|
|
|
if(!my(device_id))
|
|
|
|
throw m::UNSUPPORTED
|
|
|
|
{
|
|
|
|
"Device ID's with foreign hostparts are not supported."
|
|
|
|
};
|
|
|
|
|
2018-02-15 22:11:51 +01:00
|
|
|
char access_token_buf[32];
|
2017-09-25 03:05:42 +02:00
|
|
|
const string_view access_token
|
|
|
|
{
|
2020-04-02 02:14:51 +02:00
|
|
|
m::user::tokens::generate(access_token_buf)
|
2017-09-25 03:05:42 +02:00
|
|
|
};
|
|
|
|
|
2019-03-29 01:47:57 +01:00
|
|
|
char remote_buf[96];
|
|
|
|
const json::value last_seen_ip
|
|
|
|
{
|
|
|
|
string(remote_buf, remote(client)), json::STRING
|
|
|
|
};
|
|
|
|
|
2019-10-01 05:50:58 +02:00
|
|
|
const m::room::id::buf tokens_room
|
|
|
|
{
|
|
|
|
"tokens", origin(m::my())
|
|
|
|
};
|
|
|
|
|
2018-02-11 22:37:00 +01:00
|
|
|
// Log the user in by issuing an event in the tokens room containing
|
2017-09-25 03:05:42 +02:00
|
|
|
// the generated token. When this call completes without throwing the
|
|
|
|
// access_token will be committed and the user will be logged in.
|
2019-02-21 00:46:48 +01:00
|
|
|
const m::event::id::buf access_token_id
|
2017-09-25 03:05:42 +02:00
|
|
|
{
|
2019-10-01 05:50:58 +02:00
|
|
|
m::send(tokens_room, user_id, "ircd.access_token", access_token,
|
2019-02-21 00:46:48 +01:00
|
|
|
{
|
2019-03-29 01:47:57 +01:00
|
|
|
{ "ip", last_seen_ip },
|
|
|
|
{ "device_id", device_id },
|
2019-02-21 00:46:48 +01:00
|
|
|
})
|
|
|
|
};
|
2017-09-25 03:05:42 +02:00
|
|
|
|
2020-04-02 03:30:02 +02:00
|
|
|
const m::user::devices devices
|
|
|
|
{
|
|
|
|
user_id
|
|
|
|
};
|
|
|
|
|
|
|
|
devices.set(json::members
|
2019-02-20 22:09:32 +01:00
|
|
|
{
|
2019-03-29 01:47:57 +01:00
|
|
|
{ "device_id", device_id },
|
|
|
|
{ "display_name", initial_device_display_name },
|
|
|
|
{ "last_seen_ts", ircd::time<milliseconds>() },
|
|
|
|
{ "last_seen_ip", last_seen_ip },
|
|
|
|
{ "access_token_id", access_token_id },
|
2020-04-02 03:30:02 +02:00
|
|
|
});
|
2019-02-19 01:42:08 +01:00
|
|
|
|
2017-09-08 11:32:49 +02:00
|
|
|
// Send response to user
|
2017-03-21 03:28:00 +01:00
|
|
|
return resource::response
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2018-02-15 22:11:51 +01:00
|
|
|
client, json::members
|
2017-03-21 03:28:00 +01:00
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
{ "user_id", user_id },
|
2017-10-01 12:09:28 +02:00
|
|
|
{ "home_server", my_host() },
|
2017-09-25 03:05:42 +02:00
|
|
|
{ "access_token", access_token },
|
2018-02-15 22:11:51 +01:00
|
|
|
{ "device_id", device_id },
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2017-08-23 23:10:28 +02:00
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource::response
|
2018-02-17 02:17:18 +01:00
|
|
|
post__login(client &client,
|
2022-07-14 21:01:02 +02:00
|
|
|
const m::resource::request::object<m::login> &request)
|
2017-03-21 03:28:00 +01:00
|
|
|
{
|
2018-02-15 22:11:51 +01:00
|
|
|
const auto &type
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2019-02-18 21:38:01 +01:00
|
|
|
at<"type"_>(request)
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
2017-08-23 23:10:28 +02:00
|
|
|
|
|
|
|
if(type == "m.login.password")
|
2018-02-15 22:11:51 +01:00
|
|
|
return post__login_password(client, request);
|
|
|
|
|
|
|
|
throw m::UNSUPPORTED
|
|
|
|
{
|
2019-02-18 21:38:01 +01:00
|
|
|
"Login type '%s' is not supported.", type
|
2018-02-15 22:11:51 +01:00
|
|
|
};
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource::method
|
2018-02-15 22:11:51 +01:00
|
|
|
method_post
|
2017-03-21 03:28:00 +01:00
|
|
|
{
|
2021-02-19 15:44:27 +01:00
|
|
|
login_resource, "POST", post__login,
|
|
|
|
{
|
|
|
|
method_post.RATE_LIMITED
|
|
|
|
}
|
2017-08-23 23:51:34 +02:00
|
|
|
};
|
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource::response
|
2018-02-17 02:17:18 +01:00
|
|
|
get__login(client &client,
|
2022-07-14 21:01:02 +02:00
|
|
|
const m::resource::request &request)
|
2017-08-23 23:51:34 +02:00
|
|
|
{
|
2018-02-15 22:11:51 +01:00
|
|
|
const json::member login_password
|
2017-08-23 23:51:34 +02:00
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
"type", "m.login.password"
|
|
|
|
};
|
|
|
|
|
|
|
|
json::value flows[1]
|
|
|
|
{
|
|
|
|
{ login_password }
|
2017-08-23 23:51:34 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
return resource::response
|
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
client, json::members
|
|
|
|
{
|
|
|
|
{ "flows", { flows, 1 } }
|
|
|
|
}
|
2017-08-23 23:51:34 +02:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-07-14 21:01:02 +02:00
|
|
|
m::resource::method
|
2018-02-15 22:06:49 +01:00
|
|
|
method_get
|
2017-08-23 23:51:34 +02:00
|
|
|
{
|
2021-02-19 15:44:27 +01:00
|
|
|
login_resource, "GET", get__login,
|
|
|
|
{
|
|
|
|
method_get.RATE_LIMITED
|
|
|
|
}
|
2017-03-21 03:28:00 +01:00
|
|
|
};
|