3pid authentication #60
Conversation
| LoginRequestJson loginRequestJson = parser.parse(req, LoginRequestJson.class); | ||
|
|
||
| // find 3PID locally (only if 'medium' and 'address' are defined in request) | ||
| if (StringUtils.isNotBlank(loginRequestJson.getAddress()) && StringUtils.isNotBlank(loginRequestJson.getMedium())) { |
There was a problem hiding this comment.
Reading the official /_matrix/client/r0/loign endpoint specification, it does not state the precise conditions to differiencate between a regular and a 3PID adress, except for one line in the description of the JSON body parameter medium which reads:
When logging in using a third party identifier, the medium of the identifier. [...]
So I think the best way found would be to check if the medium is set, and not if medium AND address is set.
There was a problem hiding this comment.
I correct it.
I realised this condition is actually not necessary.
| @@ -0,0 +1,105 @@ | |||
| package io.kamax.mxisd.controller.auth.v1.io; | |||
|
|
|||
| public class LoginRequestJson { | |||
There was a problem hiding this comment.
This doesn't take into account the Reverse engineered /_matrix/client/r0/login endpoint documentation.
There was a problem hiding this comment.
I wasn't aware of this spec while coding.
I take it into consideration.
| // invoke 'login' on homeserver | ||
| LoginResponseJson loginResponseJson; | ||
| HttpPost httpPost = RestClientUtils.post(urlToLogin, gson.toJson(loginRequestJson)); | ||
| CloseableHttpClient client = HttpClients.createDefault(); |
There was a problem hiding this comment.
Why create a new client per request? It would be best avoid creating potentially expensive object here, and only do it once when the class is instantiated.
There was a problem hiding this comment.
It was just a "copy" from some other classes (RemoteIdentityServerFetcher.java, RestProvider.java).
By the way, I agreed with you regarding usage of Apache HttpClients. My point is the client shall be instianted once from some kind of singleton class. This comment should be considered for a futur release.
| } | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
Do we actually need this somewhere? If yes, is it really wise to include the password?
There was a problem hiding this comment.
It's just an habit.
But you're right, I'll "shadow" the pasword.
| private String address; | ||
| private String password; | ||
| private String token; | ||
| private String device_id; |
There was a problem hiding this comment.
Gson allows to write fields with Java naming convention, like deviceId. See GsonUtil for getting a Gson instance with the right settings.
There was a problem hiding this comment.
I wasn't aware of that.
However, from my point of view, I'll prefer to keep this naming, because this class is just a pojo reflecting the spec, I think it is easier to read and make link with the actual spec. (in one sense, the "toString" method reflects exactly the Json data)
… on 'medium' and 'address' fields
adrnam
force-pushed
the
3pid-authentication
branch
from
774d1aa
to
82c7671
Compare
| - [Backends](#backends) | ||
|
|
||
| ## Description | ||
| Authentication is an enhanced Identity feature of mxisd to ensure coherent and centralized identity management. |
There was a problem hiding this comment.
- Not necessary centralized - you can have several identity stores.
Identity managementmight be misleading, as mxisd doesn't do any management, only reads data.
I like the spirit of the sentence, but not the wording :D I also don't have a good idea about the wording at this point
docs/features/authentication.md
Outdated
|
|
||
| It allows to use Identity stores configured in mxisd to authenticate users on your Homeserver. | ||
|
|
||
| This feature can also provide the ability to users to login on the Homeserver using their thirdparty identities provided by this Identity store. |
There was a problem hiding this comment.
thirdparty identitiesis not used anymore else. Let's be consistent throughout the whole documentation. I believe I called it3PIDseverywhere else.by this Identity store- which "this"? There is no reference to an identity store in the sentence or paragraph.
docs/features/authentication.md
Outdated
|
|
||
|
|
||
| ## Advanced Authentication | ||
| The Authentication feature offers users to login to your Homeserver by using their third party identifier (3PID) registered in your Identity store. |
There was a problem hiding this comment.
... feature offers users ...->... feature allows users ...... to your Homeserver ...->... to their Homeserver...... in your Identity store.->... in an available Identity store.
docs/features/authentication.md
Outdated
|
|
||
| ``` | ||
|
|
||
| Steps of user authentication using a third party identifier: |
There was a problem hiding this comment.
third party identifier -> 3PID
docs/features/authentication.md
Outdated
| `name` must be the hostname of the URL that clients use when connecting to the Homeserver. | ||
| In case the hostname is the same as your Matrix domain, you can use `${matrix.domain}` to auto-populate the value using the `matrix.domain` configuration option and avoid duplicating it. | ||
|
|
||
| value is the base internal URL of the Homeserver, without any /_matrix/.. or trailing /. |
Includes commit 3d26316 from maxidor which allows to test sign-in by using 3PID email without backend:
Just add to application.yaml config file:
(note that this
passwordfield is not used because the password must be provided by theloginrequest)Note: a method to support GET on
login(which returns hardcoded JSON message) has been added in order to prevent Riot client displaying an error (405) message when setting addresses of HS and IS.Requires to configurate Proxy Reverse in Apache and DNS Overwrite as for User Directory feature :
ProxyPass /_matrix/client/r0/login http://localhost:8090/_matrix/client/r0/loginIt was working for me according to my Apache configuration, feel free to correct me.
Thus, you should be able to login to your HS using mxisd by typing your 3PID (e.g. you email address) as username and your matrix password.