WIP support for msisdn 3pid proxy methods

2017-02-14 15:05:55 +00:00 · 2017-02-14 15:05:55 +00:00 · ce3e583d94
parent 9adcd3a514
commit ce3e583d94
6 changed files with 228 additions and 19 deletions
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -44,6 +45,7 @@ class JoinRules(object):
 class LoginType(object):
    PASSWORD = u"m.login.password"
    EMAIL_IDENTITY = u"m.login.email.identity"
+    MSISDN = u"m.login.msisdn"
    RECAPTCHA = u"m.login.recaptcha"
    DUMMY = u"m.login.dummy"

--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2014 - 2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -47,6 +48,7 @@ class AuthHandler(BaseHandler):
            LoginType.PASSWORD: self._check_password_auth,
            LoginType.RECAPTCHA: self._check_recaptcha,
            LoginType.EMAIL_IDENTITY: self._check_email_identity,
+            LoginType.MSISDN: self._check_msisdn,
            LoginType.DUMMY: self._check_dummy_auth,
        }
        self.bcrypt_rounds = hs.config.bcrypt_rounds
@ -309,12 +311,26 @@ class AuthHandler(BaseHandler):

    @defer.inlineCallbacks
    def _check_email_identity(self, authdict, _):
+        defer.returnValue(self._check_threepid('email', authdict))
+
+    @defer.inlineCallbacks
+    def _check_msisdn(self, authdict, _):
+        defer.returnValue(self._check_threepid('msisdn', authdict))
+
+    @defer.inlineCallbacks
+    def _check_dummy_auth(self, authdict, _):
+        yield run_on_reactor()
+        defer.returnValue(True)
+
+    @defer.inlineCallbacks
+    def _check_threepid(self, medium, authdict, ):
        yield run_on_reactor()

        if 'threepid_creds' not in authdict:
            raise LoginError(400, "Missing threepid_creds", Codes.MISSING_PARAM)

        threepid_creds = authdict['threepid_creds']
+
        identity_handler = self.hs.get_handlers().identity_handler

        logger.info("Getting validated threepid. threepidcreds: %r" % (threepid_creds,))
@ -323,15 +339,19 @@ class AuthHandler(BaseHandler):
        if not threepid:
            raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)

+        if threepid['medium'] != medium:
+            raise LoginError(
+                401,
+                "Expecting threepid of type '%s', got '%s'" % (
+                    medium, threepid['medium'],
+                ),
+                errcode=Codes.UNAUTHORIZED
+             )
+
        threepid['threepid_creds'] = authdict['threepid_creds']

        defer.returnValue(threepid)

-    @defer.inlineCallbacks
-    def _check_dummy_auth(self, authdict, _):
-        yield run_on_reactor()
-        defer.returnValue(True)
-
    def _get_params_recaptcha(self):
        return {"public_key": self.hs.config.recaptcha_public_key}

--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015, 2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -150,7 +151,7 @@ class IdentityHandler(BaseHandler):
        params.update(kwargs)

        try:
-            data = yield self.http_client.post_urlencoded_get_json(
+            data = yield self.http_client.post_json_get_json(
                "https://%s%s" % (
                    id_server,
                    "/_matrix/identity/api/v1/validate/email/requestToken"
@ -161,3 +162,37 @@ class IdentityHandler(BaseHandler):
        except CodeMessageException as e:
            logger.info("Proxied requestToken failed: %r", e)
            raise e
+
+    @defer.inlineCallbacks
+    def requestMsisdnToken(
+            self, id_server, country, phone_number,
+            client_secret, send_attempt, **kwargs
+    ):
+        yield run_on_reactor()
+
+        if not self._should_trust_id_server(id_server):
+            raise SynapseError(
+                400, "Untrusted ID server '%s'" % id_server,
+                Codes.SERVER_NOT_TRUSTED
+            )
+
+        params = {
+            'country': country,
+            'phone_number': phone_number,
+            'client_secret': client_secret,
+            'send_attempt': send_attempt,
+        }
+        params.update(kwargs)
+
+        try:
+            data = yield self.http_client.post_json_get_json(
+                "https://%s%s" % (
+                    id_server,
+                    "/_matrix/identity/api/v1/validate/msisdn/requestToken"
+                ),
+                params
+            )
+            defer.returnValue(data)
+        except CodeMessageException as e:
+            logger.info("Proxied requestToken failed: %r", e)
+            raise e
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@ -1,4 +1,5 @@
 # Copyright 2015, 2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -37,6 +38,7 @@ REQUIREMENTS = {
    "pysaml2>=3.0.0,<4.0.0": ["saml2>=3.0.0,<4.0.0"],
    "pymacaroons-pynacl": ["pymacaroons"],
    "msgpack-python>=0.3.0": ["msgpack"],
+    "phonenumbers>=8.2.0": ["phonenumbers"],
 }
 CONDITIONAL_REQUIREMENTS = {
    "web_client": {
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015, 2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -24,15 +25,17 @@ from ._base import client_v2_patterns

 import logging

+import phonenumbers
+

 logger = logging.getLogger(__name__)


-class PasswordRequestTokenRestServlet(RestServlet):
+class EmailPasswordRequestTokenRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/password/email/requestToken$")

    def __init__(self, hs):
-        super(PasswordRequestTokenRestServlet, self).__init__()
+        super(EmailPasswordRequestTokenRestServlet, self).__init__()
        self.hs = hs
        self.identity_handler = hs.get_handlers().identity_handler

@ -60,6 +63,50 @@ class PasswordRequestTokenRestServlet(RestServlet):
        defer.returnValue((200, ret))


+class MsisdnPasswordRequestTokenRestServlet(RestServlet):
+    PATTERNS = client_v2_patterns("/account/password/msisdn/requestToken$")
+
+    def __init__(self, hs):
+        super(MsisdnPasswordRequestTokenRestServlet, self).__init__()
+        self.hs = hs
+        self.identity_handler = hs.get_handlers().identity_handler
+
+    @defer.inlineCallbacks
+    def on_POST(self, request):
+        body = parse_json_object_from_request(request)
+
+        required = [
+            'id_server', 'client_secret',
+            'country', 'phone_number', 'send_attempt',
+        ]
+        absent = []
+        for k in required:
+            if k not in body:
+                absent.append(k)
+
+        if absent:
+            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
+
+        phoneNumber = None
+        try:
+            phoneNumber = phonenumbers.parse(body['phone_number'], body['country'])
+        except phonenumbers.NumberParseException:
+            raise SynapseError(400, "Unable to parse phone number")
+        msisdn = phonenumbers.format_number(
+                phoneNumber, phonenumbers.PhoneNumberFormat.E164
+        )[1:]
+
+        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
+            'msisdn', msisdn
+        )
+
+        if existingUid is None:
+            raise SynapseError(400, "MSISDN not found", Codes.THREEPID_NOT_FOUND)
+
+        ret = yield self.identity_handler.requestEmailToken(**body)
+        defer.returnValue((200, ret))
+
+
 class PasswordRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/password$")

@ -77,7 +124,8 @@ class PasswordRestServlet(RestServlet):

        authed, result, params, _ = yield self.auth_handler.check_auth([
            [LoginType.PASSWORD],
-            [LoginType.EMAIL_IDENTITY]
+            [LoginType.EMAIL_IDENTITY],
+            [LoginType.MSISDN],
        ], body, self.hs.get_ip_from_request(request))

        if not authed:
@ -169,12 +217,12 @@ class DeactivateAccountRestServlet(RestServlet):
        defer.returnValue((200, {}))


-class ThreepidRequestTokenRestServlet(RestServlet):
+class EmailThreepidRequestTokenRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/3pid/email/requestToken$")

    def __init__(self, hs):
        self.hs = hs
-        super(ThreepidRequestTokenRestServlet, self).__init__()
+        super(EmailThreepidRequestTokenRestServlet, self).__init__()
        self.identity_handler = hs.get_handlers().identity_handler

    @defer.inlineCallbacks
@ -201,6 +249,50 @@ class ThreepidRequestTokenRestServlet(RestServlet):
        defer.returnValue((200, ret))


+class MsisdnThreepidRequestTokenRestServlet(RestServlet):
+    PATTERNS = client_v2_patterns("/account/3pid/msisdn/requestToken$")
+
+    def __init__(self, hs):
+        self.hs = hs
+        super(MsisdnThreepidRequestTokenRestServlet, self).__init__()
+        self.identity_handler = hs.get_handlers().identity_handler
+
+    @defer.inlineCallbacks
+    def on_POST(self, request):
+        body = parse_json_object_from_request(request)
+
+        required = [
+            'id_server', 'client_secret',
+            'country', 'phone_number', 'send_attempt',
+        ]
+        absent = []
+        for k in required:
+            if k not in body:
+                absent.append(k)
+
+        if absent:
+            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
+
+        phoneNumber = None
+        try:
+            phoneNumber = phonenumbers.parse(body['phone_number'], body['country'])
+        except phonenumbers.NumberParseException:
+            raise SynapseError(400, "Unable to parse phone number")
+        msisdn = phonenumbers.format_number(
+                phoneNumber, phonenumbers.PhoneNumberFormat.E164
+        )[1:]
+
+        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
+            'msisdn', msisdn
+        )
+
+        if existingUid is not None:
+            raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
+
+        ret = yield self.identity_handler.requestEmailToken(**body)
+        defer.returnValue((200, ret))
+
+
 class ThreepidRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/account/3pid$")

@ -258,7 +350,7 @@ class ThreepidRestServlet(RestServlet):

        if 'bind' in body and body['bind']:
            logger.debug(
-                "Binding emails %s to %s",
+                "Binding threepid %s to %s",
                threepid, user_id
            )
            yield self.identity_handler.bind_threepid(
@ -302,9 +394,11 @@ class ThreepidDeleteRestServlet(RestServlet):


 def register_servlets(hs, http_server):
-    PasswordRequestTokenRestServlet(hs).register(http_server)
+    EmailPasswordRequestTokenRestServlet(hs).register(http_server)
+    MsisdnPasswordRequestTokenRestServlet(hs).register(http_server)
    PasswordRestServlet(hs).register(http_server)
    DeactivateAccountRestServlet(hs).register(http_server)
-    ThreepidRequestTokenRestServlet(hs).register(http_server)
+    EmailThreepidRequestTokenRestServlet(hs).register(http_server)
+    MsisdnThreepidRequestTokenRestServlet(hs).register(http_server)
    ThreepidRestServlet(hs).register(http_server)
    ThreepidDeleteRestServlet(hs).register(http_server)
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 - 2016 OpenMarket Ltd
+# Copyright 2017 Vector Creations Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -25,6 +26,7 @@ from ._base import client_v2_patterns

 import logging
 import hmac
+import phonenumbers
 from hashlib import sha1
 from synapse.util.async import run_on_reactor

@ -43,7 +45,7 @@ else:
 logger = logging.getLogger(__name__)


-class RegisterRequestTokenRestServlet(RestServlet):
+class EmailRegisterRequestTokenRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/register/email/requestToken$")

    def __init__(self, hs):
@ -51,7 +53,7 @@ class RegisterRequestTokenRestServlet(RestServlet):
        Args:
            hs (synapse.server.HomeServer): server
        """
-        super(RegisterRequestTokenRestServlet, self).__init__()
+        super(EmailRegisterRequestTokenRestServlet, self).__init__()
        self.hs = hs
        self.identity_handler = hs.get_handlers().identity_handler

@ -79,6 +81,55 @@ class RegisterRequestTokenRestServlet(RestServlet):
        defer.returnValue((200, ret))


+class MsisdnRegisterRequestTokenRestServlet(RestServlet):
+    PATTERNS = client_v2_patterns("/register/msisdn/requestToken$")
+
+    def __init__(self, hs):
+        """
+        Args:
+            hs (synapse.server.HomeServer): server
+        """
+        super(MsisdnRegisterRequestTokenRestServlet, self).__init__()
+        self.hs = hs
+        self.identity_handler = hs.get_handlers().identity_handler
+
+    @defer.inlineCallbacks
+    def on_POST(self, request):
+        body = parse_json_object_from_request(request)
+
+        required = [
+            'id_server', 'client_secret',
+            'country', 'phone_number',
+            'send_attempt',
+        ]
+        absent = []
+        for k in required:
+            if k not in body:
+                absent.append(k)
+
+        if len(absent) > 0:
+            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
+
+        phoneNumber = None
+        try:
+            phoneNumber = phonenumbers.parse(body['phone_number'], body['country'])
+        except phonenumbers.NumberParseException:
+            raise SynapseError(400, "Unable to parse phone number")
+        msisdn = phonenumbers.format_number(
+                phoneNumber, phonenumbers.PhoneNumberFormat.E164
+        )[1:]
+
+        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
+            'msisdn', msisdn
+        )
+
+        if existingUid is not None:
+            raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
+
+        ret = yield self.identity_handler.requestMsisdnToken(**body)
+        defer.returnValue((200, ret))
+
+
 class RegisterRestServlet(RestServlet):
    PATTERNS = client_v2_patterns("/register$")

@ -203,12 +254,16 @@ class RegisterRestServlet(RestServlet):
        if self.hs.config.enable_registration_captcha:
            flows = [
                [LoginType.RECAPTCHA],
-                [LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA]
+                [LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA],
+                [LoginType.MSISDN, LoginType.RECAPTCHA],
+                [LoginType.EMAIL_IDENTITY, LoginType.MSISDN, LoginType.RECAPTCHA],
            ]
        else:
            flows = [
                [LoginType.DUMMY],
-                [LoginType.EMAIL_IDENTITY]
+                [LoginType.EMAIL_IDENTITY],
+                [LoginType.MSISDN],
+                [LoginType.EMAIL_IDENTITY, LoginType.MSISDN],
            ]

        authed, auth_result, params, session_id = yield self.auth_handler.check_auth(
@ -449,5 +504,6 @@ class RegisterRestServlet(RestServlet):


 def register_servlets(hs, http_server):
-    RegisterRequestTokenRestServlet(hs).register(http_server)
+    EmailRegisterRequestTokenRestServlet(hs).register(http_server)
+    MsisdnRegisterRequestTokenRestServlet(hs).register(http_server)
    RegisterRestServlet(hs).register(http_server)