cqrenet/mxids
3
0
Fork 0
Code Pull Requests 10 Actions Releases Activity

Fix bug with token expiration. Increase the default length of the pepper. Update hashes on startup with RotationPerRequest strategy. Don't check for existing pepper on the none hash algorithm.

Browse Source
This commit is contained in:
Anatoly Sablin
2019-11-28 00:28:11 +03:00
parent 86b880069b
commit 0ec4df2c06
7 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/io/kamax/mxisd/auth/AccountManager.java
View File

@@ -62,7 +62,7 @@ public class AccountManager {
String token = UUID.randomUUID().toString();
AccountDao account = new AccountDao(openIdToken.getAccessToken(), openIdToken.getTokenType(),
openIdToken.getMatrixServerName(), openIdToken.getExpiredIn(),
openIdToken.getMatrixServerName(), openIdToken.getExpiresIn(),
Instant.now().getEpochSecond(), userId, token);
storage.insertToken(account);

16
src/main/java/io/kamax/mxisd/auth/OpenIdToken.java
View File

@@ -1,14 +1,20 @@
package io.kamax.mxisd.auth;
import com.google.gson.annotations.SerializedName;
public class OpenIdToken {
@SerializedName("access_token")
private String accessToken;
@SerializedName("token_type")
private String tokenType;
@SerializedName("matrix_server_name")
private String matrixServerName;
private long expiredIn;
@SerializedName("expires_in")
private long expiresIn;
public String getAccessToken() {
return accessToken;
@@ -34,11 +40,11 @@ public class OpenIdToken {
this.matrixServerName = matrixServerName;
}
public long getExpiredIn() {
return expiredIn;
public long getExpiresIn() {
return expiresIn;
}
public void setExpiredIn(long expiredIn) {
this.expiredIn = expiredIn;
public void setExpiresIn(long expiresIn) {
this.expiresIn = expiresIn;
}
}

2
src/main/java/io/kamax/mxisd/config/HashingConfig.java
View File

@@ -11,7 +11,7 @@ public class HashingConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(HashingConfig.class);
private boolean enabled = false;
private int pepperLength = 10;
private int pepperLength = 20;
private RotationPolicyEnum rotationPolicy;
private HashStorageEnum hashStorageType;
private long delay = 10;

2
src/main/java/io/kamax/mxisd/hash/HashEngine.java
View File

@@ -56,6 +56,6 @@ public class HashEngine {
}
protected String newPepper() {
return RandomStringUtils.random(config.getPepperLength());
return RandomStringUtils.random(config.getPepperLength(), true, true);
}
}

1
src/main/java/io/kamax/mxisd/hash/rotation/RotationPerRequests.java
View File

@@ -12,6 +12,7 @@ public class RotationPerRequests implements HashRotationStrategy {
@Override
public void register(HashEngine hashEngine) {
this.hashEngine = hashEngine;
trigger();
}
@Override

2
src/main/java/io/kamax/mxisd/http/undertow/handler/auth/v2/AccountRegisterHandler.java
View File

@@ -48,7 +48,7 @@ public class AccountRegisterHandler extends BasicHttpHandler {
if (LOGGER.isInfoEnabled()) {
LOGGER.info("Registration from domain: {}, expired at {}", openIdToken.getMatrixServerName(),
new Date(openIdToken.getExpiredIn()));
new Date(openIdToken.getExpiresIn()));
}
String token = accountManager.register(openIdToken);

6
src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java
View File

@@ -67,7 +67,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
throw new InvalidParamException();
}
if (!hashManager.getHashEngine().getPepper().equals(input.getPepper())) {
if ("sha256".equals(input.getAlgorithm()) && !hashManager.getHashEngine().getPepper().equals(input.getPepper())) {
throw new InvalidPepperException();
}
@@ -93,8 +93,8 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
for (String address : input.getAddresses()) {
String[] parts = address.split(" ");
ThreePidMapping mapping = new ThreePidMapping();
mapping.setMedium(parts[0]);
mapping.setValue(parts[1]);
mapping.setMedium(parts[1]);
mapping.setValue(parts[0]);
mappings.add(mapping);
}
bulkLookupRequest.setMappings(mappings);