Fix login

src/main/java/io/kamax/mxisd/backend/google/GoogleProviderBackend.java

@@ -20,24 +20,19 @@
 
 package io.kamax.mxisd.backend.google;
 
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
 import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import io.kamax.matrix.MatrixID;
-import io.kamax.matrix.ThreePid;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.GoogleConfig;
 import io.kamax.mxisd.config.MatrixConfig;
-import io.kamax.mxisd.lookup.SingleLookupReply;
+import io.kamax.mxisd.lookup.strategy.LookupStrategy;
-import io.kamax.mxisd.lookup.SingleLookupRequest;
-import io.kamax.mxisd.lookup.ThreePidMapping;
-import io.kamax.mxisd.lookup.provider.IThreePidProvider;
-import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -46,22 +41,22 @@ import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
 
 @Component
-public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidProvider {
+public class GoogleProviderBackend implements AuthenticatorProvider {
 
     private final Logger log = LoggerFactory.getLogger(GoogleProviderBackend.class);
     private final GoogleConfig cfg;
     private final MatrixConfig mxCfg;
+    private final LookupStrategy lookup;
 
     private GoogleIdTokenVerifier verifier;
 
     @Autowired
-    public GoogleProviderBackend(GoogleConfig cfg, MatrixConfig mxCfg) {
+    public GoogleProviderBackend(GoogleConfig cfg, MatrixConfig mxCfg, LookupStrategy lookup) {
         this.cfg = cfg;
         this.mxCfg = mxCfg;
+        this.lookup = lookup;
 
         if (isEnabled()) {
             try {
@@ -74,7 +69,6 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr
             } catch (IOException | GeneralSecurityException e) {
                 throw new RuntimeException(e);
             }
-
         }
     }
 
@@ -83,64 +77,30 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr
         return cfg.isEnabled();
     }
 
-    @Override
-    public boolean isLocal() {
-        return true;
-    }
-
-    @Override
-    public int getPriority() {
-        return 20;
-    }
-
-    @Override
-    public Optional<SingleLookupReply> find(SingleLookupRequest request) {
-        if (!StringUtils.equals(cfg.getMedium(), request.getType())) {
-            return Optional.empty();
-        }
-
-        return Optional.of(new SingleLookupReply(request, new MatrixID(cfg.getPrefix() + request.getThreePid(), mxCfg.getDomain())));
-    }
-
-    @Override
-    public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
-        return Collections.emptyList();
-    }
-
     @Override
     public BackendAuthResult authenticate(_MatrixID mxid, String password) {
-        if (!StringUtils.startsWith(mxid.getLocalPart(), cfg.getPrefix())) {
-            return BackendAuthResult.failure();
-        }
-
-        BackendAuthResult result = new BackendAuthResult();
-        result.withThreePid(new ThreePid(cfg.getMedium(), mxid.getLocalPart().replace(cfg.getPrefix(), "")));
-        result.succeed(mxid.getId(), UserIdType.MatrixID.getId(), null);
-        return result;
-
-        /*
         try {
-            log.info("ID Token: {}", password);
             GoogleIdToken idToken = verifier.verify(password);
             if (idToken != null) {
-                BackendAuthResult
                 GoogleIdToken.Payload payload = idToken.getPayload();
+                if (!payload.getEmailVerified()) { // We only want users who validated their email
+                    return BackendAuthResult.failure();
+                }
 
                 // Get user identifier
                 String userId = payload.getSubject();
 
-                // Get profile information from payload
+                // We validate that the user who authenticated has his Google account associated already
-                String email = payload.getEmail();
+                return lookup.find("io.kamax.google.id", userId, false).map(r -> {
-                if (payload.getEmailVerified()) {
+                    if (!r.getMxid().equals(mxid)) {
+                        return BackendAuthResult.failure();
+                    }
 
-                }
+                    // Get profile information from payload
-                String name = (String) payload.get("name");
+                    String name = (String) payload.get("name");
-                String pictureUrl = (String) payload.get("picture");
-                String locale = (String) payload.get("locale");
-                String familyName = (String) payload.get("family_name");
-                String givenName = (String) payload.get("given_name");
 
-                return BackendAuthResult.success(userId, UserIdType.Localpart, name);
+                    return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
+                }).orElse(BackendAuthResult.failure());
             } else {
                 log.info("Not a valid Google token");
                 return BackendAuthResult.failure();
@@ -151,7 +111,6 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr
             log.error("Unable to authenticate via Google due to network error", e);
             return BackendAuthResult.failure();
         }
-        */
     }
 
 }