Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
FinClip
ligase
提交
38999c54
ligase
项目概览
FinClip
/
ligase
通知
36
Star
8
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
ligase
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
38999c54
编写于
10月 10, 2017
作者:
E
Erik Johnston
提交者:
GitHub
10月 10, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Generate new devices for each new /login (#281)
上级
c78d9a59
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
55 addition
and
25 deletion
+55
-25
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
+17
-9
src/github.com/matrix-org/dendrite/clientapi/auth/storage/devices/storage.go
...ix-org/dendrite/clientapi/auth/storage/devices/storage.go
+32
-9
src/github.com/matrix-org/dendrite/clientapi/readers/login.go
...github.com/matrix-org/dendrite/clientapi/readers/login.go
+4
-5
src/github.com/matrix-org/dendrite/clientapi/writers/register.go
...hub.com/matrix-org/dendrite/clientapi/writers/register.go
+1
-1
src/github.com/matrix-org/dendrite/cmd/create-account/main.go
...github.com/matrix-org/dendrite/cmd/create-account/main.go
+1
-1
未找到文件。
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
浏览文件 @
38999c54
...
...
@@ -29,17 +29,13 @@ import (
"github.com/matrix-org/util"
)
// UnknownDeviceID is the default device id if one is not specified.
// This deviates from Synapse which generates a new device ID if one is not specified.
// It's preferable to not amass a huge list of valid access tokens for an account,
// so limiting it to 1 unknown device for now limits the number of valid tokens.
// Clients should be giving us device IDs.
var
UnknownDeviceID
=
"unknown-device"
// OWASP recommends at least 128 bits of entropy for tokens: https://www.owasp.org/index.php/Insufficient_Session-ID_Length
// 32 bytes => 256 bits
var
tokenByteLength
=
32
// The length of generated device IDs
var
deviceIDByteLength
=
6
// DeviceDatabase represents a device database.
type
DeviceDatabase
interface
{
// Look up the device matching the given access token.
...
...
@@ -62,8 +58,8 @@ func VerifyAccessToken(req *http.Request, deviceDB DeviceDatabase) (device *auth
if
err
!=
nil
{
if
err
==
sql
.
ErrNoRows
{
resErr
=
&
util
.
JSONResponse
{
Code
:
40
3
,
JSON
:
jsonerror
.
Forbidden
(
"Invalid access
token"
),
Code
:
40
1
,
JSON
:
jsonerror
.
UnknownToken
(
"Unknown
token"
),
}
}
else
{
resErr
=
&
util
.
JSONResponse
{
...
...
@@ -86,6 +82,18 @@ func GenerateAccessToken() (string, error) {
return
base64
.
RawURLEncoding
.
EncodeToString
(
b
),
nil
}
// GenerateDeviceID creates a new device id. Returns an error if failed to generate
// random bytes.
func
GenerateDeviceID
()
(
string
,
error
)
{
b
:=
make
([]
byte
,
deviceIDByteLength
)
_
,
err
:=
rand
.
Read
(
b
)
if
err
!=
nil
{
return
""
,
err
}
// url-safe no padding
return
base64
.
RawURLEncoding
.
EncodeToString
(
b
),
nil
}
// extractAccessToken from a request, or return an error detailing what went wrong. The
// error message MUST be human-readable and comprehensible to the client.
func
extractAccessToken
(
req
*
http
.
Request
)
(
string
,
error
)
{
...
...
src/github.com/matrix-org/dendrite/clientapi/auth/storage/devices/storage.go
浏览文件 @
38999c54
...
...
@@ -18,6 +18,7 @@ import (
"context"
"database/sql"
"github.com/matrix-org/dendrite/clientapi/auth"
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
"github.com/matrix-org/dendrite/common"
"github.com/matrix-org/gomatrixserverlib"
...
...
@@ -55,20 +56,42 @@ func (d *Database) GetDeviceByAccessToken(
// If there is already a device with the same device ID for this user, that access token will be revoked
// and replaced with the given accessToken. If the given accessToken is already in use for another device,
// an error will be returned.
// If no device ID is given one is generated.
// Returns the device on success.
func
(
d
*
Database
)
CreateDevice
(
ctx
context
.
Context
,
localpart
,
deviceID
,
accessToken
string
,
ctx
context
.
Context
,
localpart
string
,
deviceID
*
string
,
accessToken
string
,
)
(
dev
*
authtypes
.
Device
,
returnErr
error
)
{
if
deviceID
!=
nil
{
returnErr
=
common
.
WithTransaction
(
d
.
db
,
func
(
txn
*
sql
.
Tx
)
error
{
var
err
error
// Revoke existing token for this device
if
err
=
d
.
devices
.
deleteDevice
(
ctx
,
txn
,
deviceID
,
localpart
);
err
!=
nil
{
if
err
=
d
.
devices
.
deleteDevice
(
ctx
,
txn
,
*
deviceID
,
localpart
);
err
!=
nil
{
return
err
}
dev
,
err
=
d
.
devices
.
insertDevice
(
ctx
,
txn
,
deviceID
,
localpart
,
accessToken
)
dev
,
err
=
d
.
devices
.
insertDevice
(
ctx
,
txn
,
*
deviceID
,
localpart
,
accessToken
)
return
err
})
}
else
{
// We generate device IDs in a loop in case its already taken.
// We cap this at going round 5 times to ensure we don't spin forever
var
newDeviceID
string
for
i
:=
1
;
i
<=
5
;
i
++
{
newDeviceID
,
returnErr
=
auth
.
GenerateDeviceID
()
if
returnErr
!=
nil
{
return
}
returnErr
=
common
.
WithTransaction
(
d
.
db
,
func
(
txn
*
sql
.
Tx
)
error
{
var
err
error
dev
,
err
=
d
.
devices
.
insertDevice
(
ctx
,
txn
,
newDeviceID
,
localpart
,
accessToken
)
return
err
})
if
returnErr
==
nil
{
return
}
}
}
return
}
...
...
src/github.com/matrix-org/dendrite/clientapi/readers/login.go
浏览文件 @
38999c54
...
...
@@ -46,6 +46,7 @@ type loginResponse struct {
UserID
string
`json:"user_id"`
AccessToken
string
`json:"access_token"`
HomeServer
gomatrixserverlib
.
ServerName
`json:"home_server"`
DeviceID
string
`json:"device_id"`
}
func
passwordLogin
()
loginFlows
{
...
...
@@ -113,15 +114,12 @@ func Login(
token
,
err
:=
auth
.
GenerateAccessToken
()
if
err
!=
nil
{
return
util
.
JSONResponse
{
Code
:
500
,
JSON
:
jsonerror
.
Unknown
(
"Failed to generate access token"
),
}
httputil
.
LogThenError
(
req
,
err
)
}
// TODO: Use the device ID in the request
dev
,
err
:=
deviceDB
.
CreateDevice
(
req
.
Context
(),
acc
.
Localpart
,
auth
.
UnknownDeviceID
,
token
,
req
.
Context
(),
acc
.
Localpart
,
nil
,
token
,
)
if
err
!=
nil
{
return
util
.
JSONResponse
{
...
...
@@ -136,6 +134,7 @@ func Login(
UserID
:
dev
.
UserID
,
AccessToken
:
dev
.
AccessToken
,
HomeServer
:
cfg
.
Matrix
.
ServerName
,
DeviceID
:
dev
.
ID
,
},
}
}
...
...
src/github.com/matrix-org/dendrite/clientapi/writers/register.go
浏览文件 @
38999c54
...
...
@@ -303,7 +303,7 @@ func completeRegistration(
}
// // TODO: Use the device ID in the request.
dev
,
err
:=
deviceDB
.
CreateDevice
(
ctx
,
username
,
auth
.
UnknownDeviceID
,
token
)
dev
,
err
:=
deviceDB
.
CreateDevice
(
ctx
,
username
,
nil
,
token
)
if
err
!=
nil
{
return
util
.
JSONResponse
{
Code
:
500
,
...
...
src/github.com/matrix-org/dendrite/cmd/create-account/main.go
浏览文件 @
38999c54
...
...
@@ -87,7 +87,7 @@ func main() {
}
device
,
err
:=
deviceDB
.
CreateDevice
(
context
.
Background
(),
*
username
,
"create-account-script"
,
*
accessToken
,
context
.
Background
(),
*
username
,
nil
,
*
accessToken
,
)
if
err
!=
nil
{
fmt
.
Println
(
err
.
Error
())
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录