Cherry-pick Feature/login with email (matrix-org#2)

PiotrKozimor · PiotrKozimor · commit f290e722c30a · 2021-09-14T17:41:49.000+02:00
diff --git a/clientapi/auth/password.go b/clientapi/auth/password.go
@@ -22,20 +22,24 @@ import (
 	"github.com/matrix-org/dendrite/clientapi/userutil"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/dendrite/userapi/api"
+	"github.com/matrix-org/dendrite/userapi/storage/accounts"
 	"github.com/matrix-org/util"
 )
 
 type GetAccountByPassword func(ctx context.Context, localpart, password string) (*api.Account, error)
 
 type PasswordRequest struct {
 	Login
+	Address  string `json:"address"`
 	Password string `json:"password"`
+	Medium   string `json:"medium"`
 }
 
 // LoginTypePassword implements https://matrix.org/docs/spec/client_server/r0.6.1#password-based
 type LoginTypePassword struct {
 	GetAccountByPassword GetAccountByPassword
 	Config               *config.ClientAPI
+	AccountDB            accounts.Database
 }
 
 func (t *LoginTypePassword) Name() string {
@@ -48,14 +52,36 @@ func (t *LoginTypePassword) Request() interface{} {
 
 func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, *util.JSONResponse) {
 	r := req.(*PasswordRequest)
-	username := r.Username()
-	if username == "" {
-		return nil, &util.JSONResponse{
-			Code: http.StatusUnauthorized,
-			JSON: jsonerror.BadJSON("A username must be supplied."),
+	var username string
+	var localpart string
+	var err error
+	username = r.Username()
+	if username != "" {
+		localpart, err = userutil.ParseUsernameParam(username, &t.Config.Matrix.ServerName)
+	} else {
+		if r.Medium == "email" {
+			if r.Address != "" {
+				localpart, err = t.AccountDB.GetLocalpartForThreePID(ctx, r.Address, "email")
+				if localpart == "" {
+					return nil, &util.JSONResponse{
+						Code: http.StatusForbidden,
+						JSON: jsonerror.Forbidden("email or password was incorrect, or the account does not exist"),
+					}
+				}
+				r.Login.User = localpart
+			} else {
+				return nil, &util.JSONResponse{
+					Code: http.StatusUnauthorized,
+					JSON: jsonerror.BadJSON("'address' must be supplied."),
+				}
+			}
+		} else {
+			return nil, &util.JSONResponse{
+				Code: http.StatusUnauthorized,
+				JSON: jsonerror.BadJSON("'user' must be supplied."),
+			}
 		}
 	}
-	localpart, err := userutil.ParseUsernameParam(username, &t.Config.Matrix.ServerName)
 	if err != nil {
 		return nil, &util.JSONResponse{
 			Code: http.StatusUnauthorized,
diff --git a/clientapi/routing/login.go b/clientapi/routing/login.go
@@ -68,6 +68,7 @@ func Login(
 		typePassword := auth.LoginTypePassword{
 			GetAccountByPassword: accountDB.GetAccountByPassword,
 			Config:               cfg,
+			AccountDB:            accountDB,
 		}
 		r := typePassword.Request()
 		resErr := httputil.UnmarshalJSONRequest(req, r)
diff --git a/clientapi/threepid/threepid.go b/clientapi/threepid/threepid.go
@@ -33,11 +33,12 @@ type EmailAssociationRequest struct {
 	Secret      string `json:"client_secret"`
 	Email       string `json:"email"`
 	SendAttempt int    `json:"send_attempt"`
+	NextLink    string `json:"next_link"`
 }
 
 // EmailAssociationCheckRequest represents the request defined at https://matrix.org/docs/spec/client_server/r0.2.0.html#post-matrix-client-r0-account-3pid
 type EmailAssociationCheckRequest struct {
-	Creds Credentials `json:"threePidCreds"`
+	Creds Credentials `json:"three_pid_creds"`
 	Bind  bool        `json:"bind"`
 }
 
@@ -66,6 +67,7 @@ func CreateSession(
 	data.Add("client_secret", req.Secret)
 	data.Add("email", req.Email)
 	data.Add("send_attempt", strconv.Itoa(req.SendAttempt))
+	data.Add("next_link", req.NextLink)
 
 	request, err := http.NewRequest(http.MethodPost, postURL, strings.NewReader(data.Encode()))
 	if err != nil {
@@ -81,7 +83,7 @@ func CreateSession(
 
 	// Error if the status isn't OK
 	if resp.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("could not create a session on the server %s", req.IDServer)
+		return "", fmt.Errorf("Could not create a session on the server %s, got status code: %d", req.IDServer, resp.StatusCode)
 	}
 
 	// Extract the SID from the response and return it
diff --git a/dendrite-config.yaml b/dendrite-config.yaml
@@ -170,6 +170,9 @@ client_api:
     turn_username: ""
     turn_password: ""
 
+  # Whether login by email is enabled . 
+  email_login: true
+
   # Settings for rate-limited endpoints. Rate limiting will kick in after the
   # threshold number of "slots" have been taken by requests from a specific 
   # host. Each "slot" will be released after the cooloff time in milliseconds.
diff --git a/setup/config/config_clientapi.go b/setup/config/config_clientapi.go
@@ -12,6 +12,8 @@ type ClientAPI struct {
 	InternalAPI InternalAPIOptions `yaml:"internal_api"`
 	ExternalAPI ExternalAPIOptions `yaml:"external_api"`
 
+	EmailLogin bool `yaml:"email_login"`
+
 	// If set disables new users from registering (except via shared
 	// secrets)
 	RegistrationDisabled bool `yaml:"registration_disabled"`

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ func Login(`
`68`	`68`	`typePassword := auth.LoginTypePassword{`
`69`	`69`	`GetAccountByPassword: accountDB.GetAccountByPassword,`
`70`	`70`	`Config: cfg,`
	`71`	`+ AccountDB: accountDB,`
`71`	`72`	`}`
`72`	`73`	`r := typePassword.Request()`
`73`	`74`	`resErr := httputil.UnmarshalJSONRequest(req, r)`