krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

Compare commits

base: krombel:3250792c9d5520a97abd3ed1fb6ce57c603e1274
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation
..
compare: krombel:complete_password_on_registration
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation

3 Commits
3250792c9d ... complete_p

Author SHA1 Message Date
Krombel
b4d630cd9e add Requirements section 2018-05-28 10:45:31 +02:00
Krombel
9a93b88d11 allow captured password for operationMode=local as well 2018-05-28 10:29:41 +02:00
Krombel
a8903dcf9a complete (insecure) password fetching on registration 2018-05-27 13:00:48 +02:00
5 changed files with 28 additions and 55 deletions
Expand all files Collapse all files

52
MatrixConnection.php
View File

@@ -14,9 +14,6 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
require_once(__DIR__ . "/helpers.php");
class MatrixConnection { class MatrixConnection {
private $hs; private $hs;
@@ -48,8 +45,12 @@ class MatrixConnection {
$url = "https://" . $this->hs . "/_matrix/client/r0/rooms/" $url = "https://" . $this->hs . "/_matrix/client/r0/rooms/"
. urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at; . urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at;
$handle = getCurlHandle($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($handle, CURLOPT_TIMEOUT, 60);
curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message)); curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($send_message));
curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
$response = $this->exec_curl_request($handle); $response = $this->exec_curl_request($handle);
return isset($response["event_id"]); return isset($response["event_id"]);
@@ -69,51 +70,37 @@ class MatrixConnection {
} }
$url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs; $url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
$handle = getCurlHandle($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($handle, CURLOPT_TIMEOUT, 60);
curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
$res = $this->exec_curl_request($handle); $res = $this->exec_curl_request($handle);
return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN"); return !(isset($res["errcode"]) && $res["errcode"] == "M_UNKNOWN");
} }
function getRegisterNonce() {
$url = "https://" . $this->hs . "/_matrix/client/r0/admin/register";
$handle = getCurlHandle($url);
try {
$response = $this->exec_curl_request($handle);
if (is_array($response) && isset($response["nonce"])) {
return $response["nonce"];
}
throw new Exception("INVALID_RESPONSE_FROM_SERVER");
} catch (Exception $e) {
if (strcmp("AUTHENTICATION_FAILED", $e->getMessage()) == 0) {
throw new Exception("WRONG_REGISTRATION_SHARED_SECRET");
} else {
throw $e;
}
}
}
function register($username, $password, $shared_secret) { function register($username, $password, $shared_secret) {
if (!$username) { if (!$username) {
error_log("no username provided"); error_log("no username provided");
} }
if (!$password) { if (!$password) {
error_log("no password provided"); error_log("no message to send");
} }
$nonce = $this->getRegisterNonce();
//TODO allow registering of admin. $mac = hash_hmac('sha1', $username, $shared_secret);
$hmac_content = $nonce . "\x00" . $username . "\x00" . $password . "\x00notadmin";
$mac = hash_hmac('sha1', $hmac_content, $shared_secret);
$data = array( $data = array(
"nonce" => $nonce,
"username" => $username, "username" => $username,
"password" => $password, "password" => $password,
"mac" => $mac, "mac" => $mac,
); );
$url = "https://" . $this->hs . "/_matrix/client/r0/admin/register"; $url = "https://" . $this->hs . "/_matrix/client/v2_alpha/register";
$handle = getCurlHandle($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($handle, CURLOPT_TIMEOUT, 60);
curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($handle, CURLOPT_POSTFIELDS, json_encode($data));
try { try {
@@ -185,6 +172,7 @@ class MatrixMessage {
function get_object() { function get_object() {
return $this->message; return $this->message;
} }
} }
?> ?>

9
helpers.php
View File

@@ -30,13 +30,4 @@ function stripLocalpart($mxid) {
return $localpart; return $localpart;
} }
function getCurlHandle($url) {
$handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($handle, CURLOPT_TIMEOUT, 60);
curl_setopt($handle, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
return $handle;
}
?> ?>

2
public/index.php
View File

@@ -20,7 +20,7 @@ if (!isset($_SERVER['HTTPS'])) {
} }
require_once(__DIR__ . "/../language.php"); require_once(__DIR__ . "/../language.php");
if (!file_exists(__DIR__ . "/../config.php")) { if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]); print($language["NO_CONFIGURATION"]);
exit(); exit();
} }

9
public/verify.php
View File

@@ -51,21 +51,18 @@ try {
$email = $user["email"]; $email = $user["email"];
$admin_token = $user["admin_token"]; $admin_token = $user["admin_token"];
// we have 2 cases: first and last name or just the username
$call_name = strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username;
require_once(__DIR__ . "/../MatrixConnection.php"); require_once(__DIR__ . "/../MatrixConnection.php");
$adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token; $adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token;
$mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]); $mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
$mxMsg = new MatrixMessage(); $mxMsg = new MatrixMessage();
$mxMsg->set_body(strtr($language["MSG_USER_WANTS_REGISTER"], [ $mxMsg->set_body(strtr($language["MSG_USER_WANTS_REGISTER"], [
"@name" => $call_name, "@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
"@note" => $note, "@note" => $note,
"@adminUrl" => $adminUrl "@adminUrl" => $adminUrl
])); ]));
if (isset($language["MSG_USER_WANTS_REGISTER_FORMATTED"])) { if (isset($language["MSG_USER_WANTS_REGISTER_FORMATTED"])) {
$mxMsg->set_formatted_body(strtr($language["MSG_USER_WANTS_REGISTER_FORMATTED"], [ $mxMsg->set_formatted_body(strtr($language["MSG_USER_WANTS_REGISTER_FORMATTED"], [
"@name" => $call_name, "@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
"@note" => $note, "@note" => $note,
"@adminUrl" => $adminUrl "@adminUrl" => $adminUrl
])); ]));
@@ -79,7 +76,7 @@ try {
$mx_db->setRegistrationStateVerify( $mx_db->setRegistrationStateVerify(
($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token); ($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token);
send_mail_pending_approval($config["homeserver"], $call_name, $email); send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>"); print("<title>" . $language["VERIFICATION_SUCEEDED"] . "</title>");
print("</head><body>"); print("</head><body>");

11
public/verify_admin.php
View File

@@ -60,9 +60,6 @@ try {
$first_name = $user["first_name"]; $first_name = $user["first_name"];
$last_name = $user["last_name"]; $last_name = $user["last_name"];
$username = $user["username"]; $username = $user["username"];
// we have 2 cases: first and last name or just the username
$call_name = strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username;
$note = $user["note"]; $note = $user["note"];
$email = $user["email"]; $email = $user["email"];
@@ -102,7 +99,7 @@ try {
// send registration_success // send registration_success
$res = send_mail_registration_success( $res = send_mail_registration_success(
$config["homeserver"], $config["homeserver"],
$call_name, $first_name . " " . $last_name,
$email, $email,
$username, $username,
// only send password when auto-created // only send password when auto-created
@@ -115,11 +112,11 @@ try {
$mx_db->setRegistrationStateAdmin(RegisterState::PendingSendRegistrationMail, $token); $mx_db->setRegistrationStateAdmin(RegisterState::PendingSendRegistrationMail, $token);
} }
} else { } else {
send_mail_registration_allowed_but_failed($config["homeserver"], $call_name, $email); send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email);
$mxMsg = new MatrixMessage(); $mxMsg = new MatrixMessage();
$mxMsg->set_type("m.text"); $mxMsg->set_type("m.text");
$mxMsg->set_body(strtr($language["REGISTRATION_FAILED_FOR"], [ $mxMsg->set_body(strtr($language["REGISTRATION_FAILED_FOR"], [
"@name" => $call_name, "@name" => strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username,
])); ]));
$mxConn->send($config["register_room"], $mxMsg); $mxConn->send($config["register_room"], $mxMsg);
throw new Exception("REGISTRATION_FAILED"); throw new Exception("REGISTRATION_FAILED");
@@ -132,7 +129,7 @@ try {
} elseif ($action == RegisterState::RegistrationDeclined) { } elseif ($action == RegisterState::RegistrationDeclined) {
$mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token); $mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token);
send_mail_registration_decline( send_mail_registration_decline(
$config["homeserver"], $call_name, $email, $decline_reason $config["homeserver"], strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username, $email, $decline_reason
); );
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>"); print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
print("</head><body>"); print("</head><body>");