Merge branch 'af/config-toggle-login-matrix'

element-hq · Feb 16, 2024 · 4c19fa2 · 4c19fa2
2 parents 3149ef0 + dc13f53
commit 4c19fa2
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 9 deletions.
diff --git a/bridge/bridgeconfig/config.go b/bridge/bridgeconfig/config.go
@@ -173,6 +173,7 @@ type DoublePuppetConfig struct {
 	ServerMap       map[string]string `yaml:"double_puppet_server_map"`
 	AllowDiscovery  bool              `yaml:"double_puppet_allow_discovery"`
 	SharedSecretMap map[string]string `yaml:"login_shared_secret_map"`
+	AllowManual     bool              `yaml:"allow_manual_double_puppeting"`
 }
 
 type EncryptionConfig struct {

diff --git a/bridge/commands/doublepuppet.go b/bridge/commands/doublepuppet.go
@@ -11,10 +11,11 @@ var CommandLoginMatrix = &FullHandler{
 	Name: "login-matrix",
 	Help: HelpMeta{
 		Section:     HelpSectionAuth,
-		Description: "Enable double puppeting.",
+		Description: "Enable double puppeting with an access token for your Matrix account.",
 		Args:        "<_access token_>",
 	},
-	RequiresLogin: true,
+	RequiresLogin:                 true,
+	RequiresManualDoublePuppeting: true,
 }
 
 func fnLoginMatrix(ce *Event) {
@@ -43,9 +44,10 @@ var CommandPingMatrix = &FullHandler{
 	Name: "ping-matrix",
 	Help: HelpMeta{
 		Section:     HelpSectionAuth,
-		Description: "Ping the Matrix server with the double puppet.",
+		Description: "Ping the Matrix server with your double puppet.",
 	},
-	RequiresLogin: true,
+	RequiresLogin:                 true,
+	RequiresManualDoublePuppeting: true,
 }
 
 func fnPingMatrix(ce *Event) {
@@ -57,6 +59,8 @@ func fnPingMatrix(ce *Event) {
 	resp, err := puppet.CustomIntent().Whoami(ce.Ctx)
 	if err != nil {
 		ce.Reply("Failed to validate Matrix login: %v", err)
+	} else if resp.DeviceID == "" {
+		ce.Reply("Confirmed valid access token for %s", resp.UserID)
 	} else {
 		ce.Reply("Confirmed valid access token for %s / %s", resp.UserID, resp.DeviceID)
 	}
@@ -69,7 +73,8 @@ var CommandLogoutMatrix = &FullHandler{
 		Section:     HelpSectionAuth,
 		Description: "Disable double puppeting.",
 	},
-	RequiresLogin: true,
+	RequiresLogin:                 true,
+	RequiresManualDoublePuppeting: true,
 }
 
 func fnLogoutMatrix(ce *Event) {

diff --git a/bridge/commands/handler.go b/bridge/commands/handler.go
@@ -55,6 +55,8 @@ type FullHandler struct {
 	RequiresPortal bool
 	RequiresLogin  bool
 
+	RequiresManualDoublePuppeting bool
+
 	RequiresEventLevel event.Type
 }
 
@@ -71,10 +73,18 @@ func (fh *FullHandler) GetAliases() []string {
 	return fh.Aliases
 }
 
-func (fh *FullHandler) ShowInHelp(ce *Event) bool {
+func (fh *FullHandler) satisfiesAdmin(ce *Event) bool {
 	return !fh.RequiresAdmin || ce.User.GetPermissionLevel() >= bridgeconfig.PermissionLevelAdmin
 }
 
+func (fh *FullHandler) satisfiesManualDoublePuppeting(ce *Event) bool {
+	return !fh.RequiresManualDoublePuppeting || ce.Bridge.Config.Bridge.GetDoublePuppetConfig().AllowManual
+}
+
+func (fh *FullHandler) ShowInHelp(ce *Event) bool {
+	return fh.satisfiesAdmin(ce) && fh.satisfiesManualDoublePuppeting(ce)
+}
+
 func (fh *FullHandler) userHasRoomPermission(ce *Event) bool {
 	levels, err := ce.MainIntent().PowerLevels(ce.Ctx, ce.RoomID)
 	if err != nil {
@@ -86,8 +96,12 @@ func (fh *FullHandler) userHasRoomPermission(ce *Event) bool {
 }
 
 func (fh *FullHandler) Run(ce *Event) {
-	if fh.RequiresAdmin && ce.User.GetPermissionLevel() < bridgeconfig.PermissionLevelAdmin {
+	if !fh.satisfiesAdmin(ce) {
 		ce.Reply("That command is limited to bridge administrators.")
+	} else if !fh.satisfiesManualDoublePuppeting(ce) {
+		ce.Reply("This bridge instance has disabled manual management of double puppeting.")
+	} else if fh.RequiresManualDoublePuppeting && ce.Bridge.DoublePuppet.CanAutoDoublePuppet(ce.User.GetMXID()) {
+		ce.Reply("That command is not available because the bridge is managing your double puppet sessions.")
 	} else if fh.RequiresEventLevel.Type != "" && ce.User.GetPermissionLevel() < bridgeconfig.PermissionLevelAdmin && !fh.userHasRoomPermission(ce) {
 		ce.Reply("That command requires room admin rights.")
 	} else if fh.RequiresPortal && ce.Portal == nil {

diff --git a/bridge/doublepuppet.go b/bridge/doublepuppet.go
@@ -109,6 +109,12 @@ func (dp *doublePuppetUtil) autoLogin(ctx context.Context, mxid id.UserID, login
 	return resp.AccessToken, nil
 }
 
+func (dp *doublePuppetUtil) getLoginSecret(mxid id.UserID) (loginSecret string, hasSecret bool) {
+	_, homeserver, _ := mxid.Parse()
+	loginSecret, hasSecret = dp.br.Config.Bridge.GetDoublePuppetConfig().SharedSecretMap[homeserver]
+	return
+}
+
 var (
 	ErrMismatchingMXID = errors.New("whoami result does not match custom mxid")
 	ErrNoAccessToken   = errors.New("no access token provided")
@@ -118,13 +124,17 @@ var (
 const useConfigASToken = "appservice-config"
 const asTokenModePrefix = "as_token:"
 
+func (dp *doublePuppetUtil) CanAutoDoublePuppet(mxid id.UserID) bool {
+	_, hasSecret := dp.getLoginSecret(mxid)
+	return hasSecret
+}
+
 func (dp *doublePuppetUtil) Setup(ctx context.Context, mxid id.UserID, savedAccessToken string, reloginOnFail bool) (intent *appservice.IntentAPI, newAccessToken string, err error) {
 	if len(mxid) == 0 {
 		err = ErrNoMXID
 		return
 	}
-	_, homeserver, _ := mxid.Parse()
-	loginSecret, hasSecret := dp.br.Config.Bridge.GetDoublePuppetConfig().SharedSecretMap[homeserver]
+	loginSecret, hasSecret := dp.getLoginSecret(mxid)
 	// Special case appservice: prefix to not login and use it as an as_token directly.
 	if hasSecret && strings.HasPrefix(loginSecret, asTokenModePrefix) {
 		intent, err = dp.newIntent(ctx, mxid, strings.TrimPrefix(loginSecret, asTokenModePrefix))