diff --git a/include/ircd/m/m.h b/include/ircd/m/m.h index c663003a7..012c76a35 100644 --- a/include/ircd/m/m.h +++ b/include/ircd/m/m.h @@ -62,7 +62,6 @@ namespace ircd::m #include "events.h" #include "node.h" #include "login.h" -#include "register.h" #include "device.h" #include "request.h" #include "fed/fed.h" diff --git a/include/ircd/m/register.h b/include/ircd/m/register.h deleted file mode 100644 index 10c868b90..000000000 --- a/include/ircd/m/register.h +++ /dev/null @@ -1,32 +0,0 @@ -// Matrix Construct -// -// Copyright (C) Matrix Construct Developers, Authors & Contributors -// Copyright (C) 2016-2018 Jason Volk -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice is present in all copies. The -// full license for this software is available in the LICENSE file. - -#pragma once -#define HAVE_IRCD_M_REGISTER_H - -namespace ircd::m -{ - struct registar; -} - -struct ircd::m::registar -:json::tuple -< - json::property, - json::property, - json::property, - json::property, - json::property, - json::property, - json::property -> -{ - using super_type::tuple; -}; diff --git a/include/ircd/m/user/register.h b/include/ircd/m/user/register.h new file mode 100644 index 000000000..d4c154cbd --- /dev/null +++ b/include/ircd/m/user/register.h @@ -0,0 +1,41 @@ +// Matrix Construct +// +// Copyright (C) Matrix Construct Developers, Authors & Contributors +// Copyright (C) 2016-2018 Jason Volk +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice is present in all copies. The +// full license for this software is available in the LICENSE file. + +#pragma once +#define HAVE_IRCD_M_USER_REGISTER_H + +/// Register a new user. The principal function is operator() which acts on the +/// data provided in the structure (otherwise the structure itself is inert +/// (see json/tuple.h)). This is a superset of m::create(user::id), which is +/// called internally and only one part of the process. This function returns +/// a spec JSON object [into the buffer] which could be returned from an +/// `r0/register` endpoint. The IP argument is optional, used for for +/// information about the registrant if a client; to programmatically register +/// a user simply fill out the structure as best as possible otherwise. +/// +struct ircd::m::user::registar +:json::tuple +< + json::property, + json::property, + json::property, + json::property, + json::property, + json::property, + json::property +> +{ + static void validate_user_id(const m::user::id &); + static void validate_password(const string_view &); + + json::object operator()(const mutable_buffer &out, const net::ipport &remote = {}) const; + + using super_type::tuple; +}; diff --git a/include/ircd/m/user/user.h b/include/ircd/m/user/user.h index 3079fc5af..8957e8d32 100644 --- a/include/ircd/m/user/user.h +++ b/include/ircd/m/user/user.h @@ -42,6 +42,7 @@ struct ircd::m::user struct filter; struct ignores; struct highlight; + struct registar; using id = m::id::user; using closure = std::function; @@ -92,3 +93,4 @@ const #include "filter.h" #include "ignores.h" #include "highlight.h" +#include "register.h" diff --git a/ircd/m.cc b/ircd/m.cc index d128e5907..0b2bcfc2a 100644 --- a/ircd/m.cc +++ b/ircd/m.cc @@ -229,6 +229,7 @@ ircd::m::module_names "m_user_account_data", "m_user_room_account_data", "m_user_room_tags", + "m_user_register", "m_events", "m_rooms", diff --git a/modules/Makefile.am b/modules/Makefile.am index 22ef4f6e7..a4090f543 100644 --- a/modules/Makefile.am +++ b/modules/Makefile.am @@ -128,6 +128,7 @@ m_user_la_SOURCES = m_user.cc m_user_events_la_SOURCES = m_user_events.cc m_user_rooms_la_SOURCES = m_user_rooms.cc m_user_filter_la_SOURCES = m_user_filter.cc +m_user_register_la_SOURCES = m_user_register.cc m_user_mitsein_la_SOURCES = m_user_mitsein.cc m_user_servers_la_SOURCES = m_user_servers.cc m_user_highlight_la_SOURCES = m_user_highlight.cc m_user_highlight_auth.cc @@ -177,6 +178,7 @@ m_module_LTLIBRARIES = \ m_user_events.la \ m_user_rooms.la \ m_user_filter.la \ + m_user_register.la \ m_user_mitsein.la \ m_user_servers.la \ m_user_highlight.la \ diff --git a/modules/client/register.cc b/modules/client/register.cc index 7856d6252..af508f95a 100644 --- a/modules/client/register.cc +++ b/modules/client/register.cc @@ -19,25 +19,14 @@ IRCD_MODULE extern const std::string flows; -static void -validate_password(const string_view &password); - -extern "C" void -validate_user_id(const m::id::user &user_id); - -extern "C" std::string -register_user(const m::registar &, - const client *const & = nullptr, - const bool &gen_token = false); +static resource::response +post__register_guest(client &client, const resource::request::object &request); static resource::response -post__register_guest(client &client, const resource::request::object &request); +post__register_user(client &client, const resource::request::object &request); static resource::response -post__register_user(client &client, const resource::request::object &request); - -static resource::response -post__register(client &client, const resource::request::object &request); +post__register(client &client, const resource::request::object &request); resource register_resource @@ -55,18 +44,17 @@ method_post }; ircd::conf::item -IRCD_MODULE_EXPORT register_enable { { "name", "ircd.client.register.enable" }, { "default", true } }; -/// see: ircd/m/register.h for the m::registar tuple. +/// see: ircd/m/register.h for the m::user::registar tuple. /// resource::response post__register(client &client, - const resource::request::object &request) + const resource::request::object &request) { const json::object &auth { @@ -104,7 +92,6 @@ post__register(client &client, } ircd::conf::item -IRCD_MODULE_EXPORT register_user_enable { { "name", "ircd.client.register.user.enable" }, @@ -113,7 +100,7 @@ register_user_enable resource::response post__register_user(client &client, - const resource::request::object &request) + const resource::request::object &request) try { if(!bool(register_user_enable)) @@ -123,20 +110,27 @@ try "User registration for this server is disabled." }; - const bool &inhibit_login + const unique_buffer buf { - json::get<"inhibit_login"_>(request) + 4_KiB }; - const std::string response + // upcast to the user::registar tuple + const m::user::registar ®istar { - register_user(request, &client, !inhibit_login) + request + }; + + // call operator() to register the user and receive response output + const json::object response + { + registar(buf, remote(client)) }; // Send response to user return resource::response { - client, http::CREATED, json::object{response} + client, http::CREATED, response }; } catch(const m::INVALID_MXID &e) @@ -157,7 +151,7 @@ register_guest_enable resource::response post__register_guest(client &client, - const resource::request::object &request) + const resource::request::object &request) { if(!bool(register_guest_enable)) throw m::error @@ -188,205 +182,8 @@ post__register_guest(client &client, }; } -std::string -register_user(const m::registar &request, - const client *const &client, - const bool &gen_token) -{ - // 3.3.1 Additional authentication information for the user-interactive authentication API. - const json::object &auth - { - json::get<"auth"_>(request) - }; - - // 3.3.1 The login type that the client is attempting to complete. - const string_view &type - { - !empty(auth)? unquote(auth.at("type")) : string_view{} - }; - - // We only support this for now, for some reason. TODO: XXX - if(type && type != "m.login.dummy") - throw m::UNSUPPORTED - { - "Registration '%s' not supported.", type - }; - - // 3.3.1 The local part of the desired Matrix ID. If omitted, the homeserver MUST - // generate a Matrix ID local part. - const auto &username - { - json::get<"username"_>(request) - }; - - // Generate canonical mxid. The home_server is appended if one is not - // specified. We do not generate a user_id here if the local part is not - // specified. TODO: isn't that guest reg? - const m::id::user::buf user_id - { - username, my_host() - }; - - // Check if the the user_id is acceptably formed for this server or throws - validate_user_id(user_id); - - // 3.3.1 Required. The desired password for the account. - const auto &password - { - at<"password"_>(request) - }; - - // (r0.3.0) 3.4.1 ID of the client device. If this does not correspond to a - // known client device, a new device will be created. The server will auto- - // generate a device_id if this is not specified. - const auto requested_device_id - { - json::get<"device_id"_>(request) - }; - - const m::id::device::buf device_id - { - requested_device_id? - m::id::device::buf{requested_device_id, my_host()}: - gen_token? - m::id::device::buf{m::id::generate, my_host()}: - m::id::device::buf{} - }; - - const auto &initial_device_display_name - { - json::get<"initial_device_display_name"_>(request) - }; - - // 3.3.1 If true, the server binds the email used for authentication to the - // Matrix ID with the ID Server. Defaults to false. - const auto &bind_email - { - get<"bind_email"_>(request, false) - }; - - // Check if the password is acceptable for this server or throws - validate_password(password); - - //TODO: ABA - if(exists(user_id)) - throw m::error - { - http::CONFLICT, "M_USER_IN_USE", - "The desired user ID is already in use." - }; - - //TODO: ABA / TXN - // Represent the user - m::user user - { - m::create(user_id) - }; - - // Activate the account. Underneath this will create a special room - // for this user in the form of !@user:host and set a key in !users:host - // If the user_id is taken this throws 409 Conflict because those assets - // will already exist; otherwise the user is registered after this call. - //TODO: ABA / TXN - user.activate(); - - // Set the password for the account. This issues an ircd.password state - // event to the user's room. User will be able to login with - // m.login.password - user.password(password); - - // Store the options from registration. - m::user::room user_room{user}; - send(user_room, user.user_id, "ircd.account.options", "registration", json::members - { - { "bind_email", bind_email }, - }); - - char access_token_buf[32]; - const string_view access_token - { - gen_token? - m::user::gen_access_token(access_token_buf): - string_view{} - }; - - // Log the user in by issuing an event in the tokens room containing - // the generated token. When this call completes without throwing the - // access_token will be committed and the user will be logged in. - if(gen_token) - { - char remote_buf[96]; - const json::value last_seen_ip - { - client? - string(remote_buf, remote(*client)): - string_view{}, - - json::STRING - }; - - const m::event::id::buf access_token_id - { - m::send(m::user::tokens, user_id, "ircd.access_token", access_token, json::members - { - { "ip", last_seen_ip }, - { "device_id", device_id }, - }) - }; - - const json::members device - { - { "device_id", device_id }, - { "display_name", initial_device_display_name }, - { "last_seen_ts", ircd::time() }, - { "last_seen_ip", last_seen_ip }, - { "access_token_id", access_token_id }, - }; - - m::device::set(user_id, device); - } - - // Send response to user - return json::strung - { - json::members - { - { "user_id", user_id }, - { "home_server", my_host() }, - { "access_token", access_token }, - { "device_id", device_id }, - } - }; -} - -void -validate_user_id(const m::id::user &user_id) -{ - if(user_id.host() != my_host()) - throw m::error - { - http::BAD_REQUEST, - "M_INVALID_USERNAME", - "Can only register with host '%s'", - my_host() - }; -} - -void -validate_password(const string_view &password) -{ - if(password.size() > 255) - throw m::error - { - http::BAD_REQUEST, - "M_INVALID_PASSWORD", - "The desired password is too long" - }; -} - const std::string -flows -{R"({ +flows{R"({ "flows": [ { diff --git a/modules/console.cc b/modules/console.cc index ebcacdb5b..f83d2bce2 100644 --- a/modules/console.cc +++ b/modules/console.cc @@ -10554,26 +10554,22 @@ console_cmd__user__register(opt &out, const string_view &line) param.at(1) }; - const m::registar request + const m::user::registar request { - { "username", username }, - { "password", password }, - { "bind_email", false }, + { "username", username }, + { "password", password }, + { "bind_email", false }, + { "inhibit_login", true }, }; - using prototype = std::string - (const m::registar &, - const client *const &, - const bool &); - - static mods::import register_user + const unique_buffer buf { - "client_register", "register_user" + 4_KiB }; const auto ret { - register_user(request, nullptr, false) + request(buf) }; out << ret << std::endl; diff --git a/modules/m_user_register.cc b/modules/m_user_register.cc new file mode 100644 index 000000000..a633b02fa --- /dev/null +++ b/modules/m_user_register.cc @@ -0,0 +1,224 @@ +// Matrix Construct +// +// Copyright (C) Matrix Construct Developers, Authors & Contributors +// Copyright (C) 2016-2019 Jason Volk +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice is present in all copies. The +// full license for this software is available in the LICENSE file. + +ircd::mapi::header +IRCD_MODULE +{ + "Matrix user register" +}; + +ircd::json::object +IRCD_MODULE_EXPORT +ircd::m::user::registar::operator()(const mutable_buffer &out, + const net::ipport &remote) +const +{ + // 3.3.1 Additional authentication information for the user-interactive authentication API. + const json::object &auth + { + json::get<"auth"_>(*this) + }; + + // 3.3.1 The login type that the client is attempting to complete. + const string_view &type + { + !empty(auth)? unquote(auth.at("type")) : string_view{} + }; + + // We only support this for now, for some reason. TODO: XXX + if(type && type != "m.login.dummy") + throw m::UNSUPPORTED + { + "Registration '%s' not supported.", type + }; + + // 3.3.1 The local part of the desired Matrix ID. If omitted, the homeserver MUST + // generate a Matrix ID local part. + const auto &username + { + json::get<"username"_>(*this) + }; + + // Generate canonical mxid. The home_server is appended if one is not + // specified. We do not generate a user_id here if the local part is not + // specified. TODO: isn't that guest reg? + const m::id::user::buf user_id + { + username, my_host() + }; + + // Check if the the user_id is acceptably formed for this server or throws + validate_user_id(user_id); + + // 3.3.1 Required. The desired password for the account. + const auto &password + { + json::at<"password"_>(*this) + }; + + // (r0.3.0) 3.4.1 ID of the client device. If this does not correspond to a + // known client device, a new device will be created. The server will auto- + // generate a device_id if this is not specified. + const auto requested_device_id + { + json::get<"device_id"_>(*this) + }; + + const m::id::device::buf device_id + { + requested_device_id? + m::id::device::buf{requested_device_id, my_host()}: + !json::get<"inhibit_login"_>(*this)? + m::id::device::buf{m::id::generate, my_host()}: + m::id::device::buf{} + }; + + const auto &initial_device_display_name + { + json::get<"initial_device_display_name"_>(*this) + }; + + // 3.3.1 If true, the server binds the email used for authentication to the + // Matrix ID with the ID Server. Defaults to false. + const auto &bind_email + { + json::get<"bind_email"_>(*this, false) + }; + + // Check if the password is acceptable for this server or throws + validate_password(password); + + //TODO: ABA + if(exists(user_id)) + throw m::error + { + http::CONFLICT, "M_USER_IN_USE", + "The desired user ID is already in use." + }; + + //TODO: ABA / TXN + // Represent the user + m::user user + { + m::create(user_id) + }; + + // Activate the account. Underneath this will create a special room + // for this user in the form of !@user:host and set a key in !users:host + // If the user_id is taken this throws 409 Conflict because those assets + // will already exist; otherwise the user is registered after this call. + //TODO: ABA / TXN + user.activate(); + + // Set the password for the account. This issues an ircd.password state + // event to the user's room. User will be able to login with + // m.login.password + user.password(password); + + // Represent the user's room; was created in m::create(user_id) + m::user::room user_room + { + user + }; + + // Store the options from registration. + const m::event::id::buf account_options_id + { + send(user_room, user.user_id, "ircd.account.options", "registration", json::members + { + { "bind_email", bind_email }, + }) + }; + + // Optionally generate an access_token for login. + char access_token_buf[32]; + const string_view access_token + { + !json::get<"inhibit_login"_>(*this)? + m::user::gen_access_token(access_token_buf): + string_view{} + }; + + // Log the user in by issuing an event in the tokens room containing + // the generated token. When this call completes without throwing the + // access_token will be committed and the user will be logged in. + if(!json::get<"inhibit_login"_>(*this)) + { + char remote_buf[96]; + const json::value last_seen_ip + { + remote? + string(remote_buf, remote): + string_view{}, + + json::STRING + }; + + const m::event::id::buf access_token_id + { + m::send(m::user::tokens, user_id, "ircd.access_token", access_token, json::members + { + { "ip", last_seen_ip }, + { "device_id", device_id }, + }) + }; + + const json::members device + { + { "device_id", device_id }, + { "display_name", initial_device_display_name }, + { "last_seen_ts", ircd::time() }, + { "last_seen_ip", last_seen_ip }, + { "access_token_id", access_token_id }, + }; + + m::device::set(user_id, device); + } + + // Send response to user + return json::stringify(mutable_buffer{out}, json::members + { + { "user_id", user_id }, + { "home_server", my_host() }, + { "access_token", access_token }, + { "device_id", device_id }, + }); +} + +void +IRCD_MODULE_EXPORT +ircd::m::user::registar::validate_password(const string_view &password) +{ + static const size_t &max + { + 255 + }; + + if(password.size() > max) + throw m::error + { + http::BAD_REQUEST, "M_INVALID_PASSWORD", + "The desired password exceeds %zu characters", + max, + }; +} + +void +IRCD_MODULE_EXPORT +ircd::m::user::registar::validate_user_id(const m::user::id &user_id) +{ + if(user_id.host() != my_host()) + throw m::error + { + http::BAD_REQUEST, "M_INVALID_USERNAME", + "Can only register with host '%s'", + my_host() + }; +}