magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix a few things to make some complement tests pass

Browse source 
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
June Clementine Strawberry 2025-03-09 01:43:49 -05:00
parent 06f2039eee
commit d0c767c23c
No known key found for this signature in database
5 changed files with 60 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/api/client/membership.rs
View file

@ -517,9 +517,7 @@ pub(crate) async fn invite_user_route(
join!(sender_ignored_recipient, recipient_ignored_by_sender); join!(sender_ignored_recipient, recipient_ignored_by_sender);
if sender_ignored_recipient { if sender_ignored_recipient {
return Err!(Request(Forbidden( return Ok(invite_user::v3::Response {});
"You cannot invite users you have ignored to rooms."
)));
} }
if let Ok(target_user_membership) = services if let Ok(target_user_membership) = services

8
src/api/client/room/create.rs
View file

@ -239,9 +239,7 @@ pub(crate) async fn create_room_route(
if preset == RoomPreset::TrustedPrivateChat { if preset == RoomPreset::TrustedPrivateChat {
for invite in &body.invite { for invite in &body.invite {
if services.users.user_is_ignored(sender_user, invite).await { if services.users.user_is_ignored(sender_user, invite).await {
return Err!(Request(Forbidden( continue;
"You cannot invite users you have ignored to rooms."
)));
} else if services.users.user_is_ignored(invite, sender_user).await { } else if services.users.user_is_ignored(invite, sender_user).await {
// silently drop the invite to the recipient if they've been ignored by the // silently drop the invite to the recipient if they've been ignored by the
// sender, pretend it worked // sender, pretend it worked
@ -420,9 +418,7 @@ pub(crate) async fn create_room_route(
drop(state_lock); drop(state_lock);
for user_id in &body.invite { for user_id in &body.invite {
if services.users.user_is_ignored(sender_user, user_id).await { if services.users.user_is_ignored(sender_user, user_id).await {
return Err!(Request(Forbidden( continue;
"You cannot invite users you have ignored to rooms."
)));
} else if services.users.user_is_ignored(user_id, sender_user).await { } else if services.users.user_is_ignored(user_id, sender_user).await {
// silently drop the invite to the recipient if they've been ignored by the // silently drop the invite to the recipient if they've been ignored by the
// sender, pretend it worked // sender, pretend it worked

79
src/api/client/session.rs
View file

@ -3,7 +3,7 @@ use std::time::Duration;
use axum::extract::State; use axum::extract::State;
use axum_client_ip::InsecureClientIp; use axum_client_ip::InsecureClientIp;
use conduwuit::{Err, debug, err, info, utils::ReadyExt}; use conduwuit::{Err, debug, err, info, utils::ReadyExt};
use futures::{StreamExt, TryFutureExt}; use futures::StreamExt;
use ruma::{ use ruma::{
UserId, UserId,
api::client::{ api::client::{
@ -96,32 +96,50 @@ pub(crate) async fn login_route(
&services.config.server_name, &services.config.server_name,
)?; )?;
assert!( if !services.globals.user_is_local(&user_id)
services.globals.user_is_local(&user_id), || !services.globals.user_is_local(&lowercased_user_id)
"User ID does not belong to this homeserver" {
); return Err!(Request(Unknown("User ID does not belong to this homeserver")));
assert!( }
services.globals.user_is_local(&lowercased_user_id),
"User ID does not belong to this homeserver"
);
// first try the username as-is
let hash = services let hash = services
.users .users
.password_hash(&user_id) .password_hash(&user_id)
.or_else(|_| services.users.password_hash(&lowercased_user_id))
.await .await
.inspect_err(|e| debug!("{e}")) .inspect_err(|e| debug!("{e}"));
.map_err(|_| err!(Request(Forbidden("Wrong username or password."))))?;
if hash.is_empty() { match hash {
return Err!(Request(UserDeactivated("The user has been deactivated"))); | Ok(hash) => {
if hash.is_empty() {
return Err!(Request(UserDeactivated("The user has been deactivated")));
}
hash::verify_password(password, &hash)
.inspect_err(|e| debug!("{e}"))
.map_err(|_| err!(Request(Forbidden("Wrong username or password."))))?;
user_id
},
| Err(_e) => {
let hash_lowercased_user_id = services
.users
.password_hash(&lowercased_user_id)
.await
.inspect_err(|e| debug!("{e}"))
.map_err(|_| err!(Request(Forbidden("Wrong username or password."))))?;
if hash_lowercased_user_id.is_empty() {
return Err!(Request(UserDeactivated("The user has been deactivated")));
}
hash::verify_password(password, &hash_lowercased_user_id)
.inspect_err(|e| debug!("{e}"))
.map_err(|_| err!(Request(Forbidden("Wrong username or password."))))?;
lowercased_user_id
},
} }
hash::verify_password(password, &hash)
.inspect_err(|e| debug!("{e}"))
.map_err(|_| err!(Request(Forbidden("Wrong username or password."))))?;
user_id
}, },
| login::v3::LoginInfo::Token(login::v3::Token { token }) => { | login::v3::LoginInfo::Token(login::v3::Token { token }) => {
debug!("Got token login type"); debug!("Got token login type");
@ -153,24 +171,11 @@ pub(crate) async fn login_route(
} }
.map_err(|e| err!(Request(InvalidUsername(warn!("Username is invalid: {e}")))))?; .map_err(|e| err!(Request(InvalidUsername(warn!("Username is invalid: {e}")))))?;
let lowercased_user_id = UserId::parse_with_server_name( if !services.globals.user_is_local(&user_id) {
user_id.localpart().to_lowercase(), return Err!(Request(Unknown("User ID does not belong to this homeserver")));
&services.config.server_name, }
)?;
assert!( if !info.is_user_match(&user_id) && !emergency_mode_enabled {
services.globals.user_is_local(&user_id),
"User ID does not belong to this homeserver"
);
assert!(
services.globals.user_is_local(&lowercased_user_id),
"User ID does not belong to this homeserver"
);
if !info.is_user_match(&user_id)
&& !info.is_user_match(&lowercased_user_id)
&& !emergency_mode_enabled
{
return Err!(Request(Exclusive("Username is not in an appservice namespace."))); return Err!(Request(Exclusive("Username is not in an appservice namespace.")));
} }

23
src/service/media/preview.rs
View file

@ -7,7 +7,7 @@
use std::time::SystemTime; use std::time::SystemTime;
use conduwuit::{Err, Result, debug}; use conduwuit::{Err, Result, debug, err};
use conduwuit_core::implement; use conduwuit_core::implement;
use ipaddress::IPAddress; use ipaddress::IPAddress;
use serde::Serialize; use serde::Serialize;
@ -64,28 +64,33 @@ pub async fn get_url_preview(&self, url: &Url) -> Result<UrlPreviewData> {
async fn request_url_preview(&self, url: &Url) -> Result<UrlPreviewData> { async fn request_url_preview(&self, url: &Url) -> Result<UrlPreviewData> {
if let Ok(ip) = IPAddress::parse(url.host_str().expect("URL previously validated")) { if let Ok(ip) = IPAddress::parse(url.host_str().expect("URL previously validated")) {
if !self.services.client.valid_cidr_range(&ip) { if !self.services.client.valid_cidr_range(&ip) {
return Err!(BadServerResponse("Requesting from this address is forbidden")); return Err!(Request(Forbidden("Requesting from this address is forbidden")));
} }
} }
let client = &self.services.client.url_preview; let client = &self.services.client.url_preview;
let response = client.head(url.as_str()).send().await?; let response = client.head(url.as_str()).send().await?;
debug!(?url, "URL preview response headers: {:?}", response.headers());
if let Some(remote_addr) = response.remote_addr() { if let Some(remote_addr) = response.remote_addr() {
debug!(?url, "URL preview response remote address: {:?}", remote_addr);
if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) { if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) {
if !self.services.client.valid_cidr_range(&ip) { if !self.services.client.valid_cidr_range(&ip) {
return Err!(BadServerResponse("Requesting from this address is forbidden")); return Err!(Request(Forbidden("Requesting from this address is forbidden")));
} }
} }
} }
let Some(content_type) = response let Some(content_type) = response.headers().get(reqwest::header::CONTENT_TYPE) else {
.headers() return Err!(Request(Unknown("Unknown or invalid Content-Type header")));
.get(reqwest::header::CONTENT_TYPE)
.and_then(|x| x.to_str().ok())
else {
return Err!(Request(Unknown("Unknown Content-Type")));
}; };
let content_type = content_type
.to_str()
.map_err(|e| err!(Request(Unknown("Unknown or invalid Content-Type header: {e}"))))?;
let data = match content_type { let data = match content_type {
| html if html.starts_with("text/html") => self.download_html(url.as_str()).await?, | html if html.starts_with("text/html") => self.download_html(url.as_str()).await?,
| img if img.starts_with("image/") => self.download_image(url.as_str()).await?, | img if img.starts_with("image/") => self.download_image(url.as_str()).await?,

4
src/service/users/mod.rs
View file

@ -278,11 +278,9 @@ impl Service {
initial_device_display_name: Option<String>, initial_device_display_name: Option<String>,
client_ip: Option<String>, client_ip: Option<String>,
) -> Result<()> { ) -> Result<()> {
// This method should never be called for nonexistent users. We shouldn't assert
// though...
if !self.exists(user_id).await { if !self.exists(user_id).await {
return Err!(Request(InvalidParam(error!( return Err!(Request(InvalidParam(error!(
"Called create_device for non-existent {user_id}" "Called create_device for non-existent user {user_id}"
)))); ))));
} }