Identifier key login

Merge commit '56318dcca4'
2025-07-30 04:52:46 +00:00 · 2020-01-20 11:37:23 +00:00 · 2020-01-20 11:37:23 +00:00 · ac96fd565b
commit ac96fd565b
parent 3bd023e74d 56318dcca4
3 changed files with 124 additions and 25 deletions
--- a/clientapi/routing/login.go
+++ b/clientapi/routing/login.go
@ -40,9 +40,14 @@ type flow struct {
 	Stages []string `json:"stages"`
 }

+type loginIdentifier struct {
+	Type string `json:"type"`
+	User string `json:"user"`
+}
+
 type passwordRequest struct {
-	User     string `json:"user"`
-	Password string `json:"password"`
+	Identifier loginIdentifier `json:"identifier"`
+	Password   string          `json:"password"`
 	// Both DeviceID and InitialDisplayName can be omitted, or empty strings ("")
 	// Thus a pointer is needed to differentiate between the two
 	InitialDisplayName *string `json:"initial_device_display_name"`
@ -75,34 +80,43 @@ func Login(
 		}
 	} else if req.Method == http.MethodPost {
 		var r passwordRequest
+		var acc *authtypes.Account
 		resErr := httputil.UnmarshalJSONRequest(req, &r)
 		if resErr != nil {
 			return *resErr
 		}
-		if r.User == "" {
+		switch r.Identifier.Type {
+		case "m.id.user":
+			if r.Identifier.User == "" {
+				return util.JSONResponse{
+					Code: http.StatusBadRequest,
+					JSON: jsonerror.BadJSON("'user' must be supplied."),
+				}
+			}
+
+			util.GetLogger(req.Context()).WithField("user", r.Identifier.User).Info("Processing login request")
+
+			localpart, err := userutil.ParseUsernameParam(r.Identifier.User, &cfg.Matrix.ServerName)
+			if err != nil {
+				return util.JSONResponse{
+					Code: http.StatusBadRequest,
+					JSON: jsonerror.InvalidUsername(err.Error()),
+				}
+			}
+
+			acc, err = accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
+			if err != nil {
+				// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
+				// but that would leak the existence of the user.
+				return util.JSONResponse{
+					Code: http.StatusForbidden,
+					JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"),
+				}
+			}
+		default:
 			return util.JSONResponse{
 				Code: http.StatusBadRequest,
-				JSON: jsonerror.BadJSON("'user' must be supplied."),
-			}
-		}
-
-		util.GetLogger(req.Context()).WithField("user", r.User).Info("Processing login request")
-
-		localpart, err := userutil.ParseUsernameParam(r.User, &cfg.Matrix.ServerName)
-		if err != nil {
-			return util.JSONResponse{
-				Code: http.StatusBadRequest,
-				JSON: jsonerror.InvalidUsername(err.Error()),
-			}
-		}
-
-		acc, err := accountDB.GetAccountByPassword(req.Context(), localpart, r.Password)
-		if err != nil {
-			// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
-			// but that would leak the existence of the user.
-			return util.JSONResponse{
-				Code: http.StatusForbidden,
-				JSON: jsonerror.Forbidden("username or password was incorrect, or the account does not exist"),
+				JSON: jsonerror.BadJSON("login identifier '" + r.Identifier.Type + "' not supported"),
 			}
 		}