oss/conduit
oss/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-07-22 17:18:35 +00:00
Code Wiki Activity

where did my code go???

Browse source
This commit is contained in:
avdb13 2024-07-10 08:19:39 +02:00
parent 269455d93a
commit 895b66fa50
17 changed files with 331 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/api/client_server/account.rs
View file

@ -322,6 +322,8 @@ pub async fn change_password_route(
.ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
let sender_device = body.sender_device.as_ref().expect("user is authenticated");
// if services().users.password_hash(sender_user)? == Some("");
let mut uiaainfo = UiaaInfo {
flows: vec![AuthFlow {
stages: vec![AuthType::Password],

6
src/api/client_server/keys.rs
View file

@ -111,6 +111,10 @@ pub async fn upload_signing_keys_route(
auth_error: None,
};
let master_key = services()
.users
.get_master_key(None, sender_user, &|user_id| user_id == sender_user)?;
if let Some(auth) = &body.auth {
let (worked, uiaainfo) =
services()
@ -126,7 +130,7 @@ pub async fn upload_signing_keys_route(
.uiaa
.create(sender_user, sender_device, &uiaainfo, &json)?;
return Err(Error::Uiaa(uiaainfo));
} else {
} else if master_key.is_some() {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}

4
src/api/client_server/mod.rs
View file

@ -23,6 +23,7 @@ mod room;
mod search;
mod session;
mod space;
mod sso;
mod state;
mod sync;
mod tag;
@ -60,6 +61,7 @@ pub use room::*;
pub use search::*;
pub use session::*;
pub use space::*;
pub use sso::*;
pub use state::*;
pub use sync::*;
pub use tag::*;
@ -76,3 +78,5 @@ pub const DEVICE_ID_LENGTH: usize = 10;
pub const TOKEN_LENGTH: usize = 32;
pub const SESSION_ID_LENGTH: usize = 32;
pub const AUTO_GEN_PASSWORD_LENGTH: usize = 15;
pub const AUTH_SESSION_EXPIRATION_SECS: u64 = 60 * 5;
pub const LOGIN_TOKEN_EXPIRATION_SECS: u64 = 15;

87
src/api/client_server/session.rs
View file

@ -1,5 +1,5 @@
use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
use crate::{services, utils, Error, Result, Ruma};
use crate::{service::sso::LoginToken, services, utils, Error, Result, Ruma};
use ruma::{
api::client::{
error::ErrorKind,
@ -24,10 +24,20 @@ struct Claims {
pub async fn get_login_types_route(
_body: Ruma<get_login_types::v3::Request>,
) -> Result<get_login_types::v3::Response> {
Ok(get_login_types::v3::Response::new(vec![
let mut flows = vec![
get_login_types::v3::LoginType::Password(Default::default()),
get_login_types::v3::LoginType::ApplicationService(Default::default()),
]))
];
if let v @ [_, ..] = &*services().sso.flows() {
let flow = get_login_types::v3::SsoLoginType {
identity_providers: v.to_owned(),
};
flows.push(get_login_types::v3::LoginType::Sso(flow));
}
Ok(get_login_types::v3::Response::new(flows))
}
/// # `POST /_matrix/client/r0/login`
@ -101,35 +111,64 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
user_id
}
login::v3::LoginInfo::Token(login::v3::Token { token }) => {
if let Some(jwt_decoding_key) = services().globals.jwt_decoding_key() {
let token = jsonwebtoken::decode::<Claims>(
token,
jwt_decoding_key,
&jsonwebtoken::Validation::default(),
)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Token is invalid."))?;
let username = token.claims.sub.to_lowercase();
let user_id =
UserId::parse_with_server_name(username, services().globals.server_name())
match (
services().globals.jwt_decoding_key(),
&services().sso.providers().is_empty(),
) {
(_, false) => {
let mut validation =
jsonwebtoken::Validation::new(jsonwebtoken::Algorithm::HS256);
validation.validate_nbf = false;
validation.set_required_spec_claims(&["sub", "exp", "aud", "iss"]);
let login_token = services()
.globals
.validate_claims::<LoginToken>(token, Some(validation))
.map_err(|_| {
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
Error::BadRequest(ErrorKind::InvalidParam, "Invalid token.")
})?;
if services().appservice.is_exclusive_user_id(&user_id).await {
login_token.audience().map_err(|_| {
Error::BadRequest(ErrorKind::InvalidParam, "Invalid token audience.")
})?
}
(Some(jwt_decoding_key), _) => {
let token = jsonwebtoken::decode::<Claims>(
token,
jwt_decoding_key,
&jsonwebtoken::Validation::default(),
)
.map_err(|_| {
Error::BadRequest(ErrorKind::InvalidUsername, "Token is invalid.")
})?;
let username = token.claims.sub.to_lowercase();
let user_id =
UserId::parse_with_server_name(username, services().globals.server_name())
.map_err(|_| {
Error::BadRequest(
ErrorKind::InvalidUsername,
"Username is invalid.",
)
})?;
if services().appservice.is_exclusive_user_id(&user_id).await {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User id reserved by appservice.",
));
}
user_id
}
(None, _) => {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User id reserved by appservice.",
ErrorKind::Unknown,
"Token login is not supported (server has no jwt decoding key).",
));
}
user_id
} else {
return Err(Error::BadRequest(
ErrorKind::Unknown,
"Token login is not supported (server has no jwt decoding key).",
));
}
}
login::v3::LoginInfo::ApplicationService(login::v3::ApplicationService {
identifier,
user,