Support for m.login.token (#2014)

* Add GOPATH to PATH in find-lint.sh. The user doesn't necessarily have it in PATH. * Refactor LoginTypePassword and Type to support m.login.token and m.login.sso. For login token: * m.login.token will require deleting the token after completeAuth has generated an access token, so a cleanup function is returned by Type.Login. * Allowing different login types will require parsing the /login body twice: first to extract the "type" and then the type-specific parsing. Thus, we will have to buffer the request JSON in /login, like UserInteractive already does. For SSO: * NewUserInteractive will have to also use GetAccountByLocalpart. It makes more sense to just pass a (narrowed-down) accountDB interface to it than adding more function pointers. Code quality: * Passing around (and down-casting) interface{} for login request types has drawbacks in terms of type-safety, and no inherent benefits. We always decode JSON anyway. Hence renaming to Type.LoginFromJSON. Code that directly uses LoginTypePassword with parsed data can still use Login. * Removed a TODO for SSO. This is already tracked in #1297. * httputil.UnmarshalJSON is useful because it returns a JSONResponse. This change is intended to have no functional changes. * Support login tokens in User API. This adds full lifecycle functions for login tokens: create, query, delete. * Support m.login.token in /login. * Fixes for PR review. * Set @matrix-org/dendrite-core as repository code owner * Return event NID from `StoreEvent`, match PSQL vs SQLite behaviour, tweak backfill persistence (#2071) Co-authored-by: kegsay <kegan@matrix.org> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2025-09-15 05:32:25 +03:00 · 2022-02-10 11:27:26 +01:00 · 2022-02-10 11:27:26 +01:00 · c36e4546c3
commit c36e4546c3
parent 432c35a307
28 changed files with 1244 additions and 80 deletions
--- a/clientapi/auth/login.go
+++ b/clientapi/auth/login.go
@ -0,0 +1,83 @@
+// Copyright 2021 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
+	"github.com/matrix-org/dendrite/clientapi/jsonerror"
+	"github.com/matrix-org/dendrite/setup/config"
+	uapi "github.com/matrix-org/dendrite/userapi/api"
+	"github.com/matrix-org/util"
+)
+
+// LoginFromJSONReader performs authentication given a login request body reader and
+// some context. It returns the basic login information and a cleanup function to be
+// called after authorization has completed, with the result of the authorization.
+// If the final return value is non-nil, an error occurred and the cleanup function
+// is nil.
+func LoginFromJSONReader(ctx context.Context, r io.Reader, accountDB AccountDatabase, userAPI UserInternalAPIForLogin, cfg *config.ClientAPI) (*Login, LoginCleanupFunc, *util.JSONResponse) {
+	reqBytes, err := ioutil.ReadAll(r)
+	if err != nil {
+		err := &util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Reading request body failed: " + err.Error()),
+		}
+		return nil, nil, err
+	}
+
+	var header struct {
+		Type string `json:"type"`
+	}
+	if err := json.Unmarshal(reqBytes, &header); err != nil {
+		err := &util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Reading request body failed: " + err.Error()),
+		}
+		return nil, nil, err
+	}
+
+	var typ Type
+	switch header.Type {
+	case authtypes.LoginTypePassword:
+		typ = &LoginTypePassword{
+			GetAccountByPassword: accountDB.GetAccountByPassword,
+			Config:               cfg,
+		}
+	case authtypes.LoginTypeToken:
+		typ = &LoginTypeToken{
+			UserAPI: userAPI,
+			Config:  cfg,
+		}
+	default:
+		err := util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.InvalidArgumentValue("unhandled login type: " + header.Type),
+		}
+		return nil, nil, &err
+	}
+
+	return typ.LoginFromJSON(ctx, reqBytes)
+}
+
+// UserInternalAPIForLogin contains the aspects of UserAPI required for logging in.
+type UserInternalAPIForLogin interface {
+	uapi.LoginTokenInternalAPI
+}