From c85d363d71c7f578917e61f2ab3c635b46f69a7e Mon Sep 17 00:00:00 2001 From: timokoesters Date: Sat, 6 Jun 2020 18:44:50 +0200 Subject: [PATCH 1/7] feat: user interactive authentication --- src/client_server.rs | 98 ++++++++++++++++++++++---- src/database.rs | 5 ++ src/database/uiaa.rs | 161 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 249 insertions(+), 15 deletions(-) create mode 100644 src/database/uiaa.rs diff --git a/src/client_server.rs b/src/client_server.rs index 057b473d..03be7bf0 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -62,9 +62,9 @@ use serde_json::{json, value::RawValue}; const GUEST_NAME_LENGTH: usize = 10; const DEVICE_ID_LENGTH: usize = 10; -const SESSION_ID_LENGTH: usize = 256; const TOKEN_LENGTH: usize = 256; const MXC_LENGTH: usize = 256; +const SESSION_ID_LENGTH: usize = 256; #[get("/_matrix/client/versions")] pub fn get_supported_versions_route() -> MatrixResult { @@ -117,18 +117,6 @@ pub fn register_route( db: State<'_, Database>, body: Ruma, ) -> MatrixResult { - if body.auth.is_none() { - return MatrixResult(Err(UiaaResponse::AuthResponse(UiaaInfo { - flows: vec![AuthFlow { - stages: vec!["m.login.dummy".to_owned()], - }], - completed: vec![], - params: RawValue::from_string("{}".to_owned()).unwrap(), - session: Some(utils::random_string(SESSION_ID_LENGTH)), - auth_error: None, - }))); - } - // Validate user id let user_id = match UserId::parse_with_server_name( body.username @@ -161,6 +149,32 @@ pub fn register_route( }))); } + // UIAA + let uiaainfo = UiaaInfo { + flows: vec![AuthFlow { + stages: vec!["m.login.dummy".to_owned()], + }], + completed: Vec::new(), + params: Default::default(), + session: Some(utils::random_string(SESSION_ID_LENGTH)), + auth_error: None, + }; + + if let Some(auth) = &body.auth { + let (worked, uiaainfo) = db + .uiaa + .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .unwrap(); + if !worked { + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + // Success! + } else { + db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); + + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + let password = body.password.clone().unwrap_or_default(); if let Ok(hash) = utils::calculate_hash(&password) { @@ -2867,8 +2881,35 @@ pub fn delete_device_route( db: State<'_, Database>, body: Ruma, device_id: DeviceId, -) -> MatrixResult { +) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + + // UIAA + let uiaainfo = UiaaInfo { + flows: vec![AuthFlow { + stages: vec!["m.login.password".to_owned()], + }], + completed: Vec::new(), + params: Default::default(), + session: Some(utils::random_string(SESSION_ID_LENGTH)), + auth_error: None, + }; + + if let Some(auth) = &body.auth { + let (worked, uiaainfo) = db + .uiaa + .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .unwrap(); + if !worked { + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + // Success! + } else { + db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); + + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + db.users.remove_device(&user_id, &device_id).unwrap(); MatrixResult(Ok(delete_device::Response)) @@ -2878,8 +2919,35 @@ pub fn delete_device_route( pub fn delete_devices_route( db: State<'_, Database>, body: Ruma, -) -> MatrixResult { +) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + + // UIAA + let uiaainfo = UiaaInfo { + flows: vec![AuthFlow { + stages: vec!["m.login.password".to_owned()], + }], + completed: Vec::new(), + params: Default::default(), + session: Some(utils::random_string(SESSION_ID_LENGTH)), + auth_error: None, + }; + + if let Some(auth) = &body.auth { + let (worked, uiaainfo) = db + .uiaa + .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .unwrap(); + if !worked { + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + // Success! + } else { + db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); + + return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); + } + for device_id in &body.devices { db.users.remove_device(&user_id, &device_id).unwrap() } diff --git a/src/database.rs b/src/database.rs index dc78ba9a..492f8804 100644 --- a/src/database.rs +++ b/src/database.rs @@ -3,6 +3,7 @@ pub(self) mod global_edus; pub(self) mod globals; pub(self) mod media; pub(self) mod rooms; +pub(self) mod uiaa; pub(self) mod users; use directories::ProjectDirs; @@ -13,6 +14,7 @@ use rocket::Config; pub struct Database { pub globals: globals::Globals, pub users: users::Users, + pub uiaa: uiaa::Uiaa, pub rooms: rooms::Rooms, pub account_data: account_data::AccountData, pub global_edus: global_edus::GlobalEdus, @@ -66,6 +68,9 @@ impl Database { devicekeychangeid_userid: db.open_tree("devicekeychangeid_userid").unwrap(), todeviceid_events: db.open_tree("todeviceid_events").unwrap(), }, + uiaa: uiaa::Uiaa { + userdeviceid_uiaainfo: db.open_tree("userdeviceid_uiaainfo").unwrap(), + }, rooms: rooms::Rooms { edus: rooms::RoomEdus { roomuserid_lastread: db.open_tree("roomuserid_lastread").unwrap(), // "Private" read receipt diff --git a/src/database/uiaa.rs b/src/database/uiaa.rs new file mode 100644 index 00000000..f1de4766 --- /dev/null +++ b/src/database/uiaa.rs @@ -0,0 +1,161 @@ +use crate::{utils, Error, Result}; +use js_int::UInt; +use log::debug; +use ruma::{ + api::client::{ + error::ErrorKind, + r0::{ + device::Device, + keys::{AlgorithmAndDeviceId, DeviceKeys, KeyAlgorithm, OneTimeKey}, + uiaa::{AuthData, AuthFlow, UiaaInfo, UiaaResponse}, + }, + }, + events::{to_device::AnyToDeviceEvent, EventJson, EventType}, + identifiers::{DeviceId, UserId}, +}; +use serde_json::value::RawValue; +use std::{collections::BTreeMap, convert::TryFrom, time::SystemTime}; + +pub struct Uiaa { + pub(super) userdeviceid_uiaainfo: sled::Tree, // User-interactive authentication +} + +impl Uiaa { + /// Creates a new Uiaa session. Make sure the session token is unique. + pub fn create(&self, user_id: &UserId, device_id: &str, uiaainfo: &UiaaInfo) -> Result<()> { + self.update_uiaa_session(user_id, device_id, Some(uiaainfo)) + } + + pub fn try_auth( + &self, + user_id: &UserId, + device_id: &DeviceId, + auth: &AuthData, + uiaainfo: &UiaaInfo, + users: &super::users::Users, + globals: &super::globals::Globals, + ) -> Result<(bool, UiaaInfo)> { + if let AuthData::DirectRequest { + kind, + session, + auth_parameters, + } = &auth + { + let mut uiaainfo = session + .as_ref() + .map(|session| { + Ok::<_, Error>(self.get_uiaa_session(&user_id, &"".to_owned(), session)?) + }) + .unwrap_or(Ok(uiaainfo.clone()))?; + + // Find out what the user completed + match &**kind { + "m.login.password" => { + if auth_parameters["identifier"]["type"] != "m.id.user" { + panic!("identifier not supported"); + } + + let user_id = UserId::parse_with_server_name( + auth_parameters["identifier"]["user"].as_str().unwrap(), + globals.server_name(), + )?; + let password = auth_parameters["password"].as_str().unwrap(); + + // Check if password is correct + if let Some(hash) = users.password_hash(&user_id)? { + let hash_matches = + argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false); + + if !hash_matches { + debug!("Invalid password."); + uiaainfo.auth_error = Some(ruma::api::client::error::ErrorBody { + kind: ErrorKind::Forbidden, + message: "Invalid username or password.".to_owned(), + }); + return Ok((false, uiaainfo)); + } + } + + // Password was correct! Let's add it to `completed` + uiaainfo.completed.push("m.login.password".to_owned()); + } + "m.login.dummy" => { + uiaainfo.completed.push("m.login.dummy".to_owned()); + } + k => panic!("type not supported: {}", k), + } + + // Check if a flow now succeeds + let mut completed = false; + 'flows: for flow in &mut uiaainfo.flows { + for stage in &flow.stages { + if !uiaainfo.completed.contains(stage) { + continue 'flows; + } + } + // We didn't break, so this flow succeeded! + completed = true; + } + + if !completed { + self.update_uiaa_session(user_id, device_id, Some(&uiaainfo))?; + return Ok((false, uiaainfo)); + } + + // UIAA was successful! Remove this session and return true + self.update_uiaa_session(user_id, device_id, None)?; + return Ok((true, uiaainfo)); + } else { + panic!("FallbackAcknowledgement is not supported yet"); + } + } + + fn update_uiaa_session( + &self, + user_id: &UserId, + device_id: &str, + uiaainfo: Option<&UiaaInfo>, + ) -> Result<()> { + let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); + userdeviceid.push(0xff); + userdeviceid.extend_from_slice(device_id.as_bytes()); + + if let Some(uiaainfo) = uiaainfo { + self.userdeviceid_uiaainfo + .insert(&userdeviceid, &*serde_json::to_string(&uiaainfo)?)?; + } else { + self.userdeviceid_uiaainfo.remove(&userdeviceid)?; + } + + Ok(()) + } + + fn get_uiaa_session( + &self, + user_id: &UserId, + device_id: &str, + session: &str, + ) -> Result { + let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); + userdeviceid.push(0xff); + userdeviceid.extend_from_slice(device_id.as_bytes()); + + let uiaainfo = serde_json::from_slice::( + &self + .userdeviceid_uiaainfo + .get(&userdeviceid)? + .ok_or(Error::BadRequest("session does not exist"))?, + )?; + + if uiaainfo + .session + .as_ref() + .filter(|&s| s == session) + .is_none() + { + return Err(Error::BadRequest("wrong session token")); + } + + Ok(uiaainfo) + } +} From 0067f49d525b4b99ce1c783d313fb09cb0b071c9 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Sat, 6 Jun 2020 19:02:31 +0200 Subject: [PATCH 2/7] feat: close registration with ROCKET_REGISTRATION_DISABLED=true --- src/client_server.rs | 8 ++++++++ src/database.rs | 8 +++----- src/database/globals.rs | 24 ++++++++++++++++-------- 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/src/client_server.rs b/src/client_server.rs index 03be7bf0..c190ef7b 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -117,6 +117,14 @@ pub fn register_route( db: State<'_, Database>, body: Ruma, ) -> MatrixResult { + if db.globals.registration_disabled() { + return MatrixResult(Err(UiaaResponse::MatrixError(Error { + kind: ErrorKind::Unknown, + message: "Registration has been disabled.".to_owned(), + status_code: http::StatusCode::FORBIDDEN, + }))); + } + // Validate user id let user_id = match UserId::parse_with_server_name( body.username diff --git a/src/database.rs b/src/database.rs index 492f8804..34af8fc2 100644 --- a/src/database.rs +++ b/src/database.rs @@ -7,6 +7,7 @@ pub(self) mod uiaa; pub(self) mod users; use directories::ProjectDirs; +use log::info; use std::fs::remove_dir_all; use rocket::Config; @@ -49,13 +50,10 @@ impl Database { }); let db = sled::open(&path).unwrap(); - log::info!("Opened sled database at {}", path); + info!("Opened sled database at {}", path); Self { - globals: globals::Globals::load( - db.open_tree("global").unwrap(), - server_name.to_owned(), - ), + globals: globals::Globals::load(db.open_tree("global").unwrap(), config), users: users::Users { userid_password: db.open_tree("userid_password").unwrap(), userid_displayname: db.open_tree("userid_displayname").unwrap(), diff --git a/src/database/globals.rs b/src/database/globals.rs index 93d5794c..08ab411f 100644 --- a/src/database/globals.rs +++ b/src/database/globals.rs @@ -4,13 +4,14 @@ pub const COUNTER: &str = "c"; pub struct Globals { pub(super) globals: sled::Tree, - server_name: String, keypair: ruma::signatures::Ed25519KeyPair, reqwest_client: reqwest::Client, + server_name: String, + registration_disabled: bool, } impl Globals { - pub fn load(globals: sled::Tree, server_name: String) -> Self { + pub fn load(globals: sled::Tree, config: &rocket::Config) -> Self { let keypair = ruma::signatures::Ed25519KeyPair::new( &*globals .update_and_fetch("keypair", utils::generate_keypair) @@ -22,17 +23,16 @@ impl Globals { Self { globals, - server_name, keypair, reqwest_client: reqwest::Client::new(), + server_name: config + .get_str("server_name") + .unwrap_or("localhost") + .to_owned(), + registration_disabled: config.get_bool("registration_disabled").unwrap_or(false), } } - /// Returns the server_name of the server. - pub fn server_name(&self) -> &str { - &self.server_name - } - /// Returns this server's keypair. pub fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair { &self.keypair @@ -58,4 +58,12 @@ impl Globals { .get(COUNTER)? .map_or(0_u64, |bytes| utils::u64_from_bytes(&bytes))) } + + pub fn server_name(&self) -> &str { + &self.server_name + } + + pub fn registration_disabled(&self) -> bool { + self.registration_disabled + } } From b4d65ab67d95485f9762363492ce259a24aa1450 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Sat, 6 Jun 2020 22:34:08 +0200 Subject: [PATCH 3/7] improvement: optimize /sync response --- Cargo.lock | 17 +++-- Cargo.toml | 11 +-- src/client_server.rs | 155 +++++++++++++++++++++--------------------- src/database/rooms.rs | 2 +- src/pdu.rs | 2 +- 5 files changed, 95 insertions(+), 92 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8527dba3..fe80fb6c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1263,7 +1263,7 @@ dependencies = [ [[package]] name = "ruma" version = "0.1.0" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "ruma-api", "ruma-client-api", @@ -1277,7 +1277,7 @@ dependencies = [ [[package]] name = "ruma-api" version = "0.16.1" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "http", "percent-encoding 2.1.0", @@ -1292,7 +1292,7 @@ dependencies = [ [[package]] name = "ruma-api-macros" version = "0.16.1" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "proc-macro2 1.0.18", "quote 1.0.6", @@ -1302,7 +1302,7 @@ dependencies = [ [[package]] name = "ruma-client-api" version = "0.9.0" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "http", "js_int", @@ -1319,7 +1319,7 @@ dependencies = [ [[package]] name = "ruma-common" version = "0.1.3" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "matches", "ruma-serde", @@ -1356,8 +1356,7 @@ dependencies = [ [[package]] name = "ruma-federation-api" version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff655a4cb7d43b60b18e07a601889836c1c12854bb16f4c083826b664fdc55aa" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "js_int", "matches", @@ -1382,7 +1381,7 @@ dependencies = [ [[package]] name = "ruma-serde" version = "0.2.2" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "dtoa", "itoa", @@ -1395,7 +1394,7 @@ dependencies = [ [[package]] name = "ruma-signatures" version = "0.6.0-dev.1" -source = "git+https://github.com/ruma/ruma?rev=f6fb971329a4a5a7faeebf7ea47a86cd19e580f4#f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +source = "git+https://github.com/ruma/ruma?rev=12388c3fbc8ba2a685cbf0fe810c633c827f5b2c#12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" dependencies = [ "base64 0.12.1", "ring", diff --git a/Cargo.toml b/Cargo.toml index 3c5c9fab..38c7530e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,12 +30,13 @@ image = { version = "0.23.4", default-features = false, features = ["jpeg", "png [dependencies.ruma] git = "https://github.com/ruma/ruma" -rev = "f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" +rev = "12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" +#path = "../ruma/ruma" features = ["rand", "client-api", "federation-api"] # These are required only until ruma-events and ruma-federation-api are merged into ruma/ruma [patch.crates-io] -ruma-api = { git = "https://github.com/ruma/ruma", rev = "f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" } -ruma-common = { git = "https://github.com/ruma/ruma", rev = "f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" } -ruma-events = { git = "https://github.com/ruma/ruma-events", rev = "c1ee72d" } -ruma-serde = { git = "https://github.com/ruma/ruma", rev = "f6fb971329a4a5a7faeebf7ea47a86cd19e580f4" } +ruma-common = { git = "https://github.com/ruma/ruma", rev = "12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" } +ruma-serde = { git = "https://github.com/ruma/ruma", rev = "12388c3fbc8ba2a685cbf0fe810c633c827f5b2c" } +#ruma-common = { path = "../ruma/ruma-common" } +#ruma-serde = { path = "../ruma/ruma-serde" } diff --git a/src/client_server.rs b/src/client_server.rs index c190ef7b..01ec7a36 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -2338,50 +2338,51 @@ pub fn sync_route( ); } - joined_rooms.insert( - room_id.clone().try_into().unwrap(), - sync_events::JoinedRoom { - account_data: Some(sync_events::AccountData { - events: db - .account_data - .changes_since(Some(&room_id), &user_id, since) - .unwrap() - .into_iter() - .map(|(_, v)| v) - .collect(), - }), - summary: sync_events::RoomSummary { - heroes, - joined_member_count: joined_member_count.map(|n| (n as u32).into()), - invited_member_count: invited_member_count.map(|n| (n as u32).into()), - }, - unread_notifications: sync_events::UnreadNotificationsCount { - highlight_count: None, - notification_count, - }, - timeline: sync_events::Timeline { - limited: if limited || joined_since_last_sync { - Some(true) - } else { - None - }, - prev_batch, - events: room_events, - }, - // TODO: state before timeline - state: sync_events::State { - events: if joined_since_last_sync { - state - .into_iter() - .map(|(_, pdu)| pdu.to_state_event()) - .collect() - } else { - Vec::new() - }, - }, - ephemeral: sync_events::Ephemeral { events: edus }, + let joined_room = sync_events::JoinedRoom { + account_data: sync_events::AccountData { + events: db + .account_data + .changes_since(Some(&room_id), &user_id, since) + .unwrap() + .into_iter() + .map(|(_, v)| v) + .collect(), }, - ); + summary: sync_events::RoomSummary { + heroes, + joined_member_count: joined_member_count.map(|n| (n as u32).into()), + invited_member_count: invited_member_count.map(|n| (n as u32).into()), + }, + unread_notifications: sync_events::UnreadNotificationsCount { + highlight_count: None, + notification_count, + }, + timeline: sync_events::Timeline { + limited: if limited || joined_since_last_sync { + Some(true) + } else { + None + }, + prev_batch, + events: room_events, + }, + // TODO: state before timeline + state: sync_events::State { + events: if joined_since_last_sync { + state + .into_iter() + .map(|(_, pdu)| pdu.to_state_event()) + .collect() + } else { + Vec::new() + }, + }, + ephemeral: sync_events::Ephemeral { events: edus }, + }; + + if !joined_room.is_empty() { + joined_rooms.insert(room_id.clone().try_into().unwrap(), joined_room); + } } let mut left_rooms = BTreeMap::new(); @@ -2390,6 +2391,7 @@ pub fn sync_route( let pdus = db.rooms.pdus_since(&room_id, since).unwrap(); let room_events = pdus.map(|pdu| pdu.unwrap().to_room_event()).collect(); + // TODO: Only until leave point let mut edus = db .rooms .edus @@ -2416,38 +2418,40 @@ pub fn sync_route( ); } - left_rooms.insert( - room_id.clone().try_into().unwrap(), - sync_events::LeftRoom { - account_data: Some(sync_events::AccountData { events: Vec::new() }), - timeline: sync_events::Timeline { - limited: Some(false), - prev_batch: Some(next_batch.clone()), - events: room_events, - }, - state: sync_events::State { events: Vec::new() }, + let left_room = sync_events::LeftRoom { + account_data: sync_events::AccountData { events: Vec::new() }, + timeline: sync_events::Timeline { + limited: Some(false), + prev_batch: Some(next_batch.clone()), + events: room_events, }, - ); + state: sync_events::State { events: Vec::new() }, + }; + + if !left_room.is_empty() { + left_rooms.insert(room_id.clone().try_into().unwrap(), left_room); + } } let mut invited_rooms = BTreeMap::new(); for room_id in db.rooms.rooms_invited(&user_id) { let room_id = room_id.unwrap(); - invited_rooms.insert( - room_id.clone(), - sync_events::InvitedRoom { - invite_state: sync_events::InviteState { - events: db - .rooms - .room_state(&room_id) - .unwrap() - .into_iter() - .map(|(_, pdu)| pdu.to_stripped_state_event()) - .collect(), - }, + let invited_room = sync_events::InvitedRoom { + invite_state: sync_events::InviteState { + events: db + .rooms + .room_state(&room_id) + .unwrap() + .into_iter() + .map(|(_, pdu)| pdu.to_stripped_state_event()) + .collect(), }, - ); + }; + + if !invited_room.is_empty() { + invited_rooms.insert(room_id.clone(), invited_room); + } } MatrixResult(Ok(sync_events::Response { @@ -2482,17 +2486,16 @@ pub fn sync_route( .map(|(_, v)| v) .collect(), }, - device_lists: if since != 0 { - Some(sync_events::DeviceLists { - changed: db - .users + device_lists: sync_events::DeviceLists { + changed: if since != 0 { + db.users .device_keys_changed(since) .map(|u| u.unwrap()) - .collect(), - left: Vec::new(), // TODO - }) - } else { - None // TODO: left + .collect() + } else { + Vec::new() + }, + left: Vec::new(), // TODO }, device_one_time_keys_count: Default::default(), // TODO to_device: sync_events::ToDevice { diff --git a/src/database/rooms.rs b/src/database/rooms.rs index 5d9da485..fa422def 100644 --- a/src/database/rooms.rs +++ b/src/database/rooms.rs @@ -421,7 +421,7 @@ impl Rooms { auth_events: Vec::new(), redacts: redacts.clone(), unsigned, - hashes: ruma::api::federation::EventHash { + hashes: ruma::api::federation::pdu::EventHash { sha256: "aaa".to_owned(), }, signatures: HashMap::new(), diff --git a/src/pdu.rs b/src/pdu.rs index 6ee0fd52..454d27f3 100644 --- a/src/pdu.rs +++ b/src/pdu.rs @@ -1,6 +1,6 @@ use js_int::UInt; use ruma::{ - api::federation::EventHash, + api::federation::pdu::EventHash, events::{ collections::all::{RoomEvent, StateEvent}, stripped::AnyStrippedStateEvent, From 588049678b5340311f34a958d2cc2ac4b3f7ef53 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Sun, 7 Jun 2020 18:38:00 +0200 Subject: [PATCH 4/7] refactor: replace DeviceId with str or String --- src/client_server.rs | 19 ++++++++++++------- src/database/uiaa.rs | 4 ++-- src/database/users.rs | 34 +++++++++++++++------------------- sytest/sytest-whitelist | 1 - 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/client_server.rs b/src/client_server.rs index 01ec7a36..3620a00b 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -56,7 +56,7 @@ use ruma::{ room::{canonical_alias, guest_access, history_visibility, join_rules, member, redaction}, EventJson, EventType, }, - identifiers::{DeviceId, RoomAliasId, RoomId, RoomVersionId, UserId}, + identifiers::{RoomAliasId, RoomId, RoomVersionId, UserId}, }; use serde_json::{json, value::RawValue}; @@ -2841,13 +2841,15 @@ pub fn get_devices_route( MatrixResult(Ok(get_devices::Response { devices })) } -#[get("/_matrix/client/r0/devices/", data = "")] +#[get("/_matrix/client/r0/devices/<_device_id>", data = "")] pub fn get_device_route( db: State<'_, Database>, body: Ruma, - device_id: DeviceId, + _device_id: String, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + let device_id = body.device_id.as_ref().expect("user is authenticated"); + let device = db.users.get_device_metadata(&user_id, &device_id).unwrap(); match device { @@ -2860,13 +2862,15 @@ pub fn get_device_route( } } -#[put("/_matrix/client/r0/devices/", data = "")] +#[put("/_matrix/client/r0/devices/<_device_id>", data = "")] pub fn update_device_route( db: State<'_, Database>, body: Ruma, - device_id: DeviceId, + _device_id: String, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + let device_id = body.device_id.as_ref().expect("user is authenticated"); + let device = db.users.get_device_metadata(&user_id, &device_id).unwrap(); match device { @@ -2887,13 +2891,14 @@ pub fn update_device_route( } } -#[delete("/_matrix/client/r0/devices/", data = "")] +#[delete("/_matrix/client/r0/devices/<_device_id>", data = "")] pub fn delete_device_route( db: State<'_, Database>, body: Ruma, - device_id: DeviceId, + _device_id: String, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + let device_id = body.device_id.as_ref().expect("user is authenticated"); // UIAA let uiaainfo = UiaaInfo { diff --git a/src/database/uiaa.rs b/src/database/uiaa.rs index f1de4766..6cd25b99 100644 --- a/src/database/uiaa.rs +++ b/src/database/uiaa.rs @@ -11,7 +11,7 @@ use ruma::{ }, }, events::{to_device::AnyToDeviceEvent, EventJson, EventType}, - identifiers::{DeviceId, UserId}, + identifiers::UserId, }; use serde_json::value::RawValue; use std::{collections::BTreeMap, convert::TryFrom, time::SystemTime}; @@ -29,7 +29,7 @@ impl Uiaa { pub fn try_auth( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, auth: &AuthData, uiaainfo: &UiaaInfo, users: &super::users::Users, diff --git a/src/database/users.rs b/src/database/users.rs index 8893b102..5c474556 100644 --- a/src/database/users.rs +++ b/src/database/users.rs @@ -6,7 +6,7 @@ use ruma::{ keys::{AlgorithmAndDeviceId, DeviceKeys, KeyAlgorithm, OneTimeKey}, }, events::{to_device::AnyToDeviceEvent, EventJson, EventType}, - identifiers::{DeviceId, UserId}, + identifiers::UserId, }; use std::{collections::BTreeMap, convert::TryFrom, time::SystemTime}; @@ -113,7 +113,7 @@ impl Users { pub fn create_device( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, token: &str, initial_device_display_name: Option, ) -> Result<()> { @@ -130,7 +130,7 @@ impl Users { self.userdeviceid_metadata.insert( userdeviceid, serde_json::to_string(&Device { - device_id: device_id.clone(), + device_id: device_id.to_owned(), display_name: initial_device_display_name, last_seen_ip: None, // TODO last_seen_ts: Some(SystemTime::now()), @@ -144,7 +144,7 @@ impl Users { } /// Removes a device from a user. - pub fn remove_device(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()> { + pub fn remove_device(&self, user_id: &UserId, device_id: &str) -> Result<()> { let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); userdeviceid.push(0xff); userdeviceid.extend_from_slice(device_id.as_bytes()); @@ -173,7 +173,7 @@ impl Users { } /// Returns an iterator over all device ids of this user. - pub fn all_device_ids(&self, user_id: &UserId) -> impl Iterator> { + pub fn all_device_ids(&self, user_id: &UserId) -> impl Iterator> { let mut prefix = user_id.to_string().as_bytes().to_vec(); prefix.push(0xff); // All devices have metadata @@ -191,7 +191,7 @@ impl Users { } /// Replaces the access token of one device. - pub fn set_token(&self, user_id: &UserId, device_id: &DeviceId, token: &str) -> Result<()> { + pub fn set_token(&self, user_id: &UserId, device_id: &str, token: &str) -> Result<()> { let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); userdeviceid.push(0xff); userdeviceid.extend_from_slice(device_id.as_bytes()); @@ -219,7 +219,7 @@ impl Users { pub fn add_one_time_key( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, one_time_key_key: &AlgorithmAndDeviceId, one_time_key_value: &OneTimeKey, ) -> Result<()> { @@ -248,7 +248,7 @@ impl Users { pub fn take_one_time_key( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, key_algorithm: &KeyAlgorithm, ) -> Result> { let mut prefix = user_id.to_string().as_bytes().to_vec(); @@ -282,7 +282,7 @@ impl Users { pub fn count_one_time_keys( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, ) -> Result> { let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); userdeviceid.push(0xff); @@ -315,7 +315,7 @@ impl Users { pub fn add_device_keys( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, device_keys: &DeviceKeys, globals: &super::globals::Globals, ) -> Result<()> { @@ -335,7 +335,7 @@ impl Users { pub fn get_device_keys( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, ) -> impl Iterator> { let mut key = user_id.to_string().as_bytes().to_vec(); key.push(0xff); @@ -376,7 +376,7 @@ impl Users { &self, sender: &UserId, target_user_id: &UserId, - target_device_id: &DeviceId, + target_device_id: &str, event_type: &EventType, content: serde_json::Value, globals: &super::globals::Globals, @@ -401,7 +401,7 @@ impl Users { pub fn take_to_device_events( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, max: usize, ) -> Result>> { let mut events = Vec::new(); @@ -423,7 +423,7 @@ impl Users { pub fn update_device_metadata( &self, user_id: &UserId, - device_id: &DeviceId, + device_id: &str, device: &Device, ) -> Result<()> { let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); @@ -441,11 +441,7 @@ impl Users { } /// Get device metadata. - pub fn get_device_metadata( - &self, - user_id: &UserId, - device_id: &DeviceId, - ) -> Result> { + pub fn get_device_metadata(&self, user_id: &UserId, device_id: &str) -> Result> { let mut userdeviceid = user_id.to_string().as_bytes().to_vec(); userdeviceid.push(0xff); userdeviceid.extend_from_slice(device_id.as_bytes()); diff --git a/sytest/sytest-whitelist b/sytest/sytest-whitelist index bf9059c7..a13d30fb 100644 --- a/sytest/sytest-whitelist +++ b/sytest/sytest-whitelist @@ -43,7 +43,6 @@ GET /profile/:user_id/displayname publicly accessible GET /device/{deviceId} gives a 404 for unknown devices PUT /device/{deviceId} gives a 404 for unknown devices After deactivating account, can't log in with an email -Can create filter Should reject keys claiming to belong to a different user Can add account data Checking local federation server From bfe5b89ba43c5fb325bbd599a67e2d48694a24b7 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Mon, 8 Jun 2020 11:45:22 +0200 Subject: [PATCH 5/7] style: cargo fmt --- src/client_server.rs | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/src/client_server.rs b/src/client_server.rs index 3620a00b..481a40a2 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -171,12 +171,19 @@ pub fn register_route( if let Some(auth) = &body.auth { let (worked, uiaainfo) = db .uiaa - .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .try_auth( + &user_id, + &"".to_owned(), + auth, + &uiaainfo, + &db.users, + &db.globals, + ) .unwrap(); if !worked { return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } - // Success! + // Success! } else { db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); @@ -2914,12 +2921,19 @@ pub fn delete_device_route( if let Some(auth) = &body.auth { let (worked, uiaainfo) = db .uiaa - .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .try_auth( + &user_id, + &"".to_owned(), + auth, + &uiaainfo, + &db.users, + &db.globals, + ) .unwrap(); if !worked { return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } - // Success! + // Success! } else { db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); @@ -2952,12 +2966,19 @@ pub fn delete_devices_route( if let Some(auth) = &body.auth { let (worked, uiaainfo) = db .uiaa - .try_auth(&user_id, &"".to_owned(), auth, &uiaainfo, &db.users, &db.globals) + .try_auth( + &user_id, + &"".to_owned(), + auth, + &uiaainfo, + &db.users, + &db.globals, + ) .unwrap(); if !worked { return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } - // Success! + // Success! } else { db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); From 176bd114a09e0299f048daa4bb48bcca70b84de4 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Mon, 8 Jun 2020 12:28:30 +0200 Subject: [PATCH 6/7] fix: use correct device in GET /devices --- src/client_server.rs | 47 +++++++++++++++++++---------------------- sytest/sytest-whitelist | 1 + 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/src/client_server.rs b/src/client_server.rs index 481a40a2..6e0c40a2 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -171,22 +171,14 @@ pub fn register_route( if let Some(auth) = &body.auth { let (worked, uiaainfo) = db .uiaa - .try_auth( - &user_id, - &"".to_owned(), - auth, - &uiaainfo, - &db.users, - &db.globals, - ) + .try_auth(&user_id, "", auth, &uiaainfo, &db.users, &db.globals) .unwrap(); if !worked { return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } // Success! } else { - db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); - + db.uiaa.create(&user_id, "", &uiaainfo).unwrap(); return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } @@ -604,7 +596,7 @@ pub fn get_displayname_route( body: Ruma, _user_id: String, ) -> MatrixResult { - let user_id = (*body).user_id.clone(); + let user_id = body.body.user_id.clone(); MatrixResult(Ok(get_display_name::Response { displayname: db.users.displayname(&user_id).unwrap(), })) @@ -695,7 +687,7 @@ pub fn get_avatar_url_route( body: Ruma, _user_id: String, ) -> MatrixResult { - let user_id = (*body).user_id.clone(); + let user_id = body.body.user_id.clone(); MatrixResult(Ok(get_avatar_url::Response { avatar_url: db.users.avatar_url(&user_id).unwrap(), })) @@ -707,7 +699,7 @@ pub fn get_profile_route( body: Ruma, _user_id: String, ) -> MatrixResult { - let user_id = (*body).user_id.clone(); + let user_id = body.body.user_id.clone(); let avatar_url = db.users.avatar_url(&user_id).unwrap(); let displayname = db.users.displayname(&user_id).unwrap(); @@ -2855,9 +2847,11 @@ pub fn get_device_route( _device_id: String, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); - let device_id = body.device_id.as_ref().expect("user is authenticated"); - let device = db.users.get_device_metadata(&user_id, &device_id).unwrap(); + let device = db + .users + .get_device_metadata(&user_id, &body.body.device_id) + .unwrap(); match device { None => MatrixResult(Err(Error { @@ -2876,9 +2870,11 @@ pub fn update_device_route( _device_id: String, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); - let device_id = body.device_id.as_ref().expect("user is authenticated"); - let device = db.users.get_device_metadata(&user_id, &device_id).unwrap(); + let device = db + .users + .get_device_metadata(&user_id, &body.body.device_id) + .unwrap(); match device { None => MatrixResult(Err(Error { @@ -2890,7 +2886,7 @@ pub fn update_device_route( device.display_name = body.display_name.clone(); db.users - .update_device_metadata(&user_id, &device_id, &device) + .update_device_metadata(&user_id, &body.body.device_id, &device) .unwrap(); MatrixResult(Ok(update_device::Response)) @@ -2923,7 +2919,7 @@ pub fn delete_device_route( .uiaa .try_auth( &user_id, - &"".to_owned(), + &device_id, auth, &uiaainfo, &db.users, @@ -2935,12 +2931,13 @@ pub fn delete_device_route( } // Success! } else { - db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); - + db.uiaa.create(&user_id, &device_id, &uiaainfo).unwrap(); return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } - db.users.remove_device(&user_id, &device_id).unwrap(); + db.users + .remove_device(&user_id, &body.body.device_id) + .unwrap(); MatrixResult(Ok(delete_device::Response)) } @@ -2951,6 +2948,7 @@ pub fn delete_devices_route( body: Ruma, ) -> MatrixResult { let user_id = body.user_id.as_ref().expect("user is authenticated"); + let device_id = body.device_id.as_ref().expect("user is authenticated"); // UIAA let uiaainfo = UiaaInfo { @@ -2968,7 +2966,7 @@ pub fn delete_devices_route( .uiaa .try_auth( &user_id, - &"".to_owned(), + &device_id, auth, &uiaainfo, &db.users, @@ -2980,8 +2978,7 @@ pub fn delete_devices_route( } // Success! } else { - db.uiaa.create(&user_id, &"".to_owned(), &uiaainfo).unwrap(); - + db.uiaa.create(&user_id, &device_id, &uiaainfo).unwrap(); return MatrixResult(Err(UiaaResponse::AuthResponse(uiaainfo))); } diff --git a/sytest/sytest-whitelist b/sytest/sytest-whitelist index a13d30fb..bf9059c7 100644 --- a/sytest/sytest-whitelist +++ b/sytest/sytest-whitelist @@ -43,6 +43,7 @@ GET /profile/:user_id/displayname publicly accessible GET /device/{deviceId} gives a 404 for unknown devices PUT /device/{deviceId} gives a 404 for unknown devices After deactivating account, can't log in with an email +Can create filter Should reject keys claiming to belong to a different user Can add account data Checking local federation server From 95047272e85b2f3fcce03e1bd75d93bb18cca256 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Mon, 8 Jun 2020 14:29:44 +0200 Subject: [PATCH 7/7] fix: let example config show how to use registration_disabled --- Rocket-example.toml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Rocket-example.toml b/Rocket-example.toml index 924b540e..30a3c3a0 100644 --- a/Rocket-example.toml +++ b/Rocket-example.toml @@ -1,11 +1,13 @@ [global] server_name = "your.server.name" -port = 8448 -address = "0.0.0.0" +#registration_disabled = true # Default path is in this user's data #database_path = "/home/timo/MyConduitServer" +port = 14004 +address = "0.0.0.0" + #[global.tls] #certs = "/etc/letsencrypt/live/your.server.name/fullchain.pem" #key = "/etc/letsencrypt/live/your.server.name/privkey.pem"