@@ -1,9 +1,31 @@
|
||||
# Authentication
|
||||
Authentication is an enchanced Identity feature of mxisd to ensure coherent and centralized identity management.
|
||||
|
||||
- [Description](#description)
|
||||
- [Overview](#overview)
|
||||
- [Getting started](#getting-started)
|
||||
- [Synapse](#synapse)
|
||||
- [mxisd](#mxisd)
|
||||
- [Validate](#validate)
|
||||
- [Next steps](#next-steps)
|
||||
- [Profile auto-fil](#profile-auto-fill)
|
||||
- [Advanced Authentication](#advanced-authentication)
|
||||
- [Requirements](#requirements)
|
||||
- [Configuration](#configuration)
|
||||
- [Reverse Proxy](#reverse-proxy)
|
||||
- [Apache2](#apache2)
|
||||
- [DNS Overwrite](#dns-overwrite)
|
||||
- [Backends](#backends)
|
||||
|
||||
## Description
|
||||
Authentication is an enhanced Identity feature of mxisd to ensure coherent and centralized identity management.
|
||||
|
||||
It allows to use Identity stores configured in mxisd to authenticate users on your Homeserver.
|
||||
|
||||
This feature can also provide the ability to users to login on the Homeserver using their third party identities (3PIDs) provided by an Identity store.
|
||||
|
||||
## Overview
|
||||
An overview of the Authentication process is depicted below:
|
||||
|
||||
```
|
||||
Backends
|
||||
Client +------+
|
||||
@@ -11,7 +33,7 @@ It allows to use Identity stores configured in mxisd to authenticate users on yo
|
||||
| +---------------+ /_matrix/identity | mxisd | | +------+
|
||||
+-> | Reverse proxy | >------------------+ | | |
|
||||
+--|------------+ | | | | +--------+
|
||||
| +-----> Check wiht backends >------+--> | SQL DB |
|
||||
| +-----> Check with backends >------+--> | SQL DB |
|
||||
Login request | | | | +--------+
|
||||
| | | | | |
|
||||
| +--------------------------+ | +-----|-------------------+ +--> Others
|
||||
@@ -52,3 +74,98 @@ Auto-filling user profile depends on two conditions:
|
||||
- The REST auth module is configured for it, which is the case by default
|
||||
- Your Identity store is configured to provide profile data. See your Identity store [documentation](../backends/) on
|
||||
how to enable the feature.
|
||||
|
||||
|
||||
## Advanced Authentication
|
||||
The Authentication feature allows users to login to their Homeserver by using their 3PIDs registered in an available Identity store.
|
||||
|
||||
This is performed by intercepting the Homeserver endpoint `/_matrix/client/r0/login` as depicted below:
|
||||
|
||||
```
|
||||
+----------------------------+
|
||||
| Reverse Proxy |
|
||||
| |
|
||||
| | Step 1 +---------------------------+ Step 2
|
||||
| | | |
|
||||
Client+---->| /_matrix/client/r0/login +---------------->| | Look up address +---------+
|
||||
| ^ | | mxisd - Identity server +----------------->| Backend |
|
||||
| | | | | +---------+
|
||||
| /_matrix/* +--+ +---------------------+ |
|
||||
| | | +---------------+-----------+
|
||||
| | | Step 4 |
|
||||
| | | | Step 3
|
||||
+---------------|------------+ |
|
||||
| | /_matrix/client/r0/login
|
||||
| +--------------+ |
|
||||
| | | |
|
||||
+---------------------->| Homeserver |<----+
|
||||
| |
|
||||
+--------------+
|
||||
|
||||
```
|
||||
|
||||
Steps of user authentication using a 3PID:
|
||||
1. The intercepted login request is directly sent to mxisd instead of the Homeserver.
|
||||
2. Enabled backends are queried for a matching user identity in order to modify the request to use the user name.
|
||||
3. The Homeserver, from which the request was intercepted, is queried using the request at previous step. Its address is resolved using the DNS Overwrite feature to reach its internal address on a non-encrypted port.
|
||||
4. The response from the Homeserver is sent back to the client, believing it was the HS which directly answered.
|
||||
|
||||
### Requirements
|
||||
- Reverse proxy setup
|
||||
- Homeserver
|
||||
- Compatible Identity backends:
|
||||
- LDAP
|
||||
- SQL
|
||||
- REST
|
||||
|
||||
### Configuration
|
||||
|
||||
#### Reverse Proxy
|
||||
|
||||
##### Apache2
|
||||
The specific configuration to put under the relevant `VirtualHost`:
|
||||
```
|
||||
ProxyPass /_matrix/client/r0/login http://localhost:8090/_matrix/client/r0/login
|
||||
```
|
||||
`ProxyPreserveHost` or equivalent must be enabled to detect to which Homeserver mxisd should talk to when building results.
|
||||
|
||||
Your VirtualHost should now look like this:
|
||||
```
|
||||
<VirtualHost *:443>
|
||||
ServerName example.org
|
||||
|
||||
...
|
||||
|
||||
ProxyPreserveHost on
|
||||
ProxyPass /_matrix/client/r0/login http://localhost:8090/_matrix/client/r0/login
|
||||
ProxyPass /_matrix/identity/ http://localhost:8090/_matrix/identity/
|
||||
ProxyPass /_matrix/ http://localhost:8008/_matrix/
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
#### DNS Overwrite
|
||||
Just like you need to configure a reverse proxy to send client requests to mxisd, you also need to configure mxisd with the internal IP of the Homeserver so it can talk to it directly to integrate its directory search.
|
||||
|
||||
|
||||
To do so, put the following configuration in your `application.yaml`:
|
||||
```
|
||||
dns.overwrite.homeserver.client:
|
||||
- name: 'example.org'
|
||||
value: 'http://localhost:8008'
|
||||
```
|
||||
`name` must be the hostname of the URL that clients use when connecting to the Homeserver.
|
||||
In case the hostname is the same as your Matrix domain, you can use `${matrix.domain}` to auto-populate the `value` using the `matrix.domain` configuration option and avoid duplicating it.
|
||||
|
||||
value is the base internal URL of the Homeserver, without any /_matrix/.. or trailing /.
|
||||
|
||||
#### Backends
|
||||
The Backends should be configured as described in the documentation of the [Directory User](directory-users.md) feature.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@@ -0,0 +1,111 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2018 Maxime Dor
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.backend.memory;
|
||||
|
||||
import io.kamax.matrix.MatrixID;
|
||||
import io.kamax.matrix.ThreePid;
|
||||
import io.kamax.matrix._MatrixID;
|
||||
import io.kamax.mxisd.UserIdType;
|
||||
import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
|
||||
import io.kamax.mxisd.auth.provider.BackendAuthResult;
|
||||
import io.kamax.mxisd.config.MatrixConfig;
|
||||
import io.kamax.mxisd.config.memory.MemoryIdentityConfig;
|
||||
import io.kamax.mxisd.config.memory.MemoryStoreConfig;
|
||||
import io.kamax.mxisd.config.memory.MemoryThreePid;
|
||||
import io.kamax.mxisd.lookup.SingleLookupReply;
|
||||
import io.kamax.mxisd.lookup.SingleLookupRequest;
|
||||
import io.kamax.mxisd.lookup.ThreePidMapping;
|
||||
import io.kamax.mxisd.lookup.provider.IThreePidProvider;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@Component
|
||||
public class MemoryIdentityStore implements AuthenticatorProvider, IThreePidProvider {
|
||||
|
||||
private final Logger logger = LoggerFactory.getLogger(MemoryIdentityStore.class);
|
||||
|
||||
private final MatrixConfig mxCfg;
|
||||
private final MemoryStoreConfig cfg;
|
||||
|
||||
@Autowired
|
||||
public MemoryIdentityStore(MatrixConfig mxCfg, MemoryStoreConfig cfg) {
|
||||
this.mxCfg = mxCfg;
|
||||
this.cfg = cfg;
|
||||
}
|
||||
|
||||
public Optional<MemoryIdentityConfig> findByUsername(String username) {
|
||||
return cfg.getIdentities().stream().filter(id -> StringUtils.equals(id.getUsername(), username)).findFirst();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return cfg.isEnabled();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isLocal() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPriority() {
|
||||
return Integer.MAX_VALUE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Optional<SingleLookupReply> find(SingleLookupRequest request) {
|
||||
logger.info("Performing lookup {} of type {}", request.getThreePid(), request.getType());
|
||||
ThreePid req = new ThreePid(request.getType(), request.getThreePid());
|
||||
for (MemoryIdentityConfig id : cfg.getIdentities()) {
|
||||
for (MemoryThreePid threepid : id.getThreepids()) {
|
||||
if (req.equals(new ThreePid(threepid.getMedium(), threepid.getAddress()))) {
|
||||
return Optional.of(new SingleLookupReply(request, new MatrixID(id.getUsername(), mxCfg.getDomain())));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public BackendAuthResult authenticate(_MatrixID mxid, String password) {
|
||||
return findByUsername(mxid.getLocalPart()).map(id -> {
|
||||
if (!StringUtils.equals(id.getUsername(), mxid.getLocalPart())) {
|
||||
return BackendAuthResult.failure();
|
||||
} else {
|
||||
return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, "");
|
||||
}
|
||||
}).orElseGet(BackendAuthResult::failure);
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,59 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2018 Maxime Dor
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.config.memory;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@Component
|
||||
public class MemoryIdentityConfig {
|
||||
|
||||
private String username;
|
||||
private String password;
|
||||
private List<MemoryThreePid> threepids = new ArrayList<>();
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
public List<MemoryThreePid> getThreepids() {
|
||||
return threepids;
|
||||
}
|
||||
|
||||
public void setThreepids(List<MemoryThreePid> threepids) {
|
||||
this.threepids = threepids;
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,51 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2018 Maxime Dor
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.config.memory;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Configuration
|
||||
@ConfigurationProperties("memory")
|
||||
public class MemoryStoreConfig {
|
||||
|
||||
private boolean enabled;
|
||||
private List<MemoryIdentityConfig> identities;
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
public List<MemoryIdentityConfig> getIdentities() {
|
||||
return identities;
|
||||
}
|
||||
|
||||
public void setIdentities(List<MemoryIdentityConfig> identities) {
|
||||
this.identities = identities;
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,47 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2018 Maxime Dor
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.config.memory;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class MemoryThreePid {
|
||||
|
||||
private String medium;
|
||||
private String address;
|
||||
|
||||
public String getMedium() {
|
||||
return medium;
|
||||
}
|
||||
|
||||
public void setMedium(String medium) {
|
||||
this.medium = medium;
|
||||
}
|
||||
|
||||
public String getAddress() {
|
||||
return address;
|
||||
}
|
||||
|
||||
public void setAddress(String address) {
|
||||
this.address = address;
|
||||
}
|
||||
|
||||
}
|
@@ -54,6 +54,16 @@ public class DefaultExceptionHandler {
|
||||
return gson.toJson(obj);
|
||||
}
|
||||
|
||||
@ExceptionHandler(RemoteLoginException.class)
|
||||
public String handle(HttpServletRequest request, HttpServletResponse response, RemoteLoginException e) {
|
||||
if (e.getErrorBodyMsgResp() != null) {
|
||||
response.setStatus(e.getStatus());
|
||||
log.info("Request {} {} - Error {}: {}", request.getMethod(), request.getRequestURL(), e.getErrorCode(), e.getError());
|
||||
return gson.toJson(e.getErrorBodyMsgResp());
|
||||
}
|
||||
return handleGeneric(request, response, e);
|
||||
}
|
||||
|
||||
@ExceptionHandler(InternalServerError.class)
|
||||
public String handle(HttpServletRequest request, HttpServletResponse response, InternalServerError e) {
|
||||
if (StringUtils.isNotBlank(e.getInternalReason())) {
|
||||
|
@@ -20,15 +20,27 @@
|
||||
|
||||
package io.kamax.mxisd.controller.auth.v1;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.JsonElement;
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.*;
|
||||
import com.google.i18n.phonenumbers.NumberParseException;
|
||||
import com.google.i18n.phonenumbers.PhoneNumberUtil;
|
||||
import com.google.i18n.phonenumbers.Phonenumber;
|
||||
import io.kamax.mxisd.auth.AuthManager;
|
||||
import io.kamax.mxisd.auth.UserAuthResult;
|
||||
import io.kamax.mxisd.controller.auth.v1.io.CredentialsValidationResponse;
|
||||
import io.kamax.mxisd.dns.ClientDnsOverwrite;
|
||||
import io.kamax.mxisd.exception.JsonMemberNotFoundException;
|
||||
import io.kamax.mxisd.exception.RemoteLoginException;
|
||||
import io.kamax.mxisd.lookup.strategy.LookupStrategy;
|
||||
import io.kamax.mxisd.util.GsonParser;
|
||||
import io.kamax.mxisd.util.GsonUtil;
|
||||
import io.kamax.mxisd.util.RestClientUtils;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.http.client.methods.CloseableHttpResponse;
|
||||
import org.apache.http.client.methods.HttpGet;
|
||||
import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.util.EntityUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -39,13 +51,18 @@ import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
|
||||
@RestController
|
||||
@CrossOrigin
|
||||
@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
|
||||
public class AuthController {
|
||||
|
||||
// TODO export into SDK
|
||||
private static final String logV1Url = "/_matrix/client/r0/login";
|
||||
|
||||
private Logger log = LoggerFactory.getLogger(AuthController.class);
|
||||
|
||||
private Gson gson = GsonUtil.build();
|
||||
@@ -54,6 +71,23 @@ public class AuthController {
|
||||
@Autowired
|
||||
private AuthManager mgr;
|
||||
|
||||
@Autowired
|
||||
private LookupStrategy strategy;
|
||||
|
||||
@Autowired
|
||||
private ClientDnsOverwrite dns;
|
||||
|
||||
@Autowired
|
||||
private CloseableHttpClient client;
|
||||
|
||||
private String resolveProxyUrl(HttpServletRequest req) {
|
||||
URI target = URI.create(req.getRequestURL().toString());
|
||||
URIBuilder builder = dns.transform(target);
|
||||
String urlToLogin = builder.toString();
|
||||
log.info("Proxy resolution: {} to {}", target.toString(), urlToLogin);
|
||||
return urlToLogin;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/_matrix-internal/identity/v1/check_credentials", method = RequestMethod.POST)
|
||||
public String checkCredentials(HttpServletRequest req) {
|
||||
try {
|
||||
@@ -84,4 +118,112 @@ public class AuthController {
|
||||
}
|
||||
}
|
||||
|
||||
@RequestMapping(value = logV1Url, method = RequestMethod.GET)
|
||||
public String getLogin(HttpServletRequest req, HttpServletResponse res) {
|
||||
try (CloseableHttpResponse hsResponse = client.execute(new HttpGet(resolveProxyUrl(req)))) {
|
||||
res.setStatus(hsResponse.getStatusLine().getStatusCode());
|
||||
return EntityUtils.toString(hsResponse.getEntity());
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@RequestMapping(value = logV1Url, method = RequestMethod.POST)
|
||||
public String login(HttpServletRequest req) {
|
||||
try {
|
||||
JsonObject reqJsonObject = parser.parse(req.getInputStream());
|
||||
|
||||
// find 3PID in main object
|
||||
GsonUtil.findPrimitive(reqJsonObject, "medium").ifPresent(medium -> {
|
||||
GsonUtil.findPrimitive(reqJsonObject, "address").ifPresent(address -> {
|
||||
log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
|
||||
strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
|
||||
reqJsonObject.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
|
||||
reqJsonObject.remove("medium");
|
||||
reqJsonObject.remove("address");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// find 3PID in 'identifier' object
|
||||
GsonUtil.findObj(reqJsonObject, "identifier").ifPresent(identifier -> {
|
||||
GsonUtil.findPrimitive(identifier, "type").ifPresent(type -> {
|
||||
|
||||
if (StringUtils.equals(type.getAsString(), "m.id.thirdparty")) {
|
||||
GsonUtil.findPrimitive(identifier, "medium").ifPresent(medium -> {
|
||||
GsonUtil.findPrimitive(identifier, "address").ifPresent(address -> {
|
||||
log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
|
||||
strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
|
||||
identifier.addProperty("type", "m.id.user");
|
||||
identifier.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
|
||||
identifier.remove("medium");
|
||||
identifier.remove("address");
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
if (StringUtils.equals(type.getAsString(), "m.id.phone")) {
|
||||
GsonUtil.findPrimitive(identifier, "number").ifPresent(number -> {
|
||||
GsonUtil.findPrimitive(identifier, "country").ifPresent(country -> {
|
||||
log.info("Login request with phone '{}'-'{}'", country.getAsString(), number.getAsString());
|
||||
try {
|
||||
PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
|
||||
Phonenumber.PhoneNumber phoneNumber = phoneUtil.parse(number.getAsString(), country.getAsString());
|
||||
String canon_phoneNumber = phoneUtil.format(phoneNumber, PhoneNumberUtil.PhoneNumberFormat.E164).replace("+", "");
|
||||
String medium = "msisdn";
|
||||
strategy.findLocal(medium, canon_phoneNumber).ifPresent(lookupDataOpt -> {
|
||||
identifier.addProperty("type", "m.id.user");
|
||||
identifier.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
|
||||
identifier.remove("country");
|
||||
identifier.remove("number");
|
||||
});
|
||||
} catch (NumberParseException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// invoke 'login' on homeserver
|
||||
HttpPost httpPost = RestClientUtils.post(resolveProxyUrl(req), gson, reqJsonObject);
|
||||
try (CloseableHttpResponse httpResponse = client.execute(httpPost)) {
|
||||
// check http status
|
||||
int status = httpResponse.getStatusLine().getStatusCode();
|
||||
log.info("http status = {}", status);
|
||||
if (status != 200) {
|
||||
// try to get possible json error message from response
|
||||
// otherwise just get returned plain error message
|
||||
String errcode = String.valueOf(httpResponse.getStatusLine().getStatusCode());
|
||||
String error = EntityUtils.toString(httpResponse.getEntity());
|
||||
if (httpResponse.getEntity() != null) {
|
||||
try {
|
||||
JsonObject bodyJson = new JsonParser().parse(error).getAsJsonObject();
|
||||
if (bodyJson.has("errcode")) {
|
||||
errcode = bodyJson.get("errcode").getAsString();
|
||||
}
|
||||
if (bodyJson.has("error")) {
|
||||
error = bodyJson.get("error").getAsString();
|
||||
}
|
||||
throw new RemoteLoginException(status, errcode, error, bodyJson);
|
||||
} catch (JsonSyntaxException e) {
|
||||
log.warn("Response body is not JSON");
|
||||
}
|
||||
}
|
||||
throw new RemoteLoginException(status, errcode, error);
|
||||
}
|
||||
|
||||
/// return response
|
||||
JsonObject respJsonObject = parser.parseOptional(httpResponse).get();
|
||||
return gson.toJson(respJsonObject);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@@ -38,7 +38,6 @@ import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.apache.http.entity.ContentType;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -59,14 +58,15 @@ public class DirectoryManager {
|
||||
private List<IDirectoryProvider> providers;
|
||||
|
||||
private ClientDnsOverwrite dns;
|
||||
private CloseableHttpClient client;
|
||||
private Gson gson;
|
||||
|
||||
@Autowired
|
||||
private CloseableHttpClient client;
|
||||
|
||||
@Autowired
|
||||
public DirectoryManager(DirectoryConfig cfg, List<IDirectoryProvider> providers, ClientDnsOverwrite dns) {
|
||||
this.cfg = cfg;
|
||||
this.dns = dns;
|
||||
this.client = HttpClients.custom().setUserAgent("mxisd").build(); //FIXME centralize
|
||||
this.gson = GsonUtil.build();
|
||||
this.providers = providers.stream().filter(IDirectoryProvider::isEnabled).collect(Collectors.toList());
|
||||
|
||||
|
@@ -0,0 +1,43 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2017 Maxime Dor
|
||||
*
|
||||
* https://max.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.exception;
|
||||
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
|
||||
public class RemoteLoginException extends MatrixException {
|
||||
|
||||
private JsonObject errorBodyMsgResp;
|
||||
|
||||
public RemoteLoginException(int status, String errorCode, String error) {
|
||||
super(status, errorCode, error);
|
||||
this.errorBodyMsgResp = null;
|
||||
}
|
||||
|
||||
public RemoteLoginException(int status, String errorCode, String error, JsonObject errorBodyMsgResp) {
|
||||
super(status, errorCode, error);
|
||||
this.errorBodyMsgResp = errorBodyMsgResp;
|
||||
}
|
||||
|
||||
public JsonObject getErrorBodyMsgResp() {
|
||||
return errorBodyMsgResp;
|
||||
}
|
||||
}
|
@@ -159,6 +159,8 @@ public class RecursivePriorityLookupStrategy implements LookupStrategy {
|
||||
for (IThreePidProvider provider : providers) {
|
||||
Optional<SingleLookupReply> lookupDataOpt = provider.find(request);
|
||||
if (lookupDataOpt.isPresent()) {
|
||||
log.info("Found 3PID mapping: {medium: '{}', address: '{}', mxid: '{}'}",
|
||||
request.getType(), request.getThreePid(), lookupDataOpt.get().getMxid().getId());
|
||||
return lookupDataOpt;
|
||||
}
|
||||
}
|
||||
@@ -169,9 +171,13 @@ public class RecursivePriorityLookupStrategy implements LookupStrategy {
|
||||
(!cfg.getBridge().getRecursiveOnly() || isAllowedForRecursive(request.getRequester()))
|
||||
) {
|
||||
log.info("Using bridge failover for lookup");
|
||||
return bridge.find(request);
|
||||
Optional<SingleLookupReply> lookupDataOpt = bridge.find(request);
|
||||
log.info("Found 3PID mapping: {medium: '{}', address: '{}', mxid: '{}'}",
|
||||
request.getThreePid(), request.getId(), lookupDataOpt.get().getMxid().getId());
|
||||
return lookupDataOpt;
|
||||
}
|
||||
|
||||
log.info("No 3PID mapping found");
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
|
@@ -0,0 +1,36 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2018 Kamax Sàrl
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.spring;
|
||||
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@Configuration
|
||||
public class CloseableHttpClientFactory {
|
||||
|
||||
@Bean
|
||||
public CloseableHttpClient getClient() {
|
||||
return HttpClients.custom().setUserAgent("mxisd").build();
|
||||
}
|
||||
|
||||
}
|
@@ -20,9 +20,9 @@
|
||||
|
||||
package io.kamax.mxisd.util;
|
||||
|
||||
import com.google.gson.FieldNamingPolicy;
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
import com.google.gson.*;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
public class GsonUtil {
|
||||
|
||||
@@ -30,4 +30,16 @@ public class GsonUtil {
|
||||
return new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create();
|
||||
}
|
||||
|
||||
public static Optional<JsonElement> findElement(JsonObject o, String key) {
|
||||
return Optional.ofNullable(o.get(key));
|
||||
}
|
||||
|
||||
public static Optional<JsonObject> findObj(JsonObject o, String key) {
|
||||
return findElement(o, key).map(el -> el.isJsonObject() ? el.getAsJsonObject() : null);
|
||||
}
|
||||
|
||||
public static Optional<JsonPrimitive> findPrimitive(JsonObject o, String key) {
|
||||
return findElement(o, key).map(el -> el.isJsonPrimitive() ? el.getAsJsonPrimitive() : null);
|
||||
}
|
||||
|
||||
}
|
||||
|
Reference in New Issue
Block a user