RISCI_ATOM
/
sydent
mirror of https://github.com/matrix-org/sydent.git


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							# -*- coding: utf-8 -*-

# Copyright 2014 OpenMarket Ltd
# Copyright 2019 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import absolute_import

from twisted.web.resource import Resource

from sydent.util.stringutils import is_valid_client_secret
from sydent.db.valsession import ThreePidValSessionStore
from sydent.http.servlets import get_args, jsonwrap, send_cors, MatrixRestError
from sydent.http.auth import authV2
from sydent.util.stringutils import is_valid_client_secret
from sydent.validators import SessionExpiredException, IncorrectClientSecretException, InvalidSessionIdException,\
    SessionNotValidatedException
from sydent.threepid.bind import BindingNotPermittedException


class ThreePidBindServlet(Resource):
    def __init__(self, sydent, require_auth=False):
        self.sydent = sydent
        self.require_auth = require_auth

    @jsonwrap
    def render_POST(self, request):
        send_cors(request)

        account = None
        if self.require_auth:
            account = authV2(self.sydent, request)

        args = get_args(request, ('sid', 'client_secret', 'mxid'))

        sid = args['sid']
        mxid = args['mxid']
        clientSecret = args['client_secret']

        if not is_valid_client_secret(clientSecret):
            raise MatrixRestError(
                400, 'M_INVALID_PARAM', 'Invalid client_secret provided')

        if account:
            # This is a v2 API so only allow binding to the logged in user id
            if account.userId != mxid:
                raise MatrixRestError(403, 'M_UNAUTHORIZED', "This user is prohibited from binding to the mxid");

        try:
            valSessionStore = ThreePidValSessionStore(self.sydent)
            s = valSessionStore.getValidatedSession(sid, clientSecret)
        except (IncorrectClientSecretException, InvalidSessionIdException):
            # Return the same error for not found / bad client secret otherwise
            # people can get information about sessions without knowing the
            # secret.
            raise MatrixRestError(
                404,
                'M_NO_VALID_SESSION',
                "No valid session was found matching that sid and client secret")
        except SessionExpiredException:
            raise MatrixRestError(
                400,
                'M_SESSION_EXPIRED',
                "This validation session has expired: call requestToken again")
        except SessionNotValidatedException:
            raise MatrixRestError(
                400,
                'M_SESSION_NOT_VALIDATED',
                "This validation session has not yet been completed")

        try:
            res = self.sydent.threepidBinder.addBinding(s.medium, s.address, mxid)
        except BindingNotPermittedException:
            raise MatrixRestError(
                400,
                'M_BINDING_NOT_PERMITTED',
                "This threepid may not be bound to this mxid")

        return res

    def render_OPTIONS(self, request):
        send_cors(request)
        return b''