mirror of
https://github.com/matrix-construct/construct
synced 2024-09-27 11:18:51 +02:00
modules/client/devices: Implement 14.10.2 security considerations.
This commit is contained in:
parent
5b962205d1
commit
964d6b427f
2 changed files with 75 additions and 8 deletions
|
@ -48,6 +48,9 @@ method_post
|
|||
}
|
||||
};
|
||||
|
||||
extern const std::string
|
||||
flows;
|
||||
|
||||
resource::response
|
||||
post__delete_devices(client &client,
|
||||
const resource::request &request)
|
||||
|
@ -62,14 +65,19 @@ post__delete_devices(client &client,
|
|||
request["auth"]
|
||||
};
|
||||
|
||||
const string_view &type
|
||||
// 14.10.2 Security considerations
|
||||
const json::string &type{auth["type"]};
|
||||
if(type != "m.login.password")
|
||||
return resource::response
|
||||
{
|
||||
auth.at("type")
|
||||
client, http::UNAUTHORIZED, json::object{flows}
|
||||
};
|
||||
|
||||
const string_view &session
|
||||
const json::string &password{auth["password"]};
|
||||
if(!m::user(request.user_id).is_password(password))
|
||||
throw m::ACCESS_DENIED
|
||||
{
|
||||
auth["session"]
|
||||
"Incorrect password."
|
||||
};
|
||||
|
||||
for(const json::string &device_id : devices)
|
||||
|
@ -80,3 +88,21 @@ post__delete_devices(client &client,
|
|||
client, http::OK
|
||||
};
|
||||
}
|
||||
|
||||
const std::string
|
||||
flows
|
||||
{
|
||||
ircd::string(512 | SHRINK_TO_FIT, [](const mutable_buffer &buf)
|
||||
{
|
||||
json::stack out{buf};
|
||||
{
|
||||
json::stack::object top{out};
|
||||
json::stack::array flows{top, "flows"};
|
||||
json::stack::object flow{flows};
|
||||
json::stack::array stages{flow, "stages"};
|
||||
stages.append("m.login.password");
|
||||
}
|
||||
|
||||
return out.completed();
|
||||
})
|
||||
};
|
||||
|
|
|
@ -197,6 +197,9 @@ method_put
|
|||
}
|
||||
};
|
||||
|
||||
extern const std::string
|
||||
flows;
|
||||
|
||||
resource::response
|
||||
delete__devices(client &client,
|
||||
const resource::request &request)
|
||||
|
@ -212,6 +215,26 @@ delete__devices(client &client,
|
|||
url::decode(device_id, request.parv[1])
|
||||
};
|
||||
|
||||
const json::object &auth
|
||||
{
|
||||
request["auth"]
|
||||
};
|
||||
|
||||
// 14.10.2 Security considerations
|
||||
const json::string &type{auth["type"]};
|
||||
if(type != "m.login.password")
|
||||
return resource::response
|
||||
{
|
||||
client, http::UNAUTHORIZED, json::object{flows}
|
||||
};
|
||||
|
||||
const json::string &password{auth["password"]};
|
||||
if(!m::user(request.user_id).is_password(password))
|
||||
throw m::ACCESS_DENIED
|
||||
{
|
||||
"Incorrect password."
|
||||
};
|
||||
|
||||
m::device::del(request.user_id, device_id);
|
||||
|
||||
return resource::response
|
||||
|
@ -228,3 +251,21 @@ method_delete
|
|||
method_delete.REQUIRES_AUTH
|
||||
}
|
||||
};
|
||||
|
||||
const std::string
|
||||
flows
|
||||
{
|
||||
ircd::string(512 | SHRINK_TO_FIT, [](const mutable_buffer &buf)
|
||||
{
|
||||
json::stack out{buf};
|
||||
{
|
||||
json::stack::object top{out};
|
||||
json::stack::array flows{top, "flows"};
|
||||
json::stack::object flow{flows};
|
||||
json::stack::array stages{flow, "stages"};
|
||||
stages.append("m.login.password");
|
||||
}
|
||||
|
||||
return out.completed();
|
||||
})
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue