continuwuity/src/service/uiaa/mod.rs

mod data;

pub use data::Data;

use ruma::{
    api::client::{
        error::ErrorKind,
        uiaa::{AuthType, IncomingAuthData, IncomingPassword, IncomingUserIdentifier, UiaaInfo},
    },
    CanonicalJsonValue, DeviceId, UserId,
};
use tracing::error;

use crate::{api::client_server::SESSION_ID_LENGTH, services, utils, Error, Result};

pub struct Service {
    pub db: &'static dyn Data,
}

impl Service {
    /// Creates a new Uiaa session. Make sure the session token is unique.
    pub fn create(
        &self,
        user_id: &UserId,
        device_id: &DeviceId,
        uiaainfo: &UiaaInfo,
        json_body: &CanonicalJsonValue,
    ) -> Result<()> {
        self.db.set_uiaa_request(
            user_id,
            device_id,
            uiaainfo.session.as_ref().expect("session should be set"), // TODO: better session error handling (why is it optional in ruma?)
            json_body,
        )?;
        self.db.update_uiaa_session(
            user_id,
            device_id,
            uiaainfo.session.as_ref().expect("session should be set"),
            Some(uiaainfo),
        )
    }

    pub fn try_auth(
        &self,
        user_id: &UserId,
        device_id: &DeviceId,
        auth: &IncomingAuthData,
        uiaainfo: &UiaaInfo,
    ) -> Result<(bool, UiaaInfo)> {
        let mut uiaainfo = auth
            .session()
            .map(|session| self.db.get_uiaa_session(user_id, device_id, session))
            .unwrap_or_else(|| Ok(uiaainfo.clone()))?;

        if uiaainfo.session.is_none() {
            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
        }

        match auth {
            // Find out what the user completed
            IncomingAuthData::Password(IncomingPassword {
                identifier,
                password,
                ..
            }) => {
                let username = match identifier {
                    IncomingUserIdentifier::UserIdOrLocalpart(username) => username,
                    _ => {
                        return Err(Error::BadRequest(
                            ErrorKind::Unrecognized,
                            "Identifier type not recognized.",
                        ))
                    }
                };

                let user_id = UserId::parse_with_server_name(
                    username.clone(),
                    services().globals.server_name(),
                )
                .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "User ID is invalid."))?;

                // Check if password is correct
                if let Some(hash) = services().users.password_hash(&user_id)? {
                    let hash_matches =
                        argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false);

                    if !hash_matches {
                        uiaainfo.auth_error = Some(ruma::api::client::error::ErrorBody {
                            kind: ErrorKind::Forbidden,
                            message: "Invalid username or password.".to_owned(),
                        });
                        return Ok((false, uiaainfo));
                    }
                }

                // Password was correct! Let's add it to `completed`
                uiaainfo.completed.push(AuthType::Password);
            }
            IncomingAuthData::Dummy(_) => {
                uiaainfo.completed.push(AuthType::Dummy);
            }
            k => error!("type not supported: {:?}", k),
        }

        // Check if a flow now succeeds
        let mut completed = false;
        'flows: for flow in &mut uiaainfo.flows {
            for stage in &flow.stages {
                if !uiaainfo.completed.contains(stage) {
                    continue 'flows;
                }
            }
            // We didn't break, so this flow succeeded!
            completed = true;
        }

        if !completed {
            self.db.update_uiaa_session(
                user_id,
                device_id,
                uiaainfo.session.as_ref().expect("session is always set"),
                Some(&uiaainfo),
            )?;
            return Ok((false, uiaainfo));
        }

        // UIAA was successful! Remove this session and return true
        self.db.update_uiaa_session(
            user_id,
            device_id,
            uiaainfo.session.as_ref().expect("session is always set"),
            None,
        )?;
        Ok((true, uiaainfo))
    }

    pub fn get_uiaa_request(
        &self,
        user_id: &UserId,
        device_id: &DeviceId,
        session: &str,
    ) -> Option<CanonicalJsonValue> {
        self.db.get_uiaa_request(user_id, device_id, session)
    }
}
refactor state accessor, state cache, user, uiaa 2022-08-14 13:38:21 +02:00			`mod data;`
cargo fix 2022-10-08 13:04:55 +02:00
refactor state accessor, state cache, user, uiaa 2022-08-14 13:38:21 +02:00			`pub use data::Data;`
Fixed more compile time errors 2022-09-07 13:25:51 +02:00
cargo fmt 2022-10-05 20:34:31 +02:00			`use ruma::{`
			`api::client::{`
			`error::ErrorKind,`
			`uiaa::{AuthType, IncomingAuthData, IncomingPassword, IncomingUserIdentifier, UiaaInfo},`
			`},`
Bump ruma 2022-10-09 17:25:06 +02:00			`CanonicalJsonValue, DeviceId, UserId,`
cargo fmt 2022-10-05 20:34:31 +02:00			`};`
fix: some compile time errors Only 174 errors left! 2022-09-06 23:15:09 +02:00			`use tracing::error;`
feat: swappable database backend 2021-06-08 18:10:00 +02:00
cargo fmt 2022-10-05 20:34:31 +02:00			`use crate::{api::client_server::SESSION_ID_LENGTH, services, utils, Error, Result};`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00
messing with trait objects 2022-10-05 12:45:54 +02:00			`pub struct Service {`
0 errors left! 2022-10-08 13:02:52 +02:00			`pub db: &'static dyn Data,`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`

messing with trait objects 2022-10-05 12:45:54 +02:00			`impl Service {`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`/// Creates a new Uiaa session. Make sure the session token is unique.`
Update to latest ruma/master rev 2020-07-25 14:25:24 -04:00			`pub fn create(`
			`&self,`
			`user_id: &UserId,`
			`device_id: &DeviceId,`
			`uiaainfo: &UiaaInfo,`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`json_body: &CanonicalJsonValue,`
Update to latest ruma/master rev 2020-07-25 14:25:24 -04:00			`) -> Result<()> {`
37 errors left 2022-10-05 20:33:55 +02:00			`self.db.set_uiaa_request(`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`user_id,`
			`device_id,`
			`uiaainfo.session.as_ref().expect("session should be set"), // TODO: better session error handling (why is it optional in ruma?)`
			`json_body,`
			`)?;`
37 errors left 2022-10-05 20:33:55 +02:00			`self.db.update_uiaa_session(`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`user_id,`
			`device_id,`
			`uiaainfo.session.as_ref().expect("session should be set"),`
			`Some(uiaainfo),`
			`)`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`

			`pub fn try_auth(`
			`&self,`
			`user_id: &UserId,`
Update to latest ruma/master rev 2020-07-25 14:25:24 -04:00			`device_id: &DeviceId,`
Keep track of State at event for state resolution feat: first steps towards joining rooms over federation Add state-res as a dependency of conduit Add reverse_topological_power_sort before append_pdu Implement statehashstatid_pduid tree for keeping track of state Clean up implementation of state_hash as key for tracking state 2020-08-06 08:29:59 -04:00			`auth: &IncomingAuthData,`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`uiaainfo: &UiaaInfo,`
			`) -> Result<(bool, UiaaInfo)> {`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`let mut uiaainfo = auth`
			`.session()`
37 errors left 2022-10-05 20:33:55 +02:00			`.map(\|session\| self.db.get_uiaa_session(user_id, device_id, session))`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`.unwrap_or_else(\|\| Ok(uiaainfo.clone()))?;`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`if uiaainfo.session.is_none() {`
			`uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));`
			`}`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`match auth {`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`// Find out what the user completed`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`IncomingAuthData::Password(IncomingPassword {`
			`identifier,`
			`password,`
			`..`
			`}) => {`
			`let username = match identifier {`
Fixed more compile time errors 2022-09-07 13:25:51 +02:00			`IncomingUserIdentifier::UserIdOrLocalpart(username) => username,`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`_ => {`
refactor: better error handling 2020-06-09 15:13:17 +02:00			`return Err(Error::BadRequest(`
			`ErrorKind::Unrecognized,`
			`"Identifier type not recognized.",`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`))`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`};`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00
cargo fmt 2022-10-05 20:34:31 +02:00			`let user_id = UserId::parse_with_server_name(`
			`username.clone(),`
			`services().globals.server_name(),`
			`)`
			`.map_err(\|_\| Error::BadRequest(ErrorKind::InvalidParam, "User ID is invalid."))?;`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00
			`// Check if password is correct`
Fixed more compile time errors 2022-09-07 13:25:51 +02:00			`if let Some(hash) = services().users.password_hash(&user_id)? {`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`let hash_matches =`
			`argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false);`

			`if !hash_matches {`
			`uiaainfo.auth_error = Some(ruma::api::client::error::ErrorBody {`
			`kind: ErrorKind::Forbidden,`
			`message: "Invalid username or password.".to_owned(),`
			`});`
			`return Ok((false, uiaainfo));`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`
			`}`

improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			// Password was correct! Let's add it to `completed`
Upgrade Ruma Co-authored-by: Timo Kösters <timo@koesters.xyz> 2021-10-13 10:16:45 +02:00			`uiaainfo.completed.push(AuthType::Password);`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`}`
			`IncomingAuthData::Dummy(_) => {`
Upgrade Ruma Co-authored-by: Timo Kösters <timo@koesters.xyz> 2021-10-13 10:16:45 +02:00			`uiaainfo.completed.push(AuthType::Dummy);`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`k => error!("type not supported: {:?}", k),`
			`}`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`// Check if a flow now succeeds`
			`let mut completed = false;`
			`'flows: for flow in &mut uiaainfo.flows {`
			`for stage in &flow.stages {`
			`if !uiaainfo.completed.contains(stage) {`
			`continue 'flows;`
			`}`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`// We didn't break, so this flow succeeded!`
			`completed = true;`
			`}`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`if !completed {`
37 errors left 2022-10-05 20:33:55 +02:00			`self.db.update_uiaa_session(`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`user_id,`
			`device_id,`
			`uiaainfo.session.as_ref().expect("session is always set"),`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`Some(&uiaainfo),`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`)?;`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`return Ok((false, uiaainfo));`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00
			`// UIAA was successful! Remove this session and return true`
37 errors left 2022-10-05 20:33:55 +02:00			`self.db.update_uiaa_session(`
improvement: faster incoming transaction handling 2021-08-19 11:01:18 +02:00			`user_id,`
			`device_id,`
			`uiaainfo.session.as_ref().expect("session is always set"),`
			`None,`
			`)?;`
			`Ok((true, uiaainfo))`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`

improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`pub fn get_uiaa_request(`
			`&self,`
			`user_id: &UserId,`
			`device_id: &DeviceId,`
			`session: &str,`
Remove unnecessary Result 2022-01-19 23:56:55 +01:00			`) -> Option<CanonicalJsonValue> {`
refactor state accessor, state cache, user, uiaa 2022-08-14 13:38:21 +02:00			`self.db.get_uiaa_request(user_id, device_id, session)`
improvement: uiaa works like in synapse 2021-05-04 19:03:18 +02:00			`}`
feat: user interactive authentication 2020-06-06 18:44:50 +02:00			`}`