Auto-generate username
This commit is contained in:
Maxime Dor
@@ -31,7 +31,6 @@ import io.kamax.mxisd.UserIdType;
|
|||||||
import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
|
import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
|
||||||
import io.kamax.mxisd.auth.provider.BackendAuthResult;
|
import io.kamax.mxisd.auth.provider.BackendAuthResult;
|
||||||
import io.kamax.mxisd.config.GoogleConfig;
|
import io.kamax.mxisd.config.GoogleConfig;
|
||||||
import io.kamax.mxisd.config.MatrixConfig;
|
|
||||||
import io.kamax.mxisd.lookup.strategy.LookupStrategy;
|
import io.kamax.mxisd.lookup.strategy.LookupStrategy;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -41,21 +40,24 @@ import org.springframework.stereotype.Component;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.Optional;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class GoogleProviderBackend implements AuthenticatorProvider {
|
public class GoogleProviderBackend implements AuthenticatorProvider {
|
||||||
|
|
||||||
private final Logger log = LoggerFactory.getLogger(GoogleProviderBackend.class);
|
private final Logger log = LoggerFactory.getLogger(GoogleProviderBackend.class);
|
||||||
private final GoogleConfig cfg;
|
private final GoogleConfig cfg;
|
||||||
private final MatrixConfig mxCfg;
|
|
||||||
private final LookupStrategy lookup;
|
private final LookupStrategy lookup;
|
||||||
|
|
||||||
private GoogleIdTokenVerifier verifier;
|
private GoogleIdTokenVerifier verifier;
|
||||||
|
|
||||||
|
public Optional<GoogleIdToken> extractToken(String data) throws GeneralSecurityException, IOException {
|
||||||
|
return Optional.ofNullable(verifier.verify(data));
|
||||||
|
}
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public GoogleProviderBackend(GoogleConfig cfg, MatrixConfig mxCfg, LookupStrategy lookup) {
|
public GoogleProviderBackend(GoogleConfig cfg, LookupStrategy lookup) {
|
||||||
this.cfg = cfg;
|
this.cfg = cfg;
|
||||||
this.mxCfg = mxCfg;
|
|
||||||
this.lookup = lookup;
|
this.lookup = lookup;
|
||||||
|
|
||||||
if (isEnabled()) {
|
if (isEnabled()) {
|
||||||
@@ -80,8 +82,7 @@ public class GoogleProviderBackend implements AuthenticatorProvider {
|
|||||||
@Override
|
@Override
|
||||||
public BackendAuthResult authenticate(_MatrixID mxid, String password) {
|
public BackendAuthResult authenticate(_MatrixID mxid, String password) {
|
||||||
try {
|
try {
|
||||||
GoogleIdToken idToken = verifier.verify(password);
|
return extractToken(password).map(idToken -> {
|
||||||
if (idToken != null) {
|
|
||||||
GoogleIdToken.Payload payload = idToken.getPayload();
|
GoogleIdToken.Payload payload = idToken.getPayload();
|
||||||
if (!payload.getEmailVerified()) { // We only want users who validated their email
|
if (!payload.getEmailVerified()) { // We only want users who validated their email
|
||||||
return BackendAuthResult.failure();
|
return BackendAuthResult.failure();
|
||||||
@@ -101,10 +102,7 @@ public class GoogleProviderBackend implements AuthenticatorProvider {
|
|||||||
|
|
||||||
return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
|
return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
|
||||||
}).orElse(BackendAuthResult.failure());
|
}).orElse(BackendAuthResult.failure());
|
||||||
} else {
|
}).orElse(BackendAuthResult.failure());
|
||||||
log.info("Not a valid Google token");
|
|
||||||
return BackendAuthResult.failure();
|
|
||||||
}
|
|
||||||
} catch (GeneralSecurityException e) {
|
} catch (GeneralSecurityException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|||||||
@@ -20,11 +20,13 @@
|
|||||||
|
|
||||||
package io.kamax.mxisd.controller.auth.v1;
|
package io.kamax.mxisd.controller.auth.v1;
|
||||||
|
|
||||||
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import io.kamax.matrix.MatrixID;
|
import io.kamax.matrix.MatrixID;
|
||||||
import io.kamax.matrix.ThreePid;
|
import io.kamax.matrix.ThreePid;
|
||||||
import io.kamax.matrix._MatrixID;
|
import io.kamax.matrix._MatrixID;
|
||||||
|
import io.kamax.mxisd.backend.google.GoogleProviderBackend;
|
||||||
import io.kamax.mxisd.dns.ClientDnsOverwrite;
|
import io.kamax.mxisd.dns.ClientDnsOverwrite;
|
||||||
import io.kamax.mxisd.profile.ProfileManager;
|
import io.kamax.mxisd.profile.ProfileManager;
|
||||||
import io.kamax.mxisd.util.GsonParser;
|
import io.kamax.mxisd.util.GsonParser;
|
||||||
@@ -50,9 +52,9 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@CrossOrigin
|
@CrossOrigin
|
||||||
@@ -63,6 +65,7 @@ public class RegistrationController {
|
|||||||
|
|
||||||
private final String registerV1Url = "/_matrix/client/r0/register";
|
private final String registerV1Url = "/_matrix/client/r0/register";
|
||||||
|
|
||||||
|
private GoogleProviderBackend google;
|
||||||
private ProfileManager pMgr;
|
private ProfileManager pMgr;
|
||||||
private ClientDnsOverwrite dns;
|
private ClientDnsOverwrite dns;
|
||||||
private CloseableHttpClient client;
|
private CloseableHttpClient client;
|
||||||
@@ -70,7 +73,8 @@ public class RegistrationController {
|
|||||||
private GsonParser parser;
|
private GsonParser parser;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public RegistrationController(ProfileManager pMgr, ClientDnsOverwrite dns, CloseableHttpClient client) {
|
public RegistrationController(GoogleProviderBackend google, ProfileManager pMgr, ClientDnsOverwrite dns, CloseableHttpClient client) {
|
||||||
|
this.google = google;
|
||||||
this.pMgr = pMgr;
|
this.pMgr = pMgr;
|
||||||
this.dns = dns;
|
this.dns = dns;
|
||||||
this.client = client;
|
this.client = client;
|
||||||
@@ -110,11 +114,22 @@ public class RegistrationController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
String gId = auth.get("googleId").getAsString();
|
String gId = auth.get("googleId").getAsString();
|
||||||
log.info("Google ID: {}", gId);
|
try {
|
||||||
ids.add(gId);
|
GoogleIdToken token = google.extractToken(reqJsonObject.get("password").getAsString()).orElseThrow(() -> new IllegalArgumentException("Google ID Token is missing or invalid"));
|
||||||
auth.addProperty("type", "m.login.dummy");
|
if (!StringUtils.equals(gId, token.getPayload().getSubject())) {
|
||||||
auth.remove("googleId");
|
throw new IllegalArgumentException("Google ID does not match token");
|
||||||
reqJsonObject.addProperty("password", UUID.randomUUID().toString());
|
}
|
||||||
|
log.info("Google ID: {}", gId);
|
||||||
|
|
||||||
|
ids.add(gId);
|
||||||
|
|
||||||
|
auth.addProperty("type", "m.login.dummy");
|
||||||
|
auth.remove("googleId");
|
||||||
|
reqJsonObject.addProperty("username", "g-" + gId);
|
||||||
|
reqJsonObject.addProperty("password", "");
|
||||||
|
} catch (IOException | GeneralSecurityException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@@ -126,7 +141,7 @@ public class RegistrationController {
|
|||||||
String body = EntityUtils.toString(httpResponse.getEntity());
|
String body = EntityUtils.toString(httpResponse.getEntity());
|
||||||
JsonObject json = parser.parse(body);
|
JsonObject json = parser.parse(body);
|
||||||
if (sc == 200 && json.has("user_id")) {
|
if (sc == 200 && json.has("user_id")) {
|
||||||
log.info("User was registered, adding 3PID");
|
log.info("User was registered, adding 3PID"); // FIXME we should do this in the backend really
|
||||||
_MatrixID mxid = new MatrixID(json.get("user_id").getAsString());
|
_MatrixID mxid = new MatrixID(json.get("user_id").getAsString());
|
||||||
pMgr.addThreepid(mxid, new ThreePid("io.kamax.google.id", ids.get(0)));
|
pMgr.addThreepid(mxid, new ThreePid("io.kamax.google.id", ids.get(0)));
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user