plate/telodendria
1
0
Fork 0
forked from lda/telodendria
Code Pull requests Activity Actions

[WIP] Replace UserInteractiveAuth with a new Uia API.

Browse source 
Uia is a lot less characters to type. Do note that this API is far from
complete and this commit breaks user interactive authentication entirely.
This commit is contained in:
Jordan Bancino 2023-02-19 14:58:56 +00:00
parent d81e8f3a32
commit 3bbff5379f
6 changed files with 350 additions and 162 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
TODO.txt
View file

@ -19,11 +19,11 @@ Milestone: v0.2.0
[ ] Logout [ ] Logout
[ ] Logout all [ ] Logout all
[ ] Login fallback (static HTML page) [ ] Login fallback (static HTML page)
[ ] User Interactive [~] User Interactive
[ ] Passwords [ ] Passwords
[ ] Registration tokens [ ] Registration tokens
[ ] Caller builds flows [~] Caller builds flows
[ ] Document UserInteractiveAuth (move docs from Matrix) [ ] Document Uia (move docs from Matrix)
[x] Non-JSON endpoints [x] Non-JSON endpoints
[x] Home page (like Synapse's "it works!") [x] Home page (like Synapse's "it works!")

23
src/Routes/RouteRegister.c
View file

@ -31,7 +31,7 @@
#include <Memory.h> #include <Memory.h>
#include <User.h> #include <User.h>
#include <UserInteractiveAuth.h> #include <Uia.h>
ROUTE_IMPL(RouteRegister, args) ROUTE_IMPL(RouteRegister, args)
{ {
@ -54,6 +54,9 @@ ROUTE_IMPL(RouteRegister, args)
User *user = NULL; User *user = NULL;
Array *uiaFlows;
int uiaResult;
if (MATRIX_PATH_PARTS(args->path) == 0) if (MATRIX_PATH_PARTS(args->path) == 0)
{ {
if (HttpRequestMethodGet(args->context) != HTTP_POST) if (HttpRequestMethodGet(args->context) != HTTP_POST)
@ -102,11 +105,23 @@ ROUTE_IMPL(RouteRegister, args)
} }
} }
response = UserInteractiveAuth(args->context, uiaFlows = ArrayCreate();
args->matrixArgs->db, request); ArrayAdd(uiaFlows, UiaDummyFlow());
if (response) /* TODO: Add registration token flow */
uiaResult = UiaComplete(uiaFlows, args->context,
args->matrixArgs->db, request, &response);
if (uiaResult < 0)
{ {
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN);
goto finish;
}
else if (!uiaResult)
{
/* UiaComplete() sets the response and status for us. */
goto finish; goto finish;
} }

4
src/Telodendria.c
View file

@ -42,7 +42,7 @@
#include <Matrix.h> #include <Matrix.h>
#include <Db.h> #include <Db.h>
#include <Cron.h> #include <Cron.h>
#include <UserInteractiveAuth.h> #include <Uia.h>
const char const char
TelodendriaLogo[TELODENDRIA_LOGO_HEIGHT][TELODENDRIA_LOGO_WIDTH] = { TelodendriaLogo[TELODENDRIA_LOGO_HEIGHT][TELODENDRIA_LOGO_WIDTH] = {
@ -558,7 +558,7 @@ main(int argc, char **argv)
Log(lc, LOG_DEBUG, "Registering jobs..."); Log(lc, LOG_DEBUG, "Registering jobs...");
CronEvery(cron, 30 * 60 * 1000, (JobFunc *) UserInteractiveAuthCleanup, &matrixArgs); CronEvery(cron, 30 * 60 * 1000, (JobFunc *) UiaCleanup, &matrixArgs);
Log(lc, LOG_NOTICE, "Starting job scheduler..."); Log(lc, LOG_NOTICE, "Starting job scheduler...");
CronStart(cron); CronStart(cron);

311
src/Uia.c Normal file
View file

@ -0,0 +1,311 @@
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <Uia.h>
#include <string.h>
#include <Memory.h>
#include <Array.h>
#include <Json.h>
#include <Str.h>
#include <Matrix.h>
struct UiaStage
{
char *type;
HashMap *params;
};
static HashMap *
BuildFlows(Array *flows)
{
HashMap *response;
Array *responseFlows;
HashMap *responseParams;
size_t i, j;
if (!flows)
{
return NULL;
}
response = HashMapCreate();
if (!response)
{
return NULL;
}
responseFlows = ArrayCreate();
if (!responseFlows)
{
HashMapFree(response);
return NULL;
}
responseParams = HashMapCreate();
if (!responseParams)
{
HashMapFree(response);
ArrayFree(responseFlows);
return NULL;
}
HashMapSet(response, "flows", JsonValueArray(responseFlows));
HashMapSet(response, "params", JsonValueObject(responseParams));
for (i = 0; i < ArraySize(flows); i++)
{
Array *stages = ArrayGet(flows, i);
HashMap *responseFlow = HashMapCreate();
Array *responseStages = ArrayCreate();
HashMapSet(responseFlow, "stages", JsonValueArray(responseStages));
ArrayAdd(responseFlows, JsonValueObject(responseFlow));
for (j = 0; j < ArraySize(stages); j++)
{
UiaStage *stage = ArrayGet(stages, i);
ArrayAdd(responseStages, JsonValueString(StrDuplicate(stage->type)));
if (stage->params)
{
JsonValueFree(HashMapSet(responseParams, StrDuplicate(stage->type), JsonValueObject(stage->params)));
}
}
}
return response;
}
static int
BuildResponse(Array *flows, char *session, Db *db, HashMap **response)
{
DbRef *ref;
HashMap *json;
*response = BuildFlows(flows);
if (!*response)
{
return -1;
}
if (!session)
{
session = StrRandom(16);
if (!session)
{
JsonFree(*response);
return -1;
}
ref = DbCreate(db, 2, "user_interactive", session);
if (!ref)
{
Free(session);
JsonFree(*response);
return -1;
}
json = DbJson(ref);
HashMapSet(json, "completed", JsonValueArray(ArrayCreate()));
DbUnlock(db, ref);
HashMapSet(*response, "completed", JsonValueArray(ArrayCreate()));
}
else
{
Array *completed = ArrayCreate();
Array *dbCompleted;
size_t i;
if (!completed)
{
JsonFree(*response);
return -1;
}
ref = DbLock(db, 2, "user_interactive", session);
if (!ref)
{
JsonFree(*response);
ArrayFree(completed);
return -1;
}
json = DbJson(ref);
dbCompleted = JsonValueAsArray(HashMapGet(json, "completed"));
for (i = 0; i < ArraySize(dbCompleted); i++)
{
char *stage = JsonValueAsString(ArrayGet(dbCompleted, i));
ArrayAdd(completed, JsonValueString(StrDuplicate(stage)));
}
HashMapSet(*response, "completed", JsonValueArray(completed));
DbUnlock(db, ref);
}
HashMapSet(*response, "session", JsonValueString(session));
return 0;
}
Array *
UiaDummyFlow(void)
{
Array *response = ArrayCreate();
if (!response)
{
return NULL;
}
ArrayAdd(response, UiaBuildStage("m.login.dummy", NULL));
return response;
}
UiaStage *
UiaBuildStage(char *type, HashMap *params)
{
UiaStage *stage = Malloc(sizeof(UiaStage));
if (!stage)
{
return NULL;
}
stage->type = type;
stage->params = params;
return stage;
}
int
UiaComplete(Array *flows, HttpServerContext * context, Db * db,
HashMap * request, HashMap ** response)
{
JsonValue *val;
HashMap *auth;
char *session;
char *authType;
DbRef *dbRef;
HashMap *dbJson;
size_t i, j;
int ret = 0;
if (!flows)
{
return -1;
}
if (!context || !db || !request || !response)
{
ret = -1;
goto finish;
}
val = HashMapGet(request, "auth");
if (!val)
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
ret = BuildResponse(flows, NULL, db, response);
goto finish;
}
if (JsonValueType(val) != JSON_OBJECT)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON);
ret = 0;
goto finish;
}
auth = JsonValueAsObject(val);
val = HashMapGet(request, "session");
if (!val || JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON);
ret = 0;
goto finish;
}
session = JsonValueAsString(val);
val = HashMapGet(auth, "type");
if (!val || JsonValueType(val) != JSON_STRING)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON);
ret = 0;
goto finish;
}
authType = JsonValueAsString(val);
dbRef = DbLock(db, 2, "user_interactive", session);
if (!dbRef)
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
ret = BuildResponse(flows, StrDuplicate(session), db, response);
goto finish;
}
dbJson = DbJson(dbRef);
DbUnlock(db, dbRef);
ret = 1;
finish:
for (i = 0; i < ArraySize(flows); i++)
{
Array *stages = ArrayGet(flows, i);
for (j = 0; j < ArraySize(stages); j++)
{
UiaStage *stage = ArrayGet(stages, j);
Free(stage); /* Members are referenced elsewhere */
}
ArrayFree(stages);
}
ArrayFree(flows);
return ret;
}
void
UiaCleanup(MatrixHttpHandlerArgs * args)
{
Log(args->lc, LOG_DEBUG, "Purging old user interactive auth sessions...");
if (!DbDelete(args->db, 1, "user_interactive"))
{
Log(args->lc, LOG_ERR, "Failed to purge user_interactive.");
}
}

147
src/UserInteractiveAuth.c
View file

@ -1,147 +0,0 @@
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <UserInteractiveAuth.h>
#include <Json.h>
#include <Str.h>
#include <Matrix.h>
#include <string.h>
static HashMap *
BuildDummyFlow(void)
{
HashMap *response = HashMapCreate();
HashMap *dummyFlow = HashMapCreate();
Array *stages = ArrayCreate();
Array *flows = ArrayCreate();
ArrayAdd(stages,
JsonValueString(StrDuplicate("m.login.dummy")));
HashMapSet(dummyFlow, "stages", JsonValueArray(stages));
ArrayAdd(flows, JsonValueObject(dummyFlow));
HashMapSet(response, "flows", JsonValueArray(flows));
HashMapSet(response, "params",
JsonValueObject(HashMapCreate()));
return response;
}
HashMap *
UserInteractiveAuth(HttpServerContext * context, Db * db,
HashMap * request)
{
JsonValue *auth;
JsonValue *type;
JsonValue *session;
HashMap *authObj;
char *typeStr;
char *sessionStr;
DbRef *ref;
auth = HashMapGet(request, "auth");
if (!auth)
{
HashMap *response = NULL;
HashMap *persist;
char *sessionRand = StrRandom(24);
ref = DbLock(db, 1, "user_interactive");
if (!ref)
{
ref = DbCreate(db, 1, "user_interactive");
}
persist = DbJson(ref);
HashMapSet(persist, sessionRand, JsonValueNull());
DbUnlock(db, ref);
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
response = BuildDummyFlow();
HashMapSet(response, "session",
JsonValueString(StrDuplicate(sessionRand)));
return response;
}
if (JsonValueType(auth) != JSON_OBJECT)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_BAD_JSON);
}
authObj = JsonValueAsObject(auth);
type = HashMapGet(authObj, "type");
session = HashMapGet(authObj, "session");
if (!type || JsonValueType(type) != JSON_STRING)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_BAD_JSON);
}
if (!session || JsonValueType(session) != JSON_STRING)
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
return BuildDummyFlow();
}
typeStr = JsonValueAsString(type);
sessionStr = JsonValueAsString(session);
if (strcmp(typeStr, "m.login.dummy") != 0)
{
HttpResponseStatus(context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_INVALID_PARAM);
}
ref = DbLock(db, 1, "user_interactive");
/* Check to see if session exists */
if (!ref || !HashMapGet(DbJson(ref), sessionStr))
{
DbUnlock(db, ref);
HttpResponseStatus(context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNKNOWN);
}
/* We only need to know that it exists. */
DbUnlock(db, ref);
return NULL; /* All good, auth successful */
}
void
UserInteractiveAuthCleanup(MatrixHttpHandlerArgs * args)
{
Log(args->lc, LOG_DEBUG, "Purging old user interactive auth sessions...");
if (!DbDelete(args->db, 1, "user_interactive"))
{
Log(args->lc, LOG_ERR, "Failed to purge user_interactive.");
}
}

21
src/include/UserInteractiveAuth.h → src/include/Uia.h
View file

@ -21,17 +21,26 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
#ifndef TELODENDRIA_USERINTERACTIVEAUTH_H #ifndef TELODENDRIA_UIA_H
#define TELODENDRIA_USERINTERACTIVEAUTH_H #define TELODENDRIA_UIA_H
#include <Array.h>
#include <HashMap.h> #include <HashMap.h>
#include <HttpServer.h> #include <HttpServer.h>
#include <Matrix.h> #include <Matrix.h>
extern void typedef struct UiaStage UiaStage;
UserInteractiveAuthCleanup(MatrixHttpHandlerArgs *);
extern HashMap * extern UiaStage *
UserInteractiveAuth(HttpServerContext *, Db *, HashMap *); UiaBuildStage(char *, HashMap *);
extern Array *
UiaDummyFlow(void);
extern void
UiaCleanup(MatrixHttpHandlerArgs *);
extern int
UiaComplete(Array *stages, HttpServerContext *, Db *, HashMap *, HashMap **);
#endif #endif