hoernschen/dendrite
1
0
Fork 0
mirror of https://github.com/hoernschen/dendrite.git synced 2025-04-11 22:33:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make a dummy device for AS users

Browse source
This commit is contained in:
Anant Prakash 2018-06-02 18:48:15 +05:30
parent f906289ae0
commit 7e1733dee1
No known key found for this signature in database
GPG key ID: C5D399F626523045
1 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
View file

@ -51,24 +51,22 @@ type AccountDatabase interface {
// VerifyUserFromRequest authenticates the HTTP request, // VerifyUserFromRequest authenticates the HTTP request,
// on success returns UserID, Device of the requester. // on success returns UserID, Device of the requester.
// Finds local user or an application service user. // Finds local user or an application service user.
// Note: For an AS user, Device is not present. // Note: For an AS user, AS dummy device is returned.
// On failure returns an JSON error response which can be sent to the client. // On failure returns an JSON error response which can be sent to the client.
func VerifyUserFromRequest( func VerifyUserFromRequest(
req *http.Request, accountDB AccountDatabase, deviceDB DeviceDatabase, req *http.Request, accountDB AccountDatabase, deviceDB DeviceDatabase,
applicationServices []config.ApplicationService, applicationServices []config.ApplicationService,
) (string, *authtypes.Device, *util.JSONResponse) { ) (*authtypes.Device, *util.JSONResponse) {
// Try to find local user from device database // Try to find local user from device database
dev, devErr := verifyAccessToken(req, deviceDB) dev, devErr := verifyAccessToken(req, deviceDB)
if devErr == nil { if devErr == nil {
return dev.UserID, dev, nil return dev, nil
} }
// Try to find the Application Service user // Try to find the Application Service user
token, err := extractAccessToken(req) token, err := extractAccessToken(req)
if err != nil { if err != nil {
return "", nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusUnauthorized, Code: http.StatusUnauthorized,
JSON: jsonerror.MissingToken(err.Error()), JSON: jsonerror.MissingToken(err.Error()),
} }
@ -86,9 +84,8 @@ func VerifyUserFromRequest(
if appService != nil { if appService != nil {
userID := req.URL.Query().Get("user_id") userID := req.URL.Query().Get("user_id")
localpart, err := userutil.ParseUsernameParam(userID, nil) localpart, err := userutil.ParseUsernameParam(userID, nil)
if err != nil { if err != nil {
return "", nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusBadRequest, Code: http.StatusBadRequest,
JSON: jsonerror.InvalidUsername(err.Error()), JSON: jsonerror.InvalidUsername(err.Error()),
} }
@ -96,19 +93,28 @@ func VerifyUserFromRequest(
// Verify that the user is registered // Verify that the user is registered
account, accountErr := accountDB.GetAccountByLocalpart(req.Context(), localpart) account, accountErr := accountDB.GetAccountByLocalpart(req.Context(), localpart)
// Verify that account exists & appServiceID matches // Verify that account exists & appServiceID matches
if accountErr == nil && account.AppServiceID == appService.ID { if accountErr == nil && account.AppServiceID == appService.ID {
return userID, nil, nil // Create a dummy device for AS user
dev := authtypes.Device{
// AS_Device signifies a AS dummy device
ID: "ASDEVICE",
// User the AS is masquerading as.
UserID: userID,
// AS dummy device has AS's token.
AccessToken: token,
}
return &dev, nil
} }
return "", nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusForbidden, Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("Application service has not registered this user"), JSON: jsonerror.Forbidden("Application service has not registered this user"),
} }
} }
return "", nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusUnauthorized, Code: http.StatusUnauthorized,
JSON: jsonerror.UnknownToken("Unrecognized access token"), JSON: jsonerror.UnknownToken("Unrecognized access token"),
} }