hoernschen/dendrite
1
0
Fork 0
mirror of https://github.com/hoernschen/dendrite.git synced 2025-04-04 11:03:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make a dummy device for AS users

Browse source
This commit is contained in:
Anant Prakash 2018-06-02 18:48:15 +05:30
parent f906289ae0
commit 7e1733dee1
No known key found for this signature in database
GPG key ID: C5D399F626523045
1 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
View file

@ -51,24 +51,22 @@ type AccountDatabase interface {
// VerifyUserFromRequest authenticates the HTTP request,
// on success returns UserID, Device of the requester.
// Finds local user or an application service user.
// Note: For an AS user, Device is not present.
// Note: For an AS user, AS dummy device is returned.
// On failure returns an JSON error response which can be sent to the client.
func VerifyUserFromRequest(
req *http.Request, accountDB AccountDatabase, deviceDB DeviceDatabase,
applicationServices []config.ApplicationService,
) (string, *authtypes.Device, *util.JSONResponse) {
) (*authtypes.Device, *util.JSONResponse) {
// Try to find local user from device database
dev, devErr := verifyAccessToken(req, deviceDB)
if devErr == nil {
return dev.UserID, dev, nil
return dev, nil
}
// Try to find the Application Service user
token, err := extractAccessToken(req)
if err != nil {
return "", nil, &util.JSONResponse{
return nil, &util.JSONResponse{
Code: http.StatusUnauthorized,
JSON: jsonerror.MissingToken(err.Error()),
}
@ -86,9 +84,8 @@ func VerifyUserFromRequest(
if appService != nil {
userID := req.URL.Query().Get("user_id")
localpart, err := userutil.ParseUsernameParam(userID, nil)
if err != nil {
return "", nil, &util.JSONResponse{
return nil, &util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.InvalidUsername(err.Error()),
}
@ -96,19 +93,28 @@ func VerifyUserFromRequest(
// Verify that the user is registered
account, accountErr := accountDB.GetAccountByLocalpart(req.Context(), localpart)
// Verify that account exists & appServiceID matches
if accountErr == nil && account.AppServiceID == appService.ID {
return userID, nil, nil
// Create a dummy device for AS user
dev := authtypes.Device{
// AS_Device signifies a AS dummy device
ID: "ASDEVICE",
// User the AS is masquerading as.
UserID: userID,
// AS dummy device has AS's token.
AccessToken: token,
}
return &dev, nil
}
return "", nil, &util.JSONResponse{
return nil, &util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("Application service has not registered this user"),
}
}
return "", nil, &util.JSONResponse{
return nil, &util.JSONResponse{
Code: http.StatusUnauthorized,
JSON: jsonerror.UnknownToken("Unrecognized access token"),
}