diff --git a/src/main/java/io/kamax/mxisd/backend/google/GoogleProviderBackend.java b/src/main/java/io/kamax/mxisd/backend/google/GoogleProviderBackend.java index 7d7bf62..d124899 100644 --- a/src/main/java/io/kamax/mxisd/backend/google/GoogleProviderBackend.java +++ b/src/main/java/io/kamax/mxisd/backend/google/GoogleProviderBackend.java @@ -20,24 +20,19 @@ package io.kamax.mxisd.backend.google; +import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.jackson2.JacksonFactory; -import io.kamax.matrix.MatrixID; -import io.kamax.matrix.ThreePid; import io.kamax.matrix._MatrixID; import io.kamax.mxisd.UserIdType; import io.kamax.mxisd.auth.provider.AuthenticatorProvider; import io.kamax.mxisd.auth.provider.BackendAuthResult; import io.kamax.mxisd.config.GoogleConfig; import io.kamax.mxisd.config.MatrixConfig; -import io.kamax.mxisd.lookup.SingleLookupReply; -import io.kamax.mxisd.lookup.SingleLookupRequest; -import io.kamax.mxisd.lookup.ThreePidMapping; -import io.kamax.mxisd.lookup.provider.IThreePidProvider; -import org.apache.commons.lang.StringUtils; +import io.kamax.mxisd.lookup.strategy.LookupStrategy; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -46,22 +41,22 @@ import org.springframework.stereotype.Component; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Collections; -import java.util.List; -import java.util.Optional; @Component -public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidProvider { +public class GoogleProviderBackend implements AuthenticatorProvider { private final Logger log = LoggerFactory.getLogger(GoogleProviderBackend.class); private final GoogleConfig cfg; private final MatrixConfig mxCfg; + private final LookupStrategy lookup; private GoogleIdTokenVerifier verifier; @Autowired - public GoogleProviderBackend(GoogleConfig cfg, MatrixConfig mxCfg) { + public GoogleProviderBackend(GoogleConfig cfg, MatrixConfig mxCfg, LookupStrategy lookup) { this.cfg = cfg; this.mxCfg = mxCfg; + this.lookup = lookup; if (isEnabled()) { try { @@ -74,7 +69,6 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr } catch (IOException | GeneralSecurityException e) { throw new RuntimeException(e); } - } } @@ -83,64 +77,30 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr return cfg.isEnabled(); } - @Override - public boolean isLocal() { - return true; - } - - @Override - public int getPriority() { - return 20; - } - - @Override - public Optional find(SingleLookupRequest request) { - if (!StringUtils.equals(cfg.getMedium(), request.getType())) { - return Optional.empty(); - } - - return Optional.of(new SingleLookupReply(request, new MatrixID(cfg.getPrefix() + request.getThreePid(), mxCfg.getDomain()))); - } - - @Override - public List populate(List mappings) { - return Collections.emptyList(); - } - @Override public BackendAuthResult authenticate(_MatrixID mxid, String password) { - if (!StringUtils.startsWith(mxid.getLocalPart(), cfg.getPrefix())) { - return BackendAuthResult.failure(); - } - - BackendAuthResult result = new BackendAuthResult(); - result.withThreePid(new ThreePid(cfg.getMedium(), mxid.getLocalPart().replace(cfg.getPrefix(), ""))); - result.succeed(mxid.getId(), UserIdType.MatrixID.getId(), null); - return result; - - /* try { - log.info("ID Token: {}", password); GoogleIdToken idToken = verifier.verify(password); if (idToken != null) { - BackendAuthResult GoogleIdToken.Payload payload = idToken.getPayload(); + if (!payload.getEmailVerified()) { // We only want users who validated their email + return BackendAuthResult.failure(); + } // Get user identifier String userId = payload.getSubject(); - // Get profile information from payload - String email = payload.getEmail(); - if (payload.getEmailVerified()) { + // We validate that the user who authenticated has his Google account associated already + return lookup.find("io.kamax.google.id", userId, false).map(r -> { + if (!r.getMxid().equals(mxid)) { + return BackendAuthResult.failure(); + } - } - String name = (String) payload.get("name"); - String pictureUrl = (String) payload.get("picture"); - String locale = (String) payload.get("locale"); - String familyName = (String) payload.get("family_name"); - String givenName = (String) payload.get("given_name"); + // Get profile information from payload + String name = (String) payload.get("name"); - return BackendAuthResult.success(userId, UserIdType.Localpart, name); + return BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name); + }).orElse(BackendAuthResult.failure()); } else { log.info("Not a valid Google token"); return BackendAuthResult.failure(); @@ -151,7 +111,6 @@ public class GoogleProviderBackend implements AuthenticatorProvider, IThreePidPr log.error("Unable to authenticate via Google due to network error", e); return BackendAuthResult.failure(); } - */ } }