forked-synapse/synapse/handlers/register.py

# -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Contains functions for registering clients."""
from twisted.internet import defer

from synapse.types import UserID
from synapse.api.errors import (
    AuthError, Codes, SynapseError, RegistrationError, InvalidCaptchaError,
    CodeMessageException
)
from ._base import BaseHandler
import synapse.util.stringutils as stringutils
from synapse.util.async import run_on_reactor
from synapse.http.client import SimpleHttpClient
from synapse.http.client import CaptchaServerHttpClient

import base64
import bcrypt
import json
import logging
import urllib

logger = logging.getLogger(__name__)


class RegistrationHandler(BaseHandler):

    def __init__(self, hs):
        super(RegistrationHandler, self).__init__(hs)

        self.distributor = hs.get_distributor()
        self.distributor.declare("registered_user")

    @defer.inlineCallbacks
    def register(self, localpart=None, password=None):
        """Registers a new client on the server.

        Args:
            localpart : The local part of the user ID to register. If None,
              one will be randomly generated.
            password (str) : The password to assign to this user so they can
            login again.
        Returns:
            A tuple of (user_id, access_token).
        Raises:
            RegistrationError if there was a problem registering.
        """
        yield run_on_reactor()
        password_hash = None
        if password:
            password_hash = bcrypt.hashpw(password, bcrypt.gensalt())

        if localpart:
            if localpart and urllib.quote(localpart) != localpart:
                raise SynapseError(
                    400,
                    "User ID must only contain characters which do not"
                    " require URL encoding."
                )

            user = UserID(localpart, self.hs.hostname)
            user_id = user.to_string()

            yield self.check_user_id_is_valid(user_id)

            token = self._generate_token(user_id)
            yield self.store.register(
                user_id=user_id,
                token=token,
                password_hash=password_hash
            )

            yield self.distributor.fire("registered_user", user)
        else:
            # autogen a random user ID
            attempts = 0
            user_id = None
            token = None
            while not user_id and not token:
                try:
                    localpart = self._generate_user_id()
                    user = UserID(localpart, self.hs.hostname)
                    user_id = user.to_string()
                    yield self.check_user_id_is_valid(user_id)

                    token = self._generate_token(user_id)
                    yield self.store.register(
                        user_id=user_id,
                        token=token,
                        password_hash=password_hash)

                    self.distributor.fire("registered_user", user)
                except SynapseError:
                    # if user id is taken, just generate another
                    user_id = None
                    token = None
                    attempts += 1
                    if attempts > 5:
                        raise RegistrationError(
                            500, "Cannot generate user ID.")

        # create a default avatar for the user
        # XXX: ideally clients would explicitly specify one, but given they don't
        # and we want consistent and pretty identicons for random users, we'll
        # do it here.
        try:
            auth_user = UserID.from_string(user_id)
            media_repository = self.hs.get_resource_for_media_repository()
            identicon_resource = media_repository.getChildWithDefault("identicon", None)
            upload_resource = media_repository.getChildWithDefault("upload", None)
            identicon_bytes = identicon_resource.generate_identicon(user_id, 320, 320)
            content_uri = yield upload_resource.create_content(
                "image/png", None, identicon_bytes, len(identicon_bytes), auth_user
            )
            profile_handler = self.hs.get_handlers().profile_handler
            profile_handler.set_avatar_url(
                auth_user, auth_user, ("%s#auto" % (content_uri,))
            )
        except NotImplementedError:
            pass  # make tests pass without messing around creating default avatars

        defer.returnValue((user_id, token))

    @defer.inlineCallbacks
    def appservice_register(self, user_localpart, as_token):
        user = UserID(user_localpart, self.hs.hostname)
        user_id = user.to_string()
        service = yield self.store.get_app_service_by_token(as_token)
        if not service:
            raise AuthError(403, "Invalid application service token.")
        if not service.is_interested_in_user(user_id):
            raise SynapseError(
                400, "Invalid user localpart for this application service.",
                errcode=Codes.EXCLUSIVE
            )
        token = self._generate_token(user_id)
        yield self.store.register(
            user_id=user_id,
            token=token,
            password_hash=""
        )
        self.distributor.fire("registered_user", user)
        defer.returnValue((user_id, token))

    @defer.inlineCallbacks
    def check_recaptcha(self, ip, private_key, challenge, response):
        """Checks a recaptcha is correct."""

        captcha_response = yield self._validate_captcha(
            ip,
            private_key,
            challenge,
            response
        )
        if not captcha_response["valid"]:
            logger.info("Invalid captcha entered from %s. Error: %s",
                        ip, captcha_response["error_url"])
            raise InvalidCaptchaError(
                error_url=captcha_response["error_url"]
            )
        else:
            logger.info("Valid captcha entered from %s", ip)

    @defer.inlineCallbacks
    def register_email(self, threepidCreds):
        """Registers emails with an identity server."""

        for c in threepidCreds:
            logger.info("validating theeepidcred sid %s on id server %s",
                        c['sid'], c['idServer'])
            try:
                threepid = yield self._threepid_from_creds(c)
            except:
                logger.exception("Couldn't validate 3pid")
                raise RegistrationError(400, "Couldn't validate 3pid")

            if not threepid:
                raise RegistrationError(400, "Couldn't validate 3pid")
            logger.info("got threepid with medium '%s' and address '%s'",
                        threepid['medium'], threepid['address'])

    @defer.inlineCallbacks
    def bind_emails(self, user_id, threepidCreds):
        """Links emails with a user ID and informs an identity server."""

        # Now we have a matrix ID, bind it to the threepids we were given
        for c in threepidCreds:
            # XXX: This should be a deferred list, shouldn't it?
            yield self._bind_threepid(c, user_id)

    @defer.inlineCallbacks
    def check_user_id_is_valid(self, user_id):
        # valid user IDs must not clash with any user ID namespaces claimed by
        # application services.
        services = yield self.store.get_app_services()
        interested_services = [
            s for s in services if s.is_interested_in_user(user_id)
        ]
        for service in interested_services:
            if service.is_exclusive_user(user_id):
                raise SynapseError(
                    400, "This user ID is reserved by an application service.",
                    errcode=Codes.EXCLUSIVE
                )

    def _generate_token(self, user_id):
        # urlsafe variant uses _ and - so use . as the separator and replace
        # all =s with .s so http clients don't quote =s when it is used as
        # query params.
        return (base64.urlsafe_b64encode(user_id).replace('=', '.') + '.' +
                stringutils.random_string(18))

    def _generate_user_id(self):
        return "-" + stringutils.random_string(18)

    @defer.inlineCallbacks
    def _threepid_from_creds(self, creds):
        # TODO: get this from the homeserver rather than creating a new one for
        # each request
        http_client = SimpleHttpClient(self.hs)
        # XXX: make this configurable!
        trustedIdServers = ['matrix.org:8090', 'matrix.org']
        if not creds['idServer'] in trustedIdServers:
            logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
                        'credentials', creds['idServer'])
            defer.returnValue(None)

        data = {}
        try:
            data = yield http_client.get_json(
                # XXX: This should be HTTPS
                "http://%s%s" % (
                    creds['idServer'],
                    "/_matrix/identity/api/v1/3pid/getValidated3pid"
                ),
                {'sid': creds['sid'], 'clientSecret': creds['clientSecret']}
            )
        except CodeMessageException as e:
            data = json.loads(e.msg)

        if 'medium' in data:
            defer.returnValue(data)
        defer.returnValue(None)

    @defer.inlineCallbacks
    def _bind_threepid(self, creds, mxid):
        yield
        logger.debug("binding threepid")
        http_client = SimpleHttpClient(self.hs)
        data = None
        try:
            data = yield http_client.post_urlencoded_get_json(
                # XXX: Change when ID servers are all HTTPS
                "http://%s%s" % (
                    creds['idServer'], "/_matrix/identity/api/v1/3pid/bind"
                ),
                {
                    'sid': creds['sid'],
                    'clientSecret': creds['clientSecret'],
                    'mxid': mxid,
                }
            )
            logger.debug("bound threepid")
        except CodeMessageException as e:
            data = json.loads(e.msg)
        defer.returnValue(data)

    @defer.inlineCallbacks
    def _validate_captcha(self, ip_addr, private_key, challenge, response):
        """Validates the captcha provided.

        Returns:
            dict: Containing 'valid'(bool) and 'error_url'(str) if invalid.

        """
        response = yield self._submit_captcha(ip_addr, private_key, challenge,
                                              response)
        # parse Google's response. Lovely format..
        lines = response.split('\n')
        json = {
            "valid": lines[0] == 'true',
            "error_url": "http://www.google.com/recaptcha/api/challenge?" +
                         "error=%s" % lines[1]
        }
        defer.returnValue(json)

    @defer.inlineCallbacks
    def _submit_captcha(self, ip_addr, private_key, challenge, response):
        # TODO: get this from the homeserver rather than creating a new one for
        # each request
        client = CaptchaServerHttpClient(self.hs)
        data = yield client.post_urlencoded_get_raw(
            "http://www.google.com:80/recaptcha/api/verify",
            args={
                'privatekey': private_key,
                'remoteip': ip_addr,
                'challenge': challenge,
                'response': response
            }
        )
        defer.returnValue(data)
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`# -- coding: utf-8 --`
Update copyright notices 2015-01-06 08:21:39 -05:00			`# Copyright 2014, 2015 OpenMarket Ltd`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
add in whitespace after copyright statements to improve legibility 2014-08-12 22:14:34 -04:00
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`"""Contains functions for registering clients."""`
			`from twisted.internet import defer`

			`from synapse.types import UserID`
80 chars please 2014-09-06 01:55:29 -04:00			`from synapse.api.errors import (`
Add errcodes for appservice registrations. 2015-02-06 12:10:04 -05:00			`AuthError, Codes, SynapseError, RegistrationError, InvalidCaptchaError,`
			`CodeMessageException`
80 chars please 2014-09-06 01:55:29 -04:00			`)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`from ._base import BaseHandler`
			`import synapse.util.stringutils as stringutils`
Fix registration 2014-12-08 04:24:37 -05:00			`from synapse.util.async import run_on_reactor`
Refactor the HTTP clients a little. 2014-11-20 08:53:34 -05:00			`from synapse.http.client import SimpleHttpClient`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`from synapse.http.client import CaptchaServerHttpClient`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`import base64`
			`import bcrypt`
Modify API for SimpleHttpClient.get_json and update usages. Previously, this would only return the HTTP body as JSON, and discard other response information (e.g. the HTTP response code). This has now been changed to throw a CodeMessageException on a non-2xx response, with the response code and body, which can then be parsed as JSON. Affected modules include: - Registration/Login (when using an email for IS auth) 2015-02-04 12:07:31 -05:00			`import json`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`import logging`
Factor out user id validation checks 2015-03-18 07:33:46 -04:00			`import urllib`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00
			`logger = logging.getLogger(__name__)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00

			`class RegistrationHandler(BaseHandler):`

			`def __init__(self, hs):`
			`super(RegistrationHandler, self).__init__(hs)`

			`self.distributor = hs.get_distributor()`
			`self.distributor.declare("registered_user")`

			`@defer.inlineCallbacks`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`def register(self, localpart=None, password=None):`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`"""Registers a new client on the server.`

			`Args:`
			`localpart : The local part of the user ID to register. If None,`
			`one will be randomly generated.`
			`password (str) : The password to assign to this user so they can`
			`login again.`
			`Returns:`
			`A tuple of (user_id, access_token).`
			`Raises:`
			`RegistrationError if there was a problem registering.`
			`"""`
Fix registration 2014-12-08 04:24:37 -05:00			`yield run_on_reactor()`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`password_hash = None`
			`if password:`
			`password_hash = bcrypt.hashpw(password, bcrypt.gensalt())`

			`if localpart:`
Factor out user id validation checks 2015-03-18 07:33:46 -04:00			`if localpart and urllib.quote(localpart) != localpart:`
			`raise SynapseError(`
			`400,`
			`"User ID must only contain characters which do not"`
			`" require URL encoding."`
			`)`

Fix registration 2014-12-08 04:24:37 -05:00			`user = UserID(localpart, self.hs.hostname)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`user_id = user.to_string()`

Prevent user IDs in AS namespaces being created/deleted by humans. 2015-02-05 11:46:56 -05:00			`yield self.check_user_id_is_valid(user_id)`

Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`token = self._generate_token(user_id)`
Fix pep8 warnings 2014-10-30 07:10:17 -04:00			`yield self.store.register(`
			`user_id=user_id,`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`token=token,`
Fix pep8 warnings 2014-10-30 07:10:17 -04:00			`password_hash=password_hash`
			`)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
Add a few missing yields, Move deferred lists inside PreserveLoggingContext because they don't interact well with the logging contexts 2014-11-20 11:24:00 -05:00			`yield self.distributor.fire("registered_user", user)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`else:`
			`# autogen a random user ID`
			`attempts = 0`
			`user_id = None`
			`token = None`
			`while not user_id and not token:`
			`try:`
			`localpart = self._generate_user_id()`
Fix registration 2014-12-08 04:24:37 -05:00			`user = UserID(localpart, self.hs.hostname)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`user_id = user.to_string()`
Prevent user IDs in AS namespaces being created/deleted by humans. 2015-02-05 11:46:56 -05:00			`yield self.check_user_id_is_valid(user_id)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`token = self._generate_token(user_id)`
			`yield self.store.register(`
			`user_id=user_id,`
			`token=token,`
			`password_hash=password_hash)`

			`self.distributor.fire("registered_user", user)`
			`except SynapseError:`
			`# if user id is taken, just generate another`
			`user_id = None`
			`token = None`
			`attempts += 1`
			`if attempts > 5:`
			`raise RegistrationError(`
			`500, "Cannot generate user ID.")`

...and here's the actual impl. git fail. 2015-02-07 08:32:14 -05:00			`# create a default avatar for the user`
			`# XXX: ideally clients would explicitly specify one, but given they don't`
			`# and we want consistent and pretty identicons for random users, we'll`
			`# do it here.`
don't give up if we can't create default avatars during tests 2015-02-07 16:24:08 -05:00			`try:`
			`auth_user = UserID.from_string(user_id)`
Code-style fixes 2015-02-10 11:30:48 -05:00			`media_repository = self.hs.get_resource_for_media_repository()`
			`identicon_resource = media_repository.getChildWithDefault("identicon", None)`
			`upload_resource = media_repository.getChildWithDefault("upload", None)`
don't give up if we can't create default avatars during tests 2015-02-07 16:24:08 -05:00			`identicon_bytes = identicon_resource.generate_identicon(user_id, 320, 320)`
			`content_uri = yield upload_resource.create_content(`
			`"image/png", None, identicon_bytes, len(identicon_bytes), auth_user`
			`)`
			`profile_handler = self.hs.get_handlers().profile_handler`
Code-style fixes 2015-02-10 11:30:48 -05:00			`profile_handler.set_avatar_url(`
			`auth_user, auth_user, ("%s#auto" % (content_uri,))`
			`)`
don't give up if we can't create default avatars during tests 2015-02-07 16:24:08 -05:00			`except NotImplementedError:`
Code-style fixes 2015-02-10 11:30:48 -05:00			`pass # make tests pass without messing around creating default avatars`

Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`defer.returnValue((user_id, token))`

Add m.login.application_service registration procedure. This allows known application services to register any user ID under their own user namespace(s). 2015-02-05 12:29:27 -05:00			`@defer.inlineCallbacks`
			`def appservice_register(self, user_localpart, as_token):`
			`user = UserID(user_localpart, self.hs.hostname)`
			`user_id = user.to_string()`
			`service = yield self.store.get_app_service_by_token(as_token)`
			`if not service:`
Add errcodes for appservice registrations. 2015-02-06 12:10:04 -05:00			`raise AuthError(403, "Invalid application service token.")`
Add m.login.application_service registration procedure. This allows known application services to register any user ID under their own user namespace(s). 2015-02-05 12:29:27 -05:00			`if not service.is_interested_in_user(user_id):`
			`raise SynapseError(`
Add errcodes for appservice registrations. 2015-02-06 12:10:04 -05:00			`400, "Invalid user localpart for this application service.",`
			`errcode=Codes.EXCLUSIVE`
Add m.login.application_service registration procedure. This allows known application services to register any user ID under their own user namespace(s). 2015-02-05 12:29:27 -05:00			`)`
			`token = self._generate_token(user_id)`
			`yield self.store.register(`
			`user_id=user_id,`
			`token=token,`
			`password_hash=""`
			`)`
			`self.distributor.fire("registered_user", user)`
			`defer.returnValue((user_id, token))`

Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`@defer.inlineCallbacks`
			`def check_recaptcha(self, ip, private_key, challenge, response):`
			`"""Checks a recaptcha is correct."""`

			`captcha_response = yield self._validate_captcha(`
			`ip,`
			`private_key,`
			`challenge,`
			`response`
			`)`
			`if not captcha_response["valid"]:`
			`logger.info("Invalid captcha entered from %s. Error: %s",`
			`ip, captcha_response["error_url"])`
			`raise InvalidCaptchaError(`
			`error_url=captcha_response["error_url"]`
			`)`
			`else:`
			`logger.info("Valid captcha entered from %s", ip)`

			`@defer.inlineCallbacks`
			`def register_email(self, threepidCreds):`
			`"""Registers emails with an identity server."""`

			`for c in threepidCreds:`
			`logger.info("validating theeepidcred sid %s on id server %s",`
			`c['sid'], c['idServer'])`
			`try:`
			`threepid = yield self._threepid_from_creds(c)`
			`except:`
Use python logger, not the twisted logger 2014-11-03 05:16:28 -05:00			`logger.exception("Couldn't validate 3pid")`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`raise RegistrationError(400, "Couldn't validate 3pid")`

			`if not threepid:`
			`raise RegistrationError(400, "Couldn't validate 3pid")`
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S) 2014-11-20 12:41:56 -05:00			`logger.info("got threepid with medium '%s' and address '%s'",`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`threepid['medium'], threepid['address'])`

			`@defer.inlineCallbacks`
			`def bind_emails(self, user_id, threepidCreds):`
			`"""Links emails with a user ID and informs an identity server."""`

			`# Now we have a matrix ID, bind it to the threepids we were given`
			`for c in threepidCreds:`
			`# XXX: This should be a deferred list, shouldn't it?`
			`yield self._bind_threepid(c, user_id)`

Prevent user IDs in AS namespaces being created/deleted by humans. 2015-02-05 11:46:56 -05:00			`@defer.inlineCallbacks`
			`def check_user_id_is_valid(self, user_id):`
			`# valid user IDs must not clash with any user ID namespaces claimed by`
			`# application services.`
			`services = yield self.store.get_app_services()`
			`interested_services = [`
			`s for s in services if s.is_interested_in_user(user_id)`
			`]`
Implement exclusive namespace checks. 2015-02-27 08:51:41 -05:00			`for service in interested_services:`
			`if service.is_exclusive_user(user_id):`
			`raise SynapseError(`
			`400, "This user ID is reserved by an application service.",`
			`errcode=Codes.EXCLUSIVE`
			`)`
Prevent user IDs in AS namespaces being created/deleted by humans. 2015-02-05 11:46:56 -05:00
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`def _generate_token(self, user_id):`
			`# urlsafe variant uses _ and - so use . as the separator and replace`
			`# all =s with .s so http clients don't quote =s when it is used as`
			`# query params.`
			`return (base64.urlsafe_b64encode(user_id).replace('=', '.') + '.' +`
			`stringutils.random_string(18))`

			`def _generate_user_id(self):`
			`return "-" + stringutils.random_string(18)`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00
			`@defer.inlineCallbacks`
			`def _threepid_from_creds(self, creds):`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`# TODO: get this from the homeserver rather than creating a new one for`
			`# each request`
Modify API for SimpleHttpClient.get_json and update usages. Previously, this would only return the HTTP body as JSON, and discard other response information (e.g. the HTTP response code). This has now been changed to throw a CodeMessageException on a non-2xx response, with the response code and body, which can then be parsed as JSON. Affected modules include: - Registration/Login (when using an email for IS auth) 2015-02-04 12:07:31 -05:00			`http_client = SimpleHttpClient(self.hs)`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`# XXX: make this configurable!`
Add matrix.org as a trusted ID server because it's now passed through on ports 80/443 and the web client defaults to that now. Fixes email validation (including signing up with an email address). 2015-01-28 05:09:54 -05:00			`trustedIdServers = ['matrix.org:8090', 'matrix.org']`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`if not creds['idServer'] in trustedIdServers:`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`logger.warn('%s is not a trusted ID server: rejecting 3pid ' +`
80 chars please 2014-09-06 01:55:29 -04:00			`'credentials', creds['idServer'])`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`defer.returnValue(None)`
Modify API for SimpleHttpClient.get_json and update usages. Previously, this would only return the HTTP body as JSON, and discard other response information (e.g. the HTTP response code). This has now been changed to throw a CodeMessageException on a non-2xx response, with the response code and body, which can then be parsed as JSON. Affected modules include: - Registration/Login (when using an email for IS auth) 2015-02-04 12:07:31 -05:00
			`data = {}`
			`try:`
			`data = yield http_client.get_json(`
			`# XXX: This should be HTTPS`
			`"http://%s%s" % (`
			`creds['idServer'],`
			`"/_matrix/identity/api/v1/3pid/getValidated3pid"`
			`),`
			`{'sid': creds['sid'], 'clientSecret': creds['clientSecret']}`
			`)`
			`except CodeMessageException as e:`
			`data = json.loads(e.msg)`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`if 'medium' in data:`
			`defer.returnValue(data)`
			`defer.returnValue(None)`

			`@defer.inlineCallbacks`
			`def _bind_threepid(self, creds, mxid):`
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S) 2014-11-20 12:41:56 -05:00			`yield`
			`logger.debug("binding threepid")`
Modify API for SimpleHttpClient.get_json and update usages. Previously, this would only return the HTTP body as JSON, and discard other response information (e.g. the HTTP response code). This has now been changed to throw a CodeMessageException on a non-2xx response, with the response code and body, which can then be parsed as JSON. Affected modules include: - Registration/Login (when using an email for IS auth) 2015-02-04 12:07:31 -05:00			`http_client = SimpleHttpClient(self.hs)`
			`data = None`
			`try:`
			`data = yield http_client.post_urlencoded_get_json(`
			`# XXX: Change when ID servers are all HTTPS`
			`"http://%s%s" % (`
			`creds['idServer'], "/_matrix/identity/api/v1/3pid/bind"`
			`),`
			`{`
			`'sid': creds['sid'],`
			`'clientSecret': creds['clientSecret'],`
			`'mxid': mxid,`
			`}`
			`)`
			`logger.debug("bound threepid")`
			`except CodeMessageException as e:`
			`data = json.loads(e.msg)`
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 13:22:27 -04:00			`defer.returnValue(data)`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`@defer.inlineCallbacks`
			`def _validate_captcha(self, ip_addr, private_key, challenge, response):`
			`"""Validates the captcha provided.`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`Returns:`
			`dict: Containing 'valid'(bool) and 'error_url'(str) if invalid.`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`"""`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`response = yield self._submit_captcha(ip_addr, private_key, challenge,`
80 chars please 2014-09-06 01:55:29 -04:00			`response)`
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`# parse Google's response. Lovely format..`
			`lines = response.split('\n')`
			`json = {`
			`"valid": lines[0] == 'true',`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`"error_url": "http://www.google.com/recaptcha/api/challenge?" +`
80 chars please 2014-09-06 01:55:29 -04:00			`"error=%s" % lines[1]`
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`}`
			`defer.returnValue(json)`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`@defer.inlineCallbacks`
			`def _submit_captcha(self, ip_addr, private_key, challenge, response):`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`# TODO: get this from the homeserver rather than creating a new one for`
			`# each request`
			`client = CaptchaServerHttpClient(self.hs)`
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`data = yield client.post_urlencoded_get_raw(`
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S) 2014-11-20 12:41:56 -05:00			`"http://www.google.com:80/recaptcha/api/verify",`
Split out password/captcha/email logic. 2014-09-15 07:42:36 -04:00			`args={`
			`'privatekey': private_key,`
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 22:18:23 -04:00			`'remoteip': ip_addr,`
			`'challenge': challenge,`
			`'response': response`
			`}`
			`)`
			`defer.returnValue(data)`