Implementation for blocking fraudulent 3PID /unbind attempts

2019-02-01 02:34:52 +01:00
parent 4237eeb3b6
commit 635f6fdbe7
21 changed files with 361 additions and 37 deletions
--- a/src/main/java/io/kamax/mxisd/threepid/generator/GenericTemplateNotificationGenerator.java
+++ b/src/main/java/io/kamax/mxisd/threepid/generator/GenericTemplateNotificationGenerator.java
@@ -20,6 +20,7 @@

 package io.kamax.mxisd.threepid.generator;

+import io.kamax.matrix.ThreePid;
 import io.kamax.mxisd.as.IMatrixIdInvite;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ServerConfig;
@@ -82,4 +83,10 @@ public abstract class GenericTemplateNotificationGenerator extends PlaceholderNo
        return populateForRemoteValidation(session, getTemplateContent(cfg.getSession().getValidation().getRemote()));
    }

+    @Override
+    public String getForFraudulentUnbind(ThreePid tpid) {
+        log.info("Generating notification content for fraudulent unbind");
+        return populateForFraudulentUndind(tpid, getTemplateContent(cfg.getSession().getUnbind().getFraudulent()));
+    }
+
 }
--- a/src/main/java/io/kamax/mxisd/threepid/generator/NotificationGenerator.java
+++ b/src/main/java/io/kamax/mxisd/threepid/generator/NotificationGenerator.java
@@ -20,6 +20,7 @@

 package io.kamax.mxisd.threepid.generator;

+import io.kamax.matrix.ThreePid;
 import io.kamax.mxisd.as.IMatrixIdInvite;
 import io.kamax.mxisd.invitation.IThreePidInviteReply;
 import io.kamax.mxisd.threepid.session.IThreePidSession;
@@ -38,4 +39,6 @@ public interface NotificationGenerator {

    String getForRemoteValidation(IThreePidSession session);

+    String getForFraudulentUnbind(ThreePid tpid);
+
 }
--- a/src/main/java/io/kamax/mxisd/threepid/generator/PlaceholderNotificationGenerator.java
+++ b/src/main/java/io/kamax/mxisd/threepid/generator/PlaceholderNotificationGenerator.java
@@ -106,4 +106,8 @@ public abstract class PlaceholderNotificationGenerator {
        return populateForValidation(session, input);
    }

+    protected String populateForFraudulentUndind(ThreePid tpid, String input) {
+        return populateForCommon(tpid, input);
+    }
+
 }
--- a/src/main/java/io/kamax/mxisd/threepid/notification/GenericNotificationHandler.java
+++ b/src/main/java/io/kamax/mxisd/threepid/notification/GenericNotificationHandler.java
@@ -20,6 +20,7 @@

 package io.kamax.mxisd.threepid.notification;

+import io.kamax.matrix.ThreePid;
 import io.kamax.mxisd.as.IMatrixIdInvite;
 import io.kamax.mxisd.exception.ConfigurationException;
 import io.kamax.mxisd.invitation.IThreePidInviteReply;
@@ -76,4 +77,9 @@ public abstract class GenericNotificationHandler<A extends ThreePidConnector, B
        send(connector, session.getThreePid().getAddress(), generator.getForRemoteValidation(session));
    }

+    @Override
+    public void sendForFraudulentUnbind(ThreePid tpid) {
+        send(connector, tpid.getAddress(), generator.getForFraudulentUnbind(tpid));
+    }
+
 }
--- a/src/main/java/io/kamax/mxisd/threepid/notification/email/EmailSendGridNotificationHandler.java
+++ b/src/main/java/io/kamax/mxisd/threepid/notification/email/EmailSendGridNotificationHandler.java
@@ -22,6 +22,7 @@ package io.kamax.mxisd.threepid.notification.email;

 import com.sendgrid.SendGrid;
 import com.sendgrid.SendGridException;
+import io.kamax.matrix.ThreePid;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.mxisd.as.IMatrixIdInvite;
 import io.kamax.mxisd.config.MxisdConfig;
@@ -107,7 +108,7 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen

    @Override
    public void sendForValidation(IThreePidSession session) {
-        EmailTemplate template = cfg.getTemplates().getSession().getLocal();
+        EmailTemplate template = cfg.getTemplates().getSession().getValidation().getLocal();
        Email email = getEmail();
        email.setSubject(populateForValidation(session, template.getSubject()));
        email.setText(populateForValidation(session, getFromFile(template.getBody().getText())));
@@ -118,7 +119,7 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen

    @Override
    public void sendForRemoteValidation(IThreePidSession session) {
-        EmailTemplate template = cfg.getTemplates().getSession().getLocal();
+        EmailTemplate template = cfg.getTemplates().getSession().getValidation().getRemote();
        Email email = getEmail();
        email.setSubject(populateForRemoteValidation(session, template.getSubject()));
        email.setText(populateForRemoteValidation(session, getFromFile(template.getBody().getText())));
@@ -127,6 +128,17 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen
        send(session.getThreePid().getAddress(), email);
    }

+    @Override
+    public void sendForFraudulentUnbind(ThreePid tpid) {
+        EmailTemplate template = cfg.getTemplates().getSession().getUnbind().getFraudulent();
+        Email email = getEmail();
+        email.setSubject(populateForCommon(tpid, template.getSubject()));
+        email.setText(populateForCommon(tpid, getFromFile(template.getBody().getText())));
+        email.setHtml(populateForCommon(tpid, getFromFile(template.getBody().getHtml())));
+
+        send(tpid.getAddress(), email);
+    }
+
    private void send(String recipient, Email email) {
        if (StringUtils.isBlank(cfg.getIdentity().getFrom())) {
            throw new FeatureNotAvailable("3PID Email identity: sender address is empty - " +