matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity

Pass time and RNG in CSRF verification methods

Browse Source
This commit is contained in:
Quentin Gliech
2022-10-24 14:12:07 +02:00
parent f0d95a7613
commit b7c50b5403
26 changed files with 143 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
crates/config/src/sections/clients.rs
View File

@@ -17,6 +17,7 @@ use std::ops::{Deref, DerefMut};
use async_trait::async_trait;
use mas_iana::oauth::OAuthClientAuthenticationMethod;
use mas_jose::jwk::PublicJsonWebKeySet;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::skip_serializing_none;
@@ -171,8 +172,10 @@ impl ConfigurationSection<'_> for ClientsConfig {
"clients"
}
#[tracing::instrument]
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/csrf.rs
View File

@@ -14,6 +14,7 @@
use async_trait::async_trait;
use chrono::Duration;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::serde_as;
@@ -47,7 +48,10 @@ impl ConfigurationSection<'_> for CsrfConfig {
"csrf"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/database.rs
View File

@@ -16,6 +16,7 @@ use std::{num::NonZeroU32, path::PathBuf, time::Duration};
use anyhow::Context;
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::{serde_as, skip_serializing_none};
@@ -224,7 +225,10 @@ impl ConfigurationSection<'_> for DatabaseConfig {
"database"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/email.rs
View File

@@ -18,6 +18,7 @@ use anyhow::Context;
use async_trait::async_trait;
use lettre::{message::Mailbox, Address};
use mas_email::MailTransport;
use rand::Rng;
use schemars::{
gen::SchemaGenerator,
schema::{InstanceType, Schema, SchemaObject},
@@ -160,7 +161,10 @@ impl ConfigurationSection<'_> for EmailConfig {
"email"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/http.rs
View File

@@ -17,6 +17,7 @@ use std::{borrow::Cow, io::Cursor, ops::Deref, path::PathBuf};
use anyhow::bail;
use async_trait::async_trait;
use mas_keystore::PrivateKey;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::skip_serializing_none;
@@ -328,7 +329,10 @@ impl ConfigurationSection<'_> for HttpConfig {
"http"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/matrix.rs
View File

@@ -13,6 +13,7 @@
// limitations under the License.
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::serde_as;
@@ -46,7 +47,10 @@ impl ConfigurationSection<'_> for MatrixConfig {
"matrix"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

26
crates/config/src/sections/mod.rs
View File

@@ -13,6 +13,7 @@
// limitations under the License.
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
@@ -96,18 +97,21 @@ impl ConfigurationSection<'_> for RootConfig {
""
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(mut rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self {
clients: ClientsConfig::generate().await?,
http: HttpConfig::generate().await?,
database: DatabaseConfig::generate().await?,
telemetry: TelemetryConfig::generate().await?,
templates: TemplatesConfig::generate().await?,
csrf: CsrfConfig::generate().await?,
email: EmailConfig::generate().await?,
secrets: SecretsConfig::generate().await?,
matrix: MatrixConfig::generate().await?,
policy: PolicyConfig::generate().await?,
clients: ClientsConfig::generate(&mut rng).await?,
http: HttpConfig::generate(&mut rng).await?,
database: DatabaseConfig::generate(&mut rng).await?,
telemetry: TelemetryConfig::generate(&mut rng).await?,
templates: TemplatesConfig::generate(&mut rng).await?,
csrf: CsrfConfig::generate(&mut rng).await?,
email: EmailConfig::generate(&mut rng).await?,
secrets: SecretsConfig::generate(&mut rng).await?,
matrix: MatrixConfig::generate(&mut rng).await?,
policy: PolicyConfig::generate(&mut rng).await?,
})
}

6
crates/config/src/sections/policy.rs
View File

@@ -15,6 +15,7 @@
use std::path::PathBuf;
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::serde_as;
@@ -76,7 +77,10 @@ impl ConfigurationSection<'_> for PolicyConfig {
"policy"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

13
crates/config/src/sections/secrets.rs
View File

@@ -20,7 +20,7 @@ use mas_jose::jwk::{JsonWebKey, JsonWebKeySet};
use mas_keystore::{Encrypter, Keystore, PrivateKey};
use rand::{
distributions::{Alphanumeric, DistString},
thread_rng, SeedableRng,
Rng, SeedableRng,
};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
@@ -137,12 +137,11 @@ impl ConfigurationSection<'_> for SecretsConfig {
"secrets"
}
#[tracing::instrument]
async fn generate() -> anyhow::Result<Self> {
// XXX: that RNG should come from somewhere else
#[allow(clippy::disallowed_methods)]
let mut rng = rand_chacha::ChaChaRng::from_rng(thread_rng())?;
#[tracing::instrument(skip_all)]
async fn generate<R>(mut rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
info!("Generating keys...");
let span = tracing::info_span!("rsa");

6
crates/config/src/sections/telemetry.rs
View File

@@ -15,6 +15,7 @@
use std::num::NonZeroU16;
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::skip_serializing_none;
@@ -274,7 +275,10 @@ impl ConfigurationSection<'_> for TelemetryConfig {
"telemetry"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

6
crates/config/src/sections/templates.rs
View File

@@ -13,6 +13,7 @@
// limitations under the License.
use async_trait::async_trait;
use rand::Rng;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
@@ -49,7 +50,10 @@ impl ConfigurationSection<'_> for TemplatesConfig {
"templates"
}
async fn generate() -> anyhow::Result<Self> {
async fn generate<R>(_rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
Ok(Self::default())
}

12
crates/config/src/util.rs
View File

@@ -21,6 +21,7 @@ use figment::{
providers::{Env, Format, Serialized, Yaml},
Figment, Profile,
};
use rand::Rng;
use serde::{Deserialize, Serialize};
#[async_trait]
@@ -31,7 +32,9 @@ pub trait ConfigurationSection<'a>: Sized + Deserialize<'a> + Serialize {
fn path() -> &'static str;
/// Generate a sample configuration for this section.
async fn generate() -> anyhow::Result<Self>;
async fn generate<R>(rng: R) -> anyhow::Result<Self>
where
R: Rng + Send;
/// Generate a sample configuration and override it with environment
/// variables.
@@ -44,8 +47,11 @@ pub trait ConfigurationSection<'a>: Sized + Deserialize<'a> + Serialize {
/// export MAS_HTTP_ADDRESS=127.0.0.1:1234
/// matrix-authentication-service config generate
/// ```
async fn load_and_generate() -> anyhow::Result<Self> {
let base = Self::generate()
async fn load_and_generate<R>(rng: R) -> anyhow::Result<Self>
where
R: Rng + Send,
{
let base = Self::generate(rng)
.await
.context("could not generate configuration")?;