From 2183712e04e2fa08c5477b4f8ec2e96a963cef52 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 29 Aug 2017 15:17:26 +0100 Subject: [PATCH] Process requests for 3PID invites (#201) * Structure for 3PID invite * Generate invite from 3PID known by ID server * Load user profile in a separate function * Generate m.room.third_party_invite if the ID server doesn't know the 3PID * Fix URLs to the spec in comments * Move third-party invites to a separate package and doc' it * Handle non-OK status codes on lookup * Send display name to identity server when asking to store an invite * Remove join response structure * Change the way some variables are declared or passed as argument * Use gomatrixserverlib.Base64String instead of the builtin base64 package * Don't copy the public keys array --- .../thirdpartyinvites/thirdpartyinvites.go | 356 ++++++++++++++++++ .../dendrite/clientapi/writers/membership.go | 63 ++-- .../dendrite/common/eventcontent.go | 14 + 3 files changed, 408 insertions(+), 25 deletions(-) create mode 100644 src/github.com/matrix-org/dendrite/clientapi/thirdpartyinvites/thirdpartyinvites.go diff --git a/src/github.com/matrix-org/dendrite/clientapi/thirdpartyinvites/thirdpartyinvites.go b/src/github.com/matrix-org/dendrite/clientapi/thirdpartyinvites/thirdpartyinvites.go new file mode 100644 index 00000000..c998a652 --- /dev/null +++ b/src/github.com/matrix-org/dendrite/clientapi/thirdpartyinvites/thirdpartyinvites.go @@ -0,0 +1,356 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package thirdpartyinvites + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "github.com/matrix-org/dendrite/clientapi/auth/authtypes" + "github.com/matrix-org/dendrite/clientapi/auth/storage/accounts" + "github.com/matrix-org/dendrite/clientapi/events" + "github.com/matrix-org/dendrite/clientapi/httputil" + "github.com/matrix-org/dendrite/clientapi/jsonerror" + "github.com/matrix-org/dendrite/clientapi/producers" + "github.com/matrix-org/dendrite/common" + "github.com/matrix-org/dendrite/common/config" + "github.com/matrix-org/dendrite/roomserver/api" + "github.com/matrix-org/gomatrixserverlib" + + "github.com/matrix-org/util" +) + +// MembershipRequest represents the body of an incoming POST request +// on /rooms/{roomID}/(join|kick|ban|unban|leave|invite) +type MembershipRequest struct { + UserID string `json:"user_id"` + Reason string `json:"reason"` + IDServer string `json:"id_server"` + Medium string `json:"medium"` + Address string `json:"address"` +} + +// idServerLookupResponse represents the response described at https://matrix.org/docs/spec/client_server/r0.2.0.html#get-matrix-identity-api-v1-lookup +type idServerLookupResponse struct { + TS int64 `json:"ts"` + NotBefore int64 `json:"not_before"` + NotAfter int64 `json:"not_after"` + Medium string `json:"medium"` + Address string `json:"address"` + MXID string `json:"mxid"` + Signatures map[string]map[string]string `json:"signatures"` +} + +// idServerLookupResponse represents the response described at https://matrix.org/docs/spec/client_server/r0.2.0.html#invitation-storage +type idServerStoreInviteResponse struct { + PublicKey string `json:"public_key"` + Token string `json:"token"` + DisplayName string `json:"display_name"` + PublicKeys []common.PublicKey `json:"public_keys"` +} + +// CheckAndProcess analyses the body of an incoming membership request. +// If the fields relative to a third-party-invite are all supplied, lookups the +// matching Matrix ID from the given identity server. If no Matrix ID is +// associated to the given 3PID, asks the identity server to store the invite +// and emit a "m.room.third_party_invite" event. +// Returns a representation of the HTTP response to send to the user. +// Returns a representation of a non-200 HTTP response if something went wrong +// in the process, or if some 3PID fields aren't supplied but others are. +// If none of the 3PID-specific fields are supplied, or if a Matrix ID is +// supplied by the identity server, returns nil to indicate that the request +// must be processed as a non-3PID membership request. In the latter case, +// fills the Matrix ID in the request body so a normal invite membership event +// can be emitted. +func CheckAndProcess( + req *http.Request, device *authtypes.Device, body *MembershipRequest, + cfg config.Dendrite, queryAPI api.RoomserverQueryAPI, db *accounts.Database, + producer *producers.RoomserverProducer, membership string, roomID string, +) *util.JSONResponse { + if membership != "invite" || (body.Address == "" && body.IDServer == "" && body.Medium == "") { + // If none of the 3PID-specific fields are supplied, it's a standard invite + // so return nil for it to be processed as such + return nil + } else if body.Address == "" || body.IDServer == "" || body.Medium == "" { + // If at least one of the 3PID-specific fields is supplied but not all + // of them, return an error + return &util.JSONResponse{ + Code: 400, + JSON: jsonerror.BadJSON("'address', 'id_server' and 'medium' must all be supplied"), + } + } + + lookupRes, storeInviteRes, err := queryIDServer(req, db, cfg, device, body, roomID) + if err != nil { + resErr := httputil.LogThenError(req, err) + return &resErr + } + + if lookupRes.MXID == "" { + // No Matrix ID could be found for this 3PID, meaning that a + // "m.room.third_party_invite" have to be emitted from the data in + // storeInviteRes. + err = emit3PIDInviteEvent(body, storeInviteRes, device, roomID, cfg, queryAPI, producer) + if err == events.ErrRoomNoExists { + return &util.JSONResponse{ + Code: 404, + JSON: jsonerror.NotFound(err.Error()), + } + } else if err != nil { + resErr := httputil.LogThenError(req, err) + return &resErr + } + + // If everything went well, returns with an empty response. + return &util.JSONResponse{ + Code: 200, + JSON: struct{}{}, + } + } + + // A Matrix ID have been found: set it in the body request and let the process + // continue to create a "m.room.member" event with an "invite" membership + body.UserID = lookupRes.MXID + + return nil +} + +// queryIDServer handles all the requests to the identity server, starting by +// looking up the given 3PID on the given identity server. +// If the lookup returned a Matrix ID, checks if the current time is within the +// time frame in which the 3PID-MXID association is known to be valid, and checks +// the response's signatures. If one of the checks fails, returns an error. +// If the lookup didn't return a Matrix ID, asks the identity server to store +// the invite and to respond with a token. +// Returns a representation of the response for both cases. +// Returns an error if a check or a request failed. +func queryIDServer( + req *http.Request, db *accounts.Database, cfg config.Dendrite, + device *authtypes.Device, body *MembershipRequest, roomID string, +) (lookupRes *idServerLookupResponse, storeInviteRes *idServerStoreInviteResponse, err error) { + // Lookup the 3PID + lookupRes, err = queryIDServerLookup(body) + if err != nil { + return + } + + if lookupRes.MXID == "" { + // No Matrix ID matches with the given 3PID, ask the server to store the + // invite and return a token + storeInviteRes, err = queryIDServerStoreInvite(db, cfg, device, body, roomID) + return + } + + // A Matrix ID matches with the given 3PID + // Get timestamp in milliseconds to compare it with the timestamps provided + // by the identity server + now := time.Now().UnixNano() / 1000000 + if lookupRes.NotBefore > now || now > lookupRes.NotAfter { + // If the current timestamp isn't in the time frame in which the association + // is known to be valid, re-run the query + return queryIDServer(req, db, cfg, device, body, roomID) + } + + // Check the request signatures and send an error if one isn't valid + if err = checkIDServerSignatures(body, lookupRes); err != nil { + return + } + + return +} + +// queryIDServerLookup sends a response to the identity server on /_matrix/identity/api/v1/lookup +// and returns the response as a structure. +// Returns an error if the request failed to send or if the response couldn't be parsed. +func queryIDServerLookup(body *MembershipRequest) (*idServerLookupResponse, error) { + address := url.QueryEscape(body.Address) + url := fmt.Sprintf("https://%s/_matrix/identity/api/v1/lookup?medium=%s&address=%s", body.IDServer, body.Medium, address) + resp, err := http.Get(url) + if err != nil { + return nil, err + } + + if resp.StatusCode != http.StatusOK { + // TODO: Log the error supplied with the identity server? + errMgs := fmt.Sprintf("Failed to ask %s to store an invite for %s", body.IDServer, body.Address) + return nil, errors.New(errMgs) + } + + var res idServerLookupResponse + err = json.NewDecoder(resp.Body).Decode(&res) + return &res, err +} + +// queryIDServerStoreInvite sends a response to the identity server on /_matrix/identity/api/v1/store-invite +// and returns the response as a structure. +// Returns an error if the request failed to send or if the response couldn't be parsed. +func queryIDServerStoreInvite( + db *accounts.Database, cfg config.Dendrite, device *authtypes.Device, + body *MembershipRequest, roomID string, +) (*idServerStoreInviteResponse, error) { + // Retrieve the sender's profile to get their display name + localpart, serverName, err := gomatrixserverlib.SplitID('@', device.UserID) + if err != nil { + return nil, err + } + + var profile *authtypes.Profile + if serverName == cfg.Matrix.ServerName { + profile, err = db.GetProfileByLocalpart(localpart) + if err != nil { + return nil, err + } + } else { + profile = &authtypes.Profile{} + } + + client := http.Client{} + + data := url.Values{} + data.Add("medium", body.Medium) + data.Add("address", body.Address) + data.Add("room_id", roomID) + data.Add("sender", device.UserID) + data.Add("sender_display_name", profile.DisplayName) + // TODO: Also send: + // - The room name (room_name) + // - The room's avatar url (room_avatar_url) + // See https://github.com/matrix-org/sydent/blob/master/sydent/http/servlets/store_invite_servlet.py#L82-L91 + // These can be easily retrieved by requesting the public rooms API + // server's database. + + url := fmt.Sprintf("https://%s/_matrix/identity/api/v1/store-invite", body.IDServer) + req, err := http.NewRequest("POST", url, strings.NewReader(data.Encode())) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", "application/x-www-form-urlencoded") + resp, err := client.Do(req) + if err != nil { + return nil, err + } + + if resp.StatusCode != http.StatusOK { + // TODO: Log the error supplied with the identity server? + errMsg := fmt.Sprintf("Identity server %s responded with a %d error code", body.IDServer, resp.StatusCode) + return nil, errors.New(errMsg) + } + + var idResp idServerStoreInviteResponse + err = json.NewDecoder(resp.Body).Decode(&idResp) + return &idResp, err +} + +// queryIDServerPubKey requests a public key identified with a given ID to the +// a given identity server and returns the matching base64-decoded public key. +// Returns an error if the request couldn't be sent, if its body couldn't be parsed +// or if the key couldn't be decoded from base64. +func queryIDServerPubKey(idServerName string, keyID string) ([]byte, error) { + url := fmt.Sprintf("https://%s/_matrix/identity/api/v1/pubkey/%s", idServerName, keyID) + resp, err := http.Get(url) + if err != nil { + return nil, err + } + + var pubKeyRes struct { + PublicKey gomatrixserverlib.Base64String `json:"public_key"` + } + + if resp.StatusCode != http.StatusOK { + // TODO: Log the error supplied with the identity server? + errMsg := fmt.Sprintf("Couldn't retrieve key %s from server %s", keyID, idServerName) + return nil, errors.New(errMsg) + } + + err = json.NewDecoder(resp.Body).Decode(&pubKeyRes) + return pubKeyRes.PublicKey, err +} + +// checkIDServerSignatures iterates over the signatures of a requests. +// If no signature can be found for the ID server's domain, returns an error, else +// iterates over the signature for the said domain, retrieves the matching public +// key, and verify it. +// Returns nil if all the verifications succeeded. +// Returns an error if something failed in the process. +func checkIDServerSignatures(body *MembershipRequest, res *idServerLookupResponse) error { + // Mashall the body so we can give it to VerifyJSON + marshalledBody, err := json.Marshal(*res) + if err != nil { + return err + } + + // TODO: Check if the domain is part of a list of trusted ID servers + signatures, ok := res.Signatures[body.IDServer] + if !ok { + return errors.New("No signature for domain " + body.IDServer) + } + + for keyID := range signatures { + pubKey, err := queryIDServerPubKey(body.IDServer, keyID) + if err != nil { + return err + } + if err = gomatrixserverlib.VerifyJSON(body.IDServer, gomatrixserverlib.KeyID(keyID), pubKey, marshalledBody); err != nil { + return err + } + } + + return nil +} + +// emit3PIDInviteEvent builds and sends a "m.room.third_party_invite" event. +// Returns an error if something failed in the process. +func emit3PIDInviteEvent( + body *MembershipRequest, res *idServerStoreInviteResponse, + device *authtypes.Device, roomID string, cfg config.Dendrite, + queryAPI api.RoomserverQueryAPI, producer *producers.RoomserverProducer, +) error { + builder := &gomatrixserverlib.EventBuilder{ + Sender: device.UserID, + RoomID: roomID, + Type: "m.room.third_party_invite", + StateKey: &res.Token, + } + + validityURL := fmt.Sprintf("https://%s/_matrix/identity/api/v1/pubkey/isvalid", body.IDServer) + content := common.ThirdPartyInviteContent{ + DisplayName: res.DisplayName, + KeyValidityURL: validityURL, + PublicKey: res.PublicKey, + PublicKeys: res.PublicKeys, + } + + if err := builder.SetContent(content); err != nil { + return err + } + + var queryRes *api.QueryLatestEventsAndStateResponse + event, err := events.BuildEvent(builder, cfg, queryAPI, queryRes) + if err != nil { + return err + } + + if err := producer.SendEvents([]gomatrixserverlib.Event{*event}, cfg.Matrix.ServerName); err != nil { + return err + } + + return nil +} diff --git a/src/github.com/matrix-org/dendrite/clientapi/writers/membership.go b/src/github.com/matrix-org/dendrite/clientapi/writers/membership.go index ab3a1645..d5823047 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/writers/membership.go +++ b/src/github.com/matrix-org/dendrite/clientapi/writers/membership.go @@ -23,6 +23,7 @@ import ( "github.com/matrix-org/dendrite/clientapi/httputil" "github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/producers" + "github.com/matrix-org/dendrite/clientapi/thirdpartyinvites" "github.com/matrix-org/dendrite/common" "github.com/matrix-org/dendrite/common/config" "github.com/matrix-org/dendrite/roomserver/api" @@ -38,26 +39,27 @@ func SendMembership( roomID string, membership string, cfg config.Dendrite, queryAPI api.RoomserverQueryAPI, producer *producers.RoomserverProducer, ) util.JSONResponse { - stateKey, reason, reqErr := getMembershipStateKey(req, device, membership) + var body thirdpartyinvites.MembershipRequest + if reqErr := httputil.UnmarshalJSONRequest(req, &body); reqErr != nil { + return *reqErr + } + + if res := thirdpartyinvites.CheckAndProcess( + req, device, &body, cfg, queryAPI, accountDB, producer, membership, roomID, + ); res != nil { + return *res + } + + stateKey, reason, reqErr := getMembershipStateKey(body, device, membership) if reqErr != nil { return *reqErr } - localpart, serverName, err := gomatrixserverlib.SplitID('@', stateKey) + profile, err := loadProfile(stateKey, cfg, accountDB) if err != nil { return httputil.LogThenError(req, err) } - var profile *authtypes.Profile - if serverName == cfg.Matrix.ServerName { - profile, err = accountDB.GetProfileByLocalpart(localpart) - if err != nil { - return httputil.LogThenError(req, err) - } - } else { - profile = &authtypes.Profile{} - } - builder := gomatrixserverlib.EventBuilder{ Sender: device.UserID, RoomID: roomID, @@ -101,28 +103,39 @@ func SendMembership( } } +// loadProfile lookups the profile of a given user from the database and returns +// it if the user is local to this server, or returns an empty profile if not. +// Returns an error if the retrieval failed or if the first parameter isn't a +// valid Matrix ID. +func loadProfile(userID string, cfg config.Dendrite, accountDB *accounts.Database) (*authtypes.Profile, error) { + localpart, serverName, err := gomatrixserverlib.SplitID('@', userID) + if err != nil { + return nil, err + } + + var profile *authtypes.Profile + if serverName == cfg.Matrix.ServerName { + profile, err = accountDB.GetProfileByLocalpart(localpart) + } else { + profile = &authtypes.Profile{} + } + + return profile, err +} + // getMembershipStateKey extracts the target user ID of a membership change. // For "join" and "leave" this will be the ID of the user making the change. // For "ban", "unban", "kick" and "invite" the target user ID will be in the JSON request body. // In the latter case, if there was an issue retrieving the user ID from the request body, // returns a JSONResponse with a corresponding error code and message. func getMembershipStateKey( - req *http.Request, device *authtypes.Device, membership string, + body thirdpartyinvites.MembershipRequest, device *authtypes.Device, membership string, ) (stateKey string, reason string, response *util.JSONResponse) { if membership == "ban" || membership == "unban" || membership == "kick" || membership == "invite" { // If we're in this case, the state key is contained in the request body, // possibly along with a reason (for "kick" and "ban") so we need to parse // it - var requestBody struct { - UserID string `json:"user_id"` - Reason string `json:"reason"` - } - - if reqErr := httputil.UnmarshalJSONRequest(req, &requestBody); reqErr != nil { - response = reqErr - return - } - if requestBody.UserID == "" { + if body.UserID == "" { response = &util.JSONResponse{ Code: 400, JSON: jsonerror.BadJSON("'user_id' must be supplied."), @@ -130,8 +143,8 @@ func getMembershipStateKey( return } - stateKey = requestBody.UserID - reason = requestBody.Reason + stateKey = body.UserID + reason = body.Reason } else { stateKey = device.UserID } diff --git a/src/github.com/matrix-org/dendrite/common/eventcontent.go b/src/github.com/matrix-org/dendrite/common/eventcontent.go index 7aa86938..0dfb37a1 100644 --- a/src/github.com/matrix-org/dendrite/common/eventcontent.go +++ b/src/github.com/matrix-org/dendrite/common/eventcontent.go @@ -29,6 +29,20 @@ type MemberContent struct { // TODO: ThirdPartyInvite string `json:"third_party_invite,omitempty"` } +// ThirdPartyInviteContent is the content event for https://matrix.org/docs/spec/client_server/r0.2.0.html#m-room-third-party-invite +type ThirdPartyInviteContent struct { + DisplayName string `json:"display_name"` + KeyValidityURL string `json:"key_validity_url"` + PublicKey string `json:"public_key"` + PublicKeys []PublicKey `json:"public_keys"` +} + +// PublicKey is the PublicKeys structure in https://matrix.org/docs/spec/client_server/r0.2.0.html#m-room-third-party-invite +type PublicKey struct { + KeyValidityURL string `json:"key_validity_url"` + PublicKey string `json:"public_key"` +} + // NameContent is the event content for https://matrix.org/docs/spec/client_server/r0.2.0.html#m-room-name type NameContent struct { Name string `json:"name"`