Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy: Allow email registration when no IS #2699

Merged
merged 4 commits into from
Sep 9, 2019
Merged

Privacy: Allow email registration when no IS #2699

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
93b8b29
Privacy: Allow email registration when no IS but return an error if n…
manuroe Sep 6, 2019
5f773d4
Privacy: Allow email registration when no IS if the HS supports it
manuroe Sep 6, 2019
c41d1e3
Privacy: Allow email registration when no IS: Make is_url optional in…
manuroe Sep 6, 2019
4427bb9
CHANGES
manuroe Sep 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGES.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Improvements:
* Privacy: Prompt to accept identity server policies on firt use (#2602).
* Privacy: Settings: Allow adding 3pids when no IS (#2659).
* Privacy: Allow password reset when no IS (#2658).
* Privacy: Allow email registration when no IS (#2657).

Changes in 0.9.2 (2019-08-08)
===============================================
Expand Down
16 changes: 4 additions & 12 deletions Riot/Modules/Authentication/AuthenticationViewController.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -634,18 +634,10 @@ - (IBAction)onButtonPressed:(id)sender
else
{
[self.authenticationActivityIndicator stopAnimating];

if (self.isIdentityServerConfigured)
{
// Show the supported 3rd party ids which may be added to the account
authInputsview.thirdPartyIdentifiersHidden = NO;
[self updateRegistrationScreenWithThirdPartyIdentifiersHidden:NO];
}
else
{
// Do not propose to add 3rd party ids if there is no configured identity server
[super onButtonPressed:sender];
}

// Show the supported 3rd party ids which may be added to the account
authInputsview.thirdPartyIdentifiersHidden = NO;
[self updateRegistrationScreenWithThirdPartyIdentifiersHidden:NO];
}
}];
}
Expand Down
226 changes: 140 additions & 86 deletions Riot/Modules/Authentication/Views/AuthInputsView.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -604,96 +604,123 @@ - (void)prepareParameters:(void (^)(NSDictionary *parameters, NSError *error))ca
restClient = [self.delegate authInputsViewThirdPartyIdValidationRestClient:self];
}

if (restClient && restClient.identityServer)
if (restClient)
{
// Check whether a second 3pid is available
_isThirdPartyIdentifierPending = (nbPhoneNumber && ![self isFlowCompleted:kMXLoginFlowTypeMSISDN]);

// Launch email validation
submittedEmail = [[MXK3PID alloc] initWithMedium:kMX3PIDMediumEmail andAddress:self.emailTextField.text];

NSString *identityServer = restClient.identityServer;

// Create the next link that is common to all Vector.im clients
NSString *nextLink = [NSString stringWithFormat:@"%@/#/register?client_secret=%@&hs_url=%@&is_url=%@&session_id=%@",
[Tools webAppUrl],
[submittedEmail.clientSecret stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[restClient.homeserver stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[currentSession.session stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]];

[submittedEmail requestValidationTokenWithMatrixRestClient:restClient
isDuringRegistration:YES
nextLink:nextLink
success:^
{

NSURL *identServerURL = [NSURL URLWithString:identityServer];
NSDictionary *parameters;
parameters = @{
@"auth": @{
@"session":currentSession.session,
@"threepid_creds": @{
@"client_secret": submittedEmail.clientSecret,
@"id_server": identServerURL.host,
@"sid": submittedEmail.sid
},
@"type": kMXLoginFlowTypeEmailIdentity},
@"username": self.userLoginTextField.text,
@"password": self.passWordTextField.text,
};

[self hideInputsContainer];

self.messageLabel.text = NSLocalizedStringFromTable(@"auth_email_validation_message", @"Vector", nil);
self.messageLabel.hidden = NO;

callback(parameters, nil);

}
failure:^(NSError *error)
{

NSLog(@"[AuthInputsView] Failed to request email token");

// Ignore connection cancellation error
if (([error.domain isEqualToString:NSURLErrorDomain] && error.code == NSURLErrorCancelled))
{
return;
}

// Translate the potential MX error.
MXError *mxError = [[MXError alloc] initWithNSError:error];
if (mxError && ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse] || [mxError.errcode isEqualToString:kMXErrCodeStringServerNotTrusted]))
MXWeakify(self);
[self checkIdentityServerRequirement:restClient success:^(BOOL identityServerRequired) {
MXStrongifyAndReturnIfNil(self);

if (identityServerRequired && !restClient.identityServer)
{
callback(nil, [NSError errorWithDomain:MXKAuthErrorDomain
code:0
userInfo:@{
NSLocalizedDescriptionKey:[NSBundle mxk_localizedStringForKey:@"auth_email_is_required"]
}]);
return;
}

// Check whether a second 3pid is available
self->_isThirdPartyIdentifierPending = (self->nbPhoneNumber && ![self isFlowCompleted:kMXLoginFlowTypeMSISDN]);

// Launch email validation
self->submittedEmail = [[MXK3PID alloc] initWithMedium:kMX3PIDMediumEmail andAddress:self.emailTextField.text];

NSString *identityServer = restClient.identityServer;

// Create the next link that is common to all Vector.im clients
NSString *nextLink = [NSString stringWithFormat:@"%@/#/register?client_secret=%@&hs_url=%@&session_id=%@",
[Tools webAppUrl],
[self->submittedEmail.clientSecret stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[restClient.homeserver stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[self->currentSession.session stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]];

if (identityServer)
{
nextLink = [NSString stringWithFormat:@"%@&is_url=%@", nextLink,
[identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]];
}

[self->submittedEmail requestValidationTokenWithMatrixRestClient:restClient
isDuringRegistration:YES
nextLink:nextLink
success:^
{
NSMutableDictionary *userInfo;
if (error.userInfo)
{
userInfo = [NSMutableDictionary dictionaryWithDictionary:error.userInfo];
}
else
NSMutableDictionary *threepidCreds = [NSMutableDictionary dictionaryWithDictionary:@{
@"client_secret": self->submittedEmail.clientSecret,

@"sid": self->submittedEmail.sid
}];
if (identityServer)
{
userInfo = [NSMutableDictionary dictionary];
NSURL *identServerURL = [NSURL URLWithString:identityServer];
threepidCreds[@"id_server"] = identServerURL.host;
}

userInfo[NSLocalizedFailureReasonErrorKey] = nil;

if ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse])

NSDictionary *parameters;
parameters = @{
@"auth": @{
@"session":self->currentSession.session,
@"threepid_creds": threepidCreds,
@"type": kMXLoginFlowTypeEmailIdentity},
@"username": self.userLoginTextField.text,
@"password": self.passWordTextField.text,
};

[self hideInputsContainer];

self.messageLabel.text = NSLocalizedStringFromTable(@"auth_email_validation_message", @"Vector", nil);
self.messageLabel.hidden = NO;

callback(parameters, nil);

}
failure:^(NSError *error)
{

NSLog(@"[AuthInputsView] Failed to request email token");

// Ignore connection cancellation error
if (([error.domain isEqualToString:NSURLErrorDomain] && error.code == NSURLErrorCancelled))
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
return;
}
else

// Translate the potential MX error.
MXError *mxError = [[MXError alloc] initWithNSError:error];
if (mxError && ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse] || [mxError.errcode isEqualToString:kMXErrCodeStringServerNotTrusted]))
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
NSMutableDictionary *userInfo;
if (error.userInfo)
{
userInfo = [NSMutableDictionary dictionaryWithDictionary:error.userInfo];
}
else
{
userInfo = [NSMutableDictionary dictionary];
}

userInfo[NSLocalizedFailureReasonErrorKey] = nil;

if ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse])
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
}
else
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
}

error = [NSError errorWithDomain:error.domain code:error.code userInfo:userInfo];
}

error = [NSError errorWithDomain:error.domain code:error.code userInfo:userInfo];
}
callback(nil, error);
}];
callback(nil, error);

}];
} failure:^(NSError *error) {
callback(nil, error);
}];

// Async response
return;
Expand Down Expand Up @@ -942,16 +969,31 @@ - (BOOL)setExternalRegistrationParameters:(NSDictionary *)registrationParameters
}

// Check validity of the required parameters
if (!homeserverURL.length || !identityURL.length || !clientSecret.length || !sid.length || !sessionId.length)
if (!homeserverURL.length || !clientSecret.length || !sid.length || !sessionId.length)
{
NSLog(@"[AuthInputsView] setExternalRegistrationParameters failed: wrong parameters");
return NO;
}

// Prepare the registration parameters (Ready to use)
NSURL *identServerURL = [NSURL URLWithString:identityURL];

NSMutableDictionary *threepidCreds = [NSMutableDictionary dictionaryWithDictionary:@{
@"client_secret": clientSecret,

@"sid": sid
}];
if (identityURL)
{
NSURL *identServerURL = [NSURL URLWithString:identityURL];
threepidCreds[@"id_server"] = identServerURL.host;
}

externalRegistrationParameters = @{
@"auth": @{@"session": sessionId, @"threepid_creds": @{@"client_secret": clientSecret, @"id_server": identServerURL.host, @"sid": sid}, @"type": kMXLoginFlowTypeEmailIdentity},
@"auth": @{
@"session": sessionId,
@"threepid_creds": threepidCreds,
@"type": kMXLoginFlowTypeEmailIdentity
},
};

// Hide all inputs by default
Expand Down Expand Up @@ -1805,4 +1847,16 @@ - (BOOL)isFlowCompleted:(NSString *)flow
return NO;
}

- (void)checkIdentityServerRequirement:(MXRestClient*)mxRestClient
success:(void (^)(BOOL identityServerRequired))success
failure:(void (^)(NSError *error))failure
{
[mxRestClient supportedMatrixVersions:^(MXMatrixVersions *matrixVersions) {

NSLog(@"[AuthInputsView] checkIdentityServerRequirement: %@", matrixVersions.doesServerRequireIdentityServerParam ? @"YES": @"NO");
success(matrixVersions.doesServerRequireIdentityServerParam);

} failure:failure];
}

@end