krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

Compare commits

base: krombel:ae83ea1404948ddcd4624beeb413f2a257e0b335
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation
..
compare: krombel:feature_multimodeOperation
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation

11 Commits
ae83ea1404 ... feature_mu

Author SHA1 Message Date
Krombel
5eeaa11c0c fix in config.sample 2018-04-16 15:17:58 +02:00
Krombel
f74a2f74e0 fix path to config.php in mail.l.php 2018-04-16 15:15:32 +02:00
Krombel
53ccd1c2b3 hopefully complete operationMode=synapse 2018-04-16 15:06:44 +02:00
Krombel
6d19d869c8 Merge branch 'master' into feature_multimodeOperation 2018-04-16 14:52:09 +02:00
Krombel
6143a23dd8 autoformat to reduce merge conflicts 2018-04-16 14:29:40 +02:00
Matthias
31bacaeb36 Implement multilanguage 
This completes the multilanguage support

For this a new setting in the config got added "defaultLanguage"
 2018-04-16 14:18:26 +02:00
Krombel
79341b4c88 run some autoformat 2018-04-15 22:01:22 +02:00
Krombel
f808615f22 start implementing multiple modes for operation 
- synapse: Only trigger register calls and do not store anything for longterm
- local: Provide an identity store and register to the own backend
 2018-04-15 21:36:24 +02:00
Krombel
ffce2fc28b run some autoformat 2018-04-04 20:43:24 +02:00
Krombel
eb5b76c5c8 smaller optimizations 2018-04-04 20:29:00 +02:00
Matthias
b343c6f862 Update readme to have howTo for ChangePasswordInterceptor 2018-03-26 23:27:04 +02:00
20 changed files with 1167 additions and 1015 deletions
Expand all files Collapse all files

15
MatrixConnection.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class MatrixConnection
{
class MatrixConnection {
private $hs;
private $at;
@@ -107,7 +108,6 @@ class MatrixConnection
function exec_curl_request($handle) {
$response = curl_exec($handle);
if ($response === false) {
$errno = curl_errno($handle);
$error = curl_error($handle);
@@ -115,7 +115,6 @@ class MatrixConnection
curl_close($handle);
return false;
}
$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
curl_close($handle);
@@ -132,13 +131,13 @@ class MatrixConnection
} else {
$response = json_decode($response, true);
}
return $response;
}
}
class MatrixMessage
{
class MatrixMessage {
private $message;
function __construct() {
@@ -165,5 +164,7 @@ class MatrixMessage
function get_object() {
return $this->message;
}
}
?>

23
README.md
View File

@@ -14,14 +14,15 @@ This is done in several steps:
2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md)
This bot takes care for user accounts. So it stores the credentials itself and provides ways to access them via matrix-synapse-rest-auth or mxisd.
## How to install
- Copy `config.sample.php` to `config.php` and configure the bot as you can find there
- Configure your webserver to publish the folder `public` and configure.
The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth
- To integrate with matrix-synapse-rest-auth:
- Configure your webserver to publish the folder `public`.
The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth or else via a reverse proxy
- To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
- `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
- To integrate with mxisd: Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
- To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
| Key | file which handles that | Description |
@@ -30,3 +31,17 @@ This is done in several steps:
| rest.endpoints.directory | internal/directory_search.php | Search for users by arbitrary input |
| rest.endpoints.identity.single | internal/identity_single.php | Endpoint to query a single 3PID |
| rest.endpoints.identity.bulk | internal/identity_bulk.php | Endpoint to query a list of 3PID |
## Implement usage of additional features:
### Use the ChangePasswortInterceptor:
You need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.
Here is an example for nginx:
```
location /_matrix/client/r0/account/password {
proxy_pass http://localhost/mxbot/internal/intercept_change_password.php;
proxy_set_header X-Forwarded-For $remote_addr;
}
```

16
config.sample.php
View File

@@ -14,16 +14,26 @@ $config = [
// optional: Do you have a place where howTo's are located? If not leave this value out
"howToURL" => "https://my-url-for-storing-howTos.net",
// set the mode of operation. Basically this defines where the data is stored:
// - synapse (using the register endpoint - so no further auth config necessary
// - local (recommended; using a table in the database to store credentials;
// synapse has to be configured to use that)
"operationMode" => "local",
// This setting is only required for operationMode = synapse
"registration_shared_secret" => "SOME_SECRET_KEY_FROM_HOMESERVER_CONFIG",
// When you want to collect the password on registration set this to true
// only evaluated when operationMode = local
"getPasswordOnRegistration" => false,
// default language: one of [ en-gb | de-de ]
"defaultLanguage" => "en-gb",
// to define where the data should be stored:
"databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
// credentials for sqlite not used
"databaseUser" => "dbUser123",
"databasePass" => "secretPassword",
// default language: one of [ en-gb | de-de ]
"defaultLanguage" => "en-gb"
]
?>

6
cron.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -36,10 +37,7 @@ foreach ($mx_db->query($sql) as $row) {
case RegisterState::PendingEmailSend:
$verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
$success = send_mail_pending_verification(
$config["homeserver"],
$row["first_name"] . " " . $row["last_name"],
$row["email"],
$verify_url);
$config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
if ($success) {
$mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);

19
database.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,8 +19,8 @@ if (!isset($config["databaseURI"])) {
throw new Exception("malformed configuration: databaseURI not defined");
}
abstract class RegisterState
{
abstract class RegisterState {
// Sending an E-Mail failed in the first attempt. Will retry later
const PendingEmailSend = 0;
// User got a mail. We wait for it to verfiy
@@ -30,21 +31,19 @@ abstract class RegisterState
const PendingAdminVerify = 6;
// Registration failed on first attempt. Will retry
const PendingRegistration = 7;
// in this case we have to reset the password of the user (or should we store it for this case?)
const PendingSendRegistrationMail = 8;
// State to allow persisting in the database although an admin declined it.
// Will be removed regularly
const RegistrationAccepted = 7;
const RegistrationDeclined = 13;
// User got successfully registered. Will be cleaned up later
const AllDone = 100;
}
class mxDatabase
{
class mxDatabase {
private $db = NULL;
/**
@@ -164,6 +163,7 @@ class mxDatabase
}
return false;
}
function userRegistered($username) {
$sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
$res = $this->db->query($sql);
@@ -215,7 +215,6 @@ class mxDatabase
$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
. " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
$res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, username, note, email FROM registrations"
@@ -240,10 +239,9 @@ class mxDatabase
$sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
$res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
$sql = "SELECT first_name, last_name, note, email, username, admin_token FROM registrations "
. " WHERE verify_token = '" . $verify_token . "'"
. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
foreach ($this->db->query($sql) as $row) {
@@ -361,6 +359,7 @@ class mxDatabase
}
return $result;
}
}
if (!isset($mx_db)) {

15
helpers.php
View File

@@ -1,4 +1,19 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
function stripLocalpart($mxid) {
$localpart = NULL;
if (!empty($mxid)) {

6
internal/directory_search.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -39,12 +40,11 @@ try {
$response["result"] = $mx_db->searchUserByEmail($input["search_term"]);
break;
default:
throw new Exception("unknown type for \"by\" param");
throw new Exception('unknown type for "by" param');
}
} catch (Exception $e) {
error_log("failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
print (json_encode($response, JSON_PRETTY_PRINT));
?>

9
internal/identity_bulk.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,7 +38,7 @@ try {
if (!isset($lookup["address"])) {
throw new Exception('"lookup.address" is not defined');
}
$res2 = array();
$res2 = NULL;
switch ($lookup["medium"]) {
case "email":
$res2 = $mx_db->searchUserByEmail($lookup["address"]);
@@ -54,14 +55,16 @@ try {
}
break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break;
default:
throw new Exception("unknown type for \"by\" param");
throw new Exception("unknown lookup medium");
}
}
} catch (Exception $e) {
error_log("ídentity_bulk failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
print (json_encode($response, JSON_PRETTY_PRINT));
?>

19
internal/identity_single.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -30,7 +31,7 @@ try {
if (!isset($input["lookup"]["address"])) {
throw new Exception('"lookup.address" is not defined');
}
$res2 = array();
$res2 = NULL;
switch ($input["lookup"]["medium"]) {
case "email":
$res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]);
@@ -46,15 +47,19 @@ try {
]
];
}
break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break;
default:
throw new Exception("unknown type for \"by\" param");
throw new Exception("unknown lookup medium");
}
} catch (Exception $e) {
error_log("ídentity_bulk failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
error_log("ídentity_single failed with error: " . $e->getMessage());
$response = [
"error" => $e->getMessage()
];
}
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
print (json_encode($response, JSON_PRETTY_PRINT));
?>

7
internal/intercept_change_password.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
header('Access-Control-Allow-Origin: *');
@@ -53,13 +53,10 @@ try {
require_once("../database.php");
if (!$mx_db->updatePassword(
$localpart,
$input["auth"]["password"],
$input["new_password"]
$localpart, $input["auth"]["password"], $input["new_password"]
)) {
throw new Exception("invalid credentials or another error while updating");
}
} catch (Exception $e) {
header("HTTP/1.0 500 Internal Error");
error_log("failed with error: " . $e->getMessage());

15
internal/login.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,18 +21,21 @@ $response = [
];
require_once("../database.php");
abstract class LoginRequester {
const UNDEFINED = 0;
const MXISD = 1;
const RestAuth = 2;
}
$loginRequester = LoginRequester::UNDEFINED;
try {
$inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE);
$mxid = NULL;
$localpart = NULL;
$mxid = $localpart = NULL;
if (isset($input["user"])) {
if (isset($input["user"]["localpart"])) {
$localpart = $input["user"]["localpart"];
@@ -45,6 +49,8 @@ try {
$mxid = $input["user"]["mxid"];
$loginRequester = LoginRequester::MXISD;
}
} else {
throw new Exception('"user" not in request body');
}
// prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
@@ -59,7 +65,7 @@ try {
}
$password = NULL;
if (isset($input["user"]) && isset($input["user"]["password"])) {
if (isset($input["user"]["password"])) {
$password = $input["user"]["password"];
}
if (empty($password)) {
@@ -95,11 +101,12 @@ try {
// only return that it was successful.
// we do not know how the data shall be transmitted so we do nothing with it
$response["auth"]["success"] = false;
$response["auth"]["error"] = "unidentified requester";
break;
}
} catch (Exception $e) {
error_log("Auth failed with error: " . $e->getMessage());
$response["auth"]["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
print (json_encode($response, JSON_PRETTY_PRINT));
?>

31
lang/lang.de-de.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,7 +15,19 @@
* limitations under the License.
*/
$language = array(
"ACCEPT" => "Akzeptieren",
"DECLINE" => "Ablehnen",
"SUCCESS" => "Erfolgreich",
"FIRST_NAME" => "Vorname",
"LAST_NAME" => "Nachname",
"USERNAME" => "Nutzername (für den Login)",
"PASSWORD" => "Passwort",
"PASSWORD_CONFIRM" => "Passwort bestätigen",
"EMAIL_ADDRESS" => "E-Mail-Adresse",
"REGISTER" => "Registrieren",
"NOTE" => "Hinweis",
"NO_CONFIGURATION" => "Es konnte keine Konfiguration gefunden werden.",
"UNKNOWN_ERROR" => "Unbekannter Fehler",
"UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.",
"UNKNOWN_USERNAME" => "Nutzername fehlt",
"UNKNOWN_TOKEN" => "Token ist unbekannt",
@@ -24,18 +37,32 @@ $language = array(
"USERNAME_REGISTERED" => "Dieser Nutzername wurde bereits registriert. Bitte wähle einen anderen Nutzernamen",
"PASSWORD_NOT_MATCH" => "Passwörter stimmen nicht überein",
"NOTE_LENGTH_EXEEDED" => "Notiz ist länger als die erlaubten 50 Zeichen",
"PLACEHOLDER_NOTE_ABOUT_YOURSELF" => "Notiz zu dir (max. 50 Zeichen)",
"EMAIL_INVALID_FORMAT" => "Keine valide E-Mail-Adresse angegeben",
"FIRSTNAME_INVALID_FORMAT" => "Vorname hat ungültiges Format",
"SIRNAME_INVALID_FORMAT" => "Nachname hat ungültiges Format",
"FIRSTNAME_INVALID_FORMAT" => "Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben",
"SIRNAME_INVALID_FORMAT" => "Nachname muss das Format <Großbuchstabe><Kleinbuchstaben> haben",
"SEND_MAIL_FAIL" => "Senden der E-Mail fehlgeschlagen",
"SEND_MATRIX_FAIL" => "Senden einer Nachricht an die Administratoren fehlgeschlagen",
"TASK_CHECK_YOUR_EMAIL_VERIFY" => "Bitte prüfe deine E-Mails um deine Adresse zu bestätigen",
"REGISTRATION_REQUEST_FAILED" => "Registrierungsanfrage ist fehlgeschlagen",
"REGISTRATION_FAILED" => "Registrierung ist fehlgeschlagen",
"REGISTRATION_FAILED_FOR" => "Registrierung für @user ist fehlgeschlagen",
"VERIFICATION_SUCEEDED" => "Verifizierung erfolgreich",
"VERIFICATION_FAILED" => "Verifizierung fehlgeschlagen",
"VERIFICATION_SUCCESS_BODY" => "Vielen Dank. Die Administratoren wurden informiert",
"ADMIN_VERIFY_SITE_TITLE" => "Registrierungsanfrage bearbeiten",
"ADMIN_REGISTER_ACCEPTED_BODY" => "Die Registrierungsanfrage wurde akzeptiert. Der Nutzer wurde per Mail informiert.",
"ADMIN_REGISTER_DECLINED_BODY" => "Die Registrierungsanfrage wurde angelehnt. Der Nutzer wurde per Mail informiert.",
"JUMP_TO_HOMEPAGE" => "Zur Startseite",
"TOPIC_PLEASE_REGISTER" => "Bitte für @homeserver registrieren",
"TOPIC_PLEASE_REGISTER_NOTE" => "2-Schritt-Registrierung",
"NOTE_FOR_REGISTRATION" => "@homeserver ist ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.<br />
Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet.
Hinterlasse also bitte einen Hinweis zu dir (den nur die Administratoren sehen werden).<br />
Liebe Grüße vom Team von @homeserver",
"MSG_USER_WANTS_REGISTER" => "@name möchte sich registrieren und hat folgende Notiz hinterlassen:
@note \r\nZum Bearbeiten hier klicken:\r\n @adminUrl",
"MSG_USER_WANTS_REGISTER_FORMATTED" => "@name möchte sich registrieren und hat folgende Notiz hinterlassen:<br />
@note <br />Zum Bearbeiten <a href=\"@adminUrl\">hier</a> klicken",
);
?>

25
lang/lang.en-gb.php
View File

@@ -14,7 +14,19 @@
* limitations under the License.
*/
$language = array(
"ACCEPT" => "Accept",
"DECLINE" => "Decline",
"SUCCESS" => "Success",
"FIRST_NAME" => "First name",
"LAST_NAME" => "Last name",
"USERNAME" => "username (for login)",
"PASSWORD" => "Password",
"PASSWORD_CONFIRM" => "Confirm password",
"EMAIL_ADDRESS" => "EMail Address",
"REGISTER" => "Register",
"NOTE" => "Note",
"NO_CONFIGURATION" => "No configuration found",
"UNKNOWN_ERROR" => "Unknown Error",
"UNKNOWN_SESSION" => "Session token not found of invalid.",
"UNKNOWN_USERNAME" => "username unknown",
"UNKNOWN_TOKEN" => "Token is unknown",
@@ -24,18 +36,31 @@ $language = array(
"USERNAME_REGISTERED" => "This username is already registered. Please try again with another username",
"PASSWORD_NOT_MATCH" => "passwords do not match",
"NOTE_LENGTH_EXEEDED" => "Note consists of more than 50 characters",
"PLACEHOLDER_NOTE_ABOUT_YOURSELF" => "Note about yourself (max. 50 characters)",
"EMAIL_INVALID_FORMAT" => "no valid email address",
"FIRSTNAME_INVALID_FORMAT" => "First name with invalid formatting",
"SIRNAME_INVALID_FORMAT" => "Sirname with invalid formatting",
"SEND_MAIL_FAIL" => "Email could not be sent",
"SEND_MATRIX_FAIL" => "Sending a message to the admins failed",
"TASK_CHECK_YOUR_EMAIL_VERIFY" => "Please check your emails to verify your email address",
"REGISTRATION_REQUEST_FAILED" => "Registration request failed",
"REGISTRATION_FAILED" => "Registration failed",
"REGISTRATION_FAILED_FOR" => "Registrierung für @user ist fehlgeschlagen",
"VERIFICATION_SUCEEDED" => "Verification suceeded",
"VERIFICATION_FAILED" => "Verification failed",
"VERIFICATION_SUCCESS_BODY" => "Thank you. The admins got informed",
"ADMIN_VERIFY_SITE_TITLE" => "Handle registration request",
"ADMIN_REGISTER_ACCEPTED_BODY" => "The registration request got accepted. The user got notified per email.",
"ADMIN_REGISTER_DECLINED_BODY" => "The registration request got declined. The user got notified per email.",
"JUMP_TO_HOMEPAGE" => "To homepage",
"TOPIC_PLEASE_REGISTER" => "Please register for @homeserver<small>2-Step-Registration</small>",
"NOTE_FOR_REGISTRATION" => "@homeserver is a closed chat network where every user has to be confirmed.<br />
You will get an email once sb. approved your registration. An initial password will be send to you afterwards.
Please leave a note about yourself (that will only be shown to the admins).<br />
Greetings from the team of @homeserver",
"MSG_USER_WANTS_REGISTER" => "@name wants to register and left the following note:
@note \r\nTo handle that request:\r\n @adminUrl",
"MSG_USER_WANTS_REGISTER_FORMATTED" => "@name wants to register and left the following note:<br />
@note <br />To handle that request click <a href=\"@adminUrl\">here</a>",
);
?>

2
lang/mail.de-de.php
View File

@@ -14,7 +14,7 @@
* limitations under the License.
*/
function send_mail($receiver, $subject, $body) {
include("config.php");
include("../config.php");
$headers = "From: " . $config["register_email"] . "\r\n"
. "Content-Type: text/plain;charset=utf-8";
return mail($receiver, $subject, $body, $headers);

2
lang/mail.en-gb.php
View File

@@ -14,7 +14,7 @@
* limitations under the License.
*/
function send_mail($receiver, $subject, $body) {
include("config.php");
include("../config.php");
$headers = "From: " . $config["register_email"] . "\r\n"
. "Content-Type: text/plain;charset=utf-8";
return mail($receiver, $subject, $body, $headers);

4
language.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,9 +22,10 @@ if(isset($_GET['lang'])){
}
$lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
if (!file_exists($lang_file)) {
error_log("Translation for '" . $lang . "' not found. Fallback to 'de-de'");
error_log("Translation for " . $lang . " not found. Fallback to 'de-de'");
$lang = "de-de";
}
$lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
require_once($lang_file);
unset($lang_file);
?>

2
mail_templates.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,6 +24,7 @@ if (!file_exists($lang_file)) {
error_log("Mail templates for '" . $lang . "' not found. Fallback to 'de-de'");
$lang = "de-de";
}
$lang_file = dirname(__FILE__) . "/lang/mail." . $lang . ".php";
require_once($lang_file);
unset($lang_file);
?>

121
public/index.php
View File

@@ -13,6 +13,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// enforce admin via https
if (!isset($_SERVER['HTTPS'])) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301);
exit();
}
require_once "../language.php";
if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]);
@@ -20,12 +26,18 @@ if (!file_exists("../config.php")) {
}
require_once "../config.php";
// enforce admin via https
if (!isset($_SERVER['HTTPS'])) {
header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
exit();
// this values will not be used when using the register operation type
$storeFirstLastName = false;
if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
$storeFirstLastName = true;
}
// currently the case to store the password on our own is the only supported one
$storePassword = false;
if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
isset($config["operationMode"]) && $config["operationMode"] === "synapse") {
$storePassword = true;
}
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
@@ -53,17 +65,22 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
throw new Exception("EMAIL_INVALID_FORMAT");
}
if (isset($_POST["first_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
if ($storeFirstLastName) {
// only require first_name and last_name when we will evaluate them
if (!isset($_POST["first_name"]) || !preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
throw new Exception("FIRSTNAME_INVALID_FORMAT");
}
if (isset($_POST["last_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
if (!isset($_POST["last_name"]) || !preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
throw new Exception("SIRNAME_INVALID_FORMAT");
}
$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
} else {
$first_name = $last_name = "";
}
$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
if (isset($_POST["password"])) {
if ($storePassword && isset($_POST["password"])) {
$password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
}
$note = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
@@ -74,27 +91,23 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($res["verify_token"])) {
error_log("sth. went wrong. registration did not throw but admin_token not set");
throw Exception ("Unknown Error");
throw Exception("UNKNOWN_ERROR");
}
$verify_token = $res["verify_token"];
$verify_url = $config["webroot"] . "/verify.php?t=" . $verify_token;
require_once "../mail_templates.php";
$success = send_mail_pending_verification(
$config["homeserver"],
$first_name . " " . $last_name,
$email,
$verify_url);
$config["homeserver"], $storeFirstLastName ? $first_name . " " . $last_name : $username, $email, $verify_url);
$mx_db->setRegistrationStateVerify(
($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend),
$verify_token);
($success ? RegisterState::PendingEmailVerify : RegisterState::PendingEmailSend), $verify_token);
print("<title>Erfolgreich</title>");
print("<title>" . $language["SUCCESS"] . "</title>");
print("</head><body>");
print("<h1>Erfolgreich</h1>");
print("<p>Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.</p>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
print("<h1>" . $language["SUCCESS"] . "</h1>");
print("<p>" . $language["TASK_CHECK_YOUR_EMAIL_VERIFY"] . "</p>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">" . $language["JUMP_TO_HOMEPAGE"] . "</a>");
} catch (Exception $e) {
print("<title>" . $language["REGISTRATION_REQUEST_FAILED"] . "</title>");
print("</head><body>");
@@ -104,12 +117,12 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
} else {
print("<p>" . $e->getMessage() . "</p>");
}
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">" . $language["JUMP_TO_HOMEPAGE"] . "</a>");
}
} else {
$_SESSION["token"] = bin2hex(random_bytes(16));
?>
<title>Registriere dich für <?php echo $config["homeserver"]; ?></title>
<title><?php echo strtr($language["TOPIC_PLEASE_REGISTER"], [ "@homeserver" => $config["homeserver"] ]); ?></title>
<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet">
<style>
body{
@@ -133,94 +146,97 @@ body{
<div class="col-xs-12 col-sm-8 col-md-4 col-sm-offset-2 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Bitte für <?php echo $config["homeserver"]; ?> registrieren<small>2-Schritt-Registrierung</small></h3>
<h3 class="panel-title"><?php echo strtr($language["TOPIC_PLEASE_REGISTER"], [ "@homeserver" => $config["homeserver"] ])
. "<small>" . $language["TOPIC_PLEASE_REGISTER_NOTE"] . "</small>"; ?></h3>
</div>
<div class="panel-body">
<form name="regForm" role="form" action="index.php" method="post">
<?php if ($storeFirstLastName) { ?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="text" name="first_name" id="first_name" class="form-control input-sm"
placeholder="Vorname" pattern="[A-Z][a-z]+">
placeholder="<?php echo $language["FIRST_NAME"]; ?>" pattern="[A-Z][a-z]+">
</div>
</div>
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="text" name="last_name" id="last_name" class="form-control input-sm"
placeholder="Nachname" pattern="[A-Z][a-z]+">
placeholder="<?php echo $language["LAST_NAME"]; ?>" pattern="[A-Z][a-z]+">
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<input type="email" name="email" id="email" class="form-control input-sm" placeholder="<?php echo $language["EMAIL_ADDRESS"]; ?>" required>
</div>
<div class="form-group">
<input type="email" name="email" id="email" class="form-control input-sm" placeholder="E-Mail-Adresse" required>
</div>
<div class="form-group">
<input type="text" name="note" id="note" class="form-control input-sm" placeholder="Notiz zu dir (max. 50 Zeichen)">
<input type="text" name="note" id="note" class="form-control input-sm" placeholder="<?php echo $language["PLACEHOLDER_NOTE_ABOUT_YOURSELF"]; ?>">
</div>
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-sm"
placeholder="Nutzername (für den Login)" pattern="[a-z1-9]{3,20}" required>
placeholder="<?php echo $language["USERNAME"]; ?>" pattern="[a-z1-9]{3,20}" required>
</div>
<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
<?php if ($storePassword) { ?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-sm" placeholder="Passwort" required>
<input type="password" name="password" id="password" class="form-control input-sm" placeholder="<?php echo $language["PASSWORD"]; ?>" required>
</div>
</div>
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="Passwort bestätigen" required>
<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="<?php echo $language["PASSWORD_CONFIRM"]; ?>" required>
</div>
</div>
</div>
<?php } ?>
<input type="hidden" name="token" id="token" value="<?php echo $_SESSION["token"]; ?>">
<input type="submit" value="Registrieren" class="btn btn-info btn-block">
<input type="submit" value="<?php echo $language["REGISTER"]; ?>" class="btn btn-info btn-block">
</form>
<p>Hinweis: <br />
<?php echo $config["homeserver"]; ?> ist ein geschlossenes Chat-Netzwerk in dem jeder Nutzer bestätigt werden muss.<br />
Du bekommst eine E-Mail wenn jemand deine Mitgliedschaft bestätigt hat. An diese wird auch dein initiales Passwort gesendet.
Hinterlasse also bitte einen Hinweis zu dir (der nur den entsprechenden Personen gezeigt wird).<br />
Liebe Grüße vom Team von <?php echo $config["homeserver"]; ?>
</p>
<?php if (isset($language["NOTE_FOR_REGISTRATION"])) {
echo "<p>" . $language["NOTE"] . ": <br />";
echo strtr($language["NOTE_FOR_REGISTRATION"], [ "@homeserver" => $config["homeserver"] ]);
echo "</p>";
} ?>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
var user_name = document.getElementById("username");
user_name.oninvalid = function (event) {
event.target.setCustomValidity("<?php echo $language["USERNAME_LENGTH_INVALID"]; ?>");
}
user_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
<?php if ($storeFirstLastName) { ?>
var first_name = document.getElementById("first_name");
first_name.oninvalid = function (event) {
event.target.setCustomValidity("Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
event.target.setCustomValidity("<?php echo $language["FIRSTNAME_INVALID_FORMAT"]; ?>");
}
first_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
var last_name = document.getElementById("last_name");
last_name.oninvalid = function (event) {
event.target.setCustomValidity("Nachname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
event.target.setCustomValidity("<?php echo $language["SIRNAME_INVALID_FORMAT"]; ?>");
}
last_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
var user_name = document.getElementById("username");
user_name.oninvalid = function(event) {
event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
}
user_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
<?php } if ($storePassword) { ?>
var password = document.getElementById("password")
, confirm_password = document.getElementById("password_confirm");
function validatePassword() {
if (password.value != confirm_password.value) {
confirm_password.setCustomValidity("Passwörter stimmen nicht überein");
confirm_password.setCustomValidity("<?php echo $language["PASSWORD_NOT_MATCH"]; ?>");
} else {
confirm_password.setCustomValidity('');
}
@@ -230,5 +246,4 @@ body{
<?php } ?>
</script>
<?php } ?>
</body>
</html>
</body></html>

26
public/verify.php
View File

@@ -46,6 +46,7 @@ try {
}
$first_name = $user["first_name"];
$last_name = $user["last_name"];
$username = $user["username"];
$note = $user["note"];
$email = $user["email"];
$admin_token = $user["admin_token"];
@@ -54,12 +55,18 @@ try {
$adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token;
$mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
$mxMsg = new MatrixMessage();
$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
. $note . "\r\n"
. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
. $note . "<br />"
. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
$mxMsg->set_body(strtr($language["MSG_USER_WANTS_REGISTER"], [
"@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
"@note" => $note,
"@adminUrl" => $adminUrl
]));
if (isset($language["MSG_USER_WANTS_REGISTER_FORMATTED"])) {
$mxMsg->set_formatted_body(strtr($language["MSG_USER_WANTS_REGISTER_FORMATTED"], [
"@name" => (strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username),
"@note" => $note,
"@adminUrl" => $adminUrl
]));
}
$mxMsg->set_type("m.text");
$response = $mxConn->send($config["register_room"], $mxMsg);
@@ -67,8 +74,7 @@ try {
$message = $language["SEND_MATRIX_FAIL"];
}
$mx_db->setRegistrationStateVerify(
($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend),
$token);
($response ? RegisterState::PendingAdminVerify : RegisterState::PendingAdminSend), $token);
send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
@@ -76,7 +82,7 @@ try {
print("</head><body>");
print("<h1>" . $language["VERIFICATION_SUCEEDED"] . "</h1>");
print("<p>" . $language["VERIFICATION_SUCCESS_BODY"] . "</p>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">" . $language["JUMP_TO_HOMEPAGE"] . "</a>");
} catch (Exception $e) {
print("<title>" . $language["VERIFICATION_FAILED"] . "</title>");
print("</head><body>");
@@ -86,7 +92,7 @@ try {
} else {
print("<p>" . $e->getMessage() . "</p>");
}
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">" . $language["JUMP_TO_HOMEPAGE"] . "</a>");
}
?>
</body>

43
public/verify_admin.php
View File

@@ -70,11 +70,30 @@ try {
require_once("../MatrixConnection.php");
$mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
// generate a password with 8 characters
$password = NULL;
switch ($config["operationMode"]) {
case "synapse":
// register with registration_shared_secret
// generate a password with 10 characters
$password = bin2hex(openssl_random_pseudo_bytes(5));
$res = $mxConn->register($username, $password, $config["registration_shared_secret"]);
if (!$res) {
// something went wrong while registering
$password = NULL;
}
break;
case "local":
// register by adding a user to the local database
$password = $mx_db->addUser($first_name, $last_name, $username, $email);
break;
default:
throw new Exception("Unknown operationMode");
}
if ($password != NULL) {
// send registration_success
$res = send_mail_registration_success($config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]);
$res = send_mail_registration_success(
$config["homeserver"], $first_name . " " . $last_name, $email, $username, $password, $config["howToURL"]
);
if ($res) {
$mx_db->setRegistrationStateAdmin(RegisterState::AllDone, $token);
} else {
@@ -84,7 +103,9 @@ try {
send_mail_registration_allowed_but_failed($config["homeserver"], $first_name . " " . $last_name, $email);
$mxMsg = new MatrixMessage();
$mxMsg->set_type("m.text");
$mxMsg->set_body("Fehler beim Registrieren von " . $first_name . " " . $last_name . ".");
$mxMsg->set_body(strtr($language["REGISTRATION_FAILED_FOR"], [
"@name" => strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username,
]));
$mxConn->send($config["register_room"], $mxMsg);
throw new Exception("REGISTRATION_FAILED");
}
@@ -95,7 +116,9 @@ try {
print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
} elseif ($action == RegisterState::RegistrationDeclined) {
$mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token);
send_mail_registration_decline($config["homeserver"], $first_name . " " . $last_name, $email, $decline_reason);
send_mail_registration_decline(
$config["homeserver"], strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username, $email, $decline_reason
);
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
print("</head><body>");
print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
@@ -131,6 +154,9 @@ background: rgba(255, 255, 255, 0.8);
</div>
<div class="panel-body">
<form name="appForm" role="form" action="verify_admin.php" method="GET">
<?php if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
// this values will not be used when using the register operation type
?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
@@ -145,7 +171,7 @@ background: rgba(255, 255, 255, 0.8);
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
</div>
@@ -155,9 +181,8 @@ background: rgba(255, 255, 255, 0.8);
value="<?php echo $username; ?>" disabled=true>
</div>
<input type="hidden" name="t" id="token" value="<?php echo $token; ?>">
<input type="submit" name="allow" value="Bestätigen" class="btn btn-info btn-block">
<input type="submit" name="deny" value="Ablehnen" class="btn btn-info btn-block">
<input type="submit" name="allow" value="<?php echo $language["ACCEPT"]; ?>" class="btn btn-info btn-block">
<input type="submit" name="deny" value="<?php echo $language["DECLINE"]; ?>" class="btn btn-info btn-block">
</form>
</div>
</div>
@@ -177,7 +202,7 @@ background: rgba(255, 255, 255, 0.8);
} else {
print("<p>" . $e->getMessage() . "</p>");
}
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
print("<a href=\"" . $config["webroot"] . "/index.php" . "\">" . $language["JUMP_TO_HOMEPAGE"] . "</a>");
}
?>
< /body>