element-web/src/SignupStages.js

"use strict";
var q = require("q");

/**
 * An interface class which login types should abide by.
 */
class Stage {
    constructor(type, matrixClient, signupInstance) {
        this.type = type;
        this.client = matrixClient;
        this.signupInstance = signupInstance;
    }

    complete() {
        // Return a promise which is:
        // RESOLVED => With an Object which has an 'auth' key which is the auth dict
        //             to submit.
        // REJECTED => With an Error if there was a problem with this stage.
        //             Has a "message" string and an "isFatal" flag.
        return q.reject("NOT IMPLEMENTED");
    }

    onReceiveData() {
        // NOP
    }
}
Stage.TYPE = "NOT IMPLEMENTED";


/**
 * This stage requires no auth.
 */
class DummyStage extends Stage {
    constructor(matrixClient, signupInstance) {
        super(DummyStage.TYPE, matrixClient, signupInstance);
    }

    complete() {
        return q({
            auth: {
                type: DummyStage.TYPE
            }
        });
    }
}
DummyStage.TYPE = "m.login.dummy";


/**
 * This stage uses Google's Recaptcha to do auth.
 */
class RecaptchaStage extends Stage {
    constructor(matrixClient, signupInstance) {
        super(RecaptchaStage.TYPE, matrixClient, signupInstance);
        this.authDict = {
            auth: {
                type: 'm.login.recaptcha',
                // we'll add in the response param if we get one from the local user.
            },
            poll_for_success: true,
        };
    }

    // called when the recaptcha has been completed.
    onReceiveData(data) {
        if (!data || !data.response) {
            return;
        }
        this.authDict.auth.response = data.response;
    }

    complete() {
        // we return the authDict with no response, telling Signup to keep polling
        // the server in case the captcha is filled in on another window (e.g. by
        // following a nextlink from an email signup).  If the user completes the
        // captcha locally, then we return at the next poll.
        return q(this.authDict);
    }
}
RecaptchaStage.TYPE = "m.login.recaptcha";


/**
 * This state uses the IS to verify email addresses.
 */
class EmailIdentityStage extends Stage {
    constructor(matrixClient, signupInstance) {
        super(EmailIdentityStage.TYPE, matrixClient, signupInstance);
    }

    _completeVerify() {
        // pull out the host of the IS URL by creating an anchor element
        var isLocation = document.createElement('a');
        isLocation.href = this.signupInstance.getIdentityServerUrl();

        var clientSecret = this.clientSecret || this.signupInstance.params.clientSecret;
        var sid = this.sid || this.signupInstance.params.idSid;

        return q({
            auth: {
                type: 'm.login.email.identity',
                threepid_creds: {
                    sid: sid,
                    client_secret: clientSecret,
                    id_server: isLocation.host
                }
            }
        });
    }

    /**
     * Complete the email stage.
     *
     * This is called twice under different circumstances:
     *   1) When requesting an email token from the IS
     *   2) When validating query parameters received from the link in the email
     */
    complete() {
        // TODO: The Registration class shouldn't really know this info.
        if (this.signupInstance.params.hasEmailInfo) {
            return this._completeVerify();
        }

        this.clientSecret = this.signupInstance.params.clientSecret;
        if (!this.clientSecret) {
            return q.reject(new Error("No client secret specified by Signup class!"));
        }

        var nextLink = this.signupInstance.params.registrationUrl +
                       '?client_secret=' +
                       encodeURIComponent(this.clientSecret) +
                       "&hs_url=" +
                       encodeURIComponent(this.signupInstance.getHomeserverUrl()) +
                       "&is_url=" +
                       encodeURIComponent(this.signupInstance.getIdentityServerUrl()) +
                       "&session_id=" +
                       encodeURIComponent(this.signupInstance.getServerData().session);

        // Add the user ID of the referring user, if set
        if (this.signupInstance.params.referrer) {
            nextLink += "&referrer=" + encodeURIComponent(this.signupInstance.params.referrer);
        }

        var self = this;
        return this.client.requestRegisterEmailToken(
            this.signupInstance.email,
            this.clientSecret,
            1, // TODO: Multiple send attempts?
            nextLink
        ).then(function(response) {
            self.sid = response.sid;
            self.signupInstance.setIdSid(self.sid);
            return self._completeVerify();
        }).then(function(request) {
            request.poll_for_success = true;
            return request;
        }, function(error) {
            console.error(error);
            var e = {
                isFatal: true
            };
            if (error.errcode == 'M_THREEPID_IN_USE') {
                e.message = "This email address is already registered";
            } else {
                e.message = 'Unable to contact the given identity server';
            }
            throw e;
        });
    }
}
EmailIdentityStage.TYPE = "m.login.email.identity";

module.exports = {
    [DummyStage.TYPE]: DummyStage,
    [RecaptchaStage.TYPE]: RecaptchaStage,
    [EmailIdentityStage.TYPE]: EmailIdentityStage
};
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`"use strict";`
			`var q = require("q");`

Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`/**`
			`* An interface class which login types should abide by.`
			`*/`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`class Stage {`
			`constructor(type, matrixClient, signupInstance) {`
			`this.type = type;`
			`this.client = matrixClient;`
			`this.signupInstance = signupInstance;`
			`}`

			`complete() {`
			`// Return a promise which is:`
			`// RESOLVED => With an Object which has an 'auth' key which is the auth dict`
			`// to submit.`
			`// REJECTED => With an Error if there was a problem with this stage.`
			`// Has a "message" string and an "isFatal" flag.`
			`return q.reject("NOT IMPLEMENTED");`
			`}`
Get Recaptcha working again. Add a backchannel for stage prodding. Recaptcha is a special snowflake because it dynamically loads the script and THEN renders with info from the registration request. This means we need a back-channel for the UI component to 'tell' the stage that everything is loaded. This Just Works which is nice. 2015-11-18 20:43:38 +03:00
			`onReceiveData() {`
			`// NOP`
			`}`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`}`
			`Stage.TYPE = "NOT IMPLEMENTED";`


Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`/**`
			`* This stage requires no auth.`
			`*/`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`class DummyStage extends Stage {`
			`constructor(matrixClient, signupInstance) {`
			`super(DummyStage.TYPE, matrixClient, signupInstance);`
			`}`

			`complete() {`
			`return q({`
			`auth: {`
			`type: DummyStage.TYPE`
			`}`
			`});`
			`}`
			`}`
			`DummyStage.TYPE = "m.login.dummy";`


Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`/**`
			`* This stage uses Google's Recaptcha to do auth.`
			`*/`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`class RecaptchaStage extends Stage {`
			`constructor(matrixClient, signupInstance) {`
			`super(RecaptchaStage.TYPE, matrixClient, signupInstance);`
ask electron users to do captchas in a web browser. This will happen anyway when they follow email verification links. make captchas poll for success so if they are completed elsewhere, electron moves on 2016-12-24 06:15:30 +03:00			`this.authDict = {`
			`auth: {`
			`type: 'm.login.recaptcha',`
			`// we'll add in the response param if we get one from the local user.`
			`},`
			`poll_for_success: true,`
			`};`
Get Recaptcha working again. Add a backchannel for stage prodding. Recaptcha is a special snowflake because it dynamically loads the script and THEN renders with info from the registration request. This means we need a back-channel for the UI component to 'tell' the stage that everything is loaded. This Just Works which is nice. 2015-11-18 20:43:38 +03:00			`}`

Refactor CaptchaForm to put less logic in signupstages A bunch of work being done in the Recaptcha signupstage makes more sense in the CaptchaForm; let's move it. 2016-10-11 20:00:47 +03:00			`// called when the recaptcha has been completed.`
Get Recaptcha working again. Add a backchannel for stage prodding. Recaptcha is a special snowflake because it dynamically loads the script and THEN renders with info from the registration request. This means we need a back-channel for the UI component to 'tell' the stage that everything is loaded. This Just Works which is nice. 2015-11-18 20:43:38 +03:00			`onReceiveData(data) {`
Refactor CaptchaForm to put less logic in signupstages A bunch of work being done in the Recaptcha signupstage makes more sense in the CaptchaForm; let's move it. 2016-10-11 20:00:47 +03:00			`if (!data \|\| !data.response) {`
Get Recaptcha working again. Add a backchannel for stage prodding. Recaptcha is a special snowflake because it dynamically loads the script and THEN renders with info from the registration request. This means we need a back-channel for the UI component to 'tell' the stage that everything is loaded. This Just Works which is nice. 2015-11-18 20:43:38 +03:00			`return;`
			`}`
fix disasterous thinko in https://github.com/matrix-org/matrix-react-sdk/pull/601/commits/69b277b28285eec9ab4c9f9fabcef194996db9bf 2016-12-25 01:33:04 +03:00			`this.authDict.auth.response = data.response;`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`}`

			`complete() {`
ask electron users to do captchas in a web browser. This will happen anyway when they follow email verification links. make captchas poll for success so if they are completed elsewhere, electron moves on 2016-12-24 06:15:30 +03:00			`// we return the authDict with no response, telling Signup to keep polling`
			`// the server in case the captcha is filled in on another window (e.g. by`
			`// following a nextlink from an email signup). If the user completes the`
			`// captcha locally, then we return at the next poll.`
			`return q(this.authDict);`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`}`
			`}`
			`RecaptchaStage.TYPE = "m.login.recaptcha";`


Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`/**`
			`* This state uses the IS to verify email addresses.`
			`*/`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`class EmailIdentityStage extends Stage {`
			`constructor(matrixClient, signupInstance) {`
			`super(EmailIdentityStage.TYPE, matrixClient, signupInstance);`
			`}`

Hookup 2nd stage email registration; not finished as we aren't storing u/p 2015-11-19 17:16:49 +03:00			`_completeVerify() {`
Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`// pull out the host of the IS URL by creating an anchor element`
Hookup 2nd stage email registration; not finished as we aren't storing u/p 2015-11-19 17:16:49 +03:00			`var isLocation = document.createElement('a');`
			`isLocation.href = this.signupInstance.getIdentityServerUrl();`

Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`var clientSecret = this.clientSecret \|\| this.signupInstance.params.clientSecret;`
			`var sid = this.sid \|\| this.signupInstance.params.idSid;`

Hookup 2nd stage email registration; not finished as we aren't storing u/p 2015-11-19 17:16:49 +03:00			`return q({`
			`auth: {`
			`type: 'm.login.email.identity',`
			`threepid_creds: {`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`sid: sid,`
			`client_secret: clientSecret,`
Hookup 2nd stage email registration; not finished as we aren't storing u/p 2015-11-19 17:16:49 +03:00			`id_server: isLocation.host`
			`}`
			`}`
			`});`
			`}`

			`/**`
			`* Complete the email stage.`
			`*`
			`* This is called twice under different circumstances:`
			`* 1) When requesting an email token from the IS`
			`* 2) When validating query parameters received from the link in the email`
			`*/`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`complete() {`
Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`// TODO: The Registration class shouldn't really know this info.`
Hookup 2nd stage email registration; not finished as we aren't storing u/p 2015-11-19 17:16:49 +03:00			`if (this.signupInstance.params.hasEmailInfo) {`
			`return this._completeVerify();`
			`}`

Prevent spamming emails by reusing client secret Generate a client secret in the Signup class (if we don't already have one) and re-usae it for subsequent attempts to register, that way the IS can honour the sendAttempt flag and not re-send the email if we're just retrying and requestToken becomes idempotent. 2016-10-11 20:08:18 +03:00			`this.clientSecret = this.signupInstance.params.clientSecret;`
			`if (!this.clientSecret) {`
			`return q.reject(new Error("No client secret specified by Signup class!"));`
			`}`

Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`var nextLink = this.signupInstance.params.registrationUrl +`
			`'?client_secret=' +`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`encodeURIComponent(this.clientSecret) +`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`"&hs_url=" +`
			`encodeURIComponent(this.signupInstance.getHomeserverUrl()) +`
			`"&is_url=" +`
			`encodeURIComponent(this.signupInstance.getIdentityServerUrl()) +`
			`"&session_id=" +`
Pass the right session ID 2015-11-19 16:58:34 +03:00			`encodeURIComponent(this.signupInstance.getServerData().session);`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00
Set referrer qp in nextLink This is so that when the verification link is clicked from an email, the referrer is set on the new instance of riot when /rts/register is hit 2017-02-08 20:58:40 +03:00			`// Add the user ID of the referring user, if set`
			`if (this.signupInstance.params.referrer) {`
			`nextLink += "&referrer=" + encodeURIComponent(this.signupInstance.params.referrer);`
			`}`

Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`var self = this;`
Error on registration if email taken Use the new register-specific request token endpoint (https://github.com/matrix-org/matrix-js-sdk/pull/147) and catch the error that it gives if the email is already in use. Also add initial values to the registration form so we can reload it after the error without all the values disappearing, and split out the guest username parameter which was previously called defaultUsername. 2016-07-06 17:22:06 +03:00			`return this.client.requestRegisterEmailToken(`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`this.signupInstance.email,`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`this.clientSecret,`
Minor refactoring; remove debug logging; add comments 2015-11-19 19:07:58 +03:00			`1, // TODO: Multiple send attempts?`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`nextLink`
			`).then(function(response) {`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`self.sid = response.sid;`
Store retrieved sid in the signupInstance of EmailIdentityStage When registeration is complete, the RTS needs the sid, which was previously only sent to the HS. This update will also store it in the signupInstance so that it can be sent to the RTS. 2017-02-14 14:00:40 +03:00			`self.signupInstance.setIdSid(self.sid);`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`return self._completeVerify();`
			`}).then(function(request) {`
			`request.poll_for_success = true;`
			`return request;`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`}, function(error) {`
			`console.error(error);`
			`var e = {`
			`isFatal: true`
			`};`
Error on registration if email taken Use the new register-specific request token endpoint (https://github.com/matrix-org/matrix-js-sdk/pull/147) and catch the error that it gives if the email is already in use. Also add initial values to the registration form so we can reload it after the error without all the values disappearing, and split out the guest username parameter which was previously called defaultUsername. 2016-07-06 17:22:06 +03:00			`if (error.errcode == 'M_THREEPID_IN_USE') {`
			`e.message = "This email address is already registered";`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`} else {`
			`e.message = 'Unable to contact the given identity server';`
			`}`
Correctly display an error if a bad IS URL is entered. 2015-11-20 13:37:46 +03:00			`throw e;`
Get dummy registrations working This means you can now register on localhost without needing an email. Email and Recaptcha are still broken. 2015-11-18 20:13:43 +03:00			`});`
			`}`
			`}`
			`EmailIdentityStage.TYPE = "m.login.email.identity";`

			`module.exports = {`
			`[DummyStage.TYPE]: DummyStage,`
			`[RecaptchaStage.TYPE]: RecaptchaStage,`
			`[EmailIdentityStage.TYPE]: EmailIdentityStage`
Poll for email validation once the validation email has been sent, and continue with the registration process if/when it succeeds. Fixes https://github.com/vector-im/vector-web/issues/1027 Requires https://github.com/matrix-org/synapse/pull/650 and https://github.com/matrix-org/synapse/pull/649 2016-03-16 22:42:52 +03:00			`};`