Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
92f10347d1 | ||
|
|
0298f66212 | ||
|
|
0ddd086bda | ||
|
|
544f8e59f0 | ||
|
|
917f87bf8c | ||
|
|
774795c203 | ||
|
|
27b2976e42 | ||
|
|
f16f184253 | ||
|
|
cd890d114a | ||
|
|
321ba1e325 | ||
|
|
c3ce0a17f6 | ||
|
|
0fcc0d9bb2 | ||
|
|
ce7f900543 | ||
|
|
c7c009f9af | ||
|
|
3b01663245 | ||
|
|
9cc601d582 | ||
|
|
e6272b1827 | ||
|
|
8243354f39 | ||
|
|
25968e0737 | ||
|
|
44a80461a0 | ||
|
|
85d9f9e704 |
10
build.gradle
10
build.gradle
@@ -48,6 +48,8 @@ def dockerImageTag = "${dockerImageName}:${mxisdVersion()}"
|
||||
|
||||
group = 'io.kamax'
|
||||
mainClassName = 'io.kamax.mxisd.MxisdStandaloneExec'
|
||||
sourceCompatibility = '1.8'
|
||||
targetCompatibility = '1.8'
|
||||
|
||||
String mxisdVersion() {
|
||||
def versionPattern = Pattern.compile("v(\\d+\\.)?(\\d+\\.)?(\\d+)(-.*)?")
|
||||
@@ -87,10 +89,10 @@ repositories {
|
||||
dependencies {
|
||||
// Logging
|
||||
compile 'org.slf4j:slf4j-simple:1.7.25'
|
||||
|
||||
|
||||
// Easy file management
|
||||
compile 'commons-io:commons-io:2.5'
|
||||
|
||||
|
||||
// Config management
|
||||
compile 'org.yaml:snakeyaml:1.23'
|
||||
|
||||
@@ -145,7 +147,7 @@ dependencies {
|
||||
|
||||
// HTTP server
|
||||
compile 'io.undertow:undertow-core:2.0.16.Final'
|
||||
|
||||
|
||||
// Command parser for AS interface
|
||||
implementation 'commons-cli:commons-cli:1.4'
|
||||
|
||||
@@ -158,7 +160,7 @@ dependencies {
|
||||
jar {
|
||||
manifest {
|
||||
attributes(
|
||||
'Implementation-Version': mxisdVersion()
|
||||
'Implementation-Version': mxisdVersion()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,29 +19,33 @@ All placeholders **MUST** be surrounded with `%` in the template. Per example, t
|
||||
### Global
|
||||
The following placeholders are available in every template:
|
||||
|
||||
| Placeholder | Purpose |
|
||||
|---------------------|------------------------------------------------------------------------------|
|
||||
| `DOMAIN` | Identity server authoritative domain, as configured in `matrix.domain` |
|
||||
| `DOMAIN_PRETTY` | Same as `DOMAIN` with the first letter upper case and all other lower case |
|
||||
| `FROM_EMAIL` | Email address configured in `threepid.medium.<3PID medium>.identity.from` |
|
||||
| `FROM_NAME` | Name configured in `threepid.medium.<3PID medium>.identity.name` |
|
||||
| `RECIPIENT_MEDIUM` | The 3PID medium, like `email` or `msisdn` |
|
||||
| `RECIPIENT_ADDRESS` | The address to which the notification is sent |
|
||||
| Placeholder | Purpose |
|
||||
|---------------------------------|------------------------------------------------------------------------------|
|
||||
| `DOMAIN` | Identity server authoritative domain, as configured in `matrix.domain` |
|
||||
| `DOMAIN_PRETTY` | Same as `DOMAIN` with the first letter upper case and all other lower case |
|
||||
| `FROM_EMAIL` | Email address configured in `threepid.medium.<3PID medium>.identity.from` |
|
||||
| `FROM_NAME` | Name configured in `threepid.medium.<3PID medium>.identity.name` |
|
||||
| `RECIPIENT_MEDIUM` | The 3PID medium, like `email` or `msisdn` |
|
||||
| `RECIPIENT_MEDIUM_URL_ENCODED` | URL encoded value of `RECIPIENT_MEDIUM` |
|
||||
| `RECIPIENT_ADDRESS` | The address to which the notification is sent |
|
||||
| `RECIPIENT_ADDRESS_URL_ENCODED` | URL encoded value of `RECIPIENT_ADDRESS` |
|
||||
|
||||
### Room invitation
|
||||
Specific placeholders:
|
||||
|
||||
| Placeholder | Purpose |
|
||||
|---------------------|------------------------------------------------------------------------------------------|
|
||||
| `SENDER_ID` | Matrix ID of the user who made the invite |
|
||||
| `SENDER_NAME` | Display name of the user who made the invite, if not available/set, empty |
|
||||
| `SENDER_NAME_OR_ID` | Display name of the user who made the invite. If not available/set, its Matrix ID |
|
||||
| `INVITE_MEDIUM` | The 3PID medium for the invite. |
|
||||
| `INVITE_ADDRESS` | The 3PID address for the invite. |
|
||||
| `ROOM_ID` | The Matrix ID of the Room in which the invite took place |
|
||||
| `ROOM_NAME` | The Name of the room in which the invite took place. If not available/set, empty |
|
||||
| `ROOM_NAME_OR_ID` | The Name of the room in which the invite took place. If not available/set, its Matrix ID |
|
||||
| `REGISTER_URL` | The URL to provide to the user allowing them to register their account, if needed |
|
||||
| Placeholder | Purpose |
|
||||
|------------------------------|-----------------------------------------------------------------------------------|
|
||||
| `SENDER_ID` | Matrix ID of the user who made the invite |
|
||||
| `SENDER_NAME` | Display name of the user who made the invite, if not available/set, empty |
|
||||
| `SENDER_NAME_OR_ID` | Display name of the user who made the invite. If not available/set, its Matrix ID |
|
||||
| `INVITE_MEDIUM` | The 3PID medium for the invite. |
|
||||
| `INVITE_MEDIUM_URL_ENCODED` | URL encoded value of `INVITE_MEDIUM` |
|
||||
| `INVITE_ADDRESS` | The 3PID address for the invite. |
|
||||
| `INVITE_ADDRESS_URL_ENCODED` | URL encoded value of `INVITE_ADDRESS` |
|
||||
| `ROOM_ID` | The Matrix ID of the Room in which the invite took place |
|
||||
| `ROOM_NAME` | The Name of the room in which the invite took place. If not available/set, empty |
|
||||
| `ROOM_NAME_OR_ID` | The Name of the room in which the invite took place. If not available/set, its ID |
|
||||
| `REGISTER_URL` | The URL to provide to the user allowing them to register their account, if needed |
|
||||
|
||||
### Validation of 3PID Session
|
||||
Specific placeholders:
|
||||
|
||||
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
Binary file not shown.
3
gradle/wrapper/gradle-wrapper.properties
vendored
3
gradle/wrapper/gradle-wrapper.properties
vendored
@@ -1,6 +1,5 @@
|
||||
#Fri Aug 11 17:19:02 CEST 2017
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-5.3.1-bin.zip
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-4.0.2-bin.zip
|
||||
|
||||
18
gradlew
vendored
18
gradlew
vendored
@@ -1,5 +1,21 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#
|
||||
# Copyright 2015 the original author or authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
##
|
||||
## Gradle start up script for UN*X
|
||||
@@ -28,7 +44,7 @@ APP_NAME="Gradle"
|
||||
APP_BASE_NAME=`basename "$0"`
|
||||
|
||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
DEFAULT_JVM_OPTS=""
|
||||
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
|
||||
|
||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||
MAX_FD="maximum"
|
||||
|
||||
184
gradlew.bat
vendored
184
gradlew.bat
vendored
@@ -1,84 +1,100 @@
|
||||
@if "%DEBUG%" == "" @echo off
|
||||
@rem ##########################################################################
|
||||
@rem
|
||||
@rem Gradle startup script for Windows
|
||||
@rem
|
||||
@rem ##########################################################################
|
||||
|
||||
@rem Set local scope for the variables with windows NT shell
|
||||
if "%OS%"=="Windows_NT" setlocal
|
||||
|
||||
set DIRNAME=%~dp0
|
||||
if "%DIRNAME%" == "" set DIRNAME=.
|
||||
set APP_BASE_NAME=%~n0
|
||||
set APP_HOME=%DIRNAME%
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS=
|
||||
|
||||
@rem Find java.exe
|
||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:findJavaFromJavaHome
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:init
|
||||
@rem Get command-line arguments, handling Windows variants
|
||||
|
||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
||||
|
||||
:win9xME_args
|
||||
@rem Slurp the command line arguments.
|
||||
set CMD_LINE_ARGS=
|
||||
set _SKIP=2
|
||||
|
||||
:win9xME_args_slurp
|
||||
if "x%~1" == "x" goto execute
|
||||
|
||||
set CMD_LINE_ARGS=%*
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
||||
|
||||
:fail
|
||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||
rem the _cmd.exe /c_ return code!
|
||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
||||
exit /b 1
|
||||
|
||||
:mainEnd
|
||||
if "%OS%"=="Windows_NT" endlocal
|
||||
|
||||
:omega
|
||||
@rem
|
||||
@rem Copyright 2015 the original author or authors.
|
||||
@rem
|
||||
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@rem you may not use this file except in compliance with the License.
|
||||
@rem You may obtain a copy of the License at
|
||||
@rem
|
||||
@rem http://www.apache.org/licenses/LICENSE-2.0
|
||||
@rem
|
||||
@rem Unless required by applicable law or agreed to in writing, software
|
||||
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
@rem See the License for the specific language governing permissions and
|
||||
@rem limitations under the License.
|
||||
@rem
|
||||
|
||||
@if "%DEBUG%" == "" @echo off
|
||||
@rem ##########################################################################
|
||||
@rem
|
||||
@rem Gradle startup script for Windows
|
||||
@rem
|
||||
@rem ##########################################################################
|
||||
|
||||
@rem Set local scope for the variables with windows NT shell
|
||||
if "%OS%"=="Windows_NT" setlocal
|
||||
|
||||
set DIRNAME=%~dp0
|
||||
if "%DIRNAME%" == "" set DIRNAME=.
|
||||
set APP_BASE_NAME=%~n0
|
||||
set APP_HOME=%DIRNAME%
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
|
||||
|
||||
@rem Find java.exe
|
||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:findJavaFromJavaHome
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:init
|
||||
@rem Get command-line arguments, handling Windows variants
|
||||
|
||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
||||
|
||||
:win9xME_args
|
||||
@rem Slurp the command line arguments.
|
||||
set CMD_LINE_ARGS=
|
||||
set _SKIP=2
|
||||
|
||||
:win9xME_args_slurp
|
||||
if "x%~1" == "x" goto execute
|
||||
|
||||
set CMD_LINE_ARGS=%*
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
||||
|
||||
:fail
|
||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||
rem the _cmd.exe /c_ return code!
|
||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
||||
exit /b 1
|
||||
|
||||
:mainEnd
|
||||
if "%OS%"=="Windows_NT" endlocal
|
||||
|
||||
:omega
|
||||
|
||||
@@ -105,7 +105,7 @@ public class HttpMxisd {
|
||||
.get(SessionValidateHandler.Path, SaneHandler.around(new SessionValidationGetHandler(m.getSession(), m.getConfig())))
|
||||
.post(SessionValidateHandler.Path, SaneHandler.around(new SessionValidationPostHandler(m.getSession())))
|
||||
.get(SessionTpidGetValidatedHandler.Path, SaneHandler.around(new SessionTpidGetValidatedHandler(m.getSession())))
|
||||
.post(SessionTpidBindHandler.Path, SaneHandler.around(new SessionTpidBindHandler(m.getSession(), m.getInvite())))
|
||||
.post(SessionTpidBindHandler.Path, SaneHandler.around(new SessionTpidBindHandler(m.getSession(), m.getInvite(), m.getSign())))
|
||||
.post(SessionTpidUnbindHandler.Path, SaneHandler.around(new SessionTpidUnbindHandler(m.getSession())))
|
||||
.post(SignEd25519Handler.Path, SaneHandler.around(new SignEd25519Handler(m.getConfig(), m.getInvite(), m.getSign())))
|
||||
|
||||
|
||||
@@ -107,7 +107,7 @@ public class Mxisd {
|
||||
|
||||
store = new OrmLiteSqlStorage(cfg);
|
||||
keyMgr = CryptoFactory.getKeyManager(cfg.getKey());
|
||||
signMgr = CryptoFactory.getSignatureManager(keyMgr);
|
||||
signMgr = CryptoFactory.getSignatureManager(cfg, keyMgr);
|
||||
clientDns = new ClientDnsOverwrite(cfg.getDns().getOverwrite());
|
||||
|
||||
synapse = new Synapse(cfg.getSynapseSql());
|
||||
@@ -118,7 +118,7 @@ public class Mxisd {
|
||||
idStrategy = new RecursivePriorityLookupStrategy(cfg.getLookup(), ThreePidProviders.get(), bridgeFetcher);
|
||||
pMgr = new ProfileManager(ProfileProviders.get(), clientDns, httpClient);
|
||||
notifMgr = new NotificationManager(cfg.getNotification(), NotificationHandlers.get());
|
||||
sessMgr = new SessionManager(cfg.getSession(), cfg.getMatrix(), store, notifMgr, idStrategy, httpClient);
|
||||
sessMgr = new SessionManager(cfg.getSession(), cfg.getMatrix(), store, notifMgr, idStrategy);
|
||||
invMgr = new InvitationManager(cfg, store, idStrategy, keyMgr, signMgr, resolver, notifMgr, pMgr);
|
||||
authMgr = new AuthManager(cfg, AuthProviders.get(), idStrategy, invMgr, clientDns, httpClient);
|
||||
dirMgr = new DirectoryManager(cfg.getDirectory(), clientDns, httpClient, DirectoryProviders.get());
|
||||
|
||||
@@ -176,10 +176,12 @@ public class AppSvcManager {
|
||||
ensureEnabled();
|
||||
|
||||
if (StringUtils.isBlank(token)) {
|
||||
log.info("Denying request without a HS token");
|
||||
throw new HttpMatrixException(401, "M_UNAUTHORIZED", "No HS token");
|
||||
}
|
||||
|
||||
if (!StringUtils.equals(cfg.getEndpoint().getToAS().getToken(), token)) {
|
||||
log.info("Denying request with an invalid HS token");
|
||||
throw new NotAllowedException("Invalid HS token");
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,6 @@ import io.kamax.matrix._MatrixID;
|
||||
import io.kamax.matrix._ThreePid;
|
||||
import io.kamax.matrix.client.as.MatrixApplicationServiceClient;
|
||||
import io.kamax.matrix.event.EventKey;
|
||||
import io.kamax.matrix.hs._MatrixRoom;
|
||||
import io.kamax.mxisd.Mxisd;
|
||||
import io.kamax.mxisd.backend.sql.synapse.Synapse;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
@@ -81,7 +80,7 @@ public class MembershipEventProcessor implements EventTypeProcessor {
|
||||
|
||||
_MatrixID target = MatrixID.asAcceptable(targetId);
|
||||
if (!StringUtils.equals(target.getDomain(), cfg.getMatrix().getDomain())) {
|
||||
log.debug("Ignoring invite for {}: not a local user");
|
||||
log.debug("Ignoring invite for {}: not a local user", targetId);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -89,10 +88,9 @@ public class MembershipEventProcessor implements EventTypeProcessor {
|
||||
|
||||
boolean isForMainUser = StringUtils.equals(target.getLocalPart(), cfg.getAppsvc().getUser().getMain());
|
||||
boolean isForExpInvUser = StringUtils.equals(target.getLocalPart(), cfg.getAppsvc().getUser().getInviteExpired());
|
||||
boolean isUs = isForMainUser || isForExpInvUser;
|
||||
|
||||
if (StringUtils.equals("join", EventKey.Membership.getStringOrNull(content))) {
|
||||
if (!isForMainUser) {
|
||||
if (isForExpInvUser) {
|
||||
log.warn("We joined the room {} for another identity as the main user, which is not supported. Leaving...", roomId);
|
||||
|
||||
client.getUser(target.getLocalPart()).getRoom(roomId).tryLeave().ifPresent(err -> {
|
||||
@@ -108,10 +106,7 @@ public class MembershipEventProcessor implements EventTypeProcessor {
|
||||
processForUserIdInvite(roomId, sender, target);
|
||||
}
|
||||
} else if (StringUtils.equals("leave", EventKey.Membership.getStringOrNull(content))) {
|
||||
_MatrixRoom room = client.getRoom(roomId);
|
||||
if (!isUs && room.getJoinedUsers().size() == 1) {
|
||||
// TODO we need to find out if this is only us remaining and leave the room if so, using the right client for it
|
||||
}
|
||||
// TODO we need to find out if this is only us remaining and leave the room if so, using the right client for it
|
||||
} else {
|
||||
log.debug("This is not an supported type of membership event, skipping");
|
||||
}
|
||||
|
||||
@@ -64,6 +64,8 @@ import java.util.Objects;
|
||||
|
||||
public class AuthManager {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(AuthManager.class);
|
||||
|
||||
private static final String TypeKey = "type";
|
||||
private static final String UserKey = "user";
|
||||
private static final String IdentifierKey = "identifier";
|
||||
@@ -72,7 +74,6 @@ public class AuthManager {
|
||||
private static final String UserIdTypeValue = "m.id.user";
|
||||
private static final String ThreepidTypeValue = "m.id.thirdparty";
|
||||
|
||||
private transient final Logger log = LoggerFactory.getLogger(AuthManager.class);
|
||||
private final Gson gson = GsonUtil.get(); // FIXME replace
|
||||
|
||||
private List<AuthenticatorProvider> providers;
|
||||
@@ -138,6 +139,12 @@ public class AuthManager {
|
||||
invMgr.publishMappingIfInvited(new ThreePidMapping(pid, mxId));
|
||||
}
|
||||
|
||||
try {
|
||||
MatrixID.asValid(mxId);
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("The returned User ID {} is not a valid Matrix ID. Login might fail at the Homeserver level", mxId);
|
||||
}
|
||||
|
||||
invMgr.lookupMappingsForInvites();
|
||||
|
||||
return authResult;
|
||||
|
||||
@@ -83,6 +83,12 @@ public class MxisdConfig {
|
||||
|
||||
}
|
||||
|
||||
public static MxisdConfig forDomain(String domain) {
|
||||
MxisdConfig cfg = new MxisdConfig();
|
||||
cfg.getMatrix().setDomain(domain);
|
||||
return cfg;
|
||||
}
|
||||
|
||||
private AppServiceConfig appsvc = new AppServiceConfig();
|
||||
private AuthenticationConfig auth = new AuthenticationConfig();
|
||||
private DirectoryConfig directory = new DirectoryConfig();
|
||||
@@ -309,6 +315,13 @@ public class MxisdConfig {
|
||||
this.wordpress = wordpress;
|
||||
}
|
||||
|
||||
public MxisdConfig inMemory() {
|
||||
getKey().setPath(":memory:");
|
||||
getStorage().getProvider().getSqlite().setDatabase(":memory:");
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
public MxisdConfig build() {
|
||||
if (StringUtils.isBlank(getServer().getName())) {
|
||||
getServer().setName(getMatrix().getDomain());
|
||||
|
||||
@@ -20,7 +20,6 @@
|
||||
|
||||
package io.kamax.mxisd.config.threepid.notification;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.ThreePidMedium;
|
||||
import io.kamax.mxisd.threepid.notification.email.EmailRawNotificationHandler;
|
||||
import io.kamax.mxisd.threepid.notification.phone.PhoneNotificationHandler;
|
||||
@@ -35,7 +34,7 @@ public class NotificationConfig {
|
||||
private transient final Logger log = LoggerFactory.getLogger(NotificationConfig.class);
|
||||
|
||||
private Map<String, String> handler = new HashMap<>();
|
||||
private Map<String, JsonObject> handlers = new HashMap<>();
|
||||
private Map<String, Object> handlers = new HashMap<>();
|
||||
|
||||
public NotificationConfig() {
|
||||
handler.put(ThreePidMedium.Email.getId(), EmailRawNotificationHandler.ID);
|
||||
@@ -50,11 +49,11 @@ public class NotificationConfig {
|
||||
this.handler = handler;
|
||||
}
|
||||
|
||||
public Map<String, JsonObject> getHandlers() {
|
||||
public Map<String, Object> getHandlers() {
|
||||
return handlers;
|
||||
}
|
||||
|
||||
public void setHandlers(Map<String, JsonObject> handlers) {
|
||||
public void setHandlers(Map<String, Object> handlers) {
|
||||
this.handlers = handlers;
|
||||
}
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@
|
||||
package io.kamax.mxisd.crypto;
|
||||
|
||||
import io.kamax.mxisd.config.KeyConfig;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.crypto.ed25519.Ed25519KeyManager;
|
||||
import io.kamax.mxisd.crypto.ed25519.Ed25519SignatureManager;
|
||||
import io.kamax.mxisd.storage.crypto.FileKeyStore;
|
||||
@@ -54,8 +55,8 @@ public class CryptoFactory {
|
||||
return new Ed25519KeyManager(store);
|
||||
}
|
||||
|
||||
public static SignatureManager getSignatureManager(Ed25519KeyManager keyMgr) {
|
||||
return new Ed25519SignatureManager(keyMgr);
|
||||
public static SignatureManager getSignatureManager(MxisdConfig cfg, Ed25519KeyManager keyMgr) {
|
||||
return new Ed25519SignatureManager(cfg, keyMgr);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -20,12 +20,57 @@
|
||||
|
||||
package io.kamax.mxisd.crypto;
|
||||
|
||||
import com.google.gson.JsonElement;
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.event.EventKey;
|
||||
import io.kamax.matrix.json.MatrixJson;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Objects;
|
||||
|
||||
public interface SignatureManager {
|
||||
|
||||
/**
|
||||
* Sign the message with the default domain and add the signature to the <code>signatures</code> key.
|
||||
* <p>
|
||||
* If the key does not exist yet, it is created. If the key exist, the produced signature will be merged with any
|
||||
* existing ones.
|
||||
*
|
||||
* @param message The message to sign with the default domain and add the produced signature to
|
||||
* @return The provided message with the new signature
|
||||
* @throws IllegalArgumentException If the <code>signatures</code> key exists and its value is not a JSON object
|
||||
*/
|
||||
JsonObject signMessageGson(JsonObject message) throws IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* Sign the message and add the signature to the <code>signatures</code> key.
|
||||
* <p>
|
||||
* If the key does not exist yet, it is created. If the key exist, the produced signature will be merged with any
|
||||
* existing ones.
|
||||
*
|
||||
* @param domain The domain under which the signature should be added
|
||||
* @param message The message to sign and add the produced signature to
|
||||
* @return The provided message with the new signature
|
||||
* @throws IllegalArgumentException If the <code>signatures</code> key exists and its value is not a JSON object
|
||||
*/
|
||||
default JsonObject signMessageGson(String domain, JsonObject message) throws IllegalArgumentException {
|
||||
JsonElement signEl = message.remove(EventKey.Signatures.get());
|
||||
JsonObject oldSigns = new JsonObject();
|
||||
if (!Objects.isNull(signEl)) {
|
||||
if (!signEl.isJsonObject()) {
|
||||
throw new IllegalArgumentException("Message contains a signatures key that is not a JSON object value");
|
||||
}
|
||||
|
||||
oldSigns = signEl.getAsJsonObject();
|
||||
}
|
||||
|
||||
JsonObject newSigns = signMessageGson(domain, MatrixJson.encodeCanonical(message));
|
||||
oldSigns.entrySet().forEach(entry -> newSigns.add(entry.getKey(), entry.getValue()));
|
||||
message.add(EventKey.Signatures.get(), newSigns);
|
||||
|
||||
return message;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign the message and produce a <code>signatures</code> object that can directly be added to the object being signed.
|
||||
*
|
||||
|
||||
@@ -23,6 +23,8 @@ package io.kamax.mxisd.crypto.ed25519;
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.codec.MxBase64;
|
||||
import io.kamax.matrix.json.MatrixJson;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.config.ServerConfig;
|
||||
import io.kamax.mxisd.crypto.KeyIdentifier;
|
||||
import io.kamax.mxisd.crypto.Signature;
|
||||
import io.kamax.mxisd.crypto.SignatureManager;
|
||||
@@ -35,12 +37,19 @@ import java.security.SignatureException;
|
||||
|
||||
public class Ed25519SignatureManager implements SignatureManager {
|
||||
|
||||
private final ServerConfig cfg;
|
||||
private final Ed25519KeyManager keyMgr;
|
||||
|
||||
public Ed25519SignatureManager(Ed25519KeyManager keyMgr) {
|
||||
public Ed25519SignatureManager(MxisdConfig cfg, Ed25519KeyManager keyMgr) {
|
||||
this.cfg = cfg.getServer();
|
||||
this.keyMgr = keyMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public JsonObject signMessageGson(JsonObject message) throws IllegalArgumentException {
|
||||
return signMessageGson(cfg.getName(), message);
|
||||
}
|
||||
|
||||
@Override
|
||||
public JsonObject signMessageGson(String domain, String message) {
|
||||
Signature sign = sign(message);
|
||||
|
||||
@@ -33,8 +33,7 @@ public class InternalServerError extends HttpMatrixException {
|
||||
super(
|
||||
HttpStatus.SC_INTERNAL_SERVER_ERROR,
|
||||
"M_UNKNOWN",
|
||||
"An internal server error occured. If this error persists, please contact support with reference #" +
|
||||
Instant.now().toEpochMilli()
|
||||
"An internal server error occurred. Contact your administrator with reference Transaction #" + Instant.now().toEpochMilli()
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -97,7 +97,7 @@ public class SaneHandler extends BasicHttpHandler {
|
||||
if (StringUtils.isNotBlank(e.getInternalReason())) {
|
||||
log.error("Transaction #{} - {}", e.getReference(), e.getInternalReason());
|
||||
} else {
|
||||
log.error("Transaction #{}", e);
|
||||
log.error("Transaction #{}", e.getReference(), e);
|
||||
}
|
||||
|
||||
handleException(exchange, e);
|
||||
|
||||
@@ -36,7 +36,7 @@ public class RestAuthHandler extends BasicHttpHandler {
|
||||
|
||||
public static final String Path = "/_matrix-internal/identity/v1/check_credentials";
|
||||
|
||||
private transient final Logger log = LoggerFactory.getLogger(RestAuthHandler.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(RestAuthHandler.class);
|
||||
|
||||
private AuthManager mgr;
|
||||
|
||||
@@ -45,7 +45,7 @@ public class RestAuthHandler extends BasicHttpHandler {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void handleRequest(HttpServerExchange exchange) throws Exception {
|
||||
public void handleRequest(HttpServerExchange exchange) {
|
||||
JsonObject authData = parseJsonObject(exchange, "user");
|
||||
if (!authData.has("id") || !authData.has("password")) {
|
||||
throw new JsonMemberNotFoundException("Missing id or password keys");
|
||||
|
||||
@@ -40,7 +40,7 @@ public class UserDirectorySearchHandler extends HomeserverProxyHandler {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void handleRequest(HttpServerExchange exchange) throws Exception {
|
||||
public void handleRequest(HttpServerExchange exchange) {
|
||||
String accessToken = getAccessToken(exchange);
|
||||
UserDirectorySearchRequest searchQuery = parseJsonTo(exchange, UserDirectorySearchRequest.class);
|
||||
URI target = URI.create(exchange.getRequestURL());
|
||||
|
||||
@@ -37,7 +37,7 @@ public class BulkLookupHandler extends LookupHandler {
|
||||
|
||||
public static final String Path = IsAPIv1.Base + "/bulk_lookup";
|
||||
|
||||
private transient final Logger log = LoggerFactory.getLogger(SingleLookupHandler.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(SingleLookupHandler.class);
|
||||
|
||||
private LookupStrategy strategy;
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ public class EphemeralKeyIsValidHandler extends KeyIsValidHandler {
|
||||
|
||||
public static final String Path = IsAPIv1.Base + "/pubkey/ephemeral/isvalid";
|
||||
|
||||
private transient final Logger log = LoggerFactory.getLogger(EphemeralKeyIsValidHandler.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(EphemeralKeyIsValidHandler.class);
|
||||
|
||||
private KeyManager mgr;
|
||||
|
||||
|
||||
@@ -21,11 +21,15 @@
|
||||
package io.kamax.mxisd.http.undertow.handler.identity.v1;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.json.GsonUtil;
|
||||
import io.kamax.mxisd.crypto.SignatureManager;
|
||||
import io.kamax.mxisd.exception.BadRequestException;
|
||||
import io.kamax.mxisd.http.IsAPIv1;
|
||||
import io.kamax.mxisd.http.io.identity.BindRequest;
|
||||
import io.kamax.mxisd.http.io.identity.SingeLookupReplyJson;
|
||||
import io.kamax.mxisd.http.undertow.handler.BasicHttpHandler;
|
||||
import io.kamax.mxisd.invitation.InvitationManager;
|
||||
import io.kamax.mxisd.lookup.SingleLookupReply;
|
||||
import io.kamax.mxisd.session.SessionManager;
|
||||
import io.undertow.server.HttpServerExchange;
|
||||
import io.undertow.util.QueryParameterUtils;
|
||||
@@ -42,14 +46,16 @@ public class SessionTpidBindHandler extends BasicHttpHandler {
|
||||
|
||||
public static final String Path = IsAPIv1.Base + "/3pid/bind";
|
||||
|
||||
private transient final Logger log = LoggerFactory.getLogger(SessionTpidBindHandler.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(SessionTpidBindHandler.class);
|
||||
|
||||
private SessionManager mgr;
|
||||
private InvitationManager invMgr;
|
||||
private SignatureManager signMgr;
|
||||
|
||||
public SessionTpidBindHandler(SessionManager mgr, InvitationManager invMgr) {
|
||||
public SessionTpidBindHandler(SessionManager mgr, InvitationManager invMgr, SignatureManager signMgr) {
|
||||
this.mgr = mgr;
|
||||
this.invMgr = invMgr;
|
||||
this.signMgr = signMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -74,8 +80,9 @@ public class SessionTpidBindHandler extends BasicHttpHandler {
|
||||
}
|
||||
|
||||
try {
|
||||
mgr.bind(bindReq.getSid(), bindReq.getSecret(), bindReq.getUserId());
|
||||
respond(exchange, new JsonObject());
|
||||
SingleLookupReply lookup = mgr.bind(bindReq.getSid(), bindReq.getSecret(), bindReq.getUserId());
|
||||
JsonObject response = signMgr.signMessageGson(GsonUtil.makeObj(new SingeLookupReplyJson(lookup)));
|
||||
respond(exchange, response);
|
||||
} catch (BadRequestException e) {
|
||||
log.info("requested session was not validated");
|
||||
|
||||
|
||||
@@ -21,9 +21,7 @@
|
||||
package io.kamax.mxisd.http.undertow.handler.identity.v1;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.event.EventKey;
|
||||
import io.kamax.matrix.json.GsonUtil;
|
||||
import io.kamax.matrix.json.MatrixJson;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.config.ServerConfig;
|
||||
import io.kamax.mxisd.crypto.SignatureManager;
|
||||
@@ -73,11 +71,8 @@ public class SingleLookupHandler extends LookupHandler {
|
||||
respondJson(exchange, "{}");
|
||||
} else {
|
||||
SingleLookupReply lookup = lookupOpt.get();
|
||||
|
||||
// FIXME signing should be done in the business model, not in the controller
|
||||
JsonObject obj = GsonUtil.makeObj(new SingeLookupReplyJson(lookup));
|
||||
obj.add(EventKey.Signatures.get(), signMgr.signMessageGson(cfg.getName(), MatrixJson.encodeCanonical(obj)));
|
||||
|
||||
signMgr.signMessageGson(cfg.getName(), obj);
|
||||
respondJson(exchange, obj);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -111,11 +111,11 @@ public class InvitationManager {
|
||||
this.notifMgr = notifMgr;
|
||||
this.profileMgr = profileMgr;
|
||||
|
||||
log.info("Loading saved invites");
|
||||
log.debug("Loading saved invites");
|
||||
Collection<ThreePidInviteIO> ioList = storage.getInvites();
|
||||
ioList.forEach(io -> {
|
||||
io.getProperties().putIfAbsent(CreatedAtPropertyKey, defaultCreateTs);
|
||||
log.info("Processing invite {}", GsonUtil.get().toJson(io));
|
||||
log.debug("Processing invite {}", GsonUtil.get().toJson(io));
|
||||
ThreePidInvite invite = new ThreePidInvite(
|
||||
MatrixID.asAcceptable(io.getSender()),
|
||||
io.getMedium(),
|
||||
@@ -127,6 +127,7 @@ public class InvitationManager {
|
||||
ThreePidInviteReply reply = new ThreePidInviteReply(io.getId(), invite, io.getToken(), "", Collections.emptyList());
|
||||
invitations.put(reply.getId(), reply);
|
||||
});
|
||||
log.info("Loaded saved invites");
|
||||
|
||||
// FIXME export such madness into matrix-java-sdk with a nice wrapper to talk to a homeserver
|
||||
try {
|
||||
@@ -511,6 +512,9 @@ public class InvitationManager {
|
||||
publishMapping(reply, lookup.getMxid().getId());
|
||||
} else {
|
||||
log.info("No mapping for pending invite {}", getIdForLog(reply));
|
||||
if (lookupMgr.getLocalProviders().isEmpty()) {
|
||||
log.warn("No Identity store has been configured, this invite may never resolve");
|
||||
}
|
||||
}
|
||||
} catch (Throwable t) {
|
||||
log.error("Unable to process invite", t);
|
||||
|
||||
@@ -72,7 +72,7 @@ public class SingleLookupReply {
|
||||
}
|
||||
|
||||
public SingleLookupReply(SingleLookupRequest request, _MatrixID mxid) {
|
||||
this(request, mxid, Instant.now(), Instant.ofEpochMilli(0), Instant.ofEpochMilli(253402300799000L));
|
||||
this(request, mxid, Instant.now(), Instant.now().minusSeconds(60), Instant.now().plusSeconds(5 * 60));
|
||||
}
|
||||
|
||||
public SingleLookupReply(SingleLookupRequest request, _MatrixID mxid, Instant timestamp, Instant notBefore, Instant notAfter) {
|
||||
|
||||
@@ -205,6 +205,7 @@ public class HomeserverFederationResolver {
|
||||
if (s4.isPresent()) {
|
||||
URL dest = s4.get();
|
||||
log.info("Resolution of {} via DNS SRV record to {}", domain, dest);
|
||||
return dest;
|
||||
}
|
||||
|
||||
URL dest = build(domain + ":" + getDefaultPort());
|
||||
|
||||
@@ -79,7 +79,7 @@ public class IdentityServerUtils {
|
||||
|
||||
JsonElement el = parser.parse(IOUtils.toString(res.getEntity().getContent(), StandardCharsets.UTF_8));
|
||||
if (!el.isJsonObject()) {
|
||||
log.debug("IS {} did not send back an empty JSON object as per spec, not a valid IS");
|
||||
log.debug("IS {} did not send back an empty JSON object as per spec, not a valid IS", remote);
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -90,7 +90,7 @@ public class IdentityServerUtils {
|
||||
}
|
||||
}
|
||||
|
||||
public static String getSrvRecordName(String domain) {
|
||||
private static String getSrvRecordName(String domain) {
|
||||
return "_matrix-identity._tcp." + domain;
|
||||
}
|
||||
|
||||
|
||||
@@ -32,6 +32,7 @@ import io.kamax.mxisd.exception.NotImplementedException;
|
||||
import io.kamax.mxisd.exception.SessionNotValidatedException;
|
||||
import io.kamax.mxisd.exception.SessionUnknownException;
|
||||
import io.kamax.mxisd.lookup.SingleLookupReply;
|
||||
import io.kamax.mxisd.lookup.SingleLookupRequest;
|
||||
import io.kamax.mxisd.lookup.ThreePidValidation;
|
||||
import io.kamax.mxisd.lookup.strategy.LookupStrategy;
|
||||
import io.kamax.mxisd.notification.NotificationManager;
|
||||
@@ -40,7 +41,6 @@ import io.kamax.mxisd.storage.dao.IThreePidSessionDao;
|
||||
import io.kamax.mxisd.threepid.session.ThreePidSession;
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@@ -58,23 +58,18 @@ public class SessionManager {
|
||||
private NotificationManager notifMgr;
|
||||
private LookupStrategy lookupMgr;
|
||||
|
||||
// FIXME export into central class, set version
|
||||
private CloseableHttpClient client;
|
||||
|
||||
public SessionManager(
|
||||
SessionConfig cfg,
|
||||
MatrixConfig mxCfg,
|
||||
IStorage storage,
|
||||
NotificationManager notifMgr,
|
||||
LookupStrategy lookupMgr,
|
||||
CloseableHttpClient client
|
||||
LookupStrategy lookupMgr
|
||||
) {
|
||||
this.cfg = cfg;
|
||||
this.mxCfg = mxCfg;
|
||||
this.storage = storage;
|
||||
this.notifMgr = notifMgr;
|
||||
this.lookupMgr = lookupMgr;
|
||||
this.client = client;
|
||||
}
|
||||
|
||||
private ThreePidSession getSession(String sid, String secret) {
|
||||
@@ -128,7 +123,7 @@ public class SessionManager {
|
||||
log.info("Generated new session {} to validate {} from server {}", sessionId, tpid, server);
|
||||
|
||||
storage.insertThreePidSession(session.getDao());
|
||||
log.info("Stored session {}", sessionId, tpid, server);
|
||||
log.info("Stored session {}", sessionId);
|
||||
|
||||
log.info("Session {} for {}: sending validation notification", sessionId, tpid);
|
||||
notifMgr.sendForValidation(session);
|
||||
@@ -157,7 +152,7 @@ public class SessionManager {
|
||||
return new ThreePidValidation(session.getThreePid(), session.getValidationTime());
|
||||
}
|
||||
|
||||
public void bind(String sid, String secret, String mxidRaw) {
|
||||
public SingleLookupReply bind(String sid, String secret, String mxidRaw) {
|
||||
// We make sure we have an acceptable User ID
|
||||
if (StringUtils.isEmpty(mxidRaw)) {
|
||||
throw new IllegalArgumentException("No Matrix User ID provided");
|
||||
@@ -171,11 +166,16 @@ public class SessionManager {
|
||||
|
||||
// Only accept binds if the domain matches our own
|
||||
if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
|
||||
throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg + " can be bound");
|
||||
throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be bound");
|
||||
}
|
||||
|
||||
log.info("Session {}: Binding of {}:{} to Matrix ID {} is accepted",
|
||||
session.getId(), session.getThreePid().getMedium(), session.getThreePid().getAddress(), mxid.getId());
|
||||
|
||||
SingleLookupRequest request = new SingleLookupRequest();
|
||||
request.setType(session.getThreePid().getMedium());
|
||||
request.setThreePid(session.getThreePid().getAddress());
|
||||
return new SingleLookupReply(request, mxid);
|
||||
}
|
||||
|
||||
public void unbind(JsonObject reqData) {
|
||||
@@ -196,6 +196,7 @@ public class SessionManager {
|
||||
*/
|
||||
|
||||
log.warn("A remote host attempted to unbind without proper authorization. Request was denied");
|
||||
log.warn("See https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy for more info");
|
||||
|
||||
if (!cfg.getPolicy().getUnbind().getFraudulent().getSendWarning()) {
|
||||
log.info("Not sending notification to 3PID owner as per configuration");
|
||||
|
||||
@@ -21,10 +21,12 @@
|
||||
package io.kamax.mxisd.threepid.connector.phone;
|
||||
|
||||
import com.twilio.Twilio;
|
||||
import com.twilio.exception.ApiException;
|
||||
import com.twilio.rest.api.v2010.account.Message;
|
||||
import com.twilio.type.PhoneNumber;
|
||||
import io.kamax.mxisd.config.threepid.connector.PhoneTwilioConfig;
|
||||
import io.kamax.mxisd.exception.BadRequestException;
|
||||
import io.kamax.mxisd.exception.InternalServerError;
|
||||
import io.kamax.mxisd.exception.NotImplementedException;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -52,12 +54,17 @@ public class PhoneSmsTwilioConnector implements PhoneConnector {
|
||||
@Override
|
||||
public void send(String recipient, String content) {
|
||||
if (StringUtils.isBlank(cfg.getAccountSid()) || StringUtils.isBlank(cfg.getAuthToken()) || StringUtils.isBlank(cfg.getNumber())) {
|
||||
throw new BadRequestException("Phone numbers cannot be validated at this time. Contact your administrator.");
|
||||
log.error("Twilio connector in not fully configured and is missing mandatory configuration values.");
|
||||
throw new NotImplementedException("Phone numbers cannot be validated at this time. Contact your administrator.");
|
||||
}
|
||||
|
||||
recipient = "+" + recipient;
|
||||
log.info("Sending SMS notification from {} to {} with {} characters", cfg.getNumber(), recipient, content.length());
|
||||
Message.creator(new PhoneNumber("+" + recipient), new PhoneNumber(cfg.getNumber()), content).create();
|
||||
try {
|
||||
Message.creator(new PhoneNumber("+" + recipient), new PhoneNumber(cfg.getNumber()), content).create();
|
||||
} catch (ApiException e) {
|
||||
throw new InternalServerError(e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -27,8 +27,9 @@ import io.kamax.mxisd.http.IsAPIv1;
|
||||
import io.kamax.mxisd.invitation.IMatrixIdInvite;
|
||||
import io.kamax.mxisd.invitation.IThreePidInviteReply;
|
||||
import io.kamax.mxisd.threepid.session.IThreePidSession;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import io.kamax.mxisd.util.RestClientUtils;
|
||||
import org.apache.commons.lang.WordUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import static io.kamax.mxisd.http.io.identity.StoreInviteRequest.Keys.RoomName;
|
||||
import static io.kamax.mxisd.http.io.identity.StoreInviteRequest.Keys.SenderDisplayName;
|
||||
@@ -46,16 +47,26 @@ public abstract class PlaceholderNotificationGenerator {
|
||||
}
|
||||
|
||||
protected String populateForCommon(ThreePid recipient, String input) {
|
||||
if (StringUtils.isBlank(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
String domainPretty = WordUtils.capitalizeFully(mxCfg.getDomain());
|
||||
|
||||
return input
|
||||
.replace("%DOMAIN%", mxCfg.getDomain())
|
||||
.replace("%DOMAIN_PRETTY%", domainPretty)
|
||||
.replace("%RECIPIENT_MEDIUM%", recipient.getMedium())
|
||||
.replace("%RECIPIENT_ADDRESS%", recipient.getAddress());
|
||||
.replace("%RECIPIENT_MEDIUM_URL_ENCODED%", RestClientUtils.urlEncode(recipient.getMedium()))
|
||||
.replace("%RECIPIENT_ADDRESS%", recipient.getAddress())
|
||||
.replace("%RECIPIENT_ADDRESS_URL_ENCODED%", RestClientUtils.urlEncode(recipient.getAddress()));
|
||||
}
|
||||
|
||||
protected String populateForInvite(IMatrixIdInvite invite, String input) {
|
||||
if (StringUtils.isBlank(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
String senderName = invite.getProperties().getOrDefault(SenderDisplayName, "");
|
||||
String senderNameOrId = StringUtils.defaultIfBlank(senderName, invite.getSender().getId());
|
||||
String roomName = invite.getProperties().getOrDefault(RoomName, "");
|
||||
@@ -72,6 +83,10 @@ public abstract class PlaceholderNotificationGenerator {
|
||||
}
|
||||
|
||||
protected String populateForReply(IThreePidInviteReply invite, String input) {
|
||||
if (StringUtils.isBlank(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
ThreePid tpid = new ThreePid(invite.getInvite().getMedium(), invite.getInvite().getAddress());
|
||||
|
||||
String senderName = invite.getInvite().getProperties().getOrDefault(SenderDisplayName, "");
|
||||
@@ -86,13 +101,19 @@ public abstract class PlaceholderNotificationGenerator {
|
||||
.replace("%SENDER_NAME%", senderName)
|
||||
.replace("%SENDER_NAME_OR_ID%", senderNameOrId)
|
||||
.replace("%INVITE_MEDIUM%", tpid.getMedium())
|
||||
.replace("%INVITE_MEDIUM_URL_ENCODED%", RestClientUtils.urlEncode(tpid.getMedium()))
|
||||
.replace("%INVITE_ADDRESS%", tpid.getAddress())
|
||||
.replace("%INVITE_ADDRESS_URL_ENCODED%", RestClientUtils.urlEncode(tpid.getAddress()))
|
||||
.replace("%ROOM_ID%", invite.getInvite().getRoomId())
|
||||
.replace("%ROOM_NAME%", roomName)
|
||||
.replace("%ROOM_NAME_OR_ID%", roomNameOrId);
|
||||
}
|
||||
|
||||
protected String populateForValidation(IThreePidSession session, String input) {
|
||||
if (StringUtils.isBlank(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
String validationLink = srvCfg.getPublicUrl() + IsAPIv1.getValidate(
|
||||
session.getThreePid().getMedium(),
|
||||
session.getId(),
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
|
||||
package io.kamax.mxisd.threepid.notification;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonSyntaxException;
|
||||
import io.kamax.matrix.ThreePidMedium;
|
||||
import io.kamax.matrix.json.GsonUtil;
|
||||
import io.kamax.mxisd.Mxisd;
|
||||
@@ -65,13 +65,18 @@ public class BuiltInNotificationHandlerSupplier implements NotificationHandlerSu
|
||||
if (StringUtils.equals(EmailRawNotificationHandler.ID, handler)) {
|
||||
Object o = mxisd.getConfig().getThreepid().getMedium().get(ThreePidMedium.Email.getId());
|
||||
if (Objects.nonNull(o)) {
|
||||
EmailConfig emailCfg = GsonUtil.get().fromJson(GsonUtil.makeObj(o), EmailConfig.class);
|
||||
EmailConfig emailCfg;
|
||||
try {
|
||||
emailCfg = GsonUtil.get().fromJson(GsonUtil.makeObj(o), EmailConfig.class);
|
||||
} catch (JsonSyntaxException e) {
|
||||
throw new ConfigurationException("Invalid configuration for threepid email notification");
|
||||
}
|
||||
|
||||
if (org.apache.commons.lang.StringUtils.isBlank(emailCfg.getGenerator())) {
|
||||
if (StringUtils.isBlank(emailCfg.getGenerator())) {
|
||||
throw new ConfigurationException("notification.email.generator");
|
||||
}
|
||||
|
||||
if (org.apache.commons.lang.StringUtils.isBlank(emailCfg.getConnector())) {
|
||||
if (StringUtils.isBlank(emailCfg.getConnector())) {
|
||||
throw new ConfigurationException("notification.email.connector");
|
||||
}
|
||||
|
||||
@@ -94,9 +99,15 @@ public class BuiltInNotificationHandlerSupplier implements NotificationHandlerSu
|
||||
}
|
||||
|
||||
if (StringUtils.equals(EmailSendGridNotificationHandler.ID, handler)) {
|
||||
JsonObject cfgJson = mxisd.getConfig().getNotification().getHandlers().get(EmailSendGridNotificationHandler.ID);
|
||||
Object cfgJson = mxisd.getConfig().getNotification().getHandlers().get(EmailSendGridNotificationHandler.ID);
|
||||
if (Objects.nonNull(cfgJson)) {
|
||||
EmailSendGridConfig cfg = GsonUtil.get().fromJson(cfgJson, EmailSendGridConfig.class);
|
||||
EmailSendGridConfig cfg;
|
||||
try {
|
||||
cfg = GsonUtil.get().fromJson(GsonUtil.get().toJson(cfgJson), EmailSendGridConfig.class);
|
||||
} catch (JsonSyntaxException e) {
|
||||
throw new ConfigurationException("Invalid configuration for threepid email sendgrid handler");
|
||||
}
|
||||
|
||||
NotificationHandlers.register(() -> new EmailSendGridNotificationHandler(mxisd.getConfig(), cfg));
|
||||
}
|
||||
}
|
||||
@@ -107,7 +118,12 @@ public class BuiltInNotificationHandlerSupplier implements NotificationHandlerSu
|
||||
if (StringUtils.equals(PhoneNotificationHandler.ID, handler)) {
|
||||
Object o = mxisd.getConfig().getThreepid().getMedium().get(ThreePidMedium.PhoneNumber.getId());
|
||||
if (Objects.nonNull(o)) {
|
||||
PhoneConfig cfg = GsonUtil.get().fromJson(GsonUtil.makeObj(o), PhoneConfig.class);
|
||||
PhoneConfig cfg;
|
||||
try {
|
||||
cfg = GsonUtil.get().fromJson(GsonUtil.makeObj(o), PhoneConfig.class);
|
||||
} catch (JsonSyntaxException e) {
|
||||
throw new ConfigurationException("Invalid configuration for threepid msisdn notification");
|
||||
}
|
||||
|
||||
List<PhoneGenerator> generators = StreamSupport
|
||||
.stream(ServiceLoader.load(PhoneGeneratorSupplier.class).spliterator(), false)
|
||||
|
||||
@@ -33,7 +33,7 @@ import io.kamax.mxisd.notification.NotificationHandler;
|
||||
import io.kamax.mxisd.threepid.generator.PlaceholderNotificationGenerator;
|
||||
import io.kamax.mxisd.threepid.session.IThreePidSession;
|
||||
import io.kamax.mxisd.util.FileUtil;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@@ -86,6 +86,9 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen
|
||||
@Override
|
||||
public void sendForInvite(IMatrixIdInvite invite) {
|
||||
EmailTemplate template = cfg.getTemplates().getGeneric().get("matrixId");
|
||||
if (StringUtils.isAllBlank(template.getBody().getText(), template.getBody().getHtml())) {
|
||||
throw new FeatureNotAvailable("No template has been configured for Matrix ID invite notifications");
|
||||
}
|
||||
|
||||
Email email = getEmail();
|
||||
email.setSubject(populateForInvite(invite, template.getSubject()));
|
||||
@@ -98,6 +101,10 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen
|
||||
@Override
|
||||
public void sendForReply(IThreePidInviteReply invite) {
|
||||
EmailTemplate template = cfg.getTemplates().getInvite();
|
||||
if (StringUtils.isAllBlank(template.getBody().getText(), template.getBody().getHtml())) {
|
||||
throw new FeatureNotAvailable("No template has been configured for 3PID invite notifications");
|
||||
}
|
||||
|
||||
Email email = getEmail();
|
||||
email.setSubject(populateForReply(invite, template.getSubject()));
|
||||
email.setText(populateForReply(invite, getFromFile(template.getBody().getText())));
|
||||
@@ -109,6 +116,10 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen
|
||||
@Override
|
||||
public void sendForValidation(IThreePidSession session) {
|
||||
EmailTemplate template = cfg.getTemplates().getSession().getValidation();
|
||||
if (StringUtils.isAllBlank(template.getBody().getText(), template.getBody().getHtml())) {
|
||||
throw new FeatureNotAvailable("No template has been configured for validation notifications");
|
||||
}
|
||||
|
||||
Email email = getEmail();
|
||||
email.setSubject(populateForValidation(session, template.getSubject()));
|
||||
email.setText(populateForValidation(session, getFromFile(template.getBody().getText())));
|
||||
@@ -120,6 +131,10 @@ public class EmailSendGridNotificationHandler extends PlaceholderNotificationGen
|
||||
@Override
|
||||
public void sendForFraudulentUnbind(ThreePid tpid) {
|
||||
EmailTemplate template = cfg.getTemplates().getSession().getUnbind().getFraudulent();
|
||||
if (StringUtils.isAllBlank(template.getBody().getText(), template.getBody().getHtml())) {
|
||||
throw new FeatureNotAvailable("No template has been configured for fraudulent unbind notifications");
|
||||
}
|
||||
|
||||
Email email = getEmail();
|
||||
email.setSubject(populateForCommon(tpid, template.getSubject()));
|
||||
email.setText(populateForCommon(tpid, getFromFile(template.getBody().getText())));
|
||||
|
||||
@@ -25,12 +25,22 @@ import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.entity.ContentType;
|
||||
import org.apache.http.entity.StringEntity;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
public class RestClientUtils {
|
||||
|
||||
private static Gson gson = GsonUtil.build();
|
||||
|
||||
public static String urlEncode(String value) {
|
||||
try {
|
||||
return URLEncoder.encode(value, StandardCharsets.UTF_8.name());
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static HttpPost post(String url, String body) {
|
||||
StringEntity entity = new StringEntity(body, StandardCharsets.UTF_8);
|
||||
entity.setContentType(ContentType.APPLICATION_JSON.toString());
|
||||
|
||||
@@ -9,19 +9,12 @@ Content-Disposition: inline
|
||||
|
||||
Hi,
|
||||
|
||||
%SENDER_NAME_OR_ID% has invited you into a room [%ROOM_NAME_OR_ID%] on
|
||||
Matrix. To join the conversation, register an account on %REGISTER_URL%
|
||||
%SENDER_NAME_OR_ID% has invited you to the Matrix room [%ROOM_NAME_OR_ID%].
|
||||
To join the conversation, register an account using %REGISTER_URL%
|
||||
|
||||
You may be required to provide the same email used for this invite during registration.
|
||||
You can also register an account on a public server and get in touch with them.
|
||||
|
||||
|
||||
About Matrix:
|
||||
|
||||
Matrix is an open standard for interoperable, decentralised, real-time communication
|
||||
over IP, supporting group chat, file transfer, voice and video calling, integrations to
|
||||
other apps, bridges to other communication systems and much more. It can be used to power
|
||||
Instant Messaging, VoIP/WebRTC signalling, Internet of Things communication.
|
||||
|
||||
Thanks,
|
||||
|
||||
%DOMAIN_PRETTY% Admins
|
||||
@@ -39,26 +32,26 @@ Content-Disposition: inline
|
||||
<html lang="en">
|
||||
<head>
|
||||
<style type="text/css">
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
@@ -66,24 +59,17 @@ pre, code {
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td id="inner">
|
||||
<p>Hi,</p>
|
||||
<p>Hi,</p>
|
||||
|
||||
<p>%SENDER_NAME_OR_ID% has invited you into a room [%ROOM_NAME_OR_ID%] on
|
||||
Matrix. To join the conversation, register an account on <a href="%REGISTER_URL%">%DOMAIN%</a>.</p>
|
||||
<p>%SENDER_NAME_OR_ID% has invited you to the Matrix room [%ROOM_NAME_OR_ID%].<br/>
|
||||
To join the conversation, register an account on <a href="%REGISTER_URL%">%DOMAIN%</a>.</p>
|
||||
|
||||
<pYou can also register an account on a public server and get in touch with them.</p>
|
||||
<p>You may be required to provide the same email used for this invite during registration.<br/>
|
||||
You can also register an account on a public server and get in touch with them.</p>
|
||||
|
||||
<br>
|
||||
<p>About Matrix:</p>
|
||||
<p>Thanks,</p>
|
||||
|
||||
<p>Matrix is an open standard for interoperable, decentralised, real-time communication
|
||||
over IP, supporting group chat, file transfer, voice and video calling, integrations to
|
||||
other apps, bridges to other communication systems and much more. It can be used to power
|
||||
Instant Messaging, VoIP/WebRTC signalling, Internet of Things communication.</p>
|
||||
|
||||
<p>Thanks,</p>
|
||||
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
</td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
@@ -9,7 +9,7 @@ Content-Disposition: inline
|
||||
|
||||
Hi,
|
||||
|
||||
%SENDER_NAME_OR_ID% has invited you into a room [%ROOM_NAME_OR_ID%] on Matrix.
|
||||
%SENDER_NAME_OR_ID% has invited you to the Matrix room [%ROOM_NAME_OR_ID%].
|
||||
|
||||
Thanks,
|
||||
|
||||
@@ -28,26 +28,26 @@ Content-Disposition: inline
|
||||
<html lang="en">
|
||||
<head>
|
||||
<style type="text/css">
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
@@ -55,13 +55,13 @@ pre, code {
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td id="inner">
|
||||
<p>Hi,</p>
|
||||
<p>Hi,</p>
|
||||
|
||||
<p>%SENDER_NAME_OR_ID% has invited you into a room [%ROOM_NAME_OR_ID%] on Matrix.</p>
|
||||
<p>%SENDER_NAME_OR_ID% has invited you to the Matrix room [%ROOM_NAME_OR_ID%].</p>
|
||||
|
||||
<p>Thanks,</p>
|
||||
<p>Thanks,</p>
|
||||
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
</td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
@@ -61,26 +61,26 @@ Content-Disposition: inline
|
||||
<html lang="en">
|
||||
<head>
|
||||
<style type="text/css">
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
@@ -88,42 +88,42 @@ pre, code {
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td id="inner">
|
||||
<p>Hi,</p>
|
||||
<p>Hi,</p>
|
||||
|
||||
<p><b>THIS IS IMPORTANT, PLEASE READ CAREFULLY</b>.<br/>
|
||||
If you are the system administrator of the Matrix installation, read the second section.</p>
|
||||
<p><b>THIS IS IMPORTANT, PLEASE READ CAREFULLY</b>.<br/>
|
||||
If you are the system administrator of the Matrix installation, read the second section.</p>
|
||||
|
||||
<p>This is a notification email that a possibly unauthorized entity has attempted to alter your
|
||||
3PIDs (email, phone numbers, etc.) settings. The request was denied and no change has been made.</p>
|
||||
<p>This is a notification email that a possibly unauthorized entity has attempted to alter your
|
||||
3PIDs (email, phone numbers, etc.) settings. The request was denied and no change has been made.</p>
|
||||
|
||||
<p>This is so you are aware of a possible failure in case you just tried to remove a 3PID from your account.</p>
|
||||
<p>This is so you are aware of a possible failure in case you just tried to remove a 3PID from your account.</p>
|
||||
|
||||
<p>If you do not understand this email, please forward it to your System administrator.</p>
|
||||
<p>If you do not understand this email, please forward it to your System administrator.</p>
|
||||
|
||||
<hr>
|
||||
<hr>
|
||||
|
||||
<p>As the system administrator:</p>
|
||||
<p>As the system administrator:</p>
|
||||
|
||||
<p>If you are using synapse as a Homeserver, this is a known issue related to <a href="https://github.com/matrix-org/matrix-doc/issues/1194">MSC1194</a>
|
||||
and abuse of separation of concerns. As a privacy-centric product and to protect your privacy, the request was actively
|
||||
blocked. We have written a more detailed explanation on our <a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy">Privacy wiki page</a>
|
||||
(<a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy">Direct link to section</a>)
|
||||
so you can fully grasp the impact for you and your users.</p>
|
||||
<p>If you are using synapse as a Homeserver, this is a known issue related to <a href="https://github.com/matrix-org/matrix-doc/issues/1194">MSC1194</a>
|
||||
and abuse of separation of concerns. As a privacy-centric product and to protect your privacy, the request was actively
|
||||
blocked. We have written a more detailed explanation on our <a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy">Privacy wiki page</a>
|
||||
(<a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy">Direct link to section</a>)
|
||||
so you can fully grasp the impact for you and your users.</p>
|
||||
|
||||
<p>We have open an issue on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
|
||||
appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.<br/>
|
||||
Issue: <a href="https://github.com/matrix-org/synapse/issues/4540">https://github.com/matrix-org/synapse/issues/4540</a></p>
|
||||
<p>We have open an issue on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
|
||||
appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.<br/>
|
||||
Issue: <a href="https://github.com/matrix-org/synapse/issues/4540">https://github.com/matrix-org/synapse/issues/4540</a></p>
|
||||
|
||||
<p>If you are using another Homeserver or this came following no action from your own users, then you have been the target
|
||||
of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
|
||||
the attack and take relevant actions following your policy.</p>
|
||||
<p>If you are using another Homeserver or this came following no action from your own users, then you have been the target
|
||||
of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
|
||||
the attack and take relevant actions following your policy.</p>
|
||||
|
||||
<p>If you would like to disable these notifications, please see the
|
||||
<a href="https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration">3PID sessions configuration documentation.</a></p>
|
||||
<p>If you would like to disable these notifications, please see the
|
||||
<a href="https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration">3PID sessions configuration documentation.</a></p>
|
||||
|
||||
<p>Thanks,</p>
|
||||
<p>Thanks,</p>
|
||||
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
<p>%DOMAIN_PRETTY% Admins</p>
|
||||
</td>
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
@@ -33,30 +33,30 @@ Content-Disposition: inline
|
||||
<html lang="en">
|
||||
<head>
|
||||
<style type="text/css">
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
body {
|
||||
margin: 0px;
|
||||
}
|
||||
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
pre, code {
|
||||
word-break: break-word;
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
#page {
|
||||
font-family: 'Open Sans', Helvetica, Arial, Sans-Serif;
|
||||
font-color: #454545;
|
||||
font-size: 12pt;
|
||||
width: 100%%;
|
||||
padding: 20px;
|
||||
}
|
||||
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
#inner {
|
||||
width: 640px;
|
||||
}
|
||||
|
||||
.notif_link a, .footer a {
|
||||
color: #76CFA6 ! important;
|
||||
}
|
||||
.notif_link a, .footer a {
|
||||
color: #76CFA6 ! important;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -33,11 +33,7 @@ public class MxisdDefaultTest {
|
||||
|
||||
@Test
|
||||
public void defaultConfig() {
|
||||
MxisdConfig cfg = new MxisdConfig();
|
||||
cfg.getMatrix().setDomain(domain);
|
||||
cfg.getKey().setPath(":memory:");
|
||||
cfg.getStorage().getProvider().getSqlite().setDatabase(":memory:");
|
||||
|
||||
MxisdConfig cfg = MxisdConfig.forDomain(domain).inMemory();
|
||||
Mxisd m = new Mxisd(cfg);
|
||||
m.start();
|
||||
|
||||
|
||||
@@ -41,10 +41,7 @@ public class MxisdTest {
|
||||
|
||||
@Before
|
||||
public void before() {
|
||||
MxisdConfig cfg = new MxisdConfig();
|
||||
cfg.getMatrix().setDomain("localhost");
|
||||
cfg.getKey().setPath(":memory:");
|
||||
cfg.getStorage().getProvider().getSqlite().setDatabase(":memory:");
|
||||
MxisdConfig cfg = MxisdConfig.forDomain("localhost").inMemory();
|
||||
|
||||
MemoryThreePid mem3pid = new MemoryThreePid();
|
||||
mem3pid.setMedium("email");
|
||||
|
||||
77
src/test/java/io/kamax/mxisd/test/auth/AuthManagerTest.java
Normal file
77
src/test/java/io/kamax/mxisd/test/auth/AuthManagerTest.java
Normal file
@@ -0,0 +1,77 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2019 Kamax Sarl
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.test.auth;
|
||||
|
||||
import io.kamax.mxisd.Mxisd;
|
||||
import io.kamax.mxisd.auth.AuthManager;
|
||||
import io.kamax.mxisd.auth.UserAuthResult;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.config.memory.MemoryIdentityConfig;
|
||||
import io.kamax.mxisd.config.memory.MemoryThreePid;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
public class AuthManagerTest {
|
||||
|
||||
private static AuthManager mgr;
|
||||
|
||||
// FIXME we should be able to easily build the class ourselves
|
||||
// FIXME use constants
|
||||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
MxisdConfig cfg = new MxisdConfig();
|
||||
cfg.getMatrix().setDomain("localhost");
|
||||
cfg.getKey().setPath(":memory:");
|
||||
cfg.getStorage().getProvider().getSqlite().setDatabase(":memory:");
|
||||
|
||||
MemoryThreePid mem3pid = new MemoryThreePid();
|
||||
mem3pid.setMedium("email");
|
||||
mem3pid.setAddress("john@localhost");
|
||||
MemoryIdentityConfig validCfg = new MemoryIdentityConfig();
|
||||
validCfg.setUsername("john");
|
||||
validCfg.setPassword("doe");
|
||||
validCfg.getThreepids().add(mem3pid);
|
||||
MemoryIdentityConfig illegalUser = new MemoryIdentityConfig();
|
||||
illegalUser.setUsername("JANE");
|
||||
illegalUser.setPassword("doe");
|
||||
cfg.getMemory().setEnabled(true);
|
||||
cfg.getMemory().getIdentities().add(validCfg);
|
||||
cfg.getMemory().getIdentities().add(illegalUser);
|
||||
|
||||
Mxisd m = new Mxisd(cfg);
|
||||
m.start();
|
||||
mgr = m.getAuth();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void basic() {
|
||||
UserAuthResult result = mgr.authenticate("@john:localhost", "doe");
|
||||
assertTrue(result.isSuccess());
|
||||
|
||||
// For backward-compatibility as per instructed by the spec, we do not fail on an illegal username
|
||||
// This makes sure we don't break it
|
||||
result = mgr.authenticate("@JANE:localhost", "doe");
|
||||
assertTrue(result.isSuccess());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -21,8 +21,10 @@
|
||||
package io.kamax.mxisd.test.crypto;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import io.kamax.matrix.event.EventKey;
|
||||
import io.kamax.matrix.json.GsonUtil;
|
||||
import io.kamax.matrix.json.MatrixJson;
|
||||
import io.kamax.mxisd.config.MxisdConfig;
|
||||
import io.kamax.mxisd.crypto.Signature;
|
||||
import io.kamax.mxisd.crypto.SignatureManager;
|
||||
import io.kamax.mxisd.crypto.ed25519.Ed25519Key;
|
||||
@@ -36,10 +38,14 @@ import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.core.Is.is;
|
||||
import static org.hamcrest.core.IsEqual.equalTo;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
public class SignatureManagerTest {
|
||||
|
||||
private static final String lookupData = "{\n" + " \"not_before\": 0,\n" + " \"address\": \"mxisd-federation-test@kamax.io\",\n"
|
||||
+ " \"medium\": \"email\",\n" + " \"mxid\": \"@mxisd-lookup-test:kamax.io\",\n"
|
||||
+ " \"not_after\": 253402300799000,\n" + " \"ts\": 1523482030147\n" + "}";
|
||||
private static SignatureManager signMgr;
|
||||
|
||||
private static SignatureManager build(String keySeed) {
|
||||
@@ -47,7 +53,7 @@ public class SignatureManagerTest {
|
||||
KeyStore store = new MemoryKeyStore();
|
||||
store.add(key);
|
||||
|
||||
return new Ed25519SignatureManager(new Ed25519KeyManager(store));
|
||||
return new Ed25519SignatureManager(MxisdConfig.forDomain("localhost").inMemory().build(), new Ed25519KeyManager(store));
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
@@ -98,12 +104,19 @@ public class SignatureManagerTest {
|
||||
|
||||
@Test
|
||||
public void onIdentityLookup() {
|
||||
String value = MatrixJson.encodeCanonical("{\n" + " \"address\": \"mxisd-federation-test@kamax.io\",\n"
|
||||
+ " \"medium\": \"email\",\n" + " \"mxid\": \"@mxisd-lookup-test:kamax.io\",\n"
|
||||
+ " \"not_after\": 253402300799000,\n" + " \"not_before\": 0,\n" + " \"ts\": 1523482030147\n" + "}");
|
||||
|
||||
String value = MatrixJson.encodeCanonical(lookupData);
|
||||
String sign = "ObKA4PNQh2g6c7Yo2QcTcuDgIwhknG7ZfqmNYzbhrbLBOqZomU22xX9raufN2Y3ke1FXsDqsGs7WBDodmzZJCg";
|
||||
testSign(value, sign);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onIdentityLookupFull() {
|
||||
JsonObject data = GsonUtil.parseObj(lookupData);
|
||||
signMgr.signMessageGson("localhost", data);
|
||||
JsonObject signatures = EventKey.Signatures.getObj(data);
|
||||
JsonObject domainSign = GsonUtil.getObj(signatures, "localhost");
|
||||
String sign = GsonUtil.getStringOrThrow(domainSign, "ed25519:0");
|
||||
assertEquals(sign, "ObKA4PNQh2g6c7Yo2QcTcuDgIwhknG7ZfqmNYzbhrbLBOqZomU22xX9raufN2Y3ke1FXsDqsGs7WBDodmzZJCg");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
/*
|
||||
* mxisd - Matrix Identity Server Daemon
|
||||
* Copyright (C) 2019 Kamax Sarl
|
||||
*
|
||||
* https://www.kamax.io/
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package io.kamax.mxisd.test.util;
|
||||
|
||||
import io.kamax.mxisd.util.RestClientUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
public class RestClientUtilsTest {
|
||||
|
||||
@Test
|
||||
public void urlEncode() {
|
||||
String encoded = RestClientUtils.urlEncode("john+doe@example.org");
|
||||
assertEquals("john%2Bdoe%40example.org", encoded);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user