2014-08-12 16:10:52 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2014-09-03 18:29:13 +02:00
|
|
|
# Copyright 2014 OpenMarket Ltd
|
2014-08-12 16:10:52 +02:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2014-08-13 04:14:34 +02:00
|
|
|
|
2014-08-12 16:10:52 +02:00
|
|
|
from twisted.internet import defer
|
|
|
|
|
|
|
|
from synapse.api.errors import SynapseError
|
2014-08-14 17:40:15 +02:00
|
|
|
from synapse.types import UserID
|
2014-08-12 16:10:52 +02:00
|
|
|
from base import RestServlet, client_path_pattern
|
|
|
|
|
|
|
|
import json
|
|
|
|
|
|
|
|
|
|
|
|
class LoginRestServlet(RestServlet):
|
|
|
|
PATTERN = client_path_pattern("/login$")
|
|
|
|
PASS_TYPE = "m.login.password"
|
|
|
|
|
|
|
|
def on_GET(self, request):
|
2014-08-28 15:56:55 +02:00
|
|
|
return (200, {"flows": [{"type": LoginRestServlet.PASS_TYPE}]})
|
2014-08-12 16:10:52 +02:00
|
|
|
|
|
|
|
def on_OPTIONS(self, request):
|
|
|
|
return (200, {})
|
|
|
|
|
|
|
|
@defer.inlineCallbacks
|
|
|
|
def on_POST(self, request):
|
|
|
|
login_submission = _parse_json(request)
|
|
|
|
try:
|
|
|
|
if login_submission["type"] == LoginRestServlet.PASS_TYPE:
|
|
|
|
result = yield self.do_password_login(login_submission)
|
|
|
|
defer.returnValue(result)
|
|
|
|
else:
|
|
|
|
raise SynapseError(400, "Bad login type.")
|
|
|
|
except KeyError:
|
|
|
|
raise SynapseError(400, "Missing JSON keys.")
|
|
|
|
|
|
|
|
@defer.inlineCallbacks
|
|
|
|
def do_password_login(self, login_submission):
|
2014-08-14 17:40:15 +02:00
|
|
|
if not login_submission["user"].startswith('@'):
|
2014-12-02 11:42:28 +01:00
|
|
|
login_submission["user"] = UserID.create(
|
|
|
|
login_submission["user"], self.hs.hostname).to_string()
|
2014-08-14 17:40:15 +02:00
|
|
|
|
2014-08-12 16:10:52 +02:00
|
|
|
handler = self.handlers.login_handler
|
|
|
|
token = yield handler.login(
|
|
|
|
user=login_submission["user"],
|
|
|
|
password=login_submission["password"])
|
|
|
|
|
|
|
|
result = {
|
2014-08-14 17:40:15 +02:00
|
|
|
"user_id": login_submission["user"], # may have changed
|
2014-08-12 16:10:52 +02:00
|
|
|
"access_token": token,
|
|
|
|
"home_server": self.hs.hostname,
|
|
|
|
}
|
|
|
|
|
|
|
|
defer.returnValue((200, result))
|
|
|
|
|
|
|
|
|
|
|
|
class LoginFallbackRestServlet(RestServlet):
|
|
|
|
PATTERN = client_path_pattern("/login/fallback$")
|
|
|
|
|
|
|
|
def on_GET(self, request):
|
|
|
|
# TODO(kegan): This should be returning some HTML which is capable of
|
|
|
|
# hitting LoginRestServlet
|
2014-09-04 19:09:17 +02:00
|
|
|
return (200, {})
|
2014-08-12 16:10:52 +02:00
|
|
|
|
|
|
|
|
2014-09-16 12:22:40 +02:00
|
|
|
class PasswordResetRestServlet(RestServlet):
|
|
|
|
PATTERN = client_path_pattern("/login/reset")
|
|
|
|
|
|
|
|
@defer.inlineCallbacks
|
|
|
|
def on_POST(self, request):
|
|
|
|
reset_info = _parse_json(request)
|
|
|
|
try:
|
|
|
|
email = reset_info["email"]
|
|
|
|
user_id = reset_info["user_id"]
|
|
|
|
handler = self.handlers.login_handler
|
|
|
|
yield handler.reset_password(user_id, email)
|
|
|
|
# purposefully give no feedback to avoid people hammering different
|
|
|
|
# combinations.
|
|
|
|
defer.returnValue((200, {}))
|
|
|
|
except KeyError:
|
|
|
|
raise SynapseError(
|
|
|
|
400,
|
|
|
|
"Missing keys. Requires 'email' and 'user_id'."
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2014-08-12 16:10:52 +02:00
|
|
|
def _parse_json(request):
|
|
|
|
try:
|
|
|
|
content = json.loads(request.content.read())
|
|
|
|
if type(content) != dict:
|
|
|
|
raise SynapseError(400, "Content must be a JSON object.")
|
|
|
|
return content
|
|
|
|
except ValueError:
|
|
|
|
raise SynapseError(400, "Content not JSON.")
|
|
|
|
|
|
|
|
|
|
|
|
def register_servlets(hs, http_server):
|
|
|
|
LoginRestServlet(hs).register(http_server)
|
2014-09-16 14:32:33 +02:00
|
|
|
# TODO PasswordResetRestServlet(hs).register(http_server)
|