Merge branch 'master' into multilanguage1

MatrixConnection.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-class MatrixConnection
-{
+class MatrixConnection {
+
     private $hs;
     private $at;
 
@@ -107,7 +108,6 @@ class MatrixConnection
 
     function exec_curl_request($handle) {
         $response = curl_exec($handle);
-
         if ($response === false) {
             $errno = curl_errno($handle);
             $error = curl_error($handle);
@@ -115,7 +115,6 @@ class MatrixConnection
             curl_close($handle);
             return false;
         }
-
         $http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
         curl_close($handle);
 
@@ -132,13 +131,13 @@ class MatrixConnection
         } else {
             $response = json_decode($response, true);
         }
-
         return $response;
     }
+
 }
 
-class MatrixMessage
-{
+class MatrixMessage {
+
     private $message;
 
     function __construct() {
@@ -165,5 +164,7 @@ class MatrixMessage
     function get_object() {
         return $this->message;
     }
+
 }
+
 ?>

README.md

@@ -14,14 +14,15 @@ This is done in several steps:
 
 2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md)
 
+This bot takes care for user accounts. So it stores the credentials itself and provides ways to access them via matrix-synapse-rest-auth or mxisd.
 ## How to install
 
 - Copy `config.sample.php` to `config.php` and configure the bot as you can find there
-- Configure your webserver to publish the folder `public` and configure.
-  The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth
-- To integrate with matrix-synapse-rest-auth:
+- Configure your webserver to publish the folder `public`.
+  The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth or else via a reverse proxy
+- To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
   - `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
-- To integrate with mxisd: Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
+- To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
 
 
 | Key                            | file which handles that       | Description                                          |
@@ -30,3 +31,17 @@ This is done in several steps:
 | rest.endpoints.directory       | internal/directory_search.php | Search for users by arbitrary input                  |
 | rest.endpoints.identity.single | internal/identity_single.php  | Endpoint to query a single 3PID                      |
 | rest.endpoints.identity.bulk   | internal/identity_bulk.php    | Endpoint to query a list of 3PID                     |
+
+
+## Implement usage of additional features:
+### Use the ChangePasswortInterceptor:
+
+You need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.
+Here is an example for nginx:
+
+```
+        location /_matrix/client/r0/account/password {
+                proxy_pass http://localhost/mxbot/internal/intercept_change_password.php;
+                proxy_set_header X-Forwarded-For $remote_addr;
+        }
+```

config.sample.php

@@ -17,13 +17,13 @@ $config = [
     // When you want to collect the password on registration set this to true
     "getPasswordOnRegistration" => false,
 
+    // default language: one of [ en-gb | de-de ]
+    "defaultLanguage" => "en-gb",
+
     // to define where the data should be stored:
     "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
     // credentials for sqlite not used
     "databaseUser" => "dbUser123",
     "databasePass" => "secretPassword",
-
-	// default language: one of [ en-gb | de-de ]
-	"defaultLanguage" => "en-gb"
         ]
 ?>

cron.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -36,10 +37,7 @@ foreach ($mx_db->query($sql) as $row) {
             case RegisterState::PendingEmailSend:
                 $verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
                 $success = send_mail_pending_verification(
-						$config["homeserver"],
-						$row["first_name"] . " " . $row["last_name"],
-						$row["email"],
-						$verify_url);
+                        $config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
 
                 if ($success) {
                     $mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);

database.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +19,8 @@ if (!isset($config["databaseURI"])) {
     throw new Exception("malformed configuration: databaseURI not defined");
 }
 
-abstract class RegisterState
-{
+abstract class RegisterState {
+
     // Sending an E-Mail failed in the first attempt. Will retry later
     const PendingEmailSend = 0;
     // User got a mail. We wait for it to verfiy
@@ -30,21 +31,19 @@ abstract class RegisterState
     const PendingAdminVerify = 6;
     // Registration failed on first attempt. Will retry
     const PendingRegistration = 7;
-
     // in this case we have to reset the password of the user (or should we store it for this case?)
     const PendingSendRegistrationMail = 8;
-
     // State to allow persisting in the database although an admin declined it.
     // Will be removed regularly
     const RegistrationAccepted = 7;
     const RegistrationDeclined = 13;
-
     // User got successfully registered. Will be cleaned up later
     const AllDone = 100;
+
 }
 
-class mxDatabase
-{
+class mxDatabase {
+
     private $db = NULL;
 
     /**
@@ -164,6 +163,7 @@ class mxDatabase
         }
         return false;
     }
+
     function userRegistered($username) {
         $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
         $res = $this->db->query($sql);
@@ -215,7 +215,6 @@ class mxDatabase
         $sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
                 . " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
         $res = $this->db->query($sql);
-		$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
 
         if ($res->fetchColumn() > 0) {
             $sql = "SELECT first_name, last_name, username, note, email FROM registrations"
@@ -240,7 +239,6 @@ class mxDatabase
         $sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
                 . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
         $res = $this->db->query($sql);
-		$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
 
         if ($res->fetchColumn() > 0) {
             $sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
@@ -361,6 +359,7 @@ class mxDatabase
         }
         return $result;
     }
+
 }
 
 if (!isset($mx_db)) {

helpers.php

@@ -1,4 +1,19 @@
 <?php
+
+/**
+ * Copyright 2018 Matthias Kesler
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 function stripLocalpart($mxid) {
     $localpart = NULL;
     if (!empty($mxid)) {

internal/directory_search.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -39,9 +40,8 @@ try {
             $response["result"] = $mx_db->searchUserByEmail($input["search_term"]);
             break;
         default:
-            throw new Exception("unknown type for \"by\" param");
+            throw new Exception('unknown type for "by" param');
     }
-    
 } catch (Exception $e) {
     error_log("failed with error: " . $e->getMessage());
     $response["error"] = $e->getMessage();

internal/identity_bulk.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,7 +38,7 @@ try {
         if (!isset($lookup["address"])) {
             throw new Exception('"lookup.address" is not defined');
         }
-        $res2 = array();
+        $res2 = NULL;
         switch ($lookup["medium"]) {
             case "email":
                 $res2 = $mx_db->searchUserByEmail($lookup["address"]);
@@ -54,9 +55,11 @@ try {
                 }
                 break;
             case "msisdn":
+                // This is reserved for number lookups
+                throw new Exception("unimplemented lookup medium");
                 break;
             default:
-                throw new Exception("unknown type for \"by\" param");
+                throw new Exception("unknown lookup medium");
         }
     }
 } catch (Exception $e) {

internal/identity_single.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -30,7 +31,7 @@ try {
     if (!isset($input["lookup"]["address"])) {
         throw new Exception('"lookup.address" is not defined');
     }
-    $res2 = array();
+    $res2 = NULL;
     switch ($input["lookup"]["medium"]) {
         case "email":
             $res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]);
@@ -46,15 +47,19 @@ try {
                     ]
                 ];
             }
-            
-
+            break;
+        case "msisdn":
+            // This is reserved for number lookups
+            throw new Exception("unimplemented lookup medium");
             break;
         default:
-            throw new Exception("unknown type for \"by\" param");
+            throw new Exception("unknown lookup medium");
     }
 } catch (Exception $e) {
-    error_log("ídentity_bulk failed with error: " . $e->getMessage());
-    $response["error"] = $e->getMessage();
+    error_log("ídentity_single failed with error: " . $e->getMessage());
+    $response = [
+        "error" => $e->getMessage()
+    ];
 }
 print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
 ?>

internal/intercept_change_password.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 // URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
 
 header('Access-Control-Allow-Origin: *');
@@ -53,13 +53,10 @@ try {
 
     require_once("../database.php");
     if (!$mx_db->updatePassword(
-		$localpart,
-		$input["auth"]["password"],
-		$input["new_password"]
+                    $localpart, $input["auth"]["password"], $input["new_password"]
             )) {
         throw new Exception("invalid credentials or another error while updating");
     }
-
 } catch (Exception $e) {
     header("HTTP/1.0 500 Internal Error");
     error_log("failed with error: " . $e->getMessage());

internal/login.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,18 +21,21 @@ $response = [
 ];
 
 require_once("../database.php");
+
 abstract class LoginRequester {
+
     const UNDEFINED = 0;
     const MXISD = 1;
     const RestAuth = 2;
+
 }
+
 $loginRequester = LoginRequester::UNDEFINED;
 
 try {
     $inputJSON = file_get_contents('php://input');
     $input = json_decode($inputJSON, TRUE);
-    $mxid = NULL;
-    $localpart = NULL;
+    $mxid = $localpart = NULL;
     if (isset($input["user"])) {
         if (isset($input["user"]["localpart"])) {
             $localpart = $input["user"]["localpart"];
@@ -45,6 +49,8 @@ try {
             $mxid = $input["user"]["mxid"];
             $loginRequester = LoginRequester::MXISD;
         }
+    } else {
+        throw new Exception('"user" not in request body');
     }
 
     // prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
@@ -59,7 +65,7 @@ try {
     }
 
     $password = NULL;
-    if (isset($input["user"]) && isset($input["user"]["password"])) {
+    if (isset($input["user"]["password"])) {
         $password = $input["user"]["password"];
     }
     if (empty($password)) {
@@ -95,6 +101,7 @@ try {
             // only return that it was successful.
             // we do not know how the data shall be transmitted so we do nothing with it
             $response["auth"]["success"] = false;
+            $response["auth"]["error"] = "unidentified requester";
             break;
     }
 } catch (Exception $e) {

lang/lang.de-de.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");

language.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,9 +22,10 @@ if(isset($_GET['lang'])){
 }
 $lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
 if (!file_exists($lang_file)) {
-	error_log("Translation for '" . $lang . "' not found. Fallback to 'de-de'");
+    error_log("Translation for " . $lang . " not found. Fallback to 'de-de'");
     $lang = "de-de";
 }
+$lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
 require_once($lang_file);
 unset($lang_file);
 ?>

mail_templates.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Copyright 2018 Matthias Kesler
  * Licensed under the Apache License, Version 2.0 (the "License");

public/index.php

@@ -81,14 +81,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $verify_url = $config["webroot"] . "/verify.php?t=" . $verify_token;
         require_once "../mail_templates.php";
         $success = send_mail_pending_verification(
-			$config["homeserver"],
-			$first_name . " " . $last_name,
-			$email,
-			$verify_url);
+                $config["homeserver"], $first_name . " " . $last_name, $email, $verify_url);
 
         $mx_db->setRegistrationStateVerify(
-			($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend),
-			$verify_token);
+                ($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend), $verify_token);
 
         print("<title>Erfolgreich</title>");
         print("</head><body>");

public/verify.php

@@ -67,8 +67,7 @@ try {
         $message = $language["SEND_MATRIX_FAIL"];
     }
     $mx_db->setRegistrationStateVerify(
-		($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend),
-		$token);
+            ($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token);
 
     send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);