forked-synapse/synapse/handlers/login.py

# -*- coding: utf-8 -*-
# Copyright 2014 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from twisted.internet import defer

from ._base import BaseHandler
from synapse.api.errors import LoginError, Codes
from synapse.http.client import IdentityServerHttpClient
from synapse.util.emailutils import EmailException
import synapse.util.emailutils as emailutils

import bcrypt
import logging
import urllib

logger = logging.getLogger(__name__)


class LoginHandler(BaseHandler):

    def __init__(self, hs):
        super(LoginHandler, self).__init__(hs)
        self.hs = hs

    @defer.inlineCallbacks
    def login(self, user, password):
        """Login as the specified user with the specified password.

        Args:
            user (str): The user ID.
            password (str): The password.
        Returns:
            The newly allocated access token.
        Raises:
            StoreError if there was a problem storing the token.
            LoginError if there was an authentication problem.
        """
        # TODO do this better, it can't go in __init__ else it cyclic loops
        if not hasattr(self, "reg_handler"):
            self.reg_handler = self.hs.get_handlers().registration_handler

        # pull out the hash for this user if they exist
        user_info = yield self.store.get_user_by_id(user_id=user)
        if not user_info:
            logger.warn("Attempted to login as %s but they do not exist", user)
            raise LoginError(403, "", errcode=Codes.FORBIDDEN)

        stored_hash = user_info[0]["password_hash"]
        if bcrypt.checkpw(password, stored_hash):
            # generate an access token and store it.
            token = self.reg_handler._generate_token(user)
            logger.info("Adding token %s for user %s", token, user)
            yield self.store.add_access_token_to_user(user, token)
            defer.returnValue(token)
        else:
            logger.warn("Failed password login for user %s", user)
            raise LoginError(403, "", errcode=Codes.FORBIDDEN)

    @defer.inlineCallbacks
    def reset_password(self, user_id, email):
        is_valid = yield self._check_valid_association(user_id, email)
        logger.info("reset_password user=%s email=%s valid=%s", user_id, email,
                    is_valid)
        if is_valid:
            try:
                # send an email out
                emailutils.send_email(
                    smtp_server=self.hs.config.email_smtp_server,
                    from_addr=self.hs.config.email_from_address,
                    to_addr=email,
                    subject="Password Reset",
                    body="TODO."
                )
            except EmailException as e:
                logger.exception(e)

    @defer.inlineCallbacks
    def _check_valid_association(self, user_id, email):
        identity = yield self._query_email(email)
        if identity and "mxid" in identity:
            if identity["mxid"] == user_id:
                defer.returnValue(True)
                return
        defer.returnValue(False)

    @defer.inlineCallbacks
    def _query_email(self, email):
        httpCli = IdentityServerHttpClient(self.hs)
        data = yield httpCli.get_json(
            'matrix.org:8090',  # TODO FIXME This should be configurable.
            "/_matrix/identity/api/v1/lookup?medium=email&address=" +
            "%s" % urllib.quote(email)
        )
        defer.returnValue(data)
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`# -- coding: utf-8 --`
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch. 2014-09-03 12:29:13 -04:00			`# Copyright 2014 OpenMarket Ltd`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
add in whitespace after copyright statements to improve legibility 2014-08-12 22:14:34 -04:00
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`from twisted.internet import defer`

			`from ._base import BaseHandler`
Send forbidden codes when doing login attempts. 2014-08-14 09:29:01 -04:00			`from synapse.api.errors import LoginError, Codes`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`from synapse.http.client import IdentityServerHttpClient`
Added support for the HS to send emails. Use it to send password resets. Added email_smtp_server and email_from_address config args. Added emailutils. 2014-09-16 07:36:39 -04:00			`from synapse.util.emailutils import EmailException`
			`import synapse.util.emailutils as emailutils`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`import bcrypt`
			`import logging`
Added PasswordResetRestServlet. Hit the IS to confirm the email/user. Need to send email. 2014-09-16 06:22:40 -04:00			`import urllib`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`logger = logging.getLogger(__name__)`


			`class LoginHandler(BaseHandler):`

			`def __init__(self, hs):`
			`super(LoginHandler, self).__init__(hs)`
			`self.hs = hs`

			`@defer.inlineCallbacks`
			`def login(self, user, password):`
			`"""Login as the specified user with the specified password.`

			`Args:`
Pass back the user_id in the response to /login in case it has changed. Store and use that on the webclient rather than the input field. 2014-08-14 11:40:15 -04:00			`user (str): The user ID.`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`password (str): The password.`
			`Returns:`
			`The newly allocated access token.`
			`Raises:`
			`StoreError if there was a problem storing the token.`
			`LoginError if there was an authentication problem.`
			`"""`
			`# TODO do this better, it can't go in __init__ else it cyclic loops`
			`if not hasattr(self, "reg_handler"):`
			`self.reg_handler = self.hs.get_handlers().registration_handler`

			`# pull out the hash for this user if they exist`
			`user_info = yield self.store.get_user_by_id(user_id=user)`
			`if not user_info:`
Fix pep8 warnings 2014-10-30 07:10:17 -04:00			`logger.warn("Attempted to login as %s but they do not exist", user)`
Send forbidden codes when doing login attempts. 2014-08-14 09:29:01 -04:00			`raise LoginError(403, "", errcode=Codes.FORBIDDEN)`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`stored_hash = user_info[0]["password_hash"]`
			`if bcrypt.checkpw(password, stored_hash):`
			`# generate an access token and store it.`
			`token = self.reg_handler._generate_token(user)`
			`logger.info("Adding token %s for user %s", token, user)`
			`yield self.store.add_access_token_to_user(user, token)`
			`defer.returnValue(token)`
			`else:`
			`logger.warn("Failed password login for user %s", user)`
Added PasswordResetRestServlet. Hit the IS to confirm the email/user. Need to send email. 2014-09-16 06:22:40 -04:00			`raise LoginError(403, "", errcode=Codes.FORBIDDEN)`

			`@defer.inlineCallbacks`
			`def reset_password(self, user_id, email):`
			`is_valid = yield self._check_valid_association(user_id, email)`
			`logger.info("reset_password user=%s email=%s valid=%s", user_id, email,`
			`is_valid)`
Added support for the HS to send emails. Use it to send password resets. Added email_smtp_server and email_from_address config args. Added emailutils. 2014-09-16 07:36:39 -04:00			`if is_valid:`
			`try:`
			`# send an email out`
			`emailutils.send_email(`
			`smtp_server=self.hs.config.email_smtp_server,`
			`from_addr=self.hs.config.email_from_address,`
			`to_addr=email,`
			`subject="Password Reset",`
			`body="TODO."`
			`)`
			`except EmailException as e:`
			`logger.exception(e)`
Added PasswordResetRestServlet. Hit the IS to confirm the email/user. Need to send email. 2014-09-16 06:22:40 -04:00
			`@defer.inlineCallbacks`
			`def _check_valid_association(self, user_id, email):`
			`identity = yield self._query_email(email)`
			`if identity and "mxid" in identity:`
			`if identity["mxid"] == user_id:`
			`defer.returnValue(True)`
			`return`
			`defer.returnValue(False)`

			`@defer.inlineCallbacks`
			`def _query_email(self, email):`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`httpCli = IdentityServerHttpClient(self.hs)`
Added PasswordResetRestServlet. Hit the IS to confirm the email/user. Need to send email. 2014-09-16 06:22:40 -04:00			`data = yield httpCli.get_json(`
			`'matrix.org:8090', # TODO FIXME This should be configurable.`
			`"/_matrix/identity/api/v1/lookup?medium=email&address=" +`
			`"%s" % urllib.quote(email)`
			`)`
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers 2014-10-02 08:57:48 -04:00			`defer.returnValue(data)`