Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
15db563e8d | ||
|
|
82a538c750 | ||
|
|
84ca8ebbd9 | ||
|
|
774ebf4fa8 |
@@ -108,7 +108,7 @@ dependencies {
|
||||
compile 'net.i2p.crypto:eddsa:0.3.0'
|
||||
|
||||
// LDAP connector
|
||||
compile 'org.apache.directory.api:api-all:1.0.0'
|
||||
compile 'org.apache.directory.api:api-all:1.0.3'
|
||||
|
||||
// DNS lookups
|
||||
compile 'dnsjava:dnsjava:2.1.9'
|
||||
|
||||
@@ -136,5 +136,11 @@ exec:
|
||||
hashEnabled: true # enable the hash lookup (defaults is false)
|
||||
```
|
||||
|
||||
For ldap providers:
|
||||
```.yaml
|
||||
ldap:
|
||||
lookup: true
|
||||
```
|
||||
|
||||
NOTE: Federation requests work only with `none` algorithms.
|
||||
|
||||
|
||||
@@ -89,7 +89,7 @@ ldap:
|
||||
#### 3PIDs
|
||||
You can also change the attribute lists for 3PID, like email or phone numbers.
|
||||
|
||||
The following example would overwrite the [default list of attributes](../../src/main/java/io/kamax/ma1sd/config/ldap/LdapConfig.java#L64)
|
||||
The following example would overwrite the [default list of attributes](../../src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java#L64)
|
||||
for emails and phone number:
|
||||
```yaml
|
||||
ldap:
|
||||
|
||||
@@ -131,6 +131,25 @@ threepid:
|
||||
# lookup:
|
||||
# query: 'select user_id as mxid, medium, address from user_threepids' # query for retrive 3PIDs for hashes.
|
||||
|
||||
### hash lookup for ldap provider (with example of the ldap configuration)
|
||||
# ldap:
|
||||
# enabled: true
|
||||
# lookup: true # hash lookup
|
||||
# connection:
|
||||
# host: 'ldap.domain.tld'
|
||||
# port: 389
|
||||
# bindDn: 'cn=admin,dc=domain,dc=tld'
|
||||
# bindPassword: 'Secret'
|
||||
# baseDNs:
|
||||
# - 'dc=domain,dc=tld'
|
||||
# attribute:
|
||||
# uid:
|
||||
# type: 'uid' # or mxid
|
||||
# value: 'cn'
|
||||
# name: 'displayName'
|
||||
# identity:
|
||||
# filter: '(objectClass=inetOrgPerson)'
|
||||
|
||||
#### MSC2140 (Terms)
|
||||
#policy:
|
||||
# policies:
|
||||
|
||||
@@ -104,30 +104,30 @@ public class HttpMxisd {
|
||||
HttpHandler asNotFoundHandler = SaneHandler.around(new AsNotFoundHandler(m.getAs()));
|
||||
|
||||
final RoutingHandler handler = Handlers.routing()
|
||||
.add("OPTIONS", "/**", SaneHandler.around(new OptionsHandler()))
|
||||
.add("OPTIONS", "/**", sane(new OptionsHandler()))
|
||||
|
||||
// Status endpoints
|
||||
.get(StatusHandler.Path, SaneHandler.around(new StatusHandler()))
|
||||
.get(VersionHandler.Path, SaneHandler.around(new VersionHandler()))
|
||||
.get(StatusHandler.Path, sane(new StatusHandler()))
|
||||
.get(VersionHandler.Path, sane(new VersionHandler()))
|
||||
|
||||
// Authentication endpoints
|
||||
.get(LoginHandler.Path, SaneHandler.around(new LoginGetHandler(m.getAuth(), m.getHttpClient())))
|
||||
.post(LoginHandler.Path, SaneHandler.around(new LoginPostHandler(m.getAuth())))
|
||||
.post(RestAuthHandler.Path, SaneHandler.around(new RestAuthHandler(m.getAuth())))
|
||||
.get(LoginHandler.Path, sane(new LoginGetHandler(m.getAuth(), m.getHttpClient())))
|
||||
.post(LoginHandler.Path, sane(new LoginPostHandler(m.getAuth())))
|
||||
.post(RestAuthHandler.Path, sane(new RestAuthHandler(m.getAuth())))
|
||||
|
||||
// Directory endpoints
|
||||
.post(UserDirectorySearchHandler.Path, SaneHandler.around(new UserDirectorySearchHandler(m.getDirectory())))
|
||||
.post(UserDirectorySearchHandler.Path, sane(new UserDirectorySearchHandler(m.getDirectory())))
|
||||
|
||||
// Profile endpoints
|
||||
.get(ProfileHandler.Path, SaneHandler.around(new ProfileHandler(m.getProfile())))
|
||||
.get(InternalProfileHandler.Path, SaneHandler.around(new InternalProfileHandler(m.getProfile())))
|
||||
.get(ProfileHandler.Path, sane(new ProfileHandler(m.getProfile())))
|
||||
.get(InternalProfileHandler.Path, sane(new InternalProfileHandler(m.getProfile())))
|
||||
|
||||
// Registration endpoints
|
||||
.post(Register3pidRequestTokenHandler.Path,
|
||||
SaneHandler.around(new Register3pidRequestTokenHandler(m.getReg(), m.getClientDns(), m.getHttpClient())))
|
||||
sane(new Register3pidRequestTokenHandler(m.getReg(), m.getClientDns(), m.getHttpClient())))
|
||||
|
||||
// Invite endpoints
|
||||
.post(RoomInviteHandler.Path, SaneHandler.around(new RoomInviteHandler(m.getHttpClient(), m.getClientDns(), m.getInvite())))
|
||||
.post(RoomInviteHandler.Path, sane(new RoomInviteHandler(m.getHttpClient(), m.getClientDns(), m.getInvite())))
|
||||
|
||||
// Application Service endpoints
|
||||
.get(AsUserHandler.Path, asUserHandler)
|
||||
@@ -139,7 +139,7 @@ public class HttpMxisd {
|
||||
.put("/transactions/{" + AsTransactionHandler.ID + "}", asTxnHandler) // Legacy endpoint
|
||||
|
||||
// Banned endpoints
|
||||
.get(InternalInfoHandler.Path, SaneHandler.around(new InternalInfoHandler()));
|
||||
.get(InternalInfoHandler.Path, sane(new InternalInfoHandler()));
|
||||
keyEndpoints(handler);
|
||||
identityEndpoints(handler);
|
||||
termsEndpoints(handler);
|
||||
@@ -191,10 +191,10 @@ public class HttpMxisd {
|
||||
private void accountEndpoints(RoutingHandler routingHandler) {
|
||||
MatrixConfig matrixConfig = m.getConfig().getMatrix();
|
||||
if (matrixConfig.isV2()) {
|
||||
routingHandler.post(AccountRegisterHandler.Path, SaneHandler.around(new AccountRegisterHandler(m.getAccMgr())));
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountGetUserInfoHandler(m.getAccMgr())),
|
||||
routingHandler.post(AccountRegisterHandler.Path, sane(new AccountRegisterHandler(m.getAccMgr())));
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new AccountGetUserInfoHandler(m.getAccMgr()),
|
||||
AccountGetUserInfoHandler.Path, true);
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountLogoutHandler(m.getAccMgr())),
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new AccountLogoutHandler(m.getAccMgr()),
|
||||
AccountLogoutHandler.Path, true);
|
||||
}
|
||||
}
|
||||
@@ -202,7 +202,7 @@ public class HttpMxisd {
|
||||
private void termsEndpoints(RoutingHandler routingHandler) {
|
||||
MatrixConfig matrixConfig = m.getConfig().getMatrix();
|
||||
if (matrixConfig.isV2()) {
|
||||
routingHandler.get(GetTermsHandler.PATH, new GetTermsHandler(m.getConfig().getPolicy()));
|
||||
routingHandler.get(GetTermsHandler.PATH, sane(new GetTermsHandler(m.getConfig().getPolicy())));
|
||||
routingHandler.post(AcceptTermsHandler.PATH, sane(new AcceptTermsHandler(m.getAccMgr())));
|
||||
}
|
||||
}
|
||||
@@ -210,10 +210,10 @@ public class HttpMxisd {
|
||||
private void hashEndpoints(RoutingHandler routingHandler) {
|
||||
MatrixConfig matrixConfig = m.getConfig().getMatrix();
|
||||
if (matrixConfig.isV2()) {
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new HashDetailsHandler(m.getHashManager())),
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new HashDetailsHandler(m.getHashManager()),
|
||||
HashDetailsHandler.PATH, true);
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.POST,
|
||||
sane(new HashLookupHandler(m.getIdentity(), m.getHashManager())), HashLookupHandler.Path, true);
|
||||
new HashLookupHandler(m.getIdentity(), m.getHashManager()), HashLookupHandler.Path, true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -227,11 +227,11 @@ public class HttpMxisd {
|
||||
HttpHandler httpHandler) {
|
||||
MatrixConfig matrixConfig = m.getConfig().getMatrix();
|
||||
if (matrixConfig.isV1()) {
|
||||
routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), httpHandler);
|
||||
routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), sane(httpHandler));
|
||||
}
|
||||
if (matrixConfig.isV2()) {
|
||||
String path = apiHandler.getPath(IdentityServiceAPI.V2);
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, method, httpHandler, path, useAuthorization);
|
||||
wrapWithTokenAndAuthorizationHandlers(routingHandler, method, httpHandler, apiHandler.getPath(IdentityServiceAPI.V2),
|
||||
useAuthorization);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -245,7 +245,7 @@ public class HttpMxisd {
|
||||
} else {
|
||||
wrappedHandler = httpHandler;
|
||||
}
|
||||
routingHandler.add(method, url, wrappedHandler);
|
||||
routingHandler.add(method, url, sane(wrappedHandler));
|
||||
}
|
||||
|
||||
@NotNull
|
||||
|
||||
@@ -41,7 +41,10 @@ import org.slf4j.LoggerFactory;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class LdapThreePidProvider extends LdapBackend implements IThreePidProvider {
|
||||
|
||||
@@ -137,4 +140,65 @@ public class LdapThreePidProvider extends LdapBackend implements IThreePidProvid
|
||||
return mappingsFound;
|
||||
}
|
||||
|
||||
private List<String> getAttributes() {
|
||||
final List<String> attributes = getCfg().getAttribute().getThreepid().values().stream().flatMap(List::stream)
|
||||
.collect(Collectors.toList());
|
||||
attributes.add(getUidAtt());
|
||||
return attributes;
|
||||
}
|
||||
|
||||
private Optional<String> getAttributeValue(Entry entry, List<String> attributes) {
|
||||
return attributes.stream()
|
||||
.map(attr -> getAttribute(entry, attr))
|
||||
.filter(Objects::nonNull)
|
||||
.filter(Optional::isPresent)
|
||||
.map(Optional::get)
|
||||
.findFirst();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Iterable<ThreePidMapping> populateHashes() {
|
||||
List<ThreePidMapping> result = new ArrayList<>();
|
||||
if (!getCfg().getIdentity().isLookup()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
String filter = getCfg().getIdentity().getFilter();
|
||||
|
||||
try (LdapConnection conn = getConn()) {
|
||||
bind(conn);
|
||||
|
||||
log.debug("Query: {}", filter);
|
||||
List<String> attributes = getAttributes();
|
||||
log.debug("Attributes: {}", GsonUtil.build().toJson(attributes));
|
||||
|
||||
for (String baseDN : getBaseDNs()) {
|
||||
log.debug("Base DN: {}", baseDN);
|
||||
|
||||
try (EntryCursor cursor = conn.search(baseDN, filter, SearchScope.SUBTREE, attributes.toArray(new String[0]))) {
|
||||
while (cursor.next()) {
|
||||
Entry entry = cursor.get();
|
||||
log.info("Found possible match, DN: {}", entry.getDn().getName());
|
||||
Optional<String> mxid = getAttribute(entry, getUidAtt());
|
||||
if (!mxid.isPresent()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
for (Map.Entry<String, List<String>> attributeEntry : getCfg().getAttribute().getThreepid().entrySet()) {
|
||||
String medium = attributeEntry.getKey();
|
||||
getAttributeValue(entry, attributeEntry.getValue())
|
||||
.ifPresent(s -> result.add(new ThreePidMapping(medium, s, buildMatrixIdFromUid(mxid.get()))));
|
||||
}
|
||||
}
|
||||
} catch (CursorLdapReferralException e) {
|
||||
log.warn("3PID is only available via referral, skipping", e);
|
||||
} catch (IOException | LdapException | CursorException e) {
|
||||
log.error("Unable to fetch 3PID mappings", e);
|
||||
}
|
||||
}
|
||||
} catch (LdapException | IOException e) {
|
||||
log.error("Unable to fetch 3PID mappings", e);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -107,14 +107,16 @@ public abstract class SqlThreePidProvider implements IThreePidProvider {
|
||||
|
||||
@Override
|
||||
public Iterable<ThreePidMapping> populateHashes() {
|
||||
if (StringUtils.isBlank(cfg.getLookup().getQuery())) {
|
||||
String query = cfg.getLookup().getQuery();
|
||||
if (StringUtils.isBlank(query)) {
|
||||
log.warn("Lookup query not configured, skip.");
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
log.debug("Uses query to match users: {}", query);
|
||||
List<ThreePidMapping> result = new ArrayList<>();
|
||||
try (Connection connection = pool.get()) {
|
||||
PreparedStatement statement = connection.prepareStatement(cfg.getLookup().getQuery());
|
||||
PreparedStatement statement = connection.prepareStatement(query);
|
||||
try (ResultSet resultSet = statement.executeQuery()) {
|
||||
while (resultSet.next()) {
|
||||
String mxid = resultSet.getString("mxid");
|
||||
|
||||
@@ -233,6 +233,7 @@ public abstract class LdapConfig {
|
||||
private String filter;
|
||||
private String token = "%3pid";
|
||||
private Map<String, String> medium = new HashMap<>();
|
||||
private boolean lookup = false;
|
||||
|
||||
public String getFilter() {
|
||||
return filter;
|
||||
@@ -262,6 +263,13 @@ public abstract class LdapConfig {
|
||||
this.medium = medium;
|
||||
}
|
||||
|
||||
public boolean isLookup() {
|
||||
return lookup;
|
||||
}
|
||||
|
||||
public void setLookup(boolean lookup) {
|
||||
this.lookup = lookup;
|
||||
}
|
||||
}
|
||||
|
||||
public static class Profile {
|
||||
|
||||
@@ -35,7 +35,9 @@ public class HashEngine {
|
||||
hashStorage.clear();
|
||||
for (IThreePidProvider provider : providers) {
|
||||
try {
|
||||
LOGGER.info("Populate hashes from the handler: {}", provider.getClass().getCanonicalName());
|
||||
for (ThreePidMapping pidMapping : provider.populateHashes()) {
|
||||
LOGGER.debug("Found 3PID: {}", pidMapping);
|
||||
hashStorage.add(pidMapping, hash(pidMapping));
|
||||
}
|
||||
} catch (Exception e) {
|
||||
|
||||
@@ -85,6 +85,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
|
||||
default:
|
||||
throw new InvalidParamException();
|
||||
}
|
||||
hashManager.getRotationStrategy().newRequest();
|
||||
}
|
||||
|
||||
private void noneAlgorithm(HttpServerExchange exchange, HashLookupRequest request, ClientHashLookupRequest input) throws Exception {
|
||||
|
||||
@@ -46,6 +46,4 @@ public interface LookupStrategy {
|
||||
Optional<SingleLookupReply> findRecursive(SingleLookupRequest request);
|
||||
|
||||
CompletableFuture<List<ThreePidMapping>> find(BulkLookupRequest requests);
|
||||
|
||||
CompletableFuture<List<ThreePidMapping>> find(HashLookupRequest request);
|
||||
}
|
||||
|
||||
@@ -26,17 +26,23 @@ import io.kamax.matrix.json.MatrixJson;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.exception.ConfigurationException;
|
||||
import io.kamax.mxisd.hash.HashManager;
|
||||
import io.kamax.mxisd.hash.storage.HashStorage;
|
||||
import io.kamax.mxisd.lookup.*;
|
||||
import io.kamax.mxisd.lookup.ALookupRequest;
|
||||
import io.kamax.mxisd.lookup.BulkLookupRequest;
|
||||
import io.kamax.mxisd.lookup.SingleLookupReply;
|
||||
import io.kamax.mxisd.lookup.SingleLookupRequest;
|
||||
import io.kamax.mxisd.lookup.ThreePidMapping;
|
||||
import io.kamax.mxisd.lookup.fetcher.IBridgeFetcher;
|
||||
import io.kamax.mxisd.lookup.provider.IThreePidProvider;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.commons.lang3.tuple.Pair;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.net.UnknownHostException;
|
||||
import java.util.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.concurrent.CompletableFuture;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.stream.Collectors;
|
||||
@@ -238,13 +244,4 @@ public class RecursivePriorityLookupStrategy implements LookupStrategy {
|
||||
result.complete(mapFoundAll);
|
||||
return bulkLookupInProgress.remove(payloadId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CompletableFuture<List<ThreePidMapping>> find(HashLookupRequest request) {
|
||||
HashStorage hashStorage = hashManager.getHashStorage();
|
||||
CompletableFuture<List<ThreePidMapping>> result = new CompletableFuture<>();
|
||||
result.complete(hashStorage.find(request.getHashes()).stream().map(Pair::getValue).collect(Collectors.toList()));
|
||||
hashManager.getRotationStrategy().newRequest();
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user