Examples with NotAllowedException io.kamax.mxisd.exception.NotAllowedException used on opensource projects

Example 1 with NotAllowedException

use of io.kamax.mxisd.exception.NotAllowedException in project mxisd by kamax-io.

the class Register3pidRequestTokenHandler method handleRequest.

@Override
public void handleRequest(HttpServerExchange exchange) {
    JsonObject body = parseJsonObject(exchange);
    String medium = getPathVariable(exchange, Key);
    String address = GsonUtil.findString(body, "address").orElse("");
    if (ThreePidMedium.Email.is(medium)) {
        address = GsonUtil.get().fromJson(body, SessionEmailTokenRequestJson.class).getValue();
    } else if (ThreePidMedium.PhoneNumber.is(medium)) {
        address = GsonUtil.get().fromJson(body, SessionPhoneTokenRequestJson.class).getValue();
    } else {
        log.warn("Unsupported 3PID medium. We attempted to extract the address but the call might fail");
    }
    ThreePid tpid = new ThreePid(medium, address);
    if (!mgr.isAllowed(tpid)) {
        throw new NotAllowedException("Your " + medium + " address cannot be used for registration");
    }
    proxyPost(exchange, body, client, dns);
}

Example 2 with NotAllowedException

use of io.kamax.mxisd.exception.NotAllowedException in project mxisd by kamax-io.

the class RoomInviteHandler method handleRequest.

@Override
public void handleRequest(HttpServerExchange exchange) {
    String accessToken = getAccessToken(exchange);
    String whoamiUri = dns.transform(URI.create(exchange.getRequestURL()).resolve(URI.create("/_matrix/client/r0/account/whoami"))).toString();
    log.info("Who Am I URL: {}", whoamiUri);
    HttpGet whoAmIReq = new HttpGet(whoamiUri);
    whoAmIReq.addHeader("Authorization", "Bearer " + accessToken);
    _MatrixID uId;
    try (CloseableHttpResponse whoAmIRes = client.execute(whoAmIReq)) {
        int sc = whoAmIRes.getStatusLine().getStatusCode();
        String body = EntityUtils.toString(whoAmIRes.getEntity());
        if (sc != 200) {
            log.warn("Unable to get caller identity from Homeserver - Status code: {}", sc);
            log.debug("Body: {}", body);
            throw new RemoteHomeServerException(body);
        }
        JsonObject json = GsonUtil.parseObj(body);
        Optional<String> uIdRaw = GsonUtil.findString(json, "user_id");
        if (!uIdRaw.isPresent()) {
            throw new RemoteHomeServerException("No User ID provided when checking identity");
        }
        uId = MatrixID.asAcceptable(uIdRaw.get());
    } catch (IOException e) {
        InternalServerError ex = new InternalServerError(e);
        log.error("Ref {}: Unable to fetch caller identity from Homeserver", ex.getReference());
        throw ex;
    }
    log.info("Processing room invite from {}", uId.getId());
    JsonObject reqBody = parseJsonObject(exchange);
    if (!invMgr.canInvite(uId, reqBody)) {
        throw new NotAllowedException("Your account is not allowed to invite that address");
    }
    log.info("Invite was allowing, relaying to the Homeserver");
    proxyPost(exchange, reqBody, client, dns);
}

Example 3 with NotAllowedException

use of io.kamax.mxisd.exception.NotAllowedException in project mxisd by kamax-io.

the class SessionTpidUnbindHandler method handleRequest.

@Override
public void handleRequest(HttpServerExchange exchange) {
    String auth = exchange.getRequestHeaders().getFirst("Authorization");
    if (StringUtils.isNotEmpty(auth)) {
        // We have a auth header to process
        if (StringUtils.startsWith(auth, "X-Matrix ")) {
            log.warn("A remote host attempted to unbind without proper authorization. Request was denied");
            log.warn("See https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy for more info");
            throw new NotAllowedException("3PID can only be removed via 3PID sessions, not via Homeserver signature");
        } else {
            throw new BadRequestException("Illegal authorization type");
        }
    }
    JsonObject body = parseJsonObject(exchange);
    sessionMgr.unbind(body);
    writeBodyAsUtf8(exchange, "{}");
}

Example 4 with NotAllowedException

use of io.kamax.mxisd.exception.NotAllowedException in project mxisd by kamax-io.

the class SessionManager method bind.

public SingleLookupReply bind(String sid, String secret, String mxidRaw) {
    // We make sure we have an acceptable User ID
    if (StringUtils.isEmpty(mxidRaw)) {
        throw new IllegalArgumentException("No Matrix User ID provided");
    }
    // We ensure the session was validated
    ThreePidSession session = getSessionIfValidated(sid, secret);
    // We parse the Matrix ID as acceptable
    _MatrixID mxid = MatrixID.asAcceptable(mxidRaw);
    // Only accept binds if the domain matches our own
    if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
        throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be bound");
    }
    log.info("Session {}: Binding of {}:{} to Matrix ID {} is accepted", session.getId(), session.getThreePid().getMedium(), session.getThreePid().getAddress(), mxid.getId());
    SingleLookupRequest request = new SingleLookupRequest();
    request.setType(session.getThreePid().getMedium());
    request.setThreePid(session.getThreePid().getAddress());
    return new SingleLookupReply(request, mxid);
}

Example 5 with NotAllowedException

use of io.kamax.mxisd.exception.NotAllowedException in project mxisd by kamax-io.

the class SessionManager method unbind.

public void unbind(JsonObject reqData) {
    _MatrixID mxid;
    try {
        mxid = MatrixID.asAcceptable(GsonUtil.getStringOrThrow(reqData, "mxid"));
    } catch (IllegalArgumentException e) {
        throw new BadRequestException(e.getMessage());
    }
    String sid = GsonUtil.getStringOrNull(reqData, "sid");
    String secret = GsonUtil.getStringOrNull(reqData, "client_secret");
    ThreePid tpid = GsonUtil.get().fromJson(GsonUtil.getObj(reqData, "threepid"), ThreePid.class);
    // We ensure the session was validated
    ThreePidSession session = getSessionIfValidated(sid, secret);
    // As per spec, we can only allow if the provided 3PID matches the validated session
    if (!session.getThreePid().equals(tpid)) {
        throw new BadRequestException("3PID to unbind does not match the one from the validated session");
    }
    // We only allow unbind for the domain we manage, mirroring bind
    if (!StringUtils.equalsIgnoreCase(mxCfg.getDomain(), mxid.getDomain())) {
        throw new NotAllowedException("Only Matrix IDs from domain " + mxCfg.getDomain() + " can be unbound");
    }
    log.info("Session {}: Unbinding of {}:{} to Matrix ID {} is accepted", session.getId(), session.getThreePid().getMedium(), session.getThreePid().getAddress(), mxid.getId());
}