MatrixSynapse/synapse/rest/client/v2_alpha/account.py

# -*- coding: utf-8 -*-
# Copyright 2015, 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from twisted.internet import defer

from synapse.api.constants import LoginType
from synapse.api.errors import LoginError, SynapseError, Codes
from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.util.async import run_on_reactor

from ._base import client_v2_patterns

import logging


logger = logging.getLogger(__name__)


class PasswordRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/password")

    def __init__(self, hs):
        super(PasswordRestServlet, self).__init__()
        self.hs = hs
        self.auth = hs.get_auth()
        self.auth_handler = hs.get_auth_handler()
        self.identity_handler = hs.get_handlers().identity_handler

    @defer.inlineCallbacks
    def on_POST(self, request):
        yield run_on_reactor()

        if '/account/password/email/requestToken' in request.path:
            ret = yield self.onPasswordEmailTokenRequest(request)
            defer.returnValue(ret)

        body = parse_json_object_from_request(request)

        authed, result, params, _ = yield self.auth_handler.check_auth([
            [LoginType.PASSWORD],
            [LoginType.EMAIL_IDENTITY]
        ], body, self.hs.get_ip_from_request(request))

        if not authed:
            defer.returnValue((401, result))

        user_id = None
        requester = None

        if LoginType.PASSWORD in result:
            # if using password, they should also be logged in
            requester = yield self.auth.get_user_by_req(request)
            user_id = requester.user.to_string()
            if user_id != result[LoginType.PASSWORD]:
                raise LoginError(400, "", Codes.UNKNOWN)
        elif LoginType.EMAIL_IDENTITY in result:
            threepid = result[LoginType.EMAIL_IDENTITY]
            if 'medium' not in threepid or 'address' not in threepid:
                raise SynapseError(500, "Malformed threepid")
            # if using email, we must know about the email they're authing with!
            threepid_user_id = yield self.hs.get_datastore().get_user_id_by_threepid(
                threepid['medium'], threepid['address']
            )
            if not threepid_user_id:
                raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)
            user_id = threepid_user_id
        else:
            logger.error("Auth succeeded but no known type!", result.keys())
            raise SynapseError(500, "", Codes.UNKNOWN)

        if 'new_password' not in params:
            raise SynapseError(400, "", Codes.MISSING_PARAM)
        new_password = params['new_password']

        yield self.auth_handler.set_password(
            user_id, new_password, requester
        )

        defer.returnValue((200, {}))

    @defer.inlineCallbacks
    def onPasswordEmailTokenRequest(self, request):
        body = parse_json_object_from_request(request)

        required = ['id_server', 'client_secret', 'email', 'send_attempt']
        absent = []
        for k in required:
            if k not in body:
                absent.append(k)

        if len(absent) > 0:
            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)

        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
            'email', body['email']
        )

        if existingUid is None:
            raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)

        ret = yield self.identity_handler.requestEmailToken(**body)
        defer.returnValue((200, ret))

    def on_OPTIONS(self, _):
        return 200, {}


class ThreepidRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/3pid")

    def __init__(self, hs):
        super(ThreepidRestServlet, self).__init__()
        self.hs = hs
        self.identity_handler = hs.get_handlers().identity_handler
        self.auth = hs.get_auth()
        self.auth_handler = hs.get_auth_handler()

    @defer.inlineCallbacks
    def on_GET(self, request):
        yield run_on_reactor()

        requester = yield self.auth.get_user_by_req(request)

        threepids = yield self.hs.get_datastore().user_get_threepids(
            requester.user.to_string()
        )

        defer.returnValue((200, {'threepids': threepids}))

    @defer.inlineCallbacks
    def on_POST(self, request):
        yield run_on_reactor()

        if '/account/3pid/email/requestToken' in request.path:
            ret = yield self.onThreepidEmailTokenRequest(request)
            defer.returnValue(ret)

        body = parse_json_object_from_request(request)

        threePidCreds = body.get('threePidCreds')
        threePidCreds = body.get('three_pid_creds', threePidCreds)
        if threePidCreds is None:
            raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)

        requester = yield self.auth.get_user_by_req(request)
        user_id = requester.user.to_string()

        threepid = yield self.identity_handler.threepid_from_creds(threePidCreds)

        if not threepid:
            raise SynapseError(
                400, "Failed to auth 3pid", Codes.THREEPID_AUTH_FAILED
            )

        for reqd in ['medium', 'address', 'validated_at']:
            if reqd not in threepid:
                logger.warn("Couldn't add 3pid: invalid response from ID sevrer")
                raise SynapseError(500, "Invalid response from ID Server")

        yield self.auth_handler.add_threepid(
            user_id,
            threepid['medium'],
            threepid['address'],
            threepid['validated_at'],
        )

        if 'bind' in body and body['bind']:
            logger.debug(
                "Binding emails %s to %s",
                threepid, user_id
            )
            yield self.identity_handler.bind_threepid(
                threePidCreds, user_id
            )

        defer.returnValue((200, {}))

    @defer.inlineCallbacks
    def onThreepidEmailTokenRequest(self, request):
        body = parse_json_object_from_request(request)

        required = ['id_server', 'client_secret', 'email', 'send_attempt']
        absent = []
        for k in required:
            if k not in body:
                absent.append(k)

        if len(absent) > 0:
            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)

        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
            'email', body['email']
        )

        if existingUid is not None:
            raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

        ret = yield self.identity_handler.requestEmailToken(**body)
        defer.returnValue((200, ret))


def register_servlets(hs, http_server):
    PasswordRestServlet(hs).register(http_server)
    ThreepidRestServlet(hs).register(http_server)
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`# -- coding: utf-8 --`
copyrights 2016-01-07 05:26:29 +01:00			`# Copyright 2015, 2016 OpenMarket Ltd`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`from twisted.internet import defer`

			`from synapse.api.constants import LoginType`
			`from synapse.api.errors import LoginError, SynapseError, Codes`
Add a parse_json_object function to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions. 2016-03-09 12:26:26 +01:00			`from synapse.http.servlet import RestServlet, parse_json_object_from_request`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`from synapse.util.async import run_on_reactor`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
Add a parse_json_object function to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions. 2016-03-09 12:26:26 +01:00			`from ._base import client_v2_patterns`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
			`import logging`


			`logger = logging.getLogger(__name__)`


			`class PasswordRestServlet(RestServlet):`
Update endpoints to reflect current spec 2015-12-02 16:45:04 +01:00			`PATTERNS = client_v2_patterns("/account/password")`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
			`def __init__(self, hs):`
			`super(PasswordRestServlet, self).__init__()`
			`self.hs = hs`
			`self.auth = hs.get_auth()`
Split out the auth handler 2016-06-02 14:31:45 +02:00			`self.auth_handler = hs.get_auth_handler()`
Implement https://github.com/matrix-org/matrix-doc/pull/346/files 2016-07-08 18:42:48 +02:00			`self.identity_handler = hs.get_handlers().identity_handler`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
			`@defer.inlineCallbacks`
			`def on_POST(self, request):`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`yield run_on_reactor()`

Implement https://github.com/matrix-org/matrix-doc/pull/346/files 2016-07-08 18:42:48 +02:00			`if '/account/password/email/requestToken' in request.path:`
			`ret = yield self.onPasswordEmailTokenRequest(request)`
			`defer.returnValue(ret)`

Add a parse_json_object function to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions. 2016-03-09 12:26:26 +01:00			`body = parse_json_object_from_request(request)`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
take extra return val from check_auth in account too 2016-03-16 15:33:19 +01:00			`authed, result, params, _ = yield self.auth_handler.check_auth([`
Password reset, finally. 2015-04-17 20:53:47 +02:00			`[LoginType.PASSWORD],`
			`[LoginType.EMAIL_IDENTITY]`
Simplify LoginHander and AuthHandler * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly 2015-08-12 16:49:37 +02:00			`], body, self.hs.get_ip_from_request(request))`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
			`if not authed:`
			`defer.returnValue((401, result))`

Password reset, finally. 2015-04-17 20:53:47 +02:00			`user_id = None`
Fix password reset Default requester to None, otherwise it isn't defined when resetting using email auth 2016-04-29 13:07:54 +02:00			`requester = None`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
			`if LoginType.PASSWORD in result:`
			`# if using password, they should also be logged in`
Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`requester = yield self.auth.get_user_by_req(request)`
Fix change_password 2016-01-20 17:14:48 +01:00			`user_id = requester.user.to_string()`
			`if user_id != result[LoginType.PASSWORD]:`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`raise LoginError(400, "", Codes.UNKNOWN)`
Password reset, finally. 2015-04-17 20:53:47 +02:00			`elif LoginType.EMAIL_IDENTITY in result:`
			`threepid = result[LoginType.EMAIL_IDENTITY]`
			`if 'medium' not in threepid or 'address' not in threepid:`
			`raise SynapseError(500, "Malformed threepid")`
			`# if using email, we must know about the email they're authing with!`
user_id now in user_threepids 2015-05-01 16:04:20 +02:00			`threepid_user_id = yield self.hs.get_datastore().get_user_id_by_threepid(`
Password reset, finally. 2015-04-17 20:53:47 +02:00			`threepid['medium'], threepid['address']`
			`)`
user_id now in user_threepids 2015-05-01 16:04:20 +02:00			`if not threepid_user_id:`
Password reset, finally. 2015-04-17 20:53:47 +02:00			`raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)`
user_id now in user_threepids 2015-05-01 16:04:20 +02:00			`user_id = threepid_user_id`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`else:`
			`logger.error("Auth succeeded but no known type!", result.keys())`
			`raise SynapseError(500, "", Codes.UNKNOWN)`

Regstration with email in v2 2015-04-15 16:50:38 +02:00			`if 'new_password' not in params:`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`raise SynapseError(400, "", Codes.MISSING_PARAM)`
Regstration with email in v2 2015-04-15 16:50:38 +02:00			`new_password = params['new_password']`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00
Simplify LoginHander and AuthHandler * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly 2015-08-12 16:49:37 +02:00			`yield self.auth_handler.set_password(`
Fix cache invalidation so deleting access tokens (which we did when changing password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54 2016-03-11 14:14:18 +01:00			`user_id, new_password, requester`
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`)`

			`defer.returnValue((200, {}))`

Implement https://github.com/matrix-org/matrix-doc/pull/346/files 2016-07-08 18:42:48 +02:00			`@defer.inlineCallbacks`
			`def onPasswordEmailTokenRequest(self, request):`
			`body = parse_json_object_from_request(request)`

			`required = ['id_server', 'client_secret', 'email', 'send_attempt']`
			`absent = []`
			`for k in required:`
			`if k not in body:`
			`absent.append(k)`

			`if len(absent) > 0:`
			`raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)`

			`existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(`
			`'email', body['email']`
			`)`

			`if existingUid is None:`
			`raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)`

			`ret = yield self.identity_handler.requestEmailToken(**body)`
			`defer.returnValue((200, ret))`

Make deleting other access tokens when you change your password actually work 2015-03-24 16:33:48 +01:00			`def on_OPTIONS(self, _):`
			`return 200, {}`

pep8 / pyflakes 2015-03-23 15:23:51 +01:00
Register the 3pid servlet 2015-04-17 14:44:55 +02:00			`class ThreepidRestServlet(RestServlet):`
Update endpoints to reflect current spec 2015-12-02 16:45:04 +01:00			`PATTERNS = client_v2_patterns("/account/3pid")`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`def __init__(self, hs):`
			`super(ThreepidRestServlet, self).__init__()`
			`self.hs = hs`
			`self.identity_handler = hs.get_handlers().identity_handler`
			`self.auth = hs.get_auth()`
Split out the auth handler 2016-06-02 14:31:45 +02:00			`self.auth_handler = hs.get_auth_handler()`
make add3pid servlet work 2015-04-17 17:44:49 +02:00
Add endpoint to get threepids from server 2015-04-17 18:20:18 +02:00			`@defer.inlineCallbacks`
			`def on_GET(self, request):`
			`yield run_on_reactor()`

Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`requester = yield self.auth.get_user_by_req(request)`
Add endpoint to get threepids from server 2015-04-17 18:20:18 +02:00
			`threepids = yield self.hs.get_datastore().user_get_threepids(`
Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`requester.user.to_string()`
Add endpoint to get threepids from server 2015-04-17 18:20:18 +02:00			`)`

			`defer.returnValue((200, {'threepids': threepids}))`

password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00			`@defer.inlineCallbacks`
			`def on_POST(self, request):`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`yield run_on_reactor()`

Implement https://github.com/matrix-org/matrix-doc/pull/346/files 2016-07-08 18:42:48 +02:00			`if '/account/3pid/email/requestToken' in request.path:`
			`ret = yield self.onThreepidEmailTokenRequest(request)`
			`defer.returnValue(ret)`

Add a parse_json_object function to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions. 2016-03-09 12:26:26 +01:00			`body = parse_json_object_from_request(request)`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
Allow three_pid_creds as well as threePidCreds in /account/3pid 2016-01-29 14:26:15 +01:00			`threePidCreds = body.get('threePidCreds')`
			`threePidCreds = body.get('three_pid_creds', threePidCreds)`
			`if threePidCreds is None:`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00			`raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)`

Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`requester = yield self.auth.get_user_by_req(request)`
			`user_id = requester.user.to_string()`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`threepid = yield self.identity_handler.threepid_from_creds(threePidCreds)`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`if not threepid:`
Dedicated error code for failed 3pid auth verification 2015-04-23 19:20:17 +02:00			`raise SynapseError(`
			`400, "Failed to auth 3pid", Codes.THREEPID_AUTH_FAILED`
			`)`
make add3pid servlet work 2015-04-17 17:44:49 +02:00
More underscores 2015-04-24 12:44:27 +02:00			`for reqd in ['medium', 'address', 'validated_at']:`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`if reqd not in threepid:`
			`logger.warn("Couldn't add 3pid: invalid response from ID sevrer")`
			`raise SynapseError(500, "Invalid response from ID Server")`

Simplify LoginHander and AuthHandler * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly 2015-08-12 16:49:37 +02:00			`yield self.auth_handler.add_threepid(`
Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`user_id,`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`threepid['medium'],`
			`threepid['address'],`
More underscores 2015-04-24 12:44:27 +02:00			`threepid['validated_at'],`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`)`

			`if 'bind' in body and body['bind']:`
pep8 2015-04-27 13:36:59 +02:00			`logger.debug(`
			`"Binding emails %s to %s",`
Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`threepid, user_id`
logging args 2015-04-27 12:56:34 +02:00			`)`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`yield self.identity_handler.bind_threepid(`
Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. 2016-01-11 16:29:57 +01:00			`threePidCreds, user_id`
make add3pid servlet work 2015-04-17 17:44:49 +02:00			`)`

			`defer.returnValue((200, {}))`
password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
Implement https://github.com/matrix-org/matrix-doc/pull/346/files 2016-07-08 18:42:48 +02:00			`@defer.inlineCallbacks`
			`def onThreepidEmailTokenRequest(self, request):`
			`body = parse_json_object_from_request(request)`

			`required = ['id_server', 'client_secret', 'email', 'send_attempt']`
			`absent = []`
			`for k in required:`
			`if k not in body:`
			`absent.append(k)`

			`if len(absent) > 0:`
			`raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)`

			`existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(`
			`'email', body['email']`
			`)`

			`if existingUid is not None:`
			`raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)`

			`ret = yield self.identity_handler.requestEmailToken(**body)`
			`defer.returnValue((200, ret))`

password -> account servlet and add start of an 'add 3pid' endpoint 2015-04-17 14:44:12 +02:00
Implement password changing (finally) along with a start on making client/server auth more general. 2015-03-23 15:20:28 +01:00			`def register_servlets(hs, http_server):`
pep8 / pyflakes 2015-03-23 15:23:51 +01:00			`PasswordRestServlet(hs).register(http_server)`
Register the 3pid servlet 2015-04-17 14:44:55 +02:00			`ThreepidRestServlet(hs).register(http_server)`