Merge branch 'release/2.0.0'

Release: com.io7m.portero 2.0.0 Change: Switch to Synapse-specific APIs for user registration Change: Add a configuration option to control token expiration (Ticket: #2)
io7m · May 29, 2021 · af85168 · af85168
2 parents 725f888 + db196d9
commit af85168
Show file tree

Hide file tree

Showing 35 changed files with 578 additions and 474 deletions.
diff --git a/README-CHANGES.xml b/README-CHANGES.xml
@@ -1,9 +1,19 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <c:changelog project="com.io7m.portero" xmlns:c="urn:com.io7m.changelog:4.0">
   <c:releases>
-    <c:release date="2021-05-29T10:27:45+00:00" is-open="false" ticket-system="com.github.io7m.portero" version="1.0.0">
+    <c:release date="2021-05-29T00:00:00+00:00" is-open="false" ticket-system="com.github.io7m.portero" version="1.0.0">
       <c:changes/>
     </c:release>
+    <c:release date="2021-05-29T14:40:19+00:00" is-open="false" ticket-system="com.github.io7m.portero" version="2.0.0">
+      <c:changes>
+        <c:change date="2021-05-29T00:00:00+00:00" summary="Switch to Synapse-specific APIs for user registration"/>
+        <c:change date="2021-05-29T00:00:00+00:00" summary="Add a configuration option to control token expiration">
+          <c:tickets>
+            <c:ticket id="2"/>
+          </c:tickets>
+        </c:change>
+      </c:changes>
+    </c:release>
   </c:releases>
   <c:ticket-systems>
     <c:ticket-system default="true" id="com.github.io7m.portero" url="https://www.github.com/io7m/portero/issues/"/>

diff --git a/README-LICENSE.txt b/README-LICENSE.txt
@@ -0,0 +1,13 @@
+Copyright © 2021 Mark Raynsford <code@io7m.com> https://www.io7m.com
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/README.in b/README.in
@@ -7,6 +7,12 @@
   * ISC license
   * High-coverage automated test suite
 
+### Support
+
+The `portero` package only works with the [Synapse](https://github.com/matrix-org/synapse)
+homeserver at present. Support for other servers is conditional upon them adding
+a usable API for registering users with public registration disabled.
+
 ### Usage
 
 The `portero` package is designed to be deployed onto the same server as
@@ -38,18 +44,17 @@ provided URL and be taken through a simple web form in order to create
 an account. The `portero` server serves the web form on `P` and therefore
 needs to be made accessible to the outside world over a secure connection.
 The `portero` server then creates an account on the Matrix homeserver using
-the standard [client/server API](https://matrix.org/docs/spec/client_server/r0.6.1).
+the [Synapse-specific Admin API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/register_api.rst).
 
 [![Architecture](src/site/resources/arch.png)](src/site/resources/arch.png)
 
 ### Configuration File
 
 ```
 #
-# The username and password of an administrator on the Matrix homeserver.
+# The registration shared secret on the Matrix homeserver.
 #
-matrix.adminUser = admin
-matrix.adminPassword = password
+matrix.adminSharedSecret = aRatherLongSharedSecret
 
 #
 # The URL by which the portero server speaks to the Matrix homeserver.
@@ -92,6 +97,11 @@ server.title = chat.example.com
 # that can be served concurrently.
 #
 server.threadCount = 4
+
+#
+# The expiry duration for tokens, ISO 8601 duration format.
+#
+server.tokenExpiration = PT48H
 ```
 
 ### Command-line

diff --git a/README.md b/README.md
@@ -22,6 +22,12 @@ portero
   * ISC license
   * High-coverage automated test suite
 
+### Support
+
+The `portero` package only works with the [Synapse](https://github.com/matrix-org/synapse)
+homeserver at present. Support for other servers is conditional upon them adding
+a usable API for registering users with public registration disabled.
+
 ### Usage
 
 The `portero` package is designed to be deployed onto the same server as
@@ -53,18 +59,17 @@ provided URL and be taken through a simple web form in order to create
 an account. The `portero` server serves the web form on `P` and therefore
 needs to be made accessible to the outside world over a secure connection.
 The `portero` server then creates an account on the Matrix homeserver using
-the standard [client/server API](https://matrix.org/docs/spec/client_server/r0.6.1).
+the [Synapse-specific Admin API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/register_api.rst).
 
 [![Architecture](src/site/resources/arch.png)](src/site/resources/arch.png)
 
 ### Configuration File
 
 ```
 #
-# The username and password of an administrator on the Matrix homeserver.
+# The registration shared secret on the Matrix homeserver.
 #
-matrix.adminUser = admin
-matrix.adminPassword = password
+matrix.adminSharedSecret = aRatherLongSharedSecret
 
 #
 # The URL by which the portero server speaks to the Matrix homeserver.
@@ -107,6 +112,11 @@ server.title = chat.example.com
 # that can be served concurrently.
 #
 server.threadCount = 4
+
+#
+# The expiry duration for tokens, ISO 8601 duration format.
+#
+server.tokenExpiration = PT48H
 ```
 
 ### Command-line

diff --git a/com.io7m.portero.cmdline/pom.xml b/com.io7m.portero.cmdline/pom.xml
@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.portero</artifactId>
     <groupId>com.io7m.portero</groupId>
-    <version>1.0.0</version>
+    <version>2.0.0</version>
   </parent>
 
   <artifactId>com.io7m.portero.cmdline</artifactId>

diff --git a/com.io7m.portero.server/pom.xml b/com.io7m.portero.server/pom.xml
@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.portero</artifactId>
     <groupId>com.io7m.portero</groupId>
-    <version>1.0.0</version>
+    <version>2.0.0</version>
   </parent>
 
   <artifactId>com.io7m.portero.server</artifactId>

diff --git a/com.io7m.portero.server/src/main/java/com/io7m/portero/server/PServerConfigurationType.java b/com.io7m.portero.server/src/main/java/com/io7m/portero/server/PServerConfigurationType.java
@@ -21,6 +21,7 @@
 
 import java.net.InetAddress;
 import java.net.URI;
+import java.time.Duration;
 import java.util.Locale;
 
 /**
@@ -42,16 +43,10 @@ public interface PServerConfigurationType
   URI matrixServerAdminConnectionURI();
 
   /**
-   * @return The admin user on the Matrix server
+   * @return The shared secret that will allow registration on the server
    */
 
-  String matrixServerAdminUser();
-
-  /**
-   * @return The admin password on the Matrix server
-   */
-
-  String matrixServerAdminPassword();
+  String matrixServerAdminRegistrationSecret();
 
   /**
    * The public URI of the Matrix server. This is the URI to which new users
@@ -125,6 +120,16 @@ default int serverThreadCount()
 
   String serverTitle();
 
+  /**
+   * @return The duration before a given token expires
+   */
+
+  @Value.Default
+  default Duration serverTokenExpiry()
+  {
+    return Duration.ofHours(48L);
+  }
+
   /**
    * @return The locale for string resources
    */

diff --git a/com.io7m.portero.server/src/main/java/com/io7m/portero/server/PServerConfigurations.java b/com.io7m.portero.server/src/main/java/com/io7m/portero/server/PServerConfigurations.java
@@ -21,6 +21,8 @@
 
 import java.io.InputStream;
 import java.net.InetAddress;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
 import java.util.Objects;
 import java.util.Properties;
 
@@ -118,6 +120,15 @@ private static void readServerProperties(
       );
     });
 
+    tracker.catching(() -> {
+      config.setServerTokenExpiry(
+        JProperties.getDurationWithDefault(
+          props,
+          "server.tokenExpiration",
+          Duration.of(48L, ChronoUnit.HOURS))
+      );
+    });
+
     tracker.catching(() -> {
       config.setPublicURI(JProperties.getURI(props, "server.publicURL"));
     });
@@ -141,14 +152,8 @@ private static void readMatrixProperties(
     });
 
     tracker.catching(() -> {
-      builder.setMatrixServerAdminUser(
-        JProperties.getString(properties, "matrix.adminUser")
-      );
-    });
-
-    tracker.catching(() -> {
-      builder.setMatrixServerAdminPassword(
-        JProperties.getString(properties, "matrix.adminPassword")
+      builder.setMatrixServerAdminRegistrationSecret(
+        JProperties.getString(properties, "matrix.adminSharedSecret")
       );
     });
 

diff --git a/...o7m.portero.server/src/main/java/com/io7m/portero/server/internal/PInviteRequestType.java b/...o7m.portero.server/src/main/java/com/io7m/portero/server/internal/PInviteRequestType.java
@@ -27,6 +27,12 @@
 @Value.Immutable
 public interface PInviteRequestType
 {
+  /**
+   * @return The registration shared secret
+   */
+
+  String registrationSharedSecret();
+
   /**
    * @return The invite token
    */