From f906289ae01a077b7fd3548dcce6c191a7518447 Mon Sep 17 00:00:00 2001 From: Anant Prakash Date: Fri, 20 Apr 2018 21:16:10 +0530 Subject: [PATCH] Make VerifyAccessToken private, let VerifyUserFromRequest return the device if present Signed-off-by: Anant Prakash --- .../dendrite/clientapi/auth/auth.go | 23 ++++++++++--------- .../matrix-org/dendrite/common/httpapi.go | 13 ++++------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go index 5a74f3f4..47d2ee72 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go +++ b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go @@ -49,25 +49,26 @@ type AccountDatabase interface { } // VerifyUserFromRequest authenticates the HTTP request, -// on success returns UserID of the requester. +// on success returns UserID, Device of the requester. // Finds local user or an application service user. +// Note: For an AS user, Device is not present. // On failure returns an JSON error response which can be sent to the client. func VerifyUserFromRequest( req *http.Request, accountDB AccountDatabase, deviceDB DeviceDatabase, applicationServices []config.ApplicationService, -) (string, *util.JSONResponse) { +) (string, *authtypes.Device, *util.JSONResponse) { // Try to find local user from device database - dev, devErr := VerifyAccessToken(req, deviceDB) + dev, devErr := verifyAccessToken(req, deviceDB) if devErr == nil { - return dev.UserID, nil + return dev.UserID, dev, nil } // Try to find the Application Service user token, err := extractAccessToken(req) if err != nil { - return "", &util.JSONResponse{ + return "", nil, &util.JSONResponse{ Code: http.StatusUnauthorized, JSON: jsonerror.MissingToken(err.Error()), } @@ -87,7 +88,7 @@ func VerifyUserFromRequest( localpart, err := userutil.ParseUsernameParam(userID, nil) if err != nil { - return "", &util.JSONResponse{ + return "", nil, &util.JSONResponse{ Code: http.StatusBadRequest, JSON: jsonerror.InvalidUsername(err.Error()), } @@ -98,25 +99,25 @@ func VerifyUserFromRequest( // Verify that account exists & appServiceID matches if accountErr == nil && account.AppServiceID == appService.ID { - return userID, nil + return userID, nil, nil } - return "", &util.JSONResponse{ + return "", nil, &util.JSONResponse{ Code: http.StatusForbidden, JSON: jsonerror.Forbidden("Application service has not registered this user"), } } - return "", &util.JSONResponse{ + return "", nil, &util.JSONResponse{ Code: http.StatusUnauthorized, JSON: jsonerror.UnknownToken("Unrecognized access token"), } } -// VerifyAccessToken verifies that an access token was supplied in the given HTTP request +// verifyAccessToken verifies that an access token was supplied in the given HTTP request // and returns the device it corresponds to. Returns resErr (an error response which can be // sent to the client) if the token is invalid or there was a problem querying the database. -func VerifyAccessToken(req *http.Request, deviceDB DeviceDatabase) (device *authtypes.Device, resErr *util.JSONResponse) { +func verifyAccessToken(req *http.Request, deviceDB DeviceDatabase) (device *authtypes.Device, resErr *util.JSONResponse) { token, err := extractAccessToken(req) if err != nil { resErr = &util.JSONResponse{ diff --git a/src/github.com/matrix-org/dendrite/common/httpapi.go b/src/github.com/matrix-org/dendrite/common/httpapi.go index bef39a11..48e51e90 100644 --- a/src/github.com/matrix-org/dendrite/common/httpapi.go +++ b/src/github.com/matrix-org/dendrite/common/httpapi.go @@ -19,17 +19,12 @@ func MakeAuthAPI( metricsName string, accountDB auth.AccountDatabase, deviceDB auth.DeviceDatabase, appServices []config.ApplicationService, f func(*http.Request, string, *authtypes.Device) util.JSONResponse) http.Handler { h := func(req *http.Request) util.JSONResponse { - user, userErr := auth.VerifyUserFromRequest(req, accountDB, deviceDB, appServices) + user, device, err := auth.VerifyUserFromRequest(req, accountDB, deviceDB, appServices) - if userErr != nil { - return *userErr - } - device, resErr := auth.VerifyAccessToken(req, deviceDB) - - // AS virtual users do not have a device in database - if resErr != nil { - return f(req, user, nil) + if err != nil { + return *err } + // device is nil for AS virtual users, as they do not have a device in database return f(req, user, device) } return MakeExternalAPI(metricsName, h)