threepidbindservlet.py 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2014 OpenMarket Ltd
  3. # Copyright 2019 The Matrix.org Foundation C.I.C.
  4. #
  5. # Licensed under the Apache License, Version 2.0 (the "License");
  6. # you may not use this file except in compliance with the License.
  7. # You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. from __future__ import absolute_import
  17. from twisted.web.resource import Resource
  18. from sydent.db.valsession import ThreePidValSessionStore
  19. from sydent.http.servlets import get_args, jsonwrap, send_cors, MatrixRestError
  20. from sydent.http.auth import authIfV2
  21. from sydent.util.stringutils import is_valid_client_secret
  22. from sydent.validators import SessionExpiredException, IncorrectClientSecretException, InvalidSessionIdException,\
  23. SessionNotValidatedException
  24. class ThreePidBindServlet(Resource):
  25. def __init__(self, sydent):
  26. self.sydent = sydent
  27. @jsonwrap
  28. def render_POST(self, request):
  29. send_cors(request)
  30. account = authIfV2(self.sydent, request)
  31. args = get_args(request, ('sid', 'client_secret', 'mxid'))
  32. sid = args['sid']
  33. mxid = args['mxid']
  34. clientSecret = args['client_secret']
  35. if not is_valid_client_secret(clientSecret):
  36. raise MatrixRestError(
  37. 400, 'M_INVALID_PARAM', 'Invalid client_secret provided')
  38. if account:
  39. # This is a v2 API so only allow binding to the logged in user id
  40. if account.userId != mxid:
  41. raise MatrixRestError(403, 'M_UNAUTHORIZED', "This user is prohibited from binding to the mxid");
  42. try:
  43. valSessionStore = ThreePidValSessionStore(self.sydent)
  44. s = valSessionStore.getValidatedSession(sid, clientSecret)
  45. except (IncorrectClientSecretException, InvalidSessionIdException):
  46. # Return the same error for not found / bad client secret otherwise
  47. # people can get information about sessions without knowing the
  48. # secret.
  49. raise MatrixRestError(
  50. 404,
  51. 'M_NO_VALID_SESSION',
  52. "No valid session was found matching that sid and client secret")
  53. except SessionExpiredException:
  54. raise MatrixRestError(
  55. 400,
  56. 'M_SESSION_EXPIRED',
  57. "This validation session has expired: call requestToken again")
  58. except SessionNotValidatedException:
  59. raise MatrixRestError(
  60. 400,
  61. 'M_SESSION_NOT_VALIDATED',
  62. "This validation session has not yet been completed")
  63. res = self.sydent.threepidBinder.addBinding(s.medium, s.address, mxid)
  64. return res
  65. def render_OPTIONS(self, request):
  66. send_cors(request)
  67. return b''