From ddcd423e6fbbee901473f63e75fce644d9a52c2e Mon Sep 17 00:00:00 2001
From: timokoesters <timo@koesters.xyz>
Date: Mon, 6 Apr 2020 22:57:58 +0200
Subject: [PATCH] feat: random tokens, sessions, guest usernames and device ids

---
 Cargo.lock   |  3 ++-
 Cargo.toml   |  1 +
 src/main.rs  | 39 +++++++++++++++++++++++++++------------
 src/utils.rs |  8 ++++++++
 4 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2978456..cd519ba 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -607,6 +607,7 @@ dependencies = [
  "js_int",
  "log",
  "pretty_env_logger",
+ "rand",
  "rocket",
  "ruma-api",
  "ruma-client-api",
@@ -1051,7 +1052,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.7.2"
-source = "git+https://github.com/ruma/ruma-client-api.git#fe92c2940a2db80509e9a9f162c0f68f3ec3d0a4"
+source = "git+https://github.com/ruma/ruma-client-api.git#dc582758e4f846b3751d84d21eb321e8eb4faf51"
 dependencies = [
  "http",
  "js_int",
diff --git a/Cargo.toml b/Cargo.toml
index 631e6ee..7fda8ee 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,3 +23,4 @@ ruma-signatures = { git = "https://github.com/ruma/ruma-signatures.git" }
 ruma-federation-api = "0.0.1"
 serde = "1.0.106"
 tokio = "0.2.16"
+rand = "0.7.3"
diff --git a/src/main.rs b/src/main.rs
index 2d87943..6b97534 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -19,7 +19,7 @@ use ruma_client_api::{
         membership::join_room_by_id,
         message::create_message_event,
         room::create_room,
-        session::login,
+        session::{get_login_types, login},
         state::{create_state_event_for_empty_key, create_state_event_for_key},
         sync::sync_events,
     },
@@ -31,6 +31,11 @@ use ruma_wrapper::{MatrixResult, Ruma};
 use serde_json::json;
 use std::{collections::HashMap, convert::TryInto, path::PathBuf};
 
+const DEVICE_ID_LENGTH: usize = 16;
+const SESSION_ID_LENGTH: usize = 16;
+const TOKEN_LENGTH: usize = 16;
+const GUEST_NAME_LENGTH: usize = 16;
+
 #[get("/_matrix/client/versions")]
 fn get_supported_versions_route() -> MatrixResult<get_supported_versions::Response> {
     MatrixResult(Ok(get_supported_versions::Response {
@@ -47,14 +52,14 @@ fn register_route(
     if body.auth.is_none() {
         return MatrixResult(Err(Error {
             kind: ErrorKind::InvalidUsername,
-            message: serde_json::to_string(&json!({
+            message: json!({
                 "flows": [
                     { "stages": [ "m.login.dummy" ] },
                 ],
                 "params": {},
-                "session": "TODO:randomsessionid",
-            }))
-            .unwrap(),
+                "session": utils::random_string(SESSION_ID_LENGTH),
+            })
+            .to_string(),
             status_code: http::StatusCode::UNAUTHORIZED,
         }));
     }
@@ -62,7 +67,9 @@ fn register_route(
     // Validate user id
     let user_id: UserId = match (*format!(
         "@{}:{}",
-        body.username.clone().unwrap_or("randomname".to_owned()),
+        body.username
+            .clone()
+            .unwrap_or_else(|| utils::random_string(GUEST_NAME_LENGTH)),
         data.hostname()
     ))
     .try_into()
@@ -95,13 +102,13 @@ fn register_route(
     let device_id = body
         .device_id
         .clone()
-        .unwrap_or_else(|| "TODO:randomdeviceid".to_owned());
+        .unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH));
 
     // Add device
     data.device_add(&user_id, &device_id);
 
     // Generate new token for the device
-    let token = "TODO:randomtoken".to_owned();
+    let token = utils::random_string(TOKEN_LENGTH);
     data.token_replace(&user_id, &device_id, token.clone());
 
     MatrixResult(Ok(register::Response {
@@ -112,6 +119,13 @@ fn register_route(
     }))
 }
 
+#[get("/_matrix/client/r0/login", data = "<_body>")]
+fn get_login_route(_body: Ruma<login::Request>) -> MatrixResult<get_login_types::Response> {
+    MatrixResult(Ok(get_login_types::Response {
+        flows: vec![get_login_types::LoginType::Password],
+    }))
+}
+
 #[post("/_matrix/client/r0/login", data = "<body>")]
 fn login_route(data: State<Data>, body: Ruma<login::Request>) -> MatrixResult<login::Response> {
     // Validate login method
@@ -167,22 +181,22 @@ fn login_route(data: State<Data>, body: Ruma<login::Request>) -> MatrixResult<lo
     let device_id = body
         .device_id
         .clone()
-        .unwrap_or("TODO:randomdeviceid".to_owned());
+        .unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH));
 
     // Add device
     data.device_add(&user_id, &device_id);
 
     // Generate a new token for the device
-    let token = "TODO:randomtoken".to_owned();
+    let token = utils::random_string(TOKEN_LENGTH);
     data.token_replace(&user_id, &device_id, token.clone());
 
-    return MatrixResult(Ok(login::Response {
+    MatrixResult(Ok(login::Response {
         user_id,
         access_token: token,
         home_server: Some(data.hostname().to_owned()),
         device_id,
         well_known: None,
-    }));
+    }))
 }
 
 #[post("/_matrix/client/r0/createRoom", data = "<body>")]
@@ -388,6 +402,7 @@ fn main() {
             routes![
                 get_supported_versions_route,
                 register_route,
+                get_login_route,
                 login_route,
                 create_room_route,
                 get_alias_route,
diff --git a/src/utils.rs b/src/utils.rs
index 19f3f02..b32b0f6 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -1,3 +1,4 @@
+use rand::prelude::*;
 use std::{
     convert::TryInto,
     time::{SystemTime, UNIX_EPOCH},
@@ -32,3 +33,10 @@ pub fn u64_from_bytes(bytes: &[u8]) -> u64 {
 pub fn string_from_bytes(bytes: &[u8]) -> String {
     String::from_utf8(bytes.to_vec()).expect("bytes are valid utf8")
 }
+
+pub fn random_string(length: usize) -> String {
+    thread_rng()
+        .sample_iter(&rand::distributions::Alphanumeric)
+        .take(length)
+        .collect()
+}