feat: add userid_origin field in the database

2025-04-19 18:48:14 +02:00
parent bc9cf85807
commit 78a02edbbf
9 changed files with 61 additions and 26 deletions
--- a/src/admin/user/commands.rs
+++ b/src/admin/user/commands.rs
@@ -68,7 +68,8 @@ pub(super) async fn create_user(&self, username: String, password: Option<String
 	// Create user
 	self.services
 		.users
-		.create(&user_id, Some(password.as_str()))?;
+		.create(&user_id, Some(password.as_str()), None)
 		.await?;
 	// Default to pretty displayname
 	let mut displayname = user_id.localpart().to_owned();
@@ -262,6 +263,7 @@ pub(super) async fn reset_password(&self, username: String, password: Option<Str
 		.services
 		.users
 		.set_password(&user_id, Some(new_password.as_str()))
 		.await
 	{
 		| Err(e) => return Err!("Couldn't reset the password for user {user_id}: {e}"),
 		| Ok(()) =>
--- a/src/api/client/account.rs
+++ b/src/api/client/account.rs
@@ -372,7 +372,7 @@ pub(crate) async fn register_route(
 	let password = if is_guest { None } else { body.password.as_deref() };
 	// Create user
-	services.users.create(&user_id, password)?;
+	services.users.create(&user_id, password, None).await?;
 	// Default to pretty displayname
 	let mut displayname = user_id.localpart().to_owned();
@@ -663,7 +663,8 @@ pub(crate) async fn change_password_route(
 	services
 		.users
-		.set_password(sender_user, Some(&body.new_password))?;
+		.set_password(sender_user, Some(&body.new_password))
 		.await?;
 	if body.logout_devices {
 		// Logout all devices except the current one
--- a/src/api/client/profile.rs
+++ b/src/api/client/profile.rs
@@ -90,7 +90,7 @@ pub(crate) async fn get_displayname_route(
 			.await
 		{
 			if !services.users.exists(&body.user_id).await {
-				services.users.create(&body.user_id, None)?;
+				services.users.create(&body.user_id, None, None).await?;
 			}
 			services
@@ -193,7 +193,7 @@ pub(crate) async fn get_avatar_url_route(
 			.await
 		{
 			if !services.users.exists(&body.user_id).await {
-				services.users.create(&body.user_id, None)?;
+				services.users.create(&body.user_id, None, None).await?;
 			}
 			services
@@ -255,7 +255,7 @@ pub(crate) async fn get_profile_route(
 			.await
 		{
 			if !services.users.exists(&body.user_id).await {
-				services.users.create(&body.user_id, None)?;
+				services.users.create(&body.user_id, None, None).await?;
 			}
 			services
--- a/src/api/client/unstable.rs
+++ b/src/api/client/unstable.rs
@@ -306,7 +306,7 @@ pub(crate) async fn get_timezone_key_route(
 			.await
 		{
 			if !services.users.exists(&body.user_id).await {
-				services.users.create(&body.user_id, None)?;
+				services.users.create(&body.user_id, None, None).await?;
 			}
 			services
@@ -366,7 +366,7 @@ pub(crate) async fn get_profile_key_route(
 			.await
 		{
 			if !services.users.exists(&body.user_id).await {
-				services.users.create(&body.user_id, None)?;
+				services.users.create(&body.user_id, None, None).await?;
 			}
 			services
--- a/src/database/maps.rs
+++ b/src/database/maps.rs
@@ -374,6 +374,10 @@ pub(super) static MAPS: &[Descriptor] = &[
 		name: "userid_masterkeyid",
 		..descriptor::RANDOM_SMALL
 	},
 	Descriptor {
 		name: "userid_origin",
 		..descriptor::RANDOM
 	},
 	Descriptor {
 		name: "userid_password",
 		..descriptor::RANDOM
--- a/src/service/admin/create.rs
+++ b/src/service/admin/create.rs
@@ -38,7 +38,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 	// Create a user for the server
 	let server_user = services.globals.server_user.as_ref();
-	services.users.create(server_user, None)?;
+	services.users.create(server_user, None, None).await?;
 	let create_content = {
 		use RoomVersionId::*;
--- a/src/service/emergency/mod.rs
+++ b/src/service/emergency/mod.rs
@@ -61,7 +61,8 @@ impl Service {
 		self.services
 			.users
-			.set_password(server_user, self.services.config.emergency_password.as_deref())?;
+			.set_password(server_user, self.services.config.emergency_password.as_deref())
 			.await?;
 		let (ruleset, pwd_set) = match self.services.config.emergency_password {
 			| Some(_) => (Ruleset::server_default(server_user), true),
--- a/src/service/rooms/state_cache/mod.rs
+++ b/src/service/rooms/state_cache/mod.rs
@@ -133,7 +133,7 @@ impl Service {
 		#[allow(clippy::collapsible_if)]
 		if !self.services.globals.user_is_local(user_id) {
 			if !self.services.users.exists(user_id).await {
-				self.services.users.create(user_id, None)?;
+				self.services.users.create(user_id, None, None).await?;
 			}
 			/*
--- a/src/service/users/mod.rs
+++ b/src/service/users/mod.rs
@@ -52,6 +52,7 @@ struct Data {
 	userid_lastonetimekeyupdate: Arc<Map>,
 	userid_masterkeyid: Arc<Map>,
 	userid_password: Arc<Map>,
 	userid_origin: Arc<Map>,
 	userid_selfsigningkeyid: Arc<Map>,
 	userid_usersigningkeyid: Arc<Map>,
 	useridprofilekey_value: Arc<Map>,
@@ -87,6 +88,7 @@ impl crate::Service for Service {
 				userid_lastonetimekeyupdate: args.db["userid_lastonetimekeyupdate"].clone(),
 				userid_masterkeyid: args.db["userid_masterkeyid"].clone(),
 				userid_password: args.db["userid_password"].clone(),
 				userid_origin: args.db["userid_origin"].clone(),
 				userid_selfsigningkeyid: args.db["userid_selfsigningkeyid"].clone(),
 				userid_usersigningkeyid: args.db["userid_usersigningkeyid"].clone(),
 				useridprofilekey_value: args.db["useridprofilekey_value"].clone(),
@@ -122,8 +124,17 @@ impl Service {
 	/// Create a new user account on this homeserver.
 	#[inline]
-	pub fn create(&self, user_id: &UserId, password: Option<&str>) -> Result<()> {
+	pub async fn create(
-		self.set_password(user_id, password)
+		&self,
 		user_id: &UserId,
 		password: Option<&str>,
 		origin: Option<&str>,
 	) -> Result<()> {
 		origin.map_or_else(
 			|| self.db.userid_origin.insert(user_id, "password"),
 			|origin| self.db.userid_origin.insert(user_id, origin),
 		);
 		self.set_password(user_id, password).await
 	}
 	/// Deactivate account
@@ -137,7 +148,7 @@ impl Service {
 		// result in an empty string, so the user will not be able to log in again.
 		// Systems like changing the password without logging in should check if the
 		// account is deactivated.
-		self.set_password(user_id, None)?;
+		self.set_password(user_id, None).await?;
 		// TODO: Unhook 3PID
 		Ok(())
@@ -209,6 +220,11 @@ impl Service {
 			.ready_filter_map(|(u, p): (&UserId, &[u8])| (!p.is_empty()).then_some(u))
 	}
 	/// Returns the origin of the user (password/LDAP/...).
 	pub async fn origin(&self, user_id: &UserId) -> Result<String> {
 		self.db.userid_origin.get(user_id).await.deserialized()
 	}
 	/// Returns the password hash for the given user.
 	pub async fn password_hash(&self, user_id: &UserId) -> Result<String> {
 		self.db
@@ -219,19 +235,30 @@ impl Service {
 	}
 	/// Hash and set the user's password to the Argon2 hash
-	pub fn set_password(&self, user_id: &UserId, password: Option<&str>) -> Result<()> {
+	pub async fn set_password(&self, user_id: &UserId, password: Option<&str>) -> Result<()> {
-		password
+		if self
-			.map(utils::hash::password)
+			.db
-			.transpose()
+			.userid_origin
-			.map_err(|e| {
+			.get(user_id)
-				err!(Request(InvalidParam("Password does not meet the requirements: {e}")))
+			.await
-			})?
+			.deserialized::<String>()?
-			.map_or_else(
+			== "ldap"
-				|| self.db.userid_password.insert(user_id, b""),
+		{
-				|hash| self.db.userid_password.insert(user_id, hash),
+			Err!(Request(InvalidParam("Cannot change password of a LDAP user")))
-			);
+		} else {
 			password
 				.map(utils::hash::password)
 				.transpose()
 				.map_err(|e| {
 					err!(Request(InvalidParam("Password does not meet the requirements: {e}")))
 				})?
 				.map_or_else(
 					|| self.db.userid_password.insert(user_id, b""),
 					|hash| self.db.userid_password.insert(user_id, hash),
 				);
-		Ok(())
+			Ok(())
 		}
 	}
 	/// Returns the displayname of a user on this homeserver.