Support shorter tokens used with authentication (#3)

This adds a new send_links configuration option which defines whether to send links for the user to click in renewal emails, and defaults to true. If set to false, only the renewal token is sent, which is expected to be copied by the user into a compatible client, which would then send it to the homeserver in an authenticated request (which means we don't need to ensure these shorter tokens are unique across all of the users).

Author: babolivier

README.md

@@ -33,6 +33,12 @@ modules:
       period: 6w
       # How long before an account expires should Synapse send it a renewal email.
       renew_at: 1w
+      # Whether to include a link to click in the emails sent to users. If false, only a
+      # renewal token is sent, in which case a shorter token is used, and the
+      # user will need to copy it into a compatible client that will send an
+      # authenticated request to the server.
+      # Defaults to true.
+      send_links: true
 ```
 
 The syntax for durations is the same as in the rest of Synapse's configuration file.

email_account_validity/_base.py

@@ -14,6 +14,7 @@
 # limitations under the License.
 
 import logging
+import os
 import time
 from typing import Optional, Tuple
 
@@ -24,7 +25,13 @@
 
 from email_account_validity._config import EmailAccountValidityConfig
 from email_account_validity._store import EmailAccountValidityStore
-from email_account_validity._utils import random_string
+from email_account_validity._utils import (
+    LONG_TOKEN_REGEX,
+    SHORT_TOKEN_REGEX,
+    random_digit_string,
+    random_string,
+    TokenFormat,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -40,9 +47,11 @@ def __init__(
         self._store = store
 
         self._period = config.period
+        self._send_links = config.send_links
 
         (self._template_html, self._template_text,) = api.read_templates(
             ["notice_expiry.html", "notice_expiry.txt"],
+            os.path.join(os.path.dirname(os.path.abspath(__file__)), "templates"),
         )
 
         if config.renew_email_subject is not None:
@@ -53,7 +62,7 @@ def __init__(
         try:
             app_name = self._api.email_app_name
             self._renew_email_subject = renew_email_subject % {"app": app_name}
-        except Exception:
+        except (KeyError, TypeError):
             # If substitution failed, fall back to the bare strings.
             self._renew_email_subject = renew_email_subject
 
@@ -110,35 +119,68 @@ async def send_renewal_email(self, user_id: str, expiration_ts: int):
         except SynapseError:
             display_name = user_id
 
-        renewal_token = await self.generate_renewal_token(user_id)
+        # If the user isn't expected to click on a link, but instead to copy the token
+        # into their client, we generate a different kind of token, simpler and shorter,
+        # because a) we don't need it to be unique to the whole table and b) we want the
+        # user to be able to be easily type it back into their client.
+        if self._send_links:
+            renewal_token = await self.generate_unauthenticated_renewal_token(user_id)
 
-        url = "%s_synapse/client/email_account_validity/renew?token=%s" % (
-            self._api.public_baseurl,
-            renewal_token,
-        )
+            url = "%s_synapse/client/email_account_validity/renew?token=%s" % (
+                self._api.public_baseurl,
+                renewal_token,
+            )
+        else:
+            renewal_token = await self.generate_authenticated_renewal_token(user_id)
+            url = None
 
         template_vars = {
+            "app_name": self._api.email_app_name,
             "display_name": display_name,
             "expiration_ts": expiration_ts,
             "url": url,
+            "renewal_token": renewal_token,
         }
 
         html_text = self._template_html.render(**template_vars)
         plain_text = self._template_text.render(**template_vars)
 
         for address in addresses:
             await self._api.send_mail(
-                address,
-                self._renew_email_subject,
-                html_text,
-                plain_text,
+                recipient=address,
+                subject=self._renew_email_subject,
+                html=html_text,
+                text=plain_text,
             )
 
         await self._store.set_renewal_mail_status(user_id=user_id, email_sent=True)
 
-    async def generate_renewal_token(self, user_id: str) -> str:
-        """Generates a 32-byte long random string that will be inserted into the
-        user's renewal email's unique link, then saves it into the database.
+    async def generate_authenticated_renewal_token(self, user_id: str) -> str:
+        """Generates a 8-digit long random string then saves it into the database.
+
+        This token is to be sent to the user over email so that the user can copy it into
+        their client to renew their account.
+
+        Args:
+            user_id: ID of the user to generate a string for.
+
+        Returns:
+            The generated string.
+
+        Raises:
+            SynapseError(500): Couldn't generate a unique string after 5 attempts.
+        """
+        renewal_token = random_digit_string(8)
+        await self._store.set_renewal_token_for_user(
+            user_id, renewal_token, TokenFormat.SHORT,
+        )
+        return renewal_token
+
+    async def generate_unauthenticated_renewal_token(self, user_id: str) -> str:
+        """Generates a 32-letter long random string then saves it into the database.
+
+        This token is to be sent to the user over email in a link that the user will then
+        click to renew their account.
 
         Args:
             user_id: ID of the user to generate a string for.
@@ -153,13 +195,19 @@ async def generate_renewal_token(self, user_id: str) -> str:
         while attempts < 5:
             try:
                 renewal_token = random_string(32)
-                await self._store.set_renewal_token_for_user(user_id, renewal_token)
+                await self._store.set_renewal_token_for_user(
+                    user_id, renewal_token, TokenFormat.LONG,
+                )
                 return renewal_token
             except SynapseError:
                 attempts += 1
         raise SynapseError(500, "Couldn't generate a unique string as refresh string.")
 
-    async def renew_account(self, renewal_token: str) -> Tuple[bool, bool, int]:
+    async def renew_account(
+        self,
+        renewal_token: str,
+        user_id: Optional[str] = None,
+    ) -> Tuple[bool, bool, int]:
         """Renews the account attached to a given renewal token by pushing back the
         expiration date by the current validity period in the server's configuration.
 
@@ -169,19 +217,42 @@ async def renew_account(self, renewal_token: str) -> Tuple[bool, bool, int]:
 
         Args:
             renewal_token: Token sent with the renewal request.
+            user_id: The Matrix ID of the user to renew, if the renewal request was
+                authenticated.
+
         Returns:
             A tuple containing:
               * A bool representing whether the token is valid and unused.
               * A bool which is `True` if the token is valid, but stale.
               * An int representing the user's expiry timestamp as milliseconds since the
                 epoch, or 0 if the token was invalid.
         """
+        # Try to match the token against a known format.
+        if LONG_TOKEN_REGEX.match(renewal_token):
+            token_format = TokenFormat.LONG
+        elif SHORT_TOKEN_REGEX.match(renewal_token):
+            token_format = TokenFormat.SHORT
+        else:
+            # If we can't figure out what format the renewal token is, consider it
+            # invalid.
+            return False, False, 0
+
+        # If we were not able to authenticate the user requesting a renewal, and the
+        # token needs authentication, consider the token neither valid nor stale.
+        if user_id is None and token_format == TokenFormat.SHORT:
+            return False, False, 0
+
+        # Verify if the token, or the (token, user_id) tuple, exists.
         try:
             (
                 user_id,
                 current_expiration_ts,
                 token_used_ts,
-            ) = await self._store.get_user_from_renewal_token(renewal_token)
+            ) = await self._store.validate_renewal_token(
+                renewal_token,
+                token_format,
+                user_id,
+            )
         except SynapseError:
             return False, False, 0
 
@@ -238,6 +309,7 @@ async def renew_account_for_user(
             user_id=user_id,
             expiration_ts=expiration_ts,
             email_sent=email_sent,
+            token_format=TokenFormat.LONG if self._send_links else TokenFormat.SHORT,
             renewal_token=renewal_token,
             token_used_ts=now,
         )

email_account_validity/_config.py

@@ -22,3 +22,4 @@ class EmailAccountValidityConfig:
     period: int
     renew_at: int
     renew_email_subject: Optional[str] = None
+    send_links: bool = True

email_account_validity/_servlets.py

@@ -12,14 +12,19 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import os
 
 from synapse.module_api import (
     DirectServeHtmlResource,
     DirectServeJsonResource,
     ModuleApi,
     respond_with_html,
 )
-from synapse.module_api.errors import ConfigError, SynapseError
+from synapse.module_api.errors import (
+    ConfigError,
+    InvalidClientCredentialsError,
+    SynapseError,
+)
 from twisted.web.resource import Resource
 
 from email_account_validity._base import EmailAccountValidityBase
@@ -64,7 +69,8 @@ def __init__(
                 "account_renewed.html",
                 "account_previously_renewed.html",
                 "invalid_token.html",
-            ]
+            ],
+            os.path.join(os.path.dirname(os.path.abspath(__file__)), "templates"),
         )
 
     async def _async_render_GET(self, request):
@@ -76,11 +82,17 @@ async def _async_render_GET(self, request):
 
         renewal_token = request.args[b"token"][0].decode("utf-8")
 
+        try:
+            requester = await self._api.get_user_by_req(request, allow_expired=True)
+            user_id = requester.user.to_string()
+        except InvalidClientCredentialsError:
+            user_id = None
+
         (
             token_valid,
             token_stale,
             expiration_ts,
-        ) = await self.renew_account(renewal_token)
+        ) = await self.renew_account(renewal_token, user_id)
 
         if token_valid:
             status_code = 200
@@ -93,7 +105,7 @@ async def _async_render_GET(self, request):
                 expiration_ts=expiration_ts
             )
         else:
-            status_code = 404
+            status_code = 400
             response = self._invalid_token_template.render()
 
         respond_with_html(request, status_code, response)
@@ -130,15 +142,6 @@ class EmailAccountValidityAdminServlet(
     EmailAccountValidityBase,
     DirectServeJsonResource,
 ):
-    def __init__(
-        self,
-        config: EmailAccountValidityConfig,
-        api: ModuleApi,
-        store: EmailAccountValidityStore,
-    ):
-        EmailAccountValidityBase.__init__(self, config, api, store)
-        DirectServeJsonResource.__init__(self)
-
     async def _async_render_POST(self, request):
         """On POST requests on /admin, update the given user with the given account
         validity state, if the requester is a server admin.