2019-07-29 13:58:47 +03:00
|
|
|
/*
|
|
|
|
Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2019-08-02 16:43:36 +03:00
|
|
|
import { SERVICE_TYPES } from 'matrix-js-sdk';
|
2019-08-01 14:46:59 +03:00
|
|
|
|
2019-07-29 13:58:47 +03:00
|
|
|
import MatrixClientPeg from './MatrixClientPeg';
|
2019-08-02 17:21:53 +03:00
|
|
|
import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
|
2019-07-29 13:58:47 +03:00
|
|
|
|
|
|
|
export default class IdentityAuthClient {
|
|
|
|
constructor() {
|
|
|
|
this.accessToken = null;
|
2019-07-29 16:41:57 +03:00
|
|
|
this.authEnabled = true;
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
hasCredentials() {
|
|
|
|
return this.accessToken != null; // undef or null
|
|
|
|
}
|
|
|
|
|
|
|
|
// Returns a promise that resolves to the access_token string from the IS
|
|
|
|
async getAccessToken() {
|
2019-07-29 16:41:57 +03:00
|
|
|
if (!this.authEnabled) {
|
|
|
|
// The current IS doesn't support authentication
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2019-07-29 13:58:47 +03:00
|
|
|
let token = this.accessToken;
|
|
|
|
if (!token) {
|
|
|
|
token = window.localStorage.getItem("mx_is_access_token");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!token) {
|
2019-07-29 16:41:57 +03:00
|
|
|
token = await this.registerForToken();
|
2019-08-02 17:21:53 +03:00
|
|
|
if (token) {
|
|
|
|
this.accessToken = token;
|
|
|
|
window.localStorage.setItem("mx_is_access_token", token);
|
|
|
|
}
|
|
|
|
return token;
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2019-07-29 16:41:57 +03:00
|
|
|
await this._checkToken(token);
|
2019-07-29 13:58:47 +03:00
|
|
|
} catch (e) {
|
2019-08-02 17:21:53 +03:00
|
|
|
if (e instanceof TermsNotSignedError) {
|
|
|
|
// Retrying won't help this
|
|
|
|
throw e;
|
|
|
|
}
|
2019-07-29 16:41:57 +03:00
|
|
|
// Retry in case token expired
|
|
|
|
token = await this.registerForToken();
|
2019-08-02 17:21:53 +03:00
|
|
|
if (token) {
|
|
|
|
this.accessToken = token;
|
|
|
|
window.localStorage.setItem("mx_is_access_token", token);
|
|
|
|
}
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
2019-07-29 16:41:57 +03:00
|
|
|
|
|
|
|
return token;
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
|
|
|
|
2019-07-31 19:30:10 +03:00
|
|
|
async _checkToken(token) {
|
2019-08-01 14:46:59 +03:00
|
|
|
try {
|
|
|
|
await MatrixClientPeg.get().getIdentityAccount(token);
|
|
|
|
} catch (e) {
|
|
|
|
if (e.errcode === "M_TERMS_NOT_SIGNED") {
|
|
|
|
console.log("Identity Server requires new terms to be agreed to");
|
|
|
|
await startTermsFlow([new Service(
|
2019-08-02 16:43:36 +03:00
|
|
|
SERVICE_TYPES.IS,
|
2019-08-01 14:46:59 +03:00
|
|
|
MatrixClientPeg.get().idBaseUrl,
|
|
|
|
token,
|
|
|
|
)]);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
throw e;
|
|
|
|
}
|
2019-07-30 18:56:19 +03:00
|
|
|
|
2019-07-31 19:30:10 +03:00
|
|
|
// We should ensure the token in `localStorage` is cleared
|
2019-07-30 12:09:38 +03:00
|
|
|
// appropriately. We already clear storage on sign out, but we'll need
|
|
|
|
// additional clearing when changing ISes in settings as part of future
|
|
|
|
// privacy work.
|
2019-07-30 19:19:59 +03:00
|
|
|
// See also https://github.com/vector-im/riot-web/issues/10455.
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
async registerForToken() {
|
2019-07-29 16:41:57 +03:00
|
|
|
try {
|
|
|
|
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
|
2019-07-30 12:05:57 +03:00
|
|
|
const { access_token: identityAccessToken } =
|
2019-07-29 16:41:57 +03:00
|
|
|
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken);
|
2019-07-30 12:05:57 +03:00
|
|
|
await this._checkToken(identityAccessToken);
|
|
|
|
return identityAccessToken;
|
2019-08-02 17:21:53 +03:00
|
|
|
} catch (e) {
|
|
|
|
if (e.cors === "rejected" || e.httpStatus === 404) {
|
2019-07-29 16:41:57 +03:00
|
|
|
// Assume IS only supports deprecated v1 API for now
|
|
|
|
// TODO: Remove this path once v2 is only supported version
|
2019-07-30 12:39:07 +03:00
|
|
|
// See https://github.com/vector-im/riot-web/issues/10443
|
2019-07-29 16:41:57 +03:00
|
|
|
console.warn("IS doesn't support v2 auth");
|
|
|
|
this.authEnabled = false;
|
2019-07-31 19:30:10 +03:00
|
|
|
return;
|
2019-07-29 16:41:57 +03:00
|
|
|
}
|
2019-08-02 17:21:53 +03:00
|
|
|
throw e;
|
2019-07-29 16:41:57 +03:00
|
|
|
}
|
2019-07-29 13:58:47 +03:00
|
|
|
}
|
|
|
|
}
|