krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

Compare commits

base: krombel:fix_language_ref
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation
...
compare: krombel:ffce2fc28b342d749026d9d9a0995e590a272adb
Branches Tags
krombel:master krombel:track_decline_reason krombel:fix_new_api krombel:complete_password_on_registration krombel:feature_multimodeOperation krombel:fix_language_ref krombel:second_implementation krombel:first_implementation

10 Commits
fix_langua ... ffce2fc28b

Author SHA1 Message Date
Krombel
ffce2fc28b run some autoformat 2018-04-04 20:43:24 +02:00
Krombel
eb5b76c5c8 smaller optimizations 2018-04-04 20:29:00 +02:00
Matthias
b343c6f862 Update readme to have howTo for ChangePasswordInterceptor 2018-03-26 23:27:04 +02:00
Krombel
6f6ad7bccb fix password setting via android; update mail_template to show that you can set passwords 2018-03-26 19:26:14 +02:00
Krombel
4f76e45ae5 fix login 2018-03-26 18:08:17 +02:00
Krombel
874271a87c first version of change_password interceptor (more see details) 
- add stripLocalpart in helpers.php
- extend mxDatabase to update the password once validated
 2018-03-26 13:28:04 +02:00
Krombel
905643cbff Merge branch 'master' 2018-03-19 15:18:29 +01:00
Krombel
f986867cad apply Apache License 2018-03-19 15:18:04 +01:00
Matthias
916e368b00 fix rendering of table of endpoints for internal endpoints 2018-03-19 15:04:26 +01:00
Matthias
6df1eaa7a1 Merge branch 'fix_language_ref' of into master 2018-03-19 14:48:48 +01:00
17 changed files with 911 additions and 594 deletions
Expand all files Collapse all files

43
MatrixConnection.php
View File

@@ -1,6 +1,21 @@
<?php <?php
class MatrixConnection
{ /**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class MatrixConnection {
private $hs; private $hs;
private $at; private $at;
@@ -19,7 +34,7 @@ class MatrixConnection
if (!$message) { if (!$message) {
error_log("no message to send"); error_log("no message to send");
return false; return false;
} elseif(is_array($message)) { } elseif (is_array($message)) {
$send_message = $message; $send_message = $message;
} elseif ($message instanceof MatrixMessage) { } elseif ($message instanceof MatrixMessage) {
$send_message = $message->get_object(); $send_message = $message->get_object();
@@ -28,8 +43,8 @@ class MatrixConnection
return false; return false;
} }
$url="https://".$this->hs."/_matrix/client/r0/rooms/" $url = "https://" . $this->hs . "/_matrix/client/r0/rooms/"
. urlencode($room_id) ."/send/m.room.message?access_token=".$this->at; . urlencode($room_id) . "/send/m.room.message?access_token=" . $this->at;
$handle = curl_init($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -51,10 +66,10 @@ class MatrixConnection
function hasUser($username) { function hasUser($username) {
if (!$username) { if (!$username) {
throw new Exception ("no user given to lookup"); throw new Exception("no user given to lookup");
} }
$url = "https://".$this->hs."/_matrix/client/r0/profile/@" . $username . ":" . $this->hs; $url = "https://" . $this->hs . "/_matrix/client/r0/profile/@" . $username . ":" . $this->hs;
$handle = curl_init($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -80,7 +95,7 @@ class MatrixConnection
"password" => $password, "password" => $password,
"mac" => $mac, "mac" => $mac,
); );
$url = "https://".$this->hs."/_matrix/client/v2_alpha/register"; $url = "https://" . $this->hs . "/_matrix/client/v2_alpha/register";
$handle = curl_init($url); $handle = curl_init($url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
@@ -93,7 +108,6 @@ class MatrixConnection
function exec_curl_request($handle) { function exec_curl_request($handle) {
$response = curl_exec($handle); $response = curl_exec($handle);
if ($response === false) { if ($response === false) {
$errno = curl_errno($handle); $errno = curl_errno($handle);
$error = curl_error($handle); $error = curl_error($handle);
@@ -101,7 +115,6 @@ class MatrixConnection
curl_close($handle); curl_close($handle);
return false; return false;
} }
$http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE)); $http_code = intval(curl_getinfo($handle, CURLINFO_HTTP_CODE));
curl_close($handle); curl_close($handle);
@@ -118,13 +131,13 @@ class MatrixConnection
} else { } else {
$response = json_decode($response, true); $response = json_decode($response, true);
} }
return $response; return $response;
} }
} }
class MatrixMessage class MatrixMessage {
{
private $message; private $message;
function __construct() { function __construct() {
@@ -143,7 +156,7 @@ class MatrixMessage
$this->message["body"] = $body; $this->message["body"] = $body;
} }
function set_formatted_body($fbody, $format="org.matrix.custom.html") { function set_formatted_body($fbody, $format = "org.matrix.custom.html") {
$this->message["formatted_body"] = $fbody; $this->message["formatted_body"] = $fbody;
$this->message["format"] = $format; $this->message["format"] = $format;
} }
@@ -151,5 +164,7 @@ class MatrixMessage
function get_object() { function get_object() {
return $this->message; return $this->message;
} }
} }
?> ?>

25
README.md
View File

@@ -14,17 +14,34 @@ This is done in several steps:
2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) 2nd step: Implement the other apis to integrade [mxisd](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md)
This bot takes care for user accounts. So it stores the credentials itself and provides ways to access them via matrix-synapse-rest-auth or mxisd.
## How to install ## How to install
- Copy `config.sample.php` to `config.php` and configure the bot as you can find there - Copy `config.sample.php` to `config.php` and configure the bot as you can find there
- Configure your webserver to publish the folder `public` and configure. - Configure your webserver to publish the folder `public`.
The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth The folder `internal` contains files that can be accessed by mxisd or matrix-synapse-rest-auth or else via a reverse proxy
- To integrate with matrix-synapse-rest-auth: - To integrate with [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth):
- `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php` - `/_matrix-internal/identity/v1/check_credentials` should map to `internal/login.php`
- To integrate with mxisd: Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows: - To integrate with [mxisd](https://github.com/kamax-io/mxisd): Have a look at [the docs](https://github.com/kamax-io/mxisd/blob/master/docs/backends/rest.md) and apply as follows:
| Key | file which handles that | Description | | Key | file which handles that | Description |
|--------------------------------|-------------------------------|------------------------------------------------------| |--------------------------------|-------------------------------|------------------------------------------------------|
| rest.endpoints.auth | internal/login.php | Validate credentials and get user profile | | rest.endpoints.auth | internal/login.php | Validate credentials and get user profile |
| rest.endpoints.directory | internal/directory_search.php | Search for users by arbitrary input | | rest.endpoints.directory | internal/directory_search.php | Search for users by arbitrary input |
| rest.endpoints.identity.single | internal/identity_single.php | Endpoint to query a single 3PID | | rest.endpoints.identity.single | internal/identity_single.php | Endpoint to query a single 3PID |
| rest.endpoints.identity.bulk | internal/identity_bulk.php | Endpoint to query a list of 3PID | | rest.endpoints.identity.bulk | internal/identity_bulk.php | Endpoint to query a list of 3PID |
## Implement usage of additional features:
### Use the ChangePasswortInterceptor:
You need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.
Here is an example for nginx:
```
location /_matrix/client/r0/account/password {
proxy_pass http://localhost/mxbot/internal/intercept_change_password.php;
proxy_set_header X-Forwarded-For $remote_addr;
}
```

8
config.sample.php
View File

@@ -1,26 +1,22 @@
<?php <?php
$config = [ $config = [
"homeserver" => "example.com", "homeserver" => "example.com",
"access_token" => "To be used for sending the registration notification", "access_token" => "To be used for sending the registration notification",
// Which e-mail-adresse shall the bot use to send e-mails? // Which e-mail-adresse shall the bot use to send e-mails?
"register_email" => 'register_bot@example.com', "register_email" => 'register_bot@example.com',
// Where should the bot post registration requests to? // Where should the bot post registration requests to?
"register_room" => '$registerRoomID:example.com', "register_room" => '$registerRoomID:example.com',
// Where is the public part of the bot located? make sure you have a / at the end // Where is the public part of the bot located? make sure you have a / at the end
"webroot" => "https://myregisterdomain.net/", "webroot" => "https://myregisterdomain.net/",
// optional: Do you have a place where howTo's are located? If not leave this value out // optional: Do you have a place where howTo's are located? If not leave this value out
"howToURL" => "https://my-url-for-storing-howTos.net", "howToURL" => "https://my-url-for-storing-howTos.net",
// When you want to collect the password on registration set this to true // When you want to collect the password on registration set this to true
"getPasswordOnRegistration" => false, "getPasswordOnRegistration" => false,
// to define where the data should be stored: // to define where the data should be stored:
"databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite", "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
// credentials for sqlite not used // credentials for sqlite not used
"databaseUser" => "dbUser123", "databaseUser" => "dbUser123",
"databasePass" => "secretPassword", "databasePass" => "secretPassword",
] ]
?> ?>

38
cron.php
View File

@@ -1,15 +1,30 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once("config.php"); require_once("config.php");
require_once("mail_templates.php"); require_once("mail_templates.php");
require_once("database.php"); require_once("database.php");
$sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations " $sql = "SELECT id, first_name, last_name, username, email, state, note, verify_token, admin_token FROM registrations "
."WHERE state = ". RegisterState::PendingEmailSend . "WHERE state = " . RegisterState::PendingEmailSend
. " OR state = " . RegisterState::PendingAdminSend . " OR state = " . RegisterState::PendingAdminSend
. " OR state = " . RegisterState::PendingRegistration . " OR state = " . RegisterState::PendingRegistration
. " OR state = " . RegisterState::PendingSendRegistrationMail . " OR state = " . RegisterState::PendingSendRegistrationMail
. " OR state = " . RegisterState::RegistrationDeclined . " OR state = " . RegisterState::RegistrationDeclined
. " OR state = " . RegisterState::AllDone . ";"; . " OR state = " . RegisterState::AllDone . ";";
foreach ($mx_db->query($sql) as $row) { foreach ($mx_db->query($sql) as $row) {
$first_name = $row["first_name"]; $first_name = $row["first_name"];
$last_name = $row["last_name"]; $last_name = $row["last_name"];
@@ -22,15 +37,12 @@ foreach ($mx_db->query($sql) as $row) {
case RegisterState::PendingEmailSend: case RegisterState::PendingEmailSend:
$verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"]; $verify_url = $config["webroot"] . "/verify.php?t=" . $row["verify_token"];
$success = send_mail_pending_verification( $success = send_mail_pending_verification(
$config["homeserver"], $config["homeserver"], $row["first_name"] . " " . $row["last_name"], $row["email"], $verify_url);
$row["first_name"] . " " . $row["last_name"],
$row["email"],
$verify_url);
if ($success) { if ($success) {
$mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]); $mx_db->setRegistrationStateById(RegisterState::PendingEmailVerify, $row["id"]);
} else { } else {
throw new Exception("Could not send mail to ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].")"); throw new Exception("Could not send mail to " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ")");
} }
break; break;
case RegisterState::PendingAdminSend: case RegisterState::PendingAdminSend:
@@ -43,7 +55,7 @@ foreach ($mx_db->query($sql) as $row) {
. "Zum Bearbeiten hier klicken:\r\n" . $adminUrl); . "Zum Bearbeiten hier klicken:\r\n" . $adminUrl);
$mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />" $mxMsg->set_formatted_body($first_name . ' ' . $last_name . " möchte sich registrieren und hat folgende Notiz hinterlassen:<br />"
. $row["note"] . "<br />" . $row["note"] . "<br />"
. "Zum Bearbeiten <a href=\"". $adminUrl . "\">hier</a> klicken"); . "Zum Bearbeiten <a href=\"" . $adminUrl . "\">hier</a> klicken");
$mxMsg->set_type("m.text"); $mxMsg->set_type("m.text");
$response = $mxConn->send($config["register_room"], $mxMsg); $response = $mxConn->send($config["register_room"], $mxMsg);
@@ -52,7 +64,7 @@ foreach ($mx_db->query($sql) as $row) {
send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email); send_mail_pending_approval($config["homeserver"], $first_name . " " . $last_name, $email);
} else { } else {
throw new Exception("Could not send notification for ".$row["first_name"]." ".$row["last_name"]."(".$row["id"].") to admins."); throw new Exception("Could not send notification for " . $row["first_name"] . " " . $row["last_name"] . "(" . $row["id"] . ") to admins.");
} }
break; break;
case RegisterState::PendingRegistration: case RegisterState::PendingRegistration:

61
database.php
View File

@@ -1,11 +1,26 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once("config.php"); require_once("config.php");
if (!isset($config["databaseURI"])) { if (!isset($config["databaseURI"])) {
throw new Exception ("malformed configuration: databaseURI not defined"); throw new Exception("malformed configuration: databaseURI not defined");
} }
abstract class RegisterState abstract class RegisterState {
{
// Sending an E-Mail failed in the first attempt. Will retry later // Sending an E-Mail failed in the first attempt. Will retry later
const PendingEmailSend = 0; const PendingEmailSend = 0;
// User got a mail. We wait for it to verfiy // User got a mail. We wait for it to verfiy
@@ -16,21 +31,19 @@ abstract class RegisterState
const PendingAdminVerify = 6; const PendingAdminVerify = 6;
// Registration failed on first attempt. Will retry // Registration failed on first attempt. Will retry
const PendingRegistration = 7; const PendingRegistration = 7;
// in this case we have to reset the password of the user (or should we store it for this case?) // in this case we have to reset the password of the user (or should we store it for this case?)
const PendingSendRegistrationMail = 8; const PendingSendRegistrationMail = 8;
// State to allow persisting in the database although an admin declined it. // State to allow persisting in the database although an admin declined it.
// Will be removed regularly // Will be removed regularly
const RegistrationAccepted = 7; const RegistrationAccepted = 7;
const RegistrationDeclined = 13; const RegistrationDeclined = 13;
// User got successfully registered. Will be cleaned up later // User got successfully registered. Will be cleaned up later
const AllDone = 100; const AllDone = 100;
} }
class mxDatabase class mxDatabase {
{
private $db = NULL; private $db = NULL;
/** /**
@@ -150,6 +163,7 @@ class mxDatabase
} }
return false; return false;
} }
function userRegistered($username) { function userRegistered($username) {
$sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;"; $sql = "SELECT COUNT(*) FROM logins WHERE localpart = '" . $username . "' LIMIT 1;";
$res = $this->db->query($sql); $res = $this->db->query($sql);
@@ -183,11 +197,11 @@ class mxDatabase
$this->db->exec("INSERT INTO registrations $this->db->exec("INSERT INTO registrations
(first_name, last_name, username, note, email, verify_token, admin_token) (first_name, last_name, username, note, email, verify_token, admin_token)
VALUES ('" . $first_name."','" . $last_name . "','" . $username . "','" . $note . "','" VALUES ('" . $first_name . "','" . $last_name . "','" . $username . "','" . $note . "','"
. $email."','" .$verify_token."','" .$admin_token."')"); . $email . "','" . $verify_token . "','" . $admin_token . "')");
return [ return [
"verify_token"=> $verify_token, "verify_token" => $verify_token,
]; ];
} }
@@ -201,7 +215,6 @@ class mxDatabase
$sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'" $sql = "SELECT COUNT(*) FROM registrations WHERE admin_token = '" . $admin_token . "'"
. " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;"; . " AND state = " . RegisterState::PendingAdminVerify . " LIMIT 1;";
$res = $this->db->query($sql); $res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) { if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, username, note, email FROM registrations" $sql = "SELECT first_name, last_name, username, note, email FROM registrations"
@@ -226,7 +239,6 @@ class mxDatabase
$sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'" $sql = "SELECT COUNT(*) FROM registrations WHERE verify_token = '" . $verify_token . "'"
. " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;"; . " AND state = " . RegisterState::PendingEmailVerify . " LIMIT 1;";
$res = $this->db->query($sql); $res = $this->db->query($sql);
$first_name = NULL; $last_name = NULL; $username = NULL; $note = NULL; $email = NULL;
if ($res->fetchColumn() > 0) { if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations " $sql = "SELECT first_name, last_name, note, email, admin_token FROM registrations "
@@ -278,10 +290,10 @@ class mxDatabase
// generate a password with 10 characters // generate a password with 10 characters
$password = bin2hex(openssl_random_pseudo_bytes(5)); $password = bin2hex(openssl_random_pseudo_bytes(5));
$password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost"=>12]); $password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 12]);
$sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES " $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
. "('" . $first_name."','" . $last_name . "','" . $username . "','" . "('" . $first_name . "','" . $last_name . "','" . $username . "','"
. $password_hash . "','" . $email . "');"; . $password_hash . "','" . $email . "');";
if ($this->db->exec($sql)) { if ($this->db->exec($sql)) {
@@ -290,6 +302,24 @@ class mxDatabase
return NULL; return NULL;
} }
function updatePassword($localpart, $old_password, $new_password) {
$user = $this->getUserForLogin($localpart, $old_password);
if ($user == NULL) {
throw new Exception("user with that credentials not found");
}
// The credentials were fine. So now set the new password
$password_hash = password_hash($new_password, PASSWORD_BCRYPT, ["cost" => 12]);
$sql = "UPDATE logins SET password_hash = '" . $password_hash . "'"
. "WHERE localpart = '" . $localpart . "'";
if ($this->db->exec($sql)) {
return true;
}
return false;
}
function searchUserByName($search_term) { function searchUserByName($search_term) {
$term = filter_var($search_term, FILTER_SANITIZE_STRING); $term = filter_var($search_term, FILTER_SANITIZE_STRING);
$result = array(); $result = array();
@@ -329,6 +359,7 @@ class mxDatabase
} }
return $result; return $result;
} }
} }
if (!isset($mx_db)) { if (!isset($mx_db)) {

33
helpers.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
function stripLocalpart($mxid) {
$localpart = NULL;
if (!empty($mxid)) {
// A mxid would start with an @ so we start at the 2. position
$sepPos = strpos($mxid, ':', 1);
if ($sepPos === false) {
// : not found. Assume mxid is localpart
// TODO: further checks
$localpart = $mxid;
} else {
$localpart = substr($mxid, 1, strpos($mxid, ':') - 1);
}
}
return $localpart;
}
?>

20
internal/directory_search.php
View File

@@ -1,6 +1,21 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once("../database.php"); require_once("../database.php");
$response=[ $response = [
"limited" => false, "limited" => false,
"result" => [], "result" => [],
]; ];
@@ -25,9 +40,8 @@ try {
$response["result"] = $mx_db->searchUserByEmail($input["search_term"]); $response["result"] = $mx_db->searchUserByEmail($input["search_term"]);
break; break;
default: default:
throw new Exception("unknown type for \"by\" param"); throw new Exception('unknown type for "by" param');
} }
} catch (Exception $e) { } catch (Exception $e) {
error_log("failed with error: " . $e->getMessage()); error_log("failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage(); $response["error"] = $e->getMessage();

21
internal/identity_bulk.php
View File

@@ -1,4 +1,19 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once("../database.php"); require_once("../database.php");
$response = [ $response = [
"lookup" => [] "lookup" => []
@@ -23,7 +38,7 @@ try {
if (!isset($lookup["address"])) { if (!isset($lookup["address"])) {
throw new Exception('"lookup.address" is not defined'); throw new Exception('"lookup.address" is not defined');
} }
$res2 = array(); $res2 = NULL;
switch ($lookup["medium"]) { switch ($lookup["medium"]) {
case "email": case "email":
$res2 = $mx_db->searchUserByEmail($lookup["address"]); $res2 = $mx_db->searchUserByEmail($lookup["address"]);
@@ -40,9 +55,11 @@ try {
} }
break; break;
case "msisdn": case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break; break;
default: default:
throw new Exception("unknown type for \"by\" param"); throw new Exception("unknown lookup medium");
} }
} }
} catch (Exception $e) { } catch (Exception $e) {

31
internal/identity_single.php
View File

@@ -1,4 +1,19 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once("../database.php"); require_once("../database.php");
$response = new stdClass; $response = new stdClass;
try { try {
@@ -16,7 +31,7 @@ try {
if (!isset($input["lookup"]["address"])) { if (!isset($input["lookup"]["address"])) {
throw new Exception('"lookup.address" is not defined'); throw new Exception('"lookup.address" is not defined');
} }
$res2 = array(); $res2 = NULL;
switch ($input["lookup"]["medium"]) { switch ($input["lookup"]["medium"]) {
case "email": case "email":
$res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]); $res2 = $mx_db->searchUserByEmail($input["lookup"]["address"]);
@@ -32,15 +47,19 @@ try {
] ]
]; ];
} }
break;
case "msisdn":
// This is reserved for number lookups
throw new Exception("unimplemented lookup medium");
break; break;
default: default:
throw new Exception("unknown type for \"by\" param"); throw new Exception("unknown lookup medium");
} }
} catch (Exception $e) { } catch (Exception $e) {
error_log("ídentity_bulk failed with error: " . $e->getMessage()); error_log("ídentity_single failed with error: " . $e->getMessage());
$response["error"] = $e->getMessage(); $response = [
"error" => $e->getMessage()
];
} }
print (json_encode($response, JSON_PRETTY_PRINT) . "\n"); print (json_encode($response, JSON_PRETTY_PRINT) . "\n");
?> ?>

69
internal/intercept_change_password.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// URL for this: /_matrix/client/r0/account/password?access_token=$ACCESS_TOKEN
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
print ("{}");
// return with success
exit();
}
$response = new stdClass;
try {
$inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE);
if (empty($input)) {
throw new Exception('no valid json as input present');
}
if (!isset($input["auth"])) {
throw new Exception('"auth" is not defined');
}
if (!isset($input["auth"]["user"]) || !isset($input["auth"]["password"])) {
throw new Exception('"auth.user" or "auth.password" is not defined');
}
if (!isset($input["auth"]["type"]) || $input["auth"]["type"] !== "m.login.password") {
throw new Exception('no or unknown auth.type');
}
if (!isset($input["new_password"])) {
throw new Exception('"new_password" is not defined');
}
require_once("../helpers.php");
$localpart = stripLocalpart($input["auth"]["user"]);
if (empty($localpart)) {
throw new Exception("localpart cannot be identified");
}
require_once("../database.php");
if (!$mx_db->updatePassword(
$localpart, $input["auth"]["password"], $input["new_password"]
)) {
throw new Exception("invalid credentials or another error while updating");
}
} catch (Exception $e) {
header("HTTP/1.0 500 Internal Error");
error_log("failed with error: " . $e->getMessage());
$response = [
"errorcode" => "M_UNKNOWN",
"error" => $e->getMessage(),
];
}
print (json_encode($response, JSON_PRETTY_PRINT));
?>

44
internal/login.php
View File

@@ -1,4 +1,19 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
$response = [ $response = [
"auth" => [ "auth" => [
"success" => false, "success" => false,
@@ -6,18 +21,21 @@ $response = [
]; ];
require_once("../database.php"); require_once("../database.php");
abstract class LoginRequester { abstract class LoginRequester {
const UNDEFINED = 0; const UNDEFINED = 0;
const MXISD = 1; const MXISD = 1;
const RestAuth = 2; const RestAuth = 2;
} }
$loginRequester = LoginRequester::UNDEFINED; $loginRequester = LoginRequester::UNDEFINED;
try { try {
$inputJSON = file_get_contents('php://input'); $inputJSON = file_get_contents('php://input');
$input = json_decode($inputJSON, TRUE); $input = json_decode($inputJSON, TRUE);
$mxid = NULL; $mxid = $localpart = NULL;
$localpart = NULL;
if (isset($input["user"])) { if (isset($input["user"])) {
if (isset($input["user"]["localpart"])) { if (isset($input["user"]["localpart"])) {
$localpart = $input["user"]["localpart"]; $localpart = $input["user"]["localpart"];
@@ -31,32 +49,27 @@ try {
$mxid = $input["user"]["mxid"]; $mxid = $input["user"]["mxid"];
$loginRequester = LoginRequester::MXISD; $loginRequester = LoginRequester::MXISD;
} }
} else {
throw new Exception('"user" not in request body');
} }
// prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth // prefer the localpart attribute of mxisd. But in case of matrix-synapse-rest-auth
// we have to parse it on our own // we have to parse it on our own
if (empty($localpart) && !empty($mxid)) { if (empty($localpart)) {
// A mxid would start with an @ so we start at the 2. position require_once("../helpers.php");
$sepPos = strpos($mxid,':', 1); $localpart = stripLocalpart($mxid);
if ($sepPos === false) {
// : not found. Assume mxid is localpart
// TODO: further checks
$localpart = $mxid;
} else {
$localpart = substr($mxid, 1, strpos($mxid,':') - 1 );
}
} }
if (empty($localpart)) { if (empty($localpart)) {
throw new Exception ("localpart cannot be identified"); throw new Exception("localpart cannot be identified");
} }
$password = NULL; $password = NULL;
if (isset($input["user"]) && isset($input["user"]["password"])) { if (isset($input["user"]["password"])) {
$password = $input["user"]["password"]; $password = $input["user"]["password"];
} }
if (empty($password)) { if (empty($password)) {
throw new Exception ("password is not present"); throw new Exception("password is not present");
} }
$user = $mx_db->getUserForLogin($localpart, $password); $user = $mx_db->getUserForLogin($localpart, $password);
@@ -88,6 +101,7 @@ try {
// only return that it was successful. // only return that it was successful.
// we do not know how the data shall be transmitted so we do nothing with it // we do not know how the data shall be transmitted so we do nothing with it
$response["auth"]["success"] = false; $response["auth"]["success"] = false;
$response["auth"]["error"] = "unidentified requester";
break; break;
} }
} catch (Exception $e) { } catch (Exception $e) {

15
lang/lang.de-de.php
View File

@@ -1,4 +1,19 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
$language = array( $language = array(
"NO_CONFIGURATION" => "Es konnte keine Konfiguration gefunden werden.", "NO_CONFIGURATION" => "Es konnte keine Konfiguration gefunden werden.",
"UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.", "UNKNOWN_SESSION" => "Sitzungstoken nicht vorhanden oder ungültig.",

19
language.php
View File

@@ -1,9 +1,24 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
$lang = "de-de"; $lang = "de-de";
if(isset($_GET['lang'])){ if (isset($_GET['lang'])) {
$lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING); $lang = filter_var($_GET['lang'], FILTER_SANITIZE_STRING);
} }
$lang_file = dirname(__FILE__) . "/lang/lang.".$lang.".php"; $lang_file = dirname(__FILE__) . "/lang/lang." . $lang . ".php";
if (!file_exists($lang_file)) { if (!file_exists($lang_file)) {
error_log("Translation for " . $lang . " not found. Fallback to 'de-de'"); error_log("Translation for " . $lang . " not found. Fallback to 'de-de'");
$lang = "de-de"; $lang = "de-de";

40
mail_templates.php
View File

@@ -1,5 +1,19 @@
<?php <?php
/**
* Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
function send_mail($receiver, $subject, $body) { function send_mail($receiver, $subject, $body) {
include("config.php"); include("config.php");
$headers = "From: " . $config["register_email"] . "\r\n" $headers = "From: " . $config["register_email"] . "\r\n"
@@ -26,7 +40,7 @@ Danach ist eine Re-Registrierung mit deinem gewünschten Nutzernamen für andere
Vielen Dank für dein Verständnis. Vielen Dank für dein Verständnis.
Das Administratoren-Team von " . $homeserver; Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body ); return send_mail($receiver, $subject, $body);
} }
function send_mail_pending_approval($homeserver, $user, $receiver) { function send_mail_pending_approval($homeserver, $user, $receiver) {
@@ -40,7 +54,7 @@ Du bekommst eine weitere E-Mail, sobald deine Registrierung bestätigt oder able
Vielen Dank für dein Verständnis. Vielen Dank für dein Verständnis.
Das Administratoren-Team von " . $homeserver; Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body ); return send_mail($receiver, $subject, $body);
} }
function send_mail_registration_allowed_but_failed($homeserver, $user, $receiver) { function send_mail_registration_allowed_but_failed($homeserver, $user, $receiver) {
@@ -55,7 +69,6 @@ Wir melden uns, wenn die Registrierung erfolgreich war.
Das Administratoren-Team von " . $homeserver; Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body); return send_mail($receiver, $subject, $body);
} }
function send_mail_registration_success($homeserver, $user, $receiver, $username, $password, $howToURL) { function send_mail_registration_success($homeserver, $user, $receiver, $username, $password, $howToURL) {
@@ -68,28 +81,28 @@ Zum Anmelden kannst du folgende Zugangsdaten verwenden:
Nutzername: $username Nutzername: $username
Passwort: $password Passwort: $password
Hinweis: Aktuell ist es nicht möglich, das Passwort selbst zu ändern. Sobald die Funktionalität zur Hinweis: Das Passwort kannst du aktuell über die App selbst ändern. Auch wenn das Passwort nirgends
Verfügung steht, gibt es aber einen Hinweis. im Klartext gespeichert wird, kann jemand Zugriff auf diese Mail erlangen und so den Zugriff bekommen.
"; ";
/* /*
Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung. Wichtig: Bitte ändere das Passwort direkt nach der Anmeldung.
Es wird zwar von unserer Seite nicht gespeichert, doch fremde könnten Zugriff auf diese E-Mail Es wird zwar von unserer Seite nicht gespeichert, doch fremde könnten Zugriff auf diese E-Mail
erhalten und so deinen Account kompromittieren. erhalten und so deinen Account kompromittieren.
*/ */
if (!empty($howToURL)) { if (!empty($howToURL)) {
$body .= " $body .= "
Zu weiteren Hilfestellungen findest du hier eine Auflistung von verschiedenen Zu weiteren Hilfestellungen findest du hier eine Auflistung von verschiedenen
Anleitungen zu verschiedenen Clients: Anleitungen zu verschiedenen Clients:
$howToURL\n"; $howToURL\n";
} }
$body .= " $body .= "
Viel Spaß bei der Verwendung von $homeserver. Viel Spaß bei der Verwendung von $homeserver.
Bei Fragen findest du nach der Anmeldung ein paar Räume in denen du sie stellen kannst. Bei Fragen findest du nach der Anmeldung ein paar Räume in denen du sie stellen kannst.
Das Administratoren-Team von " . $homeserver; Das Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body); return send_mail($receiver, $subject, $body);
} }
function send_mail_registration_decline($homeserver, $user, $receiver, $reason) { function send_mail_registration_decline($homeserver, $user, $receiver, $reason) {
$subject = "Registrierung auf $homeserver abgelehnt."; $subject = "Registrierung auf $homeserver abgelehnt.";
$body = "Guten Tag " . $user . ", $body = "Guten Tag " . $user . ",
@@ -103,6 +116,7 @@ Deine Registrierungsanfrage wurde durch die Administratoren abgelehnt.\n";
} }
$body .= "\nDas Administratoren-Team von " . $homeserver; $body .= "\nDas Administratoren-Team von " . $homeserver;
return send_mail($receiver, $subject, $body ); return send_mail($receiver, $subject, $body);
} }
?> ?>

18
public/index.php
View File

@@ -1,6 +1,18 @@
<html> <html><head><?php
<head> /**
<?php * Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once "../language.php"; require_once "../language.php";
if (!file_exists("../config.php")) { if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]); print($language["NO_CONFIGURATION"]);

18
public/verify.php
View File

@@ -1,6 +1,18 @@
<html> <html><head><?php
<head> /**
<?php * Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once "../language.php"; require_once "../language.php";
if (!file_exists("../config.php")) { if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]); print($language["NO_CONFIGURATION"]);

18
public/verify_admin.php
View File

@@ -1,6 +1,18 @@
<html> <html><head><?php
<head> /**
<?php * Copyright 2018 Matthias Kesler
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once "../language.php"; require_once "../language.php";
if (!file_exists("../config.php")) { if (!file_exists("../config.php")) {
print($language["NO_CONFIGURATION"]); print($language["NO_CONFIGURATION"]);