Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Accept a device ID to the login fallback endpoint. #7629

Merged
merged 4 commits into from
Jun 8, 2020
Merged

Accept a device ID to the login fallback endpoint. #7629

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0d41ffc
Accept a device ID to the login fallback endpoint.
clokep Jun 3, 2020
f5de2fa
Also pass the device display name.
clokep Jun 4, 2020
3c9e512
Store the query parameters in a cookie during the SSO flow.
clokep Jun 5, 2020
12f3b7c
Fix tense in comment.
clokep Jun 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/7629.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Pass device information through to the login endpoint when using the login fallback.
60 changes: 31 additions & 29 deletions synapse/static/client/login/js/login.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,26 +7,19 @@ window.matrixLogin = {
var title_pre_auth = "Log in with one of the following methods";
var title_post_auth = "Logging in...";

var submitPassword = function(user, pwd) {
console.log("Logging in with password...");
var submitLogin = function(type, data) {
console.log("Logging in with " + type);
set_title(title_post_auth);
var data = {
type: "m.login.password",
user: user,
password: pwd,
};
$.post(matrixLogin.endpoint, JSON.stringify(data), function(response) {
matrixLogin.onLogin(response);
}).fail(errorFunc);
};

var submitToken = function(loginToken) {
console.log("Logging in with login token...");
set_title(title_post_auth);
var data = {
type: "m.login.token",
token: loginToken
};
// Add the login type.
data.type = type;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This modifies the input value which is kind of meh, but I think this code is contained enough that it is OK + we control the values being sent to this function.


// Add the device ID, if one was provided.
var qs = parseQsFromUrl();
if (qs.device_id) {
data.device_id = qs.device_id;
}

$.post(matrixLogin.endpoint, JSON.stringify(data), function(response) {
matrixLogin.onLogin(response);
}).fail(errorFunc);
Expand All @@ -50,8 +43,9 @@ var setFeedbackString = function(text) {
};

var show_login = function(inhibit_redirect) {
var this_page = window.location.origin + window.location.pathname;
$("#sso_redirect_url").val(this_page);
// Set the redirect to come back to this page, a login token will get added
// and handled after the redirect.
$("#sso_redirect_url").val(window.location.href);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change means that we use the whole URL as the redirect, which is necessary to pass the query parameters through SSO.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

passing the query params through SSO feels like the sort of thing we shouldn't be doing, for fear of CSRF. can we stash them in a cookie or something instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm...the concern being the request will be modified before it gets back to us? I think that would be "bad", but I don't see a security issue with it. We can probably save it in a cookie though. I'll take a look!


// If inhibit_redirect is false, and SSO is the only supported login method, we can
// redirect straight to the SSO page
Expand Down Expand Up @@ -123,15 +117,24 @@ matrixLogin.password_login = function() {
setFeedbackString("");

show_spinner();
submitPassword(user, pwd);
submitLogin("m.login.password", {user: user, password: pwd});
};

matrixLogin.onLogin = function(response) {
// clobber this function
console.warn("onLogin - This function should be replaced to proceed.");
};

var parseQsFromUrl = function(query) {
/*
* Process the query parameters from the current URL into an object.
*/
var parseQsFromUrl = function() {
var pos = window.location.href.indexOf("?");
if (pos == -1) {
return {};
}
var query = window.location.href.substr(pos + 1);

var result = {};
query.split("&").forEach(function(part) {
var item = part.split("=");
Expand All @@ -146,20 +149,19 @@ var parseQsFromUrl = function(query) {
return result;
};

/*
* Submits the login token if one is found in the query parameters. Returns a
* boolean of whether the login token was found or not.
*/
var try_token = function() {
var pos = window.location.href.indexOf("?");
if (pos == -1) {
return false;
}
var qs = parseQsFromUrl(window.location.href.substr(pos+1));
var qs = parseQsFromUrl();

var loginToken = qs.loginToken;

if (!loginToken) {
return false;
}

submitToken(loginToken);
submitLogin("m.login.token", {token: loginToken});

return true;
};