MSC1915. Add the option to enable/disable unbind.
This commit is contained in:
Anatoly Sablin
@@ -118,7 +118,7 @@ public class Mxisd {
|
|||||||
idStrategy = new RecursivePriorityLookupStrategy(cfg.getLookup(), ThreePidProviders.get(), bridgeFetcher);
|
idStrategy = new RecursivePriorityLookupStrategy(cfg.getLookup(), ThreePidProviders.get(), bridgeFetcher);
|
||||||
pMgr = new ProfileManager(ProfileProviders.get(), clientDns, httpClient);
|
pMgr = new ProfileManager(ProfileProviders.get(), clientDns, httpClient);
|
||||||
notifMgr = new NotificationManager(cfg.getNotification(), NotificationHandlers.get());
|
notifMgr = new NotificationManager(cfg.getNotification(), NotificationHandlers.get());
|
||||||
sessMgr = new SessionManager(cfg.getSession(), cfg.getMatrix(), store, notifMgr, resolver, httpClient, signMgr);
|
sessMgr = new SessionManager(cfg, store, notifMgr, resolver, httpClient, signMgr);
|
||||||
invMgr = new InvitationManager(cfg, store, idStrategy, keyMgr, signMgr, resolver, notifMgr, pMgr);
|
invMgr = new InvitationManager(cfg, store, idStrategy, keyMgr, signMgr, resolver, notifMgr, pMgr);
|
||||||
authMgr = new AuthManager(cfg, AuthProviders.get(), idStrategy, invMgr, clientDns, httpClient);
|
authMgr = new AuthManager(cfg, AuthProviders.get(), idStrategy, invMgr, clientDns, httpClient);
|
||||||
dirMgr = new DirectoryManager(cfg.getDirectory(), clientDns, httpClient, DirectoryProviders.get());
|
dirMgr = new DirectoryManager(cfg.getDirectory(), clientDns, httpClient, DirectoryProviders.get());
|
||||||
|
|||||||
@@ -62,7 +62,6 @@ public class MatrixConfig {
|
|||||||
private transient final Logger log = LoggerFactory.getLogger(MatrixConfig.class);
|
private transient final Logger log = LoggerFactory.getLogger(MatrixConfig.class);
|
||||||
|
|
||||||
private String domain;
|
private String domain;
|
||||||
private String trustedIdServer;
|
|
||||||
private Identity identity = new Identity();
|
private Identity identity = new Identity();
|
||||||
|
|
||||||
public String getDomain() {
|
public String getDomain() {
|
||||||
@@ -73,14 +72,6 @@ public class MatrixConfig {
|
|||||||
this.domain = domain;
|
this.domain = domain;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getTrustedIdServer() {
|
|
||||||
return trustedIdServer;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setTrustedIdServer(String trustedIdServer) {
|
|
||||||
this.trustedIdServer = trustedIdServer;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Identity getIdentity() {
|
public Identity getIdentity() {
|
||||||
return identity;
|
return identity;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -59,6 +59,7 @@ public class SessionConfig {
|
|||||||
|
|
||||||
public Policy() {
|
public Policy() {
|
||||||
validation.enabled = true;
|
validation.enabled = true;
|
||||||
|
unbind.enabled = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private PolicyTemplate validation = new PolicyTemplate();
|
private PolicyTemplate validation = new PolicyTemplate();
|
||||||
|
|||||||
@@ -28,8 +28,7 @@ import io.kamax.matrix.ThreePid;
|
|||||||
import io.kamax.matrix._MatrixID;
|
import io.kamax.matrix._MatrixID;
|
||||||
import io.kamax.matrix.json.GsonUtil;
|
import io.kamax.matrix.json.GsonUtil;
|
||||||
import io.kamax.matrix.json.MatrixJson;
|
import io.kamax.matrix.json.MatrixJson;
|
||||||
import io.kamax.mxisd.config.MatrixConfig;
|
import io.kamax.mxisd.config.MxisdConfig;
|
||||||
import io.kamax.mxisd.config.SessionConfig;
|
|
||||||
import io.kamax.mxisd.crypto.SignatureManager;
|
import io.kamax.mxisd.crypto.SignatureManager;
|
||||||
import io.kamax.mxisd.exception.BadRequestException;
|
import io.kamax.mxisd.exception.BadRequestException;
|
||||||
import io.kamax.mxisd.exception.NotAllowedException;
|
import io.kamax.mxisd.exception.NotAllowedException;
|
||||||
@@ -67,8 +66,7 @@ public class SessionManager {
|
|||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(SessionManager.class);
|
private static final Logger log = LoggerFactory.getLogger(SessionManager.class);
|
||||||
|
|
||||||
private SessionConfig cfg;
|
private MxisdConfig cfg;
|
||||||
private MatrixConfig mxCfg;
|
|
||||||
private IStorage storage;
|
private IStorage storage;
|
||||||
private NotificationManager notifMgr;
|
private NotificationManager notifMgr;
|
||||||
private HomeserverFederationResolver resolver;
|
private HomeserverFederationResolver resolver;
|
||||||
@@ -76,8 +74,7 @@ public class SessionManager {
|
|||||||
private SignatureManager signatureManager;
|
private SignatureManager signatureManager;
|
||||||
|
|
||||||
public SessionManager(
|
public SessionManager(
|
||||||
SessionConfig cfg,
|
MxisdConfig cfg,
|
||||||
MatrixConfig mxCfg,
|
|
||||||
IStorage storage,
|
IStorage storage,
|
||||||
NotificationManager notifMgr,
|
NotificationManager notifMgr,
|
||||||
HomeserverFederationResolver resolver,
|
HomeserverFederationResolver resolver,
|
||||||
@@ -85,7 +82,6 @@ public class SessionManager {
|
|||||||
SignatureManager signatureManager
|
SignatureManager signatureManager
|
||||||
) {
|
) {
|
||||||
this.cfg = cfg;
|
this.cfg = cfg;
|
||||||
this.mxCfg = mxCfg;
|
|
||||||
this.storage = storage;
|
this.storage = storage;
|
||||||
this.notifMgr = notifMgr;
|
this.notifMgr = notifMgr;
|
||||||
this.resolver = resolver;
|
this.resolver = resolver;
|
||||||
@@ -111,7 +107,7 @@ public class SessionManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public String create(String server, ThreePid tpid, String secret, int attempt, String nextLink) {
|
public String create(String server, ThreePid tpid, String secret, int attempt, String nextLink) {
|
||||||
PolicyTemplate policy = cfg.getPolicy().getValidation();
|
PolicyTemplate policy = cfg.getSession().getPolicy().getValidation();
|
||||||
if (!policy.isEnabled()) {
|
if (!policy.isEnabled()) {
|
||||||
throw new NotAllowedException("Validating 3PID is disabled");
|
throw new NotAllowedException("Validating 3PID is disabled");
|
||||||
}
|
}
|
||||||
@@ -187,8 +183,9 @@ public class SessionManager {
|
|||||||
_MatrixID mxid = MatrixID.asAcceptable(mxidRaw);
|
_MatrixID mxid = MatrixID.asAcceptable(mxidRaw);
|
||||||
|
|
||||||
// Only accept binds if the domain matches our own
|
// Only accept binds if the domain matches our own
|
||||||
if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
|
final String domain = cfg.getMatrix().getDomain();
|
||||||
throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be bound");
|
if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
|
||||||
|
throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be bound");
|
||||||
}
|
}
|
||||||
|
|
||||||
log.info("Session {}: Binding of {}:{} to Matrix ID {} is accepted",
|
log.info("Session {}: Binding of {}:{} to Matrix ID {} is accepted",
|
||||||
@@ -201,6 +198,11 @@ public class SessionManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void unbind(String auth, JsonObject reqData) {
|
public void unbind(String auth, JsonObject reqData) {
|
||||||
|
if (!cfg.getSession().getPolicy().getUnbind().getEnabled()) {
|
||||||
|
log.error("Unbind disabled.");
|
||||||
|
throw new NotAllowedException("Unbinding 3PID is disabled");
|
||||||
|
}
|
||||||
|
|
||||||
_MatrixID mxid;
|
_MatrixID mxid;
|
||||||
try {
|
try {
|
||||||
mxid = MatrixID.asAcceptable(GsonUtil.getStringOrThrow(reqData, "mxid"));
|
mxid = MatrixID.asAcceptable(GsonUtil.getStringOrThrow(reqData, "mxid"));
|
||||||
@@ -233,8 +235,8 @@ public class SessionManager {
|
|||||||
throw new NotAllowedException("Wrong authorization header");
|
throw new NotAllowedException("Wrong authorization header");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (StringUtils.isBlank(mxCfg.getTrustedIdServer())) {
|
if (StringUtils.isBlank(cfg.getServer().getPublicUrl())) {
|
||||||
throw new NotAllowedException("Unable to verify request, missing `matrix.trustedIdServer` variable");
|
throw new NotAllowedException("Unable to verify request, missing `server.publicUrl` property");
|
||||||
}
|
}
|
||||||
|
|
||||||
String[] params = auth.substring("X-Matrix ".length()).split(",");
|
String[] params = auth.substring("X-Matrix ".length()).split(",");
|
||||||
@@ -271,7 +273,7 @@ public class SessionManager {
|
|||||||
jsonObject.addProperty("method", "POST");
|
jsonObject.addProperty("method", "POST");
|
||||||
jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind");
|
jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind");
|
||||||
jsonObject.addProperty("origin", origin);
|
jsonObject.addProperty("origin", origin);
|
||||||
jsonObject.addProperty("destination_is", mxCfg.getTrustedIdServer());
|
jsonObject.addProperty("destination_is", cfg.getServer().getPublicUrl());
|
||||||
jsonObject.add("content", reqData);
|
jsonObject.add("content", reqData);
|
||||||
|
|
||||||
String canonical = MatrixJson.encodeCanonical(jsonObject);
|
String canonical = MatrixJson.encodeCanonical(jsonObject);
|
||||||
@@ -348,8 +350,9 @@ public class SessionManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// We only allow unbind for the domain we manage, mirroring bind
|
// We only allow unbind for the domain we manage, mirroring bind
|
||||||
if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
|
final CharSequence domain = cfg.getMatrix().getDomain();
|
||||||
throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be unbound");
|
if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
|
||||||
|
throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound");
|
||||||
}
|
}
|
||||||
|
|
||||||
log.info("Request was authorized.");
|
log.info("Request was authorized.");
|
||||||
|
|||||||
Reference in New Issue
Block a user