diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 26df9fcd86..3d2461dd7d 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -20,12 +20,15 @@ from synapse.api.constants import LoginType
from synapse.types import UserID
from synapse.api.errors import LoginError, Codes
from synapse.http.client import SimpleHttpClient
+
from twisted.web.client import PartialDownloadError
import logging
import bcrypt
import simplejson
+import synapse.util.stringutils as stringutils
+
logger = logging.getLogger(__name__)
@@ -34,6 +37,11 @@ class AuthHandler(BaseHandler):
def __init__(self, hs):
super(AuthHandler, self).__init__(hs)
+ self.checkers = {
+ LoginType.PASSWORD: self._check_password_auth,
+ LoginType.RECAPTCHA: self._check_recaptcha,
+ }
+ self.sessions = {}
@defer.inlineCallbacks
def check_auth(self, flows, clientdict, clientip=None):
@@ -52,40 +60,64 @@ class AuthHandler(BaseHandler):
If authed is false, the dictionary is the server response to the
login request and should be passed back to the client.
"""
- types = {
- LoginType.PASSWORD: self.check_password_auth,
- LoginType.RECAPTCHA: self.check_recaptcha,
- }
if not clientdict or 'auth' not in clientdict:
- defer.returnValue((False, self.auth_dict_for_flows(flows)))
+ sess = self._get_session_info(None)
+ defer.returnValue(
+ (False, self._auth_dict_for_flows(flows, sess))
+ )
authdict = clientdict['auth']
- # In future: support sessions & retrieve previously succeeded
- # login types
- creds = {}
+ sess = self._get_session_info(
+ authdict['session'] if 'session' in authdict else None
+ )
+ if 'creds' not in sess:
+ sess['creds'] = {}
+ creds = sess['creds']
# check auth type currently being presented
- if 'type' not in authdict:
- raise LoginError(400, "", Codes.MISSING_PARAM)
- if authdict['type'] not in types:
- raise LoginError(400, "", Codes.UNRECOGNIZED)
- result = yield types[authdict['type']](authdict, clientip)
- if result:
- creds[authdict['type']] = result
+ if 'type' in authdict:
+ if authdict['type'] not in self.checkers:
+ raise LoginError(400, "", Codes.UNRECOGNIZED)
+ result = yield self.checkers[authdict['type']](authdict, clientip)
+ if result:
+ creds[authdict['type']] = result
+ self._save_session(sess)
for f in flows:
if len(set(f) - set(creds.keys())) == 0:
logger.info("Auth completed with creds: %r", creds)
+ self._remove_session(sess)
defer.returnValue((True, creds))
- ret = self.auth_dict_for_flows(flows)
+ ret = self._auth_dict_for_flows(flows, sess)
ret['completed'] = creds.keys()
defer.returnValue((False, ret))
@defer.inlineCallbacks
- def check_password_auth(self, authdict, _):
+ def add_oob_auth(self, stagetype, authdict, clientip):
+ if stagetype not in self.checkers:
+ raise LoginError(400, "", Codes.MISSING_PARAM)
+ if 'session' not in authdict:
+ raise LoginError(400, "", Codes.MISSING_PARAM)
+
+ sess = self._get_session_info(
+ authdict['session']
+ )
+ if 'creds' not in sess:
+ sess['creds'] = {}
+ creds = sess['creds']
+
+ result = yield self.checkers[stagetype](authdict, clientip)
+ if result:
+ creds[stagetype] = result
+ self._save_session(sess)
+ defer.returnValue(True)
+ defer.returnValue(False)
+
+ @defer.inlineCallbacks
+ def _check_password_auth(self, authdict, _):
if "user" not in authdict or "password" not in authdict:
raise LoginError(400, "", Codes.MISSING_PARAM)
@@ -107,7 +139,7 @@ class AuthHandler(BaseHandler):
raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
@defer.inlineCallbacks
- def check_recaptcha(self, authdict, clientip):
+ def _check_recaptcha(self, authdict, clientip):
try:
user_response = authdict["response"]
except KeyError:
@@ -143,10 +175,10 @@ class AuthHandler(BaseHandler):
defer.returnValue(True)
raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
- def get_params_recaptcha(self):
+ def _get_params_recaptcha(self):
return {"public_key": self.hs.config.recaptcha_public_key}
- def auth_dict_for_flows(self, flows):
+ def _auth_dict_for_flows(self, flows, session):
public_flows = []
for f in flows:
hidden = False
@@ -157,7 +189,7 @@ class AuthHandler(BaseHandler):
public_flows.append(f)
get_params = {
- LoginType.RECAPTCHA: self.get_params_recaptcha,
+ LoginType.RECAPTCHA: self._get_params_recaptcha,
}
params = {}
@@ -168,6 +200,30 @@ class AuthHandler(BaseHandler):
params[stage] = get_params[stage]()
return {
+ "session": session['id'],
"flows": [{"stages": f} for f in public_flows],
"params": params
}
+
+ def _get_session_info(self, session_id):
+ if session_id not in self.sessions:
+ session_id = None
+
+ if not session_id:
+ # create a new session
+ while session_id is None or session_id in self.sessions:
+ session_id = stringutils.random_string(24)
+ self.sessions[session_id] = {
+ "id": session_id,
+ }
+
+ return self.sessions[session_id]
+
+ def _save_session(self, session):
+ # TODO: Persistent storage
+ logger.debug("Saving session %s", session)
+ self.sessions[session["id"]] = session
+
+ def _remove_session(self, session):
+ logger.debug("Removing session %s", session)
+ del self.sessions[session["id"]]
|
