Compare commits

...

3 commits

6 changed files with 158 additions and 134 deletions

View file

@ -0,0 +1,14 @@
{
"header": "Schema\/AdminDeactivate.h",
"types": {
"DeactivateRequest": {
"fields": {
"reason": {
"type": "string"
}
},
"type": "struct"
}
},
"guard": "TELODENDRIA_SCHEMA_ADMINDEACTIVATE_H"
}

17
Schema/Registration.json Normal file
View file

@ -0,0 +1,17 @@
{
"header": "Schema\/Registration.h",
"types": {
"RegistrationRequest": {
"fields": {
"username": { "type": "string" },
"password": { "type": "string" },
"device_id": { "type": "string" },
"inhibit_login": { "type": "boolean" },
"initial_device_display_name": { "type": "string" },
"refresh_token": { "type": "boolean" }
},
"type": "struct"
}
},
"guard": "TELODENDRIA_SCHEMA_REGISTRATION_H"
}

21
Schema/RequestToken.json Normal file
View file

@ -0,0 +1,21 @@
{
"header": "Schema\/RequestToken.h",
"types": {
"RequestToken": {
"fields": {
"client_secret": { "type": "string" },
"send_attempt": { "type": "integer" },
"next_link": { "type": "string" },
"id_access_token": { "type": "string" },
"id_server": { "type": "string" },
"email": { "type": "string" },
"country": { "type": "string" },
"phone_number": { "type": "string" }
},
"type": "struct"
}
},
"guard": "TELODENDRIA_SCHEMA_REQUESTTOKEN_H"
}

View file

@ -28,7 +28,8 @@
#include <Cytoplasm/Str.h>
#include <User.h>
#include <Cytoplasm/Log.h>
#include <Schema/AdminDeactivate.h>
ROUTE_IMPL(RouteAdminDeactivate, path, argp)
{
@ -38,6 +39,7 @@ ROUTE_IMPL(RouteAdminDeactivate, path, argp)
JsonValue *val;
char *reason = "Deactivated by admin";
char *err;
char *removedLocalpart = ArrayGet(path, 0);
char *token;
@ -48,6 +50,8 @@ ROUTE_IMPL(RouteAdminDeactivate, path, argp)
HttpRequestMethod method = HttpRequestMethodGet(args->context);
DeactivateRequest deactReq;
if ((method != HTTP_DELETE) && (method != HTTP_PUT))
{
char * msg = "Route only supports DELETE and PUT as for now.";
@ -63,10 +67,10 @@ ROUTE_IMPL(RouteAdminDeactivate, path, argp)
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_NOT_JSON, NULL);
}
val = HashMapGet(request, "reason");
if (val && JsonValueType(val) == JSON_STRING)
if (!DeactivateRequestFromJson(request, &deactReq, &err))
{
reason = JsonValueAsString(val);
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_BAD_JSON, err);
}
}
@ -100,7 +104,7 @@ ROUTE_IMPL(RouteAdminDeactivate, path, argp)
response = HashMapCreate();
JsonSet(response, JsonValueString(removedLocalpart), 1, "user");
JsonSet(response, JsonValueString(reason), 1, "reason");
JsonSet(response, JsonValueString(deactReq.reason), 1, "reason");
JsonSet(response, JsonValueString(UserGetName(user)), 1, "banned_by");
}
else
@ -112,6 +116,7 @@ ROUTE_IMPL(RouteAdminDeactivate, path, argp)
finish:
UserUnlock(user);
UserUnlock(removed);
DeactivateRequestFree(&deactReq);
JsonFree(request);
return response;
}

View file

@ -30,6 +30,8 @@
#include <Cytoplasm/Str.h>
#include <Cytoplasm/Memory.h>
#include <Schema/Registration.h>
#include <User.h>
#include <Uia.h>
#include <RegToken.h>
@ -55,22 +57,15 @@ ROUTE_IMPL(RouteRegister, path, argp)
HashMap *request = NULL;
HashMap *response = NULL;
JsonValue *val;
RegistrationRequest regReq;
char *kind;
char *username = NULL;
char *password = NULL;
char *initialDeviceDisplayName = NULL;
int refreshToken = 0;
int inhibitLogin = 0;
char *deviceId = NULL;
char *fullUsername;
char *msg;
char *username;
Db *db = args->matrixArgs->db;
User *user = NULL;
Array *uiaFlows = NULL;
int uiaResult;
@ -79,6 +74,16 @@ ROUTE_IMPL(RouteRegister, path, argp)
Config *config = ConfigLock(db);
regReq.username = NULL;
regReq.password = NULL;
regReq.device_id = NULL;
regReq.initial_device_display_name = NULL;
regReq.refresh_token = 0;
regReq.inhibit_login = 0;
if (!config)
{
Log(LOG_ERR, "Registration endpoint failed to lock configuration.");
@ -102,26 +107,23 @@ ROUTE_IMPL(RouteRegister, path, argp)
response = MatrixErrorCreate(M_NOT_JSON, NULL);
goto end;
}
val = HashMapGet(request, "username");
if (val)
if (!RegistrationRequestFromJson(request, &regReq, &msg))
{
if (JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
username = StrDuplicate(JsonValueAsString(val));
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_NOT_JSON, msg);
goto end;
}
if (!UserValidate(username, config->serverName))
if (regReq.username)
{
if (!UserValidate(regReq.username, config->serverName))
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_USERNAME, NULL);
goto finish;
}
if (UserExists(db, username))
if (UserExists(db, regReq.username))
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_USER_IN_USE, NULL);
@ -158,99 +160,44 @@ ROUTE_IMPL(RouteRegister, path, argp)
/* We don't support guest accounts yet */
if (kind && !StrEquals(kind, "user"))
{
msg = "Guest accounts are currently not supported";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_INVALID_PARAM, NULL);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
val = HashMapGet(request, "password");
if (!val)
if (!regReq.password)
{
msg = "'password' field is unset";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_MISSING_PARAM, NULL);
response = MatrixErrorCreate(M_MISSING_PARAM, msg);
goto finish;
}
if (JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
/* All of the other fields are optional, we don't have to check
* them. */
password = StrDuplicate(JsonValueAsString(val));
val = HashMapGet(request, "device_id");
if (val)
{
if (JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
deviceId = StrDuplicate(JsonValueAsString(val));
}
val = HashMapGet(request, "inhibit_login");
if (val)
{
if (JsonValueType(val) != JSON_BOOLEAN)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
inhibitLogin = JsonValueAsBoolean(val);
}
val = HashMapGet(request, "initial_device_display_name");
if (val)
{
if (JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
initialDeviceDisplayName = StrDuplicate(JsonValueAsString(val));
}
val = HashMapGet(request, "refresh_token");
if (val)
{
if (JsonValueType(val) != JSON_BOOLEAN)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
goto finish;
}
refreshToken = JsonValueAsBoolean(val);
}
user = UserCreate(db, username, password);
user = UserCreate(db, regReq.username, regReq.password);
response = HashMapCreate();
fullUsername = StrConcat(4, "@", UserGetName(user), ":", config->serverName);
fullUsername = StrConcat(4,
"@", UserGetName(user), ":", config->serverName);
HashMapSet(response, "user_id", JsonValueString(fullUsername));
Free(fullUsername);
HttpResponseStatus(args->context, HTTP_OK);
if (!inhibitLogin)
if (!regReq.inhibit_login)
{
UserLoginInfo *loginInfo = UserLogin(user, password, deviceId,
initialDeviceDisplayName, refreshToken);
UserLoginInfo *loginInfo = UserLogin(user, regReq.password,
regReq.device_id, regReq.initial_device_display_name,
regReq.refresh_token);
HashMapSet(response, "access_token",
JsonValueString(loginInfo->accessToken->string));
HashMapSet(response, "device_id",
JsonValueString(loginInfo->accessToken->deviceId));
if (refreshToken)
if (regReq.refresh_token)
{
HashMapSet(response, "expires_in_ms",
JsonValueInteger(loginInfo->accessToken->lifetime));
@ -294,10 +241,7 @@ ROUTE_IMPL(RouteRegister, path, argp)
UserUnlock(user);
finish:
UiaFlowsFree(uiaFlows);
Free(username);
Free(password);
Free(deviceId);
Free(initialDeviceDisplayName);
RegistrationRequestFree(&regReq);
JsonFree(request);
}
else

View file

@ -26,14 +26,31 @@
#include <Cytoplasm/Str.h>
#include <Cytoplasm/Json.h>
#include <Schema/RequestToken.h>
ROUTE_IMPL(RouteRequestToken, path, argp)
{
RouteArgs *args = argp;
char *type = ArrayGet(path, 0);
HashMap *request;
HashMap *response;
JsonValue *val;
char *str;
char *msg;
RequestToken reqTok;
Int64 minusOne = Int64Neg(Int64Create(0, 1));
reqTok.client_secret = NULL;
reqTok.next_link = NULL;
reqTok.id_access_token = NULL;
reqTok.id_server = NULL;
reqTok.email = NULL;
reqTok.country = NULL;
reqTok.phone_number = NULL;
reqTok.send_attempt = minusOne;
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
@ -48,87 +65,92 @@ ROUTE_IMPL(RouteRequestToken, path, argp)
return MatrixErrorCreate(M_NOT_JSON, NULL);
}
val = HashMapGet(request, "client_secret");
if (!val || JsonValueType(val) != JSON_STRING)
if (!RequestTokenFromJson(request, &reqTok, &msg))
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
str = JsonValueAsString(val);
if (strlen(str) > 255 || StrBlank(str))
if (!reqTok.client_secret)
{
msg = "'client_secret' is not set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
val = HashMapGet(request, "send_attempt");
if (!val || JsonValueType(val) != JSON_INTEGER)
if (strlen(reqTok.client_secret) > 255 || StrBlank(reqTok.client_secret))
{
msg = "'client_secret' is blank or too long";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
val = HashMapGet(request, "next_link");
if (val && JsonValueType(val) != JSON_STRING)
if (Int64Eq(reqTok.send_attempt, minusOne))
{
msg = "Invalid or inexistent 'send_attempt'";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
val = HashMapGet(request, "id_access_token");
if (val && JsonValueType(val) != JSON_STRING)
if (!reqTok.next_link)
{
msg = "'next_link' is not set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
val = HashMapGet(request, "id_server");
if (val && JsonValueType(val) != JSON_STRING)
if (!reqTok.id_access_token)
{
msg = "'id_access_token' is not set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
if (!reqTok.id_server)
{
msg = "'id_server' is not set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
if (StrEquals(type, "email"))
{
val = HashMapGet(request, "email");
if (val && JsonValueType(val) != JSON_STRING)
if (!reqTok.email)
{
msg = "Type is set to 'email' yet none was set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
}
else if (StrEquals(type, "msisdn"))
{
val = HashMapGet(request, "country");
if (val && JsonValueType(val) != JSON_STRING)
if (!reqTok.country)
{
msg = "Type is set to 'msisdn' yet no country is set";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
str = JsonValueAsString(val);
if (strlen(str) != 2)
if (strlen(reqTok.country) != 2)
{
msg = "Invalid country tag, length must be 2";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
val = HashMapGet(request, "phone_number");
if (val && JsonValueType(val) != JSON_STRING)
if (!reqTok.phone_number)
{
msg = "Type is set to 'msisdn' yet phone_number is unset";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
}
@ -145,5 +167,6 @@ ROUTE_IMPL(RouteRequestToken, path, argp)
finish:
JsonFree(request);
RequestTokenFree(&reqTok);
return response;
}