Skip to content

Commit

Permalink
Privacy: Allow email registration when no IS but return an error if n…
Browse files Browse the repository at this point in the history 
…ot supported by the HS.

#2657
  • Loading branch information
@manuroe
manuroe committed Sep 6, 2019
1 parent b638226 commit 93b8b29
Show file tree
Hide file tree
Showing 2 changed files with 115 additions and 94 deletions.
16 changes: 4 additions & 12 deletions Riot/Modules/Authentication/AuthenticationViewController.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -634,18 +634,10 @@ - (IBAction)onButtonPressed:(id)sender
else
{
[self.authenticationActivityIndicator stopAnimating];

if (self.isIdentityServerConfigured)
{
// Show the supported 3rd party ids which may be added to the account
authInputsview.thirdPartyIdentifiersHidden = NO;
[self updateRegistrationScreenWithThirdPartyIdentifiersHidden:NO];
}
else
{
// Do not propose to add 3rd party ids if there is no configured identity server
[super onButtonPressed:sender];
}

// Show the supported 3rd party ids which may be added to the account
authInputsview.thirdPartyIdentifiersHidden = NO;
[self updateRegistrationScreenWithThirdPartyIdentifiersHidden:NO];
}
}];
}
Expand Down
193 changes: 111 additions & 82 deletions Riot/Modules/Authentication/Views/AuthInputsView.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,96 +604,113 @@ - (void)prepareParameters:(void (^)(NSDictionary *parameters, NSError *error))ca
restClient = [self.delegate authInputsViewThirdPartyIdValidationRestClient:self];
}

if (restClient && restClient.identityServer)
if (restClient)
{
// Check whether a second 3pid is available
_isThirdPartyIdentifierPending = (nbPhoneNumber && ![self isFlowCompleted:kMXLoginFlowTypeMSISDN]);

// Launch email validation
submittedEmail = [[MXK3PID alloc] initWithMedium:kMX3PIDMediumEmail andAddress:self.emailTextField.text];

NSString *identityServer = restClient.identityServer;

// Create the next link that is common to all Vector.im clients
NSString *nextLink = [NSString stringWithFormat:@"%@/#/register?client_secret=%@&hs_url=%@&is_url=%@&session_id=%@",
[Tools webAppUrl],
[submittedEmail.clientSecret stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[restClient.homeserver stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[currentSession.session stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]];

[submittedEmail requestValidationTokenWithMatrixRestClient:restClient
isDuringRegistration:YES
nextLink:nextLink
success:^
{

NSURL *identServerURL = [NSURL URLWithString:identityServer];
NSDictionary *parameters;
parameters = @{
@"auth": @{
@"session":currentSession.session,
@"threepid_creds": @{
@"client_secret": submittedEmail.clientSecret,
@"id_server": identServerURL.host,
@"sid": submittedEmail.sid
},
@"type": kMXLoginFlowTypeEmailIdentity},
@"username": self.userLoginTextField.text,
@"password": self.passWordTextField.text,
};

[self hideInputsContainer];

self.messageLabel.text = NSLocalizedStringFromTable(@"auth_email_validation_message", @"Vector", nil);
self.messageLabel.hidden = NO;

callback(parameters, nil);

}
failure:^(NSError *error)
{

NSLog(@"[AuthInputsView] Failed to request email token");

// Ignore connection cancellation error
if (([error.domain isEqualToString:NSURLErrorDomain] && error.code == NSURLErrorCancelled))
MXWeakify(self);
[self checkIdentityServerRequirement:restClient success:^(BOOL identityServerRequired) {
MXStrongifyAndReturnIfNil(self);

if (identityServerRequired && !restClient.identityServer)
{
callback(nil, [NSError errorWithDomain:MXKAuthErrorDomain
code:0
userInfo:@{
NSLocalizedDescriptionKey:[NSBundle mxk_localizedStringForKey:@"auth_email_is_required"]
}]);
return;
}

// Check whether a second 3pid is available
self->_isThirdPartyIdentifierPending = (self->nbPhoneNumber && ![self isFlowCompleted:kMXLoginFlowTypeMSISDN]);

// Launch email validation
self->submittedEmail = [[MXK3PID alloc] initWithMedium:kMX3PIDMediumEmail andAddress:self.emailTextField.text];

NSString *identityServer = restClient.identityServer;

// Create the next link that is common to all Vector.im clients
NSString *nextLink = [NSString stringWithFormat:@"%@/#/register?client_secret=%@&hs_url=%@&is_url=%@&session_id=%@",
[Tools webAppUrl],
[self->submittedEmail.clientSecret stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[restClient.homeserver stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]],
[self->currentSession.session stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]];

[self->submittedEmail requestValidationTokenWithMatrixRestClient:restClient
isDuringRegistration:YES
nextLink:nextLink
success:^
{
return;

NSURL *identServerURL = [NSURL URLWithString:identityServer];
NSDictionary *parameters;
parameters = @{
@"auth": @{
@"session":self->currentSession.session,
@"threepid_creds": @{
@"client_secret": self->submittedEmail.clientSecret,
@"id_server": identServerURL.host,
@"sid": self->submittedEmail.sid
},
@"type": kMXLoginFlowTypeEmailIdentity},
@"username": self.userLoginTextField.text,
@"password": self.passWordTextField.text,
};

[self hideInputsContainer];

self.messageLabel.text = NSLocalizedStringFromTable(@"auth_email_validation_message", @"Vector", nil);
self.messageLabel.hidden = NO;

callback(parameters, nil);

}

// Translate the potential MX error.
MXError *mxError = [[MXError alloc] initWithNSError:error];
if (mxError && ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse] || [mxError.errcode isEqualToString:kMXErrCodeStringServerNotTrusted]))
failure:^(NSError *error)
{
NSMutableDictionary *userInfo;
if (error.userInfo)
{
userInfo = [NSMutableDictionary dictionaryWithDictionary:error.userInfo];
}
else
{
userInfo = [NSMutableDictionary dictionary];
}

userInfo[NSLocalizedFailureReasonErrorKey] = nil;

if ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse])

NSLog(@"[AuthInputsView] Failed to request email token");

// Ignore connection cancellation error
if (([error.domain isEqualToString:NSURLErrorDomain] && error.code == NSURLErrorCancelled))
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
return;
}
else

// Translate the potential MX error.
MXError *mxError = [[MXError alloc] initWithNSError:error];
if (mxError && ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse] || [mxError.errcode isEqualToString:kMXErrCodeStringServerNotTrusted]))
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
NSMutableDictionary *userInfo;
if (error.userInfo)
{
userInfo = [NSMutableDictionary dictionaryWithDictionary:error.userInfo];
}
else
{
userInfo = [NSMutableDictionary dictionary];
}

userInfo[NSLocalizedFailureReasonErrorKey] = nil;

if ([mxError.errcode isEqualToString:kMXErrCodeStringThreePIDInUse])
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_email_in_use", @"Vector", nil);
}
else
{
userInfo[NSLocalizedDescriptionKey] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
userInfo[@"error"] = NSLocalizedStringFromTable(@"auth_untrusted_id_server", @"Vector", nil);
}

error = [NSError errorWithDomain:error.domain code:error.code userInfo:userInfo];
}

error = [NSError errorWithDomain:error.domain code:error.code userInfo:userInfo];
}
callback(nil, error);
}];
callback(nil, error);

}];
} failure:^(NSError *error) {
callback(nil, error);
}];

// Async response
return;
Expand Down Expand Up @@ -1805,4 +1822,16 @@ - (BOOL)isFlowCompleted:(NSString *)flow
return NO;
}

- (void)checkIdentityServerRequirement:(MXRestClient*)mxRestClient
success:(void (^)(BOOL identityServerRequired))success
failure:(void (^)(NSError *error))failure
{
[mxRestClient supportedMatrixVersions:^(MXMatrixVersions *matrixVersions) {

NSLog(@"[AuthInputsView] checkIdentityServerRequirement: %@", matrixVersions.doesServerRequireIdentityServerParam ? @"YES": @"NO");
success(matrixVersions.doesServerRequireIdentityServerParam);

} failure:failure];
}

@end

0 comments on commit 93b8b29

Please sign in to comment.