Fix bug with token expiration. Increase the default length of the pepper. Update hashes on startup with RotationPerRequest strategy. Don't check for existing pepper on the none
hash algorithm.
This commit is contained in:
@@ -62,7 +62,7 @@ public class AccountManager {
|
|||||||
|
|
||||||
String token = UUID.randomUUID().toString();
|
String token = UUID.randomUUID().toString();
|
||||||
AccountDao account = new AccountDao(openIdToken.getAccessToken(), openIdToken.getTokenType(),
|
AccountDao account = new AccountDao(openIdToken.getAccessToken(), openIdToken.getTokenType(),
|
||||||
openIdToken.getMatrixServerName(), openIdToken.getExpiredIn(),
|
openIdToken.getMatrixServerName(), openIdToken.getExpiresIn(),
|
||||||
Instant.now().getEpochSecond(), userId, token);
|
Instant.now().getEpochSecond(), userId, token);
|
||||||
storage.insertToken(account);
|
storage.insertToken(account);
|
||||||
|
|
||||||
|
@@ -1,14 +1,20 @@
|
|||||||
package io.kamax.mxisd.auth;
|
package io.kamax.mxisd.auth;
|
||||||
|
|
||||||
|
import com.google.gson.annotations.SerializedName;
|
||||||
|
|
||||||
public class OpenIdToken {
|
public class OpenIdToken {
|
||||||
|
|
||||||
|
@SerializedName("access_token")
|
||||||
private String accessToken;
|
private String accessToken;
|
||||||
|
|
||||||
|
@SerializedName("token_type")
|
||||||
private String tokenType;
|
private String tokenType;
|
||||||
|
|
||||||
|
@SerializedName("matrix_server_name")
|
||||||
private String matrixServerName;
|
private String matrixServerName;
|
||||||
|
|
||||||
private long expiredIn;
|
@SerializedName("expires_in")
|
||||||
|
private long expiresIn;
|
||||||
|
|
||||||
public String getAccessToken() {
|
public String getAccessToken() {
|
||||||
return accessToken;
|
return accessToken;
|
||||||
@@ -34,11 +40,11 @@ public class OpenIdToken {
|
|||||||
this.matrixServerName = matrixServerName;
|
this.matrixServerName = matrixServerName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public long getExpiredIn() {
|
public long getExpiresIn() {
|
||||||
return expiredIn;
|
return expiresIn;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setExpiredIn(long expiredIn) {
|
public void setExpiresIn(long expiresIn) {
|
||||||
this.expiredIn = expiredIn;
|
this.expiresIn = expiresIn;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -11,7 +11,7 @@ public class HashingConfig {
|
|||||||
private static final Logger LOGGER = LoggerFactory.getLogger(HashingConfig.class);
|
private static final Logger LOGGER = LoggerFactory.getLogger(HashingConfig.class);
|
||||||
|
|
||||||
private boolean enabled = false;
|
private boolean enabled = false;
|
||||||
private int pepperLength = 10;
|
private int pepperLength = 20;
|
||||||
private RotationPolicyEnum rotationPolicy;
|
private RotationPolicyEnum rotationPolicy;
|
||||||
private HashStorageEnum hashStorageType;
|
private HashStorageEnum hashStorageType;
|
||||||
private long delay = 10;
|
private long delay = 10;
|
||||||
|
@@ -56,6 +56,6 @@ public class HashEngine {
|
|||||||
}
|
}
|
||||||
|
|
||||||
protected String newPepper() {
|
protected String newPepper() {
|
||||||
return RandomStringUtils.random(config.getPepperLength());
|
return RandomStringUtils.random(config.getPepperLength(), true, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -12,6 +12,7 @@ public class RotationPerRequests implements HashRotationStrategy {
|
|||||||
@Override
|
@Override
|
||||||
public void register(HashEngine hashEngine) {
|
public void register(HashEngine hashEngine) {
|
||||||
this.hashEngine = hashEngine;
|
this.hashEngine = hashEngine;
|
||||||
|
trigger();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -48,7 +48,7 @@ public class AccountRegisterHandler extends BasicHttpHandler {
|
|||||||
|
|
||||||
if (LOGGER.isInfoEnabled()) {
|
if (LOGGER.isInfoEnabled()) {
|
||||||
LOGGER.info("Registration from domain: {}, expired at {}", openIdToken.getMatrixServerName(),
|
LOGGER.info("Registration from domain: {}, expired at {}", openIdToken.getMatrixServerName(),
|
||||||
new Date(openIdToken.getExpiredIn()));
|
new Date(openIdToken.getExpiresIn()));
|
||||||
}
|
}
|
||||||
|
|
||||||
String token = accountManager.register(openIdToken);
|
String token = accountManager.register(openIdToken);
|
||||||
|
@@ -67,7 +67,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
|
|||||||
throw new InvalidParamException();
|
throw new InvalidParamException();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!hashManager.getHashEngine().getPepper().equals(input.getPepper())) {
|
if ("sha256".equals(input.getAlgorithm()) && !hashManager.getHashEngine().getPepper().equals(input.getPepper())) {
|
||||||
throw new InvalidPepperException();
|
throw new InvalidPepperException();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -93,8 +93,8 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
|
|||||||
for (String address : input.getAddresses()) {
|
for (String address : input.getAddresses()) {
|
||||||
String[] parts = address.split(" ");
|
String[] parts = address.split(" ");
|
||||||
ThreePidMapping mapping = new ThreePidMapping();
|
ThreePidMapping mapping = new ThreePidMapping();
|
||||||
mapping.setMedium(parts[0]);
|
mapping.setMedium(parts[1]);
|
||||||
mapping.setValue(parts[1]);
|
mapping.setValue(parts[0]);
|
||||||
mappings.add(mapping);
|
mappings.add(mapping);
|
||||||
}
|
}
|
||||||
bulkLookupRequest.setMappings(mappings);
|
bulkLookupRequest.setMappings(mappings);
|
||||||
|
Reference in New Issue
Block a user