From d98660a60daaf1cc8d83cb2d64daa5f20a34139c Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Mon, 23 Mar 2015 14:20:28 +0000
Subject: Implement password changing (finally) along with a start on making
 client/server auth more general.

---
 synapse/handlers/login.py | 49 +++++------------------------------------------
 1 file changed, 5 insertions(+), 44 deletions(-)

(limited to 'synapse/handlers/login.py')

diff --git a/synapse/handlers/login.py b/synapse/handlers/login.py
index 7447800460..19b560d91e 100644
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -69,48 +69,9 @@ class LoginHandler(BaseHandler):
             raise LoginError(403, "", errcode=Codes.FORBIDDEN)
 
     @defer.inlineCallbacks
-    def reset_password(self, user_id, email):
-        is_valid = yield self._check_valid_association(user_id, email)
-        logger.info("reset_password user=%s email=%s valid=%s", user_id, email,
-                    is_valid)
-        if is_valid:
-            try:
-                # send an email out
-                emailutils.send_email(
-                    smtp_server=self.hs.config.email_smtp_server,
-                    from_addr=self.hs.config.email_from_address,
-                    to_addr=email,
-                    subject="Password Reset",
-                    body="TODO."
-                )
-            except EmailException as e:
-                logger.exception(e)
+    def set_password(self, user_id, newpassword, token_id=None):
+        password_hash = bcrypt.hashpw(newpassword, bcrypt.gensalt())
 
-    @defer.inlineCallbacks
-    def _check_valid_association(self, user_id, email):
-        identity = yield self._query_email(email)
-        if identity and "mxid" in identity:
-            if identity["mxid"] == user_id:
-                defer.returnValue(True)
-                return
-        defer.returnValue(False)
-
-    @defer.inlineCallbacks
-    def _query_email(self, email):
-        http_client = SimpleHttpClient(self.hs)
-        try:
-            data = yield http_client.get_json(
-                # TODO FIXME This should be configurable.
-                # XXX: ID servers need to use HTTPS
-                "http://%s%s" % (
-                    "matrix.org:8090", "/_matrix/identity/api/v1/lookup"
-                ),
-                {
-                    'medium': 'email',
-                    'address': email
-                }
-            )
-            defer.returnValue(data)
-        except CodeMessageException as e:
-            data = json.loads(e.msg)
-            defer.returnValue(data)
+        yield self.store.user_set_password_hash(user_id, password_hash)
+        yield self.store.user_delete_access_tokens_apart_from(user_id, token_id)
+        yield self.store.flush_user(user_id)
-- 
cgit 1.4.1


From 78adccfaf497dcb75451adfc5d366d5ff26cad52 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Mon, 23 Mar 2015 14:23:51 +0000
Subject: pep8 / pyflakes

---
 synapse/handlers/login.py                | 6 +-----
 synapse/rest/client/v2_alpha/password.py | 4 ++--
 2 files changed, 3 insertions(+), 7 deletions(-)

(limited to 'synapse/handlers/login.py')

diff --git a/synapse/handlers/login.py b/synapse/handlers/login.py
index 19b560d91e..7aff2e69e6 100644
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -16,13 +16,9 @@
 from twisted.internet import defer
 
 from ._base import BaseHandler
-from synapse.api.errors import LoginError, Codes, CodeMessageException
-from synapse.http.client import SimpleHttpClient
-from synapse.util.emailutils import EmailException
-import synapse.util.emailutils as emailutils
+from synapse.api.errors import LoginError, Codes
 
 import bcrypt
-import json
 import logging
 
 logger = logging.getLogger(__name__)
diff --git a/synapse/rest/client/v2_alpha/password.py b/synapse/rest/client/v2_alpha/password.py
index 3663781c95..1277532110 100644
--- a/synapse/rest/client/v2_alpha/password.py
+++ b/synapse/rest/client/v2_alpha/password.py
@@ -21,7 +21,6 @@ from synapse.http.servlet import RestServlet
 
 from ._base import client_v2_pattern, parse_json_dict_from_request
 
-import simplejson as json
 import logging
 
 
@@ -72,5 +71,6 @@ class PasswordRestServlet(RestServlet):
 
         defer.returnValue((200, {}))
 
+
 def register_servlets(hs, http_server):
-    PasswordRestServlet(hs).register(http_server)
\ No newline at end of file
+    PasswordRestServlet(hs).register(http_server)
-- 
cgit 1.4.1


From a32e876ef43df22cec37aad748c32c0cda30428a Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Thu, 26 Mar 2015 13:40:16 +0000
Subject: Delete pushers when changing password

---
 synapse/handlers/login.py  |  3 +++
 synapse/push/pusherpool.py | 20 ++++++++++++++++++--
 synapse/storage/pusher.py  | 45 ++++++++++-----------------------------------
 3 files changed, 31 insertions(+), 37 deletions(-)

(limited to 'synapse/handlers/login.py')

diff --git a/synapse/handlers/login.py b/synapse/handlers/login.py
index 7aff2e69e6..04f6dbb95e 100644
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -70,4 +70,7 @@ class LoginHandler(BaseHandler):
 
         yield self.store.user_set_password_hash(user_id, password_hash)
         yield self.store.user_delete_access_tokens_apart_from(user_id, token_id)
+        yield self.hs.get_pusherpool().remove_pushers_by_user_access_token(
+            user_id, token_id
+        )
         yield self.store.flush_user(user_id)
diff --git a/synapse/push/pusherpool.py b/synapse/push/pusherpool.py
index 46444157c9..0fdd7ea786 100644
--- a/synapse/push/pusherpool.py
+++ b/synapse/push/pusherpool.py
@@ -71,7 +71,7 @@ class PusherPool:
             "app_display_name": app_display_name,
             "device_display_name": device_display_name,
             "pushkey": pushkey,
-            "pushkey_ts": self.hs.get_clock().time_msec(),
+            "ts": self.hs.get_clock().time_msec(),
             "lang": lang,
             "data": data,
             "last_token": None,
@@ -98,6 +98,22 @@ class PusherPool:
                 )
                 self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
 
+    @defer.inlineCallbacks
+    def remove_pushers_by_user_access_token(self, user_id, not_access_token_id):
+        all = yield self.store.get_all_pushers()
+        logger.info(
+            "Removing all pushers for user %s except access token %s",
+            user_id, not_access_token_id
+        )
+        for p in all:
+            if (p['user_name'] == user_id and
+                        p['access_token'] != not_access_token_id):
+                logger.info(
+                    "Removing pusher for app id %s, pushkey %s, user %s",
+                    p['app_id'], p['pushkey'], p['user_name']
+                )
+                self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
+
     @defer.inlineCallbacks
     def _add_pusher_to_store(self, user_name, access_token, profile_tag, kind,
                              app_id, app_display_name, device_display_name,
@@ -127,7 +143,7 @@ class PusherPool:
                 app_display_name=pusherdict['app_display_name'],
                 device_display_name=pusherdict['device_display_name'],
                 pushkey=pusherdict['pushkey'],
-                pushkey_ts=pusherdict['pushkey_ts'],
+                pushkey_ts=pusherdict['ts'],
                 data=pusherdict['data'],
                 last_token=pusherdict['last_token'],
                 last_success=pusherdict['last_success'],
diff --git a/synapse/storage/pusher.py b/synapse/storage/pusher.py
index 423878c6a0..1c657beddb 100644
--- a/synapse/storage/pusher.py
+++ b/synapse/storage/pusher.py
@@ -28,11 +28,9 @@ logger = logging.getLogger(__name__)
 class PusherStore(SQLBaseStore):
     @defer.inlineCallbacks
     def get_pushers_by_app_id_and_pushkey(self, app_id, pushkey):
+        cols = ",".join(PushersTable.fields)
         sql = (
-            "SELECT id, user_name, kind, profile_tag, app_id,"
-            "app_display_name, device_display_name, pushkey, ts, data, "
-            "last_token, last_success, failing_since "
-            "FROM pushers "
+            "SELECT "+cols+" FROM pushers "
             "WHERE app_id = ? AND pushkey = ?"
         )
 
@@ -43,51 +41,26 @@ class PusherStore(SQLBaseStore):
 
         ret = [
             {
-                "id": r[0],
-                "user_name": r[1],
-                "kind": r[2],
-                "profile_tag": r[3],
-                "app_id": r[4],
-                "app_display_name": r[5],
-                "device_display_name": r[6],
-                "pushkey": r[7],
-                "pushkey_ts": r[8],
-                "data": r[9],
-                "last_token": r[10],
-                "last_success": r[11],
-                "failing_since": r[12]
+                k: r[i] for i, k in enumerate(PushersTable.fields)
             }
             for r in rows
         ]
+        print ret
 
         defer.returnValue(ret)
 
     @defer.inlineCallbacks
     def get_all_pushers(self):
+        cols = ",".join(PushersTable.fields)
         sql = (
-            "SELECT id, user_name, kind, profile_tag, app_id,"
-            "app_display_name, device_display_name, pushkey, ts, data, "
-            "last_token, last_success, failing_since "
-            "FROM pushers"
+            "SELECT "+cols+" FROM pushers"
         )
 
         rows = yield self._execute("get_all_pushers", None, sql)
 
         ret = [
             {
-                "id": r[0],
-                "user_name": r[1],
-                "kind": r[2],
-                "profile_tag": r[3],
-                "app_id": r[4],
-                "app_display_name": r[5],
-                "device_display_name": r[6],
-                "pushkey": r[7],
-                "pushkey_ts": r[8],
-                "data": r[9],
-                "last_token": r[10],
-                "last_success": r[11],
-                "failing_since": r[12]
+                k: r[i] for i, k in enumerate(PushersTable.fields)
             }
             for r in rows
         ]
@@ -166,13 +139,15 @@ class PushersTable(Table):
     fields = [
         "id",
         "user_name",
+        "access_token",
         "kind",
         "profile_tag",
         "app_id",
         "app_display_name",
         "device_display_name",
         "pushkey",
-        "pushkey_ts",
+        "ts",
+        "lang",
         "data",
         "last_token",
         "last_success",
-- 
cgit 1.4.1


From f96ab9d18dcebf995700f096792101a490b3a9b8 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 17 Apr 2015 16:44:49 +0100
Subject: make add3pid servlet work

---
 synapse/handlers/login.py                |  7 ++++++
 synapse/rest/client/v2_alpha/account.py  | 38 ++++++++++++++++++++++++++++++++
 synapse/rest/client/v2_alpha/register.py | 38 ++++++++++++++++++++++----------
 synapse/storage/registration.py          | 11 +++++++++
 4 files changed, 82 insertions(+), 12 deletions(-)

(limited to 'synapse/handlers/login.py')

diff --git a/synapse/handlers/login.py b/synapse/handlers/login.py
index 04f6dbb95e..5c39356d71 100644
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -74,3 +74,10 @@ class LoginHandler(BaseHandler):
             user_id, token_id
         )
         yield self.store.flush_user(user_id)
+
+    @defer.inlineCallbacks
+    def add_threepid(self, user_id, medium, address, validated_at):
+        yield self.store.user_add_threepid(
+            user_id, medium, address, validated_at,
+            self.hs.get_clock().time_msec()
+        )
\ No newline at end of file
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index 750d826f91..6045b016ef 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -18,6 +18,7 @@ from twisted.internet import defer
 from synapse.api.constants import LoginType
 from synapse.api.errors import LoginError, SynapseError, Codes
 from synapse.http.servlet import RestServlet
+from synapse.util.async import run_on_reactor
 
 from ._base import client_v2_pattern, parse_json_dict_from_request
 
@@ -39,6 +40,8 @@ class PasswordRestServlet(RestServlet):
 
     @defer.inlineCallbacks
     def on_POST(self, request):
+        yield run_on_reactor()
+
         body = parse_json_dict_from_request(request)
 
         authed, result, params = yield self.auth_handler.check_auth([
@@ -78,16 +81,51 @@ class PasswordRestServlet(RestServlet):
 class ThreepidRestServlet(RestServlet):
     PATTERN = client_v2_pattern("/account/3pid")
 
+    def __init__(self, hs):
+        super(ThreepidRestServlet, self).__init__()
+        self.hs = hs
+        self.login_handler = hs.get_handlers().login_handler
+        self.identity_handler = hs.get_handlers().identity_handler
+        self.auth = hs.get_auth()
+
     @defer.inlineCallbacks
     def on_POST(self, request):
+        yield run_on_reactor()
+
         body = parse_json_dict_from_request(request)
 
         if 'threePidCreds' not in body:
             raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)
+        threePidCreds = body['threePidCreds']
 
         auth_user, client = yield self.auth.get_user_by_req(request)
 
+        threepid = yield self.identity_handler.threepid_from_creds(threePidCreds)
 
+        if not threepid:
+            raise SynapseError(400, "Failed to auth 3pid")
+
+        for reqd in ['medium', 'address', 'validatedAt']:
+            if reqd not in threepid:
+                logger.warn("Couldn't add 3pid: invalid response from ID sevrer")
+                raise SynapseError(500, "Invalid response from ID Server")
+
+        yield self.login_handler.add_threepid(
+            auth_user.to_string(),
+            threepid['medium'],
+            threepid['address'],
+            threepid['validatedAt'],
+        )
+
+        if 'bind' in body and body['bind']:
+            logger.debug("Binding emails %s to %s" % (
+                threepid, auth_user.to_string()
+            ))
+            yield self.identity_handler.bind_threepid(
+                threePidCreds, auth_user.to_string()
+            )
+
+        defer.returnValue((200, {}))
 
 
 def register_servlets(hs, http_server):
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index a5fec45dce..e93897e285 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -50,6 +50,7 @@ class RegisterRestServlet(RestServlet):
         self.auth_handler = hs.get_handlers().auth_handler
         self.registration_handler = hs.get_handlers().registration_handler
         self.identity_handler = hs.get_handlers().identity_handler
+        self.login_handler = hs.get_handlers().login_handler
 
     @defer.inlineCallbacks
     def on_POST(self, request):
@@ -61,7 +62,6 @@ class RegisterRestServlet(RestServlet):
 
         if 'username' in body:
             desired_username = body['username']
-            print "username in body"
             yield self.registration_handler.check_username(desired_username)
 
         is_using_shared_secret = False
@@ -118,17 +118,31 @@ class RegisterRestServlet(RestServlet):
             password=new_password
         )
 
-        if 'bind_email' in params and params['bind_email']:
-            logger.info("bind_email specified: binding")
-
-            emailThreepid = result[LoginType.EMAIL_IDENTITY]
-            threepidCreds = emailThreepid['threepidCreds']
-            logger.debug("Binding emails %s to %s" % (
-                emailThreepid, user_id
-            ))
-            yield self.identity_handler.bind_threepid(threepidCreds, user_id)
-        else:
-            logger.info("bind_email not specified: not binding email")
+        if LoginType.EMAIL_IDENTITY in result:
+            threepid = result[LoginType.EMAIL_IDENTITY]
+
+            for reqd in ['medium', 'address', 'validatedAt']:
+                if reqd not in threepid:
+                    logger.info("Can't add incomplete 3pid")
+                else:
+                    yield self.login_handler.add_threepid(
+                        user_id,
+                        threepid['medium'],
+                        threepid['address'],
+                        threepid['validatedAt'],
+                    )
+
+            if 'bind_email' in params and params['bind_email']:
+                logger.info("bind_email specified: binding")
+
+                emailThreepid = result[LoginType.EMAIL_IDENTITY]
+                threepidCreds = emailThreepid['threepidCreds']
+                logger.debug("Binding emails %s to %s" % (
+                    emailThreepid, user_id
+                ))
+                yield self.identity_handler.bind_threepid(threepidCreds, user_id)
+            else:
+                logger.info("bind_email not specified: not binding email")
 
         result = {
             "user_id": user_id,
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index f61d8fdb6a..4bc01f3cc2 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -175,3 +175,14 @@ class RegistrationStore(SQLBaseStore):
             return rows[0]
 
         return None
+
+    @defer.inlineCallbacks
+    def user_add_threepid(self, user_id, medium, address, validated_at, added_at):
+        yield self._simple_upsert("user_threepids", {
+            "user": user_id,
+            "medium": medium,
+            "address": address,
+        }, {
+            "validated_at": validated_at,
+            "added_at": added_at,
+        })
\ No newline at end of file
-- 
cgit 1.4.1


From 4eea5cf6c2a301938466828b02557d8500197bb3 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 17 Apr 2015 16:46:45 +0100
Subject: pep8

---
 synapse/handlers/identity.py    | 6 +++---
 synapse/handlers/login.py       | 2 +-
 synapse/handlers/register.py    | 5 +----
 synapse/storage/registration.py | 2 +-
 4 files changed, 6 insertions(+), 9 deletions(-)

(limited to 'synapse/handlers/login.py')

diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index cb5e1e80ac..5c72635915 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -42,8 +42,8 @@ class IdentityHandler(BaseHandler):
         # each request
         http_client = SimpleHttpClient(self.hs)
         # XXX: make this configurable!
-        trustedIdServers = ['matrix.org', 'localhost:8090']
-        #trustedIdServers = ['matrix.org']
+        # trustedIdServers = ['matrix.org', 'localhost:8090']
+        trustedIdServers = ['matrix.org']
         if not creds['idServer'] in trustedIdServers:
             logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
                         'credentials', creds['idServer'])
@@ -86,4 +86,4 @@ class IdentityHandler(BaseHandler):
             logger.debug("bound threepid %r to %s", creds, mxid)
         except CodeMessageException as e:
             data = json.loads(e.msg)
-        defer.returnValue(data)
\ No newline at end of file
+        defer.returnValue(data)
diff --git a/synapse/handlers/login.py b/synapse/handlers/login.py
index 5c39356d71..f7f3698340 100644
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -80,4 +80,4 @@ class LoginHandler(BaseHandler):
         yield self.store.user_add_threepid(
             user_id, medium, address, validated_at,
             self.hs.get_clock().time_msec()
-        )
\ No newline at end of file
+        )
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index d4483c3a1d..7b68585a17 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -18,18 +18,15 @@ from twisted.internet import defer
 
 from synapse.types import UserID
 from synapse.api.errors import (
-    AuthError, Codes, SynapseError, RegistrationError, InvalidCaptchaError,
-    CodeMessageException
+    AuthError, Codes, SynapseError, RegistrationError, InvalidCaptchaError
 )
 from ._base import BaseHandler
 import synapse.util.stringutils as stringutils
 from synapse.util.async import run_on_reactor
-from synapse.http.client import SimpleHttpClient
 from synapse.http.client import CaptchaServerHttpClient
 
 import base64
 import bcrypt
-import json
 import logging
 import urllib
 
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index 4bc01f3cc2..8f62e5c6f2 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -185,4 +185,4 @@ class RegistrationStore(SQLBaseStore):
         }, {
             "validated_at": validated_at,
             "added_at": added_at,
-        })
\ No newline at end of file
+        })
-- 
cgit 1.4.1