magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove namespace check on username login, code simplification on login route

Browse source 
the namespace check on username login is unnecessary, hashes aren't ever
going to match, and axum auth handles this kind of stuff already

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-05-15 03:06:06 -04:00 committed by June
parent 9a63e7cc9b
commit f5864afb52
1 changed files with 11 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

39
src/api/client_server/session.rs
View file

@ -18,7 +18,7 @@ use ruma::{
UserId, UserId,
}; };
use serde::Deserialize; use serde::Deserialize;
use tracing::{debug, error, info, warn}; use tracing::{debug, info, warn};
use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH}; use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
use crate::{services, utils, Error, Result, Ruma}; use crate::{services, utils, Error, Result, Ruma};
@ -76,14 +76,7 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
warn!("Bad login type: {:?}", &body.login_info); warn!("Bad login type: {:?}", &body.login_info);
return Err(Error::BadRequest(ErrorKind::forbidden(), "Bad login type.")); return Err(Error::BadRequest(ErrorKind::forbidden(), "Bad login type."));
} }
.map_err(|e| { .map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
warn!("Failed to parse username from user logging in: {e}");
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
})?;
if services().appservice.is_exclusive_user_id(&user_id).await {
return Err(Error::BadRequest(ErrorKind::Exclusive, "User ID reserved by appservice."));
}
let hash = services() let hash = services()
.users .users
@ -94,18 +87,15 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
return Err(Error::BadRequest(ErrorKind::UserDeactivated, "The user has been deactivated")); return Err(Error::BadRequest(ErrorKind::UserDeactivated, "The user has been deactivated"));
} }
let Ok(parsed_hash) = PasswordHash::new(&hash) else { let parsed_hash = PasswordHash::new(&hash)
error!("error while hashing user {}", user_id); .map_err(|_| Error::BadServerResponse("Unknown error occurred hashing password."))?;
return Err(Error::BadServerResponse("could not hash"));
};
let hash_matches = services() if services()
.globals .globals
.argon .argon
.verify_password(password.as_bytes(), &parsed_hash) .verify_password(password.as_bytes(), &parsed_hash)
.is_ok(); .is_err()
{
if !hash_matches {
return Err(Error::BadRequest(ErrorKind::forbidden(), "Wrong username or password.")); return Err(Error::BadRequest(ErrorKind::forbidden(), "Wrong username or password."));
} }
@ -125,17 +115,10 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
let username = token.claims.sub.to_lowercase(); let username = token.claims.sub.to_lowercase();
let user_id = UserId::parse_with_server_name(username, services().globals.server_name()).map_err(|e| {
UserId::parse_with_server_name(username, services().globals.server_name()).map_err(|e| { warn!("Failed to parse username from user logging in: {e}");
warn!("Failed to parse username from user logging in: {e}"); Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.") })?
})?;
if services().appservice.is_exclusive_user_id(&user_id).await {
return Err(Error::BadRequest(ErrorKind::Exclusive, "User ID reserved by appservice."));
}
user_id
} else { } else {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Unknown, ErrorKind::Unknown,