2017-04-21 00:40:52 +02:00
|
|
|
// Copyright 2017 Vector Creations Ltd
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2017-10-11 19:16:53 +02:00
|
|
|
package routing
|
2017-04-20 18:11:53 +02:00
|
|
|
|
|
|
|
import (
|
2017-05-30 18:51:40 +02:00
|
|
|
"net/http"
|
|
|
|
|
2018-08-20 11:22:06 +02:00
|
|
|
"context"
|
2019-06-19 15:05:03 +02:00
|
|
|
|
2017-05-30 18:51:40 +02:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/auth"
|
2017-04-20 18:11:53 +02:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/httputil"
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
2018-04-20 16:52:21 +02:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/userutil"
|
2020-05-21 15:40:13 +02:00
|
|
|
"github.com/matrix-org/dendrite/internal/config"
|
2020-06-16 15:10:55 +02:00
|
|
|
"github.com/matrix-org/dendrite/userapi/api"
|
2020-06-17 13:05:56 +02:00
|
|
|
"github.com/matrix-org/dendrite/userapi/storage/accounts"
|
|
|
|
"github.com/matrix-org/dendrite/userapi/storage/devices"
|
2017-05-05 18:43:42 +02:00
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
2017-04-20 18:11:53 +02:00
|
|
|
"github.com/matrix-org/util"
|
|
|
|
)
|
|
|
|
|
|
|
|
type loginFlows struct {
|
|
|
|
Flows []flow `json:"flows"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type flow struct {
|
|
|
|
Type string `json:"type"`
|
|
|
|
Stages []string `json:"stages"`
|
|
|
|
}
|
|
|
|
|
2019-11-27 15:57:44 +01:00
|
|
|
type loginIdentifier struct {
|
|
|
|
Type string `json:"type"`
|
|
|
|
User string `json:"user"`
|
|
|
|
}
|
|
|
|
|
2017-04-20 18:11:53 +02:00
|
|
|
type passwordRequest struct {
|
2019-11-27 15:57:44 +01:00
|
|
|
Identifier loginIdentifier `json:"identifier"`
|
2020-06-17 18:41:45 +02:00
|
|
|
User string `json:"user"` // deprecated in favour of identifier
|
2019-11-27 15:57:44 +01:00
|
|
|
Password string `json:"password"`
|
2019-07-22 16:05:38 +02:00
|
|
|
// Both DeviceID and InitialDisplayName can be omitted, or empty strings ("")
|
|
|
|
// Thus a pointer is needed to differentiate between the two
|
2017-11-14 10:59:02 +01:00
|
|
|
InitialDisplayName *string `json:"initial_device_display_name"`
|
2019-07-22 16:05:38 +02:00
|
|
|
DeviceID *string `json:"device_id"`
|
2017-04-20 18:11:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
type loginResponse struct {
|
2017-05-05 18:43:42 +02:00
|
|
|
UserID string `json:"user_id"`
|
|
|
|
AccessToken string `json:"access_token"`
|
|
|
|
HomeServer gomatrixserverlib.ServerName `json:"home_server"`
|
2017-10-10 11:40:52 +02:00
|
|
|
DeviceID string `json:"device_id"`
|
2017-04-20 18:11:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func passwordLogin() loginFlows {
|
|
|
|
f := loginFlows{}
|
|
|
|
s := flow{"m.login.password", []string{"m.login.password"}}
|
|
|
|
f.Flows = append(f.Flows, s)
|
|
|
|
return f
|
|
|
|
}
|
|
|
|
|
|
|
|
// Login implements GET and POST /login
|
2017-06-19 16:21:04 +02:00
|
|
|
func Login(
|
2020-02-13 18:27:33 +01:00
|
|
|
req *http.Request, accountDB accounts.Database, deviceDB devices.Database,
|
2020-02-11 12:18:12 +01:00
|
|
|
cfg *config.Dendrite,
|
2017-06-19 16:21:04 +02:00
|
|
|
) util.JSONResponse {
|
2018-03-13 16:55:45 +01:00
|
|
|
if req.Method == http.MethodGet { // TODO: support other forms of login other than password, depending on config options
|
2017-04-20 18:11:53 +02:00
|
|
|
return util.JSONResponse{
|
2018-03-13 16:55:45 +01:00
|
|
|
Code: http.StatusOK,
|
2017-04-20 18:11:53 +02:00
|
|
|
JSON: passwordLogin(),
|
|
|
|
}
|
2018-03-13 16:55:45 +01:00
|
|
|
} else if req.Method == http.MethodPost {
|
2017-04-20 18:11:53 +02:00
|
|
|
var r passwordRequest
|
2020-06-17 12:22:26 +02:00
|
|
|
var acc *api.Account
|
2020-06-17 18:41:45 +02:00
|
|
|
var errJSON *util.JSONResponse
|
2017-04-20 18:11:53 +02:00
|
|
|
resErr := httputil.UnmarshalJSONRequest(req, &r)
|
|
|
|
if resErr != nil {
|
|
|
|
return *resErr
|
|
|
|
}
|
2020-01-20 12:37:23 +01:00
|
|
|
switch r.Identifier.Type {
|
|
|
|
case "m.id.user":
|
|
|
|
if r.Identifier.User == "" {
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: http.StatusBadRequest,
|
|
|
|
JSON: jsonerror.BadJSON("'user' must be supplied."),
|
|
|
|
}
|
2017-04-20 18:11:53 +02:00
|
|
|
}
|
2020-06-17 18:41:45 +02:00
|
|
|
acc, errJSON = r.processUsernamePasswordLoginRequest(req, accountDB, cfg, r.Identifier.User)
|
|
|
|
if errJSON != nil {
|
|
|
|
return *errJSON
|
2017-09-22 18:08:16 +02:00
|
|
|
}
|
2020-06-17 18:41:45 +02:00
|
|
|
default:
|
|
|
|
// TODO: The below behaviour is deprecated but without it Riot iOS won't log in
|
|
|
|
if r.User != "" {
|
|
|
|
acc, errJSON = r.processUsernamePasswordLoginRequest(req, accountDB, cfg, r.User)
|
|
|
|
if errJSON != nil {
|
|
|
|
return *errJSON
|
|
|
|
}
|
|
|
|
} else {
|
2020-01-20 12:37:23 +01:00
|
|
|
return util.JSONResponse{
|
2020-06-17 18:41:45 +02:00
|
|
|
Code: http.StatusBadRequest,
|
|
|
|
JSON: jsonerror.BadJSON("login identifier '" + r.Identifier.Type + "' not supported"),
|
2020-01-20 12:37:23 +01:00
|
|
|
}
|
|
|
|
}
|
2017-05-30 18:51:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
token, err := auth.GenerateAccessToken()
|
|
|
|
if err != nil {
|
2020-03-02 17:20:44 +01:00
|
|
|
util.GetLogger(req.Context()).WithError(err).Error("auth.GenerateAccessToken failed")
|
|
|
|
return jsonerror.InternalServerError()
|
2017-05-30 18:51:40 +02:00
|
|
|
}
|
|
|
|
|
2019-07-22 16:05:38 +02:00
|
|
|
dev, err := getDevice(req.Context(), r, deviceDB, acc, token)
|
2017-05-30 18:51:40 +02:00
|
|
|
if err != nil {
|
|
|
|
return util.JSONResponse{
|
2018-03-13 16:55:45 +01:00
|
|
|
Code: http.StatusInternalServerError,
|
2017-05-30 18:51:40 +02:00
|
|
|
JSON: jsonerror.Unknown("failed to create device: " + err.Error()),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-20 18:11:53 +02:00
|
|
|
return util.JSONResponse{
|
2018-03-13 16:55:45 +01:00
|
|
|
Code: http.StatusOK,
|
2017-04-20 18:11:53 +02:00
|
|
|
JSON: loginResponse{
|
2017-05-30 18:51:40 +02:00
|
|
|
UserID: dev.UserID,
|
|
|
|
AccessToken: dev.AccessToken,
|
2017-06-19 16:21:04 +02:00
|
|
|
HomeServer: cfg.Matrix.ServerName,
|
2017-10-10 11:40:52 +02:00
|
|
|
DeviceID: dev.ID,
|
2017-04-20 18:11:53 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return util.JSONResponse{
|
2018-03-13 16:55:45 +01:00
|
|
|
Code: http.StatusMethodNotAllowed,
|
2017-04-20 18:11:53 +02:00
|
|
|
JSON: jsonerror.NotFound("Bad method"),
|
|
|
|
}
|
|
|
|
}
|
2018-08-20 11:22:06 +02:00
|
|
|
|
2019-07-22 16:05:38 +02:00
|
|
|
// getDevice returns a new or existing device
|
2018-08-20 11:22:06 +02:00
|
|
|
func getDevice(
|
|
|
|
ctx context.Context,
|
|
|
|
r passwordRequest,
|
2020-02-13 18:27:33 +01:00
|
|
|
deviceDB devices.Database,
|
2020-06-17 12:22:26 +02:00
|
|
|
acc *api.Account,
|
2019-07-22 16:05:38 +02:00
|
|
|
token string,
|
2020-06-16 15:10:55 +02:00
|
|
|
) (dev *api.Device, err error) {
|
2019-07-22 16:05:38 +02:00
|
|
|
dev, err = deviceDB.CreateDevice(
|
|
|
|
ctx, acc.Localpart, r.DeviceID, token, r.InitialDisplayName,
|
|
|
|
)
|
2018-08-20 11:22:06 +02:00
|
|
|
return
|
|
|
|
}
|
2020-06-17 18:41:45 +02:00
|
|
|
|
|
|
|
func (r *passwordRequest) processUsernamePasswordLoginRequest(
|
|
|
|
req *http.Request, accountDB accounts.Database,
|
|
|
|
cfg *config.Dendrite, username string,
|
|
|
|
) (acc *api.Account, errJSON *util.JSONResponse) {
|
|
|
|
util.GetLogger(req.Context()).WithField("user", username).Info("Processing login request")
|
|
|
|
|
|
|
|
localpart, err := userutil.ParseUsernameParam(username, &cfg.Matrix.ServerName)
|
|
|
|
if err != nil {
|
|
|
|
errJSON = &util.JSONResponse{
|
|
|
|
Code: http.StatusBadRequest,
|
|
|
|
JSON: jsonerror.InvalidUsername(err.Error()),
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
acc, err = accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
|
|
|
|
if err != nil {
|
|
|
|
// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
|
|
|
|
// but that would leak the existence of the user.
|
|
|
|
errJSON = &util.JSONResponse{
|
|
|
|
Code: http.StatusForbidden,
|
|
|
|
JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"),
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|