dendrite/clientapi/threepid/threepid.go

// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package threepid

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"strconv"
	"strings"

	"github.com/matrix-org/dendrite/setup/config"
)

// EmailAssociationRequest represents the request defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-register-email-requesttoken
type EmailAssociationRequest struct {
	IDServer    string `json:"id_server"`
	Secret      string `json:"client_secret"`
	Email       string `json:"email"`
	SendAttempt int    `json:"send_attempt"`
}

// EmailAssociationCheckRequest represents the request defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-account-3pid
type EmailAssociationCheckRequest struct {
	Creds Credentials `json:"threePidCreds"`
	Bind  bool        `json:"bind"`
}

// Credentials represents the "ThreePidCredentials" structure defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-account-3pid
type Credentials struct {
	SID      string `json:"sid"`
	IDServer string `json:"id_server"`
	Secret   string `json:"client_secret"`
}

// CreateSession creates a session on an identity server.
// Returns the session's ID.
// Returns an error if there was a problem sending the request or decoding the
// response, or if the identity server responded with a non-OK status.
func CreateSession(
	ctx context.Context, req EmailAssociationRequest, cfg *config.ClientAPI,
) (string, error) {
	if err := isTrusted(req.IDServer, cfg); err != nil {
		return "", err
	}

	// Create a session on the ID server
	postURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/validate/email/requestToken", req.IDServer)

	data := url.Values{}
	data.Add("client_secret", req.Secret)
	data.Add("email", req.Email)
	data.Add("send_attempt", strconv.Itoa(req.SendAttempt))

	request, err := http.NewRequest(http.MethodPost, postURL, strings.NewReader(data.Encode()))
	if err != nil {
		return "", err
	}
	request.Header.Add("Content-Type", "application/x-www-form-urlencoded")

	client := http.Client{}
	resp, err := client.Do(request.WithContext(ctx))
	if err != nil {
		return "", err
	}

	// Error if the status isn't OK
	if resp.StatusCode != http.StatusOK {
		return "", fmt.Errorf("Could not create a session on the server %s", req.IDServer)
	}

	// Extract the SID from the response and return it
	var sid struct {
		SID string `json:"sid"`
	}
	err = json.NewDecoder(resp.Body).Decode(&sid)

	return sid.SID, err
}

// CheckAssociation checks the status of an ongoing association validation on an
// identity server.
// Returns a boolean set to true if the association has been validated, false if not.
// If the association has been validated, also returns the related third-party
// identifier and its medium.
// Returns an error if there was a problem sending the request or decoding the
// response, or if the identity server responded with a non-OK status.
func CheckAssociation(
	ctx context.Context, creds Credentials, cfg *config.ClientAPI,
) (bool, string, string, error) {
	if err := isTrusted(creds.IDServer, cfg); err != nil {
		return false, "", "", err
	}

	requestURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/3pid/getValidated3pid?sid=%s&client_secret=%s", creds.IDServer, creds.SID, creds.Secret)
	req, err := http.NewRequest(http.MethodGet, requestURL, nil)
	if err != nil {
		return false, "", "", err
	}
	resp, err := http.DefaultClient.Do(req.WithContext(ctx))
	if err != nil {
		return false, "", "", err
	}

	var respBody struct {
		Medium      string `json:"medium"`
		ValidatedAt int64  `json:"validated_at"`
		Address     string `json:"address"`
		ErrCode     string `json:"errcode"`
		Error       string `json:"error"`
	}

	if err = json.NewDecoder(resp.Body).Decode(&respBody); err != nil {
		return false, "", "", err
	}

	if respBody.ErrCode == "M_SESSION_NOT_VALIDATED" {
		return false, "", "", nil
	} else if len(respBody.ErrCode) > 0 {
		return false, "", "", errors.New(respBody.Error)
	}

	return true, respBody.Address, respBody.Medium, nil
}

// PublishAssociation publishes a validated association between a third-party
// identifier and a Matrix ID.
// Returns an error if there was a problem sending the request or decoding the
// response, or if the identity server responded with a non-OK status.
func PublishAssociation(creds Credentials, userID string, cfg *config.ClientAPI) error {
	if err := isTrusted(creds.IDServer, cfg); err != nil {
		return err
	}

	postURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/3pid/bind", creds.IDServer)

	data := url.Values{}
	data.Add("sid", creds.SID)
	data.Add("client_secret", creds.Secret)
	data.Add("mxid", userID)

	request, err := http.NewRequest(http.MethodPost, postURL, strings.NewReader(data.Encode()))
	if err != nil {
		return err
	}
	request.Header.Add("Content-Type", "application/x-www-form-urlencoded")

	client := http.Client{}
	resp, err := client.Do(request)
	if err != nil {
		return err
	}

	// Error if the status isn't OK
	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("Could not publish the association on the server %s", creds.IDServer)
	}

	return nil
}

// isTrusted checks if a given identity server is part of the list of trusted
// identity servers in the configuration file.
// Returns an error if the server isn't trusted.
func isTrusted(idServer string, cfg *config.ClientAPI) error {
	for _, server := range cfg.Matrix.TrustedIDServers {
		if idServer == server {
			return nil
		}
	}
	return ErrNotTrusted
}
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`// Copyright 2017 Vector Creations Ltd`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package threepid`

			`import (`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`"context"`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"strconv"`
			`"strings"`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00
Top-level setup package (#1605) * Move config, setup, mscs into "setup" top-level folder * oops, forgot the EDU server * Add setup * goimports 2020-12-02 17:41:00 +00:00			`"github.com/matrix-org/dendrite/setup/config"`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`)`

			`// EmailAssociationRequest represents the request defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-register-email-requesttoken`
			`type EmailAssociationRequest struct {`
			IDServer string `json:"id_server"`
			Secret string `json:"client_secret"`
			Email string `json:"email"`
			SendAttempt int `json:"send_attempt"`
			`}`

			`// EmailAssociationCheckRequest represents the request defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-account-3pid`
			`type EmailAssociationCheckRequest struct {`
			Creds Credentials `json:"threePidCreds"`
			Bind bool `json:"bind"`
			`}`

			`// Credentials represents the "ThreePidCredentials" structure defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-account-3pid`
			`type Credentials struct {`
			SID string `json:"sid"`
			IDServer string `json:"id_server"`
			Secret string `json:"client_secret"`
			`}`

			`// CreateSession creates a session on an identity server.`
			`// Returns the session's ID.`
			`// Returns an error if there was a problem sending the request or decoding the`
			`// response, or if the identity server responded with a non-OK status.`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`func CreateSession(`
Configuration format v1 (#1230) * Initial pass at refactoring config (not finished) * Don't forget current state and EDU servers * More shifting around * Update server key API tests * Fix roomserver test * Fix more tests * Further tweaks * Fix current state server test (sort of) * Maybe fix appservices * Fix client API test * Include database connection string in database options * Fix sync API build * Update config test * Fix unit tests * Fix federation sender build * Fix gobind build * Set Listen address for all services in HTTP monolith mode * Validate config, reinstate appservice derived in directory, tweaks * Tweak federation API test * Set MaxOpenConnections/MaxIdleConnections to previous values * Update generate-config 2020-08-10 13:18:04 +00:00			`ctx context.Context, req EmailAssociationRequest, cfg *config.ClientAPI,`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`) (string, error) {`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00			`if err := isTrusted(req.IDServer, cfg); err != nil {`
			`return "", err`
			`}`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00
			`// Create a session on the ID server`
			`postURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/validate/email/requestToken", req.IDServer)`

			`data := url.Values{}`
			`data.Add("client_secret", req.Secret)`
			`data.Add("email", req.Email)`
			`data.Add("send_attempt", strconv.Itoa(req.SendAttempt))`

Use http.Status* and http.Method* where appropriate (#417) Signed-off-by: Scott Raine <me@nylar.io> 2018-03-13 15:55:45 +00:00			`request, err := http.NewRequest(http.MethodPost, postURL, strings.NewReader(data.Encode()))`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`if err != nil {`
			`return "", err`
			`}`
			`request.Header.Add("Content-Type", "application/x-www-form-urlencoded")`

			`client := http.Client{}`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`resp, err := client.Do(request.WithContext(ctx))`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`if err != nil {`
			`return "", err`
			`}`

			`// Error if the status isn't OK`
			`if resp.StatusCode != http.StatusOK {`
			`return "", fmt.Errorf("Could not create a session on the server %s", req.IDServer)`
			`}`

			`// Extract the SID from the response and return it`
			`var sid struct {`
			SID string `json:"sid"`
			`}`
			`err = json.NewDecoder(resp.Body).Decode(&sid)`

			`return sid.SID, err`
			`}`

			`// CheckAssociation checks the status of an ongoing association validation on an`
			`// identity server.`
			`// Returns a boolean set to true if the association has been validated, false if not.`
			`// If the association has been validated, also returns the related third-party`
			`// identifier and its medium.`
			`// Returns an error if there was a problem sending the request or decoding the`
			`// response, or if the identity server responded with a non-OK status.`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`func CheckAssociation(`
Configuration format v1 (#1230) * Initial pass at refactoring config (not finished) * Don't forget current state and EDU servers * More shifting around * Update server key API tests * Fix roomserver test * Fix more tests * Further tweaks * Fix current state server test (sort of) * Maybe fix appservices * Fix client API test * Include database connection string in database options * Fix sync API build * Update config test * Fix unit tests * Fix federation sender build * Fix gobind build * Set Listen address for all services in HTTP monolith mode * Validate config, reinstate appservice derived in directory, tweaks * Tweak federation API test * Set MaxOpenConnections/MaxIdleConnections to previous values * Update generate-config 2020-08-10 13:18:04 +00:00			`ctx context.Context, creds Credentials, cfg *config.ClientAPI,`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`) (bool, string, string, error) {`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00			`if err := isTrusted(creds.IDServer, cfg); err != nil {`
			`return false, "", "", err`
			`}`

fix probable bugs, package names and keywords used as identifiers (#428) Signed-off-by: MohitKS5 <mohitkumarsingh907@gmail.com> 2018-04-20 14:50:44 +00:00			`requestURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/3pid/getValidated3pid?sid=%s&client_secret=%s", creds.IDServer, creds.SID, creds.Secret)`
			`req, err := http.NewRequest(http.MethodGet, requestURL, nil)`
Add context to the account database (#232) 2017-09-18 13:15:27 +00:00			`if err != nil {`
			`return false, "", "", err`
			`}`
			`resp, err := http.DefaultClient.Do(req.WithContext(ctx))`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`if err != nil {`
			`return false, "", "", err`
			`}`

			`var respBody struct {`
			Medium string `json:"medium"`
			ValidatedAt int64 `json:"validated_at"`
			Address string `json:"address"`
			ErrCode string `json:"errcode"`
			Error string `json:"error"`
			`}`

			`if err = json.NewDecoder(resp.Body).Decode(&respBody); err != nil {`
			`return false, "", "", err`
			`}`

			`if respBody.ErrCode == "M_SESSION_NOT_VALIDATED" {`
			`return false, "", "", nil`
			`} else if len(respBody.ErrCode) > 0 {`
			`return false, "", "", errors.New(respBody.Error)`
			`}`

			`return true, respBody.Address, respBody.Medium, nil`
			`}`

			`// PublishAssociation publishes a validated association between a third-party`
			`// identifier and a Matrix ID.`
			`// Returns an error if there was a problem sending the request or decoding the`
			`// response, or if the identity server responded with a non-OK status.`
Configuration format v1 (#1230) * Initial pass at refactoring config (not finished) * Don't forget current state and EDU servers * More shifting around * Update server key API tests * Fix roomserver test * Fix more tests * Further tweaks * Fix current state server test (sort of) * Maybe fix appservices * Fix client API test * Include database connection string in database options * Fix sync API build * Update config test * Fix unit tests * Fix federation sender build * Fix gobind build * Set Listen address for all services in HTTP monolith mode * Validate config, reinstate appservice derived in directory, tweaks * Tweak federation API test * Set MaxOpenConnections/MaxIdleConnections to previous values * Update generate-config 2020-08-10 13:18:04 +00:00			`func PublishAssociation(creds Credentials, userID string, cfg *config.ClientAPI) error {`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00			`if err := isTrusted(creds.IDServer, cfg); err != nil {`
			`return err`
			`}`

Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`postURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/3pid/bind", creds.IDServer)`

			`data := url.Values{}`
			`data.Add("sid", creds.SID)`
			`data.Add("client_secret", creds.Secret)`
			`data.Add("mxid", userID)`

Use http.Status* and http.Method* where appropriate (#417) Signed-off-by: Scott Raine <me@nylar.io> 2018-03-13 15:55:45 +00:00			`request, err := http.NewRequest(http.MethodPost, postURL, strings.NewReader(data.Encode()))`
Implement client API routes for 3PID handling (#205) * Create package for handling 3pid processes and move invite processing there * Add database table and functions for tracking 3PIDs * Add structures and functions to interact with an ID server * Add handlers for 3PIDs management * Fix 3PIDs retrieval sending null if no 3PID known for a user * Include medium in database requests and function calls * Publish an association if it has been validated and requested * Add TODO markers for tursted ID server check * Use a structure instead of a map to represent a 3PID 2017-09-01 09:13:10 +00:00			`if err != nil {`
			`return err`
			`}`
			`request.Header.Add("Content-Type", "application/x-www-form-urlencoded")`

			`client := http.Client{}`
			`resp, err := client.Do(request)`
			`if err != nil {`
			`return err`
			`}`

			`// Error if the status isn't OK`
			`if resp.StatusCode != http.StatusOK {`
			`return fmt.Errorf("Could not publish the association on the server %s", creds.IDServer)`
			`}`

			`return nil`
			`}`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00
			`// isTrusted checks if a given identity server is part of the list of trusted`
			`// identity servers in the configuration file.`
			`// Returns an error if the server isn't trusted.`
Configuration format v1 (#1230) * Initial pass at refactoring config (not finished) * Don't forget current state and EDU servers * More shifting around * Update server key API tests * Fix roomserver test * Fix more tests * Further tweaks * Fix current state server test (sort of) * Maybe fix appservices * Fix client API test * Include database connection string in database options * Fix sync API build * Update config test * Fix unit tests * Fix federation sender build * Fix gobind build * Set Listen address for all services in HTTP monolith mode * Validate config, reinstate appservice derived in directory, tweaks * Tweak federation API test * Set MaxOpenConnections/MaxIdleConnections to previous values * Update generate-config 2020-08-10 13:18:04 +00:00			`func isTrusted(idServer string, cfg *config.ClientAPI) error {`
Add config and checks for trusted ID servers (#206) * Add config for trusted ID servers * Add new error * Implement check for trusted ID server * Complete unfinished comment * Make comment more explicit in the config file * Use go standard errors in membership.go * Use standard errors instead of JSON responses in threepid * Doc errors * Remove unused parameter 2017-09-11 18:18:19 +00:00			`for _, server := range cfg.Matrix.TrustedIDServers {`
			`if idServer == server {`
			`return nil`
			`}`
			`}`
			`return ErrNotTrusted`
			`}`