matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Remove the login policy (since it is not implemented yet)

Browse Source
This commit is contained in:
Quentin Gliech
2022-06-03 12:46:05 +02:00
parent 7c8893e596
commit eb22c33a7d
5 changed files with 3 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/cli/src/commands/server.rs
View File

@ -194,7 +194,6 @@ impl Options {
let policy_factory = PolicyFactory::load( let policy_factory = PolicyFactory::load(
&mut policy, &mut policy,
config.policy.data.clone().unwrap_or_default(), config.policy.data.clone().unwrap_or_default(),
config.policy.login_entrypoint.clone(),
config.policy.register_entrypoint.clone(), config.policy.register_entrypoint.clone(),
config.policy.client_registration_entrypoint.clone(), config.policy.client_registration_entrypoint.clone(),
) )

9
crates/config/src/sections/policy.rs
View File

@ -25,10 +25,6 @@ fn default_client_registration_endpoint() -> String {
"client_registration/violation".to_string() "client_registration/violation".to_string()
} }
fn default_login_endpoint() -> String {
"login/violation".to_string()
}
fn default_register_endpoint() -> String { fn default_register_endpoint() -> String {
"register/violation".to_string() "register/violation".to_string()
} }
@ -45,10 +41,6 @@ pub struct PolicyConfig {
#[serde(default = "default_client_registration_endpoint")] #[serde(default = "default_client_registration_endpoint")]
pub client_registration_entrypoint: String, pub client_registration_entrypoint: String,
/// Entrypoint to use when evaluating user logins
#[serde(default = "default_login_endpoint")]
pub login_entrypoint: String,
/// Entrypoint to use when evaluating user registrations /// Entrypoint to use when evaluating user registrations
#[serde(default = "default_register_endpoint")] #[serde(default = "default_register_endpoint")]
pub register_entrypoint: String, pub register_entrypoint: String,
@ -63,7 +55,6 @@ impl Default for PolicyConfig {
Self { Self {
wasm_module: None, wasm_module: None,
client_registration_entrypoint: default_client_registration_endpoint(), client_registration_entrypoint: default_client_registration_endpoint(),
login_entrypoint: default_login_endpoint(),
register_entrypoint: default_register_endpoint(), register_entrypoint: default_register_endpoint(),
data: None, data: None,
} }

4
crates/policy/policies/Makefile
View File

@ -9,8 +9,8 @@ else
OPA_RW := docker run -v $(shell pwd):/policies -w /policies --rm docker.io/openpolicyagent/opa:0.40.0 OPA_RW := docker run -v $(shell pwd):/policies -w /policies --rm docker.io/openpolicyagent/opa:0.40.0
endif endif
policy.wasm: client_registration.rego login.rego register.rego policy.wasm: client_registration.rego register.rego
$(OPA_RW) build -t wasm -e "client_registration/violation" -e "login/violation" -e "register/violation" $^ $(OPA_RW) build -t wasm -e "client_registration/violation" -e "register/violation" $^
tar xzf bundle.tar.gz /policy.wasm tar xzf bundle.tar.gz /policy.wasm
$(RM) bundle.tar.gz $(RM) bundle.tar.gz
touch $@ touch $@

3
crates/policy/policies/login.rego
View File

@ -1,3 +0,0 @@
package login
violation := []

24
crates/policy/src/lib.rs
View File

@ -50,7 +50,6 @@ pub struct PolicyFactory {
engine: Engine, engine: Engine,
module: Module, module: Module,
data: serde_json::Value, data: serde_json::Value,
login_entrypoint: String,
register_entrypoint: String, register_entrypoint: String,
client_registration_entrypoint: String, client_registration_entrypoint: String,
} }
@ -59,7 +58,6 @@ impl PolicyFactory {
pub async fn load( pub async fn load(
mut source: impl AsyncRead + std::marker::Unpin, mut source: impl AsyncRead + std::marker::Unpin,
data: serde_json::Value, data: serde_json::Value,
login_entrypoint: String,
register_entrypoint: String, register_entrypoint: String,
client_registration_entrypoint: String, client_registration_entrypoint: String,
) -> Result<Self, LoadError> { ) -> Result<Self, LoadError> {
@ -84,7 +82,6 @@ impl PolicyFactory {
engine, engine,
module, module,
data, data,
login_entrypoint,
register_entrypoint, register_entrypoint,
client_registration_entrypoint, client_registration_entrypoint,
}; };
@ -106,8 +103,8 @@ impl PolicyFactory {
let entrypoints = runtime.entrypoints(); let entrypoints = runtime.entrypoints();
for e in [ for e in [
self.login_entrypoint.as_str(),
self.register_entrypoint.as_str(), self.register_entrypoint.as_str(),
self.client_registration_entrypoint.as_str(),
] { ] {
if !entrypoints.contains(e) { if !entrypoints.contains(e) {
bail!("missing entrypoint {e}") bail!("missing entrypoint {e}")
@ -119,7 +116,6 @@ impl PolicyFactory {
Ok(Policy { Ok(Policy {
store, store,
instance, instance,
login_entrypoint: self.login_entrypoint.clone(),
register_entrypoint: self.register_entrypoint.clone(), register_entrypoint: self.register_entrypoint.clone(),
client_registration_entrypoint: self.client_registration_entrypoint.clone(), client_registration_entrypoint: self.client_registration_entrypoint.clone(),
}) })
@ -148,28 +144,11 @@ impl EvaluationResult {
pub struct Policy { pub struct Policy {
store: Store<()>, store: Store<()>,
instance: opa_wasm::Policy, instance: opa_wasm::Policy,
login_entrypoint: String,
register_entrypoint: String, register_entrypoint: String,
client_registration_entrypoint: String, client_registration_entrypoint: String,
} }
impl Policy { impl Policy {
#[tracing::instrument]
pub async fn evaluate_login(
&mut self,
user: &mas_data_model::User<()>,
) -> Result<EvaluationResult, anyhow::Error> {
let user = serde_json::to_value(user)?;
let input = serde_json::json!({ "user": user });
let [res]: [EvaluationResult; 1] = self
.instance
.evaluate(&mut self.store, &self.login_entrypoint, &input)
.await?;
Ok(res)
}
#[tracing::instrument] #[tracing::instrument]
pub async fn evaluate_register( pub async fn evaluate_register(
&mut self, &mut self,
@ -226,7 +205,6 @@ mod tests {
"allowed_domains": ["element.io", "*.element.io"], "allowed_domains": ["element.io", "*.element.io"],
"banned_domains": ["staging.element.io"], "banned_domains": ["staging.element.io"],
}), }),
"login/violation".to_string(),
"register/violation".to_string(), "register/violation".to_string(),
"client_registration/violation".to_string(), "client_registration/violation".to_string(),
) )