2017-09-08 11:32:49 +02:00
|
|
|
/*
|
2016-11-29 16:23:38 +01:00
|
|
|
* Copyright (C) 2017 Charybdis Development Team
|
|
|
|
* Copyright (C) 2017 Jason Volk <jason@zemos.net>
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice is present in all copies.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
|
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
|
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
2017-08-23 23:10:28 +02:00
|
|
|
using namespace ircd;
|
2016-11-29 16:23:38 +01:00
|
|
|
|
|
|
|
resource login_resource
|
|
|
|
{
|
2017-10-12 05:52:33 +02:00
|
|
|
"/_matrix/client/r0/login",
|
2017-12-12 21:26:39 +01:00
|
|
|
{
|
|
|
|
"Authenticates the user by password, and issues an access token "
|
|
|
|
"they can use to authorize themself in subsequent requests. (3.2.2)"
|
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
|
|
|
|
2017-09-25 03:05:42 +02:00
|
|
|
namespace { namespace name
|
2017-09-08 11:32:49 +02:00
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
constexpr const auto password{"password"};
|
|
|
|
constexpr const auto medium{"medium"};
|
|
|
|
constexpr const auto type{"type"};
|
|
|
|
constexpr const auto user{"user"};
|
|
|
|
constexpr const auto address{"address"};
|
|
|
|
}}
|
2017-08-23 23:10:28 +02:00
|
|
|
|
2017-09-08 11:32:49 +02:00
|
|
|
struct body
|
|
|
|
:json::tuple
|
|
|
|
<
|
2017-09-08 12:15:58 +02:00
|
|
|
json::property<name::password, string_view>,
|
|
|
|
json::property<name::medium, time_t>,
|
|
|
|
json::property<name::type, string_view>,
|
|
|
|
json::property<name::user, string_view>,
|
|
|
|
json::property<name::address, string_view>
|
2017-09-08 11:32:49 +02:00
|
|
|
>
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-09-08 11:32:49 +02:00
|
|
|
using super_type::tuple;
|
|
|
|
};
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2017-09-08 11:32:49 +02:00
|
|
|
resource::response
|
|
|
|
post_login_password(client &client,
|
2017-09-25 03:05:42 +02:00
|
|
|
const resource::request::object<body> &request)
|
2017-09-08 11:32:49 +02:00
|
|
|
{
|
2017-09-12 18:37:44 +02:00
|
|
|
// Build a canonical MXID from a the user field
|
2017-09-08 11:32:49 +02:00
|
|
|
const m::id::user::buf user_id
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-10-05 01:40:02 +02:00
|
|
|
unquote(at<"user"_>(request)), my_host()
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
|
|
|
|
2017-09-08 11:32:49 +02:00
|
|
|
const auto &supplied_password
|
2017-08-23 23:10:28 +02:00
|
|
|
{
|
2017-10-05 01:40:02 +02:00
|
|
|
unquote(at<"password"_>(request))
|
2017-09-25 03:05:42 +02:00
|
|
|
};
|
|
|
|
|
2017-09-25 05:47:13 +02:00
|
|
|
m::user user
|
2017-09-25 03:05:42 +02:00
|
|
|
{
|
2017-09-25 05:47:13 +02:00
|
|
|
user_id
|
2017-08-23 23:10:28 +02:00
|
|
|
};
|
|
|
|
|
2017-09-25 05:47:13 +02:00
|
|
|
if(!user.is_password(supplied_password))
|
|
|
|
throw m::error
|
2017-09-08 11:32:49 +02:00
|
|
|
{
|
2017-09-25 05:47:13 +02:00
|
|
|
http::FORBIDDEN, "M_FORBIDDEN", "Access denied."
|
2017-09-08 11:32:49 +02:00
|
|
|
};
|
|
|
|
|
2017-09-25 05:47:13 +02:00
|
|
|
if(!user.is_active())
|
2017-03-21 03:28:00 +01:00
|
|
|
throw m::error
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-08-23 23:10:28 +02:00
|
|
|
http::FORBIDDEN, "M_FORBIDDEN", "Access denied."
|
2017-03-21 03:28:00 +01:00
|
|
|
};
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2017-09-25 03:05:42 +02:00
|
|
|
// Generate the access token
|
|
|
|
static constexpr const auto token_len{127};
|
|
|
|
static const auto token_dict{rand::dict::alpha};
|
|
|
|
char token_buf[token_len + 1];
|
|
|
|
const string_view access_token
|
|
|
|
{
|
|
|
|
rand::string(token_dict, token_len, token_buf, sizeof(token_buf))
|
|
|
|
};
|
|
|
|
|
2017-09-26 06:42:07 +02:00
|
|
|
// Log the user in by issuing an event in the sessions room containing
|
2017-09-25 03:05:42 +02:00
|
|
|
// the generated token. When this call completes without throwing the
|
|
|
|
// access_token will be committed and the user will be logged in.
|
2017-11-30 19:56:18 +01:00
|
|
|
m::send(m::user::sessions, user_id, "ircd.access_token", access_token,
|
2017-09-25 03:05:42 +02:00
|
|
|
{
|
2017-11-30 19:56:18 +01:00
|
|
|
{ "ip", string(remote(client)) },
|
|
|
|
{ "device", "unknown" },
|
2017-09-25 03:05:42 +02:00
|
|
|
});
|
|
|
|
|
2017-09-08 11:32:49 +02:00
|
|
|
// Send response to user
|
2017-03-21 03:28:00 +01:00
|
|
|
return resource::response
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-03-21 03:28:00 +01:00
|
|
|
client,
|
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
{ "user_id", user_id },
|
2017-10-01 12:09:28 +02:00
|
|
|
{ "home_server", my_host() },
|
2017-09-25 03:05:42 +02:00
|
|
|
{ "access_token", access_token },
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2017-08-23 23:10:28 +02:00
|
|
|
|
|
|
|
resource::response
|
2017-09-25 03:05:42 +02:00
|
|
|
post_login(client &client, const resource::request::object<body> &request)
|
2017-03-21 03:28:00 +01:00
|
|
|
{
|
2017-09-08 11:32:49 +02:00
|
|
|
// x.x.x Required. The login type being used.
|
|
|
|
// Currently only "m.login.password" is supported.
|
2017-08-23 23:10:28 +02:00
|
|
|
const auto type
|
2016-11-29 16:23:38 +01:00
|
|
|
{
|
2017-10-05 01:40:02 +02:00
|
|
|
unquote(at<"type"_>(request))
|
2016-11-29 16:23:38 +01:00
|
|
|
};
|
2017-08-23 23:10:28 +02:00
|
|
|
|
|
|
|
if(type == "m.login.password")
|
2017-09-25 03:05:42 +02:00
|
|
|
return post_login_password(client, request);
|
2017-08-23 23:10:28 +02:00
|
|
|
else
|
|
|
|
throw m::error
|
|
|
|
{
|
|
|
|
"M_UNSUPPORTED", "Login type is not supported."
|
|
|
|
};
|
2017-03-21 03:28:00 +01:00
|
|
|
}
|
2016-11-29 16:23:38 +01:00
|
|
|
|
2017-08-23 23:51:34 +02:00
|
|
|
resource::method method_post
|
2017-03-21 03:28:00 +01:00
|
|
|
{
|
2017-08-23 23:51:34 +02:00
|
|
|
login_resource, "POST", post_login
|
|
|
|
};
|
|
|
|
|
|
|
|
resource::response
|
|
|
|
get_login(client &client, const resource::request &request)
|
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
json::member login_password
|
2017-08-23 23:51:34 +02:00
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
"type", "m.login.password"
|
|
|
|
};
|
|
|
|
|
|
|
|
json::value flows[1]
|
|
|
|
{
|
|
|
|
{ login_password }
|
2017-08-23 23:51:34 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
return resource::response
|
|
|
|
{
|
2017-09-25 03:05:42 +02:00
|
|
|
client, json::members
|
|
|
|
{
|
|
|
|
{ "flows", { flows, 1 } }
|
|
|
|
}
|
2017-08-23 23:51:34 +02:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
resource::method method_get
|
|
|
|
{
|
|
|
|
login_resource, "GET", get_login
|
2017-03-21 03:28:00 +01:00
|
|
|
};
|
2016-11-29 16:23:38 +01:00
|
|
|
|
|
|
|
mapi::header IRCD_MODULE
|
|
|
|
{
|
|
|
|
"registers the resource 'client/login' to handle requests"
|
|
|
|
};
|