improvement: faster incoming transaction handling
This commit is contained in:
Timo Kösters
parent
bf7e019a68
commit
46d8a46e1f
12 changed files with 365 additions and 280 deletions
|
|
@ -4,11 +4,14 @@ use crate::{client_server::SESSION_ID_LENGTH, utils, Error, Result};
|
|||
use ruma::{
|
||||
api::client::{
|
||||
error::ErrorKind,
|
||||
r0::uiaa::{IncomingAuthData, UiaaInfo},
|
||||
r0::uiaa::{
|
||||
IncomingAuthData, IncomingPassword, IncomingUserIdentifier::MatrixId, UiaaInfo,
|
||||
},
|
||||
},
|
||||
signatures::CanonicalJsonValue,
|
||||
DeviceId, UserId,
|
||||
};
|
||||
use tracing::error;
|
||||
|
||||
use super::abstraction::Tree;
|
||||
|
||||
|
|
@ -49,126 +52,91 @@ impl Uiaa {
|
|||
users: &super::users::Users,
|
||||
globals: &super::globals::Globals,
|
||||
) -> Result<(bool, UiaaInfo)> {
|
||||
if let IncomingAuthData::DirectRequest {
|
||||
kind,
|
||||
session,
|
||||
auth_parameters,
|
||||
} = &auth
|
||||
{
|
||||
let mut uiaainfo = session
|
||||
.as_ref()
|
||||
.map(|session| self.get_uiaa_session(&user_id, &device_id, session))
|
||||
.unwrap_or_else(|| Ok(uiaainfo.clone()))?;
|
||||
let mut uiaainfo = auth
|
||||
.session()
|
||||
.map(|session| self.get_uiaa_session(&user_id, &device_id, session))
|
||||
.unwrap_or_else(|| Ok(uiaainfo.clone()))?;
|
||||
|
||||
if uiaainfo.session.is_none() {
|
||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||
}
|
||||
if uiaainfo.session.is_none() {
|
||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||
}
|
||||
|
||||
match auth {
|
||||
// Find out what the user completed
|
||||
match &**kind {
|
||||
"m.login.password" => {
|
||||
let identifier = auth_parameters.get("identifier").ok_or(Error::BadRequest(
|
||||
ErrorKind::MissingParam,
|
||||
"m.login.password needs identifier.",
|
||||
))?;
|
||||
|
||||
let identifier_type = identifier.get("type").ok_or(Error::BadRequest(
|
||||
ErrorKind::MissingParam,
|
||||
"Identifier needs a type.",
|
||||
))?;
|
||||
|
||||
if identifier_type != "m.id.user" {
|
||||
IncomingAuthData::Password(IncomingPassword {
|
||||
identifier,
|
||||
password,
|
||||
..
|
||||
}) => {
|
||||
let username = match identifier {
|
||||
MatrixId(username) => username,
|
||||
_ => {
|
||||
return Err(Error::BadRequest(
|
||||
ErrorKind::Unrecognized,
|
||||
"Identifier type not recognized.",
|
||||
));
|
||||
))
|
||||
}
|
||||
};
|
||||
|
||||
let username = identifier
|
||||
.get("user")
|
||||
.ok_or(Error::BadRequest(
|
||||
ErrorKind::MissingParam,
|
||||
"Identifier needs user field.",
|
||||
))?
|
||||
.as_str()
|
||||
.ok_or(Error::BadRequest(
|
||||
ErrorKind::BadJson,
|
||||
"User is not a string.",
|
||||
))?;
|
||||
|
||||
let user_id = UserId::parse_with_server_name(username, globals.server_name())
|
||||
let user_id =
|
||||
UserId::parse_with_server_name(username.clone(), globals.server_name())
|
||||
.map_err(|_| {
|
||||
Error::BadRequest(ErrorKind::InvalidParam, "User ID is invalid.")
|
||||
})?;
|
||||
Error::BadRequest(ErrorKind::InvalidParam, "User ID is invalid.")
|
||||
})?;
|
||||
|
||||
let password = auth_parameters
|
||||
.get("password")
|
||||
.ok_or(Error::BadRequest(
|
||||
ErrorKind::MissingParam,
|
||||
"Password is missing.",
|
||||
))?
|
||||
.as_str()
|
||||
.ok_or(Error::BadRequest(
|
||||
ErrorKind::BadJson,
|
||||
"Password is not a string.",
|
||||
))?;
|
||||
// Check if password is correct
|
||||
if let Some(hash) = users.password_hash(&user_id)? {
|
||||
let hash_matches =
|
||||
argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false);
|
||||
|
||||
// Check if password is correct
|
||||
if let Some(hash) = users.password_hash(&user_id)? {
|
||||
let hash_matches =
|
||||
argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false);
|
||||
|
||||
if !hash_matches {
|
||||
uiaainfo.auth_error = Some(ruma::api::client::error::ErrorBody {
|
||||
kind: ErrorKind::Forbidden,
|
||||
message: "Invalid username or password.".to_owned(),
|
||||
});
|
||||
return Ok((false, uiaainfo));
|
||||
}
|
||||
}
|
||||
|
||||
// Password was correct! Let's add it to `completed`
|
||||
uiaainfo.completed.push("m.login.password".to_owned());
|
||||
}
|
||||
"m.login.dummy" => {
|
||||
uiaainfo.completed.push("m.login.dummy".to_owned());
|
||||
}
|
||||
k => panic!("type not supported: {}", k),
|
||||
}
|
||||
|
||||
// Check if a flow now succeeds
|
||||
let mut completed = false;
|
||||
'flows: for flow in &mut uiaainfo.flows {
|
||||
for stage in &flow.stages {
|
||||
if !uiaainfo.completed.contains(stage) {
|
||||
continue 'flows;
|
||||
if !hash_matches {
|
||||
uiaainfo.auth_error = Some(ruma::api::client::error::ErrorBody {
|
||||
kind: ErrorKind::Forbidden,
|
||||
message: "Invalid username or password.".to_owned(),
|
||||
});
|
||||
return Ok((false, uiaainfo));
|
||||
}
|
||||
}
|
||||
// We didn't break, so this flow succeeded!
|
||||
completed = true;
|
||||
}
|
||||
|
||||
if !completed {
|
||||
self.update_uiaa_session(
|
||||
user_id,
|
||||
device_id,
|
||||
uiaainfo.session.as_ref().expect("session is always set"),
|
||||
Some(&uiaainfo),
|
||||
)?;
|
||||
return Ok((false, uiaainfo));
|
||||
// Password was correct! Let's add it to `completed`
|
||||
uiaainfo.completed.push("m.login.password".to_owned());
|
||||
}
|
||||
IncomingAuthData::Dummy(_) => {
|
||||
uiaainfo.completed.push("m.login.dummy".to_owned());
|
||||
}
|
||||
k => error!("type not supported: {:?}", k),
|
||||
}
|
||||
|
||||
// UIAA was successful! Remove this session and return true
|
||||
// Check if a flow now succeeds
|
||||
let mut completed = false;
|
||||
'flows: for flow in &mut uiaainfo.flows {
|
||||
for stage in &flow.stages {
|
||||
if !uiaainfo.completed.contains(stage) {
|
||||
continue 'flows;
|
||||
}
|
||||
}
|
||||
// We didn't break, so this flow succeeded!
|
||||
completed = true;
|
||||
}
|
||||
|
||||
if !completed {
|
||||
self.update_uiaa_session(
|
||||
user_id,
|
||||
device_id,
|
||||
uiaainfo.session.as_ref().expect("session is always set"),
|
||||
None,
|
||||
Some(&uiaainfo),
|
||||
)?;
|
||||
Ok((true, uiaainfo))
|
||||
} else {
|
||||
panic!("FallbackAcknowledgement is not supported yet");
|
||||
return Ok((false, uiaainfo));
|
||||
}
|
||||
|
||||
// UIAA was successful! Remove this session and return true
|
||||
self.update_uiaa_session(
|
||||
user_id,
|
||||
device_id,
|
||||
uiaainfo.session.as_ref().expect("session is always set"),
|
||||
None,
|
||||
)?;
|
||||
Ok((true, uiaainfo))
|
||||
}
|
||||
|
||||
fn set_uiaa_request(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue