From e87ac86e48196e593da3316718f38f0149130c26 Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 22 May 2019 11:51:05 +0100 Subject: [PATCH 1/6] interactive-auth now handles requesting email tokens interactive-auth now has a callback to request the email token which it will call at the appropriate time (now at the start of the auth process if the chosen flow contain an email auth stage). This does make this a breaking change, although not sure this is used outside of Riot. We could make it backwards compatible by having an option for the new behaviour. It may not be worthwhile though. https://github.com/vector-im/riot-web/issues/9586 --- src/interactive-auth.js | 142 +++++++++++++++++++++++----------------- 1 file changed, 82 insertions(+), 60 deletions(-) diff --git a/src/interactive-auth.js b/src/interactive-auth.js index 0945c31e3..7f7dd7c57 100644 --- a/src/interactive-auth.js +++ b/src/interactive-auth.js @@ -1,6 +1,7 @@ /* Copyright 2016 OpenMarket Ltd Copyright 2017 Vector Creations Ltd +Copyright 2019 The Matrix.org Foundation C.I.C. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -88,6 +89,12 @@ const MSISDN_STAGE_TYPE = "m.login.msisdn"; * @param {string?} opts.emailSid If returning from having completed m.login.email.identity * auth, the sid for the email verification session. * + * @param {function?} opts.requestEmailToken A function that takes the email address (string), + * clientSecret (string), attempt number (int) and sessionId (string) and calls the + * relevant requestToken function and returns the promise returned by that function. + * If the resulting promise rejects, the rejection will propagate through to the + * attemptAuth promise. + * */ function InteractiveAuth(opts) { this._matrixClient = opts.matrixClient; @@ -95,14 +102,17 @@ function InteractiveAuth(opts) { this._requestCallback = opts.doRequest; // startAuthStage included for backwards compat this._stateUpdatedCallback = opts.stateUpdated || opts.startAuthStage; - this._completionDeferred = null; + this._resolveFunc = null; + this._rejectFunc = null; this._inputs = opts.inputs || {}; + this._requestEmailTokenCallback = opts.requestEmailToken; if (opts.sessionId) this._data.session = opts.sessionId; this._clientSecret = opts.clientSecret || this._matrixClient.generateClientSecret(); this._emailSid = opts.emailSid; if (this._emailSid === undefined) this._emailSid = null; + this._chosenFlow = null; this._currentStage = null; } @@ -115,11 +125,10 @@ InteractiveAuth.prototype = { * no suitable authentication flow can be found */ attemptAuth: function() { - this._completionDeferred = Promise.defer(); + return new Promise(async (resolve, reject) => { + this._resolveFunc = resolve; + this._rejectFunc = reject; - // wrap in a promise so that if _startNextAuthStage - // throws, it rejects the promise in a consistent way - return Promise.resolve().then(() => { // if we have no flows, try a request (we'll have // just a session ID in _data if resuming) if (!this._data.flows) { @@ -127,7 +136,6 @@ InteractiveAuth.prototype = { } else { this._startNextAuthStage(); } - return this._completionDeferred.promise; }); }, @@ -194,6 +202,10 @@ InteractiveAuth.prototype = { return params[loginType]; }, + getChosenFlow() { + return this._chosenFlow; + }, + /** * submit a new auth dict and fire off the request. This will either * make attemptAuth resolve/reject, or cause the startAuthStage callback @@ -207,7 +219,7 @@ InteractiveAuth.prototype = { * for requests that just poll to see if auth has been completed elsewhere. */ submitAuthDict: function(authData, background) { - if (!this._completionDeferred) { + if (!this._resolveFunc) { throw new Error("submitAuthDict() called before attemptAuth()"); } @@ -253,58 +265,66 @@ InteractiveAuth.prototype = { * This can be set to true for requests that just poll to see if auth has * been completed elsewhere. */ - _doRequest: function(auth, background) { - const self = this; - - // hackery to make sure that synchronous exceptions end up in the catch - // handler (without the additional event loop entailed by q.fcall or an - // extra Promise.resolve().then) - let prom; + _doRequest: async function(auth, background) { try { - prom = this._requestCallback(auth, background); - } catch (e) { - prom = Promise.reject(e); - } + const result = await this._requestCallback(auth, background); + console.log("result from request: ", result); + this._resolveFunc(result); + } catch (error) { + // sometimes UI auth errors don't come with flows + const errorFlows = error.data ? error.data.flows : null; + const haveFlows = Boolean(this._data.flows) || Boolean(errorFlows); + if (error.httpStatus !== 401 || !error.data || !haveFlows) { + // doesn't look like an interactive-auth failure. + if (!background) { + this._rejectFunc(error); + } else { + // We ignore all failures here (even non-UI auth related ones) + // since we don't want to suddenly fail if the internet connection + // had a blip whilst we were polling + console.log("Ignoring error from UI auth: " + error); + } + } + // if the error didn't come with flows, completed flows or session ID, + // copy over the ones we have. Synapse sometimes sends responses without + // any UI auth data (eg. when polling for email validation, if the email + // has not yet been validated). This appears to be a Synapse bug, which + // we workaround here. + if (!error.data.flows && !error.data.completed && !error.data.session) { + error.data.flows = this._data.flows; + error.data.completed = this._data.completed; + error.data.session = this._data.session; + } + this._data = error.data; + this._startNextAuthStage(); - prom = prom.then( - function(result) { - console.log("result from request: ", result); - self._completionDeferred.resolve(result); - }, function(error) { - // sometimes UI auth errors don't come with flows - const errorFlows = error.data ? error.data.flows : null; - const haveFlows = Boolean(self._data.flows) || Boolean(errorFlows); - if (error.httpStatus !== 401 || !error.data || !haveFlows) { - // doesn't look like an interactive-auth failure. fail the whole lot. - throw error; + if ( + !this._emailSid && + this._chosenFlow.stages.includes('m.login.email.identity') + ) { + // If we've picked a flow with email auth, we send the email + // now because we want the request to fail as soon as possible + // if the email address is not valid (ie. already taken or not + // registered, depending on what the operation is). + try { + const requestTokenResult = await this._requestEmailTokenCallback( + this._inputs.emailAddress, + this._clientSecret, + 1, // TODO: Multiple send attempts? + this._data.session, + ); + this._emailSid = requestTokenResult.sid; + } catch (e) { + // we failed to request an email token, so fail the request. + // This could be due to the email already beeing registered + // (or not being registered, depending on what we're trying + // to do) or it could be a network failure. Either way, pass + // the failure up as the user can't complete auth if we can't + // send the email, foe whatever reason. + this._rejectFunc(e); } - // if the error didn't come with flows, completed flows or session ID, - // copy over the ones we have. Synapse sometimes sends responses without - // any UI auth data (eg. when polling for email validation, if the email - // has not yet been validated). This appears to be a Synapse bug, which - // we workaround here. - if (!error.data.flows && !error.data.completed && !error.data.session) { - error.data.flows = self._data.flows; - error.data.completed = self._data.completed; - error.data.session = self._data.session; - } - self._data = error.data; - self._startNextAuthStage(); - }, - ); - if (!background) { - prom = prom.catch((e) => { - this._completionDeferred.reject(e); - }); - } else { - // We ignore all failures here (even non-UI auth related ones) - // since we don't want to suddenly fail if the internet connection - // had a blip whilst we were polling - prom = prom.catch((error) => { - console.log("Ignoring error from UI auth: " + error); - }); + } } - prom.done(); }, /** @@ -313,14 +333,14 @@ InteractiveAuth.prototype = { * @private * @throws {NoAuthFlowFoundError} If no suitable authentication flow can be found */ - _startNextAuthStage: function() { + _startNextAuthStage: async function() { const nextStage = this._chooseStage(); if (!nextStage) { throw new Error("No incomplete flows from the server"); } this._currentStage = nextStage; - if (nextStage == 'm.login.dummy') { + if (nextStage === 'm.login.dummy') { this.submitAuthDict({ type: 'm.login.dummy', }); @@ -350,9 +370,11 @@ InteractiveAuth.prototype = { * @throws {NoAuthFlowFoundError} If no suitable authentication flow can be found */ _chooseStage: function() { - const flow = this._chooseFlow(); - console.log("Active flow => %s", JSON.stringify(flow)); - const nextStage = this._firstUncompletedStage(flow); + if (this._chosenFlow === null) { + this._chosenFlow = this._chooseFlow(); + } + console.log("Active flow => %s", JSON.stringify(this._chosenFlow)); + const nextStage = this._firstUncompletedStage(this._chosenFlow); console.log("Next stage: %s", nextStage); return nextStage; }, From 87c6d11fca0217e5c436b4813b8a91f5bff2303f Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 22 May 2019 13:09:24 +0100 Subject: [PATCH 2/6] PR feedback --- src/interactive-auth.js | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/interactive-auth.js b/src/interactive-auth.js index 7f7dd7c57..57420ed44 100644 --- a/src/interactive-auth.js +++ b/src/interactive-auth.js @@ -125,7 +125,9 @@ InteractiveAuth.prototype = { * no suitable authentication flow can be found */ attemptAuth: function() { - return new Promise(async (resolve, reject) => { + // This promise will be quite long-lived and will resolve when the + // request is authenticated and completes successfully. + return new Promise((resolve, reject) => { this._resolveFunc = resolve; this._rejectFunc = reject; @@ -268,7 +270,6 @@ InteractiveAuth.prototype = { _doRequest: async function(auth, background) { try { const result = await this._requestCallback(auth, background); - console.log("result from request: ", result); this._resolveFunc(result); } catch (error) { // sometimes UI auth errors don't come with flows @@ -282,7 +283,10 @@ InteractiveAuth.prototype = { // We ignore all failures here (even non-UI auth related ones) // since we don't want to suddenly fail if the internet connection // had a blip whilst we were polling - console.log("Ignoring error from UI auth: " + error); + console.log( + "Background poll request failed doing UI auth: ignoring", + error,. + ); } } // if the error didn't come with flows, completed flows or session ID, @@ -314,6 +318,12 @@ InteractiveAuth.prototype = { this._data.session, ); this._emailSid = requestTokenResult.sid; + // NB. promise is not resolved here - at some point, doRequest + // will be called again and if the user has jumped through all + // the hoops correctly, auth will be complete and the request + // will succeed. + // Also, we should expose the fact that this request has compledted + // so clients can know that the email has actually been sent. } catch (e) { // we failed to request an email token, so fail the request. // This could be due to the email already beeing registered @@ -333,7 +343,7 @@ InteractiveAuth.prototype = { * @private * @throws {NoAuthFlowFoundError} If no suitable authentication flow can be found */ - _startNextAuthStage: async function() { + _startNextAuthStage: function() { const nextStage = this._chooseStage(); if (!nextStage) { throw new Error("No incomplete flows from the server"); From f83eae4a4668bd53b512e625278bb535f9c88539 Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 22 May 2019 13:11:05 +0100 Subject: [PATCH 3/6] typing hard --- src/interactive-auth.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/interactive-auth.js b/src/interactive-auth.js index 57420ed44..7d53031af 100644 --- a/src/interactive-auth.js +++ b/src/interactive-auth.js @@ -285,7 +285,7 @@ InteractiveAuth.prototype = { // had a blip whilst we were polling console.log( "Background poll request failed doing UI auth: ignoring", - error,. + error, ); } } From 3c23e166a782e056c29d8ea512dd4791a9b0f446 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Thu, 23 May 2019 16:28:26 +0100 Subject: [PATCH 4/6] Upgrade jsdoc --- yarn.lock | 163 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 98 insertions(+), 65 deletions(-) diff --git a/yarn.lock b/yarn.lock index 8361644da..fc0c78529 100644 --- a/yarn.lock +++ b/yarn.lock @@ -887,11 +887,6 @@ babel-types@^6.19.0, babel-types@^6.24.1, babel-types@^6.26.0: lodash "^4.17.4" to-fast-properties "^1.0.3" -babylon@7.0.0-beta.19: - version "7.0.0-beta.19" - resolved "https://registry.yarnpkg.com/babylon/-/babylon-7.0.0-beta.19.tgz#e928c7e807e970e0536b078ab3e0c48f9e052503" - integrity sha512-Vg0C9s/REX6/WIXN37UKpv5ZhRi6A4pjHlpkE34+8/a6c2W1Q692n3hmc+SZG5lKRnaExLUbxtJ1SVT+KaCQ/A== - babylon@^6.18.0: version "6.18.0" resolved "https://registry.yarnpkg.com/babylon/-/babylon-6.18.0.tgz#af2f3b88fa6f5c1e4c634d1a0f8eac4f55b395e3" @@ -944,7 +939,7 @@ binary-extensions@^1.0.0: resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65" integrity sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw== -bluebird@^3.5.0, bluebird@~3.5.0: +bluebird@^3.5.0, bluebird@^3.5.4: version "3.5.4" resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.5.4.tgz#d6cc661595de30d5b3af5fcedd3c0b3ef6ec5714" integrity sha512-FG+nFEZChJrbQ9tIccIfZJBz3J7mLrAhxakAbnrJWn8d7aKOC+LWifa0G+p4ZqKp4y13T7juYvdhq9NzKdsrjw== @@ -1210,12 +1205,12 @@ caseless@~0.12.0: resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw= -catharsis@~0.8.9: - version "0.8.9" - resolved "https://registry.yarnpkg.com/catharsis/-/catharsis-0.8.9.tgz#98cc890ca652dd2ef0e70b37925310ff9e90fc8b" - integrity sha1-mMyJDKZS3S7w5ws3klMQ/56Q/Is= +catharsis@^0.8.10: + version "0.8.10" + resolved "https://registry.yarnpkg.com/catharsis/-/catharsis-0.8.10.tgz#364198c1fbf084ae17028ee33ec7db53ca942ee6" + integrity sha512-l2OUaz/3PU3MZylspVFJvwHCVfWyvcduPq4lv3AzZ2pJzZCo7kNKFNyatwujD7XgvGkNAE/Jhhbh2uARNwNkfw== dependencies: - underscore-contrib "~0.3.0" + lodash "^4.17.11" center-align@^0.1.1: version "0.1.3" @@ -1735,6 +1730,11 @@ emoji-regex@^7.0.1: resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-7.0.3.tgz#933a04052860c85e83c122479c4748a8e4c72156" integrity sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA== +entities@~1.1.1: + version "1.1.2" + resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56" + integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w== + es-abstract@^1.12.0: version "1.13.0" resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.13.0.tgz#ac86145fdd5099d8dd49558ccba2eaf9b88e24e9" @@ -1756,11 +1756,16 @@ es-to-primitive@^1.2.0: is-date-object "^1.0.1" is-symbol "^1.0.2" -escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.3, escape-string-regexp@^1.0.5, escape-string-regexp@~1.0.5: +escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.3, escape-string-regexp@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= +escape-string-regexp@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344" + integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w== + escodegen@1.8.x: version "1.8.1" resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.8.1.tgz#5a5b53af4693110bebb0867aa3430dd3b70a1018" @@ -2923,12 +2928,12 @@ js-yaml@3.x, js-yaml@^3.13.0: argparse "^1.0.7" esprima "^4.0.0" -js2xmlparser@~3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/js2xmlparser/-/js2xmlparser-3.0.0.tgz#3fb60eaa089c5440f9319f51760ccd07e2499733" - integrity sha1-P7YOqgicVED5MZ9RdgzNB+JJlzM= +js2xmlparser@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/js2xmlparser/-/js2xmlparser-4.0.0.tgz#ae14cc711b2892083eed6e219fbc993d858bc3a5" + integrity sha512-WuNgdZOXVmBk5kUPMcTcVUpbGRzLfNkv7+7APq7WiDihpXVKrgxo6wwRpRl9OQeEBgKCVk9mR7RbzrnNWC8oBw== dependencies: - xmlcreate "^1.0.1" + xmlcreate "^2.0.0" jsbn@~0.1.0: version "0.1.1" @@ -2936,22 +2941,24 @@ jsbn@~0.1.0: integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM= jsdoc@^3.5.5: - version "3.5.5" - resolved "https://registry.yarnpkg.com/jsdoc/-/jsdoc-3.5.5.tgz#484521b126e81904d632ff83ec9aaa096708fa4d" - integrity sha512-6PxB65TAU4WO0Wzyr/4/YhlGovXl0EVYfpKbpSroSj0qBxT4/xod/l40Opkm38dRHRdQgdeY836M0uVnJQG7kg== + version "3.6.2" + resolved "https://registry.yarnpkg.com/jsdoc/-/jsdoc-3.6.2.tgz#ee289fc6ba9263b7e4eceb99921179fe1c31489a" + integrity sha512-S2vzg99C5+gb7FWlrK4TVdyzVPGGkdvpDkCEJH1JABi2PKzPeLu5/zZffcJUifgWUJqXWl41Hoc+MmuM2GukIg== dependencies: - babylon "7.0.0-beta.19" - bluebird "~3.5.0" - catharsis "~0.8.9" - escape-string-regexp "~1.0.5" - js2xmlparser "~3.0.0" - klaw "~2.0.0" - marked "~0.3.6" - mkdirp "~0.5.1" - requizzle "~0.2.1" - strip-json-comments "~2.0.1" + "@babel/parser" "^7.4.4" + bluebird "^3.5.4" + catharsis "^0.8.10" + escape-string-regexp "^2.0.0" + js2xmlparser "^4.0.0" + klaw "^3.0.0" + markdown-it "^8.4.2" + markdown-it-anchor "^5.0.2" + marked "^0.6.2" + mkdirp "^0.5.1" + requizzle "^0.2.2" + strip-json-comments "^3.0.1" taffydb "2.6.2" - underscore "~1.8.3" + underscore "~1.9.1" jsesc@^1.3.0: version "1.3.0" @@ -3044,10 +3051,10 @@ kind-of@^6.0.0, kind-of@^6.0.2: resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.2.tgz#01146b36a6218e64e58f3a8d66de5d7fc6f6d051" integrity sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA== -klaw@~2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/klaw/-/klaw-2.0.0.tgz#59c128e0dc5ce410201151194eeb9cbf858650f6" - integrity sha1-WcEo4Nxc5BAgEVEZTuucv4WGUPY= +klaw@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/klaw/-/klaw-3.0.0.tgz#b11bec9cf2492f06756d6e809ab73a2910259146" + integrity sha512-0Fo5oir+O9jnXu5EefYbVK+mHMBeEVEy2cmctR1O1NECcCkPRreJKrS6Qt/j3KC2C148Dfo9i3pCmCMsdqGr0g== dependencies: graceful-fs "^4.1.9" @@ -3073,6 +3080,13 @@ levn@^0.3.0, levn@~0.3.0: prelude-ls "~1.1.2" type-check "~0.3.2" +linkify-it@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-2.1.0.tgz#c4caf38a6cd7ac2212ef3c7d2bde30a91561f9db" + integrity sha512-4REs8/062kV2DSHxNfq5183zrqXMl7WP0WzABH9IeJI+NLm429FgE1PDecltYfnOoFDFlZGh2T8PfZn0r+GTRg== + dependencies: + uc.micro "^1.0.1" + lodash.memoize@~3.0.3: version "3.0.4" resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-3.0.4.tgz#2dcbd2c287cbc0a55cc42328bd0c736150d53e3f" @@ -3122,10 +3136,26 @@ map-visit@^1.0.0: dependencies: object-visit "^1.0.0" -marked@~0.3.6: - version "0.3.19" - resolved "https://registry.yarnpkg.com/marked/-/marked-0.3.19.tgz#5d47f709c4c9fc3c216b6d46127280f40b39d790" - integrity sha512-ea2eGWOqNxPcXv8dyERdSr/6FmzvWwzjMxpfGB/sbMccXoct+xY+YukPD+QTUZwyvK7BZwcr4m21WBOW41pAkg== +markdown-it-anchor@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/markdown-it-anchor/-/markdown-it-anchor-5.0.2.tgz#cdd917a05b7bf92fb736a6dae3385c6d0d0fa552" + integrity sha512-AFM/woBI8QDJMS/9+MmsBMT5/AR+ImfOsunQZTZhzcTmna3rIzAzbOh5E0l6mlFM/i9666BpUtkqQ9bS7WApCg== + +markdown-it@^8.4.2: + version "8.4.2" + resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-8.4.2.tgz#386f98998dc15a37722aa7722084f4020bdd9b54" + integrity sha512-GcRz3AWTqSUphY3vsUqQSFMbgR38a4Lh3GWlHRh/7MRwz8mcu9n2IO7HOh+bXHrR9kOPDl5RNCaEsrneb+xhHQ== + dependencies: + argparse "^1.0.7" + entities "~1.1.1" + linkify-it "^2.0.0" + mdurl "^1.0.1" + uc.micro "^1.0.5" + +marked@^0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/marked/-/marked-0.6.2.tgz#c574be8b545a8b48641456ca1dbe0e37b6dccc1a" + integrity sha512-LqxwVH3P/rqKX4EKGz7+c2G9r98WeM/SW34ybhgNGhUQNKtf1GmmSkJ6cDGJ/t6tiyae49qRkpyTw2B9HOrgUA== math-random@^1.0.1: version "1.0.4" @@ -3149,6 +3179,11 @@ md5.js@^1.3.4: inherits "^2.0.1" safe-buffer "^5.1.2" +mdurl@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz#fe85b2ec75a59037f2adfec100fd6c601761152e" + integrity sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4= + micromatch@^2.1.5: version "2.3.11" resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-2.3.11.tgz#86677c97d1720b363431d04d0d15293bd38c1565" @@ -3272,7 +3307,7 @@ mixin-deep@^1.2.0: for-in "^1.0.2" is-extendable "^1.0.1" -mkdirp@0.5.1, mkdirp@0.5.x, mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@~0.5.1: +mkdirp@0.5.1, mkdirp@0.5.x, mkdirp@^0.5.0, mkdirp@^0.5.1: version "0.5.1" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903" integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM= @@ -4024,12 +4059,12 @@ request@^2.88.0: tunnel-agent "^0.6.0" uuid "^3.3.2" -requizzle@~0.2.1: - version "0.2.1" - resolved "https://registry.yarnpkg.com/requizzle/-/requizzle-0.2.1.tgz#6943c3530c4d9a7e46f1cddd51c158fc670cdbde" - integrity sha1-aUPDUwxNmn5G8c3dUcFY/GcM294= +requizzle@^0.2.2: + version "0.2.2" + resolved "https://registry.yarnpkg.com/requizzle/-/requizzle-0.2.2.tgz#df991c0cffbbbdde721504c1455f68f53f7c7bd1" + integrity sha512-oJ6y7JcUJkblRGhMByGNcszeLgU0qDxNKFCiUZR1XyzHyVsev+Mxb1tyygxLd1ORsKee1SA5BInFdUwY64GE/A== dependencies: - underscore "~1.6.0" + lodash "^4.17.11" resolve-from@^4.0.0: version "4.0.0" @@ -4447,6 +4482,11 @@ strip-json-comments@^2.0.1, strip-json-comments@~2.0.1: resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo= +strip-json-comments@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.0.1.tgz#85713975a91fb87bf1b305cca77395e40d2a64a7" + integrity sha512-VTyMAUfdm047mwKl+u79WIdrZxtFtn+nBxHeb844XBQ9uMNTuTHdx2hc5RiAJYqwTj3wc/xe5HLSdJSkJ+WfZw== + subarg@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/subarg/-/subarg-1.0.0.tgz#f62cf17581e996b48fc965699f54c06ae268b8d2" @@ -4664,6 +4704,11 @@ typedarray@^0.0.6: resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= +uc.micro@^1.0.1, uc.micro@^1.0.5: + version "1.0.6" + resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.6.tgz#9c411a802a409a91fc6cf74081baba34b24499ac" + integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA== + uglify-js@^2.8.26: version "2.8.29" resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-2.8.29.tgz#29c5733148057bb4e1f75df35b7a9cb72e6a59dd" @@ -4703,22 +4748,10 @@ undeclared-identifiers@^1.1.2: simple-concat "^1.0.0" xtend "^4.0.1" -underscore-contrib@~0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/underscore-contrib/-/underscore-contrib-0.3.0.tgz#665b66c24783f8fa2b18c9f8cbb0e2c7d48c26c7" - integrity sha1-ZltmwkeD+PorGMn4y7Dix9SMJsc= - dependencies: - underscore "1.6.0" - -underscore@1.6.0, underscore@~1.6.0: - version "1.6.0" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.6.0.tgz#8b38b10cacdef63337b8b24e4ff86d45aea529a8" - integrity sha1-izixDKze9jM3uLJOT/htRa6lKag= - -underscore@~1.8.3: - version "1.8.3" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.8.3.tgz#4f3fb53b106e6097fcf9cb4109f2a5e9bdfa5022" - integrity sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI= +underscore@~1.9.1: + version "1.9.1" + resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.9.1.tgz#06dce34a0e68a7babc29b365b8e74b8925203961" + integrity sha512-5/4etnCkd9c8gwgowi5/om/mYO5ajCaOgdzj/oW+0eQV9WxKBDZw5+ycmKmeaTXjInS/W0BzpGLo2xR2aBwZdg== unhomoglyph@^1.0.2: version "1.0.2" @@ -4887,10 +4920,10 @@ xml@^1.0.1: resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5" integrity sha1-eLpyAgApxbyHuKgaPPzXS0ovweU= -xmlcreate@^1.0.1: - version "1.0.2" - resolved "https://registry.yarnpkg.com/xmlcreate/-/xmlcreate-1.0.2.tgz#fa6bf762a60a413fb3dd8f4b03c5b269238d308f" - integrity sha1-+mv3YqYKQT+z3Y9LA8WyaSONMI8= +xmlcreate@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/xmlcreate/-/xmlcreate-2.0.1.tgz#2ec38bd7b708d213fd1a90e2431c4af9c09f6a52" + integrity sha512-MjGsXhKG8YjTKrDCXseFo3ClbMGvUD4en29H2Cev1dv4P/chlpw6KdYmlCWDkhosBVKRDjM836+3e3pm1cBNJA== xtend@^4.0.0, xtend@^4.0.1, xtend@~4.0.0, xtend@~4.0.1: version "4.0.1" From eebf92366f289e2621e81f2ac8429ca2f5209680 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 23 May 2019 14:00:17 -0600 Subject: [PATCH 5/6] Add a bunch of debugging to .well-known IS validation --- src/autodiscovery.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/autodiscovery.js b/src/autodiscovery.js index 24195c671..3a4581ae4 100644 --- a/src/autodiscovery.js +++ b/src/autodiscovery.js @@ -268,7 +268,9 @@ export class AutoDiscovery { // Step 5: Try to pull out the identity server configuration let isUrl = ""; + logger.log("[Debug] This is just before the branch for IS validation"); if (wellknown["m.identity_server"]) { + logger.log("[Debug] WK has identity server - attempting validation"); // We prepare a failing identity server response to save lines later // in this branch. Note that we also fail the homeserver check in the // object because according to the spec we're supposed to FAIL_ERROR @@ -296,6 +298,7 @@ export class AutoDiscovery { wellknown["m.identity_server"]["base_url"], ); if (!isUrl) { + logger.log("[Debug] First error: isUrl is falsey"); logger.error("Invalid base_url for m.identity_server"); failingClientConfig["m.identity_server"].error = AutoDiscovery.ERROR_INVALID_IS_BASE_URL; @@ -308,11 +311,20 @@ export class AutoDiscovery { `${isUrl}/_matrix/identity/api/v1`, ); if (!isResponse || !isResponse.raw || isResponse.action !== "SUCCESS") { + logger.log("[Debug] Second error: response from IS failed"); + const debugObj = { + responseExists: !!isResponse, + rawExists: isResponse ? !!isResponse.raw : '', + action: isResponse ? isResponse.action : '', + }; + logger.log("[Debug] IS Response: " + JSON.stringify(debugObj)); logger.error("Invalid /api/v1 response"); failingClientConfig["m.identity_server"].error = AutoDiscovery.ERROR_INVALID_IDENTITY_SERVER; return Promise.resolve(failingClientConfig); } + + logger.log("[Debug] fell through IS checks - probably valid IS"); } // Step 6: Now that the identity server is valid, or never existed, From f8afee8ebd88bfb6acc1c7de01d61c22c39832a3 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 23 May 2019 14:47:38 -0600 Subject: [PATCH 6/6] Revert "Add a bunch of debugging to .well-known IS validation" --- src/autodiscovery.js | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/autodiscovery.js b/src/autodiscovery.js index 3a4581ae4..24195c671 100644 --- a/src/autodiscovery.js +++ b/src/autodiscovery.js @@ -268,9 +268,7 @@ export class AutoDiscovery { // Step 5: Try to pull out the identity server configuration let isUrl = ""; - logger.log("[Debug] This is just before the branch for IS validation"); if (wellknown["m.identity_server"]) { - logger.log("[Debug] WK has identity server - attempting validation"); // We prepare a failing identity server response to save lines later // in this branch. Note that we also fail the homeserver check in the // object because according to the spec we're supposed to FAIL_ERROR @@ -298,7 +296,6 @@ export class AutoDiscovery { wellknown["m.identity_server"]["base_url"], ); if (!isUrl) { - logger.log("[Debug] First error: isUrl is falsey"); logger.error("Invalid base_url for m.identity_server"); failingClientConfig["m.identity_server"].error = AutoDiscovery.ERROR_INVALID_IS_BASE_URL; @@ -311,20 +308,11 @@ export class AutoDiscovery { `${isUrl}/_matrix/identity/api/v1`, ); if (!isResponse || !isResponse.raw || isResponse.action !== "SUCCESS") { - logger.log("[Debug] Second error: response from IS failed"); - const debugObj = { - responseExists: !!isResponse, - rawExists: isResponse ? !!isResponse.raw : '', - action: isResponse ? isResponse.action : '', - }; - logger.log("[Debug] IS Response: " + JSON.stringify(debugObj)); logger.error("Invalid /api/v1 response"); failingClientConfig["m.identity_server"].error = AutoDiscovery.ERROR_INVALID_IDENTITY_SERVER; return Promise.resolve(failingClientConfig); } - - logger.log("[Debug] fell through IS checks - probably valid IS"); } // Step 6: Now that the identity server is valid, or never existed,