Merge branch 'no-passwords-in-db' into 'next'

Do not store uiaa requests in database

See merge request famedly/conduit!219
This commit is contained in:
Timo Kösters 2022-01-13 10:33:49 +00:00
commit 8e12b47df4
2 changed files with 35 additions and 29 deletions

View File

@ -250,8 +250,7 @@ impl Database {
}, },
uiaa: uiaa::Uiaa { uiaa: uiaa::Uiaa {
userdevicesessionid_uiaainfo: builder.open_tree("userdevicesessionid_uiaainfo")?, userdevicesessionid_uiaainfo: builder.open_tree("userdevicesessionid_uiaainfo")?,
userdevicesessionid_uiaarequest: builder userdevicesessionid_uiaarequest: RwLock::new(BTreeMap::new()),
.open_tree("userdevicesessionid_uiaarequest")?,
}, },
rooms: rooms::Rooms { rooms: rooms::Rooms {
edus: rooms::RoomEdus { edus: rooms::RoomEdus {
@ -755,6 +754,15 @@ impl Database {
println!("Migration: 9 -> 10 finished"); println!("Migration: 9 -> 10 finished");
} }
if db.globals.database_version()? < 11 {
db._db
.open_tree("userdevicesessionid_uiaarequest")?
.clear()?;
db.globals.bump_database_version(11)?;
println!("Migration: 10 -> 11 finished");
}
} }
let guard = db.read().await; let guard = db.read().await;

View File

@ -1,4 +1,6 @@
use std::collections::BTreeMap;
use std::sync::Arc; use std::sync::Arc;
use std::sync::RwLock;
use crate::{client_server::SESSION_ID_LENGTH, utils, Error, Result}; use crate::{client_server::SESSION_ID_LENGTH, utils, Error, Result};
use ruma::{ use ruma::{
@ -18,7 +20,8 @@ use super::abstraction::Tree;
pub struct Uiaa { pub struct Uiaa {
pub(super) userdevicesessionid_uiaainfo: Arc<dyn Tree>, // User-interactive authentication pub(super) userdevicesessionid_uiaainfo: Arc<dyn Tree>, // User-interactive authentication
pub(super) userdevicesessionid_uiaarequest: Arc<dyn Tree>, // UiaaRequest = canonical json value pub(super) userdevicesessionid_uiaarequest:
RwLock<BTreeMap<(Box<UserId>, Box<DeviceId>, String), CanonicalJsonValue>>,
} }
impl Uiaa { impl Uiaa {
@ -147,16 +150,17 @@ impl Uiaa {
session: &str, session: &str,
request: &CanonicalJsonValue, request: &CanonicalJsonValue,
) -> Result<()> { ) -> Result<()> {
let mut userdevicesessionid = user_id.as_bytes().to_vec(); self.userdevicesessionid_uiaarequest
userdevicesessionid.push(0xff); .write()
userdevicesessionid.extend_from_slice(device_id.as_bytes()); .unwrap()
userdevicesessionid.push(0xff); .insert(
userdevicesessionid.extend_from_slice(session.as_bytes()); (
user_id.to_owned(),
self.userdevicesessionid_uiaarequest.insert( device_id.to_owned(),
&userdevicesessionid, session.to_string(),
&serde_json::to_vec(request).expect("json value to vec always works"), ),
)?; request.to_owned(),
);
Ok(()) Ok(())
} }
@ -167,22 +171,16 @@ impl Uiaa {
device_id: &DeviceId, device_id: &DeviceId,
session: &str, session: &str,
) -> Result<Option<CanonicalJsonValue>> { ) -> Result<Option<CanonicalJsonValue>> {
let mut userdevicesessionid = user_id.as_bytes().to_vec(); Ok(self
userdevicesessionid.push(0xff); .userdevicesessionid_uiaarequest
userdevicesessionid.extend_from_slice(device_id.as_bytes()); .read()
userdevicesessionid.push(0xff); .unwrap()
userdevicesessionid.extend_from_slice(session.as_bytes()); .get(&(
user_id.to_owned(),
self.userdevicesessionid_uiaarequest device_id.to_owned(),
.get(&userdevicesessionid)? session.to_string(),
.map(|bytes| { ))
serde_json::from_str::<CanonicalJsonValue>( .map(|j| j.to_owned()))
&utils::string_from_bytes(&bytes)
.map_err(|_| Error::bad_database("Invalid uiaa request bytes in db."))?,
)
.map_err(|_| Error::bad_database("Invalid uiaa request in db."))
})
.transpose()
} }
fn update_uiaa_session( fn update_uiaa_session(