Differential D7026 Diff 23623 keyserver/src/responders/user-responders.js

Changeset View

Standalone View

keyserver/src/responders/user-responders.js

// @flow		// @flow

		import type { Utility as OlmUtility } from '@matrix-org/olm';
import invariant from 'invariant';		import invariant from 'invariant';
import { getRustAPI } from 'rust-node-addon';		import { getRustAPI } from 'rust-node-addon';
import { ErrorTypes, SiweMessage } from 'siwe';		import { ErrorTypes, SiweMessage } from 'siwe';
import t from 'tcomb';		import t from 'tcomb';
import bcrypt from 'twin-bcrypt';		import bcrypt from 'twin-bcrypt';

import { baseLegalPolicies, policies } from 'lib/facts/policies.js';		import { baseLegalPolicies, policies } from 'lib/facts/policies.js';
import { hasMinCodeVersion } from 'lib/shared/version-utils.js';		import { hasMinCodeVersion } from 'lib/shared/version-utils.js';
▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines	import {
accountUpdater,		accountUpdater,
checkAndSendVerificationEmail,		checkAndSendVerificationEmail,
checkAndSendPasswordResetEmail,		checkAndSendPasswordResetEmail,
updatePassword,		updatePassword,
updateUserSettings,		updateUserSettings,
} from '../updaters/account-updaters.js';		} from '../updaters/account-updaters.js';
import { userSubscriptionUpdater } from '../updaters/user-subscription-updaters.js';		import { userSubscriptionUpdater } from '../updaters/user-subscription-updaters.js';
import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js';		import { viewerAcknowledgmentUpdater } from '../updaters/viewer-acknowledgment-updater.js';
import { getOLMUtility } from '../utils/olm-utils.js';		import { getOlmUtility } from '../utils/olm-utils.js';
import type { OLMUtility } from '../utils/olm-utils.js';
import { validateInput } from '../utils/validation-utils.js';		import { validateInput } from '../utils/validation-utils.js';

const subscriptionUpdateRequestInputValidator = tShape({		const subscriptionUpdateRequestInputValidator = tShape({
threadID: t.String,		threadID: t.String,
updatedFields: tShape({		updatedFields: tShape({
pushNotifs: t.maybe(t.Boolean),		pushNotifs: t.maybe(t.Boolean),
home: t.maybe(t.Boolean),		home: t.maybe(t.Boolean),
}),		}),
▲ Show 20 Lines • Show All 107 Lines • ▼ Show 20 Lines	): Promise<RegisterResponse> {
if (signedIdentityKeysBlob) {		if (signedIdentityKeysBlob) {
const identityKeys: IdentityKeysBlob = JSON.parse(		const identityKeys: IdentityKeysBlob = JSON.parse(
signedIdentityKeysBlob.payload,		signedIdentityKeysBlob.payload,
);		);
if (!identityKeysBlobValidator.is(identityKeys)) {		if (!identityKeysBlobValidator.is(identityKeys)) {
throw new ServerError('invalid_identity_keys_blob');		throw new ServerError('invalid_identity_keys_blob');
}		}

const olmUtil: OLMUtility = getOLMUtility();		const olmUtil: OlmUtility = getOlmUtility();
try {		try {
olmUtil.ed25519_verify(		olmUtil.ed25519_verify(
identityKeys.primaryIdentityPublicKeys.ed25519,		identityKeys.primaryIdentityPublicKeys.ed25519,
signedIdentityKeysBlob.payload,		signedIdentityKeysBlob.payload,
signedIdentityKeysBlob.signature,		signedIdentityKeysBlob.signature,
);		);
} catch (e) {		} catch (e) {
throw new ServerError('invalid_signature');		throw new ServerError('invalid_signature');
▲ Show 20 Lines • Show All 127 Lines • ▼ Show 20 Lines	): Promise<LogInResponse> {
await validateInput(viewer, logInRequestInputValidator, input);		await validateInput(viewer, logInRequestInputValidator, input);
const request: LogInRequest = input;		const request: LogInRequest = input;

let identityKeys: ?IdentityKeysBlob;		let identityKeys: ?IdentityKeysBlob;
const { signedIdentityKeysBlob } = request;		const { signedIdentityKeysBlob } = request;
if (signedIdentityKeysBlob) {		if (signedIdentityKeysBlob) {
identityKeys = JSON.parse(signedIdentityKeysBlob.payload);		identityKeys = JSON.parse(signedIdentityKeysBlob.payload);

const olmUtil: OLMUtility = getOLMUtility();		const olmUtil: OlmUtility = getOlmUtility();
try {		try {
olmUtil.ed25519_verify(		olmUtil.ed25519_verify(
identityKeys.primaryIdentityPublicKeys.ed25519,		identityKeys.primaryIdentityPublicKeys.ed25519,
signedIdentityKeysBlob.payload,		signedIdentityKeysBlob.payload,
signedIdentityKeysBlob.signature,		signedIdentityKeysBlob.signature,
);		);
} catch (e) {		} catch (e) {
throw new ServerError('invalid_signature');		throw new ServerError('invalid_signature');
▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines	): Promise<LogInResponse> {
// if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`.		// if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`.
let identityKeys: ?IdentityKeysBlob;		let identityKeys: ?IdentityKeysBlob;
if (signedIdentityKeysBlob) {		if (signedIdentityKeysBlob) {
identityKeys = JSON.parse(signedIdentityKeysBlob.payload);		identityKeys = JSON.parse(signedIdentityKeysBlob.payload);
if (!identityKeysBlobValidator.is(identityKeys)) {		if (!identityKeysBlobValidator.is(identityKeys)) {
throw new ServerError('invalid_identity_keys_blob');		throw new ServerError('invalid_identity_keys_blob');
}		}

const olmUtil: OLMUtility = getOLMUtility();		const olmUtil: OlmUtility = getOlmUtility();
try {		try {
olmUtil.ed25519_verify(		olmUtil.ed25519_verify(
identityKeys.primaryIdentityPublicKeys.ed25519,		identityKeys.primaryIdentityPublicKeys.ed25519,
signedIdentityKeysBlob.payload,		signedIdentityKeysBlob.payload,
signedIdentityKeysBlob.signature,		signedIdentityKeysBlob.signature,
);		);
} catch (e) {		} catch (e) {
throw new ServerError('invalid_signature');		throw new ServerError('invalid_signature');
▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines