From aff4b10c34d8045b7f6b47e404715e09cafb61e8 Mon Sep 17 00:00:00 2001 From: manuroe Date: Mon, 7 Oct 2019 17:28:07 +0200 Subject: [PATCH] Privacy: Sending Third-Party Request Tokens via the Homeserver ([MSC2078](https://github.com/matrix-org/matrix-doc/pull/2078)). https://github.com/vector-im/riot-ios/issues/2731 --- CHANGES.rst | 2 + MatrixSDK/MXRestClient.h | 2 +- MatrixSDK/MXRestClient.m | 7 +-- MatrixSDK/ThreePidAdd/MX3PidAddManager.m | 64 ++++++++++++++++++++++-- MatrixSDK/ThreePidAdd/MX3PidAddSession.h | 6 +++ 5 files changed, 74 insertions(+), 7 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c4ee7a4a22..966f1b3ca7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -19,9 +19,11 @@ Improvements: * Privacy: Store Identity Server in Account Data ([MSC2230](https://github.com/matrix-org/matrix-doc/pull/2230))(vector-im/riot-ios#2665). * Privacy: Lowercase emails during IS lookup calls (vector-im/riot-ios#2696). * Privacy: MXRestClient: Use `id_access_token` in CS API when required (vector-im/riot-ios#2704). + * Privacy: Sending Third-Party Request Tokens via the Homeserver ([MSC2078](https://github.com/matrix-org/matrix-doc/pull/2078)). API break: * MXRestClient: Remove identity server requests. Now MXIdentityService is used to perform identity server requests. + * MXRestClient: requestTokenForPhoneNumber returns an additional optional parameter (`submitUrl`). Bug Fix: * Send kMXSessionCryptoDidCorruptDataNotification from the main thread. diff --git a/MatrixSDK/MXRestClient.h b/MatrixSDK/MXRestClient.h index 14f6de1e80..f4d5b0e71f 100644 --- a/MatrixSDK/MXRestClient.h +++ b/MatrixSDK/MXRestClient.h @@ -599,7 +599,7 @@ typedef MXHTTPOperation* (^MXRestClientIdentityServerAccessTokenHandler)(void (^ clientSecret:(NSString*)clientSecret sendAttempt:(NSUInteger)sendAttempt nextLink:(NSString *)nextLink - success:(void (^)(NSString *sid, NSString *msisdn))success + success:(void (^)(NSString *sid, NSString *msisdn, NSString *submitUrl))success failure:(void (^)(NSError *error))failure; #pragma mark - Push Notifications diff --git a/MatrixSDK/MXRestClient.m b/MatrixSDK/MXRestClient.m index 6cdddded0e..b94358ae48 100644 --- a/MatrixSDK/MXRestClient.m +++ b/MatrixSDK/MXRestClient.m @@ -943,7 +943,7 @@ - (MXHTTPOperation*)requestTokenForPhoneNumber:(NSString*)phoneNumber clientSecret:(NSString*)clientSecret sendAttempt:(NSUInteger)sendAttempt nextLink:(NSString *)nextLink - success:(void (^)(NSString *sid, NSString *msisdn))success + success:(void (^)(NSString *sid, NSString *msisdn, NSString *submitUrl))success failure:(void (^)(NSError *error))failure { NSMutableDictionary *parameters = [NSMutableDictionary dictionaryWithDictionary:@{ @@ -973,12 +973,13 @@ - (MXHTTPOperation*)requestTokenForPhoneNumber:(NSString*)phoneNumber if (success) { - __block NSString *sid, *msisdn; + __block NSString *sid, *msisdn, *submitUrl; [self dispatchProcessing:^{ MXJSONModelSetString(sid, JSONResponse[@"sid"]); MXJSONModelSetString(msisdn, JSONResponse[@"msisdn"]); + MXJSONModelSetString(submitUrl, JSONResponse[@"submit_url"]); } andCompletion:^{ - success(sid, msisdn); + success(sid, msisdn, submitUrl); }]; } } failure:failure]; diff --git a/MatrixSDK/ThreePidAdd/MX3PidAddManager.m b/MatrixSDK/ThreePidAdd/MX3PidAddManager.m index 082341294a..e8399bb17f 100644 --- a/MatrixSDK/ThreePidAdd/MX3PidAddManager.m +++ b/MatrixSDK/ThreePidAdd/MX3PidAddManager.m @@ -155,13 +155,14 @@ - (MX3PidAddSession*)startAddPhoneNumberSessionWithPhoneNumber:(NSString*)phoneN threePidAddSession.httpOperation = [self checkIdentityServerRequirementForAdding3PidWithSuccess:^{ - MXHTTPOperation *operation = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:phoneNumber isDuringRegistration:NO countryCode:countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn) { + MXHTTPOperation *operation = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:phoneNumber isDuringRegistration:NO countryCode:countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn, NSString *submitUrl) { NSLog(@"[MX3PidAddManager] startAddPhoneNumberSessionWithPhoneNumber: DONE: threePid: %@", threePidAddSession); threePidAddSession.httpOperation = nil; threePidAddSession.sid = sid; + threePidAddSession.submitUrl = submitUrl; success(); } failure:^(NSError *error) { @@ -402,8 +403,21 @@ - (nullable MXHTTPOperation *)submitValidationToken:(NSString *)token success:(void (^)(void))success failure:(void (^)(NSError * _Nonnull))failure { + NSLog(@"[MX3PidAddManager] submitValidationToken: for3PidAddSession: %@", threePidAddSession); + MXHTTPOperation *operation; - if (mxSession.identityService) + if ([threePidAddSession.medium isEqualToString:kMX3PIDMediumMSISDN] + && threePidAddSession.submitUrl) + { + operation = [self submitMsisdnTokenOtherUrl:threePidAddSession.submitUrl + token:token + medium:threePidAddSession.medium + clientSecret:threePidAddSession.medium + sid:threePidAddSession.sid + success:success + failure:failure]; + } + else if (mxSession.identityService) { operation = [mxSession.identityService submit3PIDValidationToken:token medium:threePidAddSession.medium @@ -425,6 +439,50 @@ - (nullable MXHTTPOperation *)submitValidationToken:(NSString *)token return operation; } +/** + Submits a MSISDN token to an arbitrary URL. + + This is used when submitting the code sent by SMS to a phone number in the + newer 3PID flow where the homeserver validates 3PID ownership (as part of + `[MXRestClient requestTokenForPhoneNumber:]`). The homeserver response may + include a `submit_url` to specify where the token should be sent, and this + helper can be used to pass the token to this URL. + + @param url the URL to post data to. + @param token the validation token. + @param medium the type of the third-party id (see kMX3PIDMediumEmail, kMX3PIDMediumMSISDN). + @param clientSecret the clientSecret used during the validation request. + @param sid the validation session id returned by the server. + + @param success A block object called when the operation succeeds. + @param failure A block object called when the operation fails. + */ +- (MXHTTPOperation *)submitMsisdnTokenOtherUrl:(NSString *)url + token:(NSString*)token + medium:(NSString *)medium + clientSecret:(NSString *)clientSecret + sid:(NSString *)sid + success:(void (^)(void))success + failure:(void (^)(NSError *))failure +{ + NSLog(@"[MX3PidAddManager] submitMsisdnTokenOtherUrl: %@", url); + + NSDictionary *parameters = @{ + @"sid": sid, + @"client_secret": clientSecret, + @"token": token + }; + + MXHTTPClient *httpClient = [[MXHTTPClient alloc] initWithBaseURL:nil andOnUnrecognizedCertificateBlock:nil]; + return [httpClient requestWithMethod:@"POST" + path:url + parameters:parameters + success:^(NSDictionary *JSONResponse) { + success(); + } + failure:failure]; +} + #pragma mark - Bind to Identity Server - @@ -633,7 +691,7 @@ - (MXHTTPOperation *)startBind3PidSessionWithOldHomeserver:(MX3PidAddSession*)th } else { - operation2 = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:threePidAddSession.address isDuringRegistration:NO countryCode:threePidAddSession.countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn) { + operation2 = [self->mxSession.matrixRestClient requestTokenForPhoneNumber:threePidAddSession.address isDuringRegistration:NO countryCode:threePidAddSession.countryCode clientSecret:threePidAddSession.clientSecret sendAttempt:threePidAddSession.sendAttempt++ nextLink:nil success:^(NSString *sid, NSString *msisdn, NSString *submitUrl) { NSLog(@"[MX3PidAddManager] startBind3PidSessionWithOldHomeserver: DONE: threePid: %@", threePidAddSession); diff --git a/MatrixSDK/ThreePidAdd/MX3PidAddSession.h b/MatrixSDK/ThreePidAdd/MX3PidAddSession.h index b0f63d6c5c..e7ef732757 100644 --- a/MatrixSDK/ThreePidAdd/MX3PidAddSession.h +++ b/MatrixSDK/ThreePidAdd/MX3PidAddSession.h @@ -71,6 +71,12 @@ NS_ASSUME_NONNULL_BEGIN */ @property (nonatomic) BOOL bind; +/** + The url where the validation token should be sent. + @see [self submitMsisdnTokenOtherUrl:] for more details. + */ +@property (nonatomic, nullable) NSString *submitUrl; + @end NS_ASSUME_NONNULL_END