Better sample config, better README

Do not enforce Twilio config by default
Fix groovy rollback issue
2017-09-25 18:20:18 +02:00 · 2017-09-25 18:04:21 +02:00 · 2017-09-25 17:56:06 +02:00 · 2017-09-25 17:15:37 +02:00 · 2017-09-25 17:12:59 +02:00 · 2017-09-25 17:11:58 +02:00
189 changed files with 12377 additions and 2106 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,7 @@ out/
 .idea/
 # Local dev config
-application.yaml
+/application.yaml
 # Local dev storage
 /mxisd.db
--- a/README.md
+++ b/README.md
@@ -1,23 +1,34 @@
-mxisd
+mxisd - Federated Matrix Identity Server Daemon
 -----
 ![Travis-CI build status](https://travis-ci.org/kamax-io/mxisd.svg?branch=master)  
-[Overview](#overview) | [Lookup process](#lookup-process) | [Packages](#packages) | [From source](#from-source) | [Network Discovery](#network-discovery) | [Integration](#integration) | [Support](#support)
+[Overview](#overview) | [Features](#features) | [Lookup process](#lookup-process) | [Packages](#packages) | 
 [From source](#from-source) | [Configuration](#configuration) | [Network Discovery](#network-discovery) | 
 [Integration](#integration) | [Support](#support)
 # Overview
-mxisd is an implementation of the [Matrix Identity Service specification](https://matrix.org/docs/spec/identity_service/unstable.html) 
+mxisd is a Federated Matrix Identity server for self-hosted Matrix infrastructures.
 which provides an alternative to the vector.im and matrix.org Identity servers.
-mxisd is federated and uses a cascading lookup model which performs lookup from a more authoritative to a less authoritative source, usually doing:
+mxisd uses a cascading lookup model which performs lookup from a more authoritative to a less authoritative source, usually doing:
 - Local identity stores: LDAP, etc.
 - Federated identity stores: another Identity Server in charge of a specific domain, if applicable
- Configured identity stores: another Identiy Server specifically configured, if part of some sort of group trust
+- Configured identity stores: another Identity Server specifically configured, if part of some sort of group trust
- Root identity store: vector.im/matrix.org central Identity Server
+- Root identity store: vector.im/matrix.org central Identity Servers
-mxisd only aims to support workflow that does NOT break federation or basic lookup process of the Matrix ecosystem.
+mxisd provides an alternative to [sydent](https://github.com/matrix-org/sydent), while still connecting to the vector.im and matrix.org Identity servers, 
 by implementing the [Matrix Identity Service specification](https://matrix.org/docs/spec/identity_service/unstable.html).
-**NOTE:** mxisd is **NOT** an authenticator module for homeservers. Identity servers are opaque public directories for those who publish their data on it.  
+mxisd only aims to support workflows that do NOT break federation or basic lookup processes of the Matrix ecosystem.
-For more details, please read the [Identity Service specification](https://matrix.org/docs/spec/identity_service/unstable.html).
+
 # Features
 - Single lookup of 3PID (E-mail, phone number, etc.) by the Matrix Client or Homeserver.
 - Bulk lookups when trying to find possible matches within contacts in Android and iOS clients.
 - Bind of 3PID by a Matrix user within a Matrix client - See [documentation](docs/sessions/3pid.md)
 - Support of invitation to rooms by e-mail with e-mail notification to invitee.
 - Authentication support in [synapse](https://github.com/matrix-org/synapse) via the [REST auth module](https://github.com/kamax-io/matrix-synapse-rest-auth).
 In the pipe:
 - Support to proxy 3PID bindings in user profile to the central Matrix.org servers
 # Lookup Process
 Default Lookup strategy will use a priority order and a configurable recursive/local type of request.
@@ -39,21 +50,16 @@ Given the phone number `+123456789`, the following lookup logic will be performe
 See [releases]((https://github.com/kamax-io/mxisd/releases)) for native installers of supported systems.  
 If none is available, please use other packages or build from source.
 ## Docker
 ### From source
 Build the image:
 ```
 docker build -t your-org/mxisd:$(git describe --tags --always --dirty) .
 ```
 You can run a container of the given image and test it with the following command (adapt volumes host paths):
 ```
 docker run -v /data/mxisd/etc:/etc/mxisd -v /data/mxisd/var:/var/mxisd -p 8090:8090 -t your-org/mxisd:$(git describe --tags --always --dirty)
 ```
 ## Debian
 ### Download
 See the [releases section](https://github.com/kamax-io/mxisd/releases).
 ### Configure and run
 After installation:
 1. Copy the sample config file `/etc/mxisd/mxisd-sample.yaml` to `/etc/mxisd/mxisd.yaml`
 2. [Configure](#configuration)
 3. Start the service: `sudo systemctl start mxisd`
 ### From source
 Requirements:
 - fakeroot
@@ -63,9 +69,24 @@ Run:
 ```
 ./gradlew buildDeb 
 ```
 You will find the debian package in `build/dist`
 ## Docker
 ```
 docker pull kamax/mxisd
 ```
 For more info, see [the public repository](https://hub.docker.com/r/kamax/mxisd/)
 ### From source
 [Build mxisd](#build) then build the docker image:
 ```
 ./gradlew dockerBuild
 ```
 You can run a container of the given image and test it with the following command (adapt volumes host paths):
 ```
 docker run -v /data/mxisd/etc:/etc/mxisd -v /data/mxisd/var:/var/mxisd -p 8090:8090 -t kamax/mxisd:latest-dev
 ```
 # From Source
 ## Requirements
 - JDK 1.8
@@ -76,15 +97,9 @@ git clone https://github.com/kamax-io/mxisd.git
 cd mxisd
 ./gradlew build
 ```
 then see the [Configuration](#configuration) section.
-## Configure
+## Test build
 1. Create a new local config: `cp application.example.yaml application.yaml`
 2. Set the `server.name` value to the domain value used in your Home Server configuration
 3. Set an absolute location for the signing keys using `key.path`
 4. Provide the LDAP attributes you want to use for lookup, if you want to use one
 5. Edit an entity in your LDAP database and set the configure attribute with a Matrix ID (e.g. `@john.doe:example.org`)
 ## Test build and configuration
 Start the server in foreground to validate the build:
 ```
 java -jar build/libs/mxisd.jar
@@ -92,10 +107,18 @@ java -jar build/libs/mxisd.jar
 Ensure the signing key is available:
 ```
-curl http://localhost:8090/_matrix/identity/api/v1/pubkey/ed25519:0
+$ curl http://localhost:8090/_matrix/identity/api/v1/pubkey/ed25519:0
 {"public_key":"..."}
 ```
-Validate your LDAP config and binding info (replace the e-mail):
+Test basic recursive lookup (requires Internet connection with access to TCP 443):
 ```
 $ curl 'http://localhost:8090/_matrix/identity/api/v1/lookup?medium=email&address=mxisd-lookup-test@kamax.io'
 {"address":"mxisd-lookup-test@kamax.io","medium":"email","mxid":"@mxisd-lookup-test:kamax.io",...}
 ```
 If you enabled LDAP, you can also validate your config with a similar request after replacing the `address` value with something present within your LDAP
 ```
 curl "http://localhost:8090/_matrix/identity/api/v1/lookup?medium=email&address=john.doe@example.org"
 ```
@@ -103,7 +126,7 @@ curl "http://localhost:8090/_matrix/identity/api/v1/lookup?medium=email&address=
 If you plan on testing the integration with a homeserver, you will need to run an HTTPS reverse proxy in front of it
 as the reference Home Server implementation [synapse](https://github.com/matrix-org/synapse) requires a HTTPS connection
 to an ID server.  
-See the [Integration section](https://github.com/kamax-io/mxisd#integration) for more details.
+See the [Integration section](#integration) for more details.
 ## Install
 After [building](#build) the software, run all the following commands as `root` or using `sudo`
@@ -132,36 +155,74 @@ chmod a+x /opt/mxisd/mxisd.jar
 ln -s /opt/mxisd/mxisd.jar /usr/bin/mxisd
 ```
-2. Copy the config file created earlier `./application.yaml` to `/etc/mxisd/mxisd.yaml`
+2. Copy the config file created earlier `./application.example.yaml` to `/etc/mxisd/mxisd.yaml`
-3. Configure `/etc/mxisd/mxisd.yaml` with production value, `key.path` being the most important - `/var/opt/mxisd/signing.key` is recommended
+3. [Configure](#configuration)
 4. Copy `<repo root>/src/systemd/mxisd.service` to `/etc/systemd/system/` and edit if needed
-5. Manage service for auto-startup
+5. Enable service for auto-startup
 ```
 # Enable service
 systemctl enable mxisd
-
+```
-# Start service
+6. Start mxisd
 ```
 systemctl start mxisd
 ```
 # Configuration
 After following the specific instructions to create a config file from the sample:
 1. Set the `matrix.domain` value to the domain value used in your Home Server configuration
 2. Set an absolute location for the signing keys using `key.path`
 3. Configure the E-mail notification sender with items starting with:
  - `threepid.medium.email.identity`
  - `threepid.medium.email.connectors.smtp`
 4. If you would like to support Phone number validation, see the [Twilio configuration](docs/threepids/msisdn/twilio-connector.md)
 In case your IS public domain does not match your Matrix domain, see `server.name` and `server.publicUrl` 
 config items.
 ## Backends
 ### LDAP (AD, Samba, LDAP)
 If you want to use LDAP backend as an Identity store:
 1. Enable it with `ldap.enabled`
 2. Configure connection options using items starting in `ldap.connection`
 3. You may want to valid default values for `ldap.attribute` items
 ### SQL (SQLite, PostgreSQL)
 If you want to connect to use a synapse DB (SQLite or PostgreSQL) as Identity store, follow the example config for `sql` config items.
 ### REST (Webapps/websites integration)
 If you want to use the REST backend as an Identity store:
 1. Enable it with `rest.enabled`
 2. Configure options starting with `rest` and see the dedicated documentation in `docs/backends/rest.md`
 # Network Discovery
-To allow other federated Identity Server to reach yours, configure the following DNS SRV entry (adapt to your values):
+To allow other federated Identity Server to reach yours, the same algorithm used for Homeservers takes place:
 1. Check for the appropriate DNS SRV record
 2. If not found, use the base domain
 If your Identity Server public hostname does not match your Matrix domain, configure the following DNS SRV entry 
 and replace `matrix.example.com` by your Identity server public hostname - **Make sure to end with a final dot!**
 ```
 _matrix-identity._tcp.example.com. 3600 IN SRV 10 0 443 matrix.example.com.
 ``` 
-This would only apply for 3PID that are DNS-based, like e-mails. For anything else, like phone numbers, no federation is currently possible.  
+This would only apply for 3PID that are DNS-based, like e-mails. For anything else, like phone numbers, no federation 
 is currently possible.  
 The port must be HTTPS capable. Typically, the port `8090` of mxisd should be behind a reverse proxy which does HTTPS.
 See the [integration section](#integration) for more details.
 # Integration
 - [HTTPS and Reverse proxy](https://github.com/kamax-io/mxisd/wiki/HTTPS)
- [synapse](https://github.com/kamax-io/mxisd/wiki/Homeserver-Integration)
+- [synapse](https://github.com/kamax-io/mxisd/wiki/Homeserver-Integration) as Identity server
 - [synapse with REST auth module](https://github.com/kamax-io/matrix-synapse-rest-auth/blob/master/README.md) 
 as authentication module
 # Support
 ## Community
-If you need help, want to report a bug or just say hi, you can reach us on Matrix at [#mxisd:kamax.io](https://matrix.to/#/#mxisd:kamax.io)  
+If you need help, want to report a bug or just say hi, you can reach us on Matrix at 
-For more high-level discussion about the Identity Server architecture/API, go to [#matrix-identity:matrix.org](https://matrix.to/#/#matrix-identity:matrix.org)
+[#mxisd:kamax.io](https://matrix.to/#/#mxisd:kamax.io) or [directly peek anonymously](https://view.matrix.org/room/!NPRUEisLjcaMtHIzDr:kamax.io/).
 For more high-level discussion about the Identity Server architecture/API, go to 
 [#matrix-identity:matrix.org](https://matrix.to/#/#matrix-identity:matrix.org)
 ## Professional
 If you would prefer professional support/custom development for mxisd and/or for Matrix in general, including other open source technologies/products, 
--- a/application.example.yaml
+++ b/application.example.yaml
@@ -1,148 +1,383 @@
-server:
+# Sample configuration file explaining all possible options, their default value and if they are required or not.
 #
 # Any optional configuration item will be prefixed by # (comment character) with the configuration item following
 # directly without any whitespace character.
 # Default values for optional configuration item will also follow such item.
 #
 # Any mandatory configuration item will not be prefixed by # and will also contain a value as example that must be
 # changed. It is advised to re-create a clean config file with only the required configuration item.
-  # Indicate on which port the Identity Server will listen.
+#######################
-  #
+# Matrix config items #
-  # This is be default an unencrypted port.
+#######################
-  # HTTPS can be configured using Tomcat configuration properties.
+# Matrix domain, same as the domain configure in your Homeserver configuration.
-  port: 8090
+#
-
+# This is used to build the various identifiers for identity, auth and directory.
-  # Realm under which this Identity Server is authoritative, required.
+matrix.domain: ''
  #
  # This is used to avoid unnecessary connections and endless recursive lookup.
  # e.g. domain name in e-mails.
  name: 'example.org'
-key:
+#######################
 # Server config items #
 #######################
 # Indicate on which port the Identity Server will listen.
 #
 # This is be default an unencrypted port.
 # HTTPS can be configured using Tomcat configuration properties.
 #
 #server.port: 8090
-  # Absolute path for the Identity Server signing key, required.
+
-  # During testing, /var/tmp/mxisd.key is a possible value
+# Public hostname of this identity server.
-  #
+#
-  # For production, use a stable location like:
+# This would be typically be the same as your Matrix domain.
-  #   - /var/opt/mxisd/sign.key
+# In case it is not, set this value.
-  #   - /var/local/mxisd/sign.key
+#
-  #   - /var/lib/mxisd/sign.key
+# This value is used in various signatures within the Matrix protocol and should be a reachable hostname.
-  path: '%SIGNING_KEYS_PATH%'
+# You can validate by ensuring you see a JSON answer when calling (replace the domain):
 # https://example.org/_matrix/identity/status
 #
 #server.name: 'example.org'
 # Public URL to reach this identity server
 #
 # This is used with 3PID invites in room and other Homeserver key verification workflow.
 # If left unconfigured, it will be generated from the server name.
 #
 # You should typically set this value if you want to change the public port under which
 # this Identity server is reachable.
 #
 # %SERVER_NAME% placeholder is available to avoid configuration duplication.
 # e.g. 'https://%SERVER_NAME%:8443'
 #
 #server.publicUrl: 'https://example.org'
-# This element contains all the configuration item for lookup strategies
+#############################
-lookup:
+# Signing keys config items #
-
+#############################
-  # Configuration items for recursion-type of lookup
+# Absolute path for the Identity Server signing key.
-  #
+# During testing, /var/tmp/mxisd.key is a possible value
-  # Lookup access are divided into two types:
+#
-  # - Local
+# For production, use a stable location like:
-  # - Remote
+#   - /var/opt/mxisd/sign.key
-  #
+#   - /var/local/mxisd/sign.key
-  # This is similar to DNS lookup and recursion and is therefore prone to the same vulnerabilities.
+#   - /var/lib/mxisd/sign.key
-  # By default, only non-public hosts are allowed to perform recursive lookup.
+key.path: '/path/to/sign.key'
  #
  # This will also prevent very basic endless loops where host A ask host B, which in turn is configured to ask host A,
  # which would then ask host B again, etc.
  recursive:
    # Enable recursive lookup globally
    enabled: true
    # Whitelist of CIDR that will trigger a recursive lookup.
    # The default list includes all private IPv4 address and the IPv6 loopback.
    allowedCidr:
      - '127.0.0.0/8'
      - '10.0.0.0/8'
      - '172.16.0.0/12'
      - '192.168.0.0/16'
      - '::1/128'
    # In case no binding is found, query an application server which implements the single lookup end-point
    # to return bridge virtual user that would allow the user to be contacted directly by the said bridge.
    #
    # If a binding is returned, the application server is not expected to sign the message as it is not meant to be
    # reachable from the outside.
    # If a signature is provided, it will be discarded/replaced by this IS implementation (to be implemented).
    #
    # IMPORTANT: This bypass the regular Invite system of the Homeserver. It will be up to the Application Server
    # to handle such invite. Also, if the bridged user were to actually join Matrix later, or if a 3PID binding is found
    # room rights and history would not be transferred, as it would appear as a regular Matrix user to the Homeserver.
    #
    # This configuration is only helpful for Application Services that want to overwrite bridging for 3PID that are
    # handled by the Homeserver. Do not enable unless the Application Server specifically supports it!
    bridge:
      # Enable unknown 3PID bridging globally
      enabled: false
      # Enable unknown 3PID bridging for hosts that are allowed to perform recursive lookups.
      # Leaving this setting to true is highly recommended in a standard setup, unless this Identity Server
      # is meant to always return a virtual user MXID even for the outside world.
      recursiveOnly: true
      # This mechanism can handle the following scenarios:
      #
      # - Single Application Server for all 3PID types: only configure the server value, comment out the rest.
      #
      # - Specific Application Server for some 3PID types, default server for the rest: configure the server value and
      #          each specific 3PID type.
      #
      # - Only specific 3PID types: do not configure the server value or leave it empty/blank, configure each specific
      #          3PID type.
      # Default application server to use for all 3PID types. Remove config item or leave empty/blank to disable.
      server: ''
      # Configure each 3PID type with a specific application server. Remove config item or leave empty/blank to disable.
      mappings:
        email: 'http://localhost:8091'
        msisdn: ''
-ldap:
+#################################
-  enabled: false
+# Recurisve lookup config items #
-  tls: false
+#################################
-  host: 'localhost'
+# Configuration items for recursion-type of lookup
-  port: 389
+#
-  bindDn: 'CN=Matrix Identity Server,CN=Users,DC=example,DC=org'
+# Lookup access are divided into two types:
-  bindPassword: 'password'
+# - Local
-  baseDn: 'CN=Users,DC=example,DC=org'
+# - Remote
 #
 # This is similar to DNS lookup and recursion and is therefore prone to the same vulnerabilities.
 # By default, only non-public hosts are allowed to perform recursive lookup.
 #
 # This will also prevent very basic endless loops where host A ask host B, which in turn is configured to ask host A,
 # which would then ask host B again, etc.
-  # How should we resolve the Matrix ID in case of a match using the attribute.
+# Enable recursive lookup globally
-  #
+#
-  # The following type are supported:
+#lookup.recursive.enabled: true
  # - uid : the attribute only contains the UID part of the Matrix ID. e.g. 'john.doe' in @john.doe:example.org
  # - mxid : the attribute contains the full Matrix ID - e.g. '@john.doe:example.org'
  type: 'uid'
  # The attribute containing the binding itself. This value will be used differently depending on the type.
  #
  # /!\ This should match the synapse LDAP Authenticator 'uid' configuration /!\
  #
  # Typical values:
  # - For type 'uid': 'userPrincipalName' or 'uid' or 'saMAccountName'
  # - For type 'mxid', regardless of the directory type, we recommend using 'pager' as it is a standard attribute and
  #   is typically not used.
  attribute: 'userPrincipalName'
-  # Configure each 3PID type with a dedicated query.
+# Whitelist of CIDR that will trigger a recursive lookup.
-  mappings:
+# The default list includes all private IPv4 address and the IPv6 loopback.
-    email: "(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))"
+#
 #lookup.recursive.allowedCidr:
 #  - '127.0.0.0/8'
 #  - '10.0.0.0/8'
 #  - '172.16.0.0/12'
 #  - '192.168.0.0/16'
 #  - '::1/128'
-    # Phone numbers query.
+
-    #
+# In case no binding is found, query an application server which implements the single lookup end-point
-    # Phone numbers use the MSISDN format: https://en.wikipedia.org/wiki/MSISDN
+# to return bridge virtual user that would allow the user to be contacted directly by the said bridge.
-    # This format does not include international prefix (+ or 00) and therefore has to be put in the query.
+#
-    # Adapt this to your needs for each attribute.
+# If a binding is returned, the application server is not expected to sign the message as it is not meant to be
-    msisdn: "(|(telephoneNumber=+%3pid)(mobile=+%3pid)(homePhone=+%3pid)(otherTelephone=+%3pid)(otherMobile=+%3pid)(otherHomePhone=+%3pid))"
+# reachable from the outside.
 # If a signature is provided, it will be discarded/replaced by this IS implementation (to be implemented).
 #
 # IMPORTANT: This bypass the regular Invite system of the Homeserver. It will be up to the Application Server
 # to handle such invite. Also, if the bridged user were to actually join Matrix later, or if a 3PID binding is found
 # room rights and history would not be transferred, as it would appear as a regular Matrix user to the Homeserver.
 #
 # This configuration is only helpful for Application Services that want to overwrite bridging for 3PID that are
 # handled by the Homeserver. Do not enable unless the Application Server specifically supports it!
 # Enable unknown 3PID bridging globally
 #
 #lookup.recursive.bridge.enabled: false
 # Enable unknown 3PID bridging for hosts that are allowed to perform recursive lookups.
 # Leaving this setting to true is highly recommended in a standard setup, unless this Identity Server
 # is meant to always return a virtual user MXID even for the outside world.
 #
 #lookup.recursive.bridge.recursiveOnly: true
 # This mechanism can handle the following scenarios:
 #
 # - Single Application Server for all 3PID types: only configure the server value, comment out the rest.
 #
 # - Specific Application Server for some 3PID types, default server for the rest: configure the server value and
 #          each specific 3PID type.
 #
 # - Only specific 3PID types: do not configure the server value or leave it empty/blank, configure each specific
 #          3PID type.
 # Default application server to use for all 3PID types. Remove config item or leave empty/blank to disable.
 #
 #lookup.recursive.bridge.server: ''
 # Configure each 3PID type with a specific application server. Remove config item or leave empty/blank to disable.
 #
 #lookup.recursive.bridge.mappings.email: 'http://localhost:8091'
 #lookup.recursive.bridge.mappings.msisdn: ''
-forward:
+#####################
 # LDAP config items #
 #####################
 # Global enable/disable switch
 #
 #ldap.enabled: false
-  # List of forwarders to use to try to match a 3PID.
+
-  #
+#### Connection related config items
-  # Each server will be tried in the given order, going to the next if no binding was found or an error occurred.
+# If the connection should be secure
-  # These are the current root Identity Servers of the Matrix network.
+#
-  servers:
+#ldap.connection.tls: false
-    - "https://matrix.org"
+
-    - "https://vector.im"
+
 # Host to connect to
 #
 #ldap.connection.host: 'localhost'
 # Port to connect to
 #
 #ldap.connection.port: 389
 # Bind DN for the connection.
 #
 # If Bind DN and password are empty, anonymous authentication is performed
 #
 #ldap.connection.bindDn: 'CN=Matrix Identity Server,CN=Users,DC=example,DC=org'
 # Bind password for the connection.
 #
 #ldap.connection.bindPassword: 'password'
 # Base DN used in all queries
 #
 #ldap.connection.baseDn: 'CN=Users,DC=example,DC=org'
 #### How to map Matrix attributes with LDAP attributes when performing lookup/auth
 #
 # How should we resolve the Matrix ID in case of a match using the attribute.
 #
 # The following type are supported:
 # - uid : the attribute only contains the UID part of the Matrix ID. e.g. 'john.doe' in @john.doe:example.org
 # - mxid : the attribute contains the full Matrix ID - e.g. '@john.doe:example.org'
 #
 #ldap.attribute.uid.type: 'uid'
 # The attribute containing the binding itself. This value will be used differently depending on the type.
 #
 # /!\ This should match the synapse LDAP Authenticator 'uid' configuration /!\
 #
 # Typical values:
 # - For type 'uid': 'userPrincipalName' or 'uid' or 'saMAccountName'
 # - For type 'mxid', regardless of the directory type, we recommend using 'pager' as it is a standard attribute and
 #   is typically not used.
 #
 #ldap.attribute.uid.value: 'userPrincipalName'
 # The display name of the user
 #
 #ldap.attribute.name: 'displayName'
 #### Configuration section relating the authentication of users performed via LDAP.
 #
 # This can be done using the REST Auth module for synapse and pointing it to the identity server.
 # See https://github.com/kamax-io/matrix-synapse-rest-auth
 #
 # During authentication, What to filter potential users by, typically by using a dedicated group.
 # If this value is not set, login check will be performed for all entities within the LDAP
 #
 # Example: (memberOf=CN=Matrix Users,CN=Users,DC=example,DC=org)
 #
 #ldap.auth.filter: ''
 #### Configuration section relating to identity lookups
 #
 # E-mail query
 #
 #ldap.identity.medium.email: "(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))"
 # Phone numbers query
 #
 # Phone numbers use the MSISDN format: https://en.wikipedia.org/wiki/MSISDN
 # This format does not include international prefix (+ or 00) and therefore has to be put in the query.
 # Adapt this to your needs for each attribute.
 #
 #ldap.identity.medium.msisdn: "(|(telephoneNumber=+%3pid)(mobile=+%3pid)(homePhone=+%3pid)(otherTelephone=+%3pid)(otherMobile=+%3pid)(otherHomePhone=+%3pid))"
 ############################
 # SQL Provider config item #
 ############################
 #
 # Example configuration to integrate with synapse SQLite DB (default configuration)
 #
 #sql.enabled: true
 #sql.type: 'sqlite'
 #sql.connection: '/var/lib/matrix-synapse/homeserver.db'
 #
 # Example configuration to integrate with synapse PostgreSQL DB
 #sql.enabled: true
 #sql.type: 'postgresql'
 #sql.connection: '//dnsOrIpToServer/dbName?user=synapseDbUser&password=synapseDbPassword'
 #
 # Configuration for an arbitrary server with arbitrary driver
 #
 # sql.identity.type possible values:
 # - uid       Returned value is the localpart of the Matrix ID
 # - mxid      Full Matrix ID, including domain
 #
 # sql.identity.query MUST contain a column with label 'uid'
 #
 # If you would like to overwrite the global lookup query for specific medium type,
 # add a config item (see below for example) in the following format
 # sql.identity.medium.theMediumIdYouWant: 'the query'
 #sql.enabled: true
 #sql.type: 'jdbcDriverName'
 #sql.connection: '//dnsOrIpToServer/dbName?user=synapseDbUser&password=synapseDbPassword'
 #sql.identity.type: 'mxid'
 #sql.identity.query: 'SELECT raw AS uid FROM table WHERE medium = ? AND address = ?'
 #sql.identity.medium.email: 'SELECT raw AS uid FROM emailTable WHERE address = ?'
 #######################################
 # Lookup queries forward config items #
 #######################################
 # List of forwarders to use to try to match a 3PID.
 #
 # Each server will be tried in the given order, going to the next if no binding was found or an error occurred.
 # These are the current root Identity Servers of the Matrix network.
 #
 #forward.servers:
 #  - "https://matrix.org"
 #  - "https://vector.im"
 ###################################
 # 3PID notifications config items #
 ###################################
 # If you would like to change the content, see https://github.com/kamax-io/mxisd/blob/master/docs/threepids/notifications/template-generator.md
 #
 #### E-mail invite sender
 #
 # SMTP host
 threepid.medium.email.connectors.smtp.host: "smtp.example.org"
 # SMTP port
 threepid.medium.email.connectors.smtp.port: 587
 # TLS mode for the connection.
 #
 # Possible values:
 #  0    Disable TLS entirely
 #  1    Enable TLS if supported by server
 #  2    Force TLS and fail if not available
 #
 #threepid.medium.email.connectors.smtp.tls: 1
 # Login for SMTP
 threepid.medium.email.connectors.smtp.login: "matrix-identity@example.org"
 # Password for the account
 threepid.medium.email.connectors.smtp.password: "ThePassword"
 # The e-mail to send as. If empty, will be the same as login
 threepid.medium.email.identity.from: "matrix-identity@example.org"
 ############################
 # Persistence config items #
 ############################
 # Configure the storage backend, usually a DB
 # Possible built-in values:
 #   sqlite                      SQLite backend, default
 #
 #storage.backend: 'sqlite'
 #### Generic SQLite provider config
 #
 # Path to the SQLite DB file, required if SQLite backend is chosen
 #
 # Examples:
 #  - /var/opt/mxisd/mxisd.db
 #  - /var/local/mxisd/mxisd.db
 #  - /var/lib/mxisd/mxisd.db
 #
 storage.provider.sqlite.database: '/path/to/mxisd.db'
 ######################
 # DNS-related config #
 ######################
 # The domain to overwrite
 #
 #dns.overwrite.homeserver.name: 'example.org'
 # - 'env' from environment variable specified by value
 # - any other value will use the value as-is as host
 #
 #dns.overwrite.homeserver.type: 'raw'
 # The value to use, depending on the type.
 # Protocol will always be HTTPS
 #
 #dns.overwrite.homeserver.value: 'localhost:8448'
--- a/build.gradle
+++ b/build.gradle
@@ -1,5 +1,3 @@
 import java.util.regex.Pattern
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
@@ -20,7 +18,9 @@ import java.util.regex.Pattern
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-apply plugin: 'groovy'
+import java.util.regex.Pattern
 apply plugin: 'java'
 apply plugin: 'org.springframework.boot'
 def confFileName = "application.example.yaml"
@@ -40,11 +40,14 @@ def debBuildConfPath = "${debBuildBasePath}${debConfPath}"
 def debBuildDataPath = "${debBuildBasePath}${debDataPath}"
 def debBuildSystemdPath = "${debBuildBasePath}${debSystemdPath}"
 def dockerImageName = "kamax/mxisd"
 def dockerImageTag = "${dockerImageName}:${gitVersion()}"
 String gitVersion() {
    def versionPattern = Pattern.compile("v(\\d+\\.)?(\\d+\\.)?(\\d+)(-.*)?")
    ByteArrayOutputStream out = new ByteArrayOutputStream()
    exec {
-        commandLine = [ 'git', 'describe', '--always', '--dirty' ]
+        commandLine = ['git', 'describe', '--always', '--dirty']
        standardOutput = out
    }
    def v = out.toString().replace(System.lineSeparator(), '')
@@ -62,24 +65,28 @@ buildscript {
 }
 repositories {
    maven { url "https://kamax.io/maven/releases/" }
    mavenCentral()
 }
 dependencies {
    // We are a groovy project
    compile 'org.codehaus.groovy:groovy-all:2.4.7'
    // Easy file management
    compile 'commons-io:commons-io:2.5'
    // Spring Boot - standalone app
    compile 'org.springframework.boot:spring-boot-starter-web:1.5.3.RELEASE'
    // Thymeleaf for HTML templates
    compile "org.springframework.boot:spring-boot-starter-thymeleaf:1.5.3.RELEASE"
    // Matrix Java SDK
    compile 'io.kamax:matrix-java-sdk:0.0.2'
    // ed25519 handling
    compile 'net.i2p.crypto:eddsa:0.1.0'
    // LDAP connector
-    compile 'org.apache.directory.api:api-all:1.0.0-RC2'
+    compile 'org.apache.directory.api:api-all:1.0.0'
    // DNS lookups
    compile 'dnsjava:dnsjava:2.1.8'
@@ -93,7 +100,27 @@ dependencies {
    // Phone numbers validation
    compile 'com.googlecode.libphonenumber:libphonenumber:8.7.1'
    // E-mail sending
    compile 'com.sun.mail:javax.mail:1.5.6'
    compile 'javax.mail:javax.mail-api:1.5.6'
    // Google Firebase Authentication backend
    compile 'com.google.firebase:firebase-admin:5.3.0'
    // ORMLite
    compile 'com.j256.ormlite:ormlite-jdbc:5.0'
    // SQLite
    compile 'org.xerial:sqlite-jdbc:3.20.0'
    // PostgreSQL
    compile 'org.postgresql:postgresql:42.1.4'
    // Twilio SDK for SMS
    compile 'com.twilio.sdk:twilio:7.14.5'
    testCompile 'junit:junit:4.12'
    testCompile 'com.github.tomakehurst:wiremock:2.8.0'
 }
 springBoot {
@@ -104,6 +131,17 @@ springBoot {
    ]
 }
 processResources {
    doLast {
        copy {
            from('build/resources/main/application.yaml') {
                rename 'application.yaml', 'mxisd.yaml'
            }
            into 'build/resources/main'
        }
    }
 }
 task buildDeb(dependsOn: build) {
    doLast {
        def v = gitVersion()
@@ -133,10 +171,16 @@ task buildDeb(dependsOn: build) {
            into debBuildConfPath
        }
-        ant.replace(
+        ant.replaceregexp(
                file: "${debBuildConfPath}/${debConfFileName}",
-            token: '%SIGNING_KEYS_PATH%',
+                match: "key.path:(.*)",
-            value: "${debDataPath}/signing.key"
+                replace: "key.path: '${debDataPath}/signing.key'"
        )
        ant.replaceregexp(
                file: "${debBuildConfPath}/${debConfFileName}",
                match: "storage.provider.sqlite.database:(.*)",
                replace: "storage.provider.sqlite.database: '${debDataPath}/mxisd.db'"
        )
        copy {
@@ -182,3 +226,23 @@ task buildDeb(dependsOn: build) {
        }
    }
 }
 task dockerBuild(type: Exec, dependsOn: build) {
    commandLine 'docker', 'build', '-t', dockerImageTag, project.rootDir
    doLast {
        exec {
            commandLine 'docker', 'tag', dockerImageTag, "${dockerImageName}:latest-dev"
        }
    }
 }
 task dockerPush(type: Exec) {
    commandLine 'docker', 'push', dockerImageTag
    doLast {
        exec {
            commandLine 'docker', 'push', "${dockerImageName}:latest-dev"
        }
    }
 }
--- a/docs/backends/rest.md
+++ b/docs/backends/rest.md
@@ -0,0 +1,178 @@
 # REST backend
 The REST backend allows you to query identity data in existing webapps, like:
 - Forums (phpBB, Discourse, etc.)
 - Custom Identity stores (Keycloak, ...)
 - CRMs (Wordpress, ...)
 - self-hosted clouds (Nextcloud, ownCloud, ...)
 It supports the following mxisd flows:
 - Identity lookup
 - Authentication
 To integrate this backend with your webapp, you will need to implement three specific REST endpoints detailed below.
 ## Configuration
 | Key                            | Default                               | Description                                          |
 ---------------------------------|---------------------------------------|------------------------------------------------------|
 | rest.enabled                   | false                                 | Globally enable/disable the REST backend             |
 | rest.host                      | *empty*                               | Default base URL to use for the different endpoints. |
 | rest.endpoints.auth            | /_mxisd/identity/api/v1/auth          | Endpoint to validate credentials                     |
 | rest.endpoints.identity.single | /_mxisd/identity/api/v1/lookup/single | Endpoint to query a single 3PID                      |
 | rest.endpoints.identity.bulk   | /_mxisd/identity/api/v1/lookup/bulk   | Endpoint to query a list of 3PID                     |
 Endpoint values can handle two formats:
 - URL Path starting with `/` that gets happened to the `rest.host`
 - Full URL, if you want each endpoint to go to a specific server/protocol/port
 `rest.host` is only mandatory if at least one endpoint is not a full URL.
 ## Endpoints
 ### Authenticate
 Configured with `rest.endpoints.auth`
 HTTP method: `POST`  
 Encoding: JSON UTF-8
 #### Request Body
 ```
 {
  "auth": {
    "mxid": "@john.doe:example.org",
    "localpart": "john.doe",
    "domain": "example.org",
    "password": "passwordOfTheUser"
  }
 }
 ```
 #### Response Body
 If the authentication fails:
 ```
 {
  "auth": {
    "success": false
  }
 }
 ```
 If the authentication succeed:
 - `auth.id` supported values: `localpart`, `mxid`
 - `auth.profile` and any sub-member are all optional
 ```
 {
  "auth": {
    "success": true,
    "id": {
      "type": "localpart",
      "value": "john"
    },
    "profile": {
      "display_name": "John Doe",
      "three_pids": [
        {
          "medium": "email",
          "address": "john.doe@example.org"
        },
        {
          "medium": "msisdn",
          "address": "123456789"
        }
      ]
    }
  }
 }
 ```
 ### Lookup
 #### Single
 Configured with `rest.endpoints.identity.single`
 HTTP method: `POST`  
 Encoding: JSON UTF-8  
 #### Request Body
 ```
 {
  "lookup": {
    "medium": "email",
    "address": "john.doe@example.org"
  }
 }
 ```
 #### Response Body
 If a match was found:
 - `lookup.id.type` supported values: `localpart`, `mxid`
 ```
 {
  "lookup": {
    "medium": "email",
    "address": "john.doe@example.org",
    "id": {
      "type": "mxid",
      "value": "@john:example.org"
    }
  }
 }
 ```
 If no match was found:
 ```
 {}
 ```
 #### Bulk
 Configured with `rest.endpoints.identity.bulk`
 HTTP method: `POST`  
 Encoding: JSON UTF-8  
 #### Request Body
 ```
 {
  "lookup": [
    {
      "medium": "email",
      "address": "john.doe@example.org"
    },
    {
      "medium": "msisdn",
      "address": "123456789"
    }
  ]
 }
 ```
 #### Response Body
 For all entries where a match was found:
 - `lookup[].id.type` supported values: `localpart`, `mxid`
 ```
 {
  "lookup": [
    {
      "medium": "email",
      "address": "john.doe@example.org",
      "id": {
        "type": "localpart",
        "value": "john"
      }
    },
    {
      "medium": "msisdn",
      "address": "123456789",
      "id": {
        "type": "mxid",
        "value": "@jane:example.org"
      }
    }
  ]
 }
 ```
 If no match was found:
 ```
 {
  "lookup": []
 }
 ```
--- a/docs/sessions/3pid-views.md
+++ b/docs/sessions/3pid-views.md
@@ -0,0 +1,82 @@
 # Web pages for the 3PID session processes
 You can customize the various pages used during a 3PID validation using [Thymeleaf templates](http://www.thymeleaf.org/).
 ## Configuration
 ```
 view:
  session:
    local:
      onTokenSubmit:
        success: '/path/to/session/local/tokenSubmitSuccess-page.html'
        failure: '/path/to/session/local/tokenSubmitFailure-page.html'
    localRemote:
      onTokenSubmit:
        success: '/path/to/session/localRemote/tokenSubmitSuccess-page.html'
        failure: '/path/to/session/local/tokenSubmitFailure-page.html'
    remote:
      onRequest:
        success: '/path/to/session/remote/requestSuccess-page.html'
        failure: '/path/to/session/remote/requestFailure-page.html'
      onCheck:
        success: '/path/to/session/remote/checkSuccess-page.html'
        failure: '/path/to/session/remote/checkFailure-page.html'
 ```
 3PID session are divided into three config sections:
 - `local` for local-only 3PID sessions
 - `localRemote` for local 3PID sessions that can also be turned into remote sessions, if the user so desires
 - `remote` for remote-only 3PID sessions
 Each section contains a sub-key per support event. Finally, a `success` and `failure` key is available depending on the
 outcome of the request.
 ## Local
 ### onTokenSubmit
 This is triggered when a user submit a validation token for a 3PID session. It is typically visited when clicking the
 link in a validation email.
 The template should typically inform the user that the validation was successful and to go back in their Matrix client
 to finish the validation process.
 #### Placeholders
 No object/placeholder are currently available.
 ## Local & Remote
 ### onTokenSubmit
 This is triggered when a user submit a validation token for a 3PID session. It is typically visited when clicking the
 link in a validation email.
 The template should typically inform the user that their 3PID address will not yet be publicly/globally usable. In case
 they want to make it, they should start a Remote 3PID session with a given link or that they can go back to their Matrix
 client if they do not wish to proceed any further.
 #### Placeholders
 ##### Success
 `<a th:href="${remoteSessionLink}">text</a>` can be used to display the link to start a Remote 3PID session.
 ##### Failure
 No object/placeholder are currently available.
 ## Remote
 ### onRequest
 This is triggered when a user starts a Remote 3PID session, usually from a link produced in the `local.onTokenSubmit`
 view or in a remote-only 3PID notification.
 The template should typically inform the user that the remote creation was successful, followed the instructions sent by
 the remote Identity server and, once that is done, click a link to validate the session.
 #### Placeholders
 ##### Success
 `<a th:href="${checkLink}">text</a>` can be used to display the link to validate the Remote 3PID session.
 ##### Failure
 No object/placeholder are currently available.
 ### onCheck
 This is triggered when a user attempts to inform the Identity server that the Remote 3PID session has been validated
 with the remote Identity server.
 The template should typically inform the user that the validation was successful and to go back in their Matrix client
 to finish the validation process.
 #### Placeholders
 No object/placeholder are currently available.
--- a/docs/sessions/3pid.md
+++ b/docs/sessions/3pid.md
@@ -0,0 +1,338 @@
 # 3PID Sessions
 - [Overview](#overview)
 - [Purpose](#purpose)
 - [Federation](#federation)
  - [3PID scope](#3pid-scope)
  - [Session scope](#session-scope)
 - [Notifications](#notifications)
  - [Email](#email)
  - [Phone numbers](#msisdn-phone-numbers)
 - [Usage](#usage)
  - [Configuration](#configuration)
  - [Web views](#web-views)
  - [Scenarios](#scenarios)
    - [Default](#default)
    - [Local sessions only](#local-sessions-only)
    - [Remote sessions only](#remote-sessions-only)
    - [Sessions disabled](#sessions-disabled)
 ## Overview
 When adding an email, a phone number or any other kind of 3PID (Third-Party Identifier), 
 the identity server is called to validate the 3PID.
 Once this 3PID is validated, the Homeserver will publish the user Matrix ID on the Identity Server and
 add this 3PID to the Matrix account which initiated the request.
 ## Purpose
 This serves two purposes:
 - Add the 3PID as an administrative/login info for the Homeserver directly
 - Publish, or *Bind*, the 3PID so it can be queried from Homeservers and clients when inviting someone in a room
 by a 3PID, allowing it to be resolved to a Matrix ID.
 ## Federation
 Federation is based on the principle that one can get a domain name and serve services and information within that
 domain namespace in a way which can be discovered following a specific protocol or specification.
 In the Matrix eco-system, some 3PID can be federated (e.g. emails) while some others cannot (phone numbers).
 Also, Matrix users might add 3PIDs that would not point to the Identity server that actually holds the 3PID binding.  
 Example: a user from Homeserver `example.org` adds an email `john@gmail.com`.  
 If a federated lookup was performed, Identity servers would try to find the 3PID bind at the `gmail.com` server, and
 not `example.org`.
 To allow global publishing of 3PID bindings to be found anywhere within the current protocol specification, one would
 perform a *Remote session* and *Remote bind*, effectively starting a new 3PID session with another Identity server on
 behalf of the user.  
 To ensure lookup works consistency within the current Matrix network, the central Matrix.org Identity Server should be
 used to store *remote* sessions and binds.
 On the flip side, at the time of writing, the Matrix specification and the central Matrix.org servers do not allow to
 remote a 3PID bind. This means that once a 3PID is published (email, phone number, etc.), it cannot be easily remove
 and would require contacting the Matrix.org administrators for each bind individually.  
 This poses a privacy, control and security concern, especially for groups/corporations that want to keep a tight control
 on where such identifiers can be made publicly visible.
 To ensure full control, validation management rely on two concepts:
 - The scope of 3PID being validated
 - The scope of 3PID sessions that should be possible/offered
 ### 3PID scope
 3PID can either be scoped as local or remote.
 Local means that they can looked up using federation and that such federation call would end up on the local
 Identity Server.  
 Remote means that they cannot be lookup using federation or that a federation call would not end up on the local
 Identity Server.
 Email addresses can either be local or remote 3PID, depending on the domain. If the address is one from the configured
 domain in the Identity server, it will be scoped as local. If it is from another domain, it will be as remote.
 Phone number can only be scoped as remote, since there is currently no way to perform DNS queries that would lead back
 to the Identity server who validated the phone number.
 ### Session scope
 Sessions can be scoped as:
 - Local only - validate 3PIDs directly, do not allow the creation of 3PID sessions on a remote Identity server.
 - Local and Remote - validate 3PIDs directly, offer users to option to also validate and bind 3PID on another server.
 - Remote only - validate and bind 3PIDs on another server, no validation or bind done locally.
 ---
 **IMPORTANT NOTE:** mxisd does not store bindings directly. While a user can see its email, phone number or any other
 3PID in its settings/profile, it does **NOT** mean it is published anywhere and can be used to invite/search the user.
 Identity backends (LDAP, REST, SQL) are the ones holding such data.  
 If you still want added arbitrary 3PIDs to be discoverable on your local server, you will need to link mxisd to your
 synapse DB to make it an Identity backend.
 See the [Scenarios](#scenarios) for more info on how and why.
 ## Notifications
 3PIDs are validated by sending a pre-formatted message containing a token to that 3PID address, which must be given to the
 Identity server that received the request. This is usually done by means of a URL to visit for email or a short number
 received by SMS for phone numbers.
 mxisd use two components for this:
 - Generator which produces the message to be sent with the necessary information the user needs to validate their session.
 - Connector which actually send the notification (e.g. SMTP for email).
 Built-in generators and connectors for supported 3PID types:
 ### Email
 Generators:
 - [Template](../threepids/notifications/template-generator.md)
 Connectors:
 - [SMTP](../threepids/medium/email/smtp-connector.md)
 #### MSISDN (Phone numbers)
 Generators:
 - [Template](../threepids/notifications/template-generator.md)
 Connectors:
 - [Twilio](../threepids/medium/msisdn/twilio-connector.md) with SMS
 ## Usage
 ### Configuration
 The following example of configuration (incomplete extract) shows which items are relevant for 3PID sessions.
 **IMPORTANT:** Most configuration items shown have default values and should not be included in your own configuration
 file unless you want to specifically overwrite them.  
 Please refer to the full example config file to see which keys are mandatory and to be included in your configuration.
 ```
 matrix:
  identity:
    servers:
      configExample: # Not to be included in config! Already present in default config!
        - 'https://example.org'
 threepid:
  medium:
    email:
      connector: 'example1' # Not to be included in config! Already present in default config! 
      generator: 'example2' # Not to be included in config! Already present in default config!
      connectors:
        example1:
      generators:
        example1:
          key: "value"
        example2:
          key: "value"
 session:
  policy:
    validation:
      enabled: true
      forLocal:
        enabled: true
        toLocal: true
        toRemote:
          enabled: true
          server: 'configExample'  # Not to be included in config! Already present in default config!
      forRemote:
        enabled: true
        toLocal: false
        toRemote:
          enabled: true
          server: 'configExample'  # Not to be included in config! Already present in default config!
 ```
 `matrix.identity.servers` is the namespace to configure arbitrary list of Identity servers with a label as parent key.  
 In the above example, the list with label `configExample` contains a single server entry pointing to `https://example.org`.  
 **NOTE:** The server list is set to `root` by default and should typically NOT be included in your config.  
 Identity server entry can be of two format:
 - URL, bypassing any kind of domain and port discovery
 - Domain name as `string`, allowing federated discovery to take place.
 The label can be used in other places of the configuration, allowing you to only declare Identity servers once.
 ---
 `threepid.medium.<3PID>` is the namespace to configure 3PID specific items, not directly tied to any other component of
 mxisd.  
 In the above example, only `email` is defined as 3PID type.
 Each 3PID namespace comes with 4 configuration key allowing you to configure generators and connectors for notifications:
 - `connectors` is a configuration namespace to be used for any connector configuration. Child keys represent the unique
 ID for each connector.
 - `generators` is a configuration namespace to be used for any generator configuration. Child keys represent the unique
 ID for each generator.
 - `connector` is given the ID of the connector to be used at runtime.
 - `generator` is given the ID of the generator to be used at runtime.
 In the above example, emails notifications are generated by the `example2` module and sent with the `example1` module.  
 By default, `template` is used as generator and `smtp` as connector.
 ---
 `session.policy.validation` is the core configuration to control what users configured to use your Identity server
 are allowed to do in terms of 3PID sessions.
 The policy is divided contains a global on/off switch for 3PID sessions using `.enabled`  
 It is also divided into two sections: `forLocal` and `forRemote` which refers to the 3PID scopes.  
 Each scope is divided into three parts:
 - global on/off switch for 3PID sessions using `.enabled`
 - `toLocal` allowing or not local 3PID session validations
 - `toRemote` allowing or not remote 3PID session validations and to which server such sessions should be sent. 
 `.server` takes a Matrix Identity server list label. Only the first server in the list is currently used.
 If both `toLocal` and `toRemote` are enabled, the user will be offered to initiate a remote session once their 3PID
 locally validated.
 ### Web views
 Once a user click on a validation link, it is taken to the Identity Server validation page where the token is submited.  
 If the session or token is invalid, an error page is displayed.  
 Workflow pages are also available for the remote 3PID session process.
 See [the dedicated document](3pid-views.md)
 on how to configure/customize/brand those pages to your liking.
 ### Scenarios
 It is important to keep in mind that mxisd does not create bindings, irrelevant if a user added a 3PID to their profile.  
 Instead, when queried for bindings, mxisd will query Identity backends which are responsible to store this kind of information.
 This has the side effect that any 3PID added to a user profile which is NOT within a configured and enabled Identity backend
 will simply not be usable for search or invites, **even on the same Homeserver!**  
 mxisd does not store binds on purpose, as one of its primary goal is to ensure maximum compatibility with federation
 and the rest of the Matrix ecosystem is preserved.
 Nonetheless, because mxisd also aims at offering support for tight control over identity data, it is possible to have
 such 3PID bindings available for search and invite queries on the local Homeserver by using the `SQL` backend and
 configuring it to use the synapse database. Support for `SQLite` and `PostgreSQL` is available.
 See the [Local sessions only](#local-sessions-only) use case for more information on how to configure.
 #### Default
 By default, mxisd allows the following:
 |  | Local Session | Remote Session |
 |----------------|-------|--------|
 | **Local 3PID** | Yes | Yes, offered |
 | **Remote 3PID** | No, Remote forced | Yes |
 This is usually what people expect and will feel natural to users and does not involve further integration.
 This allows to stay in control for e-mail addresses which domain matches your Matrix environment, still making them
 discoverable with federation but not recorded in a 3rd party Identity server which is not under your control.  
 Users still get the possibility to publish globally their address if needed.
 Other e-mail addresses and phone number will be redirected to remote sessions to ensure full compatibility with the Matrix
 ecosystem and other federated servers.
 #### Local sessions only
 **NOTE:** This does not affect 3PID lookups (queries to find Matrix IDs) which will remain public due to limitation
 in the Matrix protocol.
 This configuration ensures maximum confidentiality and privacy.
 Typical use cases:
 - Private Homeserver, not federated
 - Internal Homeserver without direct Internet access
 - Custom product based on Matrix which does not federate
 No 3PID will be sent to a remote Identity server and all validation will be performed locally.  
 On the flip side, people with *Remote* 3PID scopes will not be found from other servers.
 Use the following values:
 ```
 session:
  policy:
    validation:
      enabled: true
      forLocal:
        enabled: true
        toLocal: true
        toRemote:
          enabled: false
      forRemote:
        enabled: true
        toLocal: true
        toRemote:
          enabled: false
 ```
 **IMPORTANT**: When using local-only mode, you will also need to link mxisd to synapse if you want user searches and invites to work.
 To do so, add/edit the following configuration keys:
 ```
 sql:
  enabled: true
  type: 'postgresql'
  connection: ''
 ```
 - `sql.enabled` set to `true` to activate the SQL backend.
 - `sql.type` can be set to `sqlite` or `postgresql`, depending on your synapse setup.
 - `sql.connection` use a JDBC format which is appened after the `jdbc:type:` connection URI.
 Example values for each type:
  - `sqlite`: `/path/to/homeserver.db`
  - `postgresql`: `//localhost/database?user=synapse&password=synapse`
 #### Remote sessions only
 This configuration ensures all 3PID are made public for maximum compatibility and reach within the Matrix ecosystem, at
 the cost of confidentiality and privacy.  
 Typical use cases:
 - Public Homeserver
 - Homeserver with registration enabled
 Use the following values:
 ```
 session:
  policy:
    validation:
      enabled: true
      forLocal:
        enabled: true
        toLocal: false
        toRemote:
          enabled: true
      forRemote:
        enabled: true
        toLocal: false
        toRemote:
          enabled: true
 ```
 #### Sessions disabled
 This configuration would disable 3PID session altogether, preventing users from adding emails and/or phone numbers to
 their profiles.  
 This would be used if mxisd is also performing authentication for the Homeserver, typically with synapse and the
 [REST Auth module](https://github.com/kamax-io/matrix-synapse-rest-auth).
 While this feature is not yet ready in the REST auth module, you would use this configuration mode to auto-populate 3PID
 at user login and prevent any further add.
 **This mode comes with several important restrictions:**
 - This does not prevent users from removing 3PID from their profile. They would be unable to add them back!
 - This prevents users from initiating remote session to make their 3PID binds globally visible
 It is therefore recommended to not fully disable sessions but instead restrict specific set of 3PID and Session scopes.
 Use the following values to enable this mode:
 ```
 session:
  policy:
    validation:
      enabled: false
 ```
--- a/docs/threepids/medium/email/smtp-connector.md
+++ b/docs/threepids/medium/email/smtp-connector.md
@@ -0,0 +1,19 @@
 # Email notifications - SMTP connector
 Connector ID: `smtp`
 Example configuration:
 ```
 threepid:
  medium:
    email:
      identity:
        from: 'identityServerEmail@example.org'
        name: 'My Identity Server'
      connectors:
        smtp:
          host: 'smtpHostname'
          port: 587
          tls: 1 # 0 = no STARTLS, 1 = try, 2 = force
          login: 'smtpLogin'
          password: 'smtpPassword'
 ```
--- a/docs/threepids/medium/msisdn/twilio-connector.md
+++ b/docs/threepids/medium/msisdn/twilio-connector.md
@@ -0,0 +1,15 @@
 # SMS notifications - Twilio connector
 Connector ID: `twilio`
 Example configuration:
 ```
 threepid:
  medium:
    msisdn:
      connectors:
        twilio:
          accountSid: 'myAccountSid'
          authToken: 'myAuthToken'
          number: '+123456789'
 ```
--- a/docs/threepids/notifications/template-generator.md
+++ b/docs/threepids/notifications/template-generator.md
@@ -0,0 +1,73 @@
 # Notifications: Generate from templates
 To create notification content, you can use the `template` generator if supported for the 3PID medium which will read
 content from configured files.
 Placeholders can be integrated into the templates to dynamically populate such content with relevant information like
 the 3PID that was requested, the domain of your Identity server, etc.
 Templates can be configured for each event that would send a notification to the end user. Events share a set of common
 placeholders and also have their own individual set of placeholders.
 ## Configuration
 To configure paths to the various templates:
 ```
 threepid:
  medium:
    <YOUR 3PID MEDIUM HERE>:
      generators:
        template:
          invite: '/path/to/invite-template.eml'
          session:
            validation:
              local: '/path/to/validate-local-template.eml'
              remote: 'path/to/validate-remote-template.eml'
 ```
 The `template` generator is usually the default, so no further configuration is needed.
 ##  Global placeholders
 | Placeholder           | Purpose                                                                      |
 |-----------------------|------------------------------------------------------------------------------|
 | `%DOMAIN%`            | Identity server authoritative domain, as configured in `matrix.domain`       |
 | `%DOMAIN_PRETTY%`     | Same as `%DOMAIN%` with the first letter upper case and all other lower case |
 | `%FROM_EMAIL%`        | Email address configured in `threepid.medium.<3PID medium>.identity.from`    |
 | `%FROM_NAME%`         | Name configured in `threepid.medium.<3PID medium>.identity.name`             |
 | `%RECIPIENT_MEDIUM%`  | The 3PID medium, like `email` or `msisdn`                                    |
 | `%RECIPIENT_ADDRESS%` | The address to which the notification is sent                                |
 ## Events
 ### Room invitation
 This template is used when someone is invited into a room using an email address which has no known bind to a Matrix ID.
 #### Placeholders
 | Placeholder           | Purpose                                                                                  |
 |-----------------------|------------------------------------------------------------------------------------------|
 | `%SENDER_ID%`         | Matrix ID of the user who made the invite                                                |
 | `%SENDER_NAME%`       | Display name of the user who made the invite, if not available/set, empty                |
 | `%SENDER_NAME_OR_ID%` | Display name of the user who made the invite. If not available/set, its Matrix ID        |
 | `%INVITE_MEDIUM%`     | The 3PID medium for the invite.                                                          |
 | `%INVITE_ADDRESS%`    | The 3PID address for the invite.                                                         |
 | `%ROOM_ID%`           | The Matrix ID of the Room in which the invite took place                                 |
 | `%ROOM_NAME%`         | The Name of the room in which the invite took place. If not available/set, empty         |
 | `%ROOM_NAME_OR_ID%`   | The Name of the room in which the invite took place. If not available/set, its Matrix ID |
 ### Local validation of 3PID Session
 This template is used when to user which added their 3PID address to their profile/settings and the session policy
 allows at least local sessions.  
 #### Placeholders
 | Placeholder          | Purpose                                                                              |
 |----------------------|--------------------------------------------------------------------------------------|
 | `%VALIDATION_LINK%`  | URL, including token, to validate the 3PID session.                                  |
 | `%VALIDATION_TOKEN%` | The token needed to validate the local session, in case the user cannot use the link |
 ### Remote validation of 3PID Session
 This template is used when to user which added their 3PID address to their profile/settings and the session policy only
 allows remote sessions.
 **NOTE:** 3PID session always require local validation of a token, even if a remote session is enforced.  
 One cannot bind a MXID to the session until both local and remote sessions have been validated.
 #### Placeholders
 | Placeholder          | Purpose                                                |
 |----------------------|--------------------------------------------------------|
 | `%VALIDATION_TOKEN%` | The token needed to validate the session               |
 | `%NEXT_URL%`         | URL to continue with remote validation of the session. |
--- a/media/mx-id-icon-reverse.png
+++ b/media/mx-id-icon-reverse.png
--- a/media/mx-id-icon.png
+++ b/media/mx-id-icon.png
--- a/src/main/groovy/io/kamax/mxisd/config/LdapConfig.groovy
+++ b/src/main/groovy/io/kamax/mxisd/config/LdapConfig.groovy
@@ -1,156 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config
 import org.apache.commons.lang.StringUtils
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Configuration
@Configuration
@ConfigurationProperties(prefix = "ldap")
 class LdapConfig implements InitializingBean {
    private Logger log = LoggerFactory.getLogger(LdapConfig.class)
    private boolean enabled
    private boolean tls
    private String host
    private int port
    private String baseDn
    private String type
    private String attribute
    private String bindDn
    private String bindPassword
    private Map<String, String> mappings
    boolean getEnabled() {
        return enabled
    }
    void setEnabled(boolean enabled) {
        this.enabled = enabled
    }
    boolean getTls() {
        return tls
    }
    void setTls(boolean tls) {
        this.tls = tls
    }
    String getHost() {
        return host
    }
    void setHost(String host) {
        this.host = host
    }
    int getPort() {
        return port
    }
    void setPort(int port) {
        this.port = port
    }
    String getBaseDn() {
        return baseDn
    }
    void setBaseDn(String baseDn) {
        this.baseDn = baseDn
    }
    String getType() {
        return type
    }
    void setType(String type) {
        this.type = type
    }
    String getAttribute() {
        return attribute
    }
    void setAttribute(String attribute) {
        this.attribute = attribute
    }
    String getBindDn() {
        return bindDn
    }
    void setBindDn(String bindDn) {
        this.bindDn = bindDn
    }
    String getBindPassword() {
        return bindPassword
    }
    void setBindPassword(String bindPassword) {
        this.bindPassword = bindPassword
    }
    Map<String, String> getMappings() {
        return mappings
    }
    void setMappings(Map<String, String> mappings) {
        this.mappings = mappings
    }
    Optional<String> getMapping(String type) {
        if (mappings == null) {
            return Optional.empty()
        }
        return Optional.ofNullable(mappings.get(type))
    }
    @Override
    void afterPropertiesSet() throws Exception {
        log.info("LDAP enabled: {}", getEnabled())
        if (!getEnabled()) {
            return
        }
        log.info("Matrix ID type: {}", getType())
        log.info("LDAP Host: {}", getHost())
        log.info("LDAP Bind DN: {}", getBindDn())
        log.info("LDAP Attribute: {}", getAttribute())
        if (StringUtils.isBlank(getHost())) {
            throw new IllegalStateException("LDAP Host must be configured!")
        }
        if (StringUtils.isBlank(getAttribute())) {
            throw new IllegalStateException("LDAP attribute must be configured!")
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/config/RecursiveLookupBridgeConfig.groovy
+++ b/src/main/groovy/io/kamax/mxisd/config/RecursiveLookupBridgeConfig.groovy
@@ -1,60 +0,0 @@
 package io.kamax.mxisd.config
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Configuration
@Configuration
@ConfigurationProperties(prefix = "lookup.recursive.bridge")
 class RecursiveLookupBridgeConfig implements InitializingBean {
    private Logger log = LoggerFactory.getLogger(RecursiveLookupBridgeConfig.class)
    private boolean enabled
    private boolean recursiveOnly
    private String server
    private Map<String, String> mappings
    boolean getEnabled() {
        return enabled
    }
    void setEnabled(boolean enabled) {
        this.enabled = enabled
    }
    boolean getRecursiveOnly() {
        return recursiveOnly
    }
    void setRecursiveOnly(boolean recursiveOnly) {
        this.recursiveOnly = recursiveOnly
    }
    String getServer() {
        return server
    }
    void setServer(String server) {
        this.server = server
    }
    Map<String, String> getMappings() {
        return mappings
    }
    void setMappings(Map<String, String> mappings) {
        this.mappings = mappings
    }
    @Override
    void afterPropertiesSet() throws Exception {
        log.info("Enabled: {}", getEnabled())
        log.info("Recursive only: {}", getRecursiveOnly())
        log.info("Server: {}", getServer())
        log.info("Mappings: {}", mappings.size())
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/KeyController.groovy
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/KeyController.groovy
@@ -1,71 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1
 import groovy.json.JsonOutput
 import io.kamax.mxisd.exception.BadRequestException
 import io.kamax.mxisd.exception.NotImplementedException
 import io.kamax.mxisd.key.KeyManager
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import javax.servlet.http.HttpServletRequest
 import static org.springframework.web.bind.annotation.RequestMethod.GET
@RestController
 class KeyController {
    private Logger log = LoggerFactory.getLogger(KeyController.class)
    @Autowired
    private KeyManager keyMgr
    @RequestMapping(value = "/_matrix/identity/api/v1/pubkey/{keyType}:{keyId}", method = GET)
    String getKey(@PathVariable String keyType, @PathVariable int keyId) {
        if (!"ed25519".contentEquals(keyType)) {
            throw new BadRequestException("Invalid algorithm: " + keyType)
        }
        return JsonOutput.toJson([
                public_key: keyMgr.getPublicKeyBase64(keyId)
        ])
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/pubkey/ephemeral/isvalid", method = GET)
    String checkEphemeralKeyValidity(HttpServletRequest request) {
        log.error("{} was requested but not implemented", request.getRequestURL())
        throw new NotImplementedException()
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/pubkey/isvalid", method = GET)
    String checkKeyValidity(HttpServletRequest request) {
        log.error("{} was requested but not implemented", request.getRequestURL())
        throw new NotImplementedException()
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/MappingController.groovy
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/MappingController.groovy
@@ -1,103 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1
 import groovy.json.JsonOutput
 import groovy.json.JsonSlurper
 import io.kamax.mxisd.lookup.BulkLookupRequest
 import io.kamax.mxisd.lookup.SingleLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import io.kamax.mxisd.lookup.strategy.LookupStrategy
 import io.kamax.mxisd.signature.SignatureManager
 import org.apache.commons.lang.StringUtils
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
 import javax.servlet.http.HttpServletRequest
 import static org.springframework.web.bind.annotation.RequestMethod.GET
 import static org.springframework.web.bind.annotation.RequestMethod.POST
@RestController
 class MappingController {
    private Logger log = LoggerFactory.getLogger(MappingController.class)
    private JsonSlurper json = new JsonSlurper()
    @Autowired
    private LookupStrategy strategy
    @Autowired
    private SignatureManager signMgr
    @RequestMapping(value = "/_matrix/identity/api/v1/lookup", method = GET)
    String lookup(HttpServletRequest request, @RequestParam String medium, @RequestParam String address) {
        String remote = StringUtils.defaultIfBlank(request.getHeader("X-FORWARDED-FOR"), request.getRemoteAddr())
        log.info("Got request from {}", remote)
        SingleLookupRequest lookupRequest = new SingleLookupRequest()
        lookupRequest.setRequester(remote)
        lookupRequest.setType(medium)
        lookupRequest.setThreePid(address)
        Optional<?> lookupOpt = strategy.find(lookupRequest)
        if (!lookupOpt.isPresent()) {
            log.info("No mapping was found, return empty JSON object")
            return JsonOutput.toJson([])
        }
        def lookup = lookupOpt.get()
        if (lookup['signatures'] == null) {
            log.info("lookup is not signed yet, we sign it")
            lookup['signatures'] = signMgr.signMessage(JsonOutput.toJson(lookup))
        }
        return JsonOutput.toJson(lookup)
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/bulk_lookup", method = POST)
    String bulkLookup(HttpServletRequest request) {
        String remote = StringUtils.defaultIfBlank(request.getHeader("X-FORWARDED-FOR"), request.getRemoteAddr())
        log.info("Got request from {}", remote)
        BulkLookupRequest lookupRequest = new BulkLookupRequest()
        lookupRequest.setRequester(remote)
        ClientBulkLookupRequest input = (ClientBulkLookupRequest) json.parseText(request.getInputStream().getText())
        List<ThreePidMapping> mappings = new ArrayList<>()
        for (List<String> mappingRaw : input.getThreepids()) {
            ThreePidMapping mapping = new ThreePidMapping()
            mapping.setMedium(mappingRaw.get(0))
            mapping.setValue(mappingRaw.get(1))
            mappings.add(mapping)
        }
        lookupRequest.setMappings(mappings)
        ClientBulkLookupAnswer answer = new ClientBulkLookupAnswer()
        answer.addAll(strategy.find(lookupRequest))
        return JsonOutput.toJson(answer)
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/SessionController.groovy
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/SessionController.groovy
@@ -1,154 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1
 import com.google.gson.Gson
 import com.google.gson.JsonObject
 import io.kamax.mxisd.controller.v1.io.SessionEmailTokenRequestJson
 import io.kamax.mxisd.controller.v1.io.SessionPhoneTokenRequestJson
 import io.kamax.mxisd.exception.BadRequestException
 import io.kamax.mxisd.lookup.ThreePid
 import io.kamax.mxisd.mapping.MappingManager
 import org.apache.commons.io.IOUtils
 import org.apache.commons.lang.StringUtils
 import org.apache.http.HttpStatus
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
 import java.nio.charset.StandardCharsets
@RestController
 class SessionController {
    @Autowired
    private MappingManager mgr
    private Gson gson = new Gson()
    private Logger log = LoggerFactory.getLogger(SessionController.class)
    private <T> T fromJson(HttpServletRequest req, Class<T> obj) {
        gson.fromJson(new InputStreamReader(req.getInputStream(), StandardCharsets.UTF_8), obj)
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/validate/{medium}/requestToken")
    String init(HttpServletRequest request, HttpServletResponse response, @PathVariable String medium) {
        log.info("Requested: {}", request.getRequestURL(), request.getQueryString())
        if (StringUtils.equals("email", medium)) {
            SessionEmailTokenRequestJson req = fromJson(request, SessionEmailTokenRequestJson.class)
            return gson.toJson(new Sid(mgr.create(req)))
        }
        if (StringUtils.equals("msisdn", medium)) {
            SessionPhoneTokenRequestJson req = fromJson(request, SessionPhoneTokenRequestJson.class)
            return gson.toJson(new Sid(mgr.create(req)))
        }
        JsonObject obj = new JsonObject();
        obj.addProperty("errcode", "M_INVALID_3PID_TYPE")
        obj.addProperty("error", medium + " is not supported as a 3PID type")
        response.setStatus(HttpStatus.SC_BAD_REQUEST)
        return gson.toJson(obj)
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/validate/{medium}/submitToken")
    String validate(HttpServletRequest request,
                    @RequestParam String sid,
                    @RequestParam("client_secret") String secret, @RequestParam String token) {
        log.info("Requested: {}?{}", request.getRequestURL(), request.getQueryString())
        mgr.validate(sid, secret, token)
        return "{}"
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/3pid/getValidated3pid")
    String check(HttpServletRequest request, HttpServletResponse response,
                 @RequestParam String sid, @RequestParam("client_secret") String secret) {
        log.info("Requested: {}?{}", request.getRequestURL(), request.getQueryString())
        Optional<ThreePid> result = mgr.getValidated(sid, secret)
        if (result.isPresent()) {
            log.info("requested session was validated")
            ThreePid pid = result.get()
            JsonObject obj = new JsonObject()
            obj.addProperty("medium", pid.getMedium())
            obj.addProperty("address", pid.getAddress())
            obj.addProperty("validated_at", pid.getValidation().toEpochMilli())
            return gson.toJson(obj);
        } else {
            log.info("requested session was not validated")
            JsonObject obj = new JsonObject()
            obj.addProperty("errcode", "M_SESSION_NOT_VALIDATED")
            obj.addProperty("error", "sid, secret or session not valid")
            response.setStatus(HttpStatus.SC_BAD_REQUEST)
            return gson.toJson(obj)
        }
    }
    @RequestMapping(value = "/_matrix/identity/api/v1/3pid/bind")
    String bind(HttpServletRequest request, HttpServletResponse response,
                @RequestParam String sid, @RequestParam("client_secret") String secret, @RequestParam String mxid) {
        String data = IOUtils.toString(request.getReader())
        log.info("Requested: {}", request.getRequestURL(), request.getQueryString())
        try {
            mgr.bind(sid, secret, mxid)
            return "{}"
        } catch (BadRequestException e) {
            log.info("requested session was not validated")
            JsonObject obj = new JsonObject()
            obj.addProperty("errcode", "M_SESSION_NOT_VALIDATED")
            obj.addProperty("error", e.getMessage())
            response.setStatus(HttpStatus.SC_BAD_REQUEST)
            return gson.toJson(obj)
        }
    }
    private class Sid {
        private String sid;
        public Sid(String sid) {
            setSid(sid);
        }
        String getSid() {
            return sid
        }
        void setSid(String sid) {
            this.sid = sid
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/io/GenericTokenRequestJson.java
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/io/GenericTokenRequestJson.java
@@ -1,23 +0,0 @@
 package io.kamax.mxisd.controller.v1.io;
 import io.kamax.mxisd.mapping.MappingSession;
 public abstract class GenericTokenRequestJson implements MappingSession {
    private String client_secret;
    private int send_attempt;
    private String id_server;
    public String getSecret() {
        return client_secret;
    }
    public int getAttempt() {
        return send_attempt;
    }
    public String getServer() {
        return id_server;
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/io/SessionEmailTokenRequestJson.java
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/io/SessionEmailTokenRequestJson.java
@@ -1,17 +0,0 @@
 package io.kamax.mxisd.controller.v1.io;
 public class SessionEmailTokenRequestJson extends GenericTokenRequestJson {
    private String email;
    @Override
    public String getMedium() {
        return "email";
    }
    @Override
    public String getValue() {
        return email;
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/key/KeyManager.groovy
+++ b/src/main/groovy/io/kamax/mxisd/key/KeyManager.groovy
@@ -1,106 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.key
 import io.kamax.mxisd.config.KeyConfig
 import net.i2p.crypto.eddsa.EdDSAEngine
 import net.i2p.crypto.eddsa.EdDSAPrivateKey
 import net.i2p.crypto.eddsa.EdDSAPublicKey
 import net.i2p.crypto.eddsa.KeyPairGenerator
 import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable
 import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec
 import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec
 import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec
 import org.apache.commons.io.FileUtils
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 import java.nio.charset.StandardCharsets
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
 import java.security.KeyPair
 import java.security.MessageDigest
 import java.security.PrivateKey
@Component
 class KeyManager implements InitializingBean {
    @Autowired
    private KeyConfig keyCfg
    private EdDSAParameterSpec keySpecs
    private EdDSAEngine signEngine
    private List<KeyPair> keys
    @Override
    void afterPropertiesSet() throws Exception {
        keySpecs = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.CURVE_ED25519_SHA512)
        signEngine = new EdDSAEngine(MessageDigest.getInstance(keySpecs.getHashAlgorithm()))
        keys = new ArrayList<>()
        Path privKey = Paths.get(keyCfg.getPath())
        if (!Files.exists(privKey)) {
            KeyPair pair = (new KeyPairGenerator()).generateKeyPair()
            String keyEncoded = Base64.getEncoder().encodeToString(pair.getPrivate().getEncoded())
            FileUtils.writeStringToFile(privKey.toFile(), keyEncoded, StandardCharsets.ISO_8859_1)
            keys.add(pair)
        } else {
            if (Files.isDirectory(privKey)) {
                throw new RuntimeException("Invalid path for private key: ${privKey.toString()}")
            }
            if (Files.isReadable(privKey)) {
                byte[] seed = Base64.getDecoder().decode(FileUtils.readFileToString(privKey.toFile(), StandardCharsets.ISO_8859_1))
                EdDSAPrivateKeySpec privKeySpec = new EdDSAPrivateKeySpec(seed, keySpecs)
                EdDSAPublicKeySpec pubKeySpec = new EdDSAPublicKeySpec(privKeySpec.getA(), keySpecs)
                keys.add(new KeyPair(new EdDSAPublicKey(pubKeySpec), new EdDSAPrivateKey(privKeySpec)))
            }
        }
    }
    int getCurrentIndex() {
        return 0
    }
    KeyPair getKeys(int index) {
        return keys.get(index)
    }
    PrivateKey getPrivateKey(int index) {
        return getKeys(index).getPrivate()
    }
    EdDSAPublicKey getPublicKey(int index) {
        return (EdDSAPublicKey) getKeys(index).getPublic()
    }
    EdDSAParameterSpec getSpecs() {
        return keySpecs
    }
    String getPublicKeyBase64(int index) {
        return Base64.getEncoder().encodeToString(getPublicKey(index).getAbyte())
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/ThreePid.java
+++ b/src/main/groovy/io/kamax/mxisd/lookup/ThreePid.java
@@ -1,29 +0,0 @@
 package io.kamax.mxisd.lookup;
 import java.time.Instant;
 public class ThreePid {
    private String medium;
    private String address;
    private Instant validation;
    public ThreePid(String medium, String address, Instant validation) {
        this.medium = medium;
        this.address = address;
        this.validation = validation;
    }
    public String getMedium() {
        return medium;
    }
    public String getAddress() {
        return address;
    }
    public Instant getValidation() {
        return validation;
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/provider/DnsLookupProvider.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/provider/DnsLookupProvider.groovy
@@ -1,230 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.lookup.provider
 import io.kamax.mxisd.config.ServerConfig
 import io.kamax.mxisd.lookup.SingleLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import io.kamax.mxisd.lookup.fetcher.IRemoteIdentityServerFetcher
 import org.apache.commons.lang.StringUtils
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 import org.xbill.DNS.Lookup
 import org.xbill.DNS.SRVRecord
 import org.xbill.DNS.Type
 import java.util.concurrent.ForkJoinPool
 import java.util.concurrent.RecursiveTask
 import java.util.function.Function
@Component
 class DnsLookupProvider implements IThreePidProvider {
    private Logger log = LoggerFactory.getLogger(DnsLookupProvider.class)
    @Autowired
    private ServerConfig srvCfg
    @Autowired
    private IRemoteIdentityServerFetcher fetcher
    @Override
    boolean isEnabled() {
        return true
    }
    @Override
    boolean isLocal() {
        return false
    }
    @Override
    int getPriority() {
        return 10
    }
    String getSrvRecordName(String domain) {
        return "_matrix-identity._tcp." + domain
    }
    Optional<String> getDomain(String email) {
        int atIndex = email.lastIndexOf("@")
        if (atIndex == -1) {
            return Optional.empty()
        }
        return Optional.of(email.substring(atIndex + 1))
    }
    // TODO use caching mechanism
    Optional<String> findIdentityServerForDomain(String domain) {
        if (StringUtils.equals(srvCfg.getName(), domain)) {
            log.info("We are authoritative for {}, no remote lookup", domain)
            return Optional.empty()
        }
        log.info("Performing SRV lookup")
        String lookupDns = getSrvRecordName(domain)
        log.info("Lookup name: {}", lookupDns)
        SRVRecord[] records = (SRVRecord[]) new Lookup(lookupDns, Type.SRV).run()
        if (records != null) {
            Arrays.sort(records, new Comparator<SRVRecord>() {
                @Override
                int compare(SRVRecord o1, SRVRecord o2) {
                    return Integer.compare(o1.getPriority(), o2.getPriority())
                }
            })
            for (SRVRecord record : records) {
                log.info("Found SRV record: {}", record.toString())
                String baseUrl = "https://${record.getTarget().toString(true)}:${record.getPort()}"
                if (fetcher.isUsable(baseUrl)) {
                    log.info("Found Identity Server for domain {} at {}", domain, baseUrl)
                    return Optional.of(baseUrl)
                } else {
                    log.info("{} is not a usable Identity Server", baseUrl)
                }
            }
        } else {
            log.info("No SRV record for {}", lookupDns)
        }
        log.info("Performing basic lookup using domain name {}", domain)
        String baseUrl = "https://" + domain
        if (fetcher.isUsable(baseUrl)) {
            log.info("Found Identity Server for domain {} at {}", domain, baseUrl)
            return Optional.of(baseUrl)
        } else {
            log.info("{} is not a usable Identity Server", baseUrl)
            return Optional.empty()
        }
    }
    @Override
    Optional<?> find(SingleLookupRequest request) {
        if (!StringUtils.equals("email", request.getType())) { // TODO use enum
            log.info("Skipping unsupported type {} for {}", request.getType(), request.getThreePid())
            return Optional.empty()
        }
        log.info("Performing DNS lookup for {}", request.getThreePid())
        String domain = request.getThreePid().substring(request.getThreePid().lastIndexOf("@") + 1)
        log.info("Domain name for {}: {}", request.getThreePid(), domain)
        Optional<String> baseUrl = findIdentityServerForDomain(domain)
        if (baseUrl.isPresent()) {
            return fetcher.find(baseUrl.get(), request.getType().toString(), request.getThreePid())
        }
        return Optional.empty()
    }
    @Override
    List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        Map<String, List<ThreePidMapping>> domains = new HashMap<>()
        for (ThreePidMapping mapping : mappings) {
            if (!StringUtils.equals("email", mapping.getMedium())) {
                log.info("Skipping unsupported type {} for {}", mapping.getMedium(), mapping.getValue())
                continue
            }
            Optional<String> domainOpt = getDomain(mapping.getValue())
            if (!domainOpt.isPresent()) {
                log.warn("No domain for 3PID {}", mapping.getValue())
                continue
            }
            String domain = domainOpt.get()
            List<ThreePidMapping> domainMappings = domains.computeIfAbsent(domain, new Function<String, List<ThreePidMapping>>() {
                @Override
                List<ThreePidMapping> apply(String s) {
                    return new ArrayList<>()
                }
            })
            domainMappings.add(mapping)
        }
        log.info("Looking mappings across {} domains", domains.keySet().size())
        ForkJoinPool pool = new ForkJoinPool()
        RecursiveTask<List<ThreePidMapping>> task = new RecursiveTask<List<ThreePidMapping>>() {
            @Override
            protected List<ThreePidMapping> compute() {
                List<ThreePidMapping> mappingsFound = new ArrayList<>()
                List<DomainBulkLookupTask> tasks = new ArrayList<>()
                for (String domain : domains.keySet()) {
                    DomainBulkLookupTask domainTask = new DomainBulkLookupTask(domain, domains.get(domain))
                    domainTask.fork()
                    tasks.add(domainTask)
                }
                for (DomainBulkLookupTask task : tasks) {
                    mappingsFound.addAll(task.join())
                }
                return mappingsFound
            }
        }
        pool.submit(task)
        pool.shutdown()
        List<ThreePidMapping> mappingsFound = task.join()
        log.info("Found {} mappings overall", mappingsFound.size())
        return mappingsFound
    }
    private class DomainBulkLookupTask extends RecursiveTask<List<ThreePidMapping>> {
        private String domain
        private List<ThreePidMapping> mappings
        DomainBulkLookupTask(String domain, List<ThreePidMapping> mappings) {
            this.domain = domain
            this.mappings = mappings
        }
        @Override
        protected List<ThreePidMapping> compute() {
            List<ThreePidMapping> domainMappings = new ArrayList<>()
            Optional<String> baseUrl = findIdentityServerForDomain(domain)
            if (!baseUrl.isPresent()) {
                log.info("No usable Identity server for domain {}", domain)
            } else {
                domainMappings.addAll(fetcher.find(baseUrl.get(), mappings))
                log.info("Found {} mappings in domain {}", domainMappings.size(), domain)
            }
            return domainMappings
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/provider/LdapProvider.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/provider/LdapProvider.groovy
@@ -1,172 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.lookup.provider
 import io.kamax.mxisd.config.LdapConfig
 import io.kamax.mxisd.config.ServerConfig
 import io.kamax.mxisd.lookup.SingleLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import org.apache.commons.lang.StringUtils
 import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException
 import org.apache.directory.api.ldap.model.cursor.EntryCursor
 import org.apache.directory.api.ldap.model.entry.Attribute
 import org.apache.directory.api.ldap.model.entry.Entry
 import org.apache.directory.api.ldap.model.message.SearchScope
 import org.apache.directory.ldap.client.api.LdapConnection
 import org.apache.directory.ldap.client.api.LdapNetworkConnection
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
@Component
 class LdapProvider implements IThreePidProvider {
    public static final String UID = "uid"
    public static final String MATRIX_ID = "mxid"
    private Logger log = LoggerFactory.getLogger(LdapProvider.class)
    @Autowired
    private ServerConfig srvCfg
    @Autowired
    private LdapConfig ldapCfg
    @Override
    boolean isEnabled() {
        return ldapCfg.getEnabled()
    }
    @Override
    boolean isLocal() {
        return true
    }
    @Override
    int getPriority() {
        return 20
    }
    Optional<String> lookup(LdapConnection conn, String medium, String value) {
        Optional<String> queryOpt = ldapCfg.getMapping(medium)
        if (!queryOpt.isPresent()) {
            log.warn("{} is not a configured 3PID type for LDAP lookup", medium)
            return Optional.empty()
        }
        String searchQuery = queryOpt.get().replaceAll("%3pid", value)
        EntryCursor cursor = conn.search(ldapCfg.getBaseDn(), searchQuery, SearchScope.SUBTREE, ldapCfg.getAttribute())
        try {
            while (cursor.next()) {
                Entry entry = cursor.get()
                log.info("Found possible match, DN: {}", entry.getDn().getName())
                Attribute attribute = entry.get(ldapCfg.getAttribute())
                if (attribute == null) {
                    log.info("DN {}: no attribute {}, skpping", entry.getDn(), ldapCfg.getAttribute())
                    continue
                }
                String data = attribute.get().toString()
                if (data.length() < 1) {
                    log.info("DN {}: empty attribute {}, skipping", ldapCfg.getAttribute())
                    continue
                }
                StringBuilder matrixId = new StringBuilder()
                // TODO Should we turn this block into a map of functions?
                if (StringUtils.equals(UID, ldapCfg.getType())) {
                    matrixId.append("@").append(data).append(":").append(srvCfg.getName())
                } else if (StringUtils.equals(MATRIX_ID, ldapCfg.getType())) {
                    matrixId.append(data)
                } else {
                    log.warn("Bind was found but type {} is not supported", ldapCfg.getType())
                    continue
                }
                log.info("DN {} is a valid match", entry.getDn().getName())
                return Optional.of(matrixId.toString())
            }
        } catch (CursorLdapReferralException e) {
            log.warn("3PID {} is only available via referral, skipping", value)
        } finally {
            cursor.close()
        }
        return Optional.empty()
    }
    @Override
    Optional<?> find(SingleLookupRequest request) {
        log.info("Performing LDAP lookup ${request.getThreePid()} of type ${request.getType()}")
        LdapConnection conn = new LdapNetworkConnection(ldapCfg.getHost(), ldapCfg.getPort(), ldapCfg.getTls())
        try {
            conn.bind(ldapCfg.getBindDn(), ldapCfg.getBindPassword())
            Optional<String> mxid = lookup(conn, request.getType(), request.getThreePid())
            if (mxid.isPresent()) {
                return Optional.of([
                        address   : request.getThreePid(),
                        medium    : request.getType(),
                        mxid      : mxid.get(),
                        not_before: 0,
                        not_after : 9223372036854775807,
                        ts        : 0
                ])
            }
        } finally {
            conn.close()
        }
        log.info("No match found")
        return Optional.empty()
    }
    @Override
    List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        log.info("Looking up {} mappings", mappings.size())
        List<ThreePidMapping> mappingsFound = new ArrayList<>()
        LdapConnection conn = new LdapNetworkConnection(ldapCfg.getHost(), ldapCfg.getPort())
        try {
            conn.bind(ldapCfg.getBindDn(), ldapCfg.getBindPassword())
            for (ThreePidMapping mapping : mappings) {
                try {
                    Optional<String> mxid = lookup(conn, mapping.getMedium(), mapping.getValue())
                    if (mxid.isPresent()) {
                        mapping.setMxid(mxid.get())
                        mappingsFound.add(mapping)
                    }
                } catch (IllegalArgumentException e) {
                    log.warn("{} is not a supported 3PID type for LDAP lookup", mapping.getMedium())
                }
            }
        } finally {
            conn.close()
        }
        return mappingsFound
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/provider/RemoteIdentityServerFetcher.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/provider/RemoteIdentityServerFetcher.groovy
@@ -1,153 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.lookup.provider
 import groovy.json.JsonException
 import groovy.json.JsonOutput
 import groovy.json.JsonSlurper
 import io.kamax.mxisd.controller.v1.ClientBulkLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import io.kamax.mxisd.lookup.fetcher.IRemoteIdentityServerFetcher
 import org.apache.http.HttpEntity
 import org.apache.http.HttpResponse
 import org.apache.http.client.HttpClient
 import org.apache.http.client.entity.EntityBuilder
 import org.apache.http.client.methods.HttpPost
 import org.apache.http.entity.ContentType
 import org.apache.http.impl.client.HttpClients
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.context.annotation.Lazy
 import org.springframework.context.annotation.Scope
 import org.springframework.stereotype.Component
@Component
@Scope("prototype")
@Lazy
 public class RemoteIdentityServerFetcher implements IRemoteIdentityServerFetcher {
    public static final String THREEPID_TEST_MEDIUM = "email"
    public static final String THREEPID_TEST_ADDRESS = "john.doe@example.org"
    private Logger log = LoggerFactory.getLogger(RemoteIdentityServerFetcher.class)
    private JsonSlurper json = new JsonSlurper()
    @Override
    boolean isUsable(String remote) {
        try {
            HttpURLConnection rootSrvConn = (HttpURLConnection) new URL(
                    "${remote}/_matrix/identity/api/v1/lookup?medium=${THREEPID_TEST_MEDIUM}&address=${THREEPID_TEST_ADDRESS}"
            ).openConnection()
            // TODO turn this into a configuration property
            rootSrvConn.setConnectTimeout(2000)
            if (rootSrvConn.getResponseCode() != 200) {
                return false
            }
            def output = json.parseText(rootSrvConn.getInputStream().getText())
            if (output['address']) {
                return false
            }
            return true
        } catch (IOException | JsonException e) {
            log.info("{} is not a usable Identity Server: {}", remote, e.getMessage())
            return false
        }
    }
    @Override
    Optional<?> find(String remote, String type, String threePid) {
        log.info("Looking up {} 3PID {} using {}", type, threePid, remote)
        HttpURLConnection rootSrvConn = (HttpURLConnection) new URL(
                "${remote}/_matrix/identity/api/v1/lookup?medium=${type}&address=${threePid}"
        ).openConnection()
        try {
            def output = json.parseText(rootSrvConn.getInputStream().getText())
            if (output['address']) {
                log.info("Found 3PID mapping: {}", output)
                return Optional.of(output)
            }
            log.info("Empty 3PID mapping from {}", remote)
            return Optional.empty()
        } catch (IOException e) {
            log.warn("Error looking up 3PID mapping {}: {}", threePid, e.getMessage())
            return Optional.empty()
        } catch (JsonException e) {
            log.warn("Invalid JSON answer from {}", remote)
            return Optional.empty()
        }
    }
    @Override
    List<ThreePidMapping> find(String remote, List<ThreePidMapping> mappings) {
        List<ThreePidMapping> mappingsFound = new ArrayList<>()
        ClientBulkLookupRequest mappingRequest = new ClientBulkLookupRequest()
        mappingRequest.setMappings(mappings)
        String url = "${remote}/_matrix/identity/api/v1/bulk_lookup"
        HttpClient client = HttpClients.createDefault()
        try {
            HttpPost request = new HttpPost(url)
            request.setEntity(
                    EntityBuilder.create()
                            .setText(JsonOutput.toJson(mappingRequest))
                            .setContentType(ContentType.APPLICATION_JSON)
                            .build()
            )
            HttpResponse response = client.execute(request)
            try {
                if (response.getStatusLine().getStatusCode() != 200) {
                    log.info("Could not perform lookup at {} due to HTTP return code: {}", url, response.getStatusLine().getStatusCode())
                    return mappingsFound
                }
                HttpEntity entity = response.getEntity()
                if (entity != null) {
                    ClientBulkLookupRequest input = (ClientBulkLookupRequest) json.parseText(entity.getContent().getText())
                    for (List<String> mappingRaw : input.getThreepids()) {
                        ThreePidMapping mapping = new ThreePidMapping()
                        mapping.setMedium(mappingRaw.get(0))
                        mapping.setValue(mappingRaw.get(1))
                        mapping.setMxid(mappingRaw.get(2))
                        mappingsFound.add(mapping)
                    }
                } else {
                    log.info("HTTP response from {} was empty", remote)
                }
                return mappingsFound
            } finally {
                response.close()
            }
        } finally {
            client.close()
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/strategy/LookupStrategy.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/strategy/LookupStrategy.groovy
@@ -1,36 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.lookup.strategy
 import io.kamax.mxisd.lookup.BulkLookupRequest
 import io.kamax.mxisd.lookup.SingleLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import io.kamax.mxisd.lookup.provider.IThreePidProvider
 interface LookupStrategy {
    List<IThreePidProvider> getLocalProviders()
    Optional<?> find(SingleLookupRequest request)
    List<ThreePidMapping> find(BulkLookupRequest requests)
 }
--- a/src/main/groovy/io/kamax/mxisd/lookup/strategy/RecursivePriorityLookupStrategy.groovy
+++ b/src/main/groovy/io/kamax/mxisd/lookup/strategy/RecursivePriorityLookupStrategy.groovy
@@ -1,160 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.lookup.strategy
 import edazdarevic.commons.net.CIDRUtils
 import io.kamax.mxisd.config.RecursiveLookupConfig
 import io.kamax.mxisd.lookup.ALookupRequest
 import io.kamax.mxisd.lookup.BulkLookupRequest
 import io.kamax.mxisd.lookup.SingleLookupRequest
 import io.kamax.mxisd.lookup.ThreePidMapping
 import io.kamax.mxisd.lookup.fetcher.IBridgeFetcher
 import io.kamax.mxisd.lookup.provider.IThreePidProvider
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 import java.util.function.Predicate
 import java.util.stream.Collectors
@Component
 class RecursivePriorityLookupStrategy implements LookupStrategy, InitializingBean {
    private Logger log = LoggerFactory.getLogger(RecursivePriorityLookupStrategy.class)
    @Autowired
    private RecursiveLookupConfig recursiveCfg
    @Autowired
    private List<IThreePidProvider> providers
    @Autowired
    private IBridgeFetcher bridge
    private List<CIDRUtils> allowedCidr = new ArrayList<>()
    @Override
    void afterPropertiesSet() throws Exception {
        log.info("Found ${providers.size()} providers")
        providers.sort(new Comparator<IThreePidProvider>() {
            @Override
            int compare(IThreePidProvider o1, IThreePidProvider o2) {
                return Integer.compare(o2.getPriority(), o1.getPriority())
            }
        })
        log.info("Recursive lookup enabled: {}", recursiveCfg.isEnabled())
        for (String cidr : recursiveCfg.getAllowedCidr()) {
            log.info("{} is allowed for recursion", cidr)
            allowedCidr.add(new CIDRUtils(cidr))
        }
    }
    boolean isAllowedForRecursive(String source) {
        boolean canRecurse = false
        if (recursiveCfg.isEnabled()) {
            log.debug("Checking {} CIDRs for recursion", allowedCidr.size())
            for (CIDRUtils cidr : allowedCidr) {
                if (cidr.isInRange(source)) {
                    log.debug("{} is in range {}, allowing recursion", source, cidr.getNetworkAddress())
                    canRecurse = true
                    break
                } else {
                    log.debug("{} is not in range {}", source, cidr.getNetworkAddress())
                }
            }
        }
        return canRecurse
    }
    List<IThreePidProvider> listUsableProviders(ALookupRequest request) {
        List<IThreePidProvider> usableProviders = new ArrayList<>()
        boolean canRecurse = isAllowedForRecursive(request.getRequester())
        log.info("Host {} allowed for recursion: {}", request.getRequester(), canRecurse)
        for (IThreePidProvider provider : providers) {
            if (provider.isEnabled() && (provider.isLocal() || canRecurse)) {
                usableProviders.add(provider)
            }
        }
        return usableProviders
    }
    @Override
    List<IThreePidProvider> getLocalProviders() {
        return providers.stream().filter(new Predicate<IThreePidProvider>() {
            @Override
            boolean test(IThreePidProvider iThreePidProvider) {
                return iThreePidProvider.isEnabled() && iThreePidProvider.isLocal()
            }
        }).collect(Collectors.toList())
    }
    @Override
    Optional<?> find(SingleLookupRequest request) {
        for (IThreePidProvider provider : listUsableProviders(request)) {
            Optional<?> lookupDataOpt = provider.find(request)
            if (lookupDataOpt.isPresent()) {
                return lookupDataOpt
            }
        }
        if (recursiveCfg.getBridge().getEnabled() && (!recursiveCfg.getBridge().getRecursiveOnly() || isAllowedForRecursive(request.getRequester()))) {
            log.info("Using bridge failover for lookup")
            return bridge.find(request)
        }
        return Optional.empty()
    }
    @Override
    List<ThreePidMapping> find(BulkLookupRequest request) {
        List<ThreePidMapping> mapToDo = new ArrayList<>(request.getMappings())
        List<ThreePidMapping> mapFoundAll = new ArrayList<>()
        for (IThreePidProvider provider : listUsableProviders(request)) {
            if (mapToDo.isEmpty()) {
                log.info("No more mappings to lookup")
                break
            } else {
                log.info("{} mappings remaining overall", mapToDo.size())
            }
            log.info("Using provider {} for remaining mappings", provider.getClass().getSimpleName())
            List<ThreePidMapping> mapFound = provider.populate(mapToDo)
            log.info("Provider {} returned {} mappings", provider.getClass().getSimpleName(), mapFound.size())
            mapFoundAll.addAll(mapFound)
            mapToDo.removeAll(mapFound)
        }
        return mapFoundAll
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/mapping/MappingManager.java
+++ b/src/main/groovy/io/kamax/mxisd/mapping/MappingManager.java
@@ -1,164 +0,0 @@
 package io.kamax.mxisd.mapping;
 import io.kamax.mxisd.exception.BadRequestException;
 import io.kamax.mxisd.lookup.ThreePid;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.*;
@Component
 public class MappingManager {
    private Logger log = LoggerFactory.getLogger(MappingManager.class);
    private Map<String, Session> threePidLookups = new WeakHashMap<>();
    private Map<String, Session> sessions = new HashMap<>();
    private Timer cleaner;
    MappingManager() {
        cleaner = new Timer();
        cleaner.schedule(new TimerTask() {
            @Override
            public void run() {
                List<Session> sList = new ArrayList<>(sessions.values());
                for (Session s : sList) {
                    if (s.timestamp.plus(24, ChronoUnit.HOURS).isBefore(Instant.now())) { // TODO config timeout
                        log.info("Session {} is obsolete, removing", s.sid);
                        sessions.remove(s.sid);
                        threePidLookups.remove(s.hash);
                    }
                }
            }
        }, 0, 10 * 1000);  // TODO config delay
    }
    public String create(MappingSession data) {
        String sid;
        do {
            sid = Long.toString(System.currentTimeMillis());
        } while (sessions.containsKey(sid));
        String threePidHash = data.getMedium() + data.getValue();
        Session session = threePidLookups.get(threePidHash);
        if (session != null) {
            sid = session.sid;
        } else {
            // TODO perform some kind of validation
            session = new Session(sid, threePidHash, data);
            sessions.put(sid, session);
            threePidLookups.put(threePidHash, session);
        }
        log.info("Created new session {} to validate {} {}", sid, session.medium, session.address);
        return sid;
    }
    public void validate(String sid, String secret, String token) {
        Session s = sessions.get(sid);
        if (s == null || !StringUtils.equals(s.secret, secret)) {
            throw new BadRequestException("sid or secret are not valid");
        }
        // TODO actually check token
        s.isValidated = true;
        s.validationTimestamp = Instant.now();
    }
    public Optional<ThreePid> getValidated(String sid, String secret) {
        Session s = sessions.get(sid);
        if (s != null && StringUtils.equals(s.secret, secret)) {
            return Optional.of(new ThreePid(s.medium, s.address, s.validationTimestamp));
        }
        return Optional.empty();
    }
    public void bind(String sid, String secret, String mxid) {
        Session s = sessions.get(sid);
        if (s == null || !StringUtils.equals(s.secret, secret)) {
            throw new BadRequestException("sid or secret are not valid");
        }
        log.info("Performed bind for mxid {}", mxid);
        // TODO perform bind, whatever it is
    }
    private class Session {
        private String sid;
        private String hash;
        private Instant timestamp;
        private Instant validationTimestamp;
        private boolean isValidated;
        private String secret;
        private String medium;
        private String address;
        public Session(String sid, String hash, MappingSession data) {
            this.sid = sid;
            this.hash = hash;
            timestamp = Instant.now();
            validationTimestamp = Instant.now();
            secret = data.getSecret();
            medium = data.getMedium();
            address = data.getValue();
        }
        public Instant getTimestamp() {
            return timestamp;
        }
        public void setTimestamp(Instant timestamp) {
            this.timestamp = timestamp;
        }
        public Instant getValidationTimestamp() {
            return validationTimestamp;
        }
        public void setValidationTimestamp(Instant validationTimestamp) {
            this.validationTimestamp = validationTimestamp;
        }
        public boolean isValidated() {
            return isValidated;
        }
        public void setValidated(boolean validated) {
            isValidated = validated;
        }
        public String getSecret() {
            return secret;
        }
        public void setSecret(String secret) {
            this.secret = secret;
        }
        public String getMedium() {
            return medium;
        }
        public void setMedium(String medium) {
            this.medium = medium;
        }
        public String getAddress() {
            return address;
        }
        public void setAddress(String address) {
            this.address = address;
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/mapping/MappingSession.java
+++ b/src/main/groovy/io/kamax/mxisd/mapping/MappingSession.java
@@ -1,15 +0,0 @@
 package io.kamax.mxisd.mapping;
 public interface MappingSession {
    String getServer();
    String getSecret();
    int getAttempt();
    String getMedium();
    String getValue();
 }
--- a/src/main/groovy/io/kamax/mxisd/signature/SignatureManager.groovy
+++ b/src/main/groovy/io/kamax/mxisd/signature/SignatureManager.groovy
@@ -1,59 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.signature
 import io.kamax.mxisd.config.ServerConfig
 import io.kamax.mxisd.key.KeyManager
 import net.i2p.crypto.eddsa.EdDSAEngine
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Component
 import java.security.MessageDigest
@Component
 class SignatureManager implements InitializingBean {
    @Autowired
    private KeyManager keyMgr
    @Autowired
    private ServerConfig srvCfg
    private EdDSAEngine signEngine
    Map<?, ?> signMessage(String message) {
        byte[] signRaw = signEngine.signOneShot(message.getBytes())
        String sign = Base64.getEncoder().encodeToString(signRaw)
        return [
                "${srvCfg.getName()}": [
                        "ed25519:${keyMgr.getCurrentIndex()}": sign
                ]
        ]
    }
    @Override
    void afterPropertiesSet() throws Exception {
        signEngine = new EdDSAEngine(MessageDigest.getInstance(keyMgr.getSpecs().getHashAlgorithm()))
        signEngine.initSign(keyMgr.getPrivateKey(keyMgr.getCurrentIndex()))
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/MatrixIdentityServerApplication.groovy
+++ b/src/main/groovy/io/kamax/mxisd/MatrixIdentityServerApplication.groovy
@@ -18,16 +18,16 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd
+package io.kamax.mxisd;
-import org.springframework.boot.SpringApplication
+import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
-class MatrixIdentityServerApplication {
+public class MatrixIdentityServerApplication {
-    static void main(String[] args) throws Exception {
+    public static void main(String[] args) {
-        SpringApplication.run(MatrixIdentityServerApplication.class, args)
+        SpringApplication.run(MatrixIdentityServerApplication.class, args);
    }
 }
--- a/src/main/java/io/kamax/mxisd/ThreePid.java
+++ b/src/main/java/io/kamax/mxisd/ThreePid.java
@@ -0,0 +1,51 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 // FIXME this should be in matrix-java-sdk
 public class ThreePid {
    private String medium;
    private String address;
    public ThreePid(ThreePid tpid) {
        this(tpid.getMedium(), tpid.getAddress());
    }
    public ThreePid(String medium, String address) {
        this.medium = medium;
        this.address = address;
    }
    public String getMedium() {
        return medium;
    }
    public String getAddress() {
        return address;
    }
    @Override
    public String toString() {
        return getMedium() + ":" + getAddress();
    }
 }
--- a/src/main/java/io/kamax/mxisd/UserID.java
+++ b/src/main/java/io/kamax/mxisd/UserID.java
@@ -0,0 +1,46 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 // FIXME consider integrating in matrix-java-sdk?
 public class UserID {
    private String type;
    private String value;
    protected UserID() {
        // stub for (de)serialization
    }
    public UserID(String type, String value) {
        this.type = type;
        this.value = value;
    }
    public String getType() {
        return type;
    }
    public String getValue() {
        return value;
    }
 }
--- a/src/main/java/io/kamax/mxisd/UserIdType.java
+++ b/src/main/java/io/kamax/mxisd/UserIdType.java
@@ -0,0 +1,47 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 import org.apache.commons.lang.StringUtils;
 // FIXME consider integrating in matrix-java-sdk?
 public enum UserIdType {
    Localpart("localpart"),
    MatrixID("mxid"),
    EmailLocalpart("email_localpart"),
    Email("threepids/email");
    private String id;
    UserIdType(String id) {
        this.id = id;
    }
    public String getId() {
        return id;
    }
    public boolean is(String id) {
        return StringUtils.equalsIgnoreCase(this.id, id);
    }
 }
--- a/src/main/java/io/kamax/mxisd/auth/AuthManager.java
+++ b/src/main/java/io/kamax/mxisd/auth/AuthManager.java
@@ -0,0 +1,93 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.auth;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.ThreePid;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import java.util.ArrayList;
 import java.util.List;
@Service
 public class AuthManager {
    private Logger log = LoggerFactory.getLogger(AuthManager.class);
    @Autowired
    private List<AuthenticatorProvider> providers = new ArrayList<>();
    @Autowired
    private MatrixConfig mxCfg;
    @Autowired
    private InvitationManager invMgr;
    public UserAuthResult authenticate(String id, String password) {
        _MatrixID mxid = new MatrixID(id);
        for (AuthenticatorProvider provider : providers) {
            if (!provider.isEnabled()) {
                continue;
            }
            BackendAuthResult result = provider.authenticate(mxid, password);
            if (result.isSuccess()) {
                String mxId;
                if (UserIdType.Localpart.is(result.getId().getType())) {
                    mxId = new MatrixID(result.getId().getValue(), mxCfg.getDomain()).getId();
                } else if (UserIdType.MatrixID.is(result.getId().getType())) {
                    mxId = new MatrixID(result.getId().getValue()).getId();
                } else {
                    log.warn("Unsupported User ID type {} for backend {}", result.getId().getType(), provider.getClass().getSimpleName());
                    continue;
                }
                UserAuthResult authResult = new UserAuthResult().success(mxId, result.getProfile().getDisplayName());
                for (ThreePid pid : result.getProfile().getThreePids()) {
                    authResult.withThreePid(pid.getMedium(), pid.getAddress());
                }
                log.info("{} was authenticated by {}, publishing 3PID mappings, if any", id, provider.getClass().getSimpleName());
                for (ThreePid pid : authResult.getThreePids()) {
                    log.info("Processing {} for {}", pid, id);
                    invMgr.publishMappingIfInvited(new ThreePidMapping(pid, authResult.getMxid()));
                }
                invMgr.lookupMappingsForInvites();
                return authResult;
            }
        }
        return new UserAuthResult().failure();
    }
 }
--- a/src/main/java/io/kamax/mxisd/auth/UserAuthResult.java
+++ b/src/main/java/io/kamax/mxisd/auth/UserAuthResult.java
@@ -0,0 +1,91 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.auth;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.mxisd.ThreePid;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 public class UserAuthResult {
    private boolean success;
    private String mxid;
    private String displayName;
    private List<ThreePid> threePids = new ArrayList<>();
    public UserAuthResult failure() {
        success = false;
        mxid = null;
        displayName = null;
        return this;
    }
    public UserAuthResult success(String mxid, String displayName) {
        setSuccess(true);
        setMxid(mxid);
        setDisplayName(displayName);
        return this;
    }
    public boolean isSuccess() {
        return success;
    }
    public void setSuccess(boolean success) {
        this.success = success;
    }
    public String getMxid() {
        return mxid;
    }
    public void setMxid(String mxid) {
        this.mxid = mxid;
    }
    public String getDisplayName() {
        return displayName;
    }
    public void setDisplayName(String displayName) {
        this.displayName = displayName;
    }
    public UserAuthResult withThreePid(ThreePidMedium medium, String address) {
        return withThreePid(medium.getId(), address);
    }
    public UserAuthResult withThreePid(String medium, String address) {
        threePids.add(new ThreePid(medium, address));
        return this;
    }
    public List<ThreePid> getThreePids() {
        return Collections.unmodifiableList(threePids);
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/exception/NotImplementedException.groovy
+++ b/src/main/groovy/io/kamax/mxisd/exception/NotImplementedException.groovy
@@ -18,11 +18,14 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.exception
+package io.kamax.mxisd.auth.provider;
-import org.springframework.http.HttpStatus
+import io.kamax.matrix._MatrixID;
-import org.springframework.web.bind.annotation.ResponseStatus
+
 public interface AuthenticatorProvider {
    boolean isEnabled();
    BackendAuthResult authenticate(_MatrixID mxid, String password);
@ResponseStatus(value = HttpStatus.NOT_IMPLEMENTED)
 class NotImplementedException extends RuntimeException {
 }
--- a/src/main/java/io/kamax/mxisd/auth/provider/BackendAuthResult.java
+++ b/src/main/java/io/kamax/mxisd/auth/provider/BackendAuthResult.java
@@ -0,0 +1,95 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.auth.provider;
 import io.kamax.mxisd.ThreePid;
 import io.kamax.mxisd.UserID;
 import io.kamax.mxisd.UserIdType;
 import java.util.ArrayList;
 import java.util.List;
 public class BackendAuthResult {
    public static class BackendAuthProfile {
        private String displayName;
        private List<ThreePid> threePids = new ArrayList<>();
        public String getDisplayName() {
            return displayName;
        }
        public List<ThreePid> getThreePids() {
            return threePids;
        }
    }
    public static BackendAuthResult failure() {
        BackendAuthResult r = new BackendAuthResult();
        r.success = false;
        return r;
    }
    public void fail() {
        success = false;
    }
    public static BackendAuthResult success(String id, UserIdType type, String displayName) {
        return success(id, type.getId(), displayName);
    }
    public static BackendAuthResult success(String id, String type, String displayName) {
        BackendAuthResult r = new BackendAuthResult();
        r.succeed(id, type, displayName);
        return r;
    }
    public void succeed(String id, String type, String displayName) {
        this.success = true;
        this.id = new UserID(type, id);
        this.profile = new BackendAuthProfile();
        this.profile.displayName = displayName;
    }
    private Boolean success;
    private UserID id;
    private BackendAuthProfile profile = new BackendAuthProfile();
    public Boolean isSuccess() {
        return success;
    }
    public UserID getId() {
        return id;
    }
    public BackendAuthProfile getProfile() {
        return profile;
    }
    public BackendAuthResult withThreePid(ThreePid threePid) {
        this.profile.threePids.add(threePid);
        return this;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseAuthenticator.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseAuthenticator.java
@@ -0,0 +1,177 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.firebase;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseCredential;
 import com.google.firebase.auth.FirebaseCredentials;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.ThreePid;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
 public class GoogleFirebaseAuthenticator implements AuthenticatorProvider {
    private Logger log = LoggerFactory.getLogger(GoogleFirebaseAuthenticator.class);
    private boolean isEnabled;
    private FirebaseApp fbApp;
    private FirebaseAuth fbAuth;
    private void waitOnLatch(BackendAuthResult result, CountDownLatch l, String purpose) {
        try {
            l.await(30, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            log.warn("Interrupted while waiting for " + purpose);
            result.fail();
        }
    }
    public GoogleFirebaseAuthenticator(boolean isEnabled) {
        this.isEnabled = isEnabled;
    }
    public GoogleFirebaseAuthenticator(String credsPath, String db) {
        this(true);
        try {
            fbApp = FirebaseApp.initializeApp(getOpts(credsPath, db), "AuthenticationProvider");
            fbAuth = FirebaseAuth.getInstance(fbApp);
            log.info("Google Firebase Authentication is ready");
        } catch (IOException e) {
            throw new RuntimeException("Error when initializing Firebase", e);
        }
    }
    private FirebaseCredential getCreds(String credsPath) throws IOException {
        if (StringUtils.isNotBlank(credsPath)) {
            return FirebaseCredentials.fromCertificate(new FileInputStream(credsPath));
        } else {
            return FirebaseCredentials.applicationDefault();
        }
    }
    private FirebaseOptions getOpts(String credsPath, String db) throws IOException {
        if (StringUtils.isBlank(db)) {
            throw new IllegalArgumentException("Firebase database is not configured");
        }
        return new FirebaseOptions.Builder()
                .setCredential(getCreds(credsPath))
                .setDatabaseUrl(db)
                .build();
    }
    @Override
    public boolean isEnabled() {
        return isEnabled;
    }
    private void waitOnLatch(CountDownLatch l) {
        try {
            l.await(30, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            log.warn("Interrupted while waiting for Firebase auth check");
        }
    }
    @Override
    public BackendAuthResult authenticate(_MatrixID mxid, String password) {
        if (!isEnabled()) {
            throw new IllegalStateException();
        }
        log.info("Trying to authenticate {}", mxid);
        final BackendAuthResult result = BackendAuthResult.failure();
        String localpart = mxid.getLocalPart();
        CountDownLatch l = new CountDownLatch(1);
        fbAuth.verifyIdToken(password).addOnSuccessListener(token -> {
            try {
                if (!StringUtils.equals(localpart, token.getUid())) {
                    log.info("Failure to authenticate {}: Matrix ID localpart '{}' does not match Firebase UID '{}'", mxid, localpart, token.getUid());
                    result.fail();
                    return;
                }
                result.succeed(mxid.getId(), UserIdType.MatrixID.getId(), token.getName());
                log.info("{} was successfully authenticated", mxid);
                log.info("Fetching profile for {}", mxid);
                CountDownLatch userRecordLatch = new CountDownLatch(1);
                fbAuth.getUser(token.getUid()).addOnSuccessListener(user -> {
                    try {
                        if (StringUtils.isNotBlank(user.getEmail())) {
                            result.withThreePid(new ThreePid(ThreePidMedium.Email.getId(), user.getEmail()));
                        }
                        if (StringUtils.isNotBlank(user.getPhoneNumber())) {
                            result.withThreePid(new ThreePid(ThreePidMedium.PhoneNumber.getId(), user.getPhoneNumber()));
                        }
                    } finally {
                        userRecordLatch.countDown();
                    }
                }).addOnFailureListener(e -> {
                    try {
                        log.warn("Unable to fetch Firebase user profile for {}", mxid);
                        result.fail();
                    } finally {
                        userRecordLatch.countDown();
                    }
                });
                waitOnLatch(result, userRecordLatch, "Firebase user profile");
            } finally {
                l.countDown();
            }
        }).addOnFailureListener(e -> {
            try {
                if (e instanceof IllegalArgumentException) {
                    log.info("Failure to authenticate {}: invalid firebase token", mxid);
                } else {
                    log.info("Failure to authenticate {}: {}", mxid, e.getMessage(), e);
                    log.info("Exception", e);
                }
                result.fail();
            } finally {
                l.countDown();
            }
        });
        waitOnLatch(result, l, "Firebase auth check");
        return result;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseProvider.java
@@ -0,0 +1,180 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.firebase;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseCredential;
 import com.google.firebase.auth.FirebaseCredentials;
 import com.google.firebase.auth.UserRecord;
 import com.google.firebase.tasks.OnFailureListener;
 import com.google.firebase.tasks.OnSuccessListener;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
 public class GoogleFirebaseProvider implements IThreePidProvider {
    private Logger log = LoggerFactory.getLogger(GoogleFirebaseProvider.class);
    private boolean isEnabled;
    private String domain;
    private FirebaseAuth fbAuth;
    public GoogleFirebaseProvider(boolean isEnabled) {
        this.isEnabled = isEnabled;
    }
    public GoogleFirebaseProvider(String credsPath, String db, String domain) {
        this(true);
        this.domain = domain;
        try {
            FirebaseApp fbApp = FirebaseApp.initializeApp(getOpts(credsPath, db), "ThreePidProvider");
            fbAuth = FirebaseAuth.getInstance(fbApp);
            log.info("Google Firebase Authentication is ready");
        } catch (IOException e) {
            throw new RuntimeException("Error when initializing Firebase", e);
        }
    }
    private FirebaseCredential getCreds(String credsPath) throws IOException {
        if (StringUtils.isNotBlank(credsPath)) {
            return FirebaseCredentials.fromCertificate(new FileInputStream(credsPath));
        } else {
            return FirebaseCredentials.applicationDefault();
        }
    }
    private FirebaseOptions getOpts(String credsPath, String db) throws IOException {
        if (StringUtils.isBlank(db)) {
            throw new IllegalArgumentException("Firebase database is not configured");
        }
        return new FirebaseOptions.Builder()
                .setCredential(getCreds(credsPath))
                .setDatabaseUrl(db)
                .build();
    }
    private String getMxid(UserRecord record) {
        return new MatrixID(record.getUid(), domain).getId();
    }
    @Override
    public boolean isEnabled() {
        return isEnabled;
    }
    @Override
    public boolean isLocal() {
        return true;
    }
    @Override
    public int getPriority() {
        return 25;
    }
    private void waitOnLatch(CountDownLatch l) {
        try {
            l.await(30, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            log.warn("Interrupted while waiting for Firebase auth check");
        }
    }
    private Optional<UserRecord> findInternal(String medium, String address) {
        final UserRecord[] r = new UserRecord[1];
        CountDownLatch l = new CountDownLatch(1);
        OnSuccessListener<UserRecord> success = result -> {
            log.info("Found 3PID match for {}:{} - UID is {}", medium, address, result.getUid());
            r[0] = result;
            l.countDown();
        };
        OnFailureListener failure = e -> {
            log.info("No 3PID match for {}:{} - {}", medium, address, e.getMessage());
            r[0] = null;
            l.countDown();
        };
        if (ThreePidMedium.Email.is(medium)) {
            log.info("Performing E-mail 3PID lookup for {}", address);
            fbAuth.getUserByEmail(address)
                    .addOnSuccessListener(success)
                    .addOnFailureListener(failure);
            waitOnLatch(l);
        } else if (ThreePidMedium.PhoneNumber.is(medium)) {
            log.info("Performing msisdn 3PID lookup for {}", address);
            fbAuth.getUserByPhoneNumber(address)
                    .addOnSuccessListener(success)
                    .addOnFailureListener(failure);
            waitOnLatch(l);
        } else {
            log.info("{} is not a supported 3PID medium", medium);
            r[0] = null;
        }
        return Optional.ofNullable(r[0]);
    }
    @Override
    public Optional<SingleLookupReply> find(SingleLookupRequest request) {
        Optional<UserRecord> urOpt = findInternal(request.getType(), request.getThreePid());
        return urOpt.map(userRecord -> new SingleLookupReply(request, getMxid(userRecord)));
    }
    @Override
    public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        List<ThreePidMapping> results = new ArrayList<>();
        mappings.parallelStream().forEach(o -> {
            Optional<UserRecord> urOpt = findInternal(o.getMedium(), o.getValue());
            if (urOpt.isPresent()) {
                ThreePidMapping result = new ThreePidMapping();
                result.setMedium(o.getMedium());
                result.setValue(o.getValue());
                result.setMxid(getMxid(urOpt.get()));
                results.add(result);
            }
        });
        return results;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java
@@ -0,0 +1,130 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.ldap;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
 import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException;
 import org.apache.directory.api.ldap.model.cursor.EntryCursor;
 import org.apache.directory.api.ldap.model.entry.Attribute;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
@Component
 public class LdapAuthProvider extends LdapGenericBackend implements AuthenticatorProvider {
    private Logger log = LoggerFactory.getLogger(LdapAuthProvider.class);
    private String getUidAttribute() {
        return getCfg().getAttribute().getUid().getValue();
    }
    @Override
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }
    @Override
    public BackendAuthResult authenticate(_MatrixID mxid, String password) {
        log.info("Performing auth for {}", mxid);
        LdapConnection conn = getConn();
        try {
            bind(conn);
            String uidType = getCfg().getAttribute().getUid().getType();
            String userFilterValue = StringUtils.equals(LdapThreePidProvider.UID, uidType) ? mxid.getLocalPart() : mxid.getId();
            if (StringUtils.isBlank(userFilterValue)) {
                log.warn("Username is empty, failing auth");
                return BackendAuthResult.failure();
            }
            String userFilter = "(" + getCfg().getAttribute().getUid().getValue() + "=" + userFilterValue + ")";
            if (!StringUtils.isBlank(getCfg().getAuth().getFilter())) {
                userFilter = "(&" + getCfg().getAuth().getFilter() + userFilter + ")";
            }
            EntryCursor cursor = conn.search(getCfg().getConn().getBaseDn(), userFilter, SearchScope.SUBTREE, getUidAttribute(), getCfg().getAttribute().getName());
            try {
                while (cursor.next()) {
                    Entry entry = cursor.get();
                    String dn = entry.getDn().getName();
                    log.info("Checking possible match, DN: {}", dn);
                    Attribute attribute = entry.get(getUidAttribute());
                    if (attribute == null) {
                        log.info("DN {}: no attribute {}, skpping", dn, getUidAttribute());
                        continue;
                    }
                    String data = attribute.get().toString();
                    if (data.length() < 1) {
                        log.info("DN {}: empty attribute {}, skipping", getUidAttribute());
                        continue;
                    }
                    log.info("Attempting authentication on LDAP for {}", dn);
                    try {
                        conn.bind(entry.getDn(), password);
                    } catch (LdapException e) {
                        log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
                        return BackendAuthResult.failure();
                    }
                    Attribute nameAttribute = entry.get(getCfg().getAttribute().getName());
                    String name = nameAttribute != null ? nameAttribute.get().toString() : null;
                    log.info("Authentication successful for {}", entry.getDn().getName());
                    log.info("DN {} is a valid match", dn);
                    // TODO should we canonicalize the MXID?
                    return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
                }
            } catch (CursorLdapReferralException e) {
                log.warn("Entity for {} is only available via referral, skipping", mxid);
            } finally {
                cursor.close();
            }
            log.info("No match were found for {}", mxid);
            return BackendAuthResult.failure();
        } catch (LdapException | IOException | CursorException e) {
            throw new RuntimeException(e);
        } finally {
            try {
                conn.close();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapGenericBackend.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapGenericBackend.java
@@ -0,0 +1,57 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.ldap;
 import io.kamax.mxisd.config.ldap.LdapConfig;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class LdapGenericBackend {
    private Logger log = LoggerFactory.getLogger(LdapGenericBackend.class);
    @Autowired
    private LdapConfig ldapCfg;
    protected LdapConnection getConn() {
        return new LdapNetworkConnection(ldapCfg.getConn().getHost(), ldapCfg.getConn().getPort(), ldapCfg.getConn().isTls());
    }
    protected void bind(LdapConnection conn) throws LdapException {
        if (StringUtils.isBlank(ldapCfg.getConn().getBindDn()) && StringUtils.isBlank(ldapCfg.getConn().getBindPassword())) {
            conn.anonymousBind();
        } else {
            conn.bind(ldapCfg.getConn().getBindDn(), ldapCfg.getConn().getBindPassword());
        }
    }
    protected LdapConfig getCfg() {
        return ldapCfg;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
@@ -0,0 +1,174 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.ldap;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
 import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException;
 import org.apache.directory.api.ldap.model.cursor.EntryCursor;
 import org.apache.directory.api.ldap.model.entry.Attribute;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
@Component
 public class LdapThreePidProvider extends LdapGenericBackend implements IThreePidProvider {
    public static final String UID = "uid";
    public static final String MATRIX_ID = "mxid";
    private Logger log = LoggerFactory.getLogger(LdapThreePidProvider.class);
    @Autowired
    private MatrixConfig mxCfg;
    @Override
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }
    private String getUidAttribute() {
        return getCfg().getAttribute().getUid().getValue();
    }
    @Override
    public boolean isLocal() {
        return true;
    }
    @Override
    public int getPriority() {
        return 20;
    }
    private Optional<String> lookup(LdapConnection conn, String medium, String value) {
        String uidAttribute = getUidAttribute();
        Optional<String> queryOpt = getCfg().getIdentity().getQuery(medium);
        if (!queryOpt.isPresent()) {
            log.warn("{} is not a configured 3PID type for LDAP lookup", medium);
            return Optional.empty();
        }
        String searchQuery = queryOpt.get().replaceAll("%3pid", value);
        try (EntryCursor cursor = conn.search(getCfg().getConn().getBaseDn(), searchQuery, SearchScope.SUBTREE, uidAttribute)) {
            while (cursor.next()) {
                Entry entry = cursor.get();
                log.info("Found possible match, DN: {}", entry.getDn().getName());
                Attribute attribute = entry.get(uidAttribute);
                if (attribute == null) {
                    log.info("DN {}: no attribute {}, skpping", entry.getDn(), getCfg().getAttribute());
                    continue;
                }
                String data = attribute.get().toString();
                if (data.length() < 1) {
                    log.info("DN {}: empty attribute {}, skipping", getCfg().getAttribute());
                    continue;
                }
                StringBuilder matrixId = new StringBuilder();
                // TODO Should we turn this block into a map of functions?
                String uidType = getCfg().getAttribute().getUid().getType();
                if (StringUtils.equals(UID, uidType)) {
                    matrixId.append("@").append(data).append(":").append(mxCfg.getDomain());
                } else if (StringUtils.equals(MATRIX_ID, uidType)) {
                    matrixId.append(data);
                } else {
                    log.warn("Bind was found but type {} is not supported", uidType);
                    continue;
                }
                log.info("DN {} is a valid match", entry.getDn().getName());
                return Optional.of(matrixId.toString());
            }
        } catch (CursorLdapReferralException e) {
            log.warn("3PID {} is only available via referral, skipping", value);
        } catch (IOException | LdapException | CursorException e) {
            throw new InternalServerError(e);
        }
        return Optional.empty();
    }
    @Override
    public Optional<SingleLookupReply> find(SingleLookupRequest request) {
        log.info("Performing LDAP lookup ${request.getThreePid()} of type ${request.getType()}");
        try (LdapConnection conn = getConn()) {
            bind(conn);
            Optional<String> mxid = lookup(conn, request.getType(), request.getThreePid());
            if (mxid.isPresent()) {
                return Optional.of(new SingleLookupReply(request, mxid.get()));
            }
        } catch (LdapException | IOException e) {
            throw new InternalServerError(e);
        }
        log.info("No match found");
        return Optional.empty();
    }
    @Override
    public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        log.info("Looking up {} mappings", mappings.size());
        List<ThreePidMapping> mappingsFound = new ArrayList<>();
        try (LdapConnection conn = getConn()) {
            bind(conn);
            for (ThreePidMapping mapping : mappings) {
                try {
                    Optional<String> mxid = lookup(conn, mapping.getMedium(), mapping.getValue());
                    if (mxid.isPresent()) {
                        mapping.setMxid(mxid.get());
                        mappingsFound.add(mapping);
                    }
                } catch (IllegalArgumentException e) {
                    log.warn("{} is not a supported 3PID type for LDAP lookup", mapping.getMedium());
                }
            }
        } catch (LdapException | IOException e) {
            throw new InternalServerError(e);
        }
        return mappingsFound;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupBulkResponseJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupBulkResponseJson.java
@@ -0,0 +1,34 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import java.util.ArrayList;
 import java.util.List;
 public class LookupBulkResponseJson {
    private List<LookupSingleResponseJson> lookup = new ArrayList<>();
    public List<LookupSingleResponseJson> getLookup() {
        return lookup;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleRequestJson.java
@@ -0,0 +1,40 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 public class LookupSingleRequestJson {
    private String medium;
    private String address;
    public LookupSingleRequestJson(String medium, String address) {
        this.medium = medium;
        this.address = address;
    }
    public String getMedium() {
        return medium;
    }
    public String getAddress() {
        return address;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleResponseJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleResponseJson.java
@@ -18,27 +18,26 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.lookup
+package io.kamax.mxisd.backend.rest;
-class SingleLookupRequest extends ALookupRequest {
+import io.kamax.mxisd.UserID;
-    private String type
+public class LookupSingleResponseJson {
    private String threePid
-    String getType() {
+    private String medium;
-        return type
+    private String address;
    private UserID id;
    public String getMedium() {
        return medium;
    }
-    void setType(String type) {
+    public String getAddress() {
-        this.type = type
+        return address;
    }
-    String getThreePid() {
+    public UserID getId() {
-        return threePid
+        return id;
    }
    void setThreePid(String threePid) {
        this.threePid = threePid
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestAuthProvider.java
@@ -0,0 +1,69 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.rest.RestBackendConfig;
 import io.kamax.mxisd.util.RestClientUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
@Component
 public class RestAuthProvider extends RestProvider implements AuthenticatorProvider {
    @Autowired
    public RestAuthProvider(RestBackendConfig cfg) {
        super(cfg);
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public BackendAuthResult authenticate(_MatrixID mxid, String password) {
        RestAuthRequestJson auth = new RestAuthRequestJson();
        auth.setMxid(mxid.getId());
        auth.setLocalpart(mxid.getLocalPart());
        auth.setDomain(mxid.getDomain());
        auth.setPassword(password);
        HttpUriRequest req = RestClientUtils.post(cfg.getEndpoints().getAuth(), gson, "auth", auth);
        try (CloseableHttpResponse res = client.execute(req)) {
            int status = res.getStatusLine().getStatusCode();
            if (status < 200 || status >= 300) {
                return BackendAuthResult.failure();
            }
            return parser.parse(res, "auth", BackendAuthResult.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestAuthRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestAuthRequestJson.java
@@ -0,0 +1,62 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 public class RestAuthRequestJson {
    private String mxid;
    private String localpart;
    private String domain;
    private String password;
    public String getMxid() {
        return mxid;
    }
    public void setMxid(String mxid) {
        this.mxid = mxid;
    }
    public String getLocalpart() {
        return localpart;
    }
    public void setLocalpart(String localpart) {
        this.localpart = localpart;
    }
    public String getDomain() {
        return domain;
    }
    public void setDomain(String domain) {
        this.domain = domain;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestProvider.java
@@ -0,0 +1,46 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import com.google.gson.FieldNamingPolicy;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import io.kamax.mxisd.config.rest.RestBackendConfig;
 import io.kamax.mxisd.util.GsonParser;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 public class RestProvider {
    protected RestBackendConfig cfg;
    protected Gson gson;
    protected GsonParser parser;
    protected CloseableHttpClient client;
    public RestProvider(RestBackendConfig cfg) {
        this.cfg = cfg;
        client = HttpClients.createDefault();
        gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create();
        parser = new GsonParser(gson);
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestThreePidProvider.java
@@ -0,0 +1,131 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.UserID;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.rest.RestBackendConfig;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import io.kamax.mxisd.util.RestClientUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@Component
 public class RestThreePidProvider extends RestProvider implements IThreePidProvider {
    private Logger log = LoggerFactory.getLogger(RestThreePidProvider.class);
    private MatrixConfig mxCfg; // FIXME should be done in the lookup manager
    @Autowired
    public RestThreePidProvider(RestBackendConfig cfg, MatrixConfig mxCfg) {
        super(cfg);
        this.mxCfg = mxCfg;
    }
    // TODO refactor in lookup manager with above FIXME
    private _MatrixID getMxId(UserID id) {
        if (UserIdType.Localpart.is(id.getType())) {
            return new MatrixID(id.getValue(), mxCfg.getDomain());
        } else {
            return new MatrixID(id.getValue());
        }
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
    }
    @Override
    public int getPriority() {
        return 20;
    }
    // TODO refactor common code
    @Override
    public Optional<SingleLookupReply> find(SingleLookupRequest request) {
        String endpoint = cfg.getEndpoints().getIdentity().getSingle();
        HttpUriRequest req = RestClientUtils.post(endpoint, gson, "lookup",
                new LookupSingleRequestJson(request.getType(), request.getThreePid()));
        try (CloseableHttpResponse res = client.execute(req)) {
            int status = res.getStatusLine().getStatusCode();
            if (status < 200 || status >= 300) {
                log.warn("REST endpoint {} answered with status {}, no binding found", endpoint, status);
                return Optional.empty();
            }
            Optional<LookupSingleResponseJson> responseOpt = parser.parseOptional(res, "lookup", LookupSingleResponseJson.class);
            return responseOpt.map(lookupSingleResponseJson -> new SingleLookupReply(request, getMxId(lookupSingleResponseJson.getId())));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    // TODO refactor common code
    @Override
    public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        List<LookupSingleRequestJson> ioListRequest = mappings.stream()
                .map(mapping -> new LookupSingleRequestJson(mapping.getMedium(), mapping.getValue()))
                .collect(Collectors.toList());
        HttpUriRequest req = RestClientUtils.post(
                cfg.getEndpoints().getIdentity().getBulk(), gson, "lookup", ioListRequest);
        try (CloseableHttpResponse res = client.execute(req)) {
            mappings = new ArrayList<>();
            int status = res.getStatusLine().getStatusCode();
            if (status < 200 || status >= 300) {
                return mappings;
            }
            LookupBulkResponseJson listIo = parser.parse(res, LookupBulkResponseJson.class);
            return listIo.getLookup().stream()
                    .map(io -> new ThreePidMapping(io.getMedium(), io.getAddress(), getMxId(io.getId()).getId()))
                    .collect(Collectors.toList());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlAuthProvider.java
@@ -0,0 +1,61 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql;
 import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.ServerConfig;
 import io.kamax.mxisd.config.sql.SqlProviderConfig;
 import io.kamax.mxisd.invitation.InvitationManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class SqlAuthProvider implements AuthenticatorProvider {
    private Logger log = LoggerFactory.getLogger(SqlAuthProvider.class);
    @Autowired
    private ServerConfig srvCfg;
    @Autowired
    private SqlProviderConfig cfg;
    @Autowired
    private InvitationManager invMgr;
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public BackendAuthResult authenticate(_MatrixID mxid, String password) {
        log.info("Performing dummy authentication try to force invite mapping refresh");
        invMgr.lookupMappingsForInvites();
        return BackendAuthResult.failure();
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
@@ -0,0 +1,108 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql;
 import io.kamax.matrix.MatrixID;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.sql.SqlProviderConfig;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.sql.*;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
@Component
 public class SqlThreePidProvider implements IThreePidProvider {
    private Logger log = LoggerFactory.getLogger(SqlThreePidProvider.class);
    @Autowired
    private MatrixConfig mxCfg;
    @Autowired
    private SqlProviderConfig cfg;
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
    }
    @Override
    public int getPriority() {
        return 20;
    }
    private Connection getConn() throws SQLException {
        return DriverManager.getConnection("jdbc:" + cfg.getType() + ":" + cfg.getConnection());
    }
    @Override
    public Optional<SingleLookupReply> find(SingleLookupRequest request) {
        log.info("SQL lookup");
        String stmtSql = StringUtils.defaultIfBlank(cfg.getIdentity().getMedium().get(request.getType()), cfg.getIdentity().getQuery());
        log.info("SQL query: {}", stmtSql);
        try (PreparedStatement stmt = getConn().prepareStatement(stmtSql)) {
            stmt.setString(1, request.getType().toLowerCase());
            stmt.setString(2, request.getThreePid().toLowerCase());
            ResultSet rSet = stmt.executeQuery();
            while (rSet.next()) {
                String uid = rSet.getString("uid");
                log.info("Found match: {}", uid);
                if (StringUtils.equals("uid", cfg.getIdentity().getType())) {
                    log.info("Resolving as localpart");
                    return Optional.of(new SingleLookupReply(request, new MatrixID(uid, mxCfg.getDomain())));
                }
                if (StringUtils.equals("mxid", cfg.getIdentity().getType())) {
                    log.info("Resolving as MXID");
                    return Optional.of(new SingleLookupReply(request, new MatrixID(uid)));
                }
                log.info("Identity type is unknown, skipping");
            }
            log.info("No match found in SQL");
            return Optional.empty();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }
    @Override
    public List<ThreePidMapping> populate(List<ThreePidMapping> mappings) {
        return new ArrayList<>();
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/DnsOverwrite.java
+++ b/src/main/java/io/kamax/mxisd/config/DnsOverwrite.java
@@ -0,0 +1,52 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import java.util.Optional;
@Configuration
@ConfigurationProperties("dns.overwrite")
 public class DnsOverwrite {
    private Logger log = LoggerFactory.getLogger(DnsOverwrite.class);
    @Autowired
    private ServerConfig srvCfg;
    @Autowired
    private DnsOverwriteEntry homeserver;
    public Optional<DnsOverwriteEntry> findHost(String lookup) {
        if (homeserver != null && StringUtils.equalsIgnoreCase(lookup, homeserver.getName())) {
            return Optional.of(homeserver);
        }
        return Optional.empty();
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/DnsOverwriteEntry.java
+++ b/src/main/java/io/kamax/mxisd/config/DnsOverwriteEntry.java
@@ -0,0 +1,67 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties("dns.overwrite.homeserver")
 public class DnsOverwriteEntry {
    private String name;
    private String type;
    private String value;
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getType() {
        return type;
    }
    public void setType(String type) {
        this.type = type;
    }
    public String getValue() {
        return value;
    }
    public void setValue(String value) {
        this.value = value;
    }
    public String getTarget() {
        if (StringUtils.equals("env", getType())) {
            return System.getenv(getValue());
        } else {
            return getValue();
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/FirebaseConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/FirebaseConfig.java
@@ -0,0 +1,101 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.backend.firebase.GoogleFirebaseAuthenticator;
 import io.kamax.mxisd.backend.firebase.GoogleFirebaseProvider;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("firebase")
 public class FirebaseConfig {
    private Logger log = LoggerFactory.getLogger(FirebaseConfig.class);
    @Autowired
    private MatrixConfig mxCfg;
    private boolean enabled;
    private String credentials;
    private String database;
    public boolean isEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
    public String getCredentials() {
        return credentials;
    }
    public void setCredentials(String credentials) {
        this.credentials = credentials;
    }
    public String getDatabase() {
        return database;
    }
    public void setDatabase(String database) {
        this.database = database;
    }
    @PostConstruct
    private void postConstruct() {
        log.info("--- Firebase configuration ---");
        log.info("Enabled: {}", isEnabled());
        if (isEnabled()) {
            log.info("Credentials: {}", getCredentials());
            log.info("Database: {}", getDatabase());
        }
    }
    @Bean
    public AuthenticatorProvider getAuthProvider() {
        if (!enabled) {
            return new GoogleFirebaseAuthenticator(false);
        } else {
            return new GoogleFirebaseAuthenticator(credentials, database);
        }
    }
    @Bean
    public IThreePidProvider getLookupProvider() {
        if (!enabled) {
            return new GoogleFirebaseProvider(false);
        } else {
            return new GoogleFirebaseProvider(credentials, database, mxCfg.getDomain());
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ForwardConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ForwardConfig.java
@@ -0,0 +1,43 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import java.util.ArrayList;
 import java.util.List;
@Configuration
@ConfigurationProperties(prefix = "forward")
 public class ForwardConfig {
    private List<String> servers = new ArrayList<>();
    public List<String> getServers() {
        return servers;
    }
    public void setServers(List<String> servers) {
        this.servers = servers;
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/config/KeyConfig.groovy
+++ b/src/main/groovy/io/kamax/mxisd/config/KeyConfig.groovy
@@ -18,31 +18,33 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.config
+package io.kamax.mxisd.config;
-import org.apache.commons.lang.StringUtils
+import io.kamax.mxisd.exception.ConfigurationException;
-import org.springframework.beans.factory.InitializingBean
+import org.apache.commons.lang.StringUtils;
-import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties(prefix = "key")
-class KeyConfig implements InitializingBean {
+public class KeyConfig {
-    private String path
+    private String path;
-    void setPath(String path) {
+    public void setPath(String path) {
-        this.path = path
+        this.path = path;
    }
-    String getPath() {
+    public String getPath() {
-        return path
+        return path;
    }
-    @Override
+    @PostConstruct
-    void afterPropertiesSet() throws Exception {
+    public void build() {
        if (StringUtils.isBlank(getPath())) {
-            throw new RuntimeException("Key path must be configured!")
+            throw new ConfigurationException("key.path");
        }
    }
--- a/src/main/java/io/kamax/mxisd/config/MatrixConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/MatrixConfig.java
@@ -0,0 +1,94 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import com.google.gson.Gson;
 import io.kamax.mxisd.exception.ConfigurationException;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@Configuration
@ConfigurationProperties("matrix")
 public class MatrixConfig {
    public static class Identity {
        private Map<String, List<String>> servers = new HashMap<>();
        public Map<String, List<String>> getServers() {
            return servers;
        }
        public void setServers(Map<String, List<String>> servers) {
            this.servers = servers;
        }
        public List<String> getServers(String label) {
            if (!servers.containsKey(label)) {
                throw new RuntimeException("No Identity server list with label '" + label + "'");
            }
            return servers.get(label);
        }
    }
    private Logger log = LoggerFactory.getLogger(MatrixConfig.class);
    private String domain;
    private Identity identity = new Identity();
    public String getDomain() {
        return domain;
    }
    public void setDomain(String domain) {
        this.domain = domain;
    }
    public Identity getIdentity() {
        return identity;
    }
    public void setIdentity(Identity identity) {
        this.identity = identity;
    }
    @PostConstruct
    public void build() {
        log.info("--- Matrix config ---");
        if (StringUtils.isBlank(domain)) {
            throw new ConfigurationException("matrix.domain");
        }
        log.info("Domain: {}", getDomain());
        log.info("Identity:");
        log.info("\tServers: {}", new Gson().toJson(identity.getServers()));
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/RecursiveLookupBridgeConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/RecursiveLookupBridgeConfig.java
@@ -0,0 +1,86 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
 import java.util.HashMap;
 import java.util.Map;
@Configuration
@ConfigurationProperties(prefix = "lookup.recursive.bridge")
 public class RecursiveLookupBridgeConfig {
    private Logger log = LoggerFactory.getLogger(RecursiveLookupBridgeConfig.class);
    private boolean enabled;
    private boolean recursiveOnly;
    private String server;
    private Map<String, String> mappings = new HashMap<>();
    public boolean getEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
    public boolean getRecursiveOnly() {
        return recursiveOnly;
    }
    public void setRecursiveOnly(boolean recursiveOnly) {
        this.recursiveOnly = recursiveOnly;
    }
    public String getServer() {
        return server;
    }
    public void setServer(String server) {
        this.server = server;
    }
    public Map<String, String> getMappings() {
        return mappings;
    }
    public void setMappings(Map<String, String> mappings) {
        this.mappings = mappings;
    }
    @PostConstruct
    public void build() {
        log.info("--- Bridge integration lookups config ---");
        log.info("Enabled: {}", getEnabled());
        if (getEnabled()) {
            log.info("Recursive only: {}", getRecursiveOnly());
            log.info("Fallback Server: {}", getServer());
            log.info("Mappings: {}", mappings.size());
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/config/RecursiveLookupConfig.groovy
+++ b/src/main/groovy/io/kamax/mxisd/config/RecursiveLookupConfig.groovy
@@ -18,41 +18,43 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.config
+package io.kamax.mxisd.config;
-import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Configuration;
 import java.util.List;
@Configuration
@ConfigurationProperties(prefix = "lookup.recursive")
-class RecursiveLookupConfig {
+public class RecursiveLookupConfig {
-    private boolean enabled
+    private boolean enabled;
-    private List<String> allowedCidr
+    private List<String> allowedCidr;
-    private RecursiveLookupBridgeConfig bridge
+    private RecursiveLookupBridgeConfig bridge;
-    boolean isEnabled() {
+    public boolean isEnabled() {
-        return enabled
+        return enabled;
    }
-    void setEnabled(boolean enabled) {
+    public void setEnabled(boolean enabled) {
-        this.enabled = enabled
+        this.enabled = enabled;
    }
-    List<String> getAllowedCidr() {
+    public List<String> getAllowedCidr() {
-        return allowedCidr
+        return allowedCidr;
    }
-    void setAllowedCidr(List<String> allowedCidr) {
+    public void setAllowedCidr(List<String> allowedCidr) {
-        this.allowedCidr = allowedCidr
+        this.allowedCidr = allowedCidr;
    }
-    RecursiveLookupBridgeConfig getBridge() {
+    public RecursiveLookupBridgeConfig getBridge() {
-        return bridge
+        return bridge;
    }
-    void setBridge(RecursiveLookupBridgeConfig bridge) {
+    public void setBridge(RecursiveLookupBridgeConfig bridge) {
-        this.bridge = bridge
+        this.bridge = bridge;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/SQLiteStorageConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/SQLiteStorageConfig.java
@@ -0,0 +1,40 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties("storage.provider.sqlite")
 public class SQLiteStorageConfig {
    private String database;
    public String getDatabase() {
        return database;
    }
    public void setDatabase(String database) {
        this.database = database;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ServerConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ServerConfig.java
@@ -0,0 +1,98 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
 import java.net.MalformedURLException;
 import java.net.URL;
@Configuration
@ConfigurationProperties(prefix = "server")
 public class ServerConfig {
    private Logger log = LoggerFactory.getLogger(ServerConfig.class);
    @Autowired
    private MatrixConfig mxCfg;
    private String name;
    private int port;
    private String publicUrl;
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public int getPort() {
        return port;
    }
    public void setPort(int port) {
        this.port = port;
    }
    public String getPublicUrl() {
        return publicUrl;
    }
    public void setPublicUrl(String publicUrl) {
        this.publicUrl = publicUrl;
    }
    @PostConstruct
    public void build() {
        log.info("--- Server config ---");
        if (StringUtils.isBlank(getName())) {
            setName(mxCfg.getDomain());
            log.debug("server.name is empty, using matrix.domain");
        }
        if (StringUtils.isBlank(getPublicUrl())) {
            setPublicUrl("https://" + getName());
            log.debug("Public URL is empty, generating from name");
        } else {
            setPublicUrl(StringUtils.replace(getPublicUrl(), "%SERVER_NAME%", getName()));
        }
        try {
            new URL(getPublicUrl());
        } catch (MalformedURLException e) {
            log.warn("Public URL is not valid: {}", StringUtils.defaultIfBlank(e.getMessage(), "<no reason provided>"));
        }
        log.info("Name: {}", getName());
        log.info("Port: {}", getPort());
        log.info("Public URL: {}", getPublicUrl());
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/SessionConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/SessionConfig.java
@@ -0,0 +1,173 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import com.google.gson.Gson;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("session")
 public class SessionConfig {
    private static Logger log = LoggerFactory.getLogger(SessionConfig.class);
    public static class Policy {
        public static class PolicyTemplate {
            public static class PolicySource {
                public static class PolicySourceRemote {
                    private boolean enabled;
                    private String server;
                    public boolean isEnabled() {
                        return enabled;
                    }
                    public void setEnabled(boolean enabled) {
                        this.enabled = enabled;
                    }
                    public String getServer() {
                        return server;
                    }
                    public void setServer(String server) {
                        this.server = server;
                    }
                }
                private boolean enabled;
                private boolean toLocal;
                private PolicySourceRemote toRemote = new PolicySourceRemote();
                public boolean isEnabled() {
                    return enabled;
                }
                public void setEnabled(boolean enabled) {
                    this.enabled = enabled;
                }
                public boolean toLocal() {
                    return toLocal;
                }
                public void setToLocal(boolean toLocal) {
                    this.toLocal = toLocal;
                }
                public boolean toRemote() {
                    return toRemote.isEnabled();
                }
                public PolicySourceRemote getToRemote() {
                    return toRemote;
                }
                public void setToRemote(PolicySourceRemote toRemote) {
                    this.toRemote = toRemote;
                }
            }
            private boolean enabled;
            private PolicySource forLocal = new PolicySource();
            private PolicySource forRemote = new PolicySource();
            public boolean isEnabled() {
                return enabled;
            }
            public void setEnabled(boolean enabled) {
                this.enabled = enabled;
            }
            public PolicySource getForLocal() {
                return forLocal;
            }
            public PolicySource forLocal() {
                return forLocal;
            }
            public PolicySource getForRemote() {
                return forRemote;
            }
            public PolicySource forRemote() {
                return forRemote;
            }
            public PolicySource forIf(boolean isLocal) {
                return isLocal ? forLocal : forRemote;
            }
        }
        private PolicyTemplate validation = new PolicyTemplate();
        public PolicyTemplate getValidation() {
            return validation;
        }
        public void setValidation(PolicyTemplate validation) {
            this.validation = validation;
        }
    }
    private MatrixConfig mxCfg;
    private Policy policy = new Policy();
    @Autowired
    public SessionConfig(MatrixConfig mxCfg) {
        this.mxCfg = mxCfg;
    }
    public MatrixConfig getMatrixCfg() {
        return mxCfg;
    }
    public Policy getPolicy() {
        return policy;
    }
    public void setPolicy(Policy policy) {
        this.policy = policy;
    }
    @PostConstruct
    public void build() {
        log.info("--- Session config ---");
        log.info("Global Policy: {}", new Gson().toJson(policy));
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/config/ServerConfig.groovy
+++ b/src/main/groovy/io/kamax/mxisd/config/ServerConfig.groovy
@@ -18,31 +18,33 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.config
+package io.kamax.mxisd.config;
-import org.apache.commons.lang.StringUtils
+import io.kamax.mxisd.exception.ConfigurationException;
-import org.springframework.beans.factory.InitializingBean
+import org.apache.commons.lang.StringUtils;
-import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
-@ConfigurationProperties(prefix = "server")
+@ConfigurationProperties("storage")
-class ServerConfig implements InitializingBean {
+public class StorageConfig {
-    private String name
+    private String backend;
-    String getName() {
+    public String getBackend() {
-        return name
+        return backend;
    }
-    void setName(String name) {
+    public void setBackend(String backend) {
-        this.name = name
+        this.backend = backend;
    }
-    @Override
+    @PostConstruct
-    void afterPropertiesSet() throws Exception {
+    private void postConstruct() {
-        if (StringUtils.isBlank(getName())) {
+        if (StringUtils.isBlank(getBackend())) {
-            throw new RuntimeException("Server name must be configured. Use the same realm as your Homeserver")
+            throw new ConfigurationException("storage.backend");
        }
    }
--- a/src/main/java/io/kamax/mxisd/config/ThymeleafConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ThymeleafConfig.java
@@ -0,0 +1,42 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.thymeleaf.resourceresolver.FileResourceResolver;
 import org.thymeleaf.templateresolver.TemplateResolver;
@Configuration
 public class ThymeleafConfig {
    @Bean
    public TemplateResolver getFileSystemResolver() {
        TemplateResolver resolver = new TemplateResolver();
        resolver.setPrefix("");
        resolver.setSuffix("");
        resolver.setCacheable(false);
        resolver.setOrder(1);
        resolver.setResourceResolver(new FileResourceResolver());
        return resolver;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ViewConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ViewConfig.java
@@ -0,0 +1,144 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config;
 import com.google.gson.Gson;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("view")
 public class ViewConfig {
    private Logger log = LoggerFactory.getLogger(ViewConfig.class);
    public static class Session {
        public static class Paths {
            private String failure;
            private String success;
            public String getFailure() {
                return failure;
            }
            public void setFailure(String failure) {
                this.failure = failure;
            }
            public String getSuccess() {
                return success;
            }
            public void setSuccess(String success) {
                this.success = success;
            }
        }
        public static class Local {
            private Paths onTokenSubmit = new Paths();
            public Paths getOnTokenSubmit() {
                return onTokenSubmit;
            }
            public void setOnTokenSubmit(Paths onTokenSubmit) {
                this.onTokenSubmit = onTokenSubmit;
            }
        }
        public static class Remote {
            private Paths onRequest = new Paths();
            private Paths onCheck = new Paths();
            public Paths getOnRequest() {
                return onRequest;
            }
            public void setOnRequest(Paths onRequest) {
                this.onRequest = onRequest;
            }
            public Paths getOnCheck() {
                return onCheck;
            }
            public void setOnCheck(Paths onCheck) {
                this.onCheck = onCheck;
            }
        }
        private Local local = new Local();
        private Local localRemote = new Local();
        private Remote remote = new Remote();
        public Local getLocal() {
            return local;
        }
        public void setLocal(Local local) {
            this.local = local;
        }
        public Local getLocalRemote() {
            return localRemote;
        }
        public void setLocalRemote(Local localRemote) {
            this.localRemote = localRemote;
        }
        public Remote getRemote() {
            return remote;
        }
        public void setRemote(Remote remote) {
            this.remote = remote;
        }
    }
    private Session session = new Session();
    public Session getSession() {
        return session;
    }
    public void setSession(Session session) {
        this.session = session;
    }
    @PostConstruct
    public void build() {
        log.info("--- View config ---");
        log.info("Session: {}", new Gson().toJson(session));
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapAttributeConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapAttributeConfig.java
@@ -0,0 +1,49 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.ldap;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties(prefix = "ldap.attribute")
 public class LdapAttributeConfig {
    private LdapAttributeUidConfig uid;
    private String name;
    public LdapAttributeUidConfig getUid() {
        return uid;
    }
    public void setUid(LdapAttributeUidConfig uid) {
        this.uid = uid;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapAttributeUidConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapAttributeUidConfig.java
@@ -0,0 +1,49 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.ldap;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties(prefix = "ldap.attribute.uid")
 public class LdapAttributeUidConfig {
    private String type;
    private String value;
    public String getType() {
        return type;
    }
    public void setType(String type) {
        this.type = type;
    }
    public String getValue() {
        return value;
    }
    public void setValue(String value) {
        this.value = value;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapAuthConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapAuthConfig.java
@@ -18,23 +18,23 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.config
+package io.kamax.mxisd.config.ldap;
-import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Configuration;
@Configuration
-@ConfigurationProperties(prefix = "forward")
+@ConfigurationProperties(prefix = "ldap.auth")
-class ForwardConfig {
+public class LdapAuthConfig {
-    private List<String> servers
+    private String filter;
-    List<String> getServers() {
+    public String getFilter() {
-        return servers
+        return filter;
    }
-    void setServers(List<String> servers) {
+    public void setFilter(String filter) {
-        this.servers = servers
+        this.filter = filter;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java
@@ -0,0 +1,131 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.ldap;
 import com.google.gson.Gson;
 import io.kamax.mxisd.backend.ldap.LdapThreePidProvider;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties(prefix = "ldap")
 public class LdapConfig {
    private static Gson gson = new Gson();
    private Logger log = LoggerFactory.getLogger(LdapConfig.class);
    private boolean enabled;
    @Autowired
    private LdapConnectionConfig conn;
    private LdapAttributeConfig attribute;
    private LdapAuthConfig auth;
    private LdapIdentityConfig identity;
    public boolean isEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
    public LdapConnectionConfig getConn() {
        return conn;
    }
    public void setConn(LdapConnectionConfig conn) {
        this.conn = conn;
    }
    public LdapAttributeConfig getAttribute() {
        return attribute;
    }
    public void setAttribute(LdapAttributeConfig attribute) {
        this.attribute = attribute;
    }
    public LdapAuthConfig getAuth() {
        return auth;
    }
    public void setAuth(LdapAuthConfig auth) {
        this.auth = auth;
    }
    public LdapIdentityConfig getIdentity() {
        return identity;
    }
    public void setIdentity(LdapIdentityConfig identity) {
        this.identity = identity;
    }
    @PostConstruct
    public void build() {
        log.info("--- LDAP Config ---");
        log.info("Enabled: {}", isEnabled());
        if (!isEnabled()) {
            return;
        }
        if (StringUtils.isBlank(conn.getHost())) {
            throw new IllegalStateException("LDAP Host must be configured!");
        }
        if (1 > conn.getPort() || 65535 < conn.getPort()) {
            throw new IllegalStateException("LDAP port is not valid");
        }
        if (StringUtils.isBlank(attribute.getUid().getType())) {
            throw new IllegalStateException("Attribute UID Type cannot be empty");
        }
        if (StringUtils.isBlank(attribute.getUid().getValue())) {
            throw new IllegalStateException("Attribute UID value cannot be empty");
        }
        String uidType = attribute.getUid().getType();
        if (!StringUtils.equals(LdapThreePidProvider.UID, uidType) && !StringUtils.equals(LdapThreePidProvider.MATRIX_ID, uidType)) {
            throw new IllegalArgumentException("Unsupported LDAP UID type: " + uidType);
        }
        log.info("Host: {}", conn.getHost());
        log.info("Port: {}", conn.getPort());
        log.info("Bind DN: {}", conn.getBindDn());
        log.info("Base DN: {}", conn.getBaseDn());
        log.info("Attribute: {}", gson.toJson(attribute));
        log.info("Auth: {}", gson.toJson(auth));
        log.info("Identity: {}", gson.toJson(identity));
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapConnectionConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapConnectionConfig.java
@@ -0,0 +1,85 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.ldap;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties(prefix = "ldap.connection")
 public class LdapConnectionConfig {
    private boolean tls;
    private String host;
    private int port;
    private String bindDn;
    private String bindPassword;
    private String baseDn;
    public boolean isTls() {
        return tls;
    }
    public void setTls(boolean tls) {
        this.tls = tls;
    }
    public String getHost() {
        return host;
    }
    public void setHost(String host) {
        this.host = host;
    }
    public int getPort() {
        return port;
    }
    public void setPort(int port) {
        this.port = port;
    }
    public String getBindDn() {
        return bindDn;
    }
    public void setBindDn(String bindDn) {
        this.bindDn = bindDn;
    }
    public String getBindPassword() {
        return bindPassword;
    }
    public void setBindPassword(String bindPassword) {
        this.bindPassword = bindPassword;
    }
    public String getBaseDn() {
        return baseDn;
    }
    public void setBaseDn(String baseDn) {
        this.baseDn = baseDn;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/ldap/LdapIdentityConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/ldap/LdapIdentityConfig.java
@@ -0,0 +1,48 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.ldap;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
@Configuration
@ConfigurationProperties(prefix = "ldap.identity")
 public class LdapIdentityConfig {
    private Map<String, String> medium = new HashMap<>();
    public Map<String, String> getMedium() {
        return medium;
    }
    public Optional<String> getQuery(String key) {
        return Optional.ofNullable(medium.get(key));
    }
    public void setMedium(Map<String, String> medium) {
        this.medium = medium;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/rest/RestBackendConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/rest/RestBackendConfig.java
@@ -0,0 +1,149 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.rest;
 import io.kamax.mxisd.exception.ConfigurationException;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
 import java.net.MalformedURLException;
 import java.net.URL;
@Configuration
@ConfigurationProperties("rest")
 public class RestBackendConfig {
    public static class IdentityEndpoints {
        private String single;
        private String bulk;
        public String getSingle() {
            return single;
        }
        public void setSingle(String single) {
            this.single = single;
        }
        public String getBulk() {
            return bulk;
        }
        public void setBulk(String bulk) {
            this.bulk = bulk;
        }
    }
    public static class Endpoints {
        private IdentityEndpoints identity = new IdentityEndpoints();
        private String auth;
        public IdentityEndpoints getIdentity() {
            return identity;
        }
        public void setIdentity(IdentityEndpoints identity) {
            this.identity = identity;
        }
        public String getAuth() {
            return auth;
        }
        public void setAuth(String auth) {
            this.auth = auth;
        }
    }
    private Logger log = LoggerFactory.getLogger(RestBackendConfig.class);
    private boolean enabled;
    private String host;
    private Endpoints endpoints = new Endpoints();
    public boolean isEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
    public String getHost() {
        return host;
    }
    public void setHost(String host) {
        this.host = host;
    }
    public Endpoints getEndpoints() {
        return endpoints;
    }
    public void setEndpoints(Endpoints endpoints) {
        this.endpoints = endpoints;
    }
    private String buildEndpointUrl(String endpoint) {
        if (StringUtils.startsWith(endpoint, "/")) {
            if (StringUtils.isBlank(getHost())) {
                throw new ConfigurationException("rest.host");
            }
            try {
                new URL(getHost());
            } catch (MalformedURLException e) {
                throw new ConfigurationException("rest.host", e.getMessage());
            }
            return getHost() + endpoint;
        } else {
            return endpoint;
        }
    }
    @PostConstruct
    public void build() {
        log.info("--- REST backend config ---");
        log.info("Enabled: {}", isEnabled());
        if (isEnabled()) {
            endpoints.setAuth(buildEndpointUrl(endpoints.getAuth()));
            endpoints.identity.setSingle(buildEndpointUrl(endpoints.identity.getSingle()));
            endpoints.identity.setBulk(buildEndpointUrl(endpoints.identity.getBulk()));
            log.info("Host: {}", getHost());
            log.info("Auth endpoint: {}", endpoints.getAuth());
            log.info("Identity Single endpoint: {}", endpoints.identity.getSingle());
            log.info("Identity Bulk endpoint: {}", endpoints.identity.getBulk());
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/sql/SqlProviderAuthConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/sql/SqlProviderAuthConfig.java
@@ -0,0 +1,21 @@
 package io.kamax.mxisd.config.sql;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 // Unused
@Configuration
@ConfigurationProperties("sql.auth")
 public class SqlProviderAuthConfig {
    private boolean enabled;
    public boolean isEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/sql/SqlProviderConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/sql/SqlProviderConfig.java
@@ -0,0 +1,96 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.sql;
 import com.google.gson.Gson;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("sql")
 public class SqlProviderConfig {
    private Logger log = LoggerFactory.getLogger(SqlProviderConfig.class);
    private boolean enabled;
    private String type;
    private String connection;
    private SqlProviderAuthConfig auth;
    private SqlProviderIdentityConfig identity;
    public boolean isEnabled() {
        return enabled;
    }
    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }
    public String getType() {
        return type;
    }
    public void setType(String type) {
        this.type = type;
    }
    public String getConnection() {
        return connection;
    }
    public void setConnection(String connection) {
        this.connection = connection;
    }
    public SqlProviderAuthConfig getAuth() {
        return auth;
    }
    public void setAuth(SqlProviderAuthConfig auth) {
        this.auth = auth;
    }
    public SqlProviderIdentityConfig getIdentity() {
        return identity;
    }
    public void setIdentity(SqlProviderIdentityConfig identity) {
        this.identity = identity;
    }
    @PostConstruct
    private void postConstruct() {
        log.info("--- SQL Provider config ---");
        log.info("Enabled: {}", isEnabled());
        if (isEnabled()) {
            log.info("Type: {}", getType());
            log.info("Connection: {}", getConnection());
            log.info("Auth enabled: {}", getAuth().isEnabled());
            log.info("Identy type: {}", getIdentity().getType());
            log.info("Identity medium queries: {}", new Gson().toJson(getIdentity().getMedium()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/sql/SqlProviderIdentityConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/sql/SqlProviderIdentityConfig.java
@@ -0,0 +1,61 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.sql;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import java.util.HashMap;
 import java.util.Map;
@Configuration
@ConfigurationProperties("sql.identity")
 public class SqlProviderIdentityConfig {
    private String type;
    private String query;
    private Map<String, String> medium = new HashMap<>();
    public String getType() {
        return type;
    }
    public void setType(String type) {
        this.type = type;
    }
    public String getQuery() {
        return query;
    }
    public void setQuery(String query) {
        this.query = query;
    }
    public Map<String, String> getMedium() {
        return medium;
    }
    public void setMedium(Map<String, String> medium) {
        this.medium = medium;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/connector/EmailSmtpConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/connector/EmailSmtpConfig.java
@@ -0,0 +1,93 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.connector;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties(prefix = "threepid.medium.email.connectors.smtp")
 public class EmailSmtpConfig {
    private Logger log = LoggerFactory.getLogger(EmailSmtpConfig.class);
    private String host;
    private int port;
    private int tls;
    private String login;
    private String password;
    public String getHost() {
        return host;
    }
    public void setHost(String host) {
        this.host = host;
    }
    public int getPort() {
        return port;
    }
    public void setPort(int port) {
        this.port = port;
    }
    public int getTls() {
        return tls;
    }
    public void setTls(int tls) {
        this.tls = tls;
    }
    public String getLogin() {
        return login;
    }
    public void setLogin(String login) {
        this.login = login;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    @PostConstruct
    public void build() {
        log.info("--- E-mail SMTP Connector config ---");
        log.info("Host: {}", getHost());
        log.info("Port: {}", getPort());
        log.info("TLS Mode: {}", getTls());
        log.info("Login: {}", getLogin());
        log.info("Has password: {}", StringUtils.isNotBlank(getPassword()));
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/connector/PhoneTwilioConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/connector/PhoneTwilioConfig.java
@@ -0,0 +1,73 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.connector;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties(prefix = PhoneTwilioConfig.NAMESPACE)
 public class PhoneTwilioConfig {
    static final String NAMESPACE = "threepid.medium.msisdn.connectors.twilio";
    private Logger log = LoggerFactory.getLogger(PhoneTwilioConfig.class);
    private String accountSid;
    private String authToken;
    private String number;
    public String getAccountSid() {
        return accountSid;
    }
    public void setAccountSid(String accountSid) {
        this.accountSid = accountSid;
    }
    public String getAuthToken() {
        return authToken;
    }
    public void setAuthToken(String authToken) {
        this.authToken = authToken;
    }
    public String getNumber() {
        return number;
    }
    public void setNumber(String number) {
        this.number = number;
    }
    @PostConstruct
    public void build() {
        log.info("--- Phone SMS Twilio connector config ---");
        log.info("Account SID: {}", getAccountSid());
        log.info("Sender number: {}", getNumber());
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/medium/EmailConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/medium/EmailConfig.java
@@ -0,0 +1,116 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.medium;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.exception.ConfigurationException;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.WordUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("threepid.medium.email")
 public class EmailConfig {
    private Logger log = LoggerFactory.getLogger(EmailConfig.class);
    public static class Identity {
        private String from;
        private String name;
        public String getFrom() {
            return from;
        }
        public void setFrom(String from) {
            this.from = from;
        }
        public String getName() {
            return name;
        }
        public void setName(String name) {
            this.name = name;
        }
    }
    private String generator;
    private String connector;
    private MatrixConfig mxCfg;
    private Identity identity = new Identity();
    @Autowired
    public EmailConfig(MatrixConfig mxCfg) {
        this.mxCfg = mxCfg;
    }
    public Identity getIdentity() {
        return identity;
    }
    public String getGenerator() {
        return generator;
    }
    public void setGenerator(String generator) {
        this.generator = generator;
    }
    public String getConnector() {
        return connector;
    }
    public void setConnector(String connector) {
        this.connector = connector;
    }
    @PostConstruct
    public void build() {
        log.info("--- E-mail config ---");
        if (StringUtils.isBlank(getGenerator())) {
            throw new ConfigurationException("generator");
        }
        if (StringUtils.isBlank(getConnector())) {
            throw new ConfigurationException("connector");
        }
        log.info("From: {}", identity.getFrom());
        if (StringUtils.isBlank(identity.getName())) {
            identity.setName(WordUtils.capitalize(mxCfg.getDomain()) + " Identity Server");
        }
        log.info("Name: {}", identity.getName());
        log.info("Generator: {}", getGenerator());
        log.info("Connector: {}", getConnector());
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/medium/EmailTemplateConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/medium/EmailTemplateConfig.java
@@ -0,0 +1,45 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.medium;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("threepid.medium.email.generators.template")
 public class EmailTemplateConfig extends GenericTemplateConfig {
    private static Logger log = LoggerFactory.getLogger(EmailTemplateConfig.class);
    @PostConstruct
    public void build() {
        log.info("--- E-mail Generator templates config ---");
        log.info("Invite: {}", getName(getInvite()));
        log.info("Session validation:");
        log.info("\tLocal: {}", getName(getSession().getValidation().getLocal()));
        log.info("\tRemote: {}", getName(getSession().getValidation().getRemote()));
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/medium/GenericTemplateConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/medium/GenericTemplateConfig.java
@@ -0,0 +1,89 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.medium;
 import org.apache.commons.lang.StringUtils;
 public class GenericTemplateConfig {
    private static final String classpathPrefix = "classpath:";
    protected static String getName(String path) {
        if (StringUtils.startsWith(path, classpathPrefix)) {
            return "Built-in (" + path.substring(classpathPrefix.length()) + ")";
        }
        return path;
    }
    public static class Session {
        public static class SessionValidation {
            private String local;
            private String remote;
            public String getLocal() {
                return local;
            }
            public void setLocal(String local) {
                this.local = local;
            }
            public String getRemote() {
                return remote;
            }
            public void setRemote(String remote) {
                this.remote = remote;
            }
        }
        private SessionValidation validation;
        public SessionValidation getValidation() {
            return validation;
        }
        public void setValidation(SessionValidation validation) {
            this.validation = validation;
        }
    }
    private String invite;
    private Session session = new Session();
    public String getInvite() {
        return invite;
    }
    public void setInvite(String invite) {
        this.invite = invite;
    }
    public Session getSession() {
        return session;
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneConfig.java
@@ -0,0 +1,73 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.medium;
 import io.kamax.mxisd.exception.ConfigurationException;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("threepid.medium.msisdn")
 public class PhoneConfig {
    private Logger log = LoggerFactory.getLogger(PhoneConfig.class);
    private String generator;
    private String connector;
    public String getGenerator() {
        return generator;
    }
    public void setGenerator(String generator) {
        this.generator = generator;
    }
    public String getConnector() {
        return connector;
    }
    public void setConnector(String connector) {
        this.connector = connector;
    }
    @PostConstruct
    public void build() {
        log.info("--- Phone config ---");
        if (StringUtils.isBlank(getGenerator())) {
            throw new ConfigurationException("generator");
        }
        if (StringUtils.isBlank(getConnector())) {
            throw new ConfigurationException("connector");
        }
        log.info("Generator: {}", getGenerator());
        log.info("Connector: {}", getConnector());
    }
 }
--- a/src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneSmsTemplateConfig.java
+++ b/src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneSmsTemplateConfig.java
@@ -0,0 +1,45 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.config.threepid.medium;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
@Configuration
@ConfigurationProperties("threepid.medium.msisdn.generators.template")
 public class PhoneSmsTemplateConfig extends GenericTemplateConfig {
    private static Logger log = LoggerFactory.getLogger(EmailTemplateConfig.class);
    @PostConstruct
    public void build() {
        log.info("--- SMS Generator templates config ---");
        log.info("Invite: {}", getName(getInvite()));
        log.info("Session validation:");
        log.info("\tLocal: {}", getName(getSession().getValidation().getLocal()));
        log.info("\tRemote: {}", getName(getSession().getValidation().getRemote()));
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/AuthController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/AuthController.java
@@ -0,0 +1,89 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import io.kamax.mxisd.auth.AuthManager;
 import io.kamax.mxisd.auth.UserAuthResult;
 import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@RestController
@CrossOrigin
@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class AuthController {
    private Logger log = LoggerFactory.getLogger(AuthController.class);
    private Gson gson = new Gson();
    @Autowired
    private AuthManager mgr;
    @RequestMapping(value = "/_matrix-internal/identity/v1/check_credentials", method = RequestMethod.POST)
    public String checkCredentials(HttpServletRequest req) {
        try {
            JsonElement el = new JsonParser().parse(IOUtils.toString(req.getInputStream(), StandardCharsets.UTF_8));
            if (!el.isJsonObject() || !el.getAsJsonObject().has("user")) {
                throw new IllegalArgumentException("Missing user key");
            }
            JsonObject authData = el.getAsJsonObject().get("user").getAsJsonObject();
            if (!authData.has("id") || !authData.has("password")) {
                throw new IllegalArgumentException("Missing id or password keys");
            }
            String id = authData.get("id").getAsString();
            log.info("Requested to check credentials for {}", id);
            String password = authData.get("password").getAsString();
            UserAuthResult result = mgr.authenticate(id, password);
            JsonObject authObj = new JsonObject();
            authObj.addProperty("success", result.isSuccess());
            if (result.isSuccess()) {
                authObj.addProperty("mxid", result.getMxid());
                authObj.addProperty("display_name", result.getDisplayName());
            }
            JsonObject obj = new JsonObject();
            obj.add("authentication", authObj);
            return gson.toJson(obj);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/ClientBulkLookupAnswer.java
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/ClientBulkLookupAnswer.java
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/ClientBulkLookupRequest.groovy
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/ClientBulkLookupRequest.groovy
@@ -18,28 +18,31 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.controller.v1
+package io.kamax.mxisd.controller.v1;
-import io.kamax.mxisd.lookup.ThreePidMapping
+import io.kamax.mxisd.lookup.ThreePidMapping;
-class ClientBulkLookupRequest {
+import java.util.ArrayList;
 import java.util.List;
-    private List<List<String>> threepids = new ArrayList<>()
+public class ClientBulkLookupRequest {
-    List<List<String>> getThreepids() {
+    private List<List<String>> threepids = new ArrayList<>();
-        return threepids
+
    public List<List<String>> getThreepids() {
        return threepids;
    }
-    void setThreepids(List<List<String>> threepids) {
+    public void setThreepids(List<List<String>> threepids) {
-        this.threepids = threepids
+        this.threepids = threepids;
    }
-    void setMappings(List<ThreePidMapping> mappings) {
+    public void setMappings(List<ThreePidMapping> mappings) {
        for (ThreePidMapping mapping : mappings) {
-            List<String> threepid = new ArrayList<>()
+            List<String> threepid = new ArrayList<>();
-            threepid.add(mapping.getMedium())
+            threepid.add(mapping.getMedium());
-            threepid.add(mapping.getValue())
+            threepid.add(mapping.getValue());
-            threepids.add(threepid)
+            threepids.add(threepid);
        }
    }
--- a/src/main/java/io/kamax/mxisd/controller/v1/DefaultExceptionHandler.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/DefaultExceptionHandler.java
@@ -0,0 +1,107 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import io.kamax.mxisd.exception.BadRequestException;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.exception.MappingAlreadyExistsException;
 import io.kamax.mxisd.exception.MatrixException;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.time.Instant;
@ControllerAdvice
@ResponseBody
@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class DefaultExceptionHandler {
    private Logger log = LoggerFactory.getLogger(DefaultExceptionHandler.class);
    private static Gson gson = new Gson();
    static String handle(String erroCode, String error) {
        JsonObject obj = new JsonObject();
        obj.addProperty("errcode", erroCode);
        obj.addProperty("error", error);
        obj.addProperty("success", false);
        return gson.toJson(obj);
    }
    @ExceptionHandler(InternalServerError.class)
    public String handle(InternalServerError e, HttpServletResponse response) {
        if (StringUtils.isNotBlank(e.getInternalReason())) {
            log.error("Reference #{} - {}", e.getReference(), e.getInternalReason());
        } else {
            log.error("Reference #{}", e);
        }
        return handleGeneric(e, response);
    }
    @ExceptionHandler(MatrixException.class)
    public String handleGeneric(MatrixException e, HttpServletResponse response) {
        response.setStatus(e.getStatus());
        return handle(e.getErrorCode(), e.getError());
    }
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ExceptionHandler(MissingServletRequestParameterException.class)
    public String handle(MissingServletRequestParameterException e) {
        return handle("M_INVALID_BODY", e.getMessage());
    }
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ExceptionHandler(MappingAlreadyExistsException.class)
    public String handle(MappingAlreadyExistsException e) {
        return handle("M_ALREADY_EXISTS", e.getMessage());
    }
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ExceptionHandler(BadRequestException.class)
    public String handle(BadRequestException e) {
        return handle("M_BAD_REQUEST", e.getMessage());
    }
    @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
    @ExceptionHandler(RuntimeException.class)
    public String handle(HttpServletRequest req, RuntimeException e) {
        log.error("Unknown error when handling {}", req.getRequestURL(), e);
        return handle(
                "M_UNKNOWN",
                StringUtils.defaultIfBlank(
                        e.getMessage(),
                        "An internal server error occured. If this error persists, please contact support with reference #" +
                                Instant.now().toEpochMilli()
                )
        );
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/IdentityAPIv1.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/IdentityAPIv1.java
@@ -0,0 +1,32 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 public class IdentityAPIv1 {
    public static final String BASE = "/_matrix/identity/api/v1";
    public static String getValidate(String medium, String sid, String secret, String token) {
        // FIXME use some kind of URLBuilder
        return BASE + "/validate/" + medium + "/submitToken?sid=" + sid + "&client_secret=" + secret + "&token=" + token;
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/InvitationController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/InvitationController.java
@@ -0,0 +1,82 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import io.kamax.matrix.MatrixID;
 import io.kamax.mxisd.config.ServerConfig;
 import io.kamax.mxisd.controller.v1.io.ThreePidInviteReplyIO;
 import io.kamax.mxisd.invitation.IThreePidInvite;
 import io.kamax.mxisd.invitation.IThreePidInviteReply;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.invitation.ThreePidInvite;
 import io.kamax.mxisd.key.KeyManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import java.util.HashMap;
 import java.util.Map;
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
@RestController
@CrossOrigin
@RequestMapping(path = IdentityAPIv1.BASE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 class InvitationController {
    private Logger log = LoggerFactory.getLogger(InvitationController.class);
    @Autowired
    private InvitationManager mgr;
    @Autowired
    private KeyManager keyMgr;
    @Autowired
    private ServerConfig srvCfg;
    private Gson gson = new Gson();
    @RequestMapping(value = "/store-invite", method = POST)
    String store(
            HttpServletRequest request,
            @RequestParam String sender,
            @RequestParam String medium,
            @RequestParam String address,
            @RequestParam("room_id") String roomId) {
        Map<String, String> parameters = new HashMap<>();
        for (String key : request.getParameterMap().keySet()) {
            parameters.put(key, request.getParameter(key));
        }
        IThreePidInvite invite = new ThreePidInvite(new MatrixID(sender), medium, address, roomId, parameters);
        IThreePidInviteReply reply = mgr.storeInvite(invite);
        return gson.toJson(new ThreePidInviteReplyIO(reply, keyMgr.getPublicKeyBase64(keyMgr.getCurrentIndex()), srvCfg.getPublicUrl()));
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/KeyController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/KeyController.java
@@ -0,0 +1,81 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import io.kamax.mxisd.controller.v1.io.KeyValidityJson;
 import io.kamax.mxisd.exception.BadRequestException;
 import io.kamax.mxisd.key.KeyManager;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
@RestController
@CrossOrigin
@RequestMapping(path = IdentityAPIv1.BASE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class KeyController {
    private Logger log = LoggerFactory.getLogger(KeyController.class);
    @Autowired
    private KeyManager keyMgr;
    private Gson gson = new Gson();
    private String validKey = gson.toJson(new KeyValidityJson(true));
    private String invalidKey = gson.toJson(new KeyValidityJson(false));
    @RequestMapping(value = "/pubkey/{keyType}:{keyId}", method = GET)
    public String getKey(@PathVariable String keyType, @PathVariable int keyId) {
        if (!"ed25519".contentEquals(keyType)) {
            throw new BadRequestException("Invalid algorithm: " + keyType);
        }
        log.info("Key {}:{} was requested", keyType, keyId);
        JsonObject obj = new JsonObject();
        obj.addProperty("public_key", keyMgr.getPublicKeyBase64(keyId));
        return gson.toJson(obj);
    }
    @RequestMapping(value = "/pubkey/ephemeral/isvalid", method = GET)
    public String checkEphemeralKeyValidity(HttpServletRequest request) {
        log.warn("Ephemeral key was request but no ephemeral key are generated, replying not valid");
        return invalidKey;
    }
    @RequestMapping(value = "/pubkey/isvalid", method = GET)
    public String checkKeyValidity(HttpServletRequest request, @RequestParam("public_key") String pubKey) {
        log.info("Validating public key {}", pubKey);
        // TODO do in manager
        boolean valid = StringUtils.equals(pubKey, keyMgr.getPublicKeyBase64(keyMgr.getCurrentIndex()));
        return valid ? validKey : invalidKey;
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/MappingController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/MappingController.java
@@ -0,0 +1,130 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import io.kamax.mxisd.controller.v1.io.SingeLookupReplyJson;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.lookup.*;
 import io.kamax.mxisd.lookup.strategy.LookupStrategy;
 import io.kamax.mxisd.signature.SignatureManager;
 import io.kamax.mxisd.util.GsonParser;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
@RestController
@CrossOrigin
@RequestMapping(path = IdentityAPIv1.BASE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class MappingController {
    private Logger log = LoggerFactory.getLogger(MappingController.class);
    private Gson gson = new Gson();
    private GsonParser parser = new GsonParser(gson);
    @Autowired
    private LookupStrategy strategy;
    @Autowired
    private SignatureManager signMgr;
    private void setRequesterInfo(ALookupRequest lookupReq, HttpServletRequest req) {
        lookupReq.setRequester(req.getRemoteAddr());
        String xff = req.getHeader("X-FORWARDED-FOR");
        lookupReq.setRecursive(StringUtils.isNotBlank(xff));
        if (lookupReq.isRecursive()) {
            lookupReq.setRecurseHosts(Arrays.asList(xff.split(",")));
        }
        lookupReq.setUserAgent(req.getHeader("USER-AGENT"));
    }
    @RequestMapping(value = "/lookup", method = GET)
    String lookup(HttpServletRequest request, @RequestParam String medium, @RequestParam String address) {
        SingleLookupRequest lookupRequest = new SingleLookupRequest();
        setRequesterInfo(lookupRequest, request);
        lookupRequest.setType(medium);
        lookupRequest.setThreePid(address);
        log.info("Got single lookup request from {} with client {} - Is recursive? {}", lookupRequest.getRequester(), lookupRequest.getUserAgent(), lookupRequest.isRecursive());
        Optional<SingleLookupReply> lookupOpt = strategy.find(lookupRequest);
        if (!lookupOpt.isPresent()) {
            log.info("No mapping was found, return empty JSON object");
            return "{}";
        }
        SingleLookupReply lookup = lookupOpt.get();
        if (lookup.isSigned()) {
            log.info("Lookup is already signed, sending as-is");
            return lookup.getBody();
        } else {
            log.info("Lookup is not signed, signing");
            JsonObject obj = gson.toJsonTree(new SingeLookupReplyJson(lookup)).getAsJsonObject();
            obj.add("signatures", signMgr.signMessageGson(gson.toJson(obj)));
            return gson.toJson(obj);
        }
    }
    @RequestMapping(value = "/bulk_lookup", method = POST)
    String bulkLookup(HttpServletRequest request) {
        BulkLookupRequest lookupRequest = new BulkLookupRequest();
        setRequesterInfo(lookupRequest, request);
        log.info("Got single lookup request from {} with client {} - Is recursive? {}", lookupRequest.getRequester(), lookupRequest.getUserAgent(), lookupRequest.isRecursive());
        try {
            ClientBulkLookupRequest input = parser.parse(request, ClientBulkLookupRequest.class);
            List<ThreePidMapping> mappings = new ArrayList<>();
            for (List<String> mappingRaw : input.getThreepids()) {
                ThreePidMapping mapping = new ThreePidMapping();
                mapping.setMedium(mappingRaw.get(0));
                mapping.setValue(mappingRaw.get(1));
                mappings.add(mapping);
            }
            lookupRequest.setMappings(mappings);
            ClientBulkLookupAnswer answer = new ClientBulkLookupAnswer();
            answer.addAll(strategy.find(lookupRequest));
            return gson.toJson(answer);
        } catch (IOException e) {
            throw new InternalServerError(e);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/SessionController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/SessionController.java
@@ -0,0 +1,92 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import io.kamax.mxisd.config.ServerConfig;
 import io.kamax.mxisd.config.ViewConfig;
 import io.kamax.mxisd.controller.v1.remote.RemoteIdentityAPIv1;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.session.SessionMananger;
 import io.kamax.mxisd.session.ValidationResult;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
@Controller
@RequestMapping(path = IdentityAPIv1.BASE)
 class SessionController {
    private Logger log = LoggerFactory.getLogger(SessionController.class);
    @Autowired
    private ServerConfig srvCfg;
    @Autowired
    private SessionMananger mgr;
    @Autowired
    private ViewConfig viewCfg;
    @RequestMapping(value = "/validate/{medium}/submitToken", method = GET)
    public String validate(
            HttpServletRequest request,
            HttpServletResponse response,
            @RequestParam String sid,
            @RequestParam("client_secret") String secret,
            @RequestParam String token,
            Model model
    ) {
        log.info("Requested: {}?{}", request.getRequestURL(), request.getQueryString());
        ValidationResult r = mgr.validate(sid, secret, token);
        log.info("Session {} was validated", sid);
        if (r.getNextUrl().isPresent()) {
            String url = srvCfg.getPublicUrl() + r.getNextUrl().get();
            log.info("Session {} validation: next URL is present, redirecting to {}", sid, url);
            try {
                response.sendRedirect(url);
                return "";
            } catch (IOException e) {
                log.warn("Unable to redirect user to {}", url);
                throw new InternalServerError(e);
            }
        } else {
            if (r.isCanRemote()) {
                String url = srvCfg.getPublicUrl() + RemoteIdentityAPIv1.getRequestToken(r.getSession().getId(), r.getSession().getSecret());
                model.addAttribute("remoteSessionLink", url);
                return viewCfg.getSession().getLocalRemote().getOnTokenSubmit().getSuccess();
            } else {
                return viewCfg.getSession().getLocal().getOnTokenSubmit().getSuccess();
            }
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/SessionRestController.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/SessionRestController.java
@@ -0,0 +1,181 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.mxisd.ThreePid;
 import io.kamax.mxisd.config.ServerConfig;
 import io.kamax.mxisd.config.ViewConfig;
 import io.kamax.mxisd.controller.v1.io.SessionEmailTokenRequestJson;
 import io.kamax.mxisd.controller.v1.io.SessionPhoneTokenRequestJson;
 import io.kamax.mxisd.controller.v1.io.SuccessStatusJson;
 import io.kamax.mxisd.exception.BadRequestException;
 import io.kamax.mxisd.exception.SessionNotValidatedException;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.lookup.ThreePidValidation;
 import io.kamax.mxisd.session.SessionMananger;
 import io.kamax.mxisd.session.ValidationResult;
 import io.kamax.mxisd.util.GsonParser;
 import org.apache.http.HttpStatus;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
@RestController
@CrossOrigin
@RequestMapping(path = IdentityAPIv1.BASE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class SessionRestController {
    private Logger log = LoggerFactory.getLogger(SessionRestController.class);
    private class Sid { // FIXME replace with RequestTokenResponse
        private String sid;
        public Sid(String sid) {
            setSid(sid);
        }
        String getSid() {
            return sid;
        }
        void setSid(String sid) {
            this.sid = sid;
        }
    }
    @Autowired
    private ServerConfig srvCfg;
    @Autowired
    private SessionMananger mgr;
    @Autowired
    private InvitationManager invMgr;
    @Autowired
    private ViewConfig viewCfg;
    private Gson gson = new Gson();
    private GsonParser parser = new GsonParser(gson);
    @RequestMapping(value = "/validate/{medium}/requestToken")
    String init(HttpServletRequest request, HttpServletResponse response, @PathVariable String medium) throws IOException {
        log.info("Request {}: {}", request.getMethod(), request.getRequestURL(), request.getQueryString());
        if (ThreePidMedium.Email.is(medium)) {
            SessionEmailTokenRequestJson req = parser.parse(request, SessionEmailTokenRequestJson.class);
            return gson.toJson(new Sid(mgr.create(
                    request.getRemoteHost(),
                    new ThreePid(req.getMedium(), req.getValue()),
                    req.getSecret(),
                    req.getAttempt(),
                    req.getNextLink())));
        }
        if (ThreePidMedium.PhoneNumber.is(medium)) {
            SessionPhoneTokenRequestJson req = parser.parse(request, SessionPhoneTokenRequestJson.class);
            return gson.toJson(new Sid(mgr.create(
                    request.getRemoteHost(),
                    new ThreePid(req.getMedium(), req.getValue()),
                    req.getSecret(),
                    req.getAttempt(),
                    req.getNextLink())));
        }
        JsonObject obj = new JsonObject();
        obj.addProperty("errcode", "M_INVALID_3PID_TYPE");
        obj.addProperty("error", medium + " is not supported as a 3PID type");
        response.setStatus(HttpStatus.SC_BAD_REQUEST);
        return gson.toJson(obj);
    }
    @RequestMapping(value = "/validate/{medium}/submitToken", method = POST)
    public String validate(
            HttpServletRequest request,
            HttpServletResponse response,
            @RequestParam String sid,
            @RequestParam("client_secret") String secret,
            @RequestParam String token,
            Model model
    ) {
        log.info("Requested: {}", request.getRequestURL());
        ValidationResult r = mgr.validate(sid, secret, token);
        log.info("Session {} was validated", sid);
        return gson.toJson(new SuccessStatusJson(true));
    }
    @RequestMapping(value = "/3pid/getValidated3pid")
    String check(HttpServletRequest request, HttpServletResponse response,
                 @RequestParam String sid, @RequestParam("client_secret") String secret) {
        log.info("Requested: {}", request.getRequestURL(), request.getQueryString());
        try {
            ThreePidValidation pid = mgr.getValidated(sid, secret);
            JsonObject obj = new JsonObject();
            obj.addProperty("medium", pid.getMedium());
            obj.addProperty("address", pid.getAddress());
            obj.addProperty("validated_at", pid.getValidation().toEpochMilli());
            return gson.toJson(obj);
        } catch (SessionNotValidatedException e) {
            log.info("Session {} was requested but has not yet been validated", sid);
            throw e;
        }
    }
    @RequestMapping(value = "/3pid/bind")
    String bind(HttpServletRequest request, HttpServletResponse response,
                @RequestParam String sid, @RequestParam("client_secret") String secret, @RequestParam String mxid) {
        log.info("Requested: {}", request.getRequestURL(), request.getQueryString());
        try {
            mgr.bind(sid, secret, mxid);
            return "{}";
        } catch (BadRequestException e) {
            log.info("requested session was not validated");
            JsonObject obj = new JsonObject();
            obj.addProperty("errcode", "M_SESSION_NOT_VALIDATED");
            obj.addProperty("error", e.getMessage());
            response.setStatus(HttpStatus.SC_BAD_REQUEST);
            return gson.toJson(obj);
        } finally {
            // If a user registers, there is no standard login event. Instead, this is the only way to trigger
            // resolution at an appropriate time. Meh at synapse/Riot!
            invMgr.lookupMappingsForInvites();
        }
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/InvitationController.groovy
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/InvitationController.groovy
@@ -18,28 +18,32 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.controller.v1
+package io.kamax.mxisd.controller.v1;
-import io.kamax.mxisd.exception.NotImplementedException
+import com.google.gson.Gson;
-import org.slf4j.Logger
+import com.google.gson.JsonObject;
-import org.slf4j.LoggerFactory
+import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.CrossOrigin;
-import org.springframework.web.bind.annotation.RestController
+import org.springframework.web.bind.annotation.RequestMapping;
-
+import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest
 import static org.springframework.web.bind.annotation.RequestMethod.POST
@RestController
-class InvitationController {
+@CrossOrigin
@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
 public class StatusController {
-    private Logger log = LoggerFactory.getLogger(InvitationController.class)
+    private Gson gson = new Gson();
-    @RequestMapping(value = "/_matrix/identity/api/v1/store-invite", method = POST)
+    @RequestMapping(value = "/_matrix/identity/status")
-    String store(HttpServletRequest request) {
+    public String getStatus() {
-        log.error("{} was requested but not implemented", request.getRequestURL())
+        // TODO link to backend
        JsonObject status = new JsonObject();
        status.addProperty("health", "OK");
-        throw new NotImplementedException()
+        JsonObject obj = new JsonObject();
        obj.add("status", status);
        return gson.toJson(obj);
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/GenericTokenRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/GenericTokenRequestJson.java
@@ -0,0 +1,41 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1.io;
 public abstract class GenericTokenRequestJson {
    private String client_secret;
    private int send_attempt;
    private String next_link;
    public String getSecret() {
        return client_secret;
    }
    public int getAttempt() {
        return send_attempt;
    }
    public String getNextLink() {
        return next_link;
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/KeyValidityJson.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/KeyValidityJson.java
@@ -18,18 +18,18 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.lookup;
+package io.kamax.mxisd.controller.v1.io;
-public abstract class ALookupRequest {
+public class KeyValidityJson {
-    private String requester;
+    private boolean valid;
-    public String getRequester() {
+    public KeyValidityJson(boolean isValid) {
-        return requester;
+        this.valid = isValid;
    }
-    public void setRequester(String requester) {
+    public boolean isValid() {
-        this.requester = requester;
+        return valid;
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/RequestTokenResponse.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/RequestTokenResponse.java
@@ -0,0 +1,31 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1.io;
 public class RequestTokenResponse {
    private String sid;
    public String getSid() {
        return sid;
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/SessionEmailTokenRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/SessionEmailTokenRequestJson.java
@@ -18,15 +18,18 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.lookup.fetcher
+package io.kamax.mxisd.controller.v1.io;
-import io.kamax.mxisd.lookup.SingleLookupRequest
+public class SessionEmailTokenRequestJson extends GenericTokenRequestJson {
 import io.kamax.mxisd.lookup.ThreePidMapping
-interface IBridgeFetcher {
+    private String email;
-    Optional<?> find(SingleLookupRequest request)
+    public String getMedium() {
        return "threepids/email";
    }
-    List<ThreePidMapping> populate(List<ThreePidMapping> mappings)
+    public String getValue() {
        return email;
    }
 }
--- a/src/main/groovy/io/kamax/mxisd/controller/v1/io/SessionPhoneTokenRequestJson.java
+++ b/src/main/groovy/io/kamax/mxisd/controller/v1/io/SessionPhoneTokenRequestJson.java
@@ -1,3 +1,23 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1.io;
 import com.google.i18n.phonenumbers.NumberParseException;
@@ -11,12 +31,10 @@ public class SessionPhoneTokenRequestJson extends GenericTokenRequestJson {
    private String country;
    private String phone_number;
    @Override
    public String getMedium() {
        return "msisdn";
    }
    @Override
    public String getValue() {
        try {
            Phonenumber.PhoneNumber num = phoneUtil.parse(phone_number, country);
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/SingeLookupReplyJson.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/SingeLookupReplyJson.java
@@ -0,0 +1,75 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1.io;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import java.util.HashMap;
 import java.util.Map;
 public class SingeLookupReplyJson {
    private String address;
    private String medium;
    private String mxid;
    private long not_after;
    private long not_before;
    private long ts;
    private Map<String, Map<String, String>> signatures = new HashMap<>();
    public SingeLookupReplyJson(SingleLookupReply reply) {
        this.address = reply.getRequest().getThreePid();
        this.medium = reply.getRequest().getType();
        this.mxid = reply.getMxid().getId();
        this.not_after = reply.getNotAfter().toEpochMilli();
        this.not_before = reply.getNotBefore().toEpochMilli();
        this.ts = reply.getTimestamp().toEpochMilli();
    }
    public String getAddress() {
        return address;
    }
    public String getMedium() {
        return medium;
    }
    public String getMxid() {
        return mxid;
    }
    public long getNot_after() {
        return not_after;
    }
    public long getNot_before() {
        return not_before;
    }
    public long getTs() {
        return ts;
    }
    public boolean isSigned() {
        return signatures != null && !signatures.isEmpty();
    }
 }
--- a/src/main/java/io/kamax/mxisd/controller/v1/io/SuccessStatusJson.java
+++ b/src/main/java/io/kamax/mxisd/controller/v1/io/SuccessStatusJson.java
@@ -0,0 +1,35 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Maxime Dor
 *
 * https://max.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.controller.v1.io;
 public class SuccessStatusJson {
    private boolean success;
    public SuccessStatusJson(boolean success) {
        this.success = success;
    }
    public boolean isSuccess() {
        return success;
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Maxime Dor	0499c10a2c	Better sample config, better README	2017-09-25 18:20:18 +02:00
Maxime Dor	13e248c71e	Do not enforce Twilio config by default	2017-09-25 18:04:21 +02:00
Maxime Dor	d221b2c5de	Fix groovy rollback issue	2017-09-25 17:56:06 +02:00
Maxime Dor	3a1900cbb2	Add link to 3PID session documentation	2017-09-25 17:15:37 +02:00
Max Dor	9f1867a030	Merge pull request #32 from kamax-io/phone_numbers-validation Phone numbers validation	2017-09-25 17:12:59 +02:00
Maxime Dor	a061241291	Use relative links	2017-09-25 17:11:58 +02:00
Maxime Dor	fefa81e935	Add link to phone numbers in TOC	2017-09-25 17:06:39 +02:00
Maxime Dor	1e77bf43c6	Add documentation to validate phone numbers	2017-09-25 17:03:50 +02:00
Maxime Dor	c73bbf675e	First prototype to validate phone numbers	2017-09-25 05:53:07 +02:00
Maxime Dor	6c2e65ace5	Code formatting, cosmetic	2017-09-25 02:35:16 +02:00
Maxime Dor	33263d3cff	Bye bye Groovy, you won't be missed :(	2017-09-25 02:31:31 +02:00
Maxime Dor	af19fed6e7	More links to specific config docs	2017-09-25 00:15:30 +02:00
Maxime Dor	246dc4f8d1	Add web views link	2017-09-25 00:10:25 +02:00
Maxime Dor	31efa3e33f	More 3PID sessions configuration documentation	2017-09-25 00:08:58 +02:00
Maxime Dor	bee2a5129b	Fix inconsistencies into DNS library	2017-09-24 21:29:14 +02:00
Maxime Dor	f1e78af80b	Fix empty JSON object on empty lookup results	2017-09-24 21:12:49 +02:00
Max Dor	e0022e549e	Merge pull request #31 from kamax-io/binding-validation 3PID sessions support (email only)	2017-09-24 05:26:37 +02:00
Maxime Dor	b46d047411	Add session disabled config	2017-09-24 04:54:48 +02:00
Maxime Dor	542c549e4e	Fix config for remote-only sessions mode	2017-09-24 04:53:37 +02:00
Maxime Dor	ebb9a6daa0	Fix links and better formatting	2017-09-24 04:52:24 +02:00
Maxime Dor	f93a94ddf1	First draft of 3PID sessions/binds manual	2017-09-24 04:47:16 +02:00
Maxime Dor	597fc95cef	Clean-up	2017-09-24 01:49:56 +02:00
Maxime Dor	df81dda22d	First working prototype to proxy 3PID binds to central Matrix.org IS	2017-09-23 04:27:14 +02:00
Maxime Dor	5836965a1e	Saving current work	2017-09-22 01:49:27 +02:00
Maxime Dor	58d80b8eb3	Notification for proxying 3PID, remote 3PID are proxied by default	2017-09-22 00:00:25 +02:00
Maxime Dor	a4b4a3f24c	Polishing, prepare for proxying 3PID sessions	2017-09-21 07:26:33 +02:00
Maxime Dor	ace6019197	Refactor after first tests against synapse	2017-09-21 04:07:13 +02:00
Maxime Dor	88cefeabbf	Fix refactored calls	2017-09-20 17:24:21 +02:00
Maxime Dor	bf2afd8739	Further work	2017-09-20 17:22:51 +02:00
Maxime Dor	0b087ee08c	Prepare structure to handle 3PID sessions and bindings validation/proxy	2017-09-20 04:35:34 +02:00
Maxime Dor	c1746697b9	Split template creation and 3PID connector to integrate bindings verification	2017-09-19 03:46:31 +02:00
Maxime Dor	5179c4dbb5	Proper check	2017-09-19 01:08:13 +02:00
Maxime Dor	64973f57cf	Better defaults for logging	2017-09-19 01:03:44 +02:00
Maxime Dor	00a00be692	LDAP backend: protect against empty username	2017-09-18 12:51:36 +02:00
Maxime Dor	9e8dade238	Clarify README and REST backend doc	2017-09-18 10:58:27 +02:00
Maxime Dor	9babad6b33	Add push of latest dev docker image tag to push target	2017-09-18 02:29:58 +02:00
Maxime Dor	00896ab280	Add PostgreSQL support for SQL Backend	2017-09-18 02:24:46 +02:00
Max Dor	f03cd76f52	Merge pull request #30 from kamax-io/rest-backend REST backend	2017-09-18 01:05:31 +02:00
Maxime Dor	0453c1db30	Add tests for REST backend implementation	2017-09-18 01:00:17 +02:00
Maxime Dor	013be139c9	Fix bad copy/paste and bad method scope	2017-09-17 23:26:22 +02:00
Maxime Dor	317fc367f8	Identity lookup implementation for REST backend	2017-09-17 22:34:48 +02:00
Maxime Dor	efc54e73f2	Streamline Backend auth mechanism/return values	2017-09-17 21:19:29 +02:00
Maxime Dor	0182ec7251	Streamline JSON requests/answers	2017-09-17 15:48:33 +02:00
Maxime Dor	640ccb7ef8	Improve docker build process and doc	2017-09-17 15:12:39 +02:00
Maxime Dor	2e694349c9	Add default type for SQL Backend	2017-09-17 14:47:48 +02:00
Maxime Dor	9328fa1eb4	Update link for REST auth module in sample config	2017-09-17 14:17:50 +02:00
Maxime Dor	221d823f3b	Update LDAP library to fix auth filter bug	2017-09-17 14:01:38 +02:00
Maxime Dor	8b6eadb9ab	Auth endpoint implementation	2017-09-17 05:17:00 +02:00
Maxime Dor	22d8380bce	Configuration management - Default values - Compute values	2017-09-17 02:03:45 +02:00
Maxime Dor	0cbf1a83a5	First skeleton for REST backend	2017-09-17 01:06:43 +02:00
Maxime Dor	23f717579e	Refactor backend packages	2017-09-16 22:56:53 +02:00
Maxime Dor	4eb8c95c3a	Handle anonymous bind in LDAP backend (Fix #27 )	2017-09-16 18:11:39 +02:00
Maxime Dor	0fa04e4a54	Better wording	2017-09-16 14:19:26 +02:00
Maxime Dor	f97aa8cbef	Cosmetic refactoring	2017-09-16 13:46:15 +02:00
Maxime Dor	37b0f29184	Cosmetic refactoring	2017-09-16 13:01:37 +02:00
Maxime Dor	2befdbb54f	Improve network discovery explanation	2017-09-16 04:34:16 +02:00
Maxime Dor	d1a6c84e6b	Properly split authoritative domain and public IS host	2017-09-16 04:29:01 +02:00
Maxime Dor	e8229b867a	Add docker build targets	2017-09-16 02:07:10 +02:00
Maxime Dor	6fb18d5827	Remove problematic handling of multiple validation requests for same 3PID	2017-09-16 01:34:31 +02:00
Maxime Dor	a8488a0745	Add ability to overwrite DNS when trying to contact the related homeserver	2017-09-14 23:10:23 +02:00
Maxime Dor	89a7416367	Add prototype support for SQL auth/directory backends	2017-09-14 20:59:35 +02:00
Maxime Dor	068c6b8555	Use proper object for key validity json answer	2017-09-14 18:34:02 +02:00
Maxime Dor	9a90d846e6	Improve README - List current features - List features to come - Improve wording at various places - Centralise configuration directions - Improve layout to make it easier for new users (hopefully)	2017-09-14 04:54:01 +02:00
Maxime Dor	16efe93920	Use proper ID when clearing invites from memory	2017-09-14 03:56:21 +02:00
Maxime Dor	8fbb45037c	Create SQLite DB file parent directory if necessary	2017-09-14 03:38:14 +02:00
Maxime Dor	f1196d5b72	Revamp example config for better handling by users and build tools	2017-09-14 03:31:56 +02:00
Max Dor	3b4736b00f	Merge pull request #28 from kamax-io/invite-support Invite support	2017-09-14 02:49:24 +02:00
Maxime Dor	5796982f2d	Add persistence storage for invites	2017-09-14 02:36:08 +02:00
Maxime Dor	9e6d3ab5dd	Build error json object properly	2017-09-13 21:27:29 +02:00
Maxime Dor	571506d1d2	Add new placeholders for e-mail to access invited address and medium type	2017-09-13 19:15:39 +02:00
Maxime Dor	c00adcf575	Be consistent with annotations	2017-09-13 16:25:21 +02:00
Maxime Dor	808aed2bc3	log user agent for lookup requests	2017-09-13 16:21:09 +02:00
Maxime Dor	ec0a9c7b80	log user agent for lookup requests	2017-09-13 16:20:46 +02:00
Maxime Dor	84afb86b77	Properly handle default config file when running as systemd/sysv daemon	2017-09-13 02:47:25 +02:00
Maxime Dor	02c5523d6d	Handle bundled and external e-mail template properly	2017-09-13 02:29:58 +02:00
Maxime Dor	d7cf31fb9a	Remove debug log statement	2017-09-13 02:28:37 +02:00
Maxime Dor	d7258cd3c6	Fix DNS lookup	2017-09-13 02:28:22 +02:00
Maxime Dor	222f7f104a	Add regular pending invite mapping checks	2017-09-13 01:35:11 +02:00
Maxime Dor	548dace78c	Properly handle invites with LDAP backend	2017-09-13 01:16:02 +02:00
Maxime Dor	001de470ca	Fix invalid add of @Override	2017-09-12 19:48:39 +02:00
Maxime Dor	09b789dfc2	Refactor logic, preparing to generalize post-login publish of mappings	2017-09-12 19:47:01 +02:00
Maxime Dor	55b759a31c	Enhance e-mail invitations - Built-in e-mail template - More template placeholders	2017-09-12 02:24:58 +02:00
Maxime Dor	cb0ffe0575	Remove debug log	2017-09-07 17:45:48 +02:00
Maxime Dor	3cde0b9c23	Fix typo	2017-09-07 17:44:37 +02:00
Maxime Dor	2ce3bab3b6	Properly handle force recursive lookup during invite	2017-09-07 02:04:48 +02:00
Maxime Dor	ba723f8523	Don't fail on non-existing config key	2017-09-07 01:53:42 +02:00
Maxime Dor	d2d5f80b44	Don't fail if template is not found and hope for the best	2017-09-07 01:21:49 +02:00
Maxime Dor	e2a097b2d0	Avoid header that could be considered as a profile	2017-09-07 01:16:43 +02:00
Maxime Dor	45a81e5979	Add sane defaults	2017-09-07 00:07:49 +02:00
Maxime Dor	158060a3b0	Add some placeholders handling for e-mail template	2017-09-06 23:08:47 +02:00
Maxime Dor	1e3b832186	Fix example data	2017-09-06 15:56:45 +02:00
Maxime Dor	8294990b1f	Cosmetic changes - Add missing license headers - Remove unused class	2017-09-06 15:04:17 +02:00
Maxime Dor	a704ba2e6c	Working prototype	2017-09-06 15:00:43 +02:00
Maxime Dor	a7303fef15	Add icons	2017-09-06 10:52:57 +02:00
Maxime Dor	cd6960fa80	Attempt to support invites, working in progress	2017-09-06 04:17:46 +02:00
Maxime Dor	c05ca68de4	Keep LDAP disabled by default	2017-09-05 21:37:43 +02:00
Maxime Dor	a8df386d58	Auth support with synapse REST auth module	2017-09-05 21:36:33 +02:00
Maxime Dor	4b0d549dd6	Add LDAP Auth support with synapse REST Auth module	2017-09-05 21:31:36 +02:00
Maxime Dor	85236793e1	Skeleton to support LDAP Auth	2017-09-04 03:08:19 +02:00
Maxime Dor	954dcf3a5c	Improve startup failures user experience - Be clear about config errors instead of difficult stack traces - Fix default values which should not cause startup failures	2017-09-03 23:26:32 +02:00
Max Dor	466a3d270e	Merge pull request #26 from kamax-io/recursive-enhanced Add properties for enhanced recursive lookup queries	2017-09-03 20:36:30 +02:00
Maxime Dor	a046f9f327	Add Docker public repo	2017-09-03 13:49:00 +02:00
Maxime Dor	c03573b24f	Be clear about building mxisd before building Docker img	2017-09-03 03:18:44 +02:00
Maxime Dor	694e62edee	Firebase UID is case sensitive, must not alter	2017-09-02 03:23:46 +02:00
Maxime Dor	61399c7705	Add status endpoint placeholder	2017-09-01 18:28:40 +02:00
Maxime Dor	05d1594ac2	Fix race condition and add more log statements	2017-08-31 18:52:06 +02:00
Maxime Dor	361596e773	Support 3PID lookups	2017-08-31 16:33:07 +02:00
Maxime Dor	d57aef36ea	Wait for async calls	2017-08-31 03:34:08 +02:00
Maxime Dor	0033d0dc1d	Experimental support for synapse REST auth module - See https://github.com/maxidor/matrix-synapse-rest-auth - Include Google Firebase backend using UID as login and user token as password	2017-08-31 02:10:36 +02:00
Maxime Dor	1c43ca7666	Add properties for enhanced recursive lookup queries	2017-08-29 01:44:33 +02:00