krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

Compare commits

base: krombel:f808615f22e2ca4c9a42981b8f5e220950fb2688
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation
..
compare: krombel:fix_language_ref
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation

1 Commits
f808615f22 ... fix_langua

Author SHA1 Message Date
Krombel
81c3ff5dc0 apply Apache License 2018-03-19 15:16:51 +01:00
17 changed files with 625 additions and 803 deletions
Expand all files Collapse all files

29
MatrixConnection.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,8 +13,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class MatrixConnection {
class MatrixConnection
{
private $hs;
private $at;
@@ -34,7 +33,7 @@ class MatrixConnection {
if (!$message) {
error_log("no message to send");
return false;
} elseif (is_array($message)) {
} elseif(is_array($message)) {
$send_message = $message;
} elseif ($message instanceof MatrixMessage) {
$send_message = $message->get_object();
@@ -43,8 +42,8 @@ class MatrixConnection {
return false;
}
$url = "https://" . $this->hs . "/_matrix/client/r0/rooms/"
. urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at;
$url="https://".$this->hs."/_matrix/client/r0/rooms/"
. urlencode($room_id) ."/send/m.room.message?access_token=".$this->at;
$handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -66,10 +65,10 @@ class MatrixConnection {
function hasUser($username) {
if (!$username) {
throw new Exception("no user given to lookup");
throw new Exception ("no user given to lookup");
}
$url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
$url = "https://".$this->hs."/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
$handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -95,7 +94,7 @@ class MatrixConnection {
"password" => $password,
"mac" => $mac,
);
$url = "https://" . $this->hs . "/_matrix/client/v2_alpha/register";
$url = "https://".$this->hs."/_matrix/client/v2_alpha/register";
$handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -108,6 +107,7 @@ class MatrixConnection {
function exec_curl_request($handle) {
$response = curl_exec($handle);
if ($response === false) {
$errno = curl_errno($handle);
$error = curl_error($handle);
@@ -115,6 +115,7 @@ class MatrixConnection {
curl_close($handle);
return false;
}
$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
curl_close($handle);
@@ -131,13 +132,13 @@ class MatrixConnection {
} else {
$response = json_decode($response, true);
}
return $response;
}
}
class MatrixMessage {
class MatrixMessage
{
private $message;
function __construct() {
@@ -156,7 +157,7 @@ class MatrixMessage {
$this->message["body"] = $body;
}
function set_formatted_body($fbody, $format = "org.matrix.custom.html") {
function set_formatted_body($fbody, $format="org.matrix.custom.html") {
$this->message["formatted_body"] = $fbody;
$this->message["format"] = $format;
}
@@ -164,7 +165,5 @@ class MatrixMessage {
function get_object() {
return $this->message;
}
}
?>

25
README.md
View File

@@ -14,34 +14,17 @@ This is done in several steps:
2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md)
This bot takes care for user accounts. So it stores the credentials itself and provides ways to access them via matrix-synapse-rest-auth or mxisd.
## How to install
- Copy `config.sample.php` to `config.php` and configure the bot as you can find there
- Configure your webserver to publish the folder `public`.
The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth or else via a reverse proxy
- To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
- Configure your webserver to publish the folder `public` and configure.
The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth
- To integrate with matrix-synapse-rest-auth:
- `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
- To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
- To integrate with mxisd: Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
| Key | file which handles that | Description |
|--------------------------------|-------------------------------|------------------------------------------------------|
| rest.endpoints.auth | internal/login.php | Validate credentials and get user profile |
| rest.endpoints.directory | internal/directory_search.php | Search for users by arbitrary input |
| rest.endpoints.identity.single | internal/identity_single.php | Endpoint to query a single 3PID |
| rest.endpoints.identity.bulk | internal/identity_bulk.php | Endpoint to query a list of 3PID |
## Implement usage of additional features:
### Use the ChangePasswortInterceptor:
You need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.
Here is an example for nginx:
```
location /_matrix/client/r0/account/password {
proxy_pass http://localhost/mxbot/internal/intercept_change_password.php;
proxy_set_header X-Forwarded-For $remote_addr;
}
```

14
config.sample.php
View File

@@ -1,28 +1,26 @@
<?php
$config = [
"homeserver" => "example.com",
"access_token" => "To be used for sending the registration notification",
// Which e-mail-adresse shall the bot use to send e-mails?
"register_email" => 'register_bot@example.com',
// Where should the bot post registration requests to?
"register_room" => '$registerRoomID:example.com',
// Where is the public part of the bot located? make sure you have a / at the end
"webroot" => "https://myregisterdomain.net/",
// optional: Do you have a place where howTo's are located? If not leave this value out
"howToURL" => "https://my-url-for-storing-howTos.net",
// set the mode of operation. Basically this defines where the data is stored:
// - synapse (using the register endpoint - so no further auth config necessary
// - local (recommended; using a table in the database to store credentials;
// synapse has to be configured to use that)
"operationMode" => "local",
// When you want to collect the password on registration set this to true
// only evaluated when operationMode = local
"getPasswordOnRegistration" => false,
// to define where the data should be stored:
"databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
// credentials for sqlite not used
"databaseUser" => "dbUser123",
"databasePass" => "secretPassword",
]
]
?>

24
cron.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,12 +18,12 @@ require_once("mail_templates.php");
require_once("database.php");
$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations "
. "WHERE state = " . RegisterState::PendingEmailSend
. " OR state = " . RegisterState::PendingAdminSend
. " OR state = " . RegisterState::PendingRegistration
. " OR state = " . RegisterState::PendingSendRegistrationMail
. " OR state = " . RegisterState::RegistrationDeclined
. " OR state = " . RegisterState::AllDone . ";";
."WHERE state = ". RegisterState::PendingEmailSend
. " OR state = " . RegisterState::PendingAdminSend
. " OR state = " . RegisterState::PendingRegistration
. " OR state = " . RegisterState::PendingSendRegistrationMail
. " OR state = " . RegisterState::RegistrationDeclined
. " OR state = " . RegisterState::AllDone . ";";
foreach ($mx_db->query($sql) as $row) {
$first_name = $row["first_name"];
$last_name = $row["last_name"];
@@ -37,12 +36,15 @@ foreach ($mx_db->query($sql) as $row) {
case RegisterState::PendingEmailSend:
$verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
$success = send_mail_pending_verification(
$config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
$config["homeserver"],
$row["first_name"] . " " . $row["last_name"],
$row["email"],
$verify_url);
if ($success) {
$mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);
} else {
throw new Exception("Could not send mail to " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ")");
throw new Exception("Could not send mail to ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].")");
}
break;
case RegisterState::PendingAdminSend:
@@ -55,7 +57,7 @@ foreach ($mx_db->query($sql) as $row) {
. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
. $row["note"] . "<br />"
. "Zum Bearbeiten <a href=\"" . $adminUrl . "\">hier</a> klicken");
. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
$mxMsg->set_type("m.text");
$response = $mxConn->send($config["register_room"], $mxMsg);
@@ -64,7 +66,7 @@ foreach ($mx_db->query($sql) as $row) {
send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
} else {
throw new Exception("Could not send notification for " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ") to admins.");
throw new Exception("Could not send notification for ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].") to admins.");
}
break;
case RegisterState::PendingRegistration:

49
database.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,11 +15,11 @@
*/
require_once("config.php");
if (!isset($config["databaseURI"])) {
throw new Exception("malformed configuration: databaseURI not defined");
throw new Exception ("malformed configuration: databaseURI not defined");
}
abstract class RegisterState {
abstract class RegisterState
{
// Sending an E-Mail failed in the first attempt. Will retry later
const PendingEmailSend = 0;
// User got a mail. We wait for it to verfiy
@@ -31,19 +30,21 @@ abstract class RegisterState {
const PendingAdminVerify = 6;
// Registration failed on first attempt. Will retry
const PendingRegistration = 7;
// in this case we have to reset the password of the user (or should we store it for this case?)
const PendingSendRegistrationMail = 8;
// State to allow persisting in the database although an admin declined it.
// Will be removed regularly
const RegistrationAccepted = 7;
const RegistrationDeclined = 13;
// User got successfully registered. Will be cleaned up later
const AllDone = 100;
}
class mxDatabase {
class mxDatabase
{
private $db = NULL;
/**
@@ -163,7 +164,6 @@ class mxDatabase {
}
return false;
}
function userRegistered($username) {
$sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
$res = $this->db->query($sql);
@@ -197,11 +197,11 @@ class mxDatabase {
$this->db->exec("INSERT INTO registrations
(first_name, last_name, username, note, email, verify_token, admin_token)
VALUES ('" . $first_name . "','" . $last_name . "','" . $username . "','" . $note . "','"
. $email . "','" . $verify_token . "','" . $admin_token . "')");
VALUES ('" . $first_name."','" . $last_name . "','" . $username . "','" . $note . "','"
. $email."','" .$verify_token."','" .$admin_token."')");
return [
"verify_token" => $verify_token,
"verify_token"=> $verify_token,
];
}
@@ -215,6 +215,7 @@ class mxDatabase {
$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
. " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
$res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, username, note, email FROM registrations"
@@ -239,9 +240,10 @@ class mxDatabase {
$sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
$res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, note, email, username, admin_token FROM registrations "
$sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
. " WHERE verify_token = '" . $verify_token . "'"
. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
foreach ($this->db->query($sql) as $row) {
@@ -290,10 +292,10 @@ class mxDatabase {
// generate a password with 10 characters
$password = bin2hex(openssl_random_pseudo_bytes(5));
$password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]);
$password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost"=>12]);
$sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
. "('" . $first_name . "','" . $last_name . "','" . $username . "','"
. "('" . $first_name."','" . $last_name . "','" . $username . "','"
. $password_hash . "','" . $email . "');";
if ($this->db->exec($sql)) {
@@ -302,24 +304,6 @@ class mxDatabase {
return NULL;
}
function updatePassword($localpart, $old_password, $new_password) {
$user = $this->getUserForLogin($localpart, $old_password);
if ($user == NULL) {
throw new Exception("user with that credentials not found");
}
// The credentials were fine. So now set the new password
$password_hash = password_hash($new_password, PASSWORD_BCRYPT, ["cost" => 12]);
$sql = "UPDATE logins SET password_hash = '" . $password_hash . "'"
. "WHERE localpart = '" . $localpart . "'";
if ($this->db->exec($sql)) {
return true;
}
return false;
}
function searchUserByName($search_term) {
$term = filter_var($search_term, FILTER_SANITIZE_STRING);
$result = array();
@@ -359,7 +343,6 @@ class mxDatabase {
}
return $result;
}
}
if (!isset($mx_db)) {

33
helpers.php
View File

@@ -1,33 +0,0 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
function stripLocalpart($mxid) {
$localpart = NULL;
if (!empty($mxid)) {
// A mxid would start with an @ so we start at the 2. position
$sepPos = strpos($mxid, ':', 1);
if ($sepPos === false) {
// : not found. Assume mxid is localpart
// TODO: further checks
$localpart = $mxid;
} else {
$localpart = substr($mxid, 1, strpos($mxid, ':') - 1);
}
}
return $localpart;
}
?>

8
internal/directory_search.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,7 +14,7 @@
* limitations under the License.
*/
require_once("../database.php");
$response = [
$response=[
"limited" => false,
"result" => [],
];
@@ -40,11 +39,12 @@ try {
$response["result"] = $mx_db->searchUserByEmail($input["search_term"]);
break;
default:
throw new Exception('unknown type for "by" param');
throw new Exception("unknown type for \"by\" param");
}
} catch (Exception $e) {
error_log("failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT));
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
?>

9
internal/identity_bulk.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,7 +37,7 @@ try {
if (!isset($lookup["address"])) {
throw new Exception('"lookup.address" is not defined');
}
$res2 = NULL;
$res2 = array();
switch ($lookup["medium"]) {
case "email":
$res2 = $mx_db->searchUserByEmail($lookup["address"]);
@@ -55,16 +54,14 @@ try {
}
break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break;
default:
throw new Exception("unknown lookup medium");
throw new Exception("unknown type for \"by\" param");
}
}
} catch (Exception $e) {
error_log("ídentity_bulk failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT));
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
?>

19
internal/identity_single.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -31,7 +30,7 @@ try {
if (!isset($input["lookup"]["address"])) {
throw new Exception('"lookup.address" is not defined');
}
$res2 = NULL;
$res2 = array();
switch ($input["lookup"]["medium"]) {
case "email":
$res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]);
@@ -47,19 +46,15 @@ try {
]
];
}
break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break;
default:
throw new Exception("unknown lookup medium");
throw new Exception("unknown type for \"by\" param");
}
} catch (Exception $e) {
error_log("ídentity_single failed with error: " . $e->getMessage());
$response = [
"error" => $e->getMessage()
];
error_log("ídentity_bulk failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT));
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
?>

69
internal/intercept_change_password.php
View File

@@ -1,69 +0,0 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
print ("{}");
// return with success
exit();
}
$response = new stdClass;
try {
$inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE);
if (empty($input)) {
throw new Exception('no valid json as input present');
}
if (!isset($input["auth"])) {
throw new Exception('"auth" is not defined');
}
if (!isset($input["auth"]["user"]) || !isset($input["auth"]["password"])) {
throw new Exception('"auth.user" or "auth.password" is not defined');
}
if (!isset($input["auth"]["type"]) || $input["auth"]["type"] !== "m.login.password") {
throw new Exception('no or unknown auth.type');
}
if (!isset($input["new_password"])) {
throw new Exception('"new_password" is not defined');
}
require_once("../helpers.php");
$localpart = stripLocalpart($input["auth"]["user"]);
if (empty($localpart)) {
throw new Exception("localpart cannot be identified");
}
require_once("../database.php");
if (!$mx_db->updatePassword(
$localpart, $input["auth"]["password"], $input["new_password"]
)) {
throw new Exception("invalid credentials or another error while updating");
}
} catch (Exception $e) {
header("HTTP/1.0 500 Internal Error");
error_log("failed with error: " . $e->getMessage());
$response = [
"errorcode" => "M_UNKNOWN",
"error" => $e->getMessage(),
];
}
print (json_encode($response, JSON_PRETTY_PRINT));
?>

32
internal/login.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,21 +20,18 @@ $response = [
];
require_once("../database.php");
abstract class LoginRequester {
const UNDEFINED = 0;
const MXISD = 1;
const RestAuth = 2;
}
$loginRequester = LoginRequester::UNDEFINED;
try {
$inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE);
$mxid = $localpart = NULL;
$mxid = NULL;
$localpart = NULL;
if (isset($input["user"])) {
if (isset($input["user"]["localpart"])) {
$localpart = $input["user"]["localpart"];
@@ -49,27 +45,32 @@ try {
$mxid = $input["user"]["mxid"];
$loginRequester = LoginRequester::MXISD;
}
} else {
throw new Exception('"user" not in request body');
}
// prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
// we have to parse it on our own
if (empty($localpart)) {
require_once("../helpers.php");
$localpart = stripLocalpart($mxid);
if (empty($localpart) && !empty($mxid)) {
// A mxid would start with an @ so we start at the 2. position
$sepPos = strpos($mxid,':', 1);
if ($sepPos === false) {
// : not found. Assume mxid is localpart
// TODO: further checks
$localpart = $mxid;
} else {
$localpart = substr($mxid, 1, strpos($mxid,':') - 1 );
}
}
if (empty($localpart)) {
throw new Exception("localpart cannot be identified");
throw new Exception ("localpart cannot be identified");
}
$password = NULL;
if (isset($input["user"]["password"])) {
if (isset($input["user"]) && isset($input["user"]["password"])) {
$password = $input["user"]["password"];
}
if (empty($password)) {
throw new Exception("password is not present");
throw new Exception ("password is not present");
}
$user = $mx_db->getUserForLogin($localpart, $password);
@@ -101,12 +102,11 @@ try {
// only return that it was successful.
// we do not know how the data shall be transmitted so we do nothing with it
$response["auth"]["success"] = false;
$response["auth"]["error"] = "unidentified requester";
break;
}
} catch (Exception $e) {
error_log("Auth failed with error: " . $e->getMessage());
$response["auth"]["error"] = $e->getMessage();
}
print (json_encode($response, JSON_PRETTY_PRINT));
print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
?>

1
lang/lang.de-de.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");

5
language.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,10 +14,10 @@
* limitations under the License.
*/
$lang = "de-de";
if (isset($_GET['lang'])) {
if(isset($_GET['lang'])){
$lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING);
}
$lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
$lang_file = dirname(__FILE__) . "/lang/lang.".$lang.".php";
if (!file_exists($lang_file)) {
error_log("Translation for " . $lang . " not found. Fallback to 'de-de'");
$lang = "de-de";

27
mail_templates.php
View File

@@ -1,5 +1,4 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -40,7 +39,7 @@ Danach ist eine Re-Registrierung mit deinem gewünschten Nutzernamen für andere
Vielen Dank für dein Verständnis.
Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body);
return send_mail($receiver, $subject, $body );
}
function send_mail_pending_approval($homeserver, $user, $receiver) {
@@ -54,7 +53,7 @@ Du bekommst eine weitere E-Mail, sobald deine Registrierung bestätigt oder able
Vielen Dank für dein Verständnis.
Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body);
return send_mail($receiver, $subject, $body );
}
function send_mail_registration_allowed_but_failed($homeserver, $user, $receiver) {
@@ -69,6 +68,7 @@ Wir melden uns, wenn die Registrierung erfolgreich war.
Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body);
}
function send_mail_registration_success($homeserver, $user, $receiver, $username, $password, $howToURL) {
@@ -81,28 +81,28 @@ Zum Anmelden kannst du folgende Zugangsdaten verwenden:
Nutzername: $username
Passwort: $password
Hinweis: Das Passwort kannst du aktuell über die App selbst ändern. Auch wenn das Passwort nirgends
im Klartext gespeichert wird, kann jemand Zugriff auf diese Mail erlangen und so den Zugriff bekommen.
Hinweis: Aktuell ist es nicht möglich, das Passwort selbst zu ändern. Sobald die Funktionalität zur
Verfügung steht, gibt es aber einen Hinweis.
";
/*
Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung.
Es wird zwar von unserer Seite nicht gespeichert, doch fremde könnten Zugriff auf diese E-Mail
erhalten und so deinen Account kompromittieren.
/*
Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung.
Es wird zwar von unserer Seite nicht gespeichert, doch fremde könnten Zugriff auf diese E-Mail
erhalten und so deinen Account kompromittieren.
*/
if (!empty($howToURL)) {
if (!empty($howToURL)) {
$body .= "
Zu weiteren Hilfestellungen findest du hier eine Auflistung von verschiedenen
Anleitungen zu verschiedenen Clients:
$howToURL\n";
}
}
$body .= "
Viel Spaß bei der Verwendung von $homeserver.
Bei Fragen findest du nach der Anmeldung ein paar Räume in denen du sie stellen kannst.
Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body);
}
}
function send_mail_registration_decline($homeserver, $user, $receiver, $reason) {
$subject = "Registrierung auf $homeserver abgelehnt.";
$body = "Guten Tag " . $user . ",
@@ -116,7 +116,6 @@ Deine Registrierungsanfrage wurde durch die Administratoren abgelehnt.\n";
}
$body .= "\nDas Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body);
return send_mail($receiver, $subject, $body );
}
?>

64
public/index.php
View File

@@ -13,13 +13,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// enforce admin via https
if (!isset($_SERVER['HTTPS'])) {
header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
exit();
}
require_once "../language.php";
if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]);
@@ -27,18 +20,12 @@ if (!file_exists("../config.php")) {
}
require_once "../config.php";
// this values will not be used when using the register operation type
$storeFirstLastName = false;
if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
$storeFirstLastName = true;
// enforce admin via https
if (!isset($_SERVER['HTTPS'])) {
header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
exit();
}
// currently the case to store the password on our own is the only supported one
$storePassword = false;
if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
isset($config["operationMode"]) && $config["operationMode"] === "synapse") {
$storePassword = true;
}
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
@@ -66,22 +53,17 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST["email"]) || !filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
throw new Exception("EMAIL_INVALID_FORMAT");
}
if ($storeFirstLastName) {
// only require first_name and last_name when we will evaluate them
if (!isset($_POST["first_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
if (isset($_POST["first_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["first_name"])) {
throw new Exception("FIRSTNAME_INVALID_FORMAT");
}
if (!isset($_POST["last_name"]) || ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
if (isset($_POST["last_name"]) && ! preg_match("/[A-Z][a-z]+/", $_POST["last_name"])) {
throw new Exception("SIRNAME_INVALID_FORMAT");
}
$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
} else {
$first_name = $last_name = "";
}
$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
if ($storePassword && isset($_POST["password"])) {
if (isset($_POST["password"])) {
$password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
}
$note = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
@@ -100,7 +82,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
require_once "../mail_templates.php";
$success = send_mail_pending_verification(
$config["homeserver"],
$storeFirstLastName ? $first_name . " " . $last_name : $username,
$first_name . " " . $last_name,
$email,
$verify_url);
@@ -155,7 +137,6 @@ body{
</div>
<div class="panel-body">
<form name="regForm" role="form" action="index.php" method="post">
<?php if ($storeFirstLastName) { ?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
@@ -170,7 +151,6 @@ body{
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<input type="email" name="email" id="email" class="form-control input-sm" placeholder="E-Mail-Adresse" required>
@@ -184,7 +164,7 @@ body{
<input type="text" name="username" id="username" class="form-control input-sm"
placeholder="Nutzername (für den Login)" pattern="[a-z1-9]{3,20}" required>
</div>
<?php if ($storePassword) { ?>
<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
@@ -197,7 +177,7 @@ body{
</div>
</div>
</div>
<?php } ?>
<?php } ?>
<input type="hidden" name="token" id="token" value="<?php echo $_SESSION["token"]; ?>">
<input type="submit" value="Registrieren" class="btn btn-info btn-block">
@@ -214,14 +194,6 @@ body{
</div>
</div>
<script type="text/javascript">
var user_name = document.getElementById("username");
user_name.oninvalid = function(event) {
event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
}
user_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
<?php if ($storeFirstLastName) { ?>
var first_name = document.getElementById("first_name");
first_name.oninvalid = function(event) {
event.target.setCustomValidity("Vorname muss das Format <Großbuchstabe><Kleinbuchstaben> haben");
@@ -236,7 +208,14 @@ body{
last_name.onkeyup = function(event) {
event.target.setCustomValidity("");
}
<?php } if ($storePassword) { ?>
var user_name = document.getElementById("username");
user_name.oninvalid = function(event) {
event.target.setCustomValidity("Nutzername darf zwischen 3 und 20 kleine Buchstaben und Zahlen enthalten");
}
user_name.onkeyup = function (event) {
event.target.setCustomValidity("");
}
<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
var password = document.getElementById("password")
, confirm_password = document.getElementById("password_confirm");
function validatePassword(){
@@ -250,5 +229,6 @@ body{
confirm_password.onkeyup = validatePassword;
<?php } ?>
</script>
<?php } ?>
</body></html>
<?php } ?>
</body>
</html>

7
public/verify.php
View File

@@ -46,7 +46,6 @@ try {
}
$first_name = $user["first_name"];
$last_name = $user["last_name"];
$username = $user["username"];
$note = $user["note"];
$email = $user["email"];
$admin_token = $user["admin_token"];
@@ -55,12 +54,10 @@ try {
$adminUrl = $config["webroot"] . "/verify_admin.php?t=" . $admin_token;
$mxConn = new MatrixConnection($config["homeserver"], $config["access_token"]);
$mxMsg = new MatrixMessage();
$mxMsg->set_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username)
. " möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
$mxMsg->set_body($first_name . ' ' . $last_name . "möchte sich registrieren und hat folgende Notiz hinterlassen:\r\n"
. $note . "\r\n"
. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
$mxMsg->set_formatted_body((strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username)
. " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
. $note . "<br />"
. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken");
$mxMsg->set_type("m.text");

11
public/verify_admin.php
View File

@@ -95,12 +95,7 @@ try {
print("<p>" . $language["ADMIN_REGISTER_ACCEPTED_BODY"] . "</p>");
} elseif ($action == RegisterState::RegistrationDeclined) {
$mx_db->setRegistrationStateAdmin(RegisterState::RegistrationDeclined, $token);
send_mail_registration_decline(
$config["homeserver"],
strlen($first_name . $last_name) > 0 ? $first_name . " " . $last_name : $username,
$email,
$decline_reason
);
send_mail_registration_decline($config["homeserver"], $first_name . " " . $last_name, $email, $decline_reason);
print("<title>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</title>");
print("</head><body>");
print("<h1>" . $language["ADMIN_VERIFY_SITE_TITLE"] . "</h1>");
@@ -136,8 +131,6 @@ background: rgba(255, 255, 255, 0.8);
</div>
<div class="panel-body">
<form name="appForm" role="form" action="verify_admin.php" method="GET">
<?php if (isset($config["operationMode"]) && $config["operationMode"] === "local") {
// this values will not be used when using the register operation type ?>
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<div class="form-group">
@@ -152,7 +145,7 @@ background: rgba(255, 255, 255, 0.8);
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<input type="text" id="note" class="form-control input-sm" value="<?php echo $note; ?>" disabled=true>
</div>