From ead8a869c84d07fadc7cfcf3d522452c99faaa36 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Fri, 16 Oct 2020 16:52:37 +0300 Subject: [PATCH] Use MSC2778 instead of shared secret for bridge bot login --- crypto.go | 26 ++++++++++++++++---------- go.mod | 2 +- go.sum | 2 ++ 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/crypto.go b/crypto.go index 9acf28dd..cf081152 100644 --- a/crypto.go +++ b/crypto.go @@ -19,9 +19,6 @@ package main import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" "fmt" "runtime/debug" "time" @@ -87,7 +84,6 @@ func (helper *CryptoHelper) Init() error { helper.mach = crypto.NewOlmMachine(helper.client, logger, helper.store, stateStore) helper.mach.AllowKeyShare = helper.allowKeyShare - helper.client.Logger = logger.int.Sub("Bot") helper.client.Syncer = &cryptoSyncer{helper.mach} helper.client.Store = &cryptoClientStore{helper.store} @@ -123,22 +119,32 @@ func (helper *CryptoHelper) loginBot() (*mautrix.Client, error) { if len(deviceID) > 0 { helper.log.Debugln("Found existing device ID for bot in database:", deviceID) } - mac := hmac.New(sha512.New, []byte(helper.bridge.Config.Bridge.LoginSharedSecret)) - mac.Write([]byte(helper.bridge.AS.BotMXID())) client, err := mautrix.NewClient(helper.bridge.AS.HomeserverURL, "", "") if err != nil { - return nil, err + return nil, fmt.Errorf("failed to initialize client: %w", err) } + client.Logger = helper.baseLog.Sub("Bot") + flows, err := client.GetLoginFlows() + if err != nil { + return nil, fmt.Errorf("failed to get supported login flows: %w", err) + } + if !flows.HasFlow(mautrix.AuthTypeAppservice) { + // TODO after synapse 1.22, turn this into an error + helper.log.Warnln("Encryption enabled in config, but homeserver does not advertise appservice login") + //return nil, fmt.Errorf("homeserver does not support appservice login") + } + // We set the API token to the AS token here to authenticate the appservice login + // It'll get overridden after the login + client.AccessToken = helper.bridge.AS.Registration.AppToken resp, err := client.Login(&mautrix.ReqLogin{ - Type: mautrix.AuthTypePassword, + Type: mautrix.AuthTypeAppservice, Identifier: mautrix.UserIdentifier{Type: mautrix.IdentifierTypeUser, User: string(helper.bridge.AS.BotMXID())}, - Password: hex.EncodeToString(mac.Sum(nil)), DeviceID: deviceID, InitialDeviceDisplayName: "WhatsApp Bridge", StoreCredentials: true, }) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to log in as bridge bot: %w", err) } if len(deviceID) == 0 { helper.store.DeviceID = resp.DeviceID diff --git a/go.mod b/go.mod index 8b17a2d3..84a4f5b4 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( gopkg.in/yaml.v2 v2.3.0 maunium.net/go/mauflag v1.0.0 maunium.net/go/maulogger/v2 v2.1.1 - maunium.net/go/mautrix v0.7.12 + maunium.net/go/mautrix v0.7.13 ) replace github.com/Rhymen/go-whatsapp => github.com/tulir/go-whatsapp v0.3.10 diff --git a/go.sum b/go.sum index 7422ba2e..66cad9e0 100644 --- a/go.sum +++ b/go.sum @@ -189,3 +189,5 @@ maunium.net/go/mautrix v0.7.11 h1:3MdKRs8Dt1H8PvKH/6ES1AdooJngBVEGAwLLeVTnouk= maunium.net/go/mautrix v0.7.11/go.mod h1:FpsAvwNdG3Zeup7Y2Nlv81Lk0h6iVRPoIy6D7g/7YCE= maunium.net/go/mautrix v0.7.12 h1:kJN5ErlzGAQdNMv58Rv4GATkLlb4OJ3l0IOwxFovlVc= maunium.net/go/mautrix v0.7.12/go.mod h1:Jn0ijwXwMFvJFIN9IljirIVKpZQbZP/Dk7pdX2qDmXk= +maunium.net/go/mautrix v0.7.13 h1:qfnvLxvQafvLgHbdZF/+9qs9gyArYf8fUnzfQbjgQaU= +maunium.net/go/mautrix v0.7.13/go.mod h1:Jn0ijwXwMFvJFIN9IljirIVKpZQbZP/Dk7pdX2qDmXk=