Changeset View
Changeset View
Standalone View
Standalone View
keyserver/src/responders/user-responders.js
// @flow | // @flow | ||||
import type { Utility as OlmUtility } from '@matrix-org/olm'; | |||||
import invariant from 'invariant'; | import invariant from 'invariant'; | ||||
import { getRustAPI } from 'rust-node-addon'; | import { getRustAPI } from 'rust-node-addon'; | ||||
import { ErrorTypes, SiweMessage } from 'siwe'; | import { ErrorTypes, SiweMessage } from 'siwe'; | ||||
import t from 'tcomb'; | import t from 'tcomb'; | ||||
import bcrypt from 'twin-bcrypt'; | import bcrypt from 'twin-bcrypt'; | ||||
import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | ||||
import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | ||||
▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | import { | ||||
accountUpdater, | accountUpdater, | ||||
checkAndSendVerificationEmail, | checkAndSendVerificationEmail, | ||||
checkAndSendPasswordResetEmail, | checkAndSendPasswordResetEmail, | ||||
updatePassword, | updatePassword, | ||||
updateUserSettings, | updateUserSettings, | ||||
} from '../updaters/account-updaters.js'; | } from '../updaters/account-updaters.js'; | ||||
import { userSubscriptionUpdater } from '../updaters/user-subscription-updaters.js'; | import { userSubscriptionUpdater } from '../updaters/user-subscription-updaters.js'; | ||||
import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js'; | import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js'; | ||||
import { getOLMUtility } from '../utils/olm-utils.js'; | import { getOlmUtility } from '../utils/olm-utils.js'; | ||||
import type { OLMUtility } from '../utils/olm-utils.js'; | |||||
import { validateInput } from '../utils/validation-utils.js'; | import { validateInput } from '../utils/validation-utils.js'; | ||||
const subscriptionUpdateRequestInputValidator = tShape({ | const subscriptionUpdateRequestInputValidator = tShape({ | ||||
threadID: t.String, | threadID: t.String, | ||||
updatedFields: tShape({ | updatedFields: tShape({ | ||||
pushNotifs: t.maybe(t.Boolean), | pushNotifs: t.maybe(t.Boolean), | ||||
home: t.maybe(t.Boolean), | home: t.maybe(t.Boolean), | ||||
}), | }), | ||||
▲ Show 20 Lines • Show All 107 Lines • ▼ Show 20 Lines | ): Promise<RegisterResponse> { | ||||
if (signedIdentityKeysBlob) { | if (signedIdentityKeysBlob) { | ||||
const identityKeys: IdentityKeysBlob = JSON.parse( | const identityKeys: IdentityKeysBlob = JSON.parse( | ||||
signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
); | ); | ||||
if (!identityKeysBlobValidator.is(identityKeys)) { | if (!identityKeysBlobValidator.is(identityKeys)) { | ||||
throw new ServerError('invalid_identity_keys_blob'); | throw new ServerError('invalid_identity_keys_blob'); | ||||
} | } | ||||
const olmUtil: OLMUtility = getOLMUtility(); | const olmUtil: OlmUtility = getOlmUtility(); | ||||
try { | try { | ||||
olmUtil.ed25519_verify( | olmUtil.ed25519_verify( | ||||
identityKeys.primaryIdentityPublicKeys.ed25519, | identityKeys.primaryIdentityPublicKeys.ed25519, | ||||
signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
signedIdentityKeysBlob.signature, | signedIdentityKeysBlob.signature, | ||||
); | ); | ||||
} catch (e) { | } catch (e) { | ||||
throw new ServerError('invalid_signature'); | throw new ServerError('invalid_signature'); | ||||
▲ Show 20 Lines • Show All 127 Lines • ▼ Show 20 Lines | ): Promise<LogInResponse> { | ||||
await validateInput(viewer, logInRequestInputValidator, input); | await validateInput(viewer, logInRequestInputValidator, input); | ||||
const request: LogInRequest = input; | const request: LogInRequest = input; | ||||
let identityKeys: ?IdentityKeysBlob; | let identityKeys: ?IdentityKeysBlob; | ||||
const { signedIdentityKeysBlob } = request; | const { signedIdentityKeysBlob } = request; | ||||
if (signedIdentityKeysBlob) { | if (signedIdentityKeysBlob) { | ||||
identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | ||||
const olmUtil: OLMUtility = getOLMUtility(); | const olmUtil: OlmUtility = getOlmUtility(); | ||||
try { | try { | ||||
olmUtil.ed25519_verify( | olmUtil.ed25519_verify( | ||||
identityKeys.primaryIdentityPublicKeys.ed25519, | identityKeys.primaryIdentityPublicKeys.ed25519, | ||||
signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
signedIdentityKeysBlob.signature, | signedIdentityKeysBlob.signature, | ||||
); | ); | ||||
} catch (e) { | } catch (e) { | ||||
throw new ServerError('invalid_signature'); | throw new ServerError('invalid_signature'); | ||||
▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines | ): Promise<LogInResponse> { | ||||
// if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`. | // if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`. | ||||
let identityKeys: ?IdentityKeysBlob; | let identityKeys: ?IdentityKeysBlob; | ||||
if (signedIdentityKeysBlob) { | if (signedIdentityKeysBlob) { | ||||
identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | ||||
if (!identityKeysBlobValidator.is(identityKeys)) { | if (!identityKeysBlobValidator.is(identityKeys)) { | ||||
throw new ServerError('invalid_identity_keys_blob'); | throw new ServerError('invalid_identity_keys_blob'); | ||||
} | } | ||||
const olmUtil: OLMUtility = getOLMUtility(); | const olmUtil: OlmUtility = getOlmUtility(); | ||||
try { | try { | ||||
olmUtil.ed25519_verify( | olmUtil.ed25519_verify( | ||||
identityKeys.primaryIdentityPublicKeys.ed25519, | identityKeys.primaryIdentityPublicKeys.ed25519, | ||||
signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
signedIdentityKeysBlob.signature, | signedIdentityKeysBlob.signature, | ||||
); | ); | ||||
} catch (e) { | } catch (e) { | ||||
throw new ServerError('invalid_signature'); | throw new ServerError('invalid_signature'); | ||||
▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines |