From d5680b2dfe8d41d772e0b4e15c130683ff289b6e Mon Sep 17 00:00:00 2001
From: Anatoly Sablin <sablintolya@gmail.com>
Date: Wed, 31 Jul 2019 23:22:21 +0300
Subject: [PATCH] MSC1915. Add the option to enable/disable unbind.

---
 src/main/java/io/kamax/mxisd/Mxisd.java       |  2 +-
 .../io/kamax/mxisd/config/MatrixConfig.java   |  9 -----
 .../io/kamax/mxisd/config/SessionConfig.java  |  1 +
 .../kamax/mxisd/session/SessionManager.java   | 33 ++++++++++---------
 4 files changed, 20 insertions(+), 25 deletions(-)

diff --git a/src/main/java/io/kamax/mxisd/Mxisd.java b/src/main/java/io/kamax/mxisd/Mxisd.java
index 2ca454e..5293467 100644
--- a/src/main/java/io/kamax/mxisd/Mxisd.java
+++ b/src/main/java/io/kamax/mxisd/Mxisd.java
@@ -118,7 +118,7 @@ public class Mxisd {
         idStrategy = new RecursivePriorityLookupStrategy(cfg.getLookup(), ThreePidProviders.get(), bridgeFetcher);
         pMgr = new ProfileManager(ProfileProviders.get(), clientDns, httpClient);
         notifMgr = new NotificationManager(cfg.getNotification(), NotificationHandlers.get());
-        sessMgr = new SessionManager(cfg.getSession(), cfg.getMatrix(), store, notifMgr, resolver, httpClient, signMgr);
+        sessMgr = new SessionManager(cfg, store, notifMgr, resolver, httpClient, signMgr);
         invMgr = new InvitationManager(cfg, store, idStrategy, keyMgr, signMgr, resolver, notifMgr, pMgr);
         authMgr = new AuthManager(cfg, AuthProviders.get(), idStrategy, invMgr, clientDns, httpClient);
         dirMgr = new DirectoryManager(cfg.getDirectory(), clientDns, httpClient, DirectoryProviders.get());
diff --git a/src/main/java/io/kamax/mxisd/config/MatrixConfig.java b/src/main/java/io/kamax/mxisd/config/MatrixConfig.java
index 08edaf3..c66751a 100644
--- a/src/main/java/io/kamax/mxisd/config/MatrixConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/MatrixConfig.java
@@ -62,7 +62,6 @@ public class MatrixConfig {
     private transient final Logger log = LoggerFactory.getLogger(MatrixConfig.class);
 
     private String domain;
-    private String trustedIdServer;
     private Identity identity = new Identity();
 
     public String getDomain() {
@@ -73,14 +72,6 @@ public class MatrixConfig {
         this.domain = domain;
     }
 
-    public String getTrustedIdServer() {
-        return trustedIdServer;
-    }
-
-    public void setTrustedIdServer(String trustedIdServer) {
-        this.trustedIdServer = trustedIdServer;
-    }
-
     public Identity getIdentity() {
         return identity;
     }
diff --git a/src/main/java/io/kamax/mxisd/config/SessionConfig.java b/src/main/java/io/kamax/mxisd/config/SessionConfig.java
index 674f67c..a160d90 100644
--- a/src/main/java/io/kamax/mxisd/config/SessionConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/SessionConfig.java
@@ -59,6 +59,7 @@ public class SessionConfig {
 
         public Policy() {
             validation.enabled = true;
+            unbind.enabled = true;
         }
 
         private PolicyTemplate validation = new PolicyTemplate();
diff --git a/src/main/java/io/kamax/mxisd/session/SessionManager.java b/src/main/java/io/kamax/mxisd/session/SessionManager.java
index 29e4c29..3b50d64 100644
--- a/src/main/java/io/kamax/mxisd/session/SessionManager.java
+++ b/src/main/java/io/kamax/mxisd/session/SessionManager.java
@@ -28,8 +28,7 @@ import io.kamax.matrix.ThreePid;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.matrix.json.MatrixJson;
-import io.kamax.mxisd.config.MatrixConfig;
-import io.kamax.mxisd.config.SessionConfig;
+import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.crypto.SignatureManager;
 import io.kamax.mxisd.exception.BadRequestException;
 import io.kamax.mxisd.exception.NotAllowedException;
@@ -67,8 +66,7 @@ public class SessionManager {
 
     private static final Logger log = LoggerFactory.getLogger(SessionManager.class);
 
-    private SessionConfig cfg;
-    private MatrixConfig mxCfg;
+    private MxisdConfig cfg;
     private IStorage storage;
     private NotificationManager notifMgr;
     private HomeserverFederationResolver resolver;
@@ -76,8 +74,7 @@ public class SessionManager {
     private SignatureManager signatureManager;
 
     public SessionManager(
-        SessionConfig cfg,
-        MatrixConfig mxCfg,
+        MxisdConfig cfg,
         IStorage storage,
         NotificationManager notifMgr,
         HomeserverFederationResolver resolver,
@@ -85,7 +82,6 @@ public class SessionManager {
         SignatureManager signatureManager
     ) {
         this.cfg = cfg;
-        this.mxCfg = mxCfg;
         this.storage = storage;
         this.notifMgr = notifMgr;
         this.resolver = resolver;
@@ -111,7 +107,7 @@ public class SessionManager {
     }
 
     public String create(String server, ThreePid tpid, String secret, int attempt, String nextLink) {
-        PolicyTemplate policy = cfg.getPolicy().getValidation();
+        PolicyTemplate policy = cfg.getSession().getPolicy().getValidation();
         if (!policy.isEnabled()) {
             throw new NotAllowedException("Validating 3PID is disabled");
         }
@@ -187,8 +183,9 @@ public class SessionManager {
         _MatrixID mxid = MatrixID.asAcceptable(mxidRaw);
 
         // Only accept binds if the domain matches our own
-        if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
-            throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be bound");
+        final String domain = cfg.getMatrix().getDomain();
+        if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
+            throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be bound");
         }
 
         log.info("Session {}: Binding of {}:{} to Matrix ID {} is accepted",
@@ -201,6 +198,11 @@ public class SessionManager {
     }
 
     public void unbind(String auth, JsonObject reqData) {
+        if (!cfg.getSession().getPolicy().getUnbind().getEnabled()) {
+            log.error("Unbind disabled.");
+            throw new NotAllowedException("Unbinding 3PID is disabled");
+        }
+
         _MatrixID mxid;
         try {
             mxid = MatrixID.asAcceptable(GsonUtil.getStringOrThrow(reqData, "mxid"));
@@ -233,8 +235,8 @@ public class SessionManager {
             throw new NotAllowedException("Wrong authorization header");
         }
 
-        if (StringUtils.isBlank(mxCfg.getTrustedIdServer())) {
-            throw new NotAllowedException("Unable to verify request, missing `matrix.trustedIdServer` variable");
+        if (StringUtils.isBlank(cfg.getServer().getPublicUrl())) {
+            throw new NotAllowedException("Unable to verify request, missing `server.publicUrl` property");
         }
 
         String[] params = auth.substring("X-Matrix ".length()).split(",");
@@ -271,7 +273,7 @@ public class SessionManager {
         jsonObject.addProperty("method", "POST");
         jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind");
         jsonObject.addProperty("origin", origin);
-        jsonObject.addProperty("destination_is", mxCfg.getTrustedIdServer());
+        jsonObject.addProperty("destination_is", cfg.getServer().getPublicUrl());
         jsonObject.add("content", reqData);
 
         String canonical = MatrixJson.encodeCanonical(jsonObject);
@@ -348,8 +350,9 @@ public class SessionManager {
         }
 
         // We only allow unbind for the domain we manage, mirroring bind
-        if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
-            throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be unbound");
+        final CharSequence domain = cfg.getMatrix().getDomain();
+        if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
+            throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound");
         }
 
         log.info("Request was authorized.");