Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Send password reset from HS: Accepting the token #5368

Merged
merged 51 commits into from
Jun 6, 2019
Merged

Send password reset from HS: Accepting the token #5368

merged 51 commits into from
Jun 6, 2019

Conversation

anoadragon453
Copy link
Member

@anoadragon453 anoadragon453 commented Jun 6, 2019
edited
Loading

This PR creates an endpoint GET/POST /_matrix/identity/api/v1/validate/email/submitToken
which mirrors the same endpoint on the identity server used for submitting tokens
used for validating 3PID addresses.

When the token is submitted, it is checked along with the client_secret and session_id in
the db and if it matches and isn't expired, we mark the session as validated. Then, when
the user attempts to change their password, we check if the session is valid, and if so
allow it. We also delete the session at this point, as as far as I can tell there's no
further use for it.

Code is based on #5345.

@anoadragon453
Ability to send password reset emails
dbdebc2 
This changes the default behaviour of Synapse to send password reset
emails itself rather than through an identity server. The reasoning
behind the change is to prevent a malicious identity server from
being able to initiate a password reset attempt and then answering
it, successfully resetting their password, all without the user's
knowledge. This also aides in decentralisation by putting less
trust on the identity server itself, which traditionally is quite
centralised.

If users wish to continue with the old behaviour of proxying
password reset requests through the user's configured identity
server, they can do so by setting
email.enable_password_reset_from_is to True in Synapse's config.

Users should be able that with that option disabled (the default),
password resets will now no longer work unless email sending has
been enabled and set up correctly.
@anoadragon453
Merge branch 'develop' into anoa/hs_password_reset_sending_email
9567c60
@anoadragon453
Fix validation token lifetime email_ prefix
ed35302
@anoadragon453
Add changelog
094c351
@anoadragon453
Update manifest to include txt/html template files
899219c
@anoadragon453
Update db
309943f
@anoadragon453
mark jinja2 and bleach as required dependencies
354d749
@anoadragon453
Add email settings to default unit test config
62e1ec0
@anoadragon453
Update unit test template dir
a0e2a10
@anoadragon453
gen sample config
a862f2a
@anoadragon453
Merge branch 'anoa/feature_hs_password_resets' into anoa/hs_password_…
752dbee 
…reset_sending_email
@anoadragon453
Add html5lib as a required dep
177f024
@anoadragon453
Modify check for smtp settings to be kinder to CI
6d2d3c9
@anoadragon453
silly linting rules
6394715
@anoadragon453
Correct html5lib dep version number
fe0af29
@anoadragon453
one more time
91eac88
@anoadragon453
Change template_dir to originate from synapse root dir
c9573ca
@anoadragon453
Revert "Modify check for smtp settings to be kinder to CI"
4c406f5 
This reverts commit 6d2d3c9.
@anoadragon453
Move templates. New option to disable password resets
70b161d
@anoadragon453
Update templates and make password reset option work
79bc668
@anoadragon453
Change jinja2 and bleach back to opt deps
f522cde
@anoadragon453
Update email condition requirement
a4c0907
@anoadragon453
Only import jinja2/bleach if we need it
efa1a56
@anoadragon453
Update sample config
6a9588c
@anoadragon453
Revert manifest changes for new res directory
78ca92a
@anoadragon453
Remove public_baseurl from unittest config
12ed769
@anoadragon453
infer ability to reset password from email config
6efb301
@anoadragon453
Reimplementation of /submitToken on the homeserver side. Only used by…
ec781af 
… password resets

This PR creates an endpoint GET/POST /_matrix/identity/api/v1/validate/email/submitToken
which mirrors the same endpoint on the identity server used for submitting tokens
used for validating 3PID addresses.

When the token is submitted, it is checked along with the client_secret and session_id in
the db and if it matches and isn't expired, we mark the session as validated. Then, when
the user attempts to change their password, we check if the session is valid, and if so
allow it. We also delete the session at this point, as as far as I can tell there's no
further use for it.
@anoadragon453 anoadragon453 changed the title Reimplementation of /submitToken on the homeserver side. Only used by password resets Send password reset from HS: Accepting the token Jun 6, 2019
@anoadragon453 anoadragon453 requested a review from a team June 6, 2019 10:09
@codecov
Copy link

codecov bot commented Jun 6, 2019

Codecov Report

❗ No coverage uploaded for pull request base (anoa/feature_hs_password_resets@24f31df). Click here to learn what that means.
The diff coverage is 39.52%.

@@                        Coverage Diff                        @@
##             anoa/feature_hs_password_resets   #5368   +/-   ##
=================================================================
  Coverage                                   ?   62.7%           
=================================================================
  Files                                      ?     343           
  Lines                                      ?   35840           
  Branches                                   ?    5866           
=================================================================
  Hits                                       ?   22474           
  Misses                                     ?   11792           
  Partials                                   ?    1574

@codecov
Copy link

codecov bot commented Jun 6, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (anoa/feature_hs_password_resets@8dba4ba). Click here to learn what that means.
The diff coverage is 19.04%.

@@                        Coverage Diff                         @@
##             anoa/feature_hs_password_resets    #5368   +/-   ##
==================================================================
  Coverage                                   ?   59.96%           
==================================================================
  Files                                      ?      341           
  Lines                                      ?    35840           
  Branches                                   ?     5559           
==================================================================
  Hits                                       ?    21492           
  Misses                                     ?    12828           
  Partials                                   ?     1520

@anoadragon453 anoadragon453 merged commit aba4eb8 into anoa/feature_hs_password_resets Jun 6, 2019
@anoadragon453 anoadragon453 mentioned this pull request Jun 6, 2019
Merged
anoadragon453 added a commit that referenced this pull request Jun 6, 2019
@anoadragon453
Add ability to perform password reset via email without trusting the …
3719680 
…identity server (#5377)

Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.

This PR is a culmination of 3 smaller PRs which have each been separately reviewed:

* #5308
* #5345
* #5368
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anoadragon453 @erikjohnston