Add documentation.

Add an option to enable/disable hash lookup via the LDAP provider.
Add support of the MSC2134 (Identity hash lookup) for the LDAP provider.
2019-12-26 22:49:25 +03:00 · 2019-12-25 22:51:44 +03:00 · 2019-12-25 00:13:07 +03:00 · 2019-12-16 22:47:24 +03:00
12 changed files with 138 additions and 41 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -108,7 +108,7 @@ dependencies {
    compile 'net.i2p.crypto:eddsa:0.3.0'
    // LDAP connector
-    compile 'org.apache.directory.api:api-all:1.0.0'
+    compile 'org.apache.directory.api:api-all:1.0.3'
    // DNS lookups
    compile 'dnsjava:dnsjava:2.1.9'
--- a/docs/MSC2140_MSC2134.md
+++ b/docs/MSC2140_MSC2134.md
@@ -136,5 +136,11 @@ exec:
    hashEnabled: true # enable the hash lookup (defaults is false)
 ```
 For ldap providers:
 ```.yaml
 ldap:
  lookup: true
 ```
 NOTE: Federation requests work only with `none` algorithms.
--- a/docs/stores/ldap.md
+++ b/docs/stores/ldap.md
@@ -89,7 +89,7 @@ ldap:
 #### 3PIDs
 You can also change the attribute lists for 3PID, like email or phone numbers.
-The following example would overwrite the [default list of attributes](../../src/main/java/io/kamax/ma1sd/config/ldap/LdapConfig.java#L64)
+The following example would overwrite the [default list of attributes](../../src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java#L64)
 for emails and phone number:
 ```yaml
 ldap:
--- a/ma1sd.example.yaml
+++ b/ma1sd.example.yaml
@@ -131,6 +131,25 @@ threepid:
 #   lookup:
 #     query: 'select user_id as mxid, medium, address from user_threepids' # query for retrive 3PIDs for hashes.
 ### hash lookup for ldap provider (with example of the ldap configuration)
 # ldap:
 #   enabled: true
 #   lookup: true # hash lookup
 #   connection:
 #     host: 'ldap.domain.tld'
 #     port: 389
 #     bindDn: 'cn=admin,dc=domain,dc=tld'
 #     bindPassword: 'Secret'
 #     baseDNs:
 #       - 'dc=domain,dc=tld'
 #   attribute:
 #     uid:
 #       type: 'uid' # or mxid
 #       value: 'cn'
 #     name: 'displayName'
 #   identity:
 #     filter: '(objectClass=inetOrgPerson)'
 #### MSC2140 (Terms)
 #policy:
 #  policies:
--- a/src/main/java/io/kamax/mxisd/HttpMxisd.java
+++ b/src/main/java/io/kamax/mxisd/HttpMxisd.java
@@ -104,30 +104,30 @@ public class HttpMxisd {
        HttpHandler asNotFoundHandler = SaneHandler.around(new AsNotFoundHandler(m.getAs()));
        final RoutingHandler handler = Handlers.routing()
-            .add("OPTIONS", "/**", SaneHandler.around(new OptionsHandler()))
+            .add("OPTIONS", "/**", sane(new OptionsHandler()))
            // Status endpoints
-            .get(StatusHandler.Path, SaneHandler.around(new StatusHandler()))
+            .get(StatusHandler.Path, sane(new StatusHandler()))
-            .get(VersionHandler.Path, SaneHandler.around(new VersionHandler()))
+            .get(VersionHandler.Path, sane(new VersionHandler()))
            // Authentication endpoints
-            .get(LoginHandler.Path, SaneHandler.around(new LoginGetHandler(m.getAuth(), m.getHttpClient())))
+            .get(LoginHandler.Path, sane(new LoginGetHandler(m.getAuth(), m.getHttpClient())))
-            .post(LoginHandler.Path, SaneHandler.around(new LoginPostHandler(m.getAuth())))
+            .post(LoginHandler.Path, sane(new LoginPostHandler(m.getAuth())))
-            .post(RestAuthHandler.Path, SaneHandler.around(new RestAuthHandler(m.getAuth())))
+            .post(RestAuthHandler.Path, sane(new RestAuthHandler(m.getAuth())))
            // Directory endpoints
-            .post(UserDirectorySearchHandler.Path, SaneHandler.around(new UserDirectorySearchHandler(m.getDirectory())))
+            .post(UserDirectorySearchHandler.Path, sane(new UserDirectorySearchHandler(m.getDirectory())))
            // Profile endpoints
-            .get(ProfileHandler.Path, SaneHandler.around(new ProfileHandler(m.getProfile())))
+            .get(ProfileHandler.Path, sane(new ProfileHandler(m.getProfile())))
-            .get(InternalProfileHandler.Path, SaneHandler.around(new InternalProfileHandler(m.getProfile())))
+            .get(InternalProfileHandler.Path, sane(new InternalProfileHandler(m.getProfile())))
            // Registration endpoints
            .post(Register3pidRequestTokenHandler.Path,
-                SaneHandler.around(new Register3pidRequestTokenHandler(m.getReg(), m.getClientDns(), m.getHttpClient())))
+                sane(new Register3pidRequestTokenHandler(m.getReg(), m.getClientDns(), m.getHttpClient())))
            // Invite endpoints
-            .post(RoomInviteHandler.Path, SaneHandler.around(new RoomInviteHandler(m.getHttpClient(), m.getClientDns(), m.getInvite())))
+            .post(RoomInviteHandler.Path, sane(new RoomInviteHandler(m.getHttpClient(), m.getClientDns(), m.getInvite())))
            // Application Service endpoints
            .get(AsUserHandler.Path, asUserHandler)
@@ -139,7 +139,7 @@ public class HttpMxisd {
            .put("/transactions/{" + AsTransactionHandler.ID + "}", asTxnHandler) // Legacy endpoint
            // Banned endpoints
-            .get(InternalInfoHandler.Path, SaneHandler.around(new InternalInfoHandler()));
+            .get(InternalInfoHandler.Path, sane(new InternalInfoHandler()));
        keyEndpoints(handler);
        identityEndpoints(handler);
        termsEndpoints(handler);
@@ -191,10 +191,10 @@ public class HttpMxisd {
    private void accountEndpoints(RoutingHandler routingHandler) {
        MatrixConfig matrixConfig = m.getConfig().getMatrix();
        if (matrixConfig.isV2()) {
-            routingHandler.post(AccountRegisterHandler.Path, SaneHandler.around(new AccountRegisterHandler(m.getAccMgr())));
+            routingHandler.post(AccountRegisterHandler.Path, sane(new AccountRegisterHandler(m.getAccMgr())));
-            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountGetUserInfoHandler(m.getAccMgr())),
+            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new AccountGetUserInfoHandler(m.getAccMgr()),
                AccountGetUserInfoHandler.Path, true);
-            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new AccountLogoutHandler(m.getAccMgr())),
+            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new AccountLogoutHandler(m.getAccMgr()),
                AccountLogoutHandler.Path, true);
        }
    }
@@ -202,7 +202,7 @@ public class HttpMxisd {
    private void termsEndpoints(RoutingHandler routingHandler) {
        MatrixConfig matrixConfig = m.getConfig().getMatrix();
        if (matrixConfig.isV2()) {
-            routingHandler.get(GetTermsHandler.PATH, new GetTermsHandler(m.getConfig().getPolicy()));
+            routingHandler.get(GetTermsHandler.PATH, sane(new GetTermsHandler(m.getConfig().getPolicy())));
            routingHandler.post(AcceptTermsHandler.PATH, sane(new AcceptTermsHandler(m.getAccMgr())));
        }
    }
@@ -210,10 +210,10 @@ public class HttpMxisd {
    private void hashEndpoints(RoutingHandler routingHandler) {
        MatrixConfig matrixConfig = m.getConfig().getMatrix();
        if (matrixConfig.isV2()) {
-            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, sane(new HashDetailsHandler(m.getHashManager())),
+            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.GET, new HashDetailsHandler(m.getHashManager()),
                HashDetailsHandler.PATH, true);
            wrapWithTokenAndAuthorizationHandlers(routingHandler, Methods.POST,
-                sane(new HashLookupHandler(m.getIdentity(), m.getHashManager())), HashLookupHandler.Path, true);
+                new HashLookupHandler(m.getIdentity(), m.getHashManager()), HashLookupHandler.Path, true);
        }
    }
@@ -227,11 +227,11 @@ public class HttpMxisd {
                               HttpHandler httpHandler) {
        MatrixConfig matrixConfig = m.getConfig().getMatrix();
        if (matrixConfig.isV1()) {
-            routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), httpHandler);
+            routingHandler.add(method, apiHandler.getPath(IdentityServiceAPI.V1), sane(httpHandler));
        }
        if (matrixConfig.isV2()) {
-            String path = apiHandler.getPath(IdentityServiceAPI.V2);
+            wrapWithTokenAndAuthorizationHandlers(routingHandler, method, httpHandler, apiHandler.getPath(IdentityServiceAPI.V2),
-            wrapWithTokenAndAuthorizationHandlers(routingHandler, method, httpHandler, path, useAuthorization);
+                useAuthorization);
        }
    }
@@ -245,7 +245,7 @@ public class HttpMxisd {
        } else {
            wrappedHandler = httpHandler;
        }
-        routingHandler.add(method, url, wrappedHandler);
+        routingHandler.add(method, url, sane(wrappedHandler));
    }
    @NotNull
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
@@ -41,7 +41,10 @@ import org.slf4j.LoggerFactory;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Collectors;
 public class LdapThreePidProvider extends LdapBackend implements IThreePidProvider {
@@ -137,4 +140,65 @@ public class LdapThreePidProvider extends LdapBackend implements IThreePidProvid
        return mappingsFound;
    }
    private List<String> getAttributes() {
        final List<String> attributes = getCfg().getAttribute().getThreepid().values().stream().flatMap(List::stream)
            .collect(Collectors.toList());
        attributes.add(getUidAtt());
        return attributes;
    }
    private Optional<String> getAttributeValue(Entry entry, List<String> attributes) {
        return attributes.stream()
            .map(attr -> getAttribute(entry, attr))
            .filter(Objects::nonNull)
            .filter(Optional::isPresent)
            .map(Optional::get)
            .findFirst();
    }
    @Override
    public Iterable<ThreePidMapping> populateHashes() {
        List<ThreePidMapping> result = new ArrayList<>();
        if (!getCfg().getIdentity().isLookup()) {
            return result;
        }
        String filter = getCfg().getIdentity().getFilter();
        try (LdapConnection conn = getConn()) {
            bind(conn);
            log.debug("Query: {}", filter);
            List<String> attributes = getAttributes();
            log.debug("Attributes: {}", GsonUtil.build().toJson(attributes));
            for (String baseDN : getBaseDNs()) {
                log.debug("Base DN: {}", baseDN);
                try (EntryCursor cursor = conn.search(baseDN, filter, SearchScope.SUBTREE, attributes.toArray(new String[0]))) {
                    while (cursor.next()) {
                        Entry entry = cursor.get();
                        log.info("Found possible match, DN: {}", entry.getDn().getName());
                        Optional<String> mxid = getAttribute(entry, getUidAtt());
                        if (!mxid.isPresent()) {
                            continue;
                        }
                        for (Map.Entry<String, List<String>> attributeEntry : getCfg().getAttribute().getThreepid().entrySet()) {
                            String medium = attributeEntry.getKey();
                            getAttributeValue(entry, attributeEntry.getValue())
                                .ifPresent(s -> result.add(new ThreePidMapping(medium, s, buildMatrixIdFromUid(mxid.get()))));
                        }
                    }
                } catch (CursorLdapReferralException e) {
                    log.warn("3PID is only available via referral, skipping", e);
                } catch (IOException | LdapException | CursorException e) {
                    log.error("Unable to fetch 3PID mappings", e);
                }
            }
        } catch (LdapException | IOException e) {
            log.error("Unable to fetch 3PID mappings", e);
        }
        return result;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
@@ -107,14 +107,16 @@ public abstract class SqlThreePidProvider implements IThreePidProvider {
    @Override
    public Iterable<ThreePidMapping> populateHashes() {
-        if (StringUtils.isBlank(cfg.getLookup().getQuery())) {
+        String query = cfg.getLookup().getQuery();
        if (StringUtils.isBlank(query)) {
            log.warn("Lookup query not configured, skip.");
            return Collections.emptyList();
        }
        log.debug("Uses query to match users: {}", query);
        List<ThreePidMapping> result = new ArrayList<>();
        try (Connection connection = pool.get()) {
-            PreparedStatement statement = connection.prepareStatement(cfg.getLookup().getQuery());
+            PreparedStatement statement = connection.prepareStatement(query);
            try (ResultSet resultSet = statement.executeQuery()) {
                while (resultSet.next()) {
                    String mxid = resultSet.getString("mxid");
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java
@@ -233,6 +233,7 @@ public abstract class LdapConfig {
        private String filter;
        private String token = "%3pid";
        private Map<String, String> medium = new HashMap<>();
        private boolean lookup = false;
        public String getFilter() {
            return filter;
@@ -262,6 +263,13 @@ public abstract class LdapConfig {
            this.medium = medium;
        }
        public boolean isLookup() {
            return lookup;
        }
        public void setLookup(boolean lookup) {
            this.lookup = lookup;
        }
    }
    public static class Profile {
--- a/src/main/java/io/kamax/mxisd/hash/HashEngine.java
+++ b/src/main/java/io/kamax/mxisd/hash/HashEngine.java
@@ -35,7 +35,9 @@ public class HashEngine {
            hashStorage.clear();
            for (IThreePidProvider provider : providers) {
                try {
                    LOGGER.info("Populate hashes from the handler: {}", provider.getClass().getCanonicalName());
                    for (ThreePidMapping pidMapping : provider.populateHashes()) {
                        LOGGER.debug("Found 3PID: {}", pidMapping);
                        hashStorage.add(pidMapping, hash(pidMapping));
                    }
                } catch (Exception e) {
--- a/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java
+++ b/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java
@@ -85,6 +85,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler {
            default:
                throw new InvalidParamException();
        }
        hashManager.getRotationStrategy().newRequest();
    }
    private void noneAlgorithm(HttpServerExchange exchange, HashLookupRequest request, ClientHashLookupRequest input) throws Exception {
--- a/src/main/java/io/kamax/mxisd/lookup/strategy/LookupStrategy.java
+++ b/src/main/java/io/kamax/mxisd/lookup/strategy/LookupStrategy.java
@@ -46,6 +46,4 @@ public interface LookupStrategy {
    Optional<SingleLookupReply> findRecursive(SingleLookupRequest request);
    CompletableFuture<List<ThreePidMapping>> find(BulkLookupRequest requests);
    CompletableFuture<List<ThreePidMapping>> find(HashLookupRequest request);
 }
--- a/src/main/java/io/kamax/mxisd/lookup/strategy/RecursivePriorityLookupStrategy.java
+++ b/src/main/java/io/kamax/mxisd/lookup/strategy/RecursivePriorityLookupStrategy.java
@@ -26,17 +26,23 @@ import io.kamax.matrix.json.MatrixJson;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.exception.ConfigurationException;
 import io.kamax.mxisd.hash.HashManager;
-import io.kamax.mxisd.hash.storage.HashStorage;
+import io.kamax.mxisd.lookup.ALookupRequest;
-import io.kamax.mxisd.lookup.*;
+import io.kamax.mxisd.lookup.BulkLookupRequest;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.fetcher.IBridgeFetcher;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.net.UnknownHostException;
-import java.util.*;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
@@ -238,13 +244,4 @@ public class RecursivePriorityLookupStrategy implements LookupStrategy {
        result.complete(mapFoundAll);
        return bulkLookupInProgress.remove(payloadId);
    }
    @Override
    public CompletableFuture<List<ThreePidMapping>> find(HashLookupRequest request) {
        HashStorage hashStorage = hashManager.getHashStorage();
        CompletableFuture<List<ThreePidMapping>> result = new CompletableFuture<>();
        result.complete(hashStorage.find(request.getHashes()).stream().map(Pair::getValue).collect(Collectors.toList()));
        hashManager.getRotationStrategy().newRequest();
        return result;
    }
 }
Author	SHA1	Message	Date
Anatoly Sablin	15db563e8d	Add documentation.	2019-12-26 22:49:25 +03:00
Anatoly Sablin	82a538c750	Add an option to enable/disable hash lookup via the LDAP provider.	2019-12-25 22:51:44 +03:00
Anatoly Sablin	84ca8ebbd9	Add support of the MSC2134 (Identity hash lookup) for the LDAP provider.	2019-12-25 00:13:07 +03:00
Anatoly Sablin	774ebf4fa8	Fix for #9 . Proper wrap the handles with the sanitize handler.	2019-12-16 22:47:24 +03:00