Skip to content

Commit

Permalink
Privacy: Sending Third-Party Request Tokens via the Homeserver ([MSC2…
Browse files Browse the repository at this point in the history
  • Loading branch information
manuroe committed Oct 8, 2019
1 parent e7ff61d commit 5bf9bbb
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 7 deletions.
2 changes: 2 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@ Improvements:
* Privacy: Store Identity Server in Account Data ([MSC2230](https://github.com/matrix-org/matrix-doc/pull/2230))(vector-im/riot-ios#2665).
* Privacy: Lowercase emails during IS lookup calls (vector-im/riot-ios#2696).
* Privacy: MXRestClient: Use `id_access_token` in CS API when required (vector-im/riot-ios#2704).
* Privacy: Sending Third-Party Request Tokens via the Homeserver ([MSC2078](https://github.com/matrix-org/matrix-doc/pull/2078)).

API break:
* MXRestClient: Remove identity server requests. Now MXIdentityService is used to perform identity server requests.
* MXRestClient: requestTokenForPhoneNumber returns an additional optional parameter (`submitUrl`).

Bug Fix:
* Send kMXSessionCryptoDidCorruptDataNotification from the main thread.
Expand Down
2 changes: 1 addition & 1 deletion MatrixSDK/MXRestClient.h
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,7 @@ typedef MXHTTPOperation* (^MXRestClientIdentityServerAccessTokenHandler)(void (^
clientSecret:(NSString*)clientSecret
sendAttempt:(NSUInteger)sendAttempt
nextLink:(NSString *)nextLink
success:(void (^)(NSString *sid, NSString *msisdn))success
success:(void (^)(NSString *sid, NSString *msisdn, NSString *submitUrl))success
failure:(void (^)(NSError *error))failure;

#pragma mark - Push Notifications
Expand Down
7 changes: 4 additions & 3 deletions MatrixSDK/MXRestClient.m
Original file line number Diff line number Diff line change
Expand Up @@ -943,7 +943,7 @@ - (MXHTTPOperation*)requestTokenForPhoneNumber:(NSString*)phoneNumber
clientSecret:(NSString*)clientSecret
sendAttempt:(NSUInteger)sendAttempt
nextLink:(NSString *)nextLink
success:(void (^)(NSString *sid, NSString *msisdn))success
success:(void (^)(NSString *sid, NSString *msisdn, NSString *submitUrl))success
failure:(void (^)(NSError *error))failure
{
NSMutableDictionary *parameters = [NSMutableDictionary dictionaryWithDictionary:@{
Expand Down Expand Up @@ -973,12 +973,13 @@ - (MXHTTPOperation*)requestTokenForPhoneNumber:(NSString*)phoneNumber

if (success)
{
__block NSString *sid, *msisdn;
__block NSString *sid, *msisdn, *submitUrl;
[self dispatchProcessing:^{
MXJSONModelSetString(sid, JSONResponse[@"sid"]);
MXJSONModelSetString(msisdn, JSONResponse[@"msisdn"]);
MXJSONModelSetString(submitUrl, JSONResponse[@"submit_url"]);
} andCompletion:^{
success(sid, msisdn);
success(sid, msisdn, submitUrl);
}];
}
} failure:failure];
Expand Down
64 changes: 61 additions & 3 deletions MatrixSDK/ThreePidAdd/MX3PidAddManager.m
Original file line number Diff line number Diff line change
Expand Up @@ -155,13 +155,14 @@ - (MX3PidAddSession*)startAddPhoneNumberSessionWithPhoneNumber:(NSString*)phoneN

threePidAddSession.httpOperation = [self checkIdentityServerRequirementForAdding3PidWithSuccess:^{

MXHTTPOperation *operation = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:phoneNumber isDuringRegistration:NO countryCode:countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn) {
MXHTTPOperation *operation = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:phoneNumber isDuringRegistration:NO countryCode:countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn, NSString *submitUrl) {

NSLog(@"[MX3PidAddManager] startAddPhoneNumberSessionWithPhoneNumber: DONE: threePid: %@", threePidAddSession);

threePidAddSession.httpOperation = nil;

threePidAddSession.sid = sid;
threePidAddSession.submitUrl = submitUrl;
success();

} failure:^(NSError *error) {
Expand Down Expand Up @@ -402,8 +403,21 @@ - (nullable MXHTTPOperation *)submitValidationToken:(NSString *)token
success:(void (^)(void))success
failure:(void (^)(NSError * _Nonnull))failure
{
NSLog(@"[MX3PidAddManager] submitValidationToken: for3PidAddSession: %@", threePidAddSession);

MXHTTPOperation *operation;
if (mxSession.identityService)
if ([threePidAddSession.medium isEqualToString:kMX3PIDMediumMSISDN]
&& threePidAddSession.submitUrl)
{
operation = [self submitMsisdnTokenOtherUrl:threePidAddSession.submitUrl
token:token
medium:threePidAddSession.medium
clientSecret:threePidAddSession.clientSecret
sid:threePidAddSession.sid
success:success
failure:failure];
}
else if (mxSession.identityService)
{
operation = [mxSession.identityService submit3PIDValidationToken:token
medium:threePidAddSession.medium
Expand All @@ -425,6 +439,50 @@ - (nullable MXHTTPOperation *)submitValidationToken:(NSString *)token
return operation;
}

/**
Submits a MSISDN token to an arbitrary URL.
This is used when submitting the code sent by SMS to a phone number in the
newer 3PID flow where the homeserver validates 3PID ownership (as part of
`[MXRestClient requestTokenForPhoneNumber:]`). The homeserver response may
include a `submit_url` to specify where the token should be sent, and this
helper can be used to pass the token to this URL.
@param url the URL to post data to.
@param token the validation token.
@param medium the type of the third-party id (see kMX3PIDMediumEmail, kMX3PIDMediumMSISDN).
@param clientSecret the clientSecret used during the validation request.
@param sid the validation session id returned by the server.
@param success A block object called when the operation succeeds.
@param failure A block object called when the operation fails.
*/
- (MXHTTPOperation *)submitMsisdnTokenOtherUrl:(NSString *)url
token:(NSString*)token
medium:(NSString *)medium
clientSecret:(NSString *)clientSecret
sid:(NSString *)sid
success:(void (^)(void))success
failure:(void (^)(NSError *))failure
{
NSLog(@"[MX3PidAddManager] submitMsisdnTokenOtherUrl: %@", url);

NSDictionary *parameters = @{
@"sid": sid,
@"client_secret": clientSecret,
@"token": token
};

MXHTTPClient *httpClient = [[MXHTTPClient alloc] initWithBaseURL:nil andOnUnrecognizedCertificateBlock:nil];
return [httpClient requestWithMethod:@"POST"
path:url
parameters:parameters
success:^(NSDictionary *JSONResponse) {
success();
}
failure:failure];
}


#pragma mark - Bind to Identity Server -

Expand Down Expand Up @@ -633,7 +691,7 @@ - (MXHTTPOperation *)startBind3PidSessionWithOldHomeserver:(MX3PidAddSession*)th
}
else
{
operation2 = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:threePidAddSession.address isDuringRegistration:NO countryCode:threePidAddSession.countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn) {
operation2 = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:threePidAddSession.address isDuringRegistration:NO countryCode:threePidAddSession.countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn, NSString *submitUrl) {

NSLog(@"[MX3PidAddManager] startBind3PidSessionWithOldHomeserver: DONE: threePid: %@", threePidAddSession);

Expand Down
6 changes: 6 additions & 0 deletions MatrixSDK/ThreePidAdd/MX3PidAddSession.h
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,12 @@ NS_ASSUME_NONNULL_BEGIN
*/
@property (nonatomic) BOOL bind;

/**
The url where the validation token should be sent.
@see [self submitMsisdnTokenOtherUrl:] for more details.
*/
@property (nonatomic, nullable) NSString *submitUrl;

@end

NS_ASSUME_NONNULL_END

0 comments on commit 5bf9bbb

Please sign in to comment.