From 8a395b02620ce6dd514aeb47c70e19663d8f0969 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 22 Sep 2017 17:08:16 +0100 Subject: [PATCH] Make login support logging in via user id (#260) --- .../dendrite/clientapi/readers/login.go | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/github.com/matrix-org/dendrite/clientapi/readers/login.go b/src/github.com/matrix-org/dendrite/clientapi/readers/login.go index 43011890..de6ecf5c 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/readers/login.go +++ b/src/github.com/matrix-org/dendrite/clientapi/readers/login.go @@ -16,6 +16,7 @@ package readers import ( "net/http" + "strings" "github.com/matrix-org/dendrite/clientapi/auth" "github.com/matrix-org/dendrite/clientapi/auth/storage/accounts" @@ -79,13 +80,34 @@ func Login( util.GetLogger(req.Context()).WithField("user", r.User).Info("Processing login request") - acc, err := accountDB.GetAccountByPassword(req.Context(), r.User, r.Password) + // r.User can either be a user ID or just the localpart... or other things maybe. + localpart := r.User + if strings.HasPrefix(r.User, "@") { + var domain gomatrixserverlib.ServerName + var err error + localpart, domain, err = gomatrixserverlib.SplitID('@', r.User) + if err != nil { + return util.JSONResponse{ + Code: 400, + JSON: jsonerror.InvalidUsername("Invalid username"), + } + } + + if domain != cfg.Matrix.ServerName { + return util.JSONResponse{ + Code: 400, + JSON: jsonerror.InvalidUsername("User ID not ours"), + } + } + } + + acc, err := accountDB.GetAccountByPassword(req.Context(), localpart, r.Password) if err != nil { // Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows // but that would leak the existence of the user. return util.JSONResponse{ Code: 403, - JSON: jsonerror.BadJSON("username or password was incorrect, or the account does not exist"), + JSON: jsonerror.Forbidden("username or password was incorrect, or the accouqnt does not exist"), } }