forked from lda/telodendria
Implement password-based user interactive authentication.
This commit is contained in:
parent
e2806bc810
commit
fae9eb4473
5 changed files with 64 additions and 26 deletions
31
TODO.txt
31
TODO.txt
|
@ -13,9 +13,6 @@ Milestone: v0.2.0
|
|||
|
||||
[ ] Abstract /email/requestToken and /msidsn/requestToken
|
||||
|
||||
[x] Json API
|
||||
[x] Trailing commas should not be allowed in arrays and objects
|
||||
[x] Fix empty arrays not parsing
|
||||
[~] Db API
|
||||
[x] If object is in cache, but doesn't exist on disk, delete from cache
|
||||
[ ] Allow cache to be totally disabled (no MIN_CACHE_SIZE)
|
||||
|
@ -26,25 +23,13 @@ Milestone: v0.2.0
|
|||
[x] Delete refresh token if present
|
||||
[ ] Logout all
|
||||
[ ] Login fallback (static HTML page)
|
||||
[~] User Interactive
|
||||
[ ] Passwords
|
||||
[ ] Registration tokens
|
||||
[~] Caller builds flows
|
||||
[ ] Document Uia (move docs from Matrix)
|
||||
[x] Non-JSON endpoints
|
||||
[x] Home page (like Synapse's "it works!")
|
||||
[x] User Interactive
|
||||
[x] Passwords
|
||||
[x] Caller builds flows
|
||||
|
||||
[ ] Document new User functions
|
||||
[ ] Document new JSON functions
|
||||
|
||||
[x] Refactor usage of StrDuplicate()
|
||||
- Functions that keep strings do the duplication,
|
||||
NOT their callers; callers free strings when they are
|
||||
done with them.
|
||||
[x] Remove HashMapGetKey() function
|
||||
[x] HashMap
|
||||
[x] JsonValueString()
|
||||
[x] Db
|
||||
[ ] Document Uia (move docs from Matrix)
|
||||
|
||||
Milestone: v0.3.0
|
||||
-----------------
|
||||
|
@ -55,10 +40,16 @@ Milestone: v0.3.0
|
|||
[ ] Multi-output
|
||||
[ ] HTTP Client
|
||||
|
||||
[ ] Move configuration to database
|
||||
- How is the initial configuration done?
|
||||
[ ] /_telodendria/admin/config endpoint
|
||||
[ ] Refactor TelodendriaConfig to just Config (ConfigLock() and ConfigUnlock())
|
||||
|
||||
[ ] Client-Server API
|
||||
[ ] 4: Token-based user registration
|
||||
[ ] Refactor user-interactive auth flow
|
||||
[ ] Implement user-interactive auth flow
|
||||
[ ] Token validity endpoint
|
||||
[ ] Add m.login.registration_token to registration endpoint flow
|
||||
[ ] 4: Account management
|
||||
[ ] Deactivate
|
||||
[ ] Change password
|
||||
|
|
|
@ -112,7 +112,8 @@ ROUTE_IMPL(RouteRegister, args)
|
|||
/* TODO: Add registration token flow */
|
||||
|
||||
uiaResult = UiaComplete(uiaFlows, args->context,
|
||||
args->matrixArgs->db, request, &response);
|
||||
args->matrixArgs->db, request, &response,
|
||||
args->matrixArgs->config);
|
||||
|
||||
if (uiaResult < 0)
|
||||
{
|
||||
|
|
50
src/Uia.c
50
src/Uia.c
|
@ -31,6 +31,7 @@
|
|||
#include <Str.h>
|
||||
|
||||
#include <Matrix.h>
|
||||
#include <User.h>
|
||||
|
||||
struct UiaStage
|
||||
{
|
||||
|
@ -201,7 +202,7 @@ UiaBuildStage(char *type, HashMap * params)
|
|||
|
||||
int
|
||||
UiaComplete(Array * flows, HttpServerContext * context, Db * db,
|
||||
HashMap * request, HashMap ** response)
|
||||
HashMap * request, HashMap ** response, TelodendriaConfig * config)
|
||||
{
|
||||
JsonValue *val;
|
||||
HashMap *auth;
|
||||
|
@ -334,7 +335,52 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
|
|||
}
|
||||
else if (strcmp(authType, "m.login.password") == 0)
|
||||
{
|
||||
/* TODO */
|
||||
char *password = JsonValueAsString(HashMapGet(auth, "password"));
|
||||
HashMap *identifier = JsonValueAsObject(HashMapGet(auth, "identifier"));
|
||||
char *type;
|
||||
UserId *userId;
|
||||
User *user;
|
||||
|
||||
if (!password || !identifier)
|
||||
{
|
||||
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
|
||||
ret = BuildResponse(flows, db, response, session, dbRef);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
type = JsonValueAsString(HashMapGet(identifier, "type"));
|
||||
userId = UserParseId(JsonValueAsString(HashMapGet(identifier, "user")),
|
||||
config->serverName);
|
||||
|
||||
if (!type || strcmp(type, "m.id.user") != 0
|
||||
|| !userId || strcmp(userId->server, config->serverName) != 0)
|
||||
{
|
||||
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
|
||||
ret = BuildResponse(flows, db, response, session, dbRef);
|
||||
UserFreeId(userId);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
user = UserLock(db, userId->localpart);
|
||||
if (!user)
|
||||
{
|
||||
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
|
||||
ret = BuildResponse(flows, db, response, session, dbRef);
|
||||
UserFreeId(userId);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if (!UserCheckPassword(user, password))
|
||||
{
|
||||
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
|
||||
ret = BuildResponse(flows, db, response, session, dbRef);
|
||||
UserFreeId(userId);
|
||||
UserUnlock(user);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
UserFreeId(userId);
|
||||
UserUnlock(user);
|
||||
}
|
||||
else if (strcmp(authType, "m.login.registration_token") == 0)
|
||||
{
|
||||
|
|
|
@ -658,7 +658,7 @@ finish:
|
|||
}
|
||||
|
||||
void
|
||||
UserFreeId(UserId *id)
|
||||
UserFreeId(UserId * id)
|
||||
{
|
||||
if (id)
|
||||
{
|
||||
|
|
|
@ -41,7 +41,7 @@ extern void
|
|||
UiaCleanup(MatrixHttpHandlerArgs *);
|
||||
|
||||
extern int
|
||||
UiaComplete(Array *, HttpServerContext *, Db *, HashMap *, HashMap **);
|
||||
UiaComplete(Array *, HttpServerContext *, Db *, HashMap *, HashMap **, TelodendriaConfig *);
|
||||
|
||||
extern void
|
||||
UiaFlowsFree(Array *);
|
||||
|
|
Loading…
Reference in a new issue