dendrite/clientapi/routing/login.go

// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package routing

import (
	"context"
	"net/http"

	"github.com/matrix-org/dendrite/clientapi/auth"
	"github.com/matrix-org/dendrite/clientapi/jsonerror"
	"github.com/matrix-org/dendrite/clientapi/userutil"
	"github.com/matrix-org/dendrite/setup/config"
	userapi "github.com/matrix-org/dendrite/userapi/api"
	"github.com/matrix-org/util"
)

type loginResponse struct {
	UserID      string `json:"user_id"`
	AccessToken string `json:"access_token"`
	DeviceID    string `json:"device_id"`
}

type flows struct {
	Flows []flow `json:"flows"`
}

type flow struct {
	Type string `json:"type"`
}

func passwordLogin() flows {
	f := flows{}
	s := flow{
		Type: "m.login.password",
	}
	f.Flows = append(f.Flows, s)
	return f
}

// Login implements GET and POST /login
func Login(
	req *http.Request, userAPI userapi.ClientUserAPI,
	cfg *config.ClientAPI,
) util.JSONResponse {
	if req.Method == http.MethodGet {
		// TODO: support other forms of login other than password, depending on config options
		return util.JSONResponse{
			Code: http.StatusOK,
			JSON: passwordLogin(),
		}
	} else if req.Method == http.MethodPost {
		login, cleanup, authErr := auth.LoginFromJSONReader(req.Context(), req.Body, userAPI, userAPI, cfg)
		if authErr != nil {
			return *authErr
		}
		// make a device/access token
		authErr2 := completeAuth(req.Context(), cfg.Matrix, userAPI, login, req.RemoteAddr, req.UserAgent())
		cleanup(req.Context(), &authErr2)
		return authErr2
	}
	return util.JSONResponse{
		Code: http.StatusMethodNotAllowed,
		JSON: jsonerror.NotFound("Bad method"),
	}
}

func completeAuth(
	ctx context.Context, cfg *config.Global, userAPI userapi.ClientUserAPI, login *auth.Login,
	ipAddr, userAgent string,
) util.JSONResponse {
	token, err := auth.GenerateAccessToken()
	if err != nil {
		util.GetLogger(ctx).WithError(err).Error("auth.GenerateAccessToken failed")
		return jsonerror.InternalServerError()
	}

	localpart, serverName, err := userutil.ParseUsernameParam(login.Username(), cfg)
	if err != nil {
		util.GetLogger(ctx).WithError(err).Error("auth.ParseUsernameParam failed")
		return jsonerror.InternalServerError()
	}

	var performRes userapi.PerformDeviceCreationResponse
	err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{
		DeviceDisplayName: login.InitialDisplayName,
		DeviceID:          login.DeviceID,
		AccessToken:       token,
		Localpart:         localpart,
		ServerName:        serverName,
		IPAddr:            ipAddr,
		UserAgent:         userAgent,
	}, &performRes)
	if err != nil {
		return util.JSONResponse{
			Code: http.StatusInternalServerError,
			JSON: jsonerror.Unknown("failed to create device: " + err.Error()),
		}
	}

	return util.JSONResponse{
		Code: http.StatusOK,
		JSON: loginResponse{
			UserID:      performRes.Device.UserID,
			AccessToken: performRes.Device.AccessToken,
			DeviceID:    performRes.Device.ID,
		},
	}
}
Add Apache Version 2.0 license and headers to all golang files 2017-04-21 00:40:52 +02:00			`// Copyright 2017 Vector Creations Ltd`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

Merge readers/writers/routing packages (#295) The HTTP handlers in the components are split into reader and writer directories. This was a fairly arbitrary distinction, and turns out to not be so helpful. Most read APIs have a corresponding write API, and it is more natural for them to be in the same file rather than in different directories. 2017-10-11 19:16:53 +02:00			`package routing`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00
			`import (`
return same device as sent from client if it exists in db (#414) Signed-off-by: mohit kumar singh <mohitkumarsingh907@gmail.com> 2018-08-20 11:22:06 +02:00			`"context"`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`"net/http"`
Fix pipeline, emoji and syntax (#713) Fixes #697 Switched to golangci-lint, fixes issues with buildkite and does some linting fixes to appease the new linters. 2019-06-19 15:05:03 +02:00
Hook up registration/login APIs and implement access token generation (#122) 2017-05-30 18:51:40 +02:00			`"github.com/matrix-org/dendrite/clientapi/auth"`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`"github.com/matrix-org/dendrite/clientapi/jsonerror"`
Refactor username parsing function of clientapi:login (#432) * Refactor username parse function of login Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Add tests for userutil Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> 2018-04-20 16:52:21 +02:00			`"github.com/matrix-org/dendrite/clientapi/userutil"`
Top-level setup package (#1605) * Move config, setup, mscs into "setup" top-level folder * oops, forgot the EDU server * Add setup * goimports 2020-12-02 18:41:00 +01:00			`"github.com/matrix-org/dendrite/setup/config"`
Fix edge cases around device lists (#1234) * Fix New users appear in /keys/changes * Create blank device keys when logging in on a new device * Add PerformDeviceUpdate and fix a few bugs - Correct device deletion query on sqlite - Return no keys on /keys/query rather than an empty key * Unbreak sqlite properly * Use a real DB for currentstateserver integration tests * Race fix 2020-07-31 15:40:45 +02:00			`userapi "github.com/matrix-org/dendrite/userapi/api"`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`"github.com/matrix-org/util"`
			`)`

Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`type loginResponse struct {`
Add clientapi tests (#2916) This PR - adds several tests for the clientapi, mostly around `/register` and auth fallback. - removes the now deprecated `homeserver` field from responses to `/register` and `/login` - slightly refactors auth fallback handling 2022-12-23 14:11:11 +01:00			UserID string `json:"user_id"`
			AccessToken string `json:"access_token"`
			DeviceID string `json:"device_id"`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`}`

			`type flows struct {`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			Flows []flow `json:"flows"`
			`}`

			`type flow struct {`
Fix #1381 (#1384) 2020-09-02 17:52:06 +02:00			Type string `json:"type"`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`}`

Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`func passwordLogin() flows {`
			`f := flows{}`
			`s := flow{`
Fix #1381 (#1384) 2020-09-02 17:52:06 +02:00			`Type: "m.login.password",`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`}`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`f.Flows = append(f.Flows, s)`
			`return f`
			`}`

			`// Login implements GET and POST /login`
Replace the cmd specific config with common config. (#144) * Move all the dendrite config in to a single place * Add tests for config parsing * replace syncserver config with common config * Replace client API config with common config * Replace federation API config with common config * Replace media api config with common config * Replace room server config with common config * Remove unused readKey function * Fix the integration tests * Comment on hardcoding roomserver to HTTP * Add a method for getting RoomServerURL This moves the hardcoding of HTTPs into one place. 2017-06-19 16:21:04 +02:00			`func Login(`
Define component interfaces based on consumers (1/2) (#2423) * Specify interfaces used by appservice, do half of clientapi * convert more deps of clientapi to finer-grained interfaces * Convert mediaapi and rest of clientapi * Somehow this got missed 2022-05-05 14:17:38 +02:00			`req *http.Request, userAPI userapi.ClientUserAPI,`
Configuration format v1 (#1230) * Initial pass at refactoring config (not finished) * Don't forget current state and EDU servers * More shifting around * Update server key API tests * Fix roomserver test * Fix more tests * Further tweaks * Fix current state server test (sort of) * Maybe fix appservices * Fix client API test * Include database connection string in database options * Fix sync API build * Update config test * Fix unit tests * Fix federation sender build * Fix gobind build * Set Listen address for all services in HTTP monolith mode * Validate config, reinstate appservice derived in directory, tweaks * Tweak federation API test * Set MaxOpenConnections/MaxIdleConnections to previous values * Update generate-config 2020-08-10 15:18:04 +02:00			`cfg *config.ClientAPI,`
Replace the cmd specific config with common config. (#144) * Move all the dendrite config in to a single place * Add tests for config parsing * replace syncserver config with common config * Replace client API config with common config * Replace federation API config with common config * Replace media api config with common config * Replace room server config with common config * Remove unused readKey function * Fix the integration tests * Comment on hardcoding roomserver to HTTP * Add a method for getting RoomServerURL This moves the hardcoding of HTTPs into one place. 2017-06-19 16:21:04 +02:00			`) util.JSONResponse {`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`if req.Method == http.MethodGet {`
			`// TODO: support other forms of login other than password, depending on config options`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`return util.JSONResponse{`
Use http.Status* and http.Method* where appropriate (#417) Signed-off-by: Scott Raine <me@nylar.io> 2018-03-13 16:55:45 +01:00			`Code: http.StatusOK,`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`JSON: passwordLogin(),`
			`}`
Use http.Status* and http.Method* where appropriate (#417) Signed-off-by: Scott Raine <me@nylar.io> 2018-03-13 16:55:45 +01:00			`} else if req.Method == http.MethodPost {`
Refactor appservice & client API to use userapi internal (#2290) * Refactor user api internal * Refactor clientapi to use internal userapi * Use internal userapi instead of user DB directly * Remove AccountDB dependency * Fix linter issues Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> 2022-03-24 22:45:44 +01:00			`login, cleanup, authErr := auth.LoginFromJSONReader(req.Context(), req.Body, userAPI, userAPI, cfg)`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`if authErr != nil {`
			`return *authErr`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`}`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`// make a device/access token`
Initial support for multiple server names (#2829) This PR is the first step towards virtual hosting by laying the groundwork for multiple server names being configured. 2022-10-26 13:59:19 +02:00			`authErr2 := completeAuth(req.Context(), cfg.Matrix, userAPI, login, req.RemoteAddr, req.UserAgent())`
Support for `m.login.token` (#2014) * Add GOPATH to PATH in find-lint.sh. The user doesn't necessarily have it in PATH. * Refactor LoginTypePassword and Type to support m.login.token and m.login.sso. For login token: * m.login.token will require deleting the token after completeAuth has generated an access token, so a cleanup function is returned by Type.Login. * Allowing different login types will require parsing the /login body twice: first to extract the "type" and then the type-specific parsing. Thus, we will have to buffer the request JSON in /login, like UserInteractive already does. For SSO: * NewUserInteractive will have to also use GetAccountByLocalpart. It makes more sense to just pass a (narrowed-down) accountDB interface to it than adding more function pointers. Code quality: * Passing around (and down-casting) interface{} for login request types has drawbacks in terms of type-safety, and no inherent benefits. We always decode JSON anyway. Hence renaming to Type.LoginFromJSON. Code that directly uses LoginTypePassword with parsed data can still use Login. * Removed a TODO for SSO. This is already tracked in #1297. * httputil.UnmarshalJSON is useful because it returns a JSONResponse. This change is intended to have no functional changes. * Support login tokens in User API. This adds full lifecycle functions for login tokens: create, query, delete. * Support m.login.token in /login. * Fixes for PR review. * Set @matrix-org/dendrite-core as repository code owner * Return event NID from `StoreEvent`, match PSQL vs SQLite behaviour, tweak backfill persistence (#2071) Co-authored-by: kegsay <kegan@matrix.org> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> 2022-02-10 11:27:26 +01:00			`cleanup(req.Context(), &authErr2)`
			`return authErr2`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`}`
			`return util.JSONResponse{`
Use http.Status* and http.Method* where appropriate (#417) Signed-off-by: Scott Raine <me@nylar.io> 2018-03-13 16:55:45 +01:00			`Code: http.StatusMethodNotAllowed,`
Make it possible to point Riot at Dendrite (#74) 2017-04-20 18:11:53 +02:00			`JSON: jsonerror.NotFound("Bad method"),`
			`}`
			`}`
return same device as sent from client if it exists in db (#414) Signed-off-by: mohit kumar singh <mohitkumarsingh907@gmail.com> 2018-08-20 11:22:06 +02:00
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`func completeAuth(`
Initial support for multiple server names (#2829) This PR is the first step towards virtual hosting by laying the groundwork for multiple server names being configured. 2022-10-26 13:59:19 +02:00			`ctx context.Context, cfg config.Global, userAPI userapi.ClientUserAPI, login auth.Login,`
Extend device_devices table (#1471) * Add last_used_ts and IP to database * Add migrations * Rename column Prepare statements * Add interface method and implement it Signed-off-by: Till Faelligen <tfaelligen@gmail.com> * Rename struct fields * Add user_agent to database * Add userAgent to registration calls * Add missing "IF NOT EXISTS" * use txn writer * Add UserAgent to Device Co-authored-by: Kegsay <kegan@matrix.org> 2020-10-09 10:17:23 +02:00			`ipAddr, userAgent string,`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`) util.JSONResponse {`
			`token, err := auth.GenerateAccessToken()`
			`if err != nil {`
			`util.GetLogger(ctx).WithError(err).Error("auth.GenerateAccessToken failed")`
			`return jsonerror.InternalServerError()`
			`}`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00
Initial support for multiple server names (#2829) This PR is the first step towards virtual hosting by laying the groundwork for multiple server names being configured. 2022-10-26 13:59:19 +02:00			`localpart, serverName, err := userutil.ParseUsernameParam(login.Username(), cfg)`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00			`if err != nil {`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`util.GetLogger(ctx).WithError(err).Error("auth.ParseUsernameParam failed")`
			`return jsonerror.InternalServerError()`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00			`}`

Fix edge cases around device lists (#1234) * Fix New users appear in /keys/changes * Create blank device keys when logging in on a new device * Add PerformDeviceUpdate and fix a few bugs - Correct device deletion query on sqlite - Return no keys on /keys/query rather than an empty key * Unbreak sqlite properly * Use a real DB for currentstateserver integration tests * Race fix 2020-07-31 15:40:45 +02:00			`var performRes userapi.PerformDeviceCreationResponse`
			`err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{`
			`DeviceDisplayName: login.InitialDisplayName,`
			`DeviceID: login.DeviceID,`
			`AccessToken: token,`
			`Localpart: localpart,`
Virtual hosting schema and logic changes (#2876) Note that virtual users cannot federate correctly yet. 2022-11-11 17:41:37 +01:00			`ServerName: serverName,`
Extend device_devices table (#1471) * Add last_used_ts and IP to database * Add migrations * Rename column Prepare statements * Add interface method and implement it Signed-off-by: Till Faelligen <tfaelligen@gmail.com> * Rename struct fields * Add user_agent to database * Add userAgent to registration calls * Add missing "IF NOT EXISTS" * use txn writer * Add UserAgent to Device Co-authored-by: Kegsay <kegan@matrix.org> 2020-10-09 10:17:23 +02:00			`IPAddr: ipAddr,`
			`UserAgent: userAgent,`
Fix edge cases around device lists (#1234) * Fix New users appear in /keys/changes * Create blank device keys when logging in on a new device * Add PerformDeviceUpdate and fix a few bugs - Correct device deletion query on sqlite - Return no keys on /keys/query rather than an empty key * Unbreak sqlite properly * Use a real DB for currentstateserver integration tests * Race fix 2020-07-31 15:40:45 +02:00			`}, &performRes)`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00			`if err != nil {`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`return util.JSONResponse{`
			`Code: http.StatusInternalServerError,`
			`JSON: jsonerror.Unknown("failed to create device: " + err.Error()),`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00			`}`
			`}`

Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`return util.JSONResponse{`
			`Code: http.StatusOK,`
			`JSON: loginResponse{`
Fix edge cases around device lists (#1234) * Fix New users appear in /keys/changes * Create blank device keys when logging in on a new device * Add PerformDeviceUpdate and fix a few bugs - Correct device deletion query on sqlite - Return no keys on /keys/query rather than an empty key * Unbreak sqlite properly * Use a real DB for currentstateserver integration tests * Race fix 2020-07-31 15:40:45 +02:00			`UserID: performRes.Device.UserID,`
			`AccessToken: performRes.Device.AccessToken,`
			`DeviceID: performRes.Device.ID,`
Add User-Interactive Authentication (#1193) * Add User-Interactive Authentication And use it when deleting a device. With tests. * Make remaining sytest pass * Linting * 403 not 401 on wrong user/pass 2020-07-10 01:39:44 +02:00			`},`
			`}`
Hacks for supporting Riot iOS (#1148) * Join room body is optional * Support deprecated login by user/password * Implement dummy key upload endpoint * Make a very determinate end to /messages if we hit the create event in back-pagination * Linting 2020-06-17 18:41:45 +02:00			`}`