first version of change_password interceptor (more see details)
- add stripLocalpart in helpers.php - extend mxDatabase to update the password once validated
This commit is contained in:
73
internal/intercept_change_password.php
Normal file
73
internal/intercept_change_password.php
Normal file
@@ -0,0 +1,73 @@
|
||||
<?php
|
||||
/**
|
||||
* Copyright 2018 Matthias Kesler
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
// URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
|
||||
$response=[
|
||||
"errcode" => "M_UNKNOWN",
|
||||
"error" => "Unknown error while handling password changing",
|
||||
];
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
$response = [];
|
||||
// return with success
|
||||
exit();
|
||||
}
|
||||
try {
|
||||
$inputJSON = file_get_contents('php://input');
|
||||
$input = json_decode($inputJSON, TRUE);
|
||||
if (empty($input)) {
|
||||
throw new Exception('no valid json as input present');
|
||||
}
|
||||
if (!isset($input["auth"])) {
|
||||
throw new Exception('"auth" is not defined');
|
||||
}
|
||||
if (!isset($input["auth"]["user"]) || !isset($input["auth"]["password"])) {
|
||||
throw new Exception('"auth.user" or "auth.password" is not defined');
|
||||
}
|
||||
if (!isset($input["auth"]["type"]) || $input["auth"]["type"] !== "m.login.password") {
|
||||
throw new Exception('no or unknown auth.type');
|
||||
}
|
||||
if (!isset($input["new_password"])) {
|
||||
throw new Exception('"new_password" is not defined');
|
||||
}
|
||||
|
||||
require_once("../helpers.php");
|
||||
$localpart = stripLocalpart($input["auth"]["user"]);
|
||||
|
||||
if (empty($localpart)) {
|
||||
throw new Exception ("localpart cannot be identified");
|
||||
}
|
||||
|
||||
require_once("../database.php");
|
||||
if ($mx_db->updatePassword(
|
||||
$localpart,
|
||||
$input["auth"]["password"],
|
||||
$input["new_password"]
|
||||
)) {
|
||||
$response=[];
|
||||
} else {
|
||||
throw new Exception("invalid credentials or another error while updating");
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
header("HTTP/1.0 500 Internal Error");
|
||||
error_log("failed with error: " . $e->getMessage());
|
||||
$response["error"] = $e->getMessage();
|
||||
}
|
||||
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
|
||||
?>
|
||||
@@ -4,9 +4,9 @@
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
@@ -49,22 +49,15 @@ try {
|
||||
|
||||
// prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
|
||||
// we have to parse it on our own
|
||||
if (empty($localpart) && !empty($mxid)) {
|
||||
// A mxid would start with an @ so we start at the 2. position
|
||||
$sepPos = strpos($mxid,':', 1);
|
||||
if ($sepPos === false) {
|
||||
// : not found. Assume mxid is localpart
|
||||
// TODO: further checks
|
||||
$localpart = $mxid;
|
||||
} else {
|
||||
$localpart = substr($mxid, 1, strpos($mxid,':') - 1 );
|
||||
}
|
||||
if (empty($localpart))
|
||||
require_once("../helpers.php");
|
||||
$localpart = stripLocalpart($input["auth"]["user"]);
|
||||
}
|
||||
|
||||
|
||||
if (empty($localpart)) {
|
||||
throw new Exception ("localpart cannot be identified");
|
||||
}
|
||||
|
||||
|
||||
$password = NULL;
|
||||
if (isset($input["user"]) && isset($input["user"]["password"])) {
|
||||
$password = $input["user"]["password"];
|
||||
@@ -103,7 +96,7 @@ try {
|
||||
// we do not know how the data shall be transmitted so we do nothing with it
|
||||
$response["auth"]["success"] = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
error_log("Auth failed with error: " . $e->getMessage());
|
||||
$response["auth"]["error"] = $e->getMessage();
|
||||
|
||||
Reference in New Issue
Block a user